CN106487556A

CN106487556A - The dispositions method of business function SF and device

Info

Publication number: CN106487556A
Application number: CN201510543835.6A
Authority: CN
Inventors: 李忠良; 李炀; 王小威; 左奇
Original assignee: ZTE Corp
Current assignee: ZTE Corp
Priority date: 2015-08-28
Filing date: 2015-08-28
Publication date: 2017-03-08
Anticipated expiration: 2035-08-28
Also published as: WO2016180181A1; CN106487556B

Abstract

The invention provides a kind of dispositions method of business function SF and device, wherein, the method includes：Obtain predetermined network function virtualization NFV information, wherein, the NFV information includes the resource indication information for indicating the bottom-layer network resource that sets up needed for network function, and for indicating the function configured information of the business function SF disposed in the bottom-layer network resource；Bottom-layer network resource is created according to above-mentioned resource indication information and function configured information and deployment SF in the bottom-layer network resource.By the present invention, solving present in correlation technique needs manual intervention to create bottom-layer network resource and deployment SF, so as to cause, group creates bottom-layer network resource and deployment SF ossifys, the problem of bottom-layer network resource and SF can not be adjusted flexibly, and then have reached the effect that bottom-layer network resource and SF is adjusted flexibly.

Description

The dispositions method of business function SF and device

Technical field

The present invention relates to the communications field, in particular to a kind of dispositions method of business function SF and device.

Background technology

In network function virtualization (Network Function Virtualization, referred to as NFV) technology, can be by making With the general purpose hardware such as x86 and Intel Virtualization Technology, very multi-functional software processing is carried.So as to reduce, network is expensive to be set Standby cost.Can be decoupled by software and hardware and function modeling, make network equipment function that specialized hardware is no longer dependent on, resource is permissible Fully flexibly shared, realize quick exploitation and the deployment of new business, and carry out automatic deployment, elasticity based on practical business demand stretching Contracting, Fault Isolation and self-healing etc..

Business function chain (Service Function Chain, referred to as SFC) is the set of an orderly business function, its base A series of Business Processing is carried out to the IP packet on network, isl frame or data flow in classification and policing.SFC can be independent In specific network application, for fixing, the scene such as mobile network and data center.SFC is related to flow class node, business work( Can (Service Function, referred to as SF), business forward node (Service Function Forwarder, referred to as SFF), SFC agency, deep-packet detection (Deep Packet Inspection, referred to as DPI) etc..SF is received from one or more SFF Message, sends message to one or more SFF.SFF is responsible for according to SFC packaging information the message received from network or number SF is sent to according to frame.SFC chain of command is responsible for carrying out management and the configuration of SFC, including convection current class node, SF, SFF, SFC The discovery of interdependent node, management and the configurations etc. such as agency.

SFC is the indispensable part in NFV technology, and wherein, SFC user can be by being created by NFV Virtual machine, the virtual resource such as virtual switch create the components such as SF, SFF required for SFC, wherein, in business chain, SF is a kind of table of virtualized network function example (Virtualized Network Function Instance, referred to as VNFI) Existing form.

In the related, software defined network (Software Defined Network, referred to as SDN) plan SFC when, Keeper is needed first to create the bottom-layer network resource of network function virtualization NFV and be supplied to SFC use, in existing Internet resources On the basis of dispose new SF, then select group to build up SFC by keeper.The SFC that so sets up relatively ossifys, it is impossible to enough roots Factually the variation of border business demand adjusts SF, and can not propose any change to the Internet resources of bottom.

For needing manual intervention to create bottom-layer network resource and deployment SF present in correlation technique, so as to cause to create bottom Internet resources and deployment SF ossify, it is impossible to the problem of bottom-layer network resource and SF is adjusted flexibly, and not yet propose at present effectively Solution.

Content of the invention

The invention provides a kind of dispositions method of business function SF and device, at least to solve to need people present in correlation technique Work intervention creates bottom-layer network resource and deployment SF, ossifys so as to cause to create bottom-layer network resource and dispose SF, it is impossible to The problem of bottom-layer network resource and SF is adjusted flexibly.

According to an aspect of the invention, there is provided a kind of dispositions method of business function SF, including：Obtain predetermined network work( NFV information can be virtualized, wherein, the NFV information is included for indicating the bottom-layer network resource that sets up needed for network function Resource indication information, and for indicate in the bottom-layer network resource dispose business function SF function configured information；Root The bottom-layer network resource is created and on the bottom-layer network resource top according to the resource indication information and the function configured information Affix one's name to the SF.

Alternatively, the bottom-layer network resource is created and at the bottom according to the resource indication information and the function configured information Disposing the SF in layer network resource includes：The resource indication information is passed to by the interface between Forwarding plane described Forwarding plane, to indicate that the Forwarding plane creates the bottom-layer network according to the resource indication information on the Forwarding plane Resource；The mode communicated with the TSR in the virtual machine in the bottom-layer network resource by using the interface is by root The deployment information determined according to the function configured information passes to the virtual machine, to indicate SF described in the deploying virtual machine.

Alternatively, by being used for the interface that disposes between bottom-layer network resource and the Forwarding plane of SF by the resource indication information The Forwarding plane is passed to, to indicate that the Forwarding plane creates institute according to the resource indication information on the Forwarding plane Stating bottom-layer network resource includes：The resource indication information is passed to by the Forwarding plane by the interface, described to indicate Forwarding plane will include in the resource indication information puts down to described forwarding for creating the parameter configuration of the bottom-layer network resource On virtual machine in face；Communicated with the TSR in the virtual machine in the bottom-layer network resource by using the interface Mode the deployment information determined according to the function configured information is passed to the virtual machine, to indicate the deploying virtual machine The SF includes：The deployment information is passed to described by the mode communicated with the TSR by using the interface Virtual machine, to indicate that the virtual machine will include in the function configured information for disposing the parameter configuration of SF to the virtuality On machine.

Alternatively, the SF is load balancing, and the resource indication information includes：First management net network protocol IP address, The IP address of the first business subnet and the first routing iinformation, the function configured information include Load Balancing Protocol information, described negative The information about firms of resource pool, load-balancing algorithm information in a balanced way is carried, wherein, by the interface by the resource indication information The Forwarding plane is passed to, to indicate that the Forwarding plane will include in the resource indication information for creating the bottom The parameter of Internet resources is loaded on the virtual machine in the Forwarding plane to be included：By the interface by the resource indication information The Forwarding plane is passed to, is operated with indicating that Forwarding plane execution is following：By the first virtual machine in the Forwarding plane The described first management net IP address, the IP by first virtual machine on business subnet are configured to online IP address is managed Address configuration is the first business subnet of ip address and the routing iinformation of first virtual machine is configured to the first via by believing Breath；The deployment information is passed to the virtual machine by the mode communicated with the TSR by using the interface, Included to the virtual machine for disposing the parameter configuration of SF with indicating that the virtual machine will include in the function configured information： Load balancing configuration file is created according to the function configured information；Communicated with the TSR by using the interface Mode the load balancing configuration file is passed to first virtual machine, to indicate that first virtual machine executes following behaviour Make：By the protocol configuration of first virtual machine be the corresponding agreement of the Load Balancing Protocol information, by first virtual machine Member's resource pool for being configured to the load balancing the corresponding member of information about firms, by the algorithm configuration of first virtual machine For the corresponding algorithm of the load-balancing algorithm information.

Alternatively, the SF is fire wall, and the resource indication information includes：Second management net network protocol IP address, the The IP address and secondary route information of two business subnets, the function configured information include firewall rule and policy information, wherein, The resource indication information is passed to by the Forwarding plane by the interface, to indicate that the resource refers to by the Forwarding plane Showing that the parameter for creating the bottom-layer network resource included in information is loaded on the virtual machine in the Forwarding plane includes： By the resource indication information being passed to the Forwarding plane with the interface, grasped with indicating that Forwarding plane execution is following Make：The second virtual machine in the Forwarding plane is configured to the described second management net IP address, incites somebody to action in the online IP address of management IP address of second virtual machine on business subnet is configured to the second business subnet of ip address and by second virtual machine Routing iinformation be configured to the secondary route information；The mode communicated with the TSR by using the interface will The deployment information passes to the virtual machine, to indicate that the virtual machine will include in the function configured information for disposing The parameter configuration of SF includes on the virtual machine：Firewall configuration file is created according to the function configured information；By using The firewall configuration file is passed to second virtual machine by the mode communicated with the TSR by the interface, with Indicate that the rule of second virtual machine and strategy are configured to the firewall rule by second virtual machine corresponding with policy information Rule and strategy.

Alternatively, the SF is virtual private network VPN, and the resource indication information includes：3rd management net procotol IP Address, the 3rd business subnet of ip address and the 3rd routing iinformation, the function configured information include IKE ike policy, The resource indication information wherein, is passed to by IP layer security protocol IPSec strategy, IPSec site information by the interface The Forwarding plane, is provided for creating the bottom-layer network with indicating that the Forwarding plane will include in the resource indication information The parameter in source is loaded on the virtual machine in the Forwarding plane to be included：The resource indication information is passed to by the interface The Forwarding plane, is operated with indicating that Forwarding plane execution is following：By the 3rd virtual machine in the Forwarding plane in management Online IP address is configured to the described 3rd management net IP address, the IP address by the 3rd virtual machine on business subnet and joins It is set to the 3rd business subnet of ip address and the routing iinformation of the 3rd virtual machine is configured to the 3rd routing iinformation；Logical Cross the mode communicated with the TSR using the interface and the deployment information is passed to the virtual machine, to indicate The virtual machine will include in the function configured information to be included to the virtual machine for disposing the parameter configuration of SF：According to The function configured information creates VPN configuration file；The mode communicated with the TSR by using the interface will The VPN configuration file passes to the 3rd virtual machine, is operated with indicating that the 3rd virtual machine execution is following：By described The protocol strategy of three virtual machines is configured to the IKE ike policy and IP layer security protocol IPSec strategy, incites somebody to action The site configuration of the 3rd virtual machine is the corresponding website of the IPSec site information.

