CN106161226A - Send, receive the method and apparatus of stream specification rule - Google Patents

Abstract

The embodiment of the present invention provides one to send, receive the method and apparatus of stream specification rule, first network equipment is determining that second network equipment can be after first network equipment sends stream specification rule ORF record, receive the stream specification rule ORF record that second network equipment sends, the stream specification rule being sent to second network equipment is filtered by stream specification rule ORF record for first network equipment, when first network equipment has stream specification rule to be sent to second network equipment, the stream specification rule being sent to second network equipment is filtered by first network equipment according to stream specification rule ORF record, the stream specification rule meeting stream specification rule ORF record filtering condition is only sent to second network equipment, solve the network equipment and send stream specification rule invalid in a large number, the problem of the wasting of resources causing.

Description

Send, receive the method and apparatus of stream specification rule

Technical field

The present embodiments relate to the communication technology, particularly relate to a kind of transmission, receive stream specification rule (Flow Specification rule) method and apparatus.

Background technology

Extensive based on Border Gateway Protocol (Border Gateway Protocol is called for short BGP) agreement Apply in Internet, between Autonomous Domain (Autonomous System is called for short AS) And between AS inward flange router, transmit routing iinformation.The routing iinformation of transmission includes: procotol (Internet Protocol, be called for short IP) route, medium education (Media Access Control, It is called for short MAC) it route and flow the network sides such as specification rule up to information (Network Layer Reachability Information, is called for short NLRI) information.Wherein, flow specification rule to be mainly used in Network security is defendd, by the attack detecting in AS or doubtful attack traffic information and countermeasure (limit Speed, dyeing, redirection etc.) it is disseminated to AS network edge router, even cross-domain disseminate, in order to As early as possible attack traffic is processed.

For certain router, the stream specification rule receiving there may be a large amount of invalid stream specification rule Then.In prior art, in order to avoid the impact on proper communication for the invalid stream specification rule, receiving terminal passes through Send, to transmitting terminal, the stream specification rule come in this locality to filter, filter out invalid stream specification rule.But It is that, in the method for prior art, transmitting terminal is also intended to send substantial amounts of invalid stream specification rule, sends big The regular network bandwidth that can take of invalid stream specification of amount and CPU (Central Processing Unit, be called for short CPU) calculating resource, cause Internet resources and calculate resource waste.

Content of the invention

The embodiment of the present invention provides a kind of transmission, the method and apparatus receiving stream specification rule, it would be preferable to support Convection current specification rule carries out outbound route filtering, decreases the transmission of invalid stream specification rule.

First aspect present invention provides a kind of method sending stream specification rule, comprising:

First network equipment determines that second network equipment can send stream specification rule to described first network equipment Then outbound route filtering ORF record；

Described first network equipment receives the described stream specification rule ORF note that described second network equipment sends Record, described stream specification rule ORF record for described first network equipment to being sent to described second net The stream specification rule of network equipment filters；

Described first network equipment according to described stream specification rule ORF record to being sent to described second net The stream specification rule of network equipment filters；

Described first network equipment sends the stream specification rule after filtering to described second network equipment.

In conjunction with first aspect present invention, in the first possible implementation of first aspect present invention, Described stream specification rule ORF record includes: the sequence-number field of stream specification rule ORF record, action Matching field, filter types field, filter specific operation and value field, described stream specification rule ORF The sequence-number field of record is for carrying the priority of stream specification rule ORF record, and word is mated in described action Whether section mates the type of action of stream specification rule for carrying, and described filter type field is used for carrying It is corresponding that filter type, described filter specific operation and value field are used for carrying described filter type Filter condition.

In conjunction with the first possible implementation of first aspect present invention, in the of first aspect present invention In two kinds of possible implementations, described stream specification rule ORF record also includes: Route Distinguisher numeral Section and Route Distinguisher field, described Route Distinguisher digital section is for carrying the number of Route Distinguisher, described Route Distinguisher field is used for carrying Route Distinguisher.

In conjunction with the possible implementation of the first or the second of first aspect present invention, in the present invention first In the third possible implementation of aspect, described stream specification rule ORF record also includes: filter Individual digital section, described filter digital section is for carrying the number of filter.

In conjunction with the first possible implementation of first aspect present invention, in the of first aspect present invention In four kinds of possible implementations, it is right that described first network equipment records according to described stream specification rule ORF The stream specification rule being sent to described second network equipment filters, comprising:

Described stream specification rule ORF record is included by described first network equipment: action matching field, Filter digital section, filter type field, filter specific operation and value field, respectively with institute State and be sent to what the stream specification rule of described second network equipment included: type of action field, filter Type field, filter specific operation and value field compare；

If the action to be mated that the action that described stream specification rule ORF record includes is indicated by matching field Set of types is combined into sky or described type of action to be mated be included in described in be sent to described second network In the type of action that the stream specification rule of equipment includes, described stream specification rule ORF records the filtration including Device collection is combined into the empty or filter specific operation of every kind of filter type and the numerical space of value field is all wrapped Filter containing the filter type that the described stream specification rule being sent to described second network equipment includes Specific operation and the numerical space of value field, then be sent to institute described in the determination of described first network equipment State and described in the stream specification rule match of second network equipment, flow specification rule ORF record.

In conjunction with the possible implementation of the second of first aspect present invention, in the of first aspect present invention In five kinds of possible implementations, it is right that described first network equipment records according to described stream specification rule ORF The stream specification rule being sent to described second network equipment filters, comprising:

Described stream specification rule ORF record is included by described first network equipment: action matching field, Filter type field, filter specific operation and value field, Route Distinguisher field, respectively with described It is sent to what the stream specification rule of described second network equipment included: type of action field, filter class Type-word section, filter specific operation and value field and Route Distinguisher field compare；

If the action to be mated that the action that described stream specification rule ORF record includes is indicated by matching field Set of types is combined into sky or described type of action to be mated be included in described in be sent to described second network In the type of action that the stream specification rule of equipment includes, described stream specification rule ORF records the filtration including Device collection is combined into the empty or filter specific operation of every kind of filter type and the numerical space of value field is all wrapped Mistake containing the corresponding filter type that the described stream specification rule being sent to described second network equipment includes Filter specific operation and the numerical space of value field, described stream specification rule ORF records the route including The Route Distinguisher collection of mark composition be combined in empty or described Route Distinguisher set comprise described in be sent to described The Route Distinguisher that the stream specification rule of second network equipment includes, then described first network equipment determines described Described stream specification rule ORF record in stream specification rule match to be sent.

In conjunction with the first of first aspect present invention and first aspect present invention to the 5th kind of possible realization Any one in mode, in the 6th kind of possible implementation of first aspect present invention, described One network equipment determines that second network equipment can send stream specification rule ORF to described first network equipment Record, comprising:

Described first network equipment obtains first-class specification rule ORF ability parameter, described first-class specification The stream specification rule ORF ability that described second network equipment of rule ORF ability parameter instruction is supported, institute State first-class specification rule ORF ability parameter to include: least one set is marked by Address-Family Identifier, subaddressing race Know, flow specification rule ORF type and the parameter sets of transmitting-receiving ability label composition, described first-class specification The transmitting-receiving ability label that rule ORF ability parameter includes is for indicating whether described second network equipment props up Hold transmission and/or receive stream specification rule ORF record；

Described first network equipment more described first-class specification rule ORF ability parameter and second specification Rule ORF ability parameter, the described first network of described second specification rule ORF ability parameter instruction The stream specification rule ORF ability that equipment is supported, described second specification rule ORF ability parameter includes: Least one set is identified by Address-Family Identifier, subaddressing race, is flowed specification rule ORF type and transmitting-receiving ability mark Know the parameter sets of composition, the transmitting-receiving ability mark that described second specification rule ORF ability parameter includes Know and be used for indicating whether described first network equipment is supported to send and/or receive stream specification rule ORF record；

If the first parameter sets that described first-class specification rule ORF ability parameter comprises and described second The second parameter sets that specification rule ORF ability parameter comprises all comprises stream specification rule ORF type, Described first parameter sets and described second parameter sets comprise identical Address-Family Identifier and subaddressing race mark Know, and the transmitting-receiving ability label instruction of described first parameter sets is described, and described second network sets Standby support sends, stream specification rule ORF record, the transmitting-receiving ability label instruction of described second parameter sets Described first network equipment is supported to receive stream specification rule ORF record, then described first network equipment determines Described second network equipment can send stream specification rule ORF record to described first network equipment.

In conjunction with the 6th kind of possible implementation of first aspect present invention, in the of first aspect present invention In seven kinds of possible implementations, described first network equipment obtains first-class specification rule ORF ability ginseng Number, comprising:

Described first network equipment is being set up in BGP connection procedure with described second network equipment, receives institute Stating the BGP open message that second network equipment sends, the BGP that described second network equipment sends is open Message includes described first-class specification rule ORF ability parameter.

In conjunction with the first of first aspect present invention and first aspect present invention to the 4th kind of possible realization Any one in mode, in the 7th kind of possible implementation of first aspect present invention, described One network equipment receives the stream specification rule ORF record that described second network equipment sends, comprising:

Described first network equipment receives the BGP route refresh messages that described second network equipment sends, institute State BGP route refresh messages and include described stream specification rule ORF record.

In conjunction with the first of first aspect present invention and first aspect present invention to the 5th kind of possible realization Any one in mode, in the 9th kind of possible implementation of first aspect present invention, described After one network equipment receives the stream specification rule ORF record that described second network equipment sends, described side Method also includes:

Described first network equipment according to the described stream specification rule ORF Address-Family Identifier that includes of record and Subaddressing race mark determines the type of described stream specification rule ORF record, and according to described stream specification rule Described stream specification rule ORF record is stored in sorted order the stream of corresponding types by the sequence number of ORF record In specification rule ORF list.

Second aspect present invention provides a kind of method receiving stream specification rule, comprising:

Second network equipment determines that first network equipment is able to receive that stream specification rule outbound route filtering ORF Record；

Described second network equipment generates stream specification rule ORF according to the stream specification rule and policy self preserving Record；

Described stream specification rule ORF record is sent to described first network and sets by described second network equipment Standby；

Described second network equipment receives the stream specification rule that described first network equipment sends, described stream rule Model rule is advised according to the stream specification after described stream specification rule ORF record filtering for described first network equipment Then.

In conjunction with second aspect present invention, in the first possible implementation of second aspect present invention, Described stream specification rule ORF record includes: the sequence-number field of stream specification rule ORF record, action Matching field, filter type field, filter specific operation and value field, described stream specification rule The sequence-number field of ORF record is for carrying the priority of stream specification rule ORF record, described action Joining whether field mates the regular type of action of stream specification for carrying, described filter type field is used for Carrying filter type, described filter specific operation and value field are used for carrying described filter type Corresponding filter condition.

In conjunction with the first possible implementation of second aspect present invention, in the of second aspect present invention In two kinds of possible implementations, described stream specification rule ORF record also includes: Route Distinguisher numeral Section and Route Distinguisher field, described Route Distinguisher digital section is for carrying the number of Route Distinguisher, described Route Distinguisher field is used for carrying Route Distinguisher.

In conjunction with the possible implementation of the first or the second of second aspect present invention, in the present invention second In the third possible implementation of aspect, described stream specification rule ORF record also includes: filter Individual digital section, described filter digital section is for carrying the number of filter.

In conjunction with the first of second aspect present invention and second aspect present invention to the third possible realization Any one in mode, in the 4th kind of possible implementation of second aspect present invention, described Two network equipments are determined to send stream specification rule outbound route filtering ORF note to first network equipment Record, comprising:

Described second network equipment obtains second specification rule ORF ability parameter, described second specification The stream specification rule ORF ability that the described first network equipment of rule ORF ability parameter instruction is supported, institute State second specification rule ORF ability parameter to include: least one set is marked by Address-Family Identifier and subaddressing race Know, flow specification rule ORF type and the parameter sets of transmitting-receiving ability label composition, described second specification The transmitting-receiving ability label that rule ORF ability parameter includes is for indicating whether described first network equipment props up Hold transmission and/or receive stream specification rule ORF record；

The described second more described second specification rule ORF ability parameter of the network equipment and first-class specification Rule ORF ability parameter, described second network of described first-class specification rule ORF ability parameter instruction The stream specification rule ORF ability that equipment is supported, described first-class specification rule ORF ability parameter includes: Least one set is identified by Address-Family Identifier and subaddressing race, is flowed specification rule ORF type and transmitting-receiving ability mark Know the parameter sets of composition, the transmitting-receiving ability mark that described first-class specification rule ORF ability parameter includes Know and be used for indicating whether described second network equipment is supported to send and/or receive stream specification rule ORF record；

If the first parameter sets that described first-class specification rule ORF ability parameter comprises and described second The second parameter sets that specification rule ORF ability parameter comprises all comprises stream specification rule ORF type, Described first parameter sets and described second parameter sets comprise identical Address-Family Identifier and subaddressing race mark Know, and described second network equipment of transmitting-receiving ability label instruction of described first parameter sets is supported to send Stream specification rule ORF record, the described first network of transmitting-receiving ability label instruction of described second parameter sets Equipment is supported to receive stream specification rule ORF record, then described second network equipment is determined to described the One network equipment sends stream specification rule ORF record.

