CN105103503A - Packet forwarding method and device - Google Patents

Packet forwarding method and device Download PDF

Info

Publication number
CN105103503A
CN105103503A CN201480000859.0A CN201480000859A CN105103503A CN 105103503 A CN105103503 A CN 105103503A CN 201480000859 A CN201480000859 A CN 201480000859A CN 105103503 A CN105103503 A CN 105103503A
Authority
CN
China
Prior art keywords
address
message
value
added service
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201480000859.0A
Other languages
Chinese (zh)
Other versions
CN105103503B (en
Inventor
张先国
史扬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN105103503A publication Critical patent/CN105103503A/en
Application granted granted Critical
Publication of CN105103503B publication Critical patent/CN105103503B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type

Abstract

The present invention relates to the field of communications, particularly to a packet forwarding method and device, the method comprising: a stream distribution point or a value added services device acquires a first packet, the first packet being obtained according to a service packet and comprising an address table, the address table comprising the IP address and forwarding address of the value added services device, and the forwarding address being an address in the last entry of the address table; the value added services device is located on the service path of the service packet; modifying the target IP address of the first packet according to the address in the first entry of the address table, and deleting the first entry from the address table to obtain a second packet; and forwarding the second packet according to the target IP address of the second packet. The present invention specifies a value added services device, so as to avoid transmitting a packet to an irrelevant value added services device while conducting value added services processing on the packet, further avoiding waste of capacity of the value added services device.