Alternatively, the SF is protected for network element WEB, and the resource indication information includes：4th management net procotol IP ground Location, the 4th business subnet of ip address and the 4th routing iinformation, the function configured information include that WEB prevention policies and needs are prevented The resource indication information wherein, is passed to described by the WEB application server of shield or data center information by the interface Forwarding plane, to indicate that the Forwarding plane will include in the resource indication information for creating the bottom-layer network resource Parameter is loaded on the virtual machine in the Forwarding plane to be included：The resource indication information is passed to by the interface described Forwarding plane, is operated with indicating that Forwarding plane execution is following：The 4th virtual machine in the Forwarding plane is online in management IP address be configured to the described 4th management net IP address, the IP address by the 4th virtual machine on business subnet and be configured to The 4th business subnet of ip address and the routing iinformation of the 4th virtual machine is configured to the 4th routing iinformation；By profit The deployment information is passed to the virtual machine by the mode communicated with the TSR with the interface, described to indicate Virtual machine will include in the function configured information to be included to the virtual machine for disposing the parameter configuration of SF：According to described Function configured information creates WEB protection configuration file；The mode communicated with the TSR by using the interface will The WEB protection configuration file passes to the 4th virtual machine, is operated with indicating that the 4th virtual machine execution is following：By institute State the rule of the 4th virtual machine and strategy be configured to the WEB prevention policies and rule, by the server of the 4th virtual machine or Data center configuration is the WEB application server for needing protection or the corresponding server of data center information or data center.

Alternatively, the predetermined network function virtualization NFV information of the acquisition includes：Receive the NFV of application plane transmission Information.

Alternatively, the predetermined network function virtualization NFV information of the acquisition includes：Receive the NFV of control plane transmission Information, wherein, the NFV information is that application plane passes to the control plane.

Alternatively, the bottom-layer network resource is being created and described according to the resource indication information and the function configured information After disposing the SF in bottom-layer network resource, also include：The NFV information after updating is obtained, wherein, after the renewal NFV information includes the resource indication information after renewal and/or the function configured information after renewal；According to the resource after described renewal Function configured information after configured information and/or renewal updates the SF of the bottom-layer network resource and deployment for creating.

Alternatively, the bottom for creating is updated according to the resource indication information after described renewal and/or the function configured information after renewal The SF of layer network resource and deployment includes：According to the resource indication information change after described renewal, increase or delete establishment The bottom-layer network resource；And/or, according to the SF of the change of function configured information, increase or deletion deployment after described renewal.

Alternatively, the bottom-layer network resource is being created and described according to the resource indication information and the function configured information After disposing the SF in bottom-layer network resource, also include：The Forwarding plane is by institute after the bottom-layer network resource has been created The information reporting of bottom-layer network resource is stated to control plane；And/or, the Forwarding plane after the SF has been disposed, by deployment The information reporting of the SF is to control plane.

According to a further aspect in the invention, there is provided a kind of deployment device of business function SF, including：First acquisition module, uses NFV information is virtualized in predetermined network function is obtained, wherein, the NFV information is included for indicating to set up network function The resource indication information of required bottom-layer network resource, and for indicating the business function SF disposed in the bottom-layer network resource Function configured information；Processing module, for creating the bottom according to the resource indication information and the function configured information Internet resources simultaneously dispose the SF in the bottom-layer network resource.

Alternatively, the processing module includes：First transfer unit, for by the interface between Forwarding plane by the money Source configured information passes to the Forwarding plane, flat in the forwarding according to the resource indication information to indicate the Forwarding plane The bottom-layer network resource is created on face；Second transfer unit, for by using in the interface and the bottom-layer network resource Virtual machine in the mode that communicated of TSR the deployment information determined according to the function configured information is passed to described in Virtual machine, to indicate SF described in the deploying virtual machine.

Alternatively, first transfer unit includes：First transmission subelement, for being indicated the resource by the interface Information transmission gives the Forwarding plane, described for creating to indicate that the Forwarding plane will include in the resource indication information On virtual machine of the parameter configuration of bottom-layer network resource in the Forwarding plane；Second transfer unit includes：Second transmission The deployment information is passed to described by subelement, the mode for being communicated with the TSR by using the interface Virtual machine, to indicate that the virtual machine will include in the function configured information for disposing the parameter configuration of SF to the virtuality On machine.

Alternatively, the SF is load balancing, and the resource indication information includes：First management net network protocol IP address, The IP address of the first business subnet and the first routing iinformation, the function configured information include Load Balancing Protocol information, described negative The information about firms of resource pool, load-balancing algorithm information in a balanced way is carried, wherein, the first transmission subelement is in the following way Indicate that the Forwarding plane configures the bottom-layer network resource：The resource indication information is passed to by described turning by the interface Plane is sent out, is operated with indicating that Forwarding plane execution is following：The first virtual machine in the Forwarding plane is online in management IP address be configured to the described first management net IP address, IP address by first virtual machine on business subnet be configured to described First business subnet of ip address and the routing iinformation of first virtual machine is configured to first routing iinformation；Described second passes Pass subelement and indicate SF described in the deploying virtual machine in the following way：Load balancing is created according to the function configured information to join Put file；The load balancing configuration file is passed to by the mode communicated with the TSR by using the interface First virtual machine, is operated with indicating that first virtual machine execution is following：The protocol configuration of first virtual machine is institute State the corresponding agreement of Load Balancing Protocol information, the member of first virtual machine is configured to the resource pool of the load balancing The corresponding member of information about firms, the algorithm configuration of first virtual machine is the corresponding algorithm of the load-balancing algorithm information.

Alternatively, the SF is fire wall, and the resource indication information includes：Second management net network protocol IP address, the The IP address and secondary route information of two business subnets, the function configured information include firewall rule and policy information, wherein, The first transmission subelement indicates that the Forwarding plane configures the bottom-layer network resource in the following way：By connecing with described The resource indication information is passed to the Forwarding plane by mouth, is operated with indicating that Forwarding plane execution is following：By described turn Send out the second virtual machine in plane manage online IP address be configured to the described second management net IP address, will the described second virtuality IP address of the machine on business subnet is configured to the second business subnet of ip address and joins the routing iinformation of second virtual machine It is set to the secondary route information；The second transmission subelement indicates SF described in the deploying virtual machine in the following way：Root Firewall configuration file is created according to the function configured information；By using the side communicated with the TSR by the interface The firewall configuration file is passed to second virtual machine by formula, to indicate second virtual machine by second virtual machine Rule and strategy is configured to the firewall rule and policy information is corresponding regular and tactful.

Alternatively, the SF is virtual private network VPN, and the resource indication information includes：3rd management net procotol IP Address, the 3rd business subnet of ip address and the 3rd routing iinformation, the function configured information include IKE ike policy, IP layer security protocol IPSec strategy, IPSec site information, wherein, the first transmission subelement indicates institute in the following way State Forwarding plane and configure the bottom-layer network resource：The resource indication information is passed to by the Forwarding plane by the interface, Operated with indicating that the Forwarding plane execution is following：The 3rd virtual machine in the Forwarding plane is joined in the online IP address of management It is set to the described 3rd management net IP address, the IP address by the 3rd virtual machine on business subnet and is configured to the 3rd business Subnet of ip address and the routing iinformation of the 3rd virtual machine is configured to the 3rd routing iinformation；The second transmission subelement The deploying virtual machine described in SF is indicated in the following way：VPN configuration file is created according to the function configured information；Pass through The VPN configuration file is passed to the 3rd virtual machine by the mode communicated with the TSR using the interface, Operated with indicating that the 3rd virtual machine execution is following：The protocol strategy of the 3rd virtual machine is configured to the key and exchanges association Discuss ike policy and IP layer security protocol IPSec strategy, be the IPSec station by the site configuration of the 3rd virtual machine The corresponding website of point information.

Alternatively, the SF is protected for network element WEB, and the resource indication information includes：4th management net procotol IP ground Location, the 4th business subnet of ip address and the 4th routing iinformation, the function configured information include that WEB prevention policies and needs are prevented The WEB application server of shield or data center information, wherein, the first transmission subelement indicates described turning in the following way Send out bottom-layer network resource described in planar configuration：The resource indication information is passed to by the Forwarding plane by the interface, with Indicate that the Forwarding plane executes following operation：The 4th virtual machine in the Forwarding plane is being managed online IP address configuration The 4th business is configured to for the described 4th management net IP address, the IP address by the 4th virtual machine on business subnet Net IP address and the routing iinformation of the 4th virtual machine is configured to the 4th routing iinformation；The second transmission subelement leads to Cross following manner and indicate SF described in the deploying virtual machine：WEB is created according to the function configured information and protects configuration file； WEB protection configuration file is passed to described the by the mode communicated with the TSR by using the interface Four virtual machines, are operated with indicating that the 4th virtual machine execution is following：The rule of the 4th virtual machine and strategy are configured to institute State WEB prevention policies and rule, be the WEB for needing protection by the server of the 4th virtual machine or data center configuration Application server or the corresponding server of data center information or data center.

Alternatively, first acquisition module includes：First receiving unit, for receiving the NFV letter of application plane transmission Breath.

Alternatively, first acquisition module includes：Second receiving unit, for receiving the NFV letter of control plane transmission Breath, wherein, the NFV information is that application plane passes to the control plane.

Alternatively, described device also includes：Second acquisition module, for referring to according to the resource indication information and the function After showing bottom-layer network resource described in information creating and the SF being disposed in the bottom-layer network resource, obtain the NFV after updating Information, wherein, the function after the NFV information after the renewal includes the resource indication information after renewal and/or updates indicates letter Breath；Update module, for updating establishment according to the resource indication information after described renewal and/or the function configured information after renewal The bottom-layer network resource and the SF of deployment.

Alternatively, the update module includes：First updating block, for being changed according to the resource indication information after described renewal, Increase or delete the bottom-layer network resource for creating；And/or, the second updating block, for referring to according to the function after described renewal Show information change, increase or delete the SF of deployment.

Alternatively, described device also includes：First reporting module, is applied in Forwarding plane, for creating the bottom By the information reporting of the bottom-layer network resource to control plane after Internet resources；And/or, the second reporting module, it is applied to forward In plane, for after the SF has been disposed, by the information reporting of the SF of deployment to control plane.

By the present invention, NFV information is virtualized using predetermined network function is obtained, wherein, the NFV information includes to use In the resource indication information of the bottom-layer network resource for indicating to set up needed for network function, and for indicating in the bottom-layer network resource The function configured information of the business function SF of upper deployment；According to the resource indication information and the function configured information are created Bottom-layer network resource simultaneously disposes the SF in the bottom-layer network resource.Solving present in correlation technique needs manual intervention Bottom-layer network resource and deployment SF is created, is ossify so as to cause to create bottom-layer network resource and dispose SF, it is impossible to flexibly adjust Whole bottom-layer network resource and the problem of SF, and then reached the effect that bottom-layer network resource and SF is adjusted flexibly.