In conjunction with the 4th kind of possible implementation of second aspect present invention, in the of second aspect present invention In five kinds of possible implementations, described second network equipment obtains second specification rule ORF ability ginseng Number, comprising:

Described second network equipment is being set up during BGP is connected with described first network equipment, receives The BGP open message that described first network equipment sends, the BGP that described first network equipment sends opens Put message and include described second specification rule ORF ability parameter.

In conjunction with the first of second aspect present invention and second aspect present invention to the 5th kind of possible realization Any one in mode, in the 6th kind of possible implementation of second aspect present invention, described Described stream specification rule ORF record is sent to described first network equipment by two network equipments, comprising:

Described second network equipment sends BGP route refresh messages, described road to described first network equipment BGP refresh message is included described stream specification rule ORF record.

Third aspect present invention provides a kind of first network equipment, comprising:

Determining module, for determining that second network equipment can send stream specification to described first network equipment Rule outbound route filtering ORF record；

Receiver module, for receiving the described stream specification rule ORF record that described second network equipment sends, Described stream specification rule ORF record sets to being sent to described second network for described first network equipment Standby stream specification rule filters；

Filtering module, for according to described stream specification rule ORF record to being sent to described second network The stream specification rule of equipment filters；

Sending module, for sending the stream specification rule after filtering to described second network equipment.

In conjunction with third aspect present invention, in the first possible implementation of third aspect present invention, Described stream specification rule ORF record includes: the sequence-number field of stream specification rule ORF record, action Matching field, filter type field, filter specific operation and value field, described stream specification rule The sequence-number field of ORF record is for carrying the priority of stream specification rule ORF record, described action Joining whether field mates the regular type of action of stream specification for carrying, described filter type field is used for Carrying filter type, described filter specific operation and value field are used for carrying described filter type Corresponding filter condition.

In conjunction with the first possible implementation of third aspect present invention, in the of third aspect present invention In two kinds of possible implementations, described stream specification rule ORF record also includes: Route Distinguisher numeral Section and Route Distinguisher field, described Route Distinguisher digital section is for carrying the number of Route Distinguisher, described Route Distinguisher field is used for carrying Route Distinguisher.

In conjunction with the possible implementation of the first or the second of third aspect present invention, in the present invention the 3rd In the third possible implementation of aspect, described stream specification rule ORF record also includes: filter Individual digital section, described filter digital section is for carrying the number of filter.

In conjunction with the first possible implementation of third aspect present invention, in the of third aspect present invention In four kinds of possible implementations, described filtering module specifically for:

Described stream specification rule ORF record is included: action matching field, filter digital section, Filter type field, filter specific operation and value field, be sent to described with described respectively The stream specification rule of two network equipments includes: type of action field, filter type field, filter Specific operation and value field compare；

If the action to be mated that the action that described stream specification rule ORF record includes is indicated by matching field Set of types is combined into sky or described type of action to be mated be included in described in be sent to described second network In the type of action that the stream specification rule of equipment includes, described stream specification rule ORF records the filtration including Device collection is combined into the empty or filter specific operation of every kind of filter type and the numerical space of value field is all wrapped Filter containing the filter type that the described stream specification rule being sent to described second network equipment includes Specific operation and the numerical space of value field, it is determined that described be sent to described second network equipment Stream specification rule ORF record described in stream specification rule match.

In conjunction with the possible implementation of the second of third aspect present invention, in the of third aspect present invention In five kinds of possible implementations, described filtering module specifically for:

Described stream specification rule ORF record is included: action matching field, filter type field, Filter specific operation and value field, Route Distinguisher field, be sent to described second with described respectively The stream specification rule of the network equipment includes: type of action field, filter type field, filter are special Fixed operation and value field and Route Distinguisher field compare；

If the action to be mated that the action that described stream specification rule ORF record includes is indicated by matching field Set of types is combined into sky or described type of action to be mated is included in described stream specification rule bag to be sent In the type of action including, the described stream specification rule ORF filter collection that includes of record is combined into empty or every kind The numerical space of the filter specific operation of filter types and value field all comprise described in be sent to described The filter specific operation of the filter type that the stream specification rule of second network equipment includes and value field Numerical space, described stream specification rule ORF record include Route Distinguisher composition Route Distinguisher set It is sent to the stream specification rule of described second network equipment described in empty or described Route Distinguisher set comprises The Route Distinguisher then including, it is determined that the described stream specification rule being sent to described second network equipment Mix described stream specification rule ORF record.

In conjunction with the first of third aspect present invention and third aspect present invention to the 5th kind of possible realization Any one in mode, in the 6th kind of possible implementation of third aspect present invention, described really Cover half block specifically for:

Obtain first-class specification rule ORF ability parameter, described first-class specification rule ORF ability ginseng The stream specification rule ORF ability that described second network equipment of number instruction is supported, described first-class specification rule ORF ability parameter includes: least one set is identified by Address-Family Identifier, subaddressing race, flowed specification rule ORF Type and the parameter sets of transmitting-receiving ability label composition, in described first-class specification rule ORF ability parameter Including transmitting-receiving ability label for indicate described second network equipment whether support send and/or receive stream Specification rule ORF record；

Relatively more described first-class specification rule ORF ability parameter and second specification rule ORF ability ginseng Number, the stream specification that the described first network equipment of described second specification rule ORF ability parameter instruction is supported Rule ORF ability, described second specification rule ORF ability parameter includes: least one set is by address The parameter set of race's mark, subaddressing race mark, stream specification rule ORF type and transmitting-receiving ability label composition Closing, the transmitting-receiving ability label that described second specification rule ORF ability parameter includes is described for indicating Whether first network equipment is supported to send and/or receive stream specification rule ORF record；

If the first parameter sets that described first-class specification rule ORF ability parameter comprises and described second The second parameter sets that specification rule ORF ability parameter comprises all comprises stream specification rule ORF type, Described first parameter sets and described second parameter sets comprise identical Address-Family Identifier and subaddressing race mark Know, and described second network equipment of transmitting-receiving ability label instruction of described first parameter sets is supported to send Stream specification rule ORF record, the described first network of transmitting-receiving ability label instruction of described second parameter sets Equipment is supported to receive stream specification rule ORF record, it is determined that described second network equipment can be to described the One network equipment sends stream specification rule ORF record.

In conjunction with the 6th kind of possible implementation of third aspect present invention, in the of third aspect present invention In seven kinds of possible implementations, described acquisition first-class specification rule ORF ability parameter, comprising:

Setting up in BGP connection procedure with described second network equipment, receiving described second network equipment and send out The BGP open message sent, the BGP open message that described second network equipment sends includes described the First-class specification rule ORF ability parameter.

In conjunction with the first of third aspect present invention and third aspect present invention to the 5th kind of possible realization Any one in mode, in the 8th kind of possible implementation of third aspect present invention, described connects Receive module specifically for:

Receive the BGP route refresh messages that described second network equipment sends, described BGP route refresh Message includes described stream specification rule ORF record.

In conjunction with the first of third aspect present invention and third aspect present invention to the 5th kind of possible realization Any one in mode, in the 9th kind of possible implementation of third aspect present invention, described sets Standby also including stores processing module；

Described storage processing module, for receiving what described second network equipment sent at described receiver module After stream specification rule ORF record, record, according to described stream specification rule ORF, the address race including Mark and subaddressing race mark determine the type of described stream specification rule ORF record, and according to described stream rule Described stream specification rule ORF record is stored in sorted order corresponding class by the sequence number of model rule ORF record In the stream specification rule ORF list of type.

Fourth aspect present invention provides a kind of second network equipment, comprising:

Determining module, is used for determining that first network equipment is able to receive that stream specification rule outbound route filtering ORF record；

Generation module, the stream specification rule and policy for preserving according to described second network equipment generates stream rule Model rule ORF record；

Sending module, is sent to described for the stream specification rule ORF record generating described generation module First network equipment；

Receiver module, for receiving the stream specification rule that described first network equipment sends, described stream specification Rule is advised according to the stream specification after described stream specification rule ORF record filtering for described first network equipment Then.

In conjunction with fourth aspect present invention, in the first possible implementation of fourth aspect present invention, Described stream specification rule ORF record includes: the sequence-number field of stream specification rule ORF record, action Matching field, filter type field, filter specific operation and value field, described stream specification rule The sequence-number field of ORF record is for carrying the priority of stream specification rule ORF record, described action Joining whether field mates the regular type of action of stream specification for carrying, described filter type field is used for Carrying filter type, described filter specific operation and value field are used for carrying described filter type Corresponding filter condition.

In conjunction with the first possible implementation of fourth aspect present invention, in the of fourth aspect present invention In two kinds of possible implementations, described stream specification rule ORF record also includes: Route Distinguisher numeral Section and Route Distinguisher field, described Route Distinguisher digital section is for carrying the number of Route Distinguisher, described Route Distinguisher field is used for carrying Route Distinguisher.

In conjunction with the possible implementation of the first or the second of fourth aspect present invention, in the present invention the 4th In the third possible implementation of aspect, described stream specification rule ORF record also includes: filter Individual digital section, described filter digital section is for carrying the number of filter.

In conjunction with the first of fourth aspect present invention and fourth aspect present invention to the third possible realization Any one in mode, in the 4th kind of possible implementation of fourth aspect present invention, described really Cover half block specifically for:

Obtain second specification rule ORF ability parameter, described second specification rule ORF ability ginseng The stream specification rule ORF ability that the described first network equipment of number instruction is supported, described second specification rule ORF ability parameter includes: least one set is identified by Address-Family Identifier, subaddressing race, flowed specification rule ORF Type and the parameter sets of transmitting-receiving ability label composition, in described second specification rule ORF ability parameter Including transmitting-receiving ability label for indicate described first network equipment whether support send and/or receive stream Specification rule ORF record；

Relatively more described second specification rule ORF ability parameter and first-class specification rule ORF ability ginseng Number, the stream specification that described second network equipment of described first-class specification rule ORF ability parameter instruction is supported Rule ORF ability, described first-class specification rule ORF ability parameter includes: least one set is by address The parameter set of race's mark, subaddressing race mark, stream specification rule ORF type and transmitting-receiving ability label composition Closing, the transmitting-receiving ability label that described first-class specification rule ORF ability parameter includes is described for indicating Whether second network equipment is supported to send and/or receive stream specification rule ORF record；

If the first parameter sets that described first-class specification rule ORF ability parameter comprises and described second The second parameter sets that specification rule ORF ability parameter comprises all comprises stream specification rule ORF type, Described first parameter sets and described second parameter sets comprise identical Address-Family Identifier and subaddressing race mark Know, and described second network equipment of transmitting-receiving ability label instruction of the first parameter sets is supported to send, stream Specification rule ORF record, the described first network of transmitting-receiving ability label instruction of described second parameter sets sets Standby support receives stream specification rule ORF record, it is determined that described second network equipment can be to described first The network equipment sends stream specification rule ORF record.

In conjunction with the 4th kind of possible implementation of fourth aspect present invention, in the of fourth aspect present invention In five kinds of possible implementations, described acquisition second specification rule ORF ability parameter, comprising:

Set up during BGP is connected at described second network equipment and described first network equipment, receive The BGP open message that described first network equipment sends, the BGP that described first network equipment sends opens Put message and include described second specification rule ORF ability parameter.