Description

Packet forwarding method and device
A kind of method and apparatus E-Packeted
The present invention relates to the communications field, more particularly to a kind of method and apparatus E-Packeted for technical field.Background technology in a communication network, value-added service equipment, such as fire wall, load equalizer(English:Load balancer, abbreviation:LB), intrusion prevention system(English:Intrusion prevention system, abbreviation:IPS), intruding detection system (English:Intrusion Detection System, abbreviation:IDS), data loss prevention (English:Data loss prevention, abbreviation:DLP) equipment, anti-virus(English:Anti-virus, abbreviation:AV) deployed position of equipment etc. is generally and network topology is strong correlation, i.e., value-added service equipment is generally deployed on the forward-path for the message for needing the value-added service equipment to handle, or the other network equipment hung on forward-path(Such as router or interchanger)On.
The problem of being brought using above-mentioned value-added service equipment and message forwarding close-coupled is that business processing path is dumb.For example, on a forward-path, the message normally forwarded can all pass through fire wall and IPS.But by the message of the forward-path, some may only need to fire wall and be handled, and some then need fire wall and IPS all to be handled.Under conventional deployment pattern, it is not necessary to which the message of IPS processing also has to pass through IPS, wastes IPS disposal ability.
Therefore, how the waste to value-added service capacity of equipment is avoided while value-added service processing is carried out to message, is the problem of needing to solve.The content of the invention
The invention provides a kind of method and apparatus E-Packeted, to avoid carrying out service conflict caused by identification service path using the field in standard tunnel head during E-Packeting, mitigate the burden of the network equipment on service path.
First aspect provides a kind of method E-Packeted, including:
Obtain the first message, first message is obtained according to service message, the service message is the message for needing value-added service to handle, first message includes address table, the IP address and forwarding address of the address table including value-added service equipment, the forwarding address for the address table last in address;The value-added service equipment is located on the service path of the service message;
The purpose IP address of first message is changed in address in the Section 1 of the address table, deletes the Section 1 of the address table, obtains the second message;
Second message is forwarded according to the purpose IP address of second message. With reference to described in a first aspect, in the first implementation of the first aspect, methods described is performed by stream distribution point, before the first message of the acquisition, methods described also includes:
Receive the service message;Obtain the traffic stream identifier of the Business Stream belonging to the service message;The service path of the service message is obtained according to the traffic stream identifier, the service path includes the sequence of value-added service equipment;Obtain the IP address of the value-added service equipment in the service path;And the forwarding address is obtained, the forwarding address is the purpose IP address of the service message or the IP address of stream distribution point.
With reference to the first implementation of the first aspect, in second of implementation of the first aspect, the first message of the acquisition includes:
Address table is added for the service message, the IP address of the value-added service equipment in the service path is added successively in the address table, last in the address table adds the forwarding address, obtains first message.
With reference to the first or second of implementation of the first aspect, in the third implementation of the first aspect, the service path for obtaining the service message according to the traffic stream identifier includes:According to the traffic stream identifier search strategy table, the strategy belonging to the traffic stream identifier is obtained, the service path in the strategy is obtained;The Policy Table includes at least one strategy, and each strategy includes the corresponding relation of traffic stream identifier, service path and pass-through mode;It is described obtain the forwarding address include it is following any one:The pass-through mode in the strategy is obtained, when the pass-through mode is echo plex mode, the IP address of the stream distribution point is regard as the forwarding address;And the pass-through mode in the acquisition strategy, when the pass-through mode is direct pass-through mode, it regard the purpose IP address of the service message as the forwarding address.
With reference to the first aspect the first, second or the third implementation, in the 4th kind of implementation of the first aspect, when the sequence for the mark that the sequence of the value-added service equipment includes the value-added service equipment, the IP address of the value-added service equipment in the acquisition service path includes:Obtain the IP address for identifying corresponding value-added service equipment of the value-added service equipment in the service path successively according to mapping table, each list item of the mapping table includes the corresponding relation of the IP address of value-added service equipment and the mark of value-added service equipment;Or when the sequence for the IP address that the sequence of the value-added service equipment includes the value-added service equipment, the IP address of the value-added service equipment in the acquisition service path includes:The IP address of the value-added service equipment is directly obtained from the service path.
With reference to described in a first aspect, in the 5th kind of implementation of the first aspect, methods described is performed by value-added service equipment, the first message of the acquisition includes:First message that receiving stream point of departure or upper hop value-added service equipment are sent.
With reference to the 5th kind of implementation of the first aspect, in the 6th kind of implementation of the first aspect, methods described also includes:Value-added service equipment processing, the first message after being handled, the place are carried out to first message The purpose IP address and address table of the first message after reason are identical with the purpose IP address and address table of first message.With reference to the 6th kind of implementation of the first aspect, in the 7th kind of implementation of the first aspect, second message that obtains includes:
The purpose IP address of the first message after the processing is changed in address in the Section 1 of the address table of the first message after the processing, deletes the Section 1 of the address table of the first message after the processing, obtains second message.
It is described to obtain second message and include when the IP address of the value-added service equipment in the address table is space-time in the 8th kind of implementation of the first aspect with reference to the 7th kind of implementation of the first aspect:
The purpose IP address of the first message after the processing is changed in address in the Section 1 of the address table of the first message after the processing, deletes the address table of the first message after the processing, obtains second message.
Second aspect provides a kind of device E-Packeted, including:
With reference to the second aspect, in the first implementation of the second aspect, described device, which also includes receiving module and the second acquisition module-receiving module, to be used to receive the service message;
Second acquisition module is used for the traffic stream identifier for obtaining the Business Stream belonging to the service message;The service path of the service message is obtained according to the traffic stream identifier, the service path includes the sequence of value-added service equipment;Obtain the IP address of the value-added service equipment in the service path;And the forwarding address is obtained, the forwarding address is the purpose IP address of the service message or the IP address of stream distribution point.
With reference to the first implementation of the second aspect, in second of implementation of the second aspect, first acquisition module specifically for-for the receiving module receive service message add address table, add the IP address of the value-added service equipment in the service path successively in the address table, last in the address table adds the forwarding address, obtains first message.
With reference to the first or second of implementation of the second aspect, in the third implementation of the second aspect, described device also includes memory module, for storage strategy table,
The service path that second acquisition module obtains the service message according to the traffic stream identifier includes:The Policy Table stored in the memory module is searched according to the traffic stream identifier, the strategy belonging to the traffic stream identifier is obtained, the service path in the strategy is obtained;The Policy Table includes at least one strategy, and each strategy includes the corresponding relation of traffic stream identifier, service path and pass-through mode;