Description of the drawings

Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes the part of the application, and the present invention shows Meaning property embodiment and its illustrated for explaining the present invention, does not constitute inappropriate limitation of the present invention.In the accompanying drawings：

Fig. 1 is the flow chart of the dispositions method of business function SF according to embodiments of the present invention；

Fig. 2 is the structured flowchart of the deployment device of business function SF according to embodiments of the present invention；

Fig. 3 is the structured flowchart for disposing processing module 24 in device of business function SF according to embodiments of the present invention；

Fig. 4 be business function SF according to embodiments of the present invention deployment device in the first transfer unit 32 and the second transfer unit 34 structured flowchart；

Fig. 5 is the structured flowchart one for disposing the first acquisition module 22 in device of business function SF according to embodiments of the present invention；

Fig. 6 is the structured flowchart two for disposing the first acquisition module 22 in device of business function SF according to embodiments of the present invention；

Fig. 7 is the preferred structure block diagram of the deployment device of business function SF according to embodiments of the present invention；

Fig. 8 is the structured flowchart for disposing update module 74 in device of business function SF according to embodiments of the present invention；

Fig. 9 is SDN configuration diagram according to embodiments of the present invention；

Figure 10 is planning according to embodiments of the present invention the method flow diagram one for disposing SFC；

Figure 11 is planning according to embodiments of the present invention the method flow diagram two for disposing SFC；

Figure 12 is the schematic diagram of the SFC comprising load balancing node according to embodiments of the present invention；

Figure 13 is the schematic diagram of the SFC comprising fire wall according to embodiments of the present invention.

Specific embodiment

Below with reference to accompanying drawing and in conjunction with the embodiments describing the present invention in detail.It should be noted that in the case of not conflicting, The feature in embodiment and embodiment in the application can be mutually combined.

It should be noted that description and claims of this specification and the term " first " in above-mentioned accompanying drawing, " second " etc. are to use In the similar object of difference, without for describing specific order or precedence.Meanwhile, it should be noted that at this " application plane " in bright specification and claims and accompanying drawing can be that one group of logic being made up of software and/or hardware should With function, the Logic application function can be realized by application apparatus, similarly, " control plane " can be by software and/or hardware The one group of logic control function of constituting, the logic control function can be realized by control device, " Forwarding plane " can be by software And/or one group of logical forwarding function that hardware is constituted, the logical forwarding function can be realized by forwarding unit.

A kind of dispositions method of business function SF is provided in the present embodiment, Fig. 1 is business function according to embodiments of the present invention The flow chart of the dispositions method of SF, as shown in figure 1, the flow process comprises the steps：

Step S102, obtains predetermined network function virtualization NFV information, and wherein, the NFV information is included for indicating to build The resource indication information of the bottom-layer network resource needed for vertical network function, and for indicating the industry that disposes in the bottom-layer network resource The function configured information of business function SF；

Step S104, creates bottom-layer network resource and in the bottom-layer network money according to above-mentioned resource indication information and function configured information SF is disposed on source.

Wherein, execute aforesaid operations can be resource management system, can be in the case of without the need for manual intervention, by resource pipe Reason system completes the deployment of bottom-layer network resource and the deployment of SF, needs manual intervention to create so as to solve present in correlation technique Bottom-layer network resource and deployment SF is built, is ossify so as to cause to create bottom-layer network resource and dispose SF, it is impossible to be adjusted flexibly Bottom-layer network resource and the problem of SF, and then reached the effect that bottom-layer network resource and SF is adjusted flexibly.

In an optional embodiment, above-mentioned bottom-layer network resource is created according to above-mentioned resource indication information and function configured information And deployment SF includes in bottom-layer network resource：Resource indication information is passed to by forwarding by the interface between Forwarding plane flat Face, to indicate that the Forwarding plane creates bottom-layer network resource according to above-mentioned resource indication information on Forwarding plane；By using upper Stating mode that interface communicated with the TSR in the virtual machine in bottom-layer network resource will be true according to above-mentioned functions configured information Fixed deployment information passes to virtual machine, to indicate deploying virtual machine SF.By above-described embodiment, it is possible to use Forwarding plane reality The existing establishment of bottom-layer network resource and the deployment of SF, so as to without the need for manual intervention, improve the adjustment of bottom-layer network resource and SF Flexibility ratio.

Create above-mentioned bottom-layer network resource and in bottom-layer network resource dispose SF mode have multiple, in an optional embodiment In, the establishment of bottom-layer network resource and the deployment of SF can be carried out by way of configuration parameter, below which is illustrated：

Resource indication information is passed to by forwarding by the interface for disposing between bottom-layer network resource and the Forwarding plane of SF flat Face, is included with indicating that the Forwarding plane creates bottom-layer network resource according to resource indication information on Forwarding plane：Connect by above-mentioned Mouthful resource indication information is passed to Forwarding plane, to indicate that Forwarding plane will include in resource indication information for creating bottom On virtual machine of the parameter configuration of Internet resources in Forwarding plane；By using the virtuality in above-mentioned interface and bottom-layer network resource The deployment information determined according to function configured information is passed to virtual machine by the mode communicated by the TSR in machine, to indicate Deploying virtual machine SF includes：Deployment information is passed to virtual machine by the mode communicated with TSR by using interface, To indicate the virtual machine by the parameter configuration for disposing SF included in function configured information to virtual machine.

Above-mentioned create bottom-layer network resource and the scheme of deployment SF is can apply in several scenes, and concrete scene is as follows：

In an optional embodiment, above-mentioned SF can be load balancing, and above-mentioned resource indication information includes：First management net Network protocol IP address, the IP address of the first business subnet and the first routing iinformation, the function configured information include that load balancing is assisted Resource wherein, is referred to by view information, the information about firms of the resource pool of load balancing, load-balancing algorithm information by above-mentioned interface Show information transmission to Forwarding plane, to indicate that the Forwarding plane will include in resource indication information for creating bottom-layer network resource Parameter be loaded on the virtual machine in above-mentioned Forwarding plane and include：Resource indication information is passed to by forwarding by above-mentioned interface flat Face, to indicate the following operation of Forwarding plane execution：The first virtual machine in Forwarding plane is being managed online IP address configuration For the first management net IP address, IP address by the first virtual machine on business subnet be configured to the first business subnet of ip address and The routing iinformation of the first virtual machine is configured to the first routing iinformation；By using the side communicated with TSR by above-mentioned interface Deployment information is passed to virtual machine by formula, to indicate that the parameter for disposing SF included in function configured information joined by the virtual machine Putting on virtual machine includes：Load balancing configuration file is created according to function configured information；By using above-mentioned interface and resident journey Load balancing configuration file is passed to the first virtual machine by the mode communicated by sequence, is operated with indicating that the execution of the first virtual machine is following： The protocol configuration of the first virtual machine is the corresponding agreement of Load Balancing Protocol information, the member of the first virtual machine is configured to load In a balanced way the corresponding member of the information about firms of resource pool, by the algorithm configuration of the first virtual machine be load-balancing algorithm information corresponding Algorithm.

In another optional embodiment, above-mentioned SF can be fire wall, and above-mentioned resource indication information includes：Second management net Network protocol IP address, the IP address of the second business subnet and secondary route information, above-mentioned functions configured information include that fire wall is advised Then and policy information, wherein, resource indication information is passed to by Forwarding plane by above-mentioned interface, to indicate that Forwarding plane will provide The parameter for creating bottom-layer network resource included in the configured information of source is loaded on the virtual machine in Forwarding plane and includes：Pass through Resource indication information is passed to Forwarding plane with above-mentioned interface, operated with indicating that Forwarding plane execution is following：By in Forwarding plane The second virtual machine manage online IP address be configured to the second management net IP address, by the second virtual machine on business subnet IP address is configured to the second business subnet of ip address and the routing iinformation of the second virtual machine is configured to secondary route information；By profit Deployment information is passed to virtual machine by the mode communicated with TSR with above-mentioned interface, to indicate that function indicates by virtual machine Included in information includes to virtual machine for disposing the parameter configuration of SF：Fire wall is created according to above-mentioned functions configured information to join Put file；Firewall configuration file is passed to the second virtual machine by the mode communicated with TSR by using above-mentioned interface, With indicate second virtual machine by the rule of the second virtual machine and strategy be configured to firewall rule and policy information corresponding rule and Strategy.

In another optional embodiment, above-mentioned SF is virtual private network VPN, and above-mentioned resource indication information includes：3rd Management net network protocol IP address, the 3rd business subnet of ip address and the 3rd routing iinformation, above-mentioned functions configured information include key Resource wherein, is referred to by exchange agreement ike policy, IP layer security protocol IPSec strategy, IPSec site information by the interface Show information transmission to Forwarding plane, to indicate that Forwarding plane will include in resource indication information for creating bottom-layer network resource Parameter is loaded on the virtual machine in Forwarding plane to be included：Resource indication information is passed to by Forwarding plane by interface, to indicate Forwarding plane executes following operation：The 3rd virtual machine in Forwarding plane is configured to the 3rd management net in the online IP address of management IP address, the IP address by the 3rd virtual machine on business subnet are configured to the 3rd business subnet of ip address and by the 3rd virtual machine Routing iinformation is configured to the 3rd routing iinformation；Deployment information is passed by the mode communicated with TSR by using above-mentioned interface Virtual machine is passed, is included to virtual machine for disposing the parameter configuration of SF with indicating that virtual machine will include in function configured information： VPN configuration file is created according to above-mentioned functions configured information；The mode communicated with TSR by using above-mentioned interface will VPN configuration file passes to the 3rd virtual machine, is operated with indicating that the execution of the 3rd virtual machine is following：Agreement by the 3rd virtual machine Strategy is configured to IKE ike policy and IP layer security protocol IPSec strategy, by the site configuration of the 3rd virtual machine is The corresponding website of IPSec site information.