In conjunction with the first of fourth aspect present invention and fourth aspect present invention to the 5th kind of possible realization Any one in mode, in the 6th kind of possible implementation of fourth aspect present invention, described Send module specifically for:

Send BGP route refresh messages, described BGP route refresh messages to described first network equipment Include described stream specification rule ORF record.

Fifth aspect present invention provides a kind of network system, and described network system includes: first network equipment With second network equipment；

Described first network equipment, for performing such as first aspect present invention and first aspect present invention The first arbitrary described method providing to the 9th kind of possible implementation；

Described second network equipment, for performing the of second aspect present invention and second aspect present invention Arbitrary described method that a kind of to the 6th kind possible implementation provides.

The regular method and apparatus of specification is flowed in transmission, reception that the embodiment of the present invention provides, and first network sets Standby after determination second network equipment can send to first network equipment and flow specification rule ORF record, connect Receiving the stream specification rule ORF record that second network equipment sends, stream specification rule ORF record is for the The stream specification rule being sent to second network equipment is filtered by one network equipment, when first network equipment When having stream specification rule to be sent to second network equipment, first network equipment is according to stream specification rule ORF note Record is filtered to sent stream specification rule, only sends to second network equipment and meets stream specification rule The stream specification rule of ORF record filtering condition, solves the network equipment and sends stream specification rule invalid in a large number Then, the problem of the wasting of resources causing.

Brief description

In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to reality The accompanying drawing executing required use in example or description of the prior art is introduced one by one simply, it should be apparent that under, Accompanying drawing during face describes is some embodiments of the present invention, for those of ordinary skill in the art, On the premise of not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.

The flow chart of the method sending stream specification rule that Fig. 1 provides for the embodiment of the present invention one；

Fig. 2 is the form of the stream specification rule ORF record that the embodiment of the present invention newly defines；

The form of the corresponding Filter of four kinds of Filter Type that Fig. 3 provides for the present embodiment；

Fig. 4 is the IPv4 stream specification rule carrying the filter refusing any coupling ICMP Type value A kind of message content example of ORF record A；

Fig. 5 is the IPv4 stream specification rule carrying the filter refusing any coupling ICMP Code value A kind of message content example of ORF record B；

The flow chart of the method receiving stream specification rule that Fig. 6 provides for the embodiment of the present invention two；

The structural representation of the first network equipment that Fig. 7 provides for the embodiment of the present invention three；

The structural representation of second network equipment that Fig. 8 provides for the embodiment of the present invention four；

The structural representation of the first network equipment that Fig. 9 provides for the embodiment of the present invention five；

The structural representation of second network equipment that Figure 10 provides for the embodiment of the present invention six；

The structural representation of the network system that Figure 11 provides for the embodiment of the present invention seven.

Detailed description of the invention

Purpose, technical scheme and advantage for making the embodiment of the present invention are clearer, below in conjunction with this Accompanying drawing in bright embodiment, is clearly and completely described to the technical scheme in the embodiment of the present invention, Obviously, described embodiment is a part of embodiment of the present invention, rather than whole embodiments.Based on Embodiment in the present invention, those of ordinary skill in the art are obtained under the premise of not making creative work The every other embodiment obtaining, broadly falls into the scope of protection of the invention.

The flow chart of the method sending stream specification rule that Fig. 1 provides for the embodiment of the present invention one, such as Fig. 1 Shown in, the method for the present embodiment may comprise steps of:

Step 101, first network equipment determine that second network equipment can send stream to first network equipment Specification rule ORF record.

(translator of English is: Outbound Route newly to define a kind of outbound route filtering in the present embodiment Filtering, is called for short ORF) type: stream specification rule (translator of English is: Flow Specification rule) ORF type, stream specification rule ORF ability for Border Gateway Protocol (Border Gateway Protocol, It is called for short BGP) it is a kind of new ability.The function of the present embodiment to be realized, current embodiment require that to BGP Agreement extends accordingly, increases a kind of new ORF type on the basis of original bgp protocol, I.e. stream specification rule ORF type so that it is support the negotiation of stream specification rule ORF ability.

In the present embodiment, first network equipment can determine second by stream specification rule ORF capability negotiation The network equipment can send stream specification rule outbound route filtering ORF record to first network equipment.Consult Process particularly as follows:

First, first network equipment obtains first-class specification rule ORF ability parameter, this first-class specification The stream specification rule ORF ability that rule ORF ability parameter instruction second network equipment is supported, first-class Specification rule ORF ability parameter includes: least one set is by Address-Family Identifier (Address Family Identifier, be called for short AFI), subaddressing race mark subaddressing race mark (Subsequent Address Family Identifier, be called for short SAFI), stream specification rule ORF type and transmitting-receiving ability label composition parameter set Closing, the transmitting-receiving ability label that this first-class specification rule ORF ability parameter includes is for indicating the second net Whether network equipment is supported to send and/or receives stream specification rule ORF record (Entry).

First network equipment obtains first-class specification rule ORF ability parameter, is specifically as follows: the first net Network equipment is being set up in BGP connection procedure with second network equipment, receives what second network equipment sent Open (OPEN) message of BGP, the BGP OPEN message that second network equipment sends include this First-class specification rule ORF ability parameter.First-class specification rule ORF ability parameter can pass through following Mode represents:<AFI=1/SAFI=133, FlowSpec-ORF-Type, Send/Receive=both>, This expression formula represents that first network equipment is able to receive that and sends the stream specification rule ORF note of IPv4 type Record, Flow Spec-ORF-Type represents stream specification rule ORF type, stream specification rule ORF type Concrete value can be configured as required, for example by internet numeral distributor gear (The Internet Assigned Numbers Authority, is called for short IANA) distribution, this is not limited by the present invention.

In above-mentioned example, first network equipment supports to send and receive the stream specification rule ORF note of IPv4 Record, certainly, first network equipment is also possible to support to send and/or receive polytype stream specification rule simultaneously Then ORF record, as shown in table 1:

Table 1

AFI/SAFI Value	Description	RFC/Draft
			AFI=1, SAFI=133	IPv4FlowSpec rule/orf	RFC5575
AFI=1, SAFI=134	VPNv4FlowSpec rule/orf	RFC5575
			AFI=2, SAFI=133	IPv6FlowSpec rule/orf	draft-ietf-idr-flow-spec-v6
AFI=2, SAFI=134	VPNv6FlowSpec rule/orf	draft-ietf-idr-flow-spec-v6
			AFI=25, SAFI=134	L2VPN FlowSpec rule/orf	draft-hao-idr-flowspec-evpn

By table 1, as AFI=1/SAFI=134, first network equipment is supported to send and/or connect Receive virtual private networks (Virtual Private Network is called for short VPN) the stream specification rule based on IPV4 Then ORF record, as AFI=2/SAFI=133, first network equipment support send and/or receive based on The stream specification rule ORF record of IPV6, works as AFI=2, and during SAFI=134, first network equipment is supported to send out Send and/or receive the VPN stream specification rule ORF record based on IPV6, working as AFI=25, SAFI=134 When, first network equipment is supported to send and/or receive two-layer VPN stream specification rule ORF record.

First network equipment, after obtaining first-class specification rule ORF ability parameter, compares first-class specification Rule ORF ability parameter and second specification rule ORF ability parameter, this second specification rule ORF The stream specification rule ORF ability that ability parameter instruction first network equipment is supported, this second specification rule ORF ability parameter includes: least one set is by AFI, SAFI, stream specification rule ORF type and transmitting-receiving energy The parameter sets of power mark composition, the transmitting-receiving ability that this second specification rule ORF ability parameter includes Mark is used for indicating whether first network equipment is supported to send and/or receive stream specification rule ORF record. If the first parameter sets that first-class specification rule ORF ability parameter comprises and second specification rule The second parameter sets that ORF ability parameter comprises all comprises stream specification rule ORF type, the first parameter set Close and described second parameter sets comprises identical AFI and SAFI, and the transmitting-receiving energy of the first parameter sets Power mark instruction second network equipment is supported to send stream specification rule ORF record, the receipts of the second parameter sets Send out ability label instruction first network equipment to support to receive stream specification rule ORF record, then first network sets Standby determination second network equipment can send stream specification rule ORF record to first network equipment, flows specification Rule ORF capability negotiation passes through.In the embodiment of the present invention, if first-class specification rule ORF ability ginseng When number comprises to organize parameter sets more, the first parameter sets is that first-class specification rule ORF ability parameter comprises Least one set parameter sets in many group parameter sets.In like manner, if second specification rule ORF ability is joined When comprising to organize parameter sets in number, the second parameter sets is in second specification rule ORF ability parameter more Comprise to organize the least one set parameter sets in parameter sets more.If the first specification rule ORF ability parameter bag During containing one group of parameter sets, the first parameter sets be first-class specification rule ORF ability parameter comprise should One group of parameter sets, if second specification rule ORF ability parameter comprises one group of parameter sets, the Two parameter sets are this group of parameter sets comprising in second specification rule ORF ability parameter.

In the present embodiment, first network equipment is as transmitting terminal, the stream specification rule ORF flowing specification rule The receiving terminal of record, second network equipment is as receiving terminal, the stream specification rule ORF note flowing specification rule The transmitting terminal of record.It is of course also possible to first network equipment is as receiving terminal, the stream specification flowing specification rule The transmitting terminal of rule ORF record, second network equipment is as transmitting terminal, the stream specification rule flowing specification rule The then receiving terminal of ORF record.Also can be with first network equipment and second network equipment simultaneously as stream specification The transmitting terminal of rule and stream specification rule ORF record and receiving terminal.First network equipment and the second network set Standby stream specification rule ORF capability negotiation result there may be following four kinds of results: (1) first network sets For being only sent to less, a type of stream specification rule is corresponding flows specification rule ORF record, the second network Equipment only receives the stream specification rule corresponding stream rule of first network equipment this at least one type send-only Model rule ORF record.(2) only to receive at least one type stream specification rule corresponding for first network equipment Stream specification rule ORF record, second network equipment only send that first network equipment is able to receive that this at least A type of stream specification rule corresponding stream specification rule ORF record.(3) first network equipment and Two network equipments are all supported to send and receive at least one type stream specification rule corresponding stream specification rule ORF record.(4) failing to consultations, first network equipment and second network equipment can not disseminate stream each other The ORF of specification rule.

In the present embodiment, first network equipment and second network equipment are supported or the stream specification of unlatching is regular Based on the ability of the stream specification rule that ORF ability should be supported by it or open, such as first network equipment With second network equipment only when supporting or open IPv4 stream specification rule functional, could support or open IPv4 stream specification rule ORF function.

Step 102, first network equipment receive the stream specification rule ORF record that second network equipment sends, This stream specification rule ORF record is used for first network equipment to the stream specification being sent to second network equipment Rule filters.

In the present embodiment, second network equipment generates stream specification rule according to the stream specification rule and policy of self Then ORF record, this stream specification rule and policy can be that network O&M personnel pass through configuration order/webmaster Or application program is configured to second by equipment open interface (such as RESTful API Over Http) In the network equipment, this stream specification rule and policy is the particular type stream specification rule for first network equipment Filtering policy then.

In the present embodiment, stream specification rule ORF type needs to express message characteristic in convection current specification rule Filter set is done and is mated, so the filter type of stream specification rule ORF type support and stream specification rule The filter type then supported keeps consistent completely.The filter that for example stream specification rule ORF type is supported Type corresponding message characteristic tuple includes: message length, the Internet protocol (Internet of message Protocol, is called for short IP) the purpose IP address of head, source IP address, protocol type, differential service code Point (Differentiated Services Code Point, be called for short DSCP), fragment marking (Fragment flag), UDP (User Datagram Protocol is called for short UDP)/transmission control protocol The source port of (Transmission Control Protocol, be called for short TCP), destination interface, TCP (Internet Control Message Protocol is called for short for Flag field and internet control message protocol ICMP) the type field and Code field etc..

For the newly added stream specification rule ORF type of the present invention, need to define a kind of new ORF real Body message format, is used for carrying the filter condition of stream specification rule, the stream specification rule that the present embodiment newly defines Then the basic format of ORF record is consistent with existing ORF [RFC5291] definition, and extends ORF Particular type part (the Type specific part) field of record.