Second acquisition module obtain the forwarding address include it is following any one:The pass-through mode in the strategy is obtained, when the pass-through mode is echo plex mode, the IP address of the stream distribution point is regard as the forwarding address;And The pass-through mode in the strategy is obtained, when the pass-through mode is direct pass-through mode, the purpose IP address of the service message is regard as the forwarding address.
With reference to the second aspect the first, second or the third implementation, in the 4th kind of implementation of the second aspect, described device also includes the second memory module, for memory map assignments, each list item of the mapping table includes the corresponding relation of the IP address of value-added service equipment and the mark of value-added service equipment;
When the sequence for the mark that the sequence of the value-added service equipment includes the value-added service equipment, the IP address that the second acquisition unit obtains the value-added service equipment in the service path includes:Obtain the IP address for identifying corresponding value-added service equipment of the value-added service equipment in the service path successively according to mapping table, each list item of the mapping table includes the corresponding relation of the IP address of value-added service equipment and the mark of value-added service equipment.
With reference to the second aspect, in the 5th kind of implementation of the second aspect, first message that the first acquisition module is sent specifically for receiving stream point of departure or upper hop value-added service equipment.
With reference to the 5th kind of implementation of the second aspect, in the 6th kind of implementation of the second aspect, described device also includes:
Processing module, for carrying out value-added service equipment processing to first message, the first message after being handled, the purpose IP address and address table of the first message after the processing are identical with the purpose IP address and address table of first message.
With reference to the 6th kind of implementation of the second aspect, in the 7th kind of implementation of the second aspect, modified module specifically for-purpose IP address of the first message after the processing is changed according to the address in the Section 1 of the address table of the first message after the processing, the Section 1 of the address table of the first message after the processing is deleted, second message is obtained.
With reference to the 7th kind of implementation of the second aspect, in the 8th kind of implementation of the second aspect, when the value-added service equipment in the address table IP address be space-time, the modification unit specifically for:
The purpose IP address of the first message after the processing is changed in address in the Section 1 of the address table of the first message after the processing, deletes the address table of the first message after the processing, obtains second message.
The third aspect provides a kind of device E-Packeted, including processor, communication interface, memory and bus, wherein, the processor, the communication interface and the memory carry out mutual communication by the bus;
The memory is used for storage program;
The processor is used to call the described program in the memory, the method that the first aspect is performed according to described program, and forwards second message by the communication interface.In such scheme, stream distribution point includes the IP address of value-added service equipment by being added in the service message of reception And the address table of forwarding address, the service message can be sent to the value-added service equipment in corresponding service path successively, realize while value-added service processing is carried out to the service message, avoid the service message being sent to incoherent value-added service equipment, and then avoid the waste to value-added service capacity of equipment.Also, address table is added by stream distribution point and sent in service message, it is to avoid in each value-added service equipment configuration complexities problem caused by service path is respectively configured.Technical scheme in illustrating in order to illustrate the embodiments of the present invention more clearly, the accompanying drawing used required in being described below to embodiment is briefly described, apparently, drawings in the following description are only some embodiments of the present invention, for those of ordinary skill in the art, on the premise of not paying creative work, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of network architecture schematic diagram provided in an embodiment of the present invention;
Fig. 2 is a kind of schematic flow sheet of the method E-Packeted provided in the embodiment of the present invention;
Fig. 3 is the schematic flow sheet of another method E-Packeted provided in the embodiment of the present invention;
Fig. 4 is the schematic flow sheet of another method E-Packeted provided in the embodiment of the present invention;
Fig. 5 is a kind of structural representation of the device E-Packeted provided in the embodiment of the present invention;
Fig. 6 is the structural representation of another device E-Packeted provided in the embodiment of the present invention;
Fig. 7 is the structural representation of another device E-Packeted provided in the embodiment of the present invention;
Fig. 8 is the structural representation of the still another device E-Packeted provided in the embodiment of the present invention.The technical scheme in the embodiment of the present invention is clearly and completely described below in conjunction with the accompanying drawing in the embodiment of the present invention for embodiment, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.Based on the embodiment in the present invention, the every other embodiment that those of ordinary skill in the art are obtained under the premise of creative work is not made belongs to the scope of protection of the invention.
The embodiments of the invention provide a kind of system E-Packeted, as shown in figure 1, the system stream distribution point 12 and value-added service equipment 13, the value-added service equipment can have one or more, multiple value-added service equipment 13a-n are shown in figure.Wherein, the stream distribution point 12 and value-added service equipment 13 may each be the dummy node in network, virtual functions module or hardware physical entity.Stream distribution point 12 is used for acquisition strategy table, is selected according to the Policy Table Service path, Business Stream is sent by the service path of the selection to value-added service equipment 13.Two service paths, respectively service path 1 and service path 2 are shown in Fig. 1.The value-added service equipment 13 is used to carry out the Business Stream value-added service processing, and the Business Stream after forward process.The stream distribution point 12 and the concrete function of value-added service equipment 13 may be referred to the description in each following embodiment.
Based on the system shown in Fig. 1, the embodiments of the invention provide a kind of method E-Packeted, the executive agent of methods described can be stream distribution point 12 or value-added service equipment 13, as shown in Figure 2, methods described can be performed by value-added service equipment, it can also be performed by stream distribution point, methods described includes:
201st, the first message is obtained, first message is obtained according to service message, the service message is the message for needing value-added service to handle, first message includes address table, the address table includes IP addresses and the forwarding address of value-added service equipment, and the value-added service equipment is located on the service path of the service message.Wherein, first message can be that stream distribution point passes through the message that processing is obtained to the service message received, it can also be the message after the processing of stream distribution point that value-added service equipment is received, it can also be the message for process other value-added service equipment processing that value-added service equipment is received, the message that the service message after the processing that value-added service device for flow point of departure is sent is obtained after further handling is can also be, is not limited here.No matter how first message obtains, first message is finally obtained according to the service message.
The service path is by the path for needing to constitute the value-added service equipment that the service message carries out value-added service processing successively, i.e., described service path includes needing to carry out the service message sequence of the value-added service equipment of value-added service processing.The IP address information or the IP address information of part value-added service equipment of whole value-added service equipment on the service path can be included according to the change of the executive agent of methods described, in the address table.The IP address of the value-added service equipment in the address table can also be sky, i.e., described address table only includes the forwarding address.
The forwarding address for the address table last in address.
202nd, the purpose IP address of first message is changed in the address in the Section 1 of the address table, deletes the Section 1 of the address table, obtains the second message.