In another optional embodiment, above-mentioned SF is protected for network element WEB, and above-mentioned resource indication information includes：4th pipe Reason net network protocol IP address, the 4th business subnet of ip address and the 4th routing iinformation, above-mentioned functions configured information include WEB Resource wherein, is indicated letter by above-mentioned interface by prevention policies and the WEB application server for needing to protect or data center information Breath passes to Forwarding plane, to indicate Forwarding plane by the parameter for creating bottom-layer network resource included in resource indication information Being loaded on the virtual machine in Forwarding plane includes：Resource indication information is passed to by Forwarding plane by interface, to indicate to forward Plane executes following operation：The 4th virtual machine in above-mentioned Forwarding plane is configured to the 4th management net in the online IP address of management IP address, the IP address by the 4th virtual machine on business subnet are configured to the 4th business subnet of ip address and by the 4th virtual machine Routing iinformation is configured to the 4th routing iinformation；Deployment information is passed by the mode communicated with TSR by using above-mentioned interface Virtual machine is passed, is included to virtual machine for disposing the parameter configuration of SF with indicating that virtual machine will include in function configured information： WEB is created according to above-mentioned functions configured information and protects configuration file；By using the side communicated with TSR by above-mentioned interface WEB protection configuration file is passed to the 4th virtual machine by formula, is operated with indicating that the execution of the 4th virtual machine is following：Virtual by the 4th The rule of machine and strategy are configured to above-mentioned WEB prevention policies and rule, by the server of the 4th virtual machine or data center configuration are Need WEB application server or the corresponding server of data center information or the data center of protection.

For the embodiment under four above-mentioned scenes, will be described in more detail in embodiment described later.

The mode of above-mentioned acquisition NFV information can be multiple, in an optional embodiment, above-mentioned acquisition NFV information Including：Receive the NFV information of application plane transmission.

In another optional embodiment, above-mentioned acquisition NFV information includes：Receive the above-mentioned NFV transmitted in control plane Information, wherein, the NFV information is that application plane passes to above-mentioned control plane.

In an optional embodiment, bottom-layer network resource is being created and upper according to resource indication information and function configured information State in bottom-layer network resource after deployment SF, also include：Obtain the NFV information after updating, wherein, NFV after above-mentioned renewal Information includes the resource indication information after renewal and/or the function configured information after renewal；According to the resource indication information after renewal And/or the function configured information after updating updates the SF of the bottom-layer network resource and deployment for creating.

In an optional embodiment, according to the function configured information after the resource indication information after above-mentioned renewal and/or renewal more The SF of the new bottom-layer network resource for creating and deployment includes：According to the resource indication information change after above-mentioned renewal, increase or deletion The bottom-layer network resource of establishment；And/or, according to the SF of the change of function configured information, increase or deletion deployment after renewal.

In an optional embodiment, bottom-layer network resource is being created simultaneously according to above-mentioned resource indication information and function configured information After SF being disposed in the bottom-layer network resource, also include：Forwarding plane is by underlying network after above-mentioned bottom-layer network resource has been created The information reporting of network resource is to control plane；And/or, Forwarding plane after above-mentioned SF has been disposed, by deployment SF information on Offer control plane.So that control plane is it can be found that and management the bottom-layer network resource for creating and the SF for disposing.

Through the above description of the embodiments, those skilled in the art can be understood that the side according to above-described embodiment Method can add the mode of required general hardware platform by software to realize, naturally it is also possible to by hardware, but in many cases before Person is more preferably embodiment.Based on such understanding, technical scheme substantially makes tribute to prior art in other words The part that offers can be embodied in the form of software product, and the computer software product is stored in a storage medium (such as ROM/RAM, magnetic disc, CD) in, use so that a station terminal equipment including some instructions (can be mobile phone, computer, Server, or the network equipment etc.) execute method described in each embodiment of the present invention.

A kind of creating device of business function SF is additionally provided in the present embodiment, and the device is used for realizing above-described embodiment and preferably Embodiment, had carried out repeating no more for explanation.As used below, term " module " can realize predetermined function Software and/or hardware combination.Device although described by following examples is preferably realized with software, but hardware, or The realization of the combination of person's software and hardware is also may and be contemplated.

Fig. 2 is the structured flowchart of the deployment device of business function SF according to embodiments of the present invention, as shown in Fig. 2 the device bag The first acquisition module 22 and processing module 24 is included, below the device is illustrated.

First acquisition module 22, for obtaining predetermined network function virtualization NFV information, wherein, the NFV information includes For indicating the resource indication information of the bottom-layer network resource that sets up needed for network function, and for indicating in bottom-layer network resource The function configured information of the business function SF of deployment；Processing module 24, is connected to above-mentioned first acquisition module 22, for basis Above-mentioned resource indication information and function configured information create bottom-layer network resource and dispose SF in bottom-layer network resource.

Fig. 3 is the structured flowchart for disposing processing module 24 in device of business function SF according to embodiments of the present invention, such as Fig. 3 Shown, the processing module 24 includes the first transfer unit 32 and the second transfer unit 34, below the processing module 24 is said Bright.

First transfer unit 32, for resource indication information being passed to Forwarding plane by the interface between Forwarding plane, with Indicate that Forwarding plane creates bottom-layer network resource according to above-mentioned resource indication information on above-mentioned Forwarding plane；Second transfer unit 34, Above-mentioned first transfer unit 32 is connected to, for by using the resident journey in the virtual machine in above-mentioned interface and bottom-layer network resource The deployment information determined according to above-mentioned functions configured information is passed to virtual machine by the mode communicated by sequence, to indicate virtual machine portion Administration SF.

Fig. 4 be business function SF according to embodiments of the present invention deployment device in the first transfer unit 32 and the second transfer unit 34 structured flowchart, as shown in figure 4, first transfer unit 32 includes the first transmission subelement 42, second transfer unit 34 include the second transmission subelement 44, below the first transmission subelement 42 and the second transmission subelement 44 are illustrated.

First transmission subelement 42, for resource indication information being passed to Forwarding plane by above-mentioned interface, to indicate the forwarding Virtual machine of the plane by the parameter configuration for creating bottom-layer network resource included in resource indication information in Forwarding plane.

Deployment information is transmitted by the second transmission subelement 44, the mode for being communicated with TSR by using above-mentioned interface To virtual machine, to indicate the virtual machine by the parameter configuration for disposing SF included in function configured information to virtual machine.

In an optional embodiment, above-mentioned SF can be load balancing, and above-mentioned resource is that information can include：The One management net network protocol IP address, the IP address of the first business subnet and the first routing iinformation, above-mentioned function configured information can To include Load Balancing Protocol information, the information about firms of the resource pool of load balancing, load-balancing algorithm information, wherein, above-mentioned First transmission subelement 42 can indicate in the following way Forwarding plane configuration bottom-layer network resource：To be provided by above-mentioned interface Source configured information passes to Forwarding plane, to indicate the following operation of Forwarding plane execution：By the first virtual machine in Forwarding plane The first management net IP address, the IP address configuration by the first virtual machine on business subnet are configured to online IP address is managed The first routing iinformation is configured to for the first business subnet of ip address and by the routing iinformation of the first virtual machine；Above-mentioned second transmission is single Unit 44 can indicate deploying virtual machine SF in the following way：Load balancing configuration file is created according to function configured information；Pass through Load balancing configuration file is passed to the first virtual machine by the mode communicated with TSR using above-mentioned interface, to indicate One virtual machine executes following operation：By the protocol configuration of the first virtual machine be the corresponding agreement of Load Balancing Protocol information, by first The member of virtual machine is configured to the corresponding member of information about firms of the resource pool of load balancing, by the algorithm configuration of the first virtual machine is The corresponding algorithm of load-balancing algorithm information.

In another optional embodiment, above-mentioned SF can be fire wall, and above-mentioned resource indication information can include：Second pipe Reason net network protocol IP address, the IP address of the second business subnet and secondary route information, above-mentioned functions configured information can include Firewall rule and policy information, wherein, the first above-mentioned transmission subelement 42 can indicate that Forwarding plane is joined in the following way Bottom set layer network resource：By resource indication information being passed to Forwarding plane with above-mentioned interface, with indicate Forwarding plane execute with Lower operation：By the second virtual machine in Forwarding plane manage online IP address be configured to the second management net IP address, by second IP address of the virtual machine on business subnet is configured to the second business subnet of ip address and is configured to the routing iinformation of the second virtual machine Secondary route information；Above-mentioned second transmission subelement 44 can indicate deploying virtual machine SF in the following way：According to above-mentioned functions Configured information creates firewall configuration file；The mode communicated with TSR by using above-mentioned interface is by firewall configuration File passes to the second virtual machine, to indicate that the rule of the second virtual machine and strategy be configured to firewall rule by second virtual machine Corresponding with policy information regular and tactful.

In another optional embodiment, above-mentioned SF is virtual private network VPN, and above-mentioned resource indication information includes：3rd Management net network protocol IP address, the 3rd business subnet of ip address and the 3rd routing iinformation, above-mentioned functions configured information include key Exchange agreement ike policy, IP layer security protocol IPSec strategy, IPSec site information, wherein, the first above-mentioned transmission is single Unit 42 can indicate Forwarding plane configuration bottom-layer network resource in the following way：Resource indication information is passed to by interface and turn Plane is sent out, is operated with indicating that Forwarding plane execution is following：The 3rd virtual machine in Forwarding plane is joined in the online IP address of management It is set to the 3rd management net IP address, the IP address by the 3rd virtual machine on business subnet and is configured to the 3rd business subnet of ip address The 3rd routing iinformation is configured to by the routing iinformation of the 3rd virtual machine；Above-mentioned second transmission subelement 44 can be in the following way Indicate deploying virtual machine SF：VPN configuration file is created according to above-mentioned functions configured information；By using above-mentioned interface and resident journey VPN configuration file is passed to the 3rd virtual machine by the mode communicated by sequence, is operated with indicating that the execution of the 3rd virtual machine is following： The protocol strategy of the 3rd virtual machine is configured to IKE ike policy and IP layer security protocol IPSec strategy, by the 3rd The site configuration of virtual machine is the corresponding website of IPSec site information.