Fig. 2 is the form of the stream specification rule ORF record that the embodiment of the present invention newly defines, as in figure 2 it is shown, The form of stream specification rule ORF record includes following field: action (Action) field, coupling (Match) Field, reservation (Reserved) field and Type specific part field.Action field generally takes up 2 bits, have three kinds of values, for example, it is possible to represent that interpolation (Add) operates with 00, represent with 01 and delete Except (Remove) operation, represent deletion all (Remove-all) operation with 10.Match field is led to Often take 1 bit, two kinds of different implications of two numeric representations can be passed through, for example, represent fair with 0 Permitted (Permit), represented refusal (Deny) with 1, when the Match field of stream specification rule ORF record Value when being 0, represent and allow to pass through to the stream specification rule meeting filter condition, when stream specification rule When the value of the Match field of ORF record is 1, represent that the stream specification rule meeting filter condition does not permits Permitted to pass through.Reserved field transmitting terminal should be filled with being 0, and receiving terminal should ignore this field.

Type specific part field is variable length field, in the present embodiment, and Type specific part word Section includes: sequence number (Sequence) field of stream specification rule ORF record, action coupling (Action Matching) field, filter number (Filter Number) field, filter type (Filter Type) Field, filter specific operation and value field.Wherein, Sequence field can take 4 bytes, It is generally used for carrying the priority of stream specification rule ORF record, it is also possible to be used for carrying stream specification rule The ID of ORF record or key assignments, first network equipment is when storage stream specification rule ORF entry, permissible Store in order according to the order of Sequence, follow-up when carrying out stream specification rule match, also preferentially will treat The stream specification rule ORF entry that the stream specification rule of coupling is high with priority is mated.Filter Number field can take 8 bits, is used for carrying stream specification rule ORF and records the filtration including The number of device, can include multiple filter in a stream specification rule ORF record, it is also possible to be referred to as Filter set.Whether Action Matching mates the regular type of action of stream specification for carrying, every kind The corresponding marker bit of type of action of stream specification rule, the corresponding mark of type of action of stream specification rule Position 1 represents the type of action of this stream specification rule of coupling, the corresponding mark of type of action of stream specification rule Note position 0 represents the type of action not mating this stream specification rule.Once Action Matching field A little marker bits are set, then in the matching process, need to check the marker bit being set corresponding stream specification Whether the type of action of rule is included in all exists, if be set in the stream specification rule currently comparing In the type of action of the marker bit corresponding stream specification rule of position, partial act type is not at the stream currently comparing In specification rule, then the stream specification rule currently comparing is not mated.The value of Action Matching field It is 0, does not i.e. have any marker bit to be set, represent that the type of action collection of stream specification rule to be matched is combined into Sky, then the matching result giving tacit consent to described type of action is coupling.The bit of Action Matching represents Stream specification rule type of action definition as shown in table 2, this definition is with flowing the class of specification rule action The standard of type changes and changes, and table 2 is the type of action of conventional stream specification rule:

Table 2

By table 2, when bit 0 set of Action Matching, represent stream specification to be mated The type of action of rule is traffic-rate (ductility limit speed), when bit 1 set of Action Matching, The type of action of expression stream specification rule to be mated is traffic-action (flowing is made), works as Action During bit 2 set of Matching, represent that the type of action of stream specification rule to be mated is redirect (weight Orientation), when bit 3 set of Action Matching, represent the action of stream specification rule to be mated Type is traffic-marking (flow label).The concrete of type of action of above-mentioned four kinds of stream specification rules is determined Justice is referred to RFC5575, does not elaborates here.

Need explanation when, in the present embodiment, stream specification rule ORF record in can also include more or The less field of person, for example, stream specification rule ORF record can not have Filter Number field, when When SAFI value is 134 (representing VPN stream specification rule ORF record), stream specification rule ORF note Record also includes: Route Distinguisher number (RD number:Route Distinguisher is called for short RD) field With Route Distinguisher field, RD number field is for carrying the number of RD, and RD field is used for carrying road By identifying, RD field can carry multiple RD.When the value of SAFI is other, stream specification rule ORF record does not include RD number field and RD field.And flow specification rule ORF record The order of each field can adjust, the simply a kind of possible form shown in Fig. 2, and each word Length the present embodiment of section does not also limit.

Filter type field is used for carrying filter type, in the present embodiment, and stream specification rule ORF note The definition of the Filter Type with existing stream specification rule for the Filter Type of record keeps consistent, and greatly The filter specific operation of part stream specification rule ORF record and stream specification rule and the form definition of value Also keep consistent.Only several stream specifications rule ORF record Filter Type filter specific operations and Form definition (the concrete manifestation corresponding filter of 4 kinds of Filter Type in table 3) of value and stream The form definition of the filter specific operation of specification rule and value is different.

Table 3

4 kinds of Filter Type in table 3 are the Filter Type of prefix types, and Type 1 is for convection current rule The purpose IP address prefix of model rule mates, and this purpose IP address can be IPv4 or IPv6 class (when for example stream specification rule ORF record corresponding A FI is 1, this filter type is IPv4 purpose to type Address prefix filter), Type 2 mates for the source IP address prefix of convection current specification rule, should Source IP address can be IPv4 or IPv6 type, and Type 14 is for purpose MAC of convection current specification rule Prefix is mated, and Type 15 mates for the source MAC prefix of convection current specification rule.

The corresponding Filter form of 4 kinds of Filter Type in table 3 defines as it is shown on figure 3, Fig. 3 is this reality Executing the form of the corresponding Filter of four kinds of Filter Type that example provides, the form of Filter includes following field: Filter the type field, the maximum length (MaxLen) of coupling prefix, the minimum length of coupling prefix (MinLen), mate physical length Length of prefix and mate prefix (Prefix), wherein, MaxLen, The definition of MinLen, Length, Prefix field is consistent with the definition of same field in RFC5292, this In be not described in detail.When the source address prefix that Filter is IPv4 or destination address prefix filter, MaxLen is not more than 32, when the source address prefix that Filter is IPv6 or destination address prefix filter, MaxLen is not more than 128.

For 4 kinds of Filter Type in table 3, the filter specific operation of stream specification rule ORF record With the set that value field is MaxLen, MinLen, Length, Prefix field, flow specification rule Filter specific operation and the set that value field is Length, Prefix field.

Except Filter Type in above-mentioned 4, Filter Type can also include:

Type3:IP agreement, for being mated by the protocol type of stream specification rule message.

Type4: port, source port and destination interface for convection current specification rule message mate.

Type5: destination interface, the destination interface for convection current specification rule message mates.

Type6: source port, the source port for convection current specification rule message mates.

Type7:ICMP type, the ICMP type field for convection current specification rule message is mated.

Type 8:ICMP code, the ICMP code field for convection current specification rule message is mated.

Type 9:TCP Flags, the TCP Flags field for convection current specification rule message is mated.

Type 10: bag long (Packet length), is carried out for the total length of convection current specification rule message Join.

Type11:DSCP, the dscp field for convection current specification rule message is mated.

Type12:Fragment, the mask bit form for convection current specification rule message mates.

For 4 shown in table 3 kind Filter Type, stream specification rule ORF records and flows specification rule Corresponding filter specific operation and value field are that at least one comprises option (option) field and this option The set of two tuples of field corresponding value (value) field.

During concrete application, stream specification rule ORF record can be used to represent that second network equipment is supported The concrete ability of stream specification rule or certain security strategy.For example, traditional router and three layers (L3) When exchange opportunity uses the mode of hardware to realize forwarding information table FIB, for example, deposited by ternary content addressable Reservoir (Ternary Content Addressable Memory is called for short TCAM) or special IC (Application Specific Integrated Circuit is called for short ASIC) realizes FIB, typically can prop up Hold IPv4/IPv6 and access control list (Access Control List is called for short ACL) and two layers (L2) ACL, but the forwarding face of this kind of network equipment typically do not support Type, Code field to ICMP Join.And virtual router (vRouter) or the forwarding unit that some are new support the coupling unit of stream specification rule Group can extensive.Even if so heterogeneous networks equipment has been switched on stream specification rule functional, its stream supported Specification rule Filter and Action Type also likely to be present difference.For this situation, the network equipment can Express the concrete ability difference that this network equipment supports stream specification rule to generate stream specification rule ORF record Different, and it is advertised to the bgp peer of oneself, it is to avoid receive oneself not from these bgp peers The stream specification rule supported completely.

Assume that second network equipment does not support Code and the Type word of convection current specification rule icmp packet During section coupling, two stream specification rule ORF entries that second network equipment generates will refuse (Deny) The stream specification containing any ICMP Code of coupling or the filter of the type field value of substitute is regular.Second After the network equipment generates this stream specification rule ORF record, send this stream specification to first network equipment Rule ORF record, this stream specification rule ORF record for first network equipment to being sent to second The stream specification rule of the network equipment filters.Second network equipment is by this stream specification rule ORF note Record is included in and is sent to first network in BGP route refresh (ROUTE-REFRESH) message and sets Standby.

Fig. 4 is the IPv4 stream specification rule carrying the filter refusing any coupling ICMP Type value A kind of message content example of ORF record A, Fig. 5 takes for carrying any coupling ICMP Code of refusal A kind of message content example of the IPv4 stream specification rule ORF record B of the filter of value.Such as Fig. 4 institute Showing, the field of message of stream specification rule ORF record A is followed successively by: the Action field of 2 bits, 1 The Match field of bit, the Sequence field of 32 bits, 8 bits Filter Number field, The Action Matching field of 32 bits, the Filter the type field of 8 bits, the first choosing of 8 bits Item field (op1), the first value field (value1) of 8 bits, second Option Field (op2) of 8 bits The second value field (value2) with 8 special ratios.Wherein, the Action field of Action field Value is Add, and the corresponding enumerated value of Add is 0；The value of Match field is Deny, and Deny is corresponding Enumerated value be 1, the value of Sequence field is 1；The value of Filter Number field is 1, table Show only one of which Filter in this stream specification rule ORF record；The value of Action Matching field is 0, Representing the type of action not mating any stream specification rule, the value of Filter the type field is ICMP The corresponding enumerated value of Type, ICMP Type can be 7, and the value of op1 is 0x03, the value of value1 For 0x00, representing that the value of ICMP Type is more than or equal to 0, the value of op2 is 0xc5, value2's Value is 0xff, represents the value of ICMP Type less than or equal to 255 (i.e. this stream specification rule ORF notes The filter specific operation of " ICMP Type " type filter that record includes and the numerical value of value field Space is 0 to 255)." the ICMP Code " that in Fig. 5, Pv4 stream specification rule ORF record B comprises " ICMP Type " type that in type filter and Fig. 4, Pv4 stream specification rule ORF record A comprises The form definition of filter is identical, no longer describes herein.-

Optionally, the stream specification rule ORF that first network equipment reception second network equipment sends records it After, it is true that first network equipment can also record, according to stream specification rule ORF, AFI and SAFI including The type of constant current specification rule ORF record, and will flow according to the sequence number of stream specification rule ORF record Specification rule ORF record is stored in sorted order in the stream specification rule ORF list of corresponding types.For example, Assume total two kinds of stream specification rule ORF list, be respectively used to store AFI=1, SAFI=133 IPv4 stream specification rule ORF record, AFI=1, SAFI=134 VPNv4 stream specification rule ORF Record.According to the sequence of stream specification rule ORF record in each type of stream specification rule ORF list Number orderly storage stream specification rule ORF record.

Step 103, first network equipment according to stream specification rule ORF record to being sent to the second net The stream specification rule of network equipment filters.

When first network equipment has stream specification rule to send to second network equipment, first network equipment Inquire about the stream specification rule ORF record that second network equipment sends over, to being sent to the second net The stream specification rule of network equipment carries out mating filtration treatment.Different types of stream specification rule ORF note Address book stored is in different stream specification rule ORF lists, and before coupling, first network equipment is first Determine according to AFI and SAFI of the stream specification rule being sent to second network equipment and be sent to the The type of the stream specification rule of two network equipments, inquiry corresponding types stream specification rule ORF list, Record with the stream specification rule ORF in stream specification rule ORF list and be sent to the second net successively The stream specification rule of network equipment is mated, and the stream specification rule ORF record mating at first comes into force. After the match is successful, according to moving that the matching field of the stream specification rule ORF record matching indicates Make (allow or break off relations) to decide whether to send to second network equipment to be sent to second network equipment Stream specification rule.If the action of matching field instruction is for allowing, then first network equipment is by be sent It is sent to second network equipment to the stream specification rule of second network equipment, if matching field instruction Action is refusal, then first network equipment will be sent to the stream specification rule-based filtering of second network equipment Fall, second network equipment will not be sent to.