Step 202 is specifically referred to, and the purpose IP address of first message is revised as to the address in the Section 1 in the address table, and deletes the Section 1 in the address table, regard the message obtained to the first message after above-mentioned processing as the second message.
When performing methods described by stream distribution point, the address in the Section 1 of the address table is the IP addresses of value-added service equipment.When performing methods described by value-added service equipment, the address in the Section 1 can be the IP address of next-hop value-added service equipment, or forwarding address. 203rd, second message is forwarded according to the purpose IP address of second message.
Specifically, it is the corresponding value-added service equipment of purpose IP address that second message is transmitted to by second message according to the purpose IP address of second message, i.e. next-hop value-added service equipment in step 203.
In the above embodiment of the present invention, include the first message of the IP address of value-added service equipment and the address table of forwarding address by obtaining, and first message is modified obtain the second message, then second message is sent, realize and value-added service equipment is specified, can be while value-added service processing be carried out to the message, it is to avoid the message is sent to incoherent value-added service equipment, and then avoids the waste to value-added service capacity of equipment.
Separately below from stream distribution point and the angle of value-added service equipment, method shown in Fig. 2 is further elaborated.As shown in figure 3, in one embodiment of the invention, when the method shown in Fig. 2 is performed by stream distribution point, methods described can specifically include:
301st, stream distribution point receives service message, wherein, the service message is the message for needing to carry out value-added service processing.
The service message can be the message received from user side or the message received from network side, and the present embodiment is without limitation.The service message is IP messages.
302nd, the stream distribution point obtains the traffic stream identifier of the Business Stream belonging to the service message.
Wherein, source IP address can be passed through, purpose IP address, source port, destination interface, at least one of protocol number information carrys out identification service stream, therefore, the traffic stream identifier can include the source IP address of the service message, purpose IP address, at least one in source port, destination interface and protocol number.Alternatively, the traffic stream identifier can be the five-tuple information of the service message or the numerical value obtained according to the five-tuple information of the service message by certain algorithm, for example, pass through Hash(Hash) the numerical value obtained by algorithm.
303rd, the stream distribution point obtains the service path of the service message according to the traffic stream identifier, and the service path includes needing to carry out the service message sequence of the value-added service equipment of value-added service processing.
Specifically, the stream distribution point obtains the strategy belonging to the traffic stream identifier according to the traffic stream identifier search strategy table, obtains the service path in the strategy.The Policy Table is used for the value-added service processing mode for indicating Business Stream.The Policy Table includes at least one strategy, and each strategy includes the corresponding relation of traffic stream identifier, service path and pass-through mode.
The sequence of the value-added service equipment can be specifically the sequence or the sequence of IP address of the mark of value-added service equipment.The sequence indicates the order that value-added service equipment is handled Business Stream.The mark can be digital numbering, for example, the numbering that the numbering that FW numbering is 1, IPS is 2, IDS is 3 etc., then service path(3,1,2) Represent that Business Stream needs to handle by three value-added service equipment, the order of processing IDS before this, after be FW, be finally IPS.The mark can also be the code of value-added service equipment, for example, it may be FW, IPS or IDS etc..
The pass-through mode refers to the pass-through mode of last the value-added service equipment in corresponding service path, includes echo plex mode and direct pass-through mode.The echo plex mode refers to that the message obtained after the processing of all value-added service equipment is still returned to stream distribution point by last value-added service equipment.The direct pass-through mode, refers to that last described value-added service equipment is forwarded the message obtained after the processing of all value-added service equipment according to the purpose IP address of service message.
The Policy Table can be that the stream distribution point is obtained from management equipment or is pre-configured in by user on the stream distribution point, not be limited herein.
304th, the stream distribution point obtains the IP address of the value-added service equipment in the service path.
Wherein, when the service path includes multiple value-added service equipment, the IP address of the value-added service equipment in the service path is obtained, the IP address according to the multiple value-added service equipment obtained successively in the service path is specifically referred to.
When the service path includes the sequence of the mark of value-added service equipment, the stream distribution point obtains the IP address of the corresponding value-added service equipment of mark of the value-added service equipment in the service path according to mapping table successively.Wherein, each list item of the mapping table includes the corresponding relation of the IP address of value-added service equipment and the mark of value-added service equipment.The mapping table can be the management equipment and stream distribution point consults to determine or the management equipment is sent to the stream distribution point according to configuration.When the service path includes the sequence of the IP address of value-added service equipment, the stream distribution point directly obtains the IP address of the value-added service equipment from the service path.
305th, the stream distribution point obtains the forwarding address of the service message.
The forwarding address is the purpose IP addresses for the message that the service message is obtained after the processing of whole value-added service equipment.The pass-through mode of last value-added service equipment of the forwarding address by the stream distribution point in the service path is determined, as it was previously stated, the pass-through mode can be obtained by the Policy Table.
The forwarding address that the stream distribution point obtains the service message includes:The pass-through mode in the strategy is obtained, when the pass-through mode is echo plex mode, the IP address of the stream distribution point is regard as the forwarding address;And the pass-through mode in the acquisition strategy, when the pass-through mode is direct pass-through mode, it regard the purpose IP addresses of the service message as the forwarding address.
306th, the stream distribution point obtains the first message, and first message is obtained according to the service message, and first message includes address table, and the address table includes the IP address and forwarding address of value-added service equipment, described Value-added service equipment is located on the service path of the service message.
Specifically, the stream distribution point obtains the first message and included:Address table is added for the service message, add the IP address of the value-added service equipment on the service path obtained in the step 304 successively in the address table and the forwarding address obtained in the step 305 is added in last of the address table, obtain first message, the forwarding address for the address table last in address.
Specifically, the service path includes the sequence of multiple value-added service equipment, and the address table correspondingly includes the IP address of the multiple value-added service equipment.Also, sequence of sequence of the IP address of the multiple value-added service equipment in the address table with each self-corresponding value-added service equipment in the service path is identical.
The address table can be added in the service message in many ways, for example, by address table addition in the extension header for the service message, or, by address table addition in the IP options of the service message.
By taking the service path 1 shown in Fig. 1 as an example, four value-added service equipment 13a-13d are had in service path 1, can be designated as(13a, 13b, 13c, 13d), the IP address of the value-added service equipment 13a-13d is respectively 1.1.1.10,1.1.1.11,1.1.1.12 and 1.1.1.13.It is 1.1.1.1 that stream distribution, which is checked and accepted to IJ source IP address, after purpose IP address is 2.2.2.2 service message, obtain the traffic stream identifier of the Business Stream belonging to the service message, service path 1 is got according to the traffic stream identifier, according to the mark of each value-added service equipment in the service path 1, the IP address 1.1.1.10 of each value-added service equipment is got respectively according to the mapping table being locally stored, 1.1.1.11, and 1.1.1.13 1.1.1.12, assuming that the pass-through mode of last value-added service equipment is direct pass-through mode in the service path, then the stream distribution point determines that the forwarding address is 2.2.2.2, then, address table is added for the service message, the IP address of each value-added service equipment is added in the address table according to the sequence of the mark of each value-added service equipment in the service path 1, the forwarding address is added to the address table last in, source IP address is obtained for 1.1.1.1, purpose IP address is 2.2.2.2, carry address table(1.1.1.10,1.1.1.11,1.1.1.12,1.1.1.13,2.2.2.2) the first message.