In another optional embodiment, above-mentioned SF is protected for network element WEB, and above-mentioned resource indication information includes：4th pipe Reason net network protocol IP address, the 4th business subnet of ip address and the 4th routing iinformation, above-mentioned functions configured information include WEB Prevention policies and WEB application server or the data center information of protection is needed, wherein, above-mentioned first transmission subelement 42 Forwarding plane configuration bottom-layer network resource is indicated in the following way can：Resource indication information is passed to by forwarding by interface flat Face, is operated with indicating that Forwarding plane execution is following：The 4th virtual machine in above-mentioned Forwarding plane is joined in the online IP address of management It is set to the 4th management net IP address, the IP address by the 4th virtual machine on business subnet and is configured to the 4th business subnet of ip address The 4th routing iinformation is configured to by the routing iinformation of the 4th virtual machine；Above-mentioned second transmission subelement 44 can be in the following way Indicate deploying virtual machine SF：WEB is created according to above-mentioned functions configured information and protects configuration file；By using above-mentioned interface with WEB protection configuration file is passed to the 4th virtual machine by the mode communicated by TSR, to indicate the execution of the 4th virtual machine Hereinafter operate：The rule of the 4th virtual machine and strategy are configured to above-mentioned WEB prevention policies and rule, by the clothes of the 4th virtual machine Business device or data center configuration be need protection WEB application server or the corresponding server of data center information or data in The heart.

Fig. 5 is the structured flowchart one for disposing the first acquisition module 22 in device of business function section SF according to embodiments of the present invention, As shown in figure 5, first acquisition module 22 includes the first receiving unit 52, below first receiving unit 52 is illustrated.

First receiving unit 52, for receiving the above-mentioned NFV information of application plane transmission.

Fig. 6 is the structured flowchart two for disposing the first acquisition module 22 in device of business function SF according to embodiments of the present invention, As shown in fig. 6, first acquisition module 22 includes the second receiving unit 62, below second receiving unit 62 is illustrated.

Second receiving unit 62, for receiving the NFV information of control plane transmission, wherein, the NFV information is application plane Pass to control plane.

Fig. 7 is the preferred structure block diagram of the deployment device of business function SF according to embodiments of the present invention, as shown in fig. 7, the dress Put in addition to all modules shown in Fig. 2 are included, also include the second acquisition module 72 and update module 74, below the device is carried out Explanation.

Second acquisition module 72, is connected to above-mentioned processing module 24, for indicating letter according to above-mentioned resource indication information and function After breath creates bottom-layer network resource and SF disposed in the bottom-layer network resource, obtain the NFV information after updating, wherein, NFV information after the renewal includes the resource indication information after renewal and/or the function configured information after renewal；Update module 74, above-mentioned second acquisition module 72 is connected to, for referring to according to the function after the resource indication information after above-mentioned renewal and/or renewal Show information updating the bottom-layer network resource for creating and the SF for disposing.

Fig. 8 be business function SF according to embodiments of the present invention creating device in update module 74 structured flowchart, such as Fig. 8 Shown, the update module 74 includes the first updating block 82 and/or the second updating block 84, below the update module 74 is entered Row explanation.

First updating block 82, for the underlying network created according to resource indication information change, increase or the deletion after above-mentioned renewal Network resource；

Second updating block 84, for the SF according to the change of node configured information, increase or deletion deployment after above-mentioned renewal.

Method and apparatus in the above embodiments can be applied in resource management system.

In an optional embodiment, the creating device of above-mentioned business function SF can also be included in the first reporting module and/the second Report module, first reporting module and second reporting module can be applied in Forwarding plane, below device is illustrated： First reporting module, is applied in Forwarding plane, for by the information of bottom-layer network resource after bottom-layer network resource has been created Offer control plane；Second reporting module, is applied in Forwarding plane, for after SF has been disposed, by the letter of the SF of deployment Breath reports control plane.

Scheme in the embodiment of the present invention with respect to technical scheme present in correlation technique advantageously, in the related, SDN In network, planning SFC needs first to create bottom-layer network resource, disposes SF on existing Internet resources, then plans SFC.This Kind " first resource, afterwards planning " mode cause SFC can not according to the variation of practical business demand, self-defined SF and automation wound Internet resources needed for building so that the deployment of SFC is dumb, while also resulting in the waste of resource.And in the embodiment of the present invention, Support SDN self-defined including load balancing, fire wall, carrier class networks address conversion (Carrier according to the SFC that planned Grade Network Address Translation, referred to as CGN), IP operation identification with the work(such as control system DPI, router The SF of energy, automation in bottom-layer network create required Internet resources and dispose SF, and control plane is it can be found that newly create with management The SF for building.Using this " first define, rear resource " the mode feature that allows SFC possess flexible deployment in SDN, while Resource utilization is improve, reduces manual maintenance cost.

In embodiments of the present invention, using the SFC automation wound that resource management system is planning mainly in SDN framework The relevant information of the Internet resources needed for building and deployment SF, SF can be updated in SFC controller so that SFC controller can It was found that and the new SF for creating of management, the service application for applying plane uses.

Herein the technical scheme in above-described embodiment is described：

Fig. 9 is SDN configuration diagram according to embodiments of the present invention, as shown in figure 9, mainly include resource management system, Network management system and three aspects, three aspects are application plane in software defined network SDN framework, control plane and forwarding Plane.Wherein application plane is divided into the application (Application, referred to as APP) of miscellaneous service function；Control plane is by layout Device and controller composition；Data forwarding plane is made up of forwarding units such as flow classifier, SF and switches.Network management system is to protect The important module of barrier network reliability service, is responsible for detecting the running status of the Internet resources of Forwarding plane, fault diagnosis and Report to the police etc., and the state of network and control plane are interacted.Resource management system is responsible for the SFC of new planning and creates in Forwarding plane Establishing network resource and deployment SF.

Mainly include 5 interfaces in Fig. 9：A-CPI interface is used for applying plane to interact with control plane, and interaction content includes application Aspect is to establishment, modification and configuration of SFC etc.；B-CPI is used for applying the interaction of plane and resource management system, interaction content Relevant information including NFV；C-CPI is interacted with resource management system for control plane, and interaction content is the group for needing to create Build the SF information of SFC；D-CPI is used for control plane and supports the interacting of SF of SFC, finds for control plane, manages With configuration SF；E-CPI is used for interacting for resource management system and Forwarding plane, for resource management system in Forwarding plane establishment Internet resources, each interface position, as shown in Figure 9.

Triggering resource management system Internet resources and deployment SF scheme according to needed for the SFC of planning is created have two kinds：Scheme one, should Directly the relevant information of the NFV of planning is passed to resource management system by B-CPI interface with plane, and trigger resource management System is created required Internet resources and disposes SF, SF information in Forwarding plane by E-CPI interface and updated to control by D-CPI Plane processed；NFV relevant information is passed to control plane by A-CPI interface by scheme two, application plane, will by control plane Need the SF relevant information of the establishment SFC for creating explorer to be passed to by C-API interface, and trigger resource management system System is created required Internet resources and disposes SF, SF information in forwarding plane by E-CPI interface and updated to SFC by D-CPI Controller.

Figure 10 is planning according to embodiments of the present invention the method flow diagram for disposing SFC one (flow process is scheme one), such as schemes Shown in 10, the flow process comprises the steps：

The new service application of step 1. needs to be deployed to cloud platform, applies plane according to the demand planning SFC of service application, such as fixed The procotol (Internet Protocol, referred to as IP) of virtual machine specification (CPU, internal memory, image file etc.) processed, SF The parameter setting related to SF such as location, network, route, gateway, the SFC shown in analogy Figure 12.(corresponding in Figure 10 Step S1002)

The relevant information of NFV and SF is passed to resource management system, resource by B-CPI interface by step 2. application plane Internet resources of the management system according to needed for the relevant information of SFC is by E-CPI interface in Forwarding plane establishment, including routeing, Virtual machine (using the customized image file comprising modules such as TSRs), network etc..(corresponding to the step in Figure 10 S1004-1006)

The relevant information of the SF of definition is saved in control forwarding interface adaptation module by step 3. resource management system, then by controlling Agent in forwarding interface processed is communicated with the middle TSR of virtual machine, by the information transmission in virtual machine.TSR Deployment and configuration to SF function can be completed according to the information for receiving.(corresponding to step S1008-1010 in Figure 10)

Step 4. Forwarding plane updates the relevant information of NFV and its SF by D-CPI interface to SFC controller so that SFC Controller it can be found that and management SF, service application can use whole piece SFC.(corresponding to step S1012-1014 in Figure 10)

Figure 11 is planning according to embodiments of the present invention the method flow diagram for disposing SFC two (flow process is scheme two), such as schemes Shown in 11, the flow process comprises the steps：

The new service application of step 1. needs to be deployed to cloud platform, applies plane according to the demand planning SFC of service application, such as fixed Virtual machine specification (CPU, internal memory, image file etc.) processed, the IP address of SF, network, route, gateway etc. are related to SF Parameter setting, the SFC shown in analogy Figure 12, and it is flat that NFV the and SF relevant information is delivered to control by A-CPI interface Face.(corresponding to step S1102 in Figure 11)

The SF relevant information of the support SFC for needing to create is delivered to resource management by C-CPI interface by step 2. control plane System, Internet resources of the resource management system according to needed for the relevant information of SF is by E-CPI interface in Forwarding plane establishment, bag Include route, virtual machine (using the customized image file comprising modules such as TSRs), network etc..(corresponding to the step in Figure 11 Rapid S1104-1108)

Step 3. is with step 3 in scheme one.(corresponding to step S1110 in Figure 11)

Step 4. is with step 4 in scheme two.(corresponding to step S1112-1114 in Figure 11)

Below the embodiment under above-mentioned different scenes is described in detail：

Embodiment one

When above-mentioned SF is load balancing, according to SFC operational version one, dynamic creation load equalizer (Load Balancing, Referred to as LB)：

Figure 12 is the schematic diagram of the SFC comprising load balancing node according to embodiments of the present invention, as shown in figure 12, user Case one has the SF of load-balancing function according to SFC automatically dispose, is that backend services server provides load balancing.Load is all Weighing apparatus service is realized based on Nginx, but is not limited to Nginx, is all suitable for the present invention with high performance load balanced product.

According to the SFC of planning, it is as follows that automation creates the step of disposing load balancing SF to resource management system：

The service ability of the service application of step 1. application plane needs significantly to be lifted, and this proposes load balancing clothes to SDN The demand of business, it is desirable to build a load equalizer and provide load balancing to three service servers, it is of course also possible to build right The service server of other quantity provides the load equalizer of load balancing, in this embodiment it is that being taken to three business with building Illustrate as a example by the load equalizer of business device offer load balancing.

Step 2. application plane includes the SFC of load balancing SF according to service application demand planning, as shown in figure 12.In SFC The IP address of middle management net public can be 10.46.178.0/24, and the IP address of business subnet vxlan can be 192.168.100.0/24, the management net Floating IP address of load balancing SF can be 10.46.178.27, load balancing SF in business VIP in subnet can be 192.168.100.27, and it is possible to for IP address in business subnet be respectively 192.168.100.1, 192.168.100.2, three cloud main frames of 192.168.100.3 provide load balancing etc., under the scene, can in resource indication information To include IP address of the virtual machine in above-mentioned management net in Forwarding plane, the IP address in above-mentioned business subnet and route Information, can include Load Balancing Protocol information, the information about firms of the resource pool of load balancing, load all in function configured information Weighing apparatus algorithm information.

The relevant information of SFC is passed to resource management system, resource management system by B-CPI interface by step 3. application plane According to the SFC of application Floorplanning, the Internet resources needed for foundation step 2 are automated, public, vxlan is created including automation Network and router, are that load balancing SF automates establishing resource pond and active and standby virtual machine (using comprising TSR, Nginx Customizing virtual machine image file etc. module), and for its distribute Floating IP address and VTP (virtual terminal protocol, Referred to as VIP) address etc..That is, the virtual machine in Forwarding plane is configured in the online IP address of management using Forwarding plane The virtual machine that resource indication information in the present embodiment includes is managing online IP address, by virtual machine on business subnet IP address of the virtual machine that the resource indication information that IP address is configured in the present embodiment includes on business subnet, and by void The routing iinformation that the resource indication information that the routing iinformation of plan machine is configured in the present embodiment includes.Carry load balancing in vxlan SF and three cloud main frame, SF are that three cloud main frames provide load balancing.Whole process is all to call control to turn by resource management system Send out interface to complete, without the need for cloud management person's manual creation virtual machine and Configuration network.

Step 4. resource management system is according to the demand of load balancing SF in planned SFC, i.e. can be according to the present embodiment Function configured information automatically creates load balancing configuration file conf, and is led to TSR in virtual machine by controlling forwarding interface Letter, conf configuration file is passed to virtual machine, negative according to the information automatic deployment included in the function configured information of the present embodiment Carry balanced device (Nginx), configuration Protocol (Load Balancing Protocol), Member (resource pool member), Method (load Equalization algorithm) even load balance policy.

The SFC controller that SFC and all SF information are updated in control plane by step 5. Forwarding plane by D-API interface In so that the correlation SF such as load balancing can be had found by SFC controller and manage, it is also possible to allow SFC controller according to demand SFC is configured, the service application for applying plane is called.

Embodiment two

When above-mentioned SF is fire wall, according to SFC operational version one, dynamic creation fire wall strong (FireWall, referred to as FW)：

Figure 13 is the schematic diagram of the SFC comprising fire wall according to embodiments of the present invention, as shown in figure 13, operational version one There is according to SFC automatically dispose the SF of firewall functionality, be that backend services network provides security protection.

According to the SFC of planning, it is as follows that automation creates the step of disposing fire wall SF to resource management system：

Step 1. application plane is claimed to the service network security of service application, needs structure fire wall to carry for business network For security protection.

The SFC of the demand planning comprising fire wall SF of step 2. application plane traffic application, as shown in figure 13.Manage in SFC The IP of reason net public can be able to be 192.168.168.0/24 for the IP address of 10.46.178.0/24, business network vxlan, Router interface arrange, fire wall, firewall rule and strategy (including supported protocol, IP version, source address, destination address, Source port, destination interface, behavior aggregate etc.) etc..Under the scene, the void in Forwarding plane in resource indication information, can be included IP address of the plan machine in above-mentioned management net, the IP address in above-mentioned business subnet and routing iinformation, in function configured information Firewall rule and policy information can be included.

The relevant information of SFC is passed to resource management system, resource management system by B-CPI interface by step 3. application plane According to the SFC of application Floorplanning, the Internet resources needed for foundation step 2 are automated, including router, dispose fire wall institute The virtual machine (using the customizing virtual machine image file comprising modules such as TSRs) for needing, adds business network etc..That is, utilize Virtual machine in Forwarding plane is being managed bag in the resource indication information that online IP address is configured in the present embodiment by Forwarding plane The virtual machine for including is managing online IP address, and IP address of the virtual machine on business subnet is configured to the resource in the present embodiment IP address of the virtual machine included in configured information on business subnet, and the routing iinformation of virtual machine is configured to the present embodiment In resource indication information in the routing iinformation that includes.Whole process is all to call control forwarding interface to complete by resource management system, Without the need for cloud management person's manual creation virtual machine and Configuration network.

Step 4. explorer is according to the functional requirement of fire wall SF in planned SFC, i.e. can be according in the present embodiment Function configured information planning firewall rule and strategy be saved in corresponding file, and with corresponding virtual machine TSR communicates, and the strategy in file and rule are passed to virtual machine, wraps according in the function configured information in the present embodiment TSR in the information instruction void machine for containing is by strategy and Policy Updates to fire wall, and starts protection.

The all relevant informations of SFC comprising fire wall SF are updated to SFC control by step 5. Forwarding plane by D-API interface Device so that the correlation SF such as fire wall can be had found by SFC controller and manage, it is also possible to allow SFC controller to repair according to demand Change firewall rule and strategy.

Embodiment three

When above-mentioned SF is virtual private networks (Virtual Private Network, referred to as VPN), used according to SFC Scheme two, dynamic creation VPN, is that network provides VPN service.

According to the SFC of planning, it is as follows that automation creates the step of disposing VPN to resource management system：

Step 1. application plane proposes demand to the business network of service application, needs to build VPN for business network offer VPN Service.

Step 2. application plane is according to SFC of the demand planning of service application comprising VPN function.Management net public in SFC IP address can for 10.46.178.0/24, business network vxlan IP address can be 192.168.168.0/24, router Interface setting etc., and SFC relevant information is passed to by control plane by A-CPI interface.Under the scene, resource indicates letter In breath can include Forwarding plane in IP address of the virtual machine in above-mentioned management net, the IP address in above-mentioned business subnet with And routing iinformation, in function configured information can include IKE ike policy, IP layer security protocol IPSec strategy, IPSec site information.

The relevant information (VPN) of the SF of the support SFC for needing to create is transmitted by step 3. control plane by C-API interface To resource management system, and SFC of the resource management system according to planning is triggered, the Internet resources needed for foundation step 2 is automated, Including router (router with specific function, using the customizing virtual machine image file comprising modules such as TSRs), add Plus business network etc..That is, the virtual machine in Forwarding plane is configured to this enforcement in the online IP address of management using Forwarding plane The virtual machine that resource indication information includes in example is managing online IP address, and IP address of the virtual machine on business subnet is joined It is set to the IP address of virtual machine that resource indication information in the present embodiment includes on business subnet, and the route by virtual machine Information configuration is the routing iinformation that the resource indication information in the present embodiment includes.Whole process is adjusted by resource management system Completed with control forwarding interface, without the need for cloud management person's manual creation virtual machine and Configuration network.

Step 4. explorer is according to the functional requirement of VPN in planned SFC, i.e. referred to according to the function in the present embodiment Show information planning IKE (Internet Key Management, referred to as IKE) strategy (IKE Policy), IP layer security protocol (IP Security, referred to as IPSec) strategy (IPSec Policy) and IPSec website (IPSec Site) It is saved in the corresponding configuration file of the VPN Deng configuration, and communicates with the TSR in corresponding virtual machine, by the configuration file Virtual machine is passed to, so that the TSR in empty machine configures and start VPN according to the function configured information in the present embodiment.

The all relevant informations of SFC comprising VPN are updated to SFC controller by step 5. Forwarding plane by D-CPI so that The correlation SF such as VPN can be had found by SFC controller and manage, it is also possible to allow SFC controller change the plan of VPN according to demand Slightly etc..

Example IV

When above-mentioned SF is protected for WEB, according to SFC operational version two, dynamic creation WEB protects SF, is that server is carried For WEB security protection, resist including SQL (Structured Query Language, referred to as SQL) injection, File is comprising leak, cross-site scripting attack (Cross Site Scripting, referred to as XSS), across station, (Cross-site is forged in request Request forgery, referred to as XSRF) and directory traversal etc. attack.

The service application of step 1. application plane requires to provide WEB security protection for service server, needs to build WEB safety Protection SF provide security protection for service server.

Step 2. application plane is according to SFC of the demand planning of service application comprising WEB security protection SF.Advise in SFC Network is drawn, wherein, the network of planning includes net and business subnet is managed, and WEB prevention policies (can include access control class table (Access Control List, referred to as ACL)), IP blacklist, need the user data of shielding, disabling dangerous approach (bag Include OPTIONS, DELETE etc.), door chain, hidden server version information, flow control, are directed to known attack feature Configuration etc.), need WEB application server or data center of protection etc., and the SFC relevant information of planning passed through A-CPI Interface passes to control plane.Under the scene, the virtual machine in Forwarding plane in resource indication information, can be included in management net In IP address, the IP address in business subnet and routing iinformation, can be anti-including above-mentioned WEB in function configured information Shield strategy and the WEB application server for needing to protect or data center information.

The relevant information (WEB security protection) of the SF for needing to create is passed to by step 3. control plane by C-CPI interface Resource management system, and SFC of the resource management system according to application Floorplanning is triggered, automate the net needed for foundation step 2 Network resource, including network, the virtual machine disposed needed for WEB security protection SF (using comprising TSR, Naxsi, Nginx, The customizing virtual machine image file of the modules such as SSL), add WEB application server etc..That is, will be forwarded using Forwarding plane flat Virtual machine in face is configured to virtual machine that resource indication information in the present embodiment includes in management net managing online IP address On IP address, IP address of the virtual machine on business subnet is configured to the virtuality that resource indication information in the present embodiment includes IP address of the machine on business subnet, and the routing iinformation of virtual machine is configured to wrap in the resource indication information in the present embodiment The routing iinformation for including.Whole process is all to call control forwarding interface to complete by resource management system, is created without the need for cloud management person manually Build virtual machine and Configuration network.

Step 4. explorer is according to the functional requirement of WEB security protection SF in planned SFC, i.e. can be according to upper The configured information that states planning Safeguard tactics be saved in corresponding file (control node be each SF configuration information Establishment file), and communicate with the TSR in corresponding virtual machine, the strategy in file is passed to virtual machine, staying in empty machine Stay program, according to the function configured information in the present embodiment, strategy and rule are configured to WEB security module, and start protection.

Relevant information comprising WEB security protection SF is passed through D-CPI oral replacement to SFC controller by step 5. Forwarding plane, So that SF is found and managed by SFC controller, it is also possible to allow SFC controller change according to demand security protection rule and Strategy.

Can be drawn by above-described embodiment, the scheme in the embodiment of the present invention is application Floorplanning by resource management system SFC, automation create bottom-layer network resource, and the relevant information for disposing SF, SF can update SFC controller so that SFC Controller is it can be found that and the newly-increased SF of management.The present invention program achieves the purpose based on SDN business chain dynamic creation SF, makes The feature that SFC possesses flexible deployment in SDN is obtained, while resource utilization is improve, reduces manual maintenance cost.

It should be noted that above-mentioned modules can be by software or hardware to realize, for the latter, can pass through with Under type is realized, but not limited to this：Above-mentioned module is respectively positioned in same processor；Or, above-mentioned module is located at multiple places respectively In reason device.

Embodiments of the invention additionally provide a kind of storage medium.Alternatively, in the present embodiment, above-mentioned storage medium can be by It is set to store the program code for executing following steps：

S1, obtains predetermined network function virtualization NFV information, and wherein, the NFV information is included for indicating to set up network The resource indication information of the bottom-layer network resource needed for function, and for indicating the business function that disposes in the bottom-layer network resource The function configured information of SF；

S2, creates bottom-layer network resource and on the bottom-layer network resource top according to above-mentioned resource indication information and function configured information Administration SF.

Alternatively, in the present embodiment, above-mentioned storage medium can be included but is not limited to：USB flash disk, read-only storage (Read-Only Memory, referred to as ROM), random access memory (Random Access Memory, referred to as RAM), mobile hard Disk, magnetic disc or CD etc. are various can be with the medium of store program codes.

Alternatively, in the present embodiment, processor executes above-mentioned steps S1-S2 according to the program code for having been stored in storage medium.

Alternatively, the specific example in the present embodiment may be referred to the example described in above-described embodiment and optional embodiment, The present embodiment will not be described here.

In related art scheme, when SDN creates SFC, keeper is needed first to create the bottom-layer network resource needed for SFC, New SF is disposed on the basis of existing Internet resources, then group builds up SFC.In the scheme of the embodiment of the present invention, support that SDN can With the business demand according to application plane, SFC is easily cooked up, and without consideration bottom-layer network resource.Resource management system According to the demand of meeting SFC, the bottom-layer network resource required for the establishment of automation, the information of configuration and deployment SF, SF can be more SFC controller is newly arrived so that SFC controller is it can be found that SF node related with management.This patent improves SFC in SDN Flexibility and autgmentability, reduce manual maintenance cost.

Obviously, those skilled in the art should be understood that each module of the above-mentioned present invention or each step can be with general calculating Realizing, they can concentrate on single computing device device, or be distributed on the network constituted by multiple computing devices, Alternatively, they can be realized with the executable program code of computing device, it is thus possible to be stored in storage device In executed by computing device, and in some cases, shown or described step can be executed with the order being different from herein Suddenly, or by them it is fabricated to each integrated circuit modules respectively, or the multiple modules in them or step is fabricated to single Integrated circuit modules are realizing.So, the present invention is not restricted to any specific hardware and software combination.

The preferred embodiments of the present invention are the foregoing is only, the present invention is not limited to, for those skilled in the art For, the present invention can have various modifications and variations.All any modifications that within the spirit and principles in the present invention, is made, etc. With replacing, improving etc., should be included within the scope of the present invention.

Claims

1. a kind of dispositions method of business function SF, it is characterised in that include：

Predetermined network function virtualization NFV information is obtained, wherein, the NFV information is included for indicating to build The resource indication information of the bottom-layer network resource needed for vertical network function, and for indicating in the bottom-layer network resource The function configured information of the business function SF of upper deployment；

The bottom-layer network resource is created and described according to the resource indication information and the function configured information The SF is disposed in bottom-layer network resource.

2. method according to claim 1, it is characterised in that indicated according to the resource indication information and the function Bottom-layer network resource described in information creating is simultaneously disposed the SF and includes in the bottom-layer network resource：

The resource indication information is passed to by the Forwarding plane by the interface between Forwarding plane, to indicate The Forwarding plane creates the bottom-layer network resource according to the resource indication information on the Forwarding plane；

Communicated with the TSR in the virtual machine in the bottom-layer network resource by using the interface The deployment information determined according to the function configured information is passed to the virtual machine by mode, to indicate the virtuality The SF disposed by machine.

3. method according to claim 2, it is characterised in that

The resource is indicated by letter by the interface for disposing between bottom-layer network resource and the Forwarding plane of SF Breath passes to the Forwarding plane, flat in the forwarding according to the resource indication information to indicate the Forwarding plane Creating the bottom-layer network resource on face includes：The resource indication information is passed to by described turning by the interface Plane is sent out, to indicate that the Forwarding plane will include in the resource indication information for creating the bottom-layer network On virtual machine of the parameter configuration of resource in the Forwarding plane；

Communicated with the TSR in the virtual machine in the bottom-layer network resource by using the interface The deployment information determined according to the function configured information is passed to the virtual machine by mode, to indicate the virtuality The SF disposed by machine includes：The mode communicated with the TSR by using the interface is by the portion Administration's information transmission gives the virtual machine, to indicate that the virtual machine will include in the function configured information for portion The parameter configuration of administration SF is on the virtual machine.

4. method according to claim 3, it is characterised in that the SF is load balancing, the resource indicates letter Breath includes：First management net network protocol IP address, the IP address of the first business subnet and the first routing iinformation, The function configured information includes Load Balancing Protocol information, the information about firms of the resource pool of the load balancing, bears Equalization algorithm information is carried, wherein,

The resource indication information is passed to by the Forwarding plane by the interface, to indicate the Forwarding plane The parameter for creating the bottom-layer network resource included in the resource indication information is loaded into the forwarding Include on virtual machine in plane：The resource indication information is passed to by the Forwarding plane by the interface, Operated with indicating that the Forwarding plane execution is following：The first virtual machine in the Forwarding plane is online in management IP address is configured to the described first management net IP address, the IP address by first virtual machine on business subnet It is configured to the first business subnet of ip address and the routing iinformation of first virtual machine is configured to described first Routing iinformation；

The deployment information is passed to institute by the mode communicated with the TSR by using the interface Virtual machine is stated, to indicate that the parameter for disposing SF included in the function configured information joined by the virtual machine Putting on the virtual machine includes：Load balancing configuration file is created according to the function configured information；By using The load balancing configuration file is passed to described by the mode communicated with the TSR by the interface One virtual machine, is operated with indicating that first virtual machine execution is following：Protocol configuration by first virtual machine is The corresponding agreement of the Load Balancing Protocol information, the member of first virtual machine is configured to the load balancing Resource pool the corresponding member of information about firms, the algorithm configuration of first virtual machine is calculated for the load balancing The corresponding algorithm of method information.

5. method according to claim 3, it is characterised in that the SF is fire wall, the resource indication information Including：Second management net network protocol IP address, the IP address of the second business subnet and secondary route information, institute Stating function configured information includes firewall rule and policy information, wherein,

The resource indication information is passed to by the Forwarding plane by the interface, to indicate the Forwarding plane The parameter for creating the bottom-layer network resource included in the resource indication information is loaded into the forwarding Include on virtual machine in plane：By the resource indication information being passed to the Forwarding plane with the interface, Operated with indicating that the Forwarding plane execution is following：The second virtual machine in the Forwarding plane is online in management IP address is configured to the described second management net IP address, the IP address by second virtual machine on business subnet It is configured to the second business subnet of ip address and the routing iinformation of second virtual machine is configured to described second Routing iinformation；

The deployment information is passed to institute by the mode communicated with the TSR by using the interface Virtual machine is stated, to indicate that the parameter for disposing SF included in the function configured information joined by the virtual machine Putting on the virtual machine includes：Firewall configuration file is created according to the function configured information；By using institute Stating the mode communicated by interface with the TSR, that the firewall configuration file is passed to described second is empty Plan machine, is advised with indicating that the rule of second virtual machine and strategy are configured to the fire wall by second virtual machine Then corresponding with policy information regular and tactful.

6. method according to claim 3, it is characterised in that the SF is virtual private network VPN, the money Source configured information includes：3rd management net network protocol IP address, the 3rd business subnet of ip address and the 3rd route Information, the function configured information include IKE ike policy, IP layer security protocol IPSec strategy, IPSec Site information, wherein,

The resource indication information is passed to by the Forwarding plane by the interface, to indicate the Forwarding plane The parameter for creating the bottom-layer network resource included in the resource indication information is loaded into the forwarding Include on virtual machine in plane：The resource indication information is passed to by the Forwarding plane by the interface, Operated with indicating that the Forwarding plane execution is following：The 3rd virtual machine in the Forwarding plane is online in management IP address is configured to the described 3rd management net IP address, the IP address by the 3rd virtual machine on business subnet It is configured to the 3rd business subnet of ip address and the routing iinformation of the 3rd virtual machine is configured to the described 3rd Routing iinformation；

The deployment information is passed to institute by the mode communicated with the TSR by using the interface Virtual machine is stated, to indicate that the parameter for disposing SF included in the function configured information joined by the virtual machine Putting on the virtual machine includes：VPN configuration file is created according to the function configured information；By using institute Stating the mode communicated by interface with the TSR, that the VPN configuration file is passed to the described 3rd is virtual Machine, is operated with indicating that the 3rd virtual machine execution is following：The protocol strategy of the 3rd virtual machine is configured to institute State IKE ike policy and IP layer security protocol IPSec strategy, by the station of the 3rd virtual machine Point is configured to the corresponding website of the IPSec site information.