In the present embodiment, first network equipment to be sent to the stream specification rule to be sent of second network equipment It is then probably other network equipments and is sent to first network equipment, it is also possible to first network equipment root Generate according to configuration oneself.

When mating each stream specification rule ORF record, first network equipment will flow specification rule Then ORF record includes: Action Matching field, Filter the type field, the specific behaviour of filter Make and value field, include with the stream specification rule being sent to second network equipment respectively: Action The type field, Filter the type field, filter specific operation and value field compare.If stream rule Model rule ORF records the type of action collection to be mated indicated by Action Matching field including It is combined into sky (i.e. the value of Action Matching field is 0) or stream specification rule ORF record includes Type of action to be mated indicated by Action Matching field is included in and is sent to the second network In the type of action that the stream specification rule of equipment includes, stream specification rule ORF records the filter collection including It is combined into sky or stream specification rule ORF records the filter specific operation of the every kind of filter type including and takes The numerical space of value field all comprises to be sent to the filter that the stream specification rule of second network equipment includes The filter specific operation of type and the numerical space of value field, then first network equipment determines to be sent To this stream specification rule ORF record of the stream specification rule match of second network equipment.

When the Type specific part field flowing specification rule ORF record includes RD field, first The network equipment filters to sent stream specification rule according to stream specification rule ORF record, particularly as follows: First network equipment will flow what specification rule ORF record included: Action Matching field, Filter The type field, filter specific operation and value field, RD field, respectively be sent to the second net The stream specification rule of network equipment includes: Action the type field, Filter the type field, filter are special Fixed operation and value field, RD field compare.If stream specification rule ORF records the Action including Type of action collection to be mated indicated by Matching field is combined into sky or stream specification rule ORF record bag The type of action to be mated indicated by Action Matching field including is included in and is sent to second In the type of action that the stream specification rule of the network equipment includes, stream specification rule ORF records the filtration including Device collection is combined into sky or stream specification rule ORF records the filter specific operation of the every kind of filter type comprising All comprise to be sent to the mistake that the stream specification rule of second network equipment includes with the numerical space of value field The filter specific operation of filter types and the numerical space of value field, stream specification rule ORF record bag The Route Distinguisher collection of the RD composition including is combined in sky or this Route Distinguisher set and comprises to be sent to the second net The RD that the stream specification rule of network equipment includes, then first network equipment determination is sent to second network equipment This stream specification of stream specification rule match rule ORF record.

Step 104, first network equipment send the stream specification rule after filtering to second network equipment.

Specifically, first network equipment can carry the stream specification rule after filtering in bgp update (UPDATE) being sent to second network equipment in message, certainly, first network equipment also can be by mistake Stream specification rule after filter is carried and is sent to second network equipment in other message, and the present embodiment is not right This limits.

In the present embodiment, first network equipment is determining that second network equipment can be sent out to first network equipment After sending stream specification rule outbound route filtering ORF record, receive the stream specification that second network equipment sends Rule ORF record, stream specification rule ORF record for first network equipment to being sent to the second net The stream specification rule of network equipment filters, when first network equipment has stream specification rule to be sent to the second net During network equipment, first network equipment enters to sent stream specification rule according to stream specification rule ORF record Row filters, and only sends the stream specification meeting stream specification rule ORF record filtering condition to second network equipment Rule, solves the network equipment and sends stream specification rule invalid in a large number, the problem of the wasting of resources causing.

The flow chart of the method receiving stream specification rule that Fig. 6 provides for the embodiment of the present invention two, this enforcement Example describes from the angle of second network equipment, and as shown in Figure 6, the method that the present embodiment provides can include Following steps:

Step 201, second network equipment determine that first network equipment is able to receive that stream specification rule ORF note Record.

Specifically can be determined as follows: first, second network equipment obtains second specification rule ORF Ability parameter, the stream specification that this second specification rule ORF ability parameter instruction first network equipment is supported Rule ORF ability, this second specification rule ORF ability parameter includes: least one set by AFI, The parameter sets of SAFI, stream specification rule ORF type and transmitting-receiving ability label composition, this second specification The transmitting-receiving ability label that rule ORF ability parameter includes is for indicating whether first network equipment is supported to send out Send and/or receive stream specification rule ORF record.Wherein, second network equipment obtains this second specification Rule ORF ability parameter, particularly as follows: second network equipment is setting up BGP even with first network equipment In termination process, receiving the BGP OPEN message that first network equipment sends, first network equipment sends BGP OPEN message includes this second specification rule ORF ability parameter.

Then, second network equipment compares second specification rule ORF ability parameter and first-class specification rule Then ORF ability parameter, this first-class specification rule ORF ability parameter instruction second network equipment is supported Stream specification rule ORF ability, first-class specification rule ORF ability parameter include: least one set by The parameter sets of AFI, SAFI, stream specification rule ORF type and transmitting-receiving ability label composition, this is first years old Whether the transmitting-receiving ability label that stream specification rule ORF ability parameter includes is for indicating second network equipment Support to send and/or receive stream specification rule ORF record.

If the first parameter sets that first-class specification rule ORF ability parameter comprises and second specification rule The second parameter sets that ORF ability parameter comprises all comprises stream specification rule ORF type, the first parameter set Close and described second parameter sets comprises identical AFI and SAFI, and the transmitting-receiving energy of the first parameter sets Power mark instruction second network equipment is supported to send stream specification rule ORF record, the receipts of the second parameter sets Send out ability label instruction first network equipment to support to receive stream specification rule ORF record, then the second network sets Standby being determined to sends stream specification rule ORF record to first network equipment.

The specific implementation of this step can refer to the associated description of embodiment one, repeats no more here.

Step 202, second network equipment generate stream specification rule ORF according to the stream specification rule and policy of self Record.

Wherein, flow specification rule ORF record to include: Action field, Match field, Reserved Field and Type specific part field, wherein, Type specific part field includes: stream specification rule Then ORF record Sequence field, Action Matching field, Filter the type field, filtration Device specific operation and value field, Sequence field is for carrying the preferential of stream specification rule ORF record Level, whether Action Matching field mates the Action Type, Filter of stream specification rule for carrying The type field is used for carrying Filter Type, and filter specific operation and value field are used for carrying Filter The corresponding filter condition of Type.Optionally, Type specific part field can also include Filter Number Field, Filter Number field is for carrying the number of filter.

When SAFI is 134, Type specific part field also includes: RD Number field and: RD field.

The specific implementation of this step can refer to the associated description of embodiment one, repeats no more here.

Stream specification rule ORF record is sent to first network equipment by step 203, second network equipment.

Second network equipment is sent to first network equipment by recording stream specification rule ORF, so that the One network equipment is regular to the stream specification being sent to second network equipment according to stream specification rule ORF record Filter.

Step 204, second network equipment receive the stream specification rule that first network equipment sends, and this stream is advised Model rule is regular according to the stream specification after stream specification rule ORF record filtering for first network equipment.

In the present embodiment, second network equipment is determined to send stream specification rule to first network equipment and goes out After the ORF that stands record, the stream specification rule and policy according to self generates stream specification rule ORF record, and Stream specification rule ORF record is sent to first network equipment, and first network equipment sets according to the second network The stream specification rule being sent to second network equipment was carried out by the stream specification rule ORF record that preparation is sent Filter, only sends the stream specification rule meeting stream specification rule-based filtering condition, solves to second network equipment The network equipment sends stream specification rule invalid in a large number, the problem of the wasting of resources causing.

The structural representation of the first network equipment that Fig. 7 provides for the embodiment of the present invention three, as it is shown in fig. 7, The network equipment that the present embodiment provides comprises determining that module the 11st, receiver module the 12nd, filtering module 13 and Sending module 14.

Wherein it is determined that module 11, for determining that second network equipment can be sent out to described first network equipment Send stream specification rule ORF record；

Receiver module 12, for receiving the described stream specification rule ORF that described second network equipment sends Record, described stream specification rule ORF record for described first network equipment to being sent to described second The stream specification rule of the network equipment filters；

Filtering module 13, for according to described stream specification rule ORF record to being sent to described second net The stream specification rule of network equipment filters；

Sending module 14, for sending the stream specification rule after filtering to described second network equipment.

Described stream specification rule ORF record include: stream specification rule ORF record sequence-number field, Action matching field, filter type field and filter specific operation and value field, described stream specification The sequence-number field of rule ORF record is for carrying the priority of stream specification rule ORF record, described Whether action matching field mates the type of action of stream specification rule, described filter type word for carrying Section is used for carrying filter type, and described filter specific operation and value field are used for carrying described filtration The corresponding filter condition of device type.Optionally, described stream specification rule ORF record also includes: filter Individual digital section, described filter digital section is for carrying the number of filter.

Described filtering module 13 specifically for: described stream specification rule ORF record is included: action Matching field, filter type field, filter specific operation and value field, pending with described respectively The stream specification rule sent includes: type of action field, filter type field, filter specific operation Compare with value field；If described stream specification rule ORF records the action matching field indication including The type of action collection to be mated showing is combined into sky or described type of action to be mated is included in described pending Give in the type of action that the stream specification rule of described second network equipment includes, described stream specification rule The ORF filter collection that includes of record is combined into filter specific operation and the value of empty or every kind of filter type The numerical space of field is sent to what the stream specification rule of described second network equipment included described in all comprising The filter specific operation of filter type and the numerical space of value field, it is determined that described be sent to Specification rule ORF record is flowed described in the stream specification rule match of described second network equipment.

Optionally, described stream specification rule ORF record also includes: Route Distinguisher digital section and route mark Character learning section, described Route Distinguisher digital section is for carrying the number of Route Distinguisher, described Route Distinguisher word Section is used for carrying Route Distinguisher.

When described stream specification rule ORF record includes Route Distinguisher digital section and Route Distinguisher field, Described filtering module 13 specifically for: described stream specification rule ORF record is included: action coupling Field, filter type field, filter specific operation and value field, Route Distinguisher field, respectively Include with the described stream specification rule being sent to described second network equipment: type of action field, mistake Filter types field, filter specific operation and value field and Route Distinguisher field compare；If institute State the type of action set to be mated indicated by matching field of taking action that stream specification rule ORF record includes For empty or described type of action to be mated be included in described in be sent to the stream of described second network equipment In the type of action that specification rule includes, the filter collection that described stream specification rule ORF record includes is combined into Empty or the filter specific operation of every kind of filter type and the numerical space of value field are treated described in all comprising It is sent to the filter specific operation of the filter type that the stream specification rule of described second network equipment includes Road with the Route Distinguisher composition that the numerical space of value field, described stream specification rule ORF record include By logo collection be empty or described Route Distinguisher set comprises described in be sent to described second network equipment The Route Distinguisher that includes of stream specification rule, it is determined that the described stream being sent to described second network equipment Described stream specification rule ORF record in specification rule match.

In the present embodiment, described determining module 11 specifically for:

First, first-class specification rule ORF ability parameter, described first-class specification rule ORF are obtained The stream specification rule ORF ability that described second network equipment of ability parameter instruction is supported, described first-class rule Model rule ORF ability parameter includes: least one set is identified by Address-Family Identifier, subaddressing race, flowed specification Rule ORF type and the parameter sets of transmitting-receiving ability label composition, described first-class specification rule ORF The transmitting-receiving ability label that ability parameter includes for indicate described second network equipment whether support send and / or receive stream specification rule ORF record.

Then, relatively more described first-class specification rule ORF ability parameter and second specification rule ORF Ability parameter, the described first network equipment of described second specification rule ORF ability parameter instruction is supported Stream specification rule ORF ability, described second specification rule ORF ability parameter includes: least one set Identified by Address-Family Identifier, subaddressing race, flowed specification rule ORF type and receive and dispatch what ability label formed Parameter sets, the transmitting-receiving ability label that described second specification rule ORF ability parameter includes is for referring to Show whether described first network equipment is supported to send and/or receive stream specification rule ORF record.

If the first parameter sets that described first-class specification rule ORF ability parameter comprises and described second The second parameter sets that specification rule ORF ability parameter comprises all comprises stream specification rule ORF type, Described first parameter sets and described second parameter sets comprise identical Address-Family Identifier and subaddressing race mark Know, and described second network equipment of transmitting-receiving ability label instruction of described first parameter sets is supported to send Stream specification rule ORF record, the described first network of transmitting-receiving ability label instruction of described second parameter sets Equipment is supported to receive stream specification rule ORF record, it is determined that described second network equipment can be to described the One network equipment sends stream specification rule ORF record.

Described determining module 11 obtains first-class specification rule ORF ability parameter, particularly as follows: described First network equipment and described second network equipment are set up in BGP connection procedure, receive described second network The BGP open message that equipment sends, the BGP open message that described second network equipment sends includes Described first-class specification rule ORF ability parameter.

In the present embodiment, described receiver module 12 specifically for: receive described second the network equipment send BGP route refresh messages, described BGP route refresh messages includes described stream specification rule ORF note Record.

Optionally, first network equipment also includes storing processing module.Described storage processing module, is used for After described receiver module 12 receives the stream specification rule ORF record that described second network equipment sends, According to described stream specification rule ORF records the Address-Family Identifier including and subaddressing race mark determines The type of stream specification rule ORF record, and will according to the described sequence number flowing specification rule ORF record Described stream specification rule ORF record is stored in sorted order in the stream specification rule ORF list of corresponding types.

The first network equipment that the present embodiment provides, can be used for performing the method for embodiment one, implements Mode is similar with technique effect, repeats no more here.

The structural representation of second network equipment that Fig. 8 provides for the embodiment of the present invention four, as shown in Figure 8, Second network equipment that the present embodiment provides comprises determining that module the 21st, generation module the 22nd, sending module 23 and receiver module 24.

It wherein it is determined that module 21, is used for determining that first network equipment is able to receive that stream specification rule ORF Record；

Generation module 22, generates stream for the stream specification rule and policy preserving according to described second network equipment Specification rule ORF record；

Sending module 23, sends for the stream specification rule ORF record generating described generation module 22 To described first network equipment；

Receiver module 24, for receiving the stream specification rule that described first network equipment sends, described stream rule Model rule is advised according to the stream specification after described stream specification rule ORF record filtering for described first network equipment Then.

In the present embodiment, described stream specification rule ORF record includes: stream specification rule ORF record Sequence-number field, action matching field, filter type field, filter specific operation and value field, The sequence-number field of described stream specification rule ORF record is for carrying the excellent of stream specification rule ORF record First level, whether described action matching field mates the type of action of stream specification rule, described mistake for carrying Filter types field is used for carrying filter type, and described filter specific operation and value field are used for taking Carry the corresponding filter condition of described filter type.Optionally, described stream specification rule ORF record also wraps Including: filter digital section, described filter digital section is for carrying the number of filter.

Optionally, described stream specification rule ORF record also includes: Route Distinguisher digital section and route mark Character learning section, described Route Distinguisher digital section is for carrying the number of Route Distinguisher, described Route Distinguisher word Section is used for carrying Route Distinguisher.

In the present embodiment, described determining module 21 specifically for:

First, second specification rule ORF ability parameter, described second specification rule ORF are obtained The stream specification rule ORF ability that the described first network equipment of ability parameter instruction is supported, described second is advised Model rule ORF ability parameter includes: least one set is identified by Address-Family Identifier, subaddressing race, flowed specification Rule ORF type and the parameter sets of transmitting-receiving ability label composition, described second specification rule ORF The transmitting-receiving ability label that ability parameter includes for indicate described first network equipment whether support send and / or receive stream specification rule ORF record.

Then, relatively more described second specification rule ORF ability parameter and first-class specification rule ORF Ability parameter, described second network equipment of described first-class specification rule ORF ability parameter instruction is supported Stream specification rule ORF ability, described first-class specification rule ORF ability parameter includes: least one set Identified by Address-Family Identifier, subaddressing race, flowed specification rule ORF type and receive and dispatch what ability label formed Parameter sets, the transmitting-receiving ability label that described first-class specification rule ORF ability parameter includes is for referring to Show whether described second network equipment is supported to send and/or receive stream specification rule ORF record.If it is described The first parameter sets and described second specification that first-class specification rule ORF ability parameter comprises are regular The second parameter sets that ORF ability parameter comprises all comprises stream specification rule ORF type, described first ginseng Manifold is closed and described second parameter sets comprises identical Address-Family Identifier and subaddressing race identifies, and the Described second network equipment of transmitting-receiving ability label instruction of one parameter sets is supported to send, stream specification rule ORF record, the described first network equipment of transmitting-receiving ability label instruction of described second parameter sets is supported to connect Receive stream specification rule ORF record, it is determined that described second network equipment can be to described first network equipment Send stream specification rule ORF record.

Described determining module 21 obtains second specification rule ORF ability parameter, particularly as follows: described Second network equipment and described first network equipment are set up during BGP is connected, and receive described first net The BGP open message that network equipment sends, bag in the BGP open message that described first network equipment sends Include described second specification rule ORF ability parameter.

In the present embodiment, described sending module 23 specifically for: to described first network equipment send BGP Route refresh messages, described BGP route refresh messages includes described stream specification rule ORF record.

Second network equipment that the present embodiment provides can be used for performing the method for embodiment two, the side of implementing Formula is similar with technique effect, repeats no more here.

The structural representation of the first network equipment that Fig. 9 provides for the embodiment of the present invention five, as it is shown in figure 9, The first network equipment 300 of the present embodiment includes: processor the 31st, memory the 32nd, communication interface 33 and Communication bus 34, memory 32 and communication interface 33 be connected with processor 31 by communication bus 34 and Communication, memory 32 is used for storing computer instruction, and communication interface 33 is for entering with other network equipments Row communication, processor 31 is for performing the computer instruction of memory 32 storage, as described below to perform Method:

Determine that second network equipment can send stream specification rule ORF record to described first network equipment；

Receive the stream specification rule ORF record that described second network equipment sends, described stream specification rule ORF record is regular to the stream specification being sent to described second network equipment for described first network equipment Filter；

According to described stream specification rule ORF record, the stream specification being sent to described second network equipment is advised Then filter；

Send the stream specification rule after filtering to described second network equipment.

Wherein, described stream specification rule ORF record includes: the sequence number of stream specification rule ORF record Field, action matching field, filter type field and filter specific operation and value field, described The sequence-number field of stream specification rule ORF record is used for carrying the priority of stream specification rule ORF record, Described action matching field is for carrying the type of action whether mating stream specification rule, described filter class Type-word section is used for carrying filter type, and described filter specific operation and value field are used for carrying described The corresponding filter condition of filter type.Optionally, described stream specification rule ORF record also includes: mistake Filter digital section, described filter digital section is for carrying the number of filter.

Optionally, described stream specification rule ORF record also includes: Route Distinguisher digital section and route mark Character learning section, described Route Distinguisher digital section is for carrying the number of Route Distinguisher, described Route Distinguisher word Section is used for carrying Route Distinguisher.

Described record according to described stream specification rule ORF is filtered to sent stream specification rule, tool Body is:

Described stream specification rule ORF record is included: action matching field, filter type field, Filter specific operation and value field, include with described stream specification rule to be sent: action respectively Type field, filter type field, filter specific operation and value field compare.If it is described Type of action collection to be mated indicated by matching field for the action that stream specification rule ORF record includes is combined into Empty or described type of action to be mated be included in described in be sent to described second network equipment stream rule In the type of action that model rule includes, described stream specification rule ORF records the every kind of filter type including Filter collection be combined into sky or filter specific operation and the numerical space of value field all comprise described pending Give the filter type that the stream specification rule of described second network equipment includes filter specific operation and The numerical space of value field, it is determined that the described stream specification rule being sent to described second network equipment Mate described stream specification rule ORF record.

Or, described stream specification rule ORF record is included: action matching field, filter type Field, filter specific operation and value field, Route Distinguisher field, respectively with described stream to be sent Specification rule includes: type of action field, filter type field, filter specific operation and value Field and Route Distinguisher field compare.If the action coupling that described stream specification rule ORF record includes Type of action collection to be mated indicated by field is combined into sky or described type of action to be mated is included in In the type of action that the described stream specification rule being sent to described second network equipment includes, described stream rule The filter collection that model rule ORF record includes is combined into empty or every kind of filter type filter specific operation With the numerical space of value field all comprise described in be sent to described second network equipment stream specification rule Including the filter specific operation of filter type and the numerical space of value field, described stream specification is advised The Route Distinguisher collection of the Route Distinguisher composition that then ORF record includes is combined into empty or described Route Distinguisher set bag The Route Distinguisher including containing the described stream specification rule being sent to described second network equipment, it is determined that institute State and be sent to described stream specification rule ORF note in the stream specification rule match of described second network equipment Record.

Described determination second network equipment can send stream specification rule ORF note to described first network equipment Record, comprising: obtain first-class specification rule ORF ability parameter, described first-class specification rule ORF The stream specification rule ORF ability that described second network equipment of ability parameter instruction is supported, described first-class rule Model rule ORF ability parameter includes: least one set is identified by Address-Family Identifier, subaddressing race, flowed specification Rule ORF type and the parameter sets of transmitting-receiving ability label composition, described first-class specification rule ORF The transmitting-receiving ability label that ability parameter includes for indicate described second network equipment whether support send and / or receive stream specification rule ORF record.Relatively more described first-class specification rule ORF ability parameter and the Second-rate specification rule ORF ability parameter, the rule ORF ability parameter instruction of described second specification is described The stream specification rule ORF ability that first network equipment is supported, described second specification rule ORF ability Parameter includes: least one set by Address-Family Identifier, subaddressing race identify, stream specification rule ORF type and The parameter sets of transmitting-receiving ability label composition, described second specification rule ORF ability parameter includes Transmitting-receiving ability label is used for indicating whether described first network equipment is supported to send and/or receive stream specification rule Then ORF record.

If the first parameter sets that described first-class specification rule ORF ability parameter comprises and described second The second parameter sets that specification rule ORF ability parameter comprises all comprises stream specification rule ORF type, Described first parameter sets and described second parameter sets comprise identical Address-Family Identifier and subaddressing race mark Know, and described second network equipment of transmitting-receiving ability label instruction of described first parameter sets is supported to send Stream specification rule ORF record, the described first network of transmitting-receiving ability label instruction of described second parameter sets Equipment is supported to receive stream specification rule ORF record, it is determined that described second network equipment can be to described the One network equipment sends stream specification rule ORF record.

Described obtain first-class specification rule ORF ability parameter, comprising: described first network equipment with Described second network equipment is set up in BGP connection procedure, receives the BGP that described second network equipment sends Open message, the BGP open message that described second network equipment sends includes that described first-class specification is advised Then ORF ability parameter.

The described stream specification rule ORF record receiving described second network equipment transmission, comprising: receive institute Stating the BGP route refresh messages that second network equipment sends, described BGP route refresh messages includes Described stream specification rule ORF record.

After described processor 31 receives the stream specification rule ORF record that described second network equipment sends, It is additionally operable to: the Address-Family Identifier including according to described stream specification rule ORF record and subaddressing race mark Determine the type of described stream specification rule ORF record, and according to described stream specification rule ORF record Described stream specification rule ORF record is stored in sorted order the stream specification rule of corresponding types by sequence number In ORF list.

The first network equipment that the present embodiment provides, can be used for performing the method for embodiment one, implements Mode is similar with technique effect, repeats no more here.

The structural representation of second network equipment that Figure 10 provides for the embodiment of the present invention six, such as Figure 10 institute Showing, second network equipment 400 of the present embodiment includes: processor the 41st, memory the 42nd, communication interface 43 and communication bus 44, memory 42 and communication interface 43 are by communication bus 44 with processor 41 even Connecing and communicating, memory 42 is used for storing computer instruction, and communication interface 43 is for setting with other networks For communicating, processor 41 is for performing the computer instruction of memory 42 storage, as follows to perform Described method:

Determine that the second network equipment first network equipment is able to receive that stream specification rule ORF record；

Generate stream specification rule ORF note according to the stream specification rule and policy that described second network equipment preserves Record；

Described stream specification rule ORF record is sent to described first network equipment；

Receiving the stream specification rule that described first network equipment sends, described stream specification rule is described first The network equipment is according to the stream specification rule after described stream specification rule ORF record filtering.

Wherein, described stream specification rule ORF record includes: the sequence number of stream specification rule ORF record Field, action matching field, filter digital section, filter type field, filter specific operation With value field, the sequence-number field of described stream specification rule ORF record is used for carrying stream specification rule The priority of ORF record, whether described action matching field mates the action of stream specification rule for carrying Type, described filter type field is used for carrying filter type, described filter specific operation and taking Value field is used for carrying the corresponding filter condition of described filter type.Optionally, described stream specification rule ORF record also includes: filter digital section, and described filter digital section is for carrying filter Number.

Optionally, described stream specification rule ORF record also includes: Route Distinguisher digital section and route mark Character learning section, described Route Distinguisher digital section is for carrying the number of Route Distinguisher, described Route Distinguisher word Section is used for carrying Route Distinguisher.

Described determination first network equipment is able to receive that stream specification rule ORF record, comprising:

First, second specification rule ORF ability parameter, described second specification rule ORF are obtained The stream specification rule ORF ability that the described first network equipment of ability parameter instruction is supported, described second is advised Model rule ORF ability parameter includes: least one set is identified by Address-Family Identifier and subaddressing race, flowed specification Rule ORF type and the parameter sets of transmitting-receiving ability label composition, described second specification rule ORF The transmitting-receiving ability label that ability parameter includes for indicate described first network equipment whether support send and / or receive stream specification rule ORF record.

Then, relatively more described second specification rule ORF ability parameter and first-class specification rule ORF Ability parameter, described second network equipment of described first-class specification rule ORF ability parameter instruction is supported Stream specification rule ORF ability, described first-class specification rule ORF ability parameter includes: least one set Identified by Address-Family Identifier and subaddressing race, flowed specification rule ORF type and receive and dispatch what ability label formed Parameter sets, the transmitting-receiving ability label that described first-class specification rule ORF ability parameter includes is for referring to Show whether described second network equipment is supported to send and/or receive stream specification rule ORF record.

If the first parameter sets that described first-class specification rule ORF ability parameter comprises and described second The second parameter sets that specification rule ORF ability parameter comprises all comprises stream specification rule ORF type, Described first parameter sets and described second parameter sets comprise identical Address-Family Identifier and subaddressing race mark Know, and described second network equipment of transmitting-receiving ability label instruction of described first parameter sets is supported to send Stream specification rule ORF record, the described first network of transmitting-receiving ability label instruction of described second parameter sets Equipment is supported to receive stream specification rule ORF record, it is determined that described second network equipment can be to described the One network equipment sends stream specification rule ORF record.

Described acquisition second specification rule ORF ability parameter, comprising: described second network equipment with During described first network equipment sets up BGP connection, receive what described first network equipment sent BGP open message, the BGP open message that described first network equipment sends includes that described second is advised Model rule ORF ability parameter.

Described record described stream specification rule ORF is sent to described first network equipment, comprising: to institute Stating first network equipment and sending BGP route refresh messages, described BGP route refresh messages includes institute State stream specification rule ORF record.

Second network equipment that the present embodiment provides, can be used for performing the method for embodiment two, implements Mode is similar with technique effect, repeats no more here.

The structural representation of a kind of network system that Figure 11 provides for the embodiment of the present invention seven, such as Figure 11 institute Showing, the network system of the present embodiment includes: first network equipment 51 and second network equipment 52, wherein, First network equipment 51 can be used for performing the method for embodiment one, and second network equipment 52 can be used for performing The method of embodiment two, specific implementation is similar with technique effect, refer to embodiment one and embodiment The description of two, repeats no more here.

One of ordinary skill in the art will appreciate that: realize all or part of step of above-mentioned each method embodiment Suddenly can be completed by the related hardware of programmed instruction.Aforesaid program can be stored in a computer can Read in storage medium.This program upon execution, performs to include the step of above-mentioned each method embodiment；And Aforesaid storage medium includes: ROM, RAM, magnetic disc or CD etc. are various can store program code Medium.

Last it is noted that various embodiments above is only in order to illustrating technical scheme, rather than right It limits；Although the present invention being described in detail with reference to foregoing embodiments, this area common Skilled artisans appreciate that it still can the technical scheme described in foregoing embodiments be modified, Or equivalent is carried out to wherein some or all of technical characteristic；And these modifications or replacement, and The essence not making appropriate technical solution departs from the scope of various embodiments of the present invention technical scheme.

Claims (35)

1. the method sending stream specification rule, it is characterised in that include:

First network equipment determines that second network equipment can send stream specification rule to described first network equipment Then outbound route filtering ORF record；

Described first network equipment receives the described stream specification rule ORF note that described second network equipment sends Record, described stream specification rule ORF record for described first network equipment to being sent to described second net The stream specification rule of network equipment filters；

Described first network equipment according to described stream specification rule ORF record to being sent to described second net The stream specification rule of network equipment filters；

Described first network equipment sends the stream specification rule after filtering to described second network equipment.

2. method according to claim 1, it is characterised in that described stream specification rule ORF note Record includes: the sequence-number field of stream specification rule ORF record, action matching field, filter type word Section, filter specific operation and value field, the sequence-number field of described stream specification rule ORF record is used In the priority carrying stream specification rule ORF record, whether described action matching field is used for carrying and mates The type of action of stream specification rule, described filter type field is used for carrying filter type, described mistake Filter specific operation and value field are used for carrying the corresponding filter condition of described filter type.

3. method according to claim 2, it is characterised in that described stream specification rule ORF note Record also includes: Route Distinguisher digital section and Route Distinguisher field, described Route Distinguisher digital section is used for Carrying the number of Route Distinguisher, described Route Distinguisher field is used for carrying Route Distinguisher.

4. the method according to Claims 2 or 3, it is characterised in that described stream specification rule ORF note Record also includes: filter digital section, and described filter digital section is for carrying the number of filter.

5. method according to claim 2, it is characterised in that described first network equipment is according to institute State stream specification rule ORF record to carry out the stream specification rule being sent to described second network equipment Filter, comprising:

Described stream specification rule ORF record is included by described first network equipment: action matching field, Filter type field, filter specific operation and value field, be sent to described with described respectively The stream specification rule of two network equipments includes: type of action field, filter type field, filter Specific operation and value field compare；

If the action to be mated that the action that described stream specification rule ORF record includes is indicated by matching field Set of types is combined into sky or described type of action to be mated be included in described in be sent to described second network In the type of action that the stream specification rule of equipment includes, described stream specification rule ORF records the filtration including Device collection is combined into the empty or filter specific operation of every kind of filter type and the numerical space of value field is all wrapped Filter containing the filter type that the described stream specification rule being sent to described second network equipment includes Specific operation and the numerical space of value field, then be sent to institute described in the determination of described first network equipment State and described in the stream specification rule match of second network equipment, flow specification rule ORF record.

6. method according to claim 3, it is characterised in that described first network equipment is according to institute State stream specification rule ORF record to carry out the stream specification rule being sent to described second network equipment Filter, comprising:

Described stream specification rule ORF record is included by described first network equipment: action matching field, Filter type field, filter specific operation and value field, Route Distinguisher field, respectively with described It is sent to what the stream specification rule of described second network equipment included: type of action field, filter class Type-word section, filter specific operation and value field and Route Distinguisher field compare；

If the action to be mated that the action that described stream specification rule ORF record includes is indicated by matching field Set of types is combined into sky or described type of action to be mated be included in described in be sent to described second network In the type of action that the stream specification rule of equipment includes, described stream specification rule ORF records the filtration including Device collection is combined into the empty or filter specific operation of every kind of filter type and the numerical space of value field is all wrapped Mistake containing the corresponding filter type that the described stream specification rule being sent to described second network equipment includes Filter specific operation and the numerical space of value field, described stream specification rule ORF records the route including The Route Distinguisher collection of mark composition be combined in empty or described Route Distinguisher set comprise described in be sent to described The Route Distinguisher that the stream specification rule of second network equipment includes, then described first network equipment determines described Described stream specification rule ORF record in stream specification rule match to be sent.

7. the method according to according to any one of claim 1-6, it is characterised in that described first network Equipment determines that second network equipment can send stream specification rule ORF record to described first network equipment, Including:

Described first network equipment obtains first-class specification rule ORF ability parameter, described first-class specification The stream specification rule ORF ability that described second network equipment of rule ORF ability parameter instruction is supported, institute State first-class specification rule ORF ability parameter to include: least one set is marked by Address-Family Identifier, subaddressing race Know, flow specification rule ORF type and the parameter sets of transmitting-receiving ability label composition, described first-class specification The transmitting-receiving ability label that rule ORF ability parameter includes is for indicating whether described second network equipment props up Hold transmission and/or receive stream specification rule ORF record；

Described first network equipment more described first-class specification rule ORF ability parameter and second specification Rule ORF ability parameter, the described first network of described second specification rule ORF ability parameter instruction The stream specification rule ORF ability that equipment is supported, described second specification rule ORF ability parameter includes: Least one set is identified by Address-Family Identifier, subaddressing race, is flowed specification rule ORF type and transmitting-receiving ability mark Know the parameter sets of composition, the transmitting-receiving ability mark that described second specification rule ORF ability parameter includes Know and be used for indicating whether described first network equipment is supported to send and/or receive stream specification rule ORF record；

If the first parameter sets that described first-class specification rule ORF ability parameter comprises and described second The second parameter sets that specification rule ORF ability parameter comprises all comprises stream specification rule ORF type, Described first parameter sets and described second parameter sets comprise identical Address-Family Identifier and subaddressing race mark Know, and described second network equipment of transmitting-receiving ability label instruction of described first parameter sets is supported to send Stream specification rule ORF record, the described first network of transmitting-receiving ability label instruction of described second parameter sets Equipment is supported to receive stream specification rule ORF record, then described first network equipment determines described second network Equipment can send stream specification rule ORF record to described first network equipment.

8. method according to claim 7, it is characterised in that described first network equipment obtains the First-class specification rule ORF ability parameter, comprising:

Described first network equipment was connected setting up Border Gateway Protocol (BGP) with described second network equipment Cheng Zhong, receives the BGP open message that described second network equipment sends, and described second network equipment sends BGP open message include described first-class specification rule ORF ability parameter.

9. the method according to according to any one of claim 1-6, it is characterised in that described first network Equipment receives the stream specification rule ORF record that described second network equipment sends, comprising:

Described first network equipment receives the BGP route refresh messages that described second network equipment sends, institute State BGP route refresh messages and include described stream specification rule ORF record.

10. the method according to according to any one of claim 1-6, it is characterised in that described first net After network equipment receives the stream specification rule ORF record that described second network equipment sends, described method is also Including:

Described first network equipment according to the described stream specification rule ORF Address-Family Identifier that includes of record and Subaddressing race mark determines the type of described stream specification rule ORF record, and according to described stream specification rule Described stream specification rule ORF record is stored in sorted order the stream of corresponding types by the sequence number of ORF record In specification rule ORF list.

11. 1 kinds of methods receiving stream specification rule, it is characterised in that include:

Second network equipment determines that first network equipment is able to receive that stream specification rule outbound route filtering ORF Record；

Described second network equipment generates stream specification rule ORF according to the stream specification rule and policy self preserving Record；

Described stream specification rule ORF record is sent to described first network and sets by described second network equipment Standby；

Described second network equipment receives the stream specification rule that described first network equipment sends, described stream rule Model rule is advised according to the stream specification after described stream specification rule ORF record filtering for described first network equipment Then.

12. methods according to claim 11, it is characterised in that described stream specification rule ORF Record includes: the sequence-number field of stream specification rule ORF record, action matching field, filter type Field, filter specific operation and value field, the sequence-number field of described stream specification rule ORF record For carrying the priority of stream specification rule ORF record, whether described action matching field is used for carrying The type of action of flow specification rule, described filter type field is used for carrying filter type, described Filter specific operation and value field are used for carrying the corresponding filter condition of described filter type.

13. methods according to claim 12, it is characterised in that described stream specification rule ORF Record also includes: Route Distinguisher digital section and Route Distinguisher field, and described Route Distinguisher digital section is used In the number carrying Route Distinguisher, described Route Distinguisher field is used for carrying Route Distinguisher.

14. methods according to claim 12 or 13, it is characterised in that described stream specification rule ORF record also includes: filter digital section, and described filter digital section is for carrying filter Number.

15. methods according to according to any one of claim 11-14, it is characterised in that described second The network equipment determines that first network equipment is able to receive that stream specification rule outbound route filtering ORF record, bag Include:

Described second network equipment obtains second specification rule ORF ability parameter, described second specification The stream specification rule ORF ability that the described first network equipment of rule ORF ability parameter instruction is supported, institute State second specification rule ORF ability parameter to include: least one set is marked by Address-Family Identifier and subaddressing race Know, flow specification rule ORF type and the parameter sets of transmitting-receiving ability label composition, described second specification The transmitting-receiving ability label that rule ORF ability parameter includes is for indicating whether described first network equipment props up Hold transmission and/or receive stream specification rule ORF record；

The described second more described second specification rule ORF ability parameter of the network equipment and first-class specification Rule ORF ability parameter, described second network of described first-class specification rule ORF ability parameter instruction The stream specification rule ORF ability that equipment is supported, described first-class specification rule ORF ability parameter includes: Least one set is identified by Address-Family Identifier and subaddressing race, is flowed specification rule ORF type and transmitting-receiving ability mark Know the parameter sets of composition, the transmitting-receiving ability mark that described first-class specification rule ORF ability parameter includes Know and be used for indicating whether described second network equipment is supported to send and/or receive stream specification rule ORF record；

If the first parameter sets that described first-class specification rule ORF ability parameter comprises and described second The second parameter sets that specification rule ORF ability parameter comprises all comprises stream specification rule ORF type, Described first parameter sets and described second parameter sets comprise identical Address-Family Identifier and subaddressing race mark Know, and described second network equipment of transmitting-receiving ability label instruction of described first parameter sets is supported to send Stream specification rule ORF record, the described first network of transmitting-receiving ability label instruction of described second parameter sets Equipment is supported to receive stream specification rule ORF record, then described second network equipment is determined to described the One network equipment sends stream specification rule ORF record.

16. methods according to claim 15, it is characterised in that described second network equipment obtains Second specification rule ORF ability parameter, comprising:

Described second network equipment is setting up what Border Gateway Protocol (BGP) was connected with described first network equipment During, receiving the BGP open message that described first network equipment sends, described first network equipment is sent out The BGP open message sent includes described second specification rule ORF ability parameter.

17. methods according to according to any one of claim 11-16, it is characterised in that described second Described stream specification rule ORF record is sent to described first network equipment by the network equipment, comprising:

Described second network equipment sends BGP route refresh messages to described first network equipment, described BGP route refresh messages includes described stream specification rule ORF record.

18. 1 kinds of first network equipment, it is characterised in that include:

Determining module, for determining that second network equipment can send stream specification to described first network equipment Rule outbound route filtering ORF record；

Receiver module, for receiving the described stream specification rule ORF record that described second network equipment sends, Described stream specification rule ORF record sets to being sent to described second network for described first network equipment Standby stream specification rule filters；

Filtering module, for entering to sent stream specification rule according to described stream specification rule ORF record Row filters；

Sending module, for sending the stream specification rule after filtering to described second network equipment.

19. equipment according to claim 18, it is characterised in that described stream specification rule ORF Record includes: the sequence-number field of stream specification rule ORF record, action matching field, filter type Field, filter specific operation and value field, the sequence-number field of described stream specification rule ORF record For carrying the priority of stream specification rule ORF record, whether described action matching field is used for carrying The type of action of flow specification rule, described filter type field is used for carrying filter type, described Filter specific operation and value field are used for carrying the corresponding filter condition of described filter type.

20. equipment according to claim 19, it is characterised in that described stream specification rule ORF Record also includes: Route Distinguisher digital section and Route Distinguisher field, and described Route Distinguisher digital section is used In the number carrying Route Distinguisher, described Route Distinguisher field is used for carrying Route Distinguisher.

21. equipment according to claim 19 or 20, it is characterised in that described stream specification rule ORF record also includes: filter digital section, and described filter digital section is for carrying filter Number.

22. equipment according to claim 19, it is characterised in that described filtering module specifically for:

Described stream specification rule ORF record is included: action matching field, filter type field, Filter specific operation and value field, respectively with the described stream rule being sent to described second network equipment Model rule includes: type of action field, filter type field, filter specific operation and value word Section compares；

If the action to be mated that the action that described stream specification rule ORF record includes is indicated by matching field Set of types is combined into sky or described type of action to be mated be included in described in be sent to described second network In the type of action that the stream specification rule of equipment includes, described stream specification rule ORF records the filtration including Device collection is combined into the empty or filter specific operation of every kind of filter type and the numerical space of value field is all wrapped Filter containing the filter type that the described stream specification rule being sent to described second network equipment includes Specific operation and the numerical space of value field, it is determined that described be sent to described second network equipment Stream specification rule ORF record described in stream specification rule match.

23. equipment according to claim 20, it is characterised in that described filtering module specifically for:

Described stream specification rule ORF record is included: action matching field, filter type field, Filter specific operation and value field, Route Distinguisher field, be sent to described second with described respectively The stream specification rule of the network equipment includes: type of action field, filter type field, filter are special Fixed operation and value field and Route Distinguisher field compare；

If the action to be mated that the action that described stream specification rule ORF record includes is indicated by matching field Set of types is combined into sky or described type of action to be mated be included in described in be sent to described second network In the type of action that the stream specification rule of equipment includes, described stream specification rule ORF records the filtration including Device collection is combined into the empty or filter specific operation of every kind of filter type and the numerical space of value field is all wrapped Filter containing the filter type that the described stream specification rule being sent to described second network equipment includes Specific operation and the numerical space of value field, described stream specification rule ORF records the Route Distinguisher including Composition Route Distinguisher collection be combined in empty or described Route Distinguisher set comprise described in be sent to described second The Route Distinguisher that the stream specification rule of the network equipment includes, it is determined that described be sent to described second network Described stream specification rule ORF record in the stream specification rule match of equipment.

24. equipment according to according to any one of claim 18-23, it is characterised in that described determination Module specifically for:

Obtain first-class specification rule ORF ability parameter, described first-class specification rule ORF ability ginseng The stream specification rule ORF ability that described second network equipment of number instruction is supported, described first-class specification rule ORF ability parameter includes: least one set is identified by Address-Family Identifier, subaddressing race, flowed specification rule ORF Type and the parameter sets of transmitting-receiving ability label composition, in described first-class specification rule ORF ability parameter Including transmitting-receiving ability label for indicate described second network equipment whether support send and/or receive stream Specification rule ORF record；

Relatively more described first-class specification rule ORF ability parameter and second specification rule ORF ability ginseng Number, the stream specification that the described first network equipment of described second specification rule ORF ability parameter instruction is supported Rule ORF ability, described second specification rule ORF ability parameter includes: least one set is by address The parameter set of race's mark, subaddressing race mark, stream specification rule ORF type and transmitting-receiving ability label composition Closing, the transmitting-receiving ability label that described second specification rule ORF ability parameter includes is described for indicating Whether first network equipment is supported to send and/or receive stream specification rule ORF record；

If the first parameter sets that described first-class specification rule ORF ability parameter comprises and described second The second parameter sets that specification rule ORF ability parameter comprises all comprises stream specification rule ORF type, Described first parameter sets and described second parameter sets comprise identical Address-Family Identifier and subaddressing race mark Know, and described second network equipment of transmitting-receiving ability label instruction of described first parameter sets is supported to send Stream specification rule ORF record, the described first network of transmitting-receiving ability label instruction of described second parameter sets Equipment is supported to receive stream specification rule ORF record, it is determined that described second network equipment can be to described the One network equipment sends stream specification rule ORF record.

25. equipment according to claim 24, it is characterised in that the first-class specification of described acquisition is advised Then ORF ability parameter, comprising:

Set up Border Gateway Protocol (BGP) at described first network equipment with described second network equipment to be connected Cheng Zhong, receives the BGP open message that described second network equipment sends, and described second network equipment sends BGP open message include described first-class specification rule ORF ability parameter.

26. equipment according to according to any one of claim 18-23, it is characterised in that described reception Module specifically for:

Receive the BGP route refresh messages that described second network equipment sends, described BGP route refresh Message includes described stream specification rule ORF record.

27. equipment according to according to any one of claim 18-23, it is characterised in that described equipment Also include storing processing module；

Described storage processing module, for receiving what described second network equipment sent at described receiver module After stream specification rule ORF record, record, according to described stream specification rule ORF, the address race including Mark and subaddressing race mark determine the type of described stream specification rule ORF record, and according to described stream rule Described stream specification rule ORF record is stored in sorted order corresponding class by the sequence number of model rule ORF record In the stream specification rule ORF list of type.

28. a kind of second network equipment, it is characterised in that include:

Determining module, is used for determining that first network equipment is able to receive that stream specification rule outbound route filtering ORF record；

Generation module, the stream specification rule and policy for preserving according to described second network equipment generates stream rule Model rule ORF record；

Sending module, is sent to described for the stream specification rule ORF record generating described generation module First network equipment；

Receiver module, for receiving the stream specification rule that described first network equipment sends, described stream specification Rule is advised according to the stream specification after described stream specification rule ORF record filtering for described first network equipment Then.

29. equipment according to claim 28, it is characterised in that described stream specification rule ORF Record includes: the sequence-number field of stream specification rule ORF record, action matching field, filter type Field, filter specific operation and value field, the sequence-number field of described stream specification rule ORF record For carrying the priority of stream specification rule ORF record, whether described action matching field is used for carrying The type of action of flow specification rule, described filter type field is used for carrying filter type, described Filter specific operation and value field are used for carrying the corresponding filter condition of described filter type.

30. equipment according to claim 29, it is characterised in that described stream specification rule ORF Record also includes: Route Distinguisher digital section and Route Distinguisher field, and described Route Distinguisher digital section is used In the number carrying Route Distinguisher, described Route Distinguisher field is used for carrying Route Distinguisher.

31. equipment according to claim 29 or 30, it is characterised in that described stream specification rule ORF record also includes: filter digital section, and described filter digital section is for carrying filter Number.

32. equipment according to according to any one of claim 28-32, it is characterised in that described determination Module specifically for:

Obtain second specification rule ORF ability parameter, described second specification rule ORF ability ginseng The stream specification rule ORF ability that the described first network equipment of number instruction is supported, described second specification rule ORF ability parameter includes: least one set is identified by Address-Family Identifier, subaddressing race, flowed specification rule ORF Type and the parameter sets of transmitting-receiving ability label composition, in described second specification rule ORF ability parameter Including transmitting-receiving ability label for indicate described first network equipment whether support send and/or receive stream Specification rule ORF record；

Relatively more described second specification rule ORF ability parameter and first-class specification rule ORF ability ginseng Number, the stream specification that described second network equipment of described first-class specification rule ORF ability parameter instruction is supported Rule ORF ability, described first-class specification rule ORF ability parameter includes: least one set is by address The parameter set of race's mark, subaddressing race mark, stream specification rule ORF type and transmitting-receiving ability label composition Closing, the transmitting-receiving ability label that described first-class specification rule ORF ability parameter includes is described for indicating Whether second network equipment is supported to send and/or receive stream specification rule ORF record；

If the first parameter sets that described first-class specification rule ORF ability parameter comprises and described second The second parameter sets that specification rule ORF ability parameter comprises all comprises stream specification rule ORF type, Described first parameter sets and described second parameter sets comprise identical Address-Family Identifier and subaddressing race mark Know, and described second network equipment of transmitting-receiving ability label instruction of the first parameter sets is supported to send, stream Specification rule ORF record, the described first network of transmitting-receiving ability label instruction of described second parameter sets sets Standby support receives stream specification rule ORF record, it is determined that described second network equipment can be to described first The network equipment sends stream specification rule ORF record.

33. equipment according to claim 32, it is characterised in that described acquisition second specification is advised Then ORF ability parameter, comprising:

Set up what Border Gateway Protocol (BGP) was connected at described second network equipment with described first network equipment During, receiving the BGP open message that described first network equipment sends, described first network equipment is sent out The BGP open message sent includes described second specification rule ORF ability parameter.

34. equipment according to according to any one of claim 28-32, it is characterised in that described transmission Module specifically for:

Send BGP route refresh messages, described BGP route refresh messages to described first network equipment Include described stream specification rule ORF record.

35. 1 kinds of network systems, it is characterised in that described network system includes: first network equipment and Second network equipment；

Described first network equipment, for performing the method as described in claim 1-10 is arbitrary；

Described second network equipment, for performing the method as described in claim 11-17 is arbitrary.