In each embodiment of the application, for the ease of statement, the address table is indicated with round bracket, in the specific implementation, the address table there can be many forms.
307th, the stream distribution point changes the purpose IP addresses of first message according to the address in the Section 1 of the address table, deletes the Section 1 of the address table, obtains the second message.
Specifically, the stream distribution point is according to the IP address in the Section 1 of the address table, the IP address of first value-added service equipment in i.e. described service path, change the purpose IP address of first message, and the Section 1 of the address table in first message is deleted, obtain the second message.
Then above-mentioned example, the source IP address of first message is 1.1.1.1, and purpose IP address is 2.2.2.2, is taken The address table of band is(1.1.1.10,1.1.1.11,1.1.1.12,1.1.1.13,2.2.2.2).Shellfish lj is in this step, the Section 1 in the address table is revised as in the purpose IP addresses of first message by the stream distribution point by 2.2.2.2, that is 1.1.1.10, and delete 1.1.1.10 from the address table, obtain the second message, the source IP address of second message is 1.1.1.1, and purpose IP address is 1.1.1.10, and the address table of carrying is(1.1.1.11,1.1.1.12,1.1.1.13,2.2.2.2).
308th, the stream distribution point sends second message according to the purpose IP address of second message.
Specifically, it is the IP address of first value-added service equipment in the service path due to the purpose IP address of second message, second message is sent to first value-added service equipment in the service path by the point of stream distribution described in this step.
Above-mentioned steps 306,307 and 308 are step 201 in Fig. 2 respectively, and 202 and 203 implement.
In the above embodiment of the present invention, stream distribution point includes value-added service equipment by being added in the service message of reception
The address table of IP address and forwarding address, the service message can be sent to the value-added service equipment in corresponding service path successively, realize while value-added service processing is carried out to the service message, avoid the service message being sent to incoherent value-added service equipment, and then avoid the waste to value-added service capacity of equipment.Also, address table is added by stream distribution point and sent in service message, it is to avoid in each value-added service equipment configuration complexities problem caused by service path is respectively configured.
As shown in figure 4, in another embodiment of the present invention, when the method shown in Fig. 2 is performed by value-added service equipment, methods described can specifically include:
401st, value-added service equipment obtains the first message, first message is obtained according to service message, the service message is the message for needing value-added service to handle, first message includes address table, the address table includes the IP address and forwarding address of value-added service equipment, and the value-added service equipment is located on the service path of the service message.
The forwarding address for the address table last in address.When only one of which address in the addresses forwarding table, the address is the forwarding address, in this case, it is believed that the IP address of value-added service equipment is sky.
The value-added service equipment obtains the first message, can be specifically the first message that receiving stream point of departure is sent, or the first message that upper hop value-added service equipment is sent.
By taking the service path 1 shown in Fig. 1 as an example, four value-added service equipment 13a-13d are had in service path 1, the IP address of the value-added service equipment 13a-13d is respectively 1.1.1.10,1.1.1.11,1.1.1.12 and 1.1.1.13.For value-added service equipment 13a, first message can be that the stream distribution point is sent, and source IP address is 1.1.1.1, and purpose IP address is 1.1.1.10, and the address table of carrying is(1.1.1.11,1.1.1.12,1.1.1.13,2.2.2.2) message.Wherein, the 1.1.1.11 in the address table, 1.1.1.12,1.1.1.13 are the IP address of value-added service equipment, 2.2.2.2 it is forwarding address.
402nd, the value-added service equipment carries out value-added service processing, the first message after being handled to first message.
Because the major function of value-added service equipment is exactly to carry out value-added service processing to message, therefore, the value-added service equipment carries out value-added service processing, the first message after being handled after first message is received to first message.The purpose IP address and address table of the first message after the processing are identical with the purpose IP address and address table of first message.
403rd, the value-added service equipment changes the purpose IP address of the first message after the processing according to the address in the Section 1 of the address table of the first message after the processing, the Section 1 of the address table of the first message after the processing is deleted, the second message is obtained.
In an implementation of the present embodiment, the IP address of the value-added service equipment is not sky, still by taking the value-added service equipment 13a as an example, when the value-added service equipment 13a receives source IP address for 1.1.1.1, purpose IP addresses are 1.1.1.10, and the address table of carrying is(1.1.1.11, 1.1.1.12, 1.1.1.13, 2.2.2.2) the first message after, assuming that to first message after value-added service is handled, the purpose IP address and address table of the first message after obtained processing are constant, then in step 403, the purpose IP address 1.1.1.10 of the first message after the processing are revised as the Section 1 in the address table by the value-added service equipment 13a, that is 1.1.1.11, and delete the Section 1 of the address table, 1.1.1.11 is deleted from the address table, obtain the second message, the source IP address of second message is 1.1.1.1, purpose IP address is 1.1.1.11, the address table of carrying is(1.1.1.12,1.1.1.13,2.2.2.2).
In another implementation of the present embodiment, when the IP address of the value-added service equipment in the address table of first message is sky, when only including one of forwarding address in i.e. described address table, then in step 403, due to only having one in the address table of the first message after processing, then the value-added service equipment can just obtain second message by deleting the address table of the first message after the processing.For example, when first message is the message that the value-added service equipment 13d is received from value-added service equipment 13c, the source IP address of first message is 1.1.1.1, and purpose IP address is 1.1.1.13, and address table is(2.2.2.2), assuming that the source IP address of the first message after processing, purpose IP addresses and address table are constant, then value-added service equipment 13d changes the purpose IP addresses of the first message after the processing, 2.2.2.2, and the 2.2.2.2 in address table is deleted, delete after 2.2.2.2, because the address table in the first message after the processing has been sky, value-added service equipment 13d further deletes the address table, obtains the second message.Second message now is the message without address table.
404th, the value-added service equipment forwards second message according to the purpose IP address of second message. In one embodiment, second message is sent to value-added service equipment 13b by the value-added service equipment 13a according to the purpose IP address 1.1.1.11 of second message.
In another embodiment, the value-added service equipment 13d forwards second message according to the purpose IP address 2.2.2.2 of second message.
Above-mentioned steps 401,403 and 404 are step 201 in Fig. 2 respectively, and 202 and 203 implement.
In the present embodiment, the first message that the value-added service equipment receiving stream point of departure or upper hop value-added service equipment are sent, first message is sent to by other value-added service equipment according to the address table carried in first message or forwarded, realized by address table and value-added service equipment is specified, can be while value-added service processing be carried out to the message, avoid the message being sent to incoherent value-added service equipment, and then avoid the waste to value-added service capacity of equipment.
To realize the above method of the embodiment of the present invention, the embodiment of the present invention additionally provides a kind of device 500 E-Packeted, as shown in figure 5, described device includes the first acquisition module 501, modified module 502 and forwarding module 503.