7. method according to claim 3, it is characterised in that the SF is protected for network element WEB, the resource refers to Show that information includes：4th management net network protocol IP address, the 4th business subnet of ip address and the 4th routing iinformation, The function configured information includes WEB application server or data center's letter of WEB prevention policies and needs protection Breath, wherein,

The resource indication information is passed to by the Forwarding plane by the interface, to indicate the Forwarding plane The parameter for creating the bottom-layer network resource included in the resource indication information is loaded into the forwarding Include on virtual machine in plane：The resource indication information is passed to by the Forwarding plane by the interface, Operated with indicating that the Forwarding plane execution is following：The 4th virtual machine in the Forwarding plane is online in management IP address is configured to the described 4th management net IP address, the IP address by the 4th virtual machine on business subnet It is configured to the 4th business subnet of ip address and the routing iinformation of the 4th virtual machine is configured to the described 4th Routing iinformation；

The deployment information is passed to institute by the mode communicated with the TSR by using the interface Virtual machine is stated, to indicate that the parameter for disposing SF included in the function configured information joined by the virtual machine Putting on the virtual machine includes：WEB is created according to the function configured information and protects configuration file；By profit WEB protection configuration file is passed to described by the mode communicated with the TSR with the interface 4th virtual machine, is operated with indicating that the 4th virtual machine execution is following：By the rule of the 4th virtual machine and plan Slightly be configured to the WEB prevention policies and rule, by the server of the 4th virtual machine or data center configuration For the WEB application server for needing protection or the corresponding server of data center information or data center.

8. method according to claim 1, it is characterised in that the predetermined network function virtualization NFV of the acquisition Information includes：

Receive the NFV information of application plane transmission.

9. method according to claim 1, it is characterised in that the predetermined network function virtualization NFV of the acquisition Information includes：

The NFV information of control plane transmission is received, wherein, the NFV information is passed to for application plane The control plane.

10. method according to claim 1, it is characterised in that referred to according to the resource indication information and the function After showing bottom-layer network resource described in information creating and disposing the SF in the bottom-layer network resource, also include：

The NFV information after updating is obtained, wherein, the NFV information after the renewal includes the resource after renewal Function configured information after configured information and/or renewal；

According to the resource indication information after described renewal and/or the function configured information after renewal update and create Bottom-layer network resource and the SF of deployment.

11. methods according to claim 10, it is characterised in that according to described update after resource indication information and/or Function configured information after renewal updates the SF of the bottom-layer network resource and deployment for creating to be included：

According to the bottom-layer network resource that resource indication information change, increase or the deletion after described renewal is created； And/or,

The SF according to the change of function configured information, increase or deletion deployment after described renewal.

12. methods according to claim 2, it is characterised in that referred to according to the resource indication information and the function After showing bottom-layer network resource described in information creating and disposing the SF in the bottom-layer network resource, also include：

The Forwarding plane is by the information reporting of the bottom-layer network resource after the bottom-layer network resource has been created To control plane；And/or,

The Forwarding plane after the SF has been disposed, by deployment the SF information reporting to control plane.

13. a kind of deployment devices of business function SF, it is characterised in that include：

First acquisition module, for obtaining predetermined network function virtualization NFV information, wherein, the NFV Information includes the resource indication information for indicating the bottom-layer network resource that sets up needed for network function, and for indicating The function configured information of the business function SF disposed in the bottom-layer network resource；

Processing module, for creating the bottom-layer network according to the resource indication information and the function configured information Resource simultaneously disposes the SF in the bottom-layer network resource.

14. devices according to claim 13, it is characterised in that the processing module includes：

First transfer unit, for passing to institute by the interface between Forwarding plane by the resource indication information Forwarding plane is stated, to indicate that the Forwarding plane creates institute according to the resource indication information on the Forwarding plane State bottom-layer network resource；

Second transfer unit, for by using staying in the virtual machine in the interface and the bottom-layer network resource The deployment information determined according to the function configured information is passed to the virtuality by the mode for staying program to be communicated Machine, to indicate SF described in the deploying virtual machine.

15. devices according to claim 14, it is characterised in that

First transfer unit includes：First transmission subelement, for being indicated the resource by the interface Information transmission gives the Forwarding plane, to indicate the Forwarding plane by being used for for including in the resource indication information Create on virtual machine of the parameter configuration of the bottom-layer network resource in the Forwarding plane；

Second transfer unit includes：Second transmission subelement, for resident with described by using the interface The deployment information is passed to the virtual machine by the mode communicated by program, to indicate that the virtual machine will be described Include in function configured information for disposing the parameter configuration of SF to the virtual machine.

16. devices according to claim 15, it is characterised in that the SF is load balancing, the resource indicates letter Breath includes：First management net network protocol IP address, the IP address of the first business subnet and the first routing iinformation, The function configured information includes Load Balancing Protocol information, the information about firms of the resource pool of the load balancing, bears Equalization algorithm information is carried, wherein,

The first transmission subelement indicates that the Forwarding plane configures the bottom-layer network resource in the following way： The resource indication information is passed to by the Forwarding plane by the interface, to indicate Forwarding plane execution Hereinafter operate：The first virtual machine in the Forwarding plane is configured to described first in the online IP address of management Management net IP address, the IP address by first virtual machine on business subnet are configured to first business Net IP address and the routing iinformation of first virtual machine is configured to first routing iinformation；

The second transmission subelement indicates SF described in the deploying virtual machine in the following way：According to the function Configured information creates load balancing configuration file；By using the side communicated with the TSR by the interface The load balancing configuration file is passed to first virtual machine by formula, with indicate first virtual machine execute with Lower operation：By the protocol configuration of first virtual machine be the corresponding agreement of the Load Balancing Protocol information, by institute The corresponding member of the information about firms of the resource pool that the member for stating the first virtual machine is configured to the load balancing, will be described The algorithm configuration of the first virtual machine is the corresponding algorithm of the load-balancing algorithm information.

17. devices according to claim 15, it is characterised in that the SF is fire wall, the resource indication information Including：Second management net network protocol IP address, the IP address of the second business subnet and secondary route information, institute Stating function configured information includes firewall rule and policy information, wherein,

The first transmission subelement indicates that the Forwarding plane configures the bottom-layer network resource in the following way： By the resource indication information being passed to the Forwarding plane with the interface, to indicate that the Forwarding plane holds Row is following to be operated：The second virtual machine in the Forwarding plane is configured to described the managing online IP address Two management net IP address, the IP address by second virtual machine on business subnet are configured to second business Subnet of ip address and the routing iinformation of second virtual machine is configured to the secondary route information；

The second transmission subelement indicates SF described in the deploying virtual machine in the following way：According to the function Configured information creates firewall configuration file；By using the mode communicated with the TSR by the interface The firewall configuration file is passed to second virtual machine, to indicate second virtual machine by described second The rule of virtual machine and strategy are configured to the firewall rule and policy information is corresponding regular and tactful.

18. devices according to claim 15, it is characterised in that the SF is virtual private network VPN, the money Source configured information includes：3rd management net network protocol IP address, the 3rd business subnet of ip address and the 3rd route Information, the function configured information include IKE ike policy, IP layer security protocol IPSec strategy, IPSec Site information, wherein,

The first transmission subelement indicates that the Forwarding plane configures the bottom-layer network resource in the following way： The resource indication information is passed to by the Forwarding plane by the interface, to indicate Forwarding plane execution Hereinafter operate：The 3rd virtual machine in the Forwarding plane is configured to the described 3rd in the online IP address of management Management net IP address, the IP address by the 3rd virtual machine on business subnet are configured to the 3rd business Net IP address and the routing iinformation of the 3rd virtual machine is configured to the 3rd routing iinformation；

The second transmission subelement indicates SF described in the deploying virtual machine in the following way：According to the function Configured information creates VPN configuration file；By using the mode communicated with the TSR by the interface The VPN configuration file is passed to the 3rd virtual machine, is grasped with indicating that the 3rd virtual machine execution is following Make：The protocol strategy of the 3rd virtual machine is configured to the IKE ike policy and IP layer peace Full protocol IP Sec strategy, the site configuration of the 3rd virtual machine is the corresponding station of the IPSec site information Point.

19. devices according to claim 15, it is characterised in that the SF is protected for network element WEB, the resource Configured information includes：4th management net network protocol IP address, the 4th business subnet of ip address and the 4th route letter Breath, the function configured information are included in the WEB application server that WEB prevention policies and needs protect or data Heart information, wherein,

The first transmission subelement indicates that the Forwarding plane configures the bottom-layer network resource in the following way： The resource indication information is passed to by the Forwarding plane by the interface, to indicate Forwarding plane execution Hereinafter operate：The 4th virtual machine in the Forwarding plane is configured to the described 4th in the online IP address of management Management net IP address, the IP address by the 4th virtual machine on business subnet are configured to the 4th business Net IP address and the routing iinformation of the 4th virtual machine is configured to the 4th routing iinformation；

The second transmission subelement indicates SF described in the deploying virtual machine in the following way：According to the function Configured information creates WEB protection configuration file；Communicated with the TSR by using the interface WEB protection configuration file is passed to the 4th virtual machine by mode, to indicate that the 4th virtual machine holds Row is following to be operated：By the rule of the 4th virtual machine and strategy be configured to the WEB prevention policies and rule, By the server of the 4th virtual machine or data center configuration be described need protection WEB application server or The corresponding server of data center information or data center.

20. devices according to claim 13, it is characterised in that first acquisition module includes：

First receiving unit, for receiving the NFV information of application plane transmission.

21. devices according to claim 13, it is characterised in that first acquisition module includes：

Second receiving unit, for receiving the NFV information of control plane transmission, wherein, the NFV letter Cease for applying plane to pass to the control plane.

22. devices according to claim 13, it is characterised in that also include：

Second acquisition module, for creating the bottom according to the resource indication information and the function configured information Layer network resource after disposing the SF in the bottom-layer network resource, obtains the NFV information after updating, Wherein, the function after the NFV information after the renewal includes the resource indication information after renewal and/or updates refers to Show information；

Update module, for the function configured information according to the resource indication information after described renewal and/or after renewal Update the SF of the bottom-layer network resource and deployment for creating.

23. devices according to claim 22, it is characterised in that the update module includes：

First updating block, for created according to resource indication information change, increase or the deletion after described renewal The bottom-layer network resource；And/or,

Second updating block, for according to the function configured information change after described renewal, increase or deletion deployment The SF.

24. devices according to claim 14, it is characterised in that also include：

First reporting module, is applied in Forwarding plane, for will be described after the bottom-layer network resource has been created The information reporting of bottom-layer network resource is to control plane；And/or,

Second reporting module, is applied in Forwarding plane, for after the SF has been disposed, by described in deployment The information reporting of SF is to control plane.