First acquisition module 501 is used to obtain the first message, first message is obtained according to service message, the service message is the message for needing value-added service to handle, first message includes address table, the address table includes the IP address and forwarding address of value-added service equipment, and the value-added service equipment is located on the service path of the service message.
The purpose IP address of first message is changed in the address that the modified module 502 is used in the Section 1 according to the address table, deletes the Section 1 of the address table, obtains the second message.
The forwarding module 503 is used to forward second message according to the purpose IP address of second message.
Above-mentioned first acquisition module 501, modified module 502 and forwarding module 503 are respectively used to perform step 201, and 202 and 203, concrete function refer to the related descriptions of Fig. 2.
In one embodiment of the invention, when the device E-Packeted is stream distribution point, as shown in fig. 6, described device 500 also includes:The acquisition module 602 of receiving module 601 and second.
The receiving module 601 is used to receive the service message.
Second acquisition module 602 is used for the traffic stream identifier for obtaining the Business Stream belonging to the service message;The service path of the service message is obtained according to the traffic stream identifier, the service path includes the sequence of value-added service equipment;Obtain the IP address of the value-added service equipment in the service path;And the forwarding address is obtained, the forwarding address is the purpose IP address of the service message or the IP address of stream distribution point.First acquisition module 501 adds address table specifically for the service message received for the receiving module, in institute The IP address for the value-added service equipment added successively in address table in the service path is stated, last in the address table adds the forwarding address, obtains first message.
Further, described device 500 also includes the first memory module 603, for storage strategy table, and the service path that second acquisition module 602 obtains the service message according to the traffic stream identifier includes:The Policy Table stored in first memory module 603 is searched according to the traffic stream identifier, the strategy belonging to the traffic stream identifier is obtained, the service path in the strategy is obtained;The Policy Table includes at least one strategy, and each strategy includes the corresponding relation of traffic stream identifier, service path and pass-through mode;Second acquisition module 602 obtain the forwarding address include it is following any one:The pass-through mode in the strategy is obtained, when the pass-through mode is echo plex mode, the IP address of the stream distribution point is regard as the forwarding address;And the pass-through mode in the acquisition strategy, when the pass-through mode is direct pass-through mode, it regard the purpose IP address of the service message as the forwarding address.
Further, described device also includes the second memory module 604, for memory map assignments, when the sequence for the mark that the sequence of the value-added service equipment includes the value-added service equipment, the IP address that second acquisition module 602 obtains the value-added service equipment in the service path includes:Obtain the IP address for identifying corresponding value-added service equipment of the value-added service equipment in the service path successively according to the mapping table, each list item of the mapping table includes the corresponding relation of the IP address of value-added service equipment and the mark of value-added service equipment.
In another embodiment of the present invention, when the device E-Packeted is value-added service equipment, as shown in fig. 7, described device also includes processing module 701.First message that first acquisition module 501 is sent specifically for receiving stream point of departure or upper hop value-added service equipment.
The processing module 701 is used to carry out value-added service processing, the first message after being handled, the purpose IP address of the first message after the processing and identical with the purpose IP address and address table of first message with address table to first message.
The modified module 502 specifically for, change the purpose IP address of the first message after the processing in address in the Section 1 of the address table of the first message after the processing, the Section 1 of the address table of the first message after the processing is deleted, second message is obtained.
In another embodiment of the present invention, when the device E-Packeted is value-added service equipment, if the IP address of the value-added service equipment in the address table for the first message that first acquisition module 501 is obtained is sky, i.e., only include one in described address table(Address therein is forwarding address)When, the modified module 502 changes the purpose IP addresses of the first message after the processing specifically for the address in the Section 1 of the address table according to the first message after the processing, the address table of the first message after the processing is deleted, second message is obtained. Device in the various embodiments described above of the present invention includes the first message of the IP address of value-added service equipment and the address table of forwarding address by obtaining, and first message is modified obtain the second message, then second message is sent, realize and value-added service equipment is specified, can be while value-added service processing be carried out to the message, avoid the message being sent to incoherent value-added service equipment, and then avoid the waste to value-added service capacity of equipment.
The embodiment of the present invention additionally provides a kind of device 800 E-Packeted, described device can be the host server for including computing capability, or router, the network switch etc., the specific embodiment of the invention is not limited implementing for calculate node.As shown in figure 8, described device 800 includes:
Processor (English:Processor) 810, communication interface(English:Communications interface) 820, memory (English:Memory) 830, bus 840.
Processor 810, communication interface 820, memory 830 carries out mutual communication by bus 840.
Communication interface 820, for being communicated with ext nal network element.In one embodiment, the communication interface 820 is used to communicate with management equipment 11, value-added service equipment 13 etc..In another embodiment, the communication interface 820 is used for and stream distribution point 12, the communication of the grade of value-added service equipment 13.Communication interface 820 can be by optical transceiver, electric transceiver, and wireless transceiver or its any combination are realized.For example, optical transceiver can be Small Form-Factor Pluggable(English:Small form-factor pluggable transceiver, abbreviation:SFP) transceiver(English:), transceiver Small Form-Factor Pluggable is strengthened(English:Enhanced small form-factor pluggable, abbreviation:SFP+) transceiver or 10 gigabit Small Form-Factor Pluggables (English:10 Gigabit small form-factor pluggable, abbreviation:XFP) transceiver.Electric transceiver can be Ethernet(English:Ethernet) network interface controller(English:Network interface controller, abbreviation: NIC).Wireless transceiver can be radio network interface controller(English:Wireless network interface controller, abbreviation: WNIC).Communication interface 820 can include multiple physical interfaces, and such as communication interface 820 includes multiple Ethernet interfaces.
Processor 810, for configuration processor 832.
Specifically, program 832 can include program code, and described program code includes computer-managed instruction.
Processor 810 is probably central processing unit(English:Central processing unit, abbreviation:), or application specific integrated circuit CPU(English:Application-specific integrated circuit, abbreviation: ASIC).
Memory 830, for depositing program 832.Memory 830 can include volatile memory(English:Volatile memory), such as random access memory(English:Random-access memory, abbreviation: RAM);Memory 830 can also include nonvolatile memory(English:Non-volatile memory), such as read-only storage(English:Read-only memory, abbreviation:ROM), flash memory(English:Flash memory), hard disk(English: hard Disk drive, abbreviation:) or solid state hard disc HDD(English:Solid-state drive, abbreviation: SSD);Memory 830 can also include the combination of the memory of mentioned kind.
Processor 810 is used to call the program 832 in the memory, the method shown in Fig. 2, Fig. 3 or Fig. 4 is performed according to program 832, and forward second message by the communication interface.
One of ordinary skill in the art will appreciate that realizing all or part of step of above-described embodiment can be completed by hardware, the hardware of correlation can also be instructed to complete by program, described program can be stored in a kind of computer-readable recording medium, storage medium mentioned above can be read-only storage, disk or CD etc..
Presently preferred embodiments of the present invention is the foregoing is only, is not intended to limit the invention, all within the principle of the present invention, any modification, equivalent substitution and improvements made etc. should be included in the scope of the protection.

Claims (19)

  1. Claim
    1st, a kind of method E-Packeted, it is characterised in that including:
    Obtain the first message, first message is obtained according to service message, the service message is the message for needing value-added service to handle, first message includes address table, the IP address and forwarding address of the address table including value-added service equipment, the forwarding address for the address table last in address;The value-added service equipment is located on the service path of the service message;
    The purpose IP address of first message is changed in address in the Section 1 of the address table, deletes the Section 1 of the address table, obtains the second message;
    Second message is forwarded according to the purpose IP address of second message.
    2nd, according to the method described in claim 1, it is characterised in that methods described is performed by stream distribution point, before the first message of the acquisition, methods described also includes:
    Receive the service message;
    Obtain the traffic stream identifier of the Business Stream belonging to the service message;
    The service path of the service message is obtained according to the traffic stream identifier, the service path includes the sequence of value-added service equipment;
    Obtain the IP address of the value-added service equipment in the service path;And
    The forwarding address is obtained, the forwarding address is the purpose IP address of the service message or the IP address of stream distribution point.
    3rd, method according to claim 2, it is characterised in that the message of acquisition first includes:
    Address table is added for the service message, the IP address of the value-added service equipment in the service path is added successively in the address table, last in the address table adds the forwarding address, obtains first message.
    4th, according to the method in claim 2 or 3, it is characterised in that
    The service path for obtaining the service message according to the traffic stream identifier includes:According to the traffic stream identifier search strategy table, the strategy belonging to the traffic stream identifier is obtained, the service path in the strategy is obtained;The Policy Table includes at least one strategy, and each strategy includes the corresponding relation of traffic stream identifier, service path and pass-through mode;It is described obtain the forwarding address include it is following any one:The pass-through mode in the strategy is obtained, when the pass-through mode is echo plex mode, the IP address of the stream distribution point is regard as the forwarding address;And the pass-through mode in the acquisition strategy, when the pass-through mode is direct pass-through mode, it regard the purpose IP address of the service message as the forwarding address.
    5th, method as claimed in any of claims 2 to 4, it is characterised in that When the sequence for the mark that the sequence of the value-added service equipment includes the value-added service equipment, the IP address of the value-added service equipment in the acquisition service path includes:Obtain the IP address for identifying corresponding value-added service equipment of the value-added service equipment in the service path successively according to mapping table, each list item of the mapping table includes the corresponding relation of the IP address of value-added service equipment and the mark of value-added service equipment;Or
    When the sequence for the IP address that the sequence of the value-added service equipment includes the value-added service equipment, the IP address of the value-added service equipment in the acquisition service path includes:The IP address of the value-added service equipment is directly obtained from the service path.
    6th, according to the method described in claim 1, it is characterised in that methods described is performed by value-added service equipment, the first message of the acquisition includes:
    First message that receiving stream point of departure or upper hop value-added service equipment are sent.
    7th, method according to claim 6, it is characterised in that methods described also includes:
    Value-added service equipment processing is carried out to first message, the first message after being handled, the purpose IP address and address table of the first message after the processing are identical with the purpose IP address and address table of first message.
    8th, method according to claim 7, it is characterised in that second message that obtains includes:
    The purpose IP address of the first message after the processing is changed in address in the Section 1 of the address table of the first message after the processing, deletes the Section 1 of the address table of the first message after the processing, obtains second message.
    9th, method according to claim 8, it is characterised in that described to obtain second message and include when the IP addresses of the value-added service equipment in the address table are space-time:
    The purpose IP address of the first message after the processing is changed in address in the Section 1 of the address table of the first message after the processing, deletes the address table of the first message after the processing, obtains second message.
    10th, a kind of device E-Packeted, it is characterised in that including:
    First acquisition module, for obtaining the first message, first message is obtained according to service message, the service message is the message for needing value-added service to handle, first message includes address table, the IP address and forwarding address of the address table including value-added service equipment, the forwarding address for the address table last in address;The value-added service equipment is located on the service path of the service message;
    Modified module, the purpose IP address of first message is changed for the address in the Section 1 according to the address table, is deleted the Section 1 of the address table, is obtained the second message;
    Forwarding module, for forwarding second message according to the purpose IP address of second message.
    11st, device according to claim 10, it is characterised in that described device also includes receiving module and the second acquisition module: The receiving module is used to receive the service message;
    Second acquisition module is used for the traffic stream identifier for obtaining the Business Stream belonging to the service message;The service path of the service message is obtained according to the traffic stream identifier, the service path includes the sequence of value-added service equipment;Obtain the IP address of the value-added service equipment in the service path;And the forwarding address is obtained, the forwarding address is the purpose IP address of the service message or the IP address of stream distribution point.
    12nd, device according to claim 11, it is characterised in that first acquisition module specifically for:Address table is added for the service message that the receiving module is received, the IP address of the value-added service equipment in the service path is added successively in the address table, last in the address table adds the forwarding address, obtains first message.
    13rd, the device according to claim 11 or 12, it is characterised in that described device also includes memory module, for storage strategy table,
    The service path that second acquisition module obtains the service message according to the traffic stream identifier includes:The Policy Table stored in the memory module is searched according to the traffic stream identifier, the strategy belonging to the traffic stream identifier is obtained, the service path in the strategy is obtained;The Policy Table includes at least one strategy, and each strategy includes the corresponding relation of traffic stream identifier, service path and pass-through mode;
    Second acquisition module obtain the forwarding address include it is following any one:The pass-through mode in the strategy is obtained, when the pass-through mode is echo plex mode, the IP address of the stream distribution point is regard as the forwarding address;And the pass-through mode in the acquisition strategy, when the pass-through mode is direct pass-through mode, it regard the purpose IP address of the service message as the forwarding address.
    14th, the device according to any one in claim 11 to 13, it is characterized in that, described device also includes the second memory module, for memory map assignments, each list item of the mapping table includes the corresponding relation of the IP address of value-added service equipment and the mark of value-added service equipment;
    When the sequence for the mark that the sequence of the value-added service equipment includes the value-added service equipment, the IP address that the second acquisition unit obtains the value-added service equipment in the service path includes:Obtain the IP address for identifying corresponding value-added service equipment of the value-added service equipment in the service path successively according to mapping table, each list item of the mapping table includes the corresponding relation of the IP address of value-added service equipment and the mark of value-added service equipment.
    15th, device according to claim 10, it is characterised in that first message that the first acquisition module is sent specifically for receiving stream point of departure or upper hop value-added service equipment.
    16th, device according to claim 15, it is characterised in that described device also includes:
    Processing module, for first message carry out value-added service equipment processing, the first message after being handled, The purpose IP address and address table of the first message after the processing are identical with the purpose IP address and address table of first message.
    17th, device according to claim 16, it is characterised in that the modified module specifically for:The purpose IP address of the first message after the processing is changed in address in the Section 1 of the address table of the first message after the processing, deletes the Section 1 of the address table of the first message after the processing, obtains second message.
    18th, device according to claim 17, it is characterised in that when the value-added service equipment in the address table IP address be space-time, the modification unit specifically for:
    The purpose IP address of the first message after the processing is changed in address in the Section 1 of the address table of the first message after the processing, deletes the address table of the first message after the processing, obtains second message.
    19th, a kind of device E-Packeted, it is characterised in that including processor, communication interface, memory and bus, wherein, the processor, the communication interface and the memory carry out mutual communication by the bus;The memory is used for storage program;
    The processor is used to call the described program in the memory, the method according to described program perform claim requires any one in 1-9, and forwards second message by the communication interface.
CN201480000859.0A 2014-01-06 2014-01-06 A kind of method and apparatus to E-Packet Active CN105103503B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2014/070184 WO2015100751A1 (en) 2014-01-06 2014-01-06 Packet forwarding method and device

Publications (2)

Publication Number Publication Date
CN105103503A true CN105103503A (en) 2015-11-25
CN105103503B CN105103503B (en) 2018-07-31

Family

ID=53493054

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201480000859.0A Active CN105103503B (en) 2014-01-06 2014-01-06 A kind of method and apparatus to E-Packet

Country Status (2)

Country Link
CN (1) CN105103503B (en)
WO (1) WO2015100751A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114124777A (en) * 2020-08-27 2022-03-01 中国电信股份有限公司 Value added service processing method, device and system

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113992592B (en) * 2021-10-27 2023-11-17 锐捷网络股份有限公司 Message forwarding method and device, port drainage system and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101984598A (en) * 2010-11-04 2011-03-09 成都市华为赛门铁克科技有限公司 Message forwarding method and deep packet inspection (DPI) device
CN102075438A (en) * 2011-02-14 2011-05-25 中兴通讯股份有限公司 Unicast data frame transmission method and device
US20110158237A1 (en) * 2009-12-30 2011-06-30 Verizon Patent And Licensing, Inc. Modification of peer-to-peer based feature network based on changing conditions / session signaling
CN103346974A (en) * 2013-06-03 2013-10-09 华为技术有限公司 Controlling method of service process and network device
WO2013189272A1 (en) * 2012-06-18 2013-12-27 华为技术有限公司 Service processing method, device and system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101510845B (en) * 2009-03-27 2012-10-10 北京星网锐捷网络技术有限公司 Method and apparatus for forwarding label
CN102769557B (en) * 2012-08-09 2015-08-12 深圳市共进电子股份有限公司 A kind of transmission method of business datum message and device
CN106170024B (en) * 2012-12-24 2019-12-24 华为技术有限公司 System, method and node for data processing in software defined network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110158237A1 (en) * 2009-12-30 2011-06-30 Verizon Patent And Licensing, Inc. Modification of peer-to-peer based feature network based on changing conditions / session signaling
CN101984598A (en) * 2010-11-04 2011-03-09 成都市华为赛门铁克科技有限公司 Message forwarding method and deep packet inspection (DPI) device
CN102075438A (en) * 2011-02-14 2011-05-25 中兴通讯股份有限公司 Unicast data frame transmission method and device
WO2013189272A1 (en) * 2012-06-18 2013-12-27 华为技术有限公司 Service processing method, device and system
CN103346974A (en) * 2013-06-03 2013-10-09 华为技术有限公司 Controlling method of service process and network device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114124777A (en) * 2020-08-27 2022-03-01 中国电信股份有限公司 Value added service processing method, device and system

Also Published As

Publication number Publication date
WO2015100751A1 (en) 2015-07-09
CN105103503B (en) 2018-07-31

Similar Documents

Publication Publication Date Title
CN108471397B (en) Firewall configuration, message sending method and device
EP3076612B1 (en) Packet processing methods and nodes
CN108141416B (en) Message processing method, computing equipment and message processing device
US10263808B2 (en) Deployment of virtual extensible local area network
US10412008B2 (en) Packet processing method, apparatus, and system
CN113411243B (en) Data transmission method and device
US10461958B2 (en) Packet transmission method and apparatus
WO2018036254A1 (en) Packet forwarding method and device
JP6437693B2 (en) Multicast data packet forwarding
CN103259726A (en) Method, device and system for storing and sending MAC address table entries
CN105591974A (en) Message processing method, device and system
CN104811380A (en) Method for transmitting traffic-guiding routing information and cleaning apparatus
CN109936492A (en) A kind of methods, devices and systems by tunnel transmission message
US20190215191A1 (en) Deployment Of Virtual Extensible Local Area Network
US20200028779A1 (en) Packet processing method and apparatus
US10917342B2 (en) Method and system for propagating network traffic flows between end points based on service and priority policies
CN105103503A (en) Packet forwarding method and device
CN104702505B (en) A kind of message transmitting method and node
CN105471817A (en) Method, device and system for unloading service flow
CN105009542B (en) A kind of method and apparatus for handling message
CN112565044B (en) Message processing method and device
CN104394081B (en) A kind of data processing method and device
US9306861B2 (en) Automatic promiscuous forwarding for a bridge
KR102001487B1 (en) Method for controlling software defined networking and computing device performing the same
CN105721313B (en) Data transmission method and relevant device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant