CN107566298A - A kind of method and apparatus for generating list item - Google Patents

A kind of method and apparatus for generating list item Download PDF

Info

Publication number
CN107566298A
CN107566298A CN201610506186.7A CN201610506186A CN107566298A CN 107566298 A CN107566298 A CN 107566298A CN 201610506186 A CN201610506186 A CN 201610506186A CN 107566298 A CN107566298 A CN 107566298A
Authority
CN
China
Prior art keywords
flow
bgp
spec
priority
network equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610506186.7A
Other languages
Chinese (zh)
Other versions
CN107566298B (en
Inventor
王芳
许健彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201610506186.7A priority Critical patent/CN107566298B/en
Priority to CN202111366024.5A priority patent/CN114205312A/en
Publication of CN107566298A publication Critical patent/CN107566298A/en
Application granted granted Critical
Publication of CN107566298B publication Critical patent/CN107566298B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/50Queue scheduling
    • H04L47/62Queue scheduling characterised by scheduling criteria
    • H04L47/625Queue scheduling characterised by scheduling criteria for service slots or service orders
    • H04L47/6275Queue scheduling characterised by scheduling criteria for service slots or service orders based on priority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application is related to a kind of method and device for generating list item, and methods described includes:First network equipment generates Border Gateway Protocol (BGP) UPDATE message, for issuing BGP flow spec routes, the BGP UPDATE messages include flow spec priority, the first network equipment sends the BGP UPDATE messages to forwarding unit, BGP flow spec list items are generated according to the BGP UPDATE messages to trigger the forwarding unit, the BGP flow spec list items include the flow spec priority, and the flow spec priority is used to identify priority of the BGP flow spec list items when be used to instruct message to forward.According to above-mentioned technical proposal, it can effectively control message to forward behavior, realize flow flexible modulation.

Description

A kind of method and apparatus for generating list item
Technical field
The application is related to communication technical field, more particularly to a kind of method and apparatus for generating list item.
Background technology
A kind of Border Gateway Protocol (English defined in RFC5575:Border Gateway Protocol, BGP) stream rule Then (English:Flow Specification, flow-spec) route, this BGP flow-spec route contains a kind of new Bgp network layer is up to information type and extended community attribute.By this new Network Layer Reachable Information and extended community attribute, BGP flow-spec route the filter condition that can carry flow and the action performed after traffic filtering.Create BGP flow- By creating bgp peer relation between the equipment and forwarding unit of spec routes, to transmit BGP flow-spec routes.When Bgp peer will preferably route the flow control policy for being converted to forwarding plane after receiving BGP flow-spec routes, so as to Realize the regulation and control to flow.
In the prior art, when user is wished to being controlled by the flow of forwarding unit, for example, passing through BGP flow- Spec is route, and the flow for adjusting particular demands carries out routing forwarding.According to current BGP flow-spec regulation, BGP flow- The priority orders of spec list items, dependent on the priority ranking rule defined in RFC5575, wherein, according to rule, style number Smaller list item priority is higher.As shown in table 1.
For example, user wishes the message sent from source address A to destination address D, execution action 1, and other source addresses to The message that destination address D is sent, execution action 2.Provided according to current agreement, the BGP using source address as filter condition type The style number of flow-spec list items is bigger as the style number of the BGP flow-spec list items of filter condition type than using destination address, Then the big BGP flow-spec list items of style number can not be better than the small BGP flow-spec list items of style number and come into force.Therefore, The message sent from source address A to destination address D, can be by the execution action 2 of mistake.It is therefore, it is impossible to effectively right as needed Message forwarding behavior is flexibly controlled.
Type ID Type name
1 Destination Prefix
2 Source Prefix
3 IP Protocol
4 Port
5 Destination port
6 Source port
Table 1
The content of the invention
In view of this, this application provides a kind of method and apparatus for generating list item, increase in BGP flow-spec list items Add flow-spec priority, the BGP flow-spec list items are identified by the flow-spec priority and are being used for Priority when instructing the message to forward.So as to effectively control message to forward behavior, the flexible modulation of flow is realized.
In a first aspect, this application provides a kind of method for generating list item, methods described includes:First network equipment generates Border Gateway Protocol (BGP) updates UPDATE message, and the BGP UPDATE messages are used to issue BGP flow-spec routes, institute State BGP UPDATE messages and include flow-spec priority;And the BGP UPDATE new informations are sent to forwarding unit, BGP flow-spec list items, the BGP flow- are generated according to the BGP UPDATE messages to trigger the forwarding unit Spec list items include the flow-spec priority, and the flow-spec priority is used to identify the BGP flow-spec Priority of the list item when be used to instruct message to forward.
Increase flow-spec priority in BGP flow-spec list items, by specifying the flow-spec priority, To identify priority of the BGP flow-spec list items when be used to instruct message to forward.So as to effectively control report Literary forwarding behavior, realize the flexible modulation of flow.By method described herein, for network traffics attack defending, for example, point Cloth refusal service (English:Distributed Denial of Service, DDoS) attack defending, it can effectively slow down and attack Hit flow influences to caused by network.
Second aspect, this application provides a kind of method for generating list item, this method includes:Forwarding unit receives the first net The BGP UPDATE messages that network equipment is sent, the BGP UPDATE messages are used to issue BGP flow-spec routes, described BGP UPDATE messages include flow-spec priority;
The forwarding unit generates BGP flow-spec list items according to the BGP UPDATE messages, and by the BGP Flow-spec list items are stored in BGP flow-spec tables, and it is excellent that the BGP flow-spec list items include the flow-spec First level, the flow-spec priority are used to identify the BGP flow-spec list items when being used to instruct message to forward Priority.
Increase flow-spec priority in BGP flow-spec list items, by specifying the flow-spec priority, To identify priority of the BGP flow-spec list items when be used to instruct message to forward.So as to effectively control report Literary forwarding behavior, realize the flexible modulation of flow.By method described herein, for network traffics attack defending, for example, Ddos attack is defendd, and can effectively slow down attack traffic influences to caused by network.
In second aspect in the first possible embodiment, when a plurality of BGP being present in the BGP flow-spec tables During flow-spec list items, and every BGP flow-spec list item includes flow-spec priority, the second aspect respectively Method also include:
When the forwarding unit carries out message forwarding, according to BGP described in the keyword priority match of the message The high BGP flow-spec list items of flow-spec priority in flow-spec tables, and according to the BGP flow-spec matched The processing mode of action item information instruction in list item is handled the message.For example, it can be believed according to the action item The instruction of breath, discard processing is carried out to the message.
The third aspect, this application provides a kind of first network equipment, the method for performing first aspect.Specifically, The first network equipment includes being used to perform the functional unit of the method for first aspect.
Fourth aspect, this application provides a kind of forwarding unit, for perform second aspect or second aspect the first Method in possible embodiment.Specifically, the forwarding unit includes being used to perform the first of second aspect or second aspect The functional unit of method in the possible embodiment of kind.
5th aspect, this application provides a kind of first network equipment, the first network equipment includes network interface, processing Device, memory, it is connected between the processor and memory by bus, the processor is used to perform in the memory Code, when the code is performed, the execution causes the method for computing device first aspect.
6th aspect, this application provides a kind of forwarding unit, the forwarding unit includes network interface, processor, storage Device, it is connected between the processor and memory by bus, the processor is used to perform the code in the memory, When the code is performed, the execution causes the possible embodiment party of the first of computing device second aspect or second aspect Method in formula.
7th aspect, this application provides a kind of computer-readable recording medium, for storing computer program, the calculating Machine program includes being used to perform the finger of the method for first aspect, second aspect or second aspect the first possible embodiment Order.
Eighth aspect, this application provides a kind of communication system, including the third aspect or the first net described in the 5th aspect Forwarding unit described in terms of network equipment, and fourth aspect or the 6th, for performing first aspect, second aspect or second aspect The method of the first possible embodiment.
Above-mentioned first into eighth aspect, the first network equipment is the control under control forwarding separated network framework Device Controller;Or
The first network equipment is that the forwarding unit of bgp peer is formed with the forwarding unit;Or
The first network equipment is flow analysis servers.
As can be seen here, the technical scheme of the application be disclosure satisfy that under different application scene, and the forwarding style of writing to message is carried out Flexible modulation.
Above-mentioned first into eighth aspect, the flow-spec priority is carried on the BGP UPDATE messages Extended community attribute field in.
Technical scheme described herein, increase flow-spec priority in BGP flow-spec list items, pass through finger The fixed flow-spec priority, it is preferential when be used to instruct message to forward to identify the BGP flow-spec list items Level.So as to effectively control message to forward behavior, the flexible modulation of flow is realized.By method described herein, for net Network flow attacking is defendd, for example, ddos attack is defendd, can effectively slow down attack traffic influences to caused by network.
Brief description of the drawings
In order to illustrate more clearly of the technical scheme of the embodiment of the present application, below by embodiment it is required use it is attached Figure is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present application, for this area For those of ordinary skill, on the premise of not paying creative work, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is the schematic diagram of the scene 1 of the embodiment of the present application application;
Fig. 2 is the schematic diagram of the scene 2 of the embodiment of the present application application;
Fig. 3 is a kind of method flow diagram for generation list item that the embodiment of the present application provides;
Fig. 4 is a kind of schematic diagram for first network equipment that the embodiment of the present application provides;
Fig. 5 is a kind of schematic diagram for forwarding unit that the embodiment of the present application provides;
Fig. 6 is a kind of hardware architecture diagram for first network equipment that the embodiment of the present application provides;
Fig. 7 is a kind of hardware architecture diagram for forwarding unit that the embodiment of the present application provides;
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present application, the technical scheme in the embodiment of the present application is described, shown So, described embodiment is the part of the embodiment of the application, rather than whole embodiments.Based on the implementation in the application Example, the every other embodiment that those of ordinary skill in the art are obtained on the premise of creative work is not made, all should Belong to the scope of the application protection.
The embodiment of the present application description application scenarios be in order to more clearly explanation the embodiment of the present application technical scheme, The restriction of the technical scheme provided the embodiment of the present application is not provided.Ordinary skill people understands, with the network architecture Differentiation and new business scene appearance, the technical scheme that the embodiment of the present application provides is same suitable for similar technical problem Should.
The application scenarios 1 of the embodiment of the present application are illustrated with reference to Fig. 1.
Fig. 1 schematically illustrates the software defined network (English of the embodiment of the present application application:Software Defined Networking, SDN) 100.The network 100 includes controller 110 and multiple network equipments 120.Alternatively, the controller 120 Can be specially intelligent network controller (English:Smart Network Controller, SNC), but the embodiment of the present application is not It is limited to this.
The network equipment 120 can be used for carrying out forward process to message.The network equipment is specifically as follows legacy paths calculating Unit (English:Path Computation Element, PCE) routing forwarding such as conventional router in network, interchanger sets The routing forwarding equipment such as router or interchanger in SDN standby or that separation is forwarded based on control, the embodiment of the present application This is not limited.
Fig. 1 schematically illustrates six routers:R1 to R6, wherein, R1 to R4 belong to autonomous system (English: Autonomous System, AS) 1, R5 belongs to AS2, and R6 belongs to AS3.It should be understood that Fig. 1 exemplarily only shows a control Device and six routers, the network 100 can include any other number of controller and the network equipment, the embodiment of the present application pair This is not limited.
In the example depicted in figure 1, it is assumed that the business purpose address of R1 accesses is D, and can have X and Y by R1 to D Two paths, wherein, path X is successively via R1, R2 and R5, and path Y is successively via R1, R3 and R6.In order to ensure VIP client's Service traffics can obtain Bandwidth guaranteed, and path X is the VIP dedicated links used for VIP client, and path Y is for domestic consumer The generic link used.When the VIP client that source IP address is A is passed through by R1 access destination addresses D equipment, non-VIP client When R1 accesses destination address D equipment, controller 110 generates two BGP flow-spec list item informations, and is sent to R1.Such as Shown in table 2:
EntryID Filter Action
1 Destination Prefix:D Path Y
2 Source Prefix:A Path X
Table 2
In table 2, described " Entry ID " are numbered for list item, and list item numbering is carried out intuitively for the ease of the embodiment of the present application Explanation, in controller to forwarding unit in the actual BGP flow-spec list item informations sent, the list item can not included and compiled Number." Filter ":Traffic filtering information, for showing traffic filtering condition." Action ":Action item information, turn Hair equipment is handled the message according to the processing mode that action item information indicates.Wherein, action item information can include The information such as flowing work, redirection, flow velocity rate and flow label.
Controller 110 is sent in R1 two BGP flow-spec list item informations, it is desirable to the VIP visitors that source IP address is A Family can be directed on the X of path and forwarded, it is desirable to non-VIP according to Entry2 instruction to the message that purpose IP address D is sent The purpose IP address that client sends is that D message can be directed on the Y of path and forwarded according to Entry1 instruction.
But according to as defined in current agreement BGP flow-spec list items priority rule, using source address as flow mistake The style number of the BGP flow-spec list items of condition types is filtered than the BGP using destination address as traffic filtering condition types The style number of flow-spec list items is big, and therefore, source IP address is the message that A VIP client sends to purpose IP address D, can quilt It is directed on the Y of path and is transmitted.
The application scenarios 2 of the embodiment of the present application are illustrated with reference to Fig. 2.
Fig. 2 schematically illustrates the network 200 of the embodiment of the present application application.The network 200 includes:Flow analysis service Device 210 and multiple network equipments 220.The network equipment 120 can be used for carrying out forward process to message.The network equipment specifically can be with For the routing forwarding equipment such as router, interchanger, the embodiment of the present application is not limited this.
Fig. 2 it is exemplary show 4 routers:R7-R10, wherein, R7 belongs to AS100, R8-R10 and flow analysis Server 210 belongs to AS200.It should be understood that Fig. 2 exemplarily only shows a flow analysis servers and four routers, The network 200 can include any other number of flow analysis servers and the network equipment, and the embodiment of the present application is not done to this Limit.
As shown in Figure 2, traffic sampling sample is sent to flow analysis servers 210 by R9 and R10, when source IP address is C Attack source 230 initiate flow attacking when, flow analysis servers 210 according to predetermined definition rule, to flow sample Detected, identify abnormal flow.Flow analysis servers 210 automatically create BGP flow- according to the feature of abnormal flow Spec is route, and then by issuing this BGP flow-spec routes, traffic filtering rule is passed to bgp peer R8.R8 After BGP flow-spec routes are received, route is converted into flow control policy, the flow of matched rule is controlled. It is assumed that the traffic filtering rule of flow analysis servers generation is:
1) source IP address is A flow, is abandoned;
2) purpose IP address is D flow, limits transmission rate.
The traffic filtering rule generated according to flow analysis servers 210, it is desirable to which forwarding unit receives all come from Source IP address is A flow, carries out discard processing.Forwarding unit receives the flow that all purposes address is D, is limited Transmission rate processing processed.However, when forwarding unit receives the attack traffic that source IP address A is sent to purpose IP address D, root According to the priority rule of BGP flow-spec list items as defined in current agreement, forwarding unit is to the attack stream that should be dropped Amount does not do discard processing, and simply its transmission rate is limited, and therefore, attack still has.
The method 300 for being used to generate list item for showing the embodiment of the present application and providing exemplary Fig. 3.This method 300 can With the network 200 shown in applied to SDN100 or Fig. 2 as shown in Figure 1, but the embodiment of the present application not limited to this.
S301, first network equipment generation Border Gateway Protocol (BGP) renewal UPDATE message.The BGP UPDATE messages For issuing BGP flow-spec routes, the BGP UPDATE messages include flow-spec priority.
The first network equipment can be used for being controlled the flow of network.Optionally, first network equipment has Body can be the controller Controller under control forwarding separation architecture, and the controller can be specially SNC.For example, should First network equipment can be specially the controller shown in Fig. 1.
Optionally, the first network equipment can also be flow analysis servers.For example, the first network equipment can have Body is the flow analysis servers shown in Fig. 2.
Optionally, the first network equipment can also be forwarding unit, be specifically as follows legacy paths computing unit (English Text:Path Computation Element, PCE) the routing forwarding equipment such as conventional router in network, interchanger, also may be used To be the router or the routing forwarding equipment such as interchanger in the SDN based on control forwarding separation.For example, the first network equipment Can be specially the R9 shown in the R4 or Fig. 2 shown in Fig. 1.The embodiment of the present application is not construed as limiting to this.
In a specific embodiment, as shown in figure 1, controller 110 is used as the first network equipment.Controller Bgp peer relation is established between 110 and R1.Controller 110 generates the BGP UPDATE messages, is passed to bgp peer Pass the BGP flow-spec routes.
In another particular embodiment of the invention, as shown in Fig. 2 flow analysis servers 210 are used as first networking Equipment.Bgp peer relation is established between flow analysis servers 210 and R8.Flow analysis servers 210 generate the BGP UPDATE message, transmit the BGP flow-spec to bgp peer and route.
The BGP UPDATE messages can also include action item information, and the action item information can specifically include flow velocity rate (English:Traffic-rate), (English is made in flowing:Traffic-action), flow label (English:traffic-marking) And redirect (English:One or more of Redirect).For example, extended community (the English in the BGP UPDATE messages Text:Extended Community) attribute includes above-mentioned action item information.
The BGP UPDATE messages can also include multi-protocols up to Network Layer Reachable Information (English:Multiprotocol Reachable Network Layer Reachability Information, MP_REACH_NLRI) field.MP_REACH_ NLRI may belong to path attribute, and alternatively, MP_REACH_NLRI fields can be included in the BGP UPDATE messages In Extended Community attributes.As an optional example, MP_REACH_NLRI attributes can be by one or more three Tuple<Address family information, next hop information, network reachability information>Composition, correspondingly, MP_REACH_NLRI fields can wrap Include address family information field, next-hop network address information (English:Next Hop Network Address Information) Domain and NLRI domains.Wherein, alternatively, address family information field can include the Address-Family Identifier (English of 2 bytes:Address Family Identifier, AFI) and 1 byte subaddressing race mark (English:Subsequent Address Family Identifier, SAFI), AFI can be used for identifying network layer protocol, and SAFI can be used for the type for identifying NLRI;Next-hop Network address information domain can include next-hop network address;NLRI domains can include length field, label field and prefix domain, its In, the prefix domain can correspond to different traffic filtering conditions, such as destination address, source address, destination interface, source port etc. Deng.Alternatively, in the embodiment of the present application, the prefix domain can only include destination address or a kind of source address this traffic filtering bar Part, the embodiment of the present application are not limited this.
Optionally, the flow-spec precedence informations are carried on the extended community category of the BGP UPDATE messages In property field.In BGP extended community attribute fields, flow-spec priority types are increased newly, as shown in table 3:
The explanation for four kinds of existing extended community attribute types that type is 0x8006-0x8009 in table 3, referring specifically to RFC5575 related definition, here is omitted.The type of newly-increased flow-spec priority is arranged to " 0x800F ", also may be used , specifically can be by internet numbers distribution office (English with corresponding to other numerical value:Internet Assigned Number Authority, IANA) registration office distribution, the field name of flow-spec priority can specifically be defined as " traffic- Priority ", can also be defined as other titles, and the embodiment of the present application is not limited this.
Table 3
It is further alternative, it can also be carried using other attribute fields in the BGP UPDATE messages described Flow-spec priority.For example, the privately owned attribute field of extension in BGP UPDATE messages, for carrying the flow-spec Priority, the embodiment of the present application are not limited this.
S302, the first network equipment send the BGP UPDATE messages to forwarding unit, to trigger the forwarding Equipment generates BGP flow-spec list items according to the BGP UPDATE messages.The BGP flow-spec list items include described Flow-spec priority, the flow-spec priority be used to instruct for identifying the BGP flow-spec list items Priority when message forwards.
The forwarding unit is the network equipment on the routed path of message, for handling the message received.Tool Body can be for routing forwarding equipment such as the conventional router in traditional PCE networks, interchangers or based on control forwarding point From SDN in router or routing forwarding equipment, the embodiment of the present application such as interchanger this is not limited.For example, the forwarding Equipment can be specially the R8 shown in R1 or Fig. 2 shown in Fig. 1.
In a specific embodiment, forwarding unit receives the BGP UPDAT of first network equipment transmission After message, the flow-spec priority according to entrained by the BGP UPDAT message, traffic filtering condition and action item are understood Information, to generate corresponding BGP flow-spec list items.
S303, forwarding unit receive the BGP UPDAT message that the first network equipment is sent.
S304, the forwarding unit generate BGP flow-spec list items according to the BGP UPDATE messages, and by described in BGP flow-spec list items are stored in BGP flow-spec tables.
The BGP flow-spec tables include at least one BGP flow-spec list items, the BGP flow-spec tables Item includes the flow-spec priority, and the flow-spec priority exists for identifying the BGP flow-spec list items Priority when be used to instructing the message forward.
In a specific embodiment, when user is wished to carrying out flow control, example by the message of forwarding unit Such as, when carrying out specific routing forwarding to the message with specific source IP address for accessing some purpose IP address, the forwarding unit It is upper that the BGP flow-spec tables for including at least one BGP flow-spec list items are set.Wherein, BGP flow-spec tables Can include traffic filtering condition and for matching message used by action item information.The traffic filtering condition can be with Including purpose IP address, source IP address, source port number, destination slogan etc..The action item information can include being redirected to Some particular port, abandon, limitation transmission rate etc..So, forwarding unit can first inquire about BGP when receiving message Flow-spec tables, can root if the BGP flow-spec list items matched with the message in BGP flow-spec tables be present Message is handled according to the processing mode indicated by the action item information in the BPG flow-spec list items matched.
In a specific embodiment, as shown in figure 1, R1 receives controller 110 and sent as the forwarding unit The BGP UPDATE messages.
In another particular embodiment of the invention, as shown in Fig. 2 R8 receives flow analysis clothes as the forwarding unit The BGP UPDATE messages that business device 210 is sent.
The BGP UPDATE messages carry the flow-spec priority.Forwarding unit is according to the BGP UPDATE Message generates BGP flow-spec list items, and the BGP flow-spec list items are stored in BGP flow-spec tables.This Apply in embodiment, the BGP flow-spec tables of forwarding unit have carried out list item extension, add flow-spec priority words Section.Optionally, in the BGP flow-spec tables, each BGP flow-spec list items include flow-spec priority, flow Filter condition and action item information,.
BGP flow-spec list items involved by the embodiment of the present application are with excellent specified by the flow-spec priority First level is ranked up, and flow-spec priority is higher, then the priority of corresponding BGP flow-spec list items is higher.It is identical Priority follows the Type priority definition that RFC5575 is defined, class between the BGP flow-spec list items of flow-spec priority The smaller list item priority of model is higher.The form of the BGP flow-spec list items of flow-spec precedence fields is extended, As shown in table 4:
It will be understood by those skilled in the art that table 4 is only intended to the BGP flow- to extending flow-spec priority The information that spec list items are included schematically is illustrated.
EntryID Priority Filter Action
1 7 Source Prefix:A Action1
2 6 Destination Prefix:D Action 2
3 5 Source Prefix:B Action 3
n 0 Destination Prefix:Z Action n
Table 4
As shown in Table 4, for Entry1 using source IP address A as traffic filtering condition, flow-spec priority is 7.Entry2 with Purpose IP address D is traffic filtering condition, and its flow-spec priority is 6.I.e. Entry1 priority is excellent higher than Entry2 First level.
Optionally, when a plurality of BGP flow-spec list items be present in the BGP flow-spec tables, and every BGP Flow-spec list items include flow-spec priority respectively, and methods described 300 also includes S305:
When the forwarding unit carries out message forwarding, according to BGP described in the keyword priority match of the message The high BGP flow-spec list items of flow-spec priority in flow-spec tables, and according to the BGP flow-spec matched The processing mode of action item information instruction in list item is handled the message.
In a specific embodiment, with reference to Fig. 1 and table 4, as shown in figure 1, forwarding unit R1 receives source IP address During the purpose IP address D sent for A VIP client message, using the source IP address of the message and purpose IP address as key The high BGP flow-spec list items of flow-spec priority in BGP flow-spec tables described in word priority match.According to flow- The order of spec priority from high to low, carry out the matching of BGP flow-spec list items.Entry1 flow-spec priority ratios Entry2 flow-spec priority is high.Therefore, forwarding unit matches Entry1, and action item that can be in Entry1 is believed The processing mode of breath instruction is handled the message, for example, carrying out message forwarding by path X.Similarly, forwarding unit receives When the purpose IP address that non-VIP client sends is D message, according to the order of flow-spec priority from high to low, carry out BGP flow-spec list items match.Entry2 is matched, then the processing mode pair indicated according to the action item information in Entry2 The message is handled, for example, carrying out message forwarding by path Y.
In another particular embodiment of the invention, with reference to Fig. 2 and table 4, as shown in Fig. 2 forwarding unit R8 receives source IP During the attack message that the destination address that the attack source that address is A is sent is D, with the source IP address and purpose IP address of the message For the high BGP flow-spec list items of flow-spec priority in BGP flow-spec tables described in keyword priority match.Press According to the order of flow-spec priority from high to low, the matching of BGP flow-spec list items is carried out.Entry1 flow-spec is excellent First level is higher than Entry2 flow-spec priority.Therefore, forwarding unit matches Entry1, and meeting is dynamic in Entry1 The processing mode for making the instruction of item information is handled the message, for example, abandoning the message.Similarly, forwarding unit receives it When the purpose IP address that its IP address is sent is D message, according to the order of flow-spec priority from high to low, BGP is carried out Flow-spec list items match.Entry2 is matched, then the processing mode indicated according to the action item information in Entry2 is to described Message is handled, for example, the transmission rate of limitation message.
Before step S301, step S306 can also be included:
The first network equipment obtains the flow-spec priority.
Optionally, the first network equipment can be with dynamic configuration and each traffic filtering condition and action item information institute The flow-spec priority of matching.Optionally, the first network equipment can also static configuration and each traffic filtering The flow-spec priority that condition and action item information are matched.Optionally, the first network equipment can also lead to Cross between other network equipments in the BGP UPDATE messages interacted, obtain and believe with each traffic filtering condition and action item The flow-spec priority matched is ceased, relays to the forwarding unit.Wherein, other network equipments can be it Forwarding unit beyond its controller, other flow analysis servers or second network equipment.The application is implemented Example is not construed as limiting to this.
In summary, the method that the embodiment of the present application is provided, flow-spec is increased in BGP flow-spec list items Priority, the BGP flow-spec list items are identified by the flow-spec priority and be used to instruct message to forward When priority.By specifying the flow-spec priority, to adjust the priority of corresponding BGP flow-spec list items, And then effective control that behavior is forwarded to message is realized, it can flexibly carry out flow control.By method described herein, use In network traffics attack defending, for example, ddos attack is defendd, can effectively slow down attack traffic influences to caused by network.
It will be appreciated by those skilled in the art that:Journey can be passed through by realizing all or part of step of above method embodiment Sequence instructs related hardware to complete, and foregoing program can be stored in computer-readable storage medium, and the program exists During execution, execution the step of including above method embodiment, and foregoing storage medium includes:Read-only storage (English: Read-Only Memory, ROM), random access memory (English:Random Access Memory, RAM), it is erasable can Program read-only memory (English:Erasable ProgrammableRead-only Memory, EPROM), the read-only storage of CD Device (English:Compact Disc Read-only Memory, CD-ROM), magnetic disc or CD etc. are various can be with storage program In the medium of code.
In order to perform the method 300 in above-described embodiment, the embodiment of the present application provides a kind of network equipment 400, the net Network equipment 400 can specifically be performed for the first network equipment of method 300.Referring to Fig. 4, the network equipment 400 wraps Include:Processing unit 401 and transmitting element 402.
The processing unit 401, for generating Border Gateway Protocol (BGP) renewal UPDATE message, the BGP UPDATE Message is used to issue the regular flow-spec routes of BGP streams, and the BGP UPDATE messages include flow-spec priority.
The transmitting element 402, for sending the BGP UPDATE of the generation of processing unit 401 to forwarding unit Message, BGP flow-spec list items, the BGP are generated according to the BGP UPDATE messages to trigger the forwarding unit Flow-spec list items include the flow-spec priority, and the flow-spec priority is used to identify the BGP flow- Priority of the spec list items when be used to instruct message to forward.
The network equipment is the controller Controller under control forwarding separated network framework;Or
The network equipment is the forwarding unit that bgp peer is formed with the forwarding unit;Or
The network equipment is flow analysis servers.
Optionally, the flow-spec priority is carried on the extended community attribute word of the BGP UPDATE messages Duan Zhong.
Optionally, the flow-spec priority is carried on other attribute fields of the BGP UPDATE messages.Example Such as, the privately owned attribute field of extension in BGP UPDATE messages, for carrying the flow-spec priority, the application is implemented Example is not limited this.
In order to perform the method 300 in above-described embodiment, the embodiment of the present application provides a kind of forwarding unit 500, referring to Fig. 5, the forwarding unit include:Receiving unit 501 and list processing unit 502.
The receiving unit 501, for receiving the BGP UPDATE messages of first network equipment transmission, the BGP UPDATE message is used to issue BGP flow-spec routes, and the BGP UPDATE messages include flow-spec priority.
The list processing unit 502, for the BGP UPDATE messages generation received according to the receiving unit 501 BGP flow-spec list items, and the BGP flow-spec list items are stored in BGP flow-spec tables, the BGP Flow-spec list items include the flow-spec priority, and the flow-spec priority is used to identify the BGP flow- Priority of the spec list items when be used to instruct message to forward.
Optionally, the flow-spec priority is carried on the extended community attribute word of the BGP UPDATE messages Duan Zhong.
Optionally, the flow-spec priority is carried on other attribute fields of the BGP UPDATE messages.Example Such as, the privately owned attribute field of extension in BGP UPDATE messages, for carrying the flow-spec priority, the application is implemented Example is not limited this.
Optionally, the forwarding unit 500 also includes:Message retransmission unit 503.
Message retransmission unit 503, for when the forwarding unit carry out message forwarding when, according to the keyword of the message The high BGP flow-spec list items of flow-spec priority in BGP flow-spec tables described in priority match, and according to matching To BGP flow-spec list items in action item information instruction processing mode the message is handled;Wherein, it is described A plurality of BGP flow-spec list items in BGP flow-spec tables be present, and every BGP flow-spec list item includes respectively Flow-spec priority.
Optionally, the first network equipment is the controller Controller under control forwarding separated network framework.
Optionally, the first network equipment is that the forwarding unit of bgp peer is formed with the forwarding unit.
Optionally, the first network equipment is flow analysis servers.
It each functional unit in each embodiment of the application, can be realized by circuit, programmed instruction phase can also be passed through The hardware of pass realizes that above-mentioned hardware can use various equipment well known to those skilled in the art, such as:Can be at network Manage device (English:Network Processor, NP), central processing unit (English:Central Processing Unit, CPU) Etc..
Each functional unit in each embodiment of the application can integrate in a processor or unit Individually be physically present, can also two or more circuits be integrated in a circuit.Above-mentioned each functional unit can both be adopted Realized, can also be realized in the form of SFU software functional unit with the form of hardware.
Fig. 6 and Fig. 7 show Fig. 3 embodiments provide method 300 in, the first network equipment and the forwarding unit Possible hardware architecture diagram.The first network equipment can be first network equipment 600 as shown in Figure 6, and forwarding is set Standby can be forwarding unit 700 as shown in Figure 7.The forwarding unit 700 shown in first network equipment 600 and Fig. 7 shown in Fig. 6 It can be used for performing the method 300 described in Fig. 3 embodiments.
As shown in fig. 6, the first network equipment 600 includes processor 601 and network interface 602.The processor 601 It can be communicated by network interface 602 with the forwarding unit.
The processor 601, for generating BGP UPDATE messages, the BGP UPDATE messages are used to issue BGP Flow-spec is route, and the BGP UPDATE messages include flow-spec priority;
The network interface 602, the BGP UPDATE for sending the generation of processor 601 to forwarding unit disappear Breath, BGP flow-spec list items, the BGP are generated according to the BGP UPDATE messages to trigger the forwarding unit Flow-spec list items include the flow-spec priority, and the flow-spec priority is used to identify the BGP flow- Priority of the spec list items when be used to instruct message to forward.
Optionally, the first network equipment can be the controller under control forwarding separated network framework Controller.Optionally, the first network equipment can also be that the forwarding that bgp peer is formed with the forwarding unit is set It is standby.Optionally, the first network equipment can also be flow analysis servers.The embodiment of the present application is not construed as limiting to this.
The flow-spec priority is carried in the extended community attribute field of the BGP UPDATE messages.
Optionally, the flow-spec priority is carried on other attribute fields of the BGP UPDATE messages.Example Such as, the privately owned attribute field of extension in BGP UPDATE messages, for carrying the flow-spec priority, the application is implemented Example is not limited this.
In another embodiment, as shown in fig. 6, the first network equipment 600 can include:Processor 601, net Network interface 602 and memory 603.The memory 603 and processor 601 can be communicated by bus 604;The processor 601 are communicated by network interface 602 with the forwarding unit.
The memory 603, include program, instruction or code for storing;
The processor 601, for performing program, instruction or code in memory 603, in Method Of Accomplishment 300 S301 and S306 operation.
The network interface 602, the operation for S302 in Method Of Accomplishment 300.
The function of transmitting element 402 can be realized by network interface 602 in Fig. 4.The function of processing unit 401 can in Fig. 4 To be realized by processor 601.
As shown in fig. 7, the forwarding unit 700 includes network interface 701 and processor 702,
The network interface 701, for receiving the BGP UPDATE messages of first network equipment transmission, the BGP UPDATE message is used to issue BGP flow-spec routes, and the BGP UPDATE messages include flow-spec priority;
The processor 702, the BGP UPDATE messages for being received according to the network interface 701 generate BGP Flow-spec list items, and the BGP flow-spec list items are stored in BGP flow-spec tables, the BGP flow- Spec list items include the flow-spec priority, and the flow-spec priority is used to identify the BGP flow-spec Priority of the list item when be used to instruct message to forward.
Optionally, the processor 702, can be also used for when the forwarding unit carries out message forwarding, according to described The high BGP flow-spec tables of flow-spec priority in BGP flow-spec tables described in the keyword priority match of message , and the processing mode of the action item information instruction in the BGP flow-spec list items matched is carried out to the message Processing;Wherein, a plurality of BGP flow-spec list items, and every BGP flow- in the BGP flow-spec tables be present Spec list items include flow-spec priority respectively.
Optionally, the flow-spec priority is carried on the extended community attribute word of the BGP UPDATE messages Duan Zhong.
Optionally, the flow-spec priority is carried on other attribute fields of the BGP UPDATE messages.Example Such as, the privately owned attribute field of extension in BGP UPDATE messages, for carrying the flow-spec priority, the application is implemented Example is not limited this.
Optionally, the first network equipment can be the controller under control forwarding separated network framework Controller.Optionally, the first network equipment can also be that the forwarding that bgp peer is formed with the forwarding unit is set It is standby.Optionally, the first network equipment can also be flow analysis servers.The embodiment of the present application is not construed as limiting to this.
In another embodiment, the forwarding unit 700 includes network interface 701, processor 702 and memory 703.The memory 703 and processor 702 can be communicated by bus 704;The processor 702 can pass through network interface 701 with the first network equipment communication.
The memory 703, include program, instruction or code for storing;
The processor 702, for performing program, instruction or code in memory 703, in Method Of Accomplishment 300 S304, S305 operation.
The network interface 701, the operation for S301 in Method Of Accomplishment 300.
The function of receiving unit 501 can be realized by network interface 701 in Fig. 5, list processing unit 502 and message in Fig. 5 The function of retransmission unit 503 can be realized by processor 702.
Memory 603 or memory 703 can be but not limited to RAM, ROM, EPROM, CD-ROM, hard disk or magnetic disc Etc. it is various can be with the medium of storage program instruction code, the embodiment of the present application is not construed as limiting to this.
The processor 601 or the memory 702, can be one or more CPU, should in the case of a CPU CPU can be monokaryon CPU or multi-core CPU, and the embodiment of the present application is not construed as limiting to this.
Network interface 602 or network interface 701 are to be wireline interface, such as Fiber Distributed Data Interface (English: Fiber Distributed Data Interface, FDDI), gigabit Ethernet (English:Gigabit Ethernet, GE) connect Mouthful etc., the embodiment of the present application is not construed as limiting to this.
Present invention also offers a kind of communication system, including first network equipment and forwarding unit, the first network is set Standby can be the network equipment shown in Fig. 4 or Fig. 6.The forwarding unit can be the forwarding unit shown in Fig. 5 or Fig. 7.It is described First network equipment and forwarding unit are used to perform the method 300 of the generation list item described in the embodiment of the present application.
It is apparent to those skilled in the art that for convenience and simplicity of description, the equipment of foregoing description, The specific work process of system and unit, the corresponding process in preceding method embodiment is may be referred to, will not be repeated here.
If the integrated unit is realized in the form of combination of hardware software and is used as independent production marketing or use When, the software can be stored in a computer read/write memory medium.Based on such understanding, technical side of the invention The some technical characteristics that case contributes to prior art can be embodied in the form of software product, computer software production Product are stored in a storage medium, including some instructions to cause a computer equipment (can be personal computer, clothes It is engaged in device, or network equipment etc.) perform the part or all of step of each embodiment methods described of the present invention.And foregoing storage Medium can be USB flash disk, mobile hard disk, ROM, RAM, magnetic disc or CD.
The various pieces of this specification are described by the way of progressive, identical similar portion between each embodiment Divide mutually referring to what each embodiment introduced is and other embodiment difference.Especially for device and it is For embodiment of uniting, because it is substantially similar to embodiment of the method, so description is fairly simple, related part is real referring to method Apply the explanation of example part.
Finally, it is necessary to which explanation is:The preferred embodiment of technical solution of the present invention is the foregoing is only, is not intended to Limit protection scope of the present invention.Obviously, those skilled in the art can carry out various changes and modification without de- to the application From the scope of the present invention.If these modifications and variations of the application belong to the scope of the application claim and its equivalent technologies Within, then any modification, equivalent substitution and improvements made etc., it should be included in the scope of the protection.

Claims (14)

  1. A kind of 1. method for generating list item, it is characterised in that methods described includes:
    First network equipment generation Border Gateway Protocol (BGP) renewal UPDATE message, the BGP UPDATE messages are used to issue BGP flows regular flow-spec routes, and the BGP UPDATE messages include flow-spec priority;
    The first network equipment sends the BGP UPDATE messages to forwarding unit, to trigger the forwarding unit according to institute BGP UPDATE messages generation BGP flow-spec list items are stated, the BGP flow-spec list items include the flow-spec Priority, the flow-spec priority are used to identify the BGP flow-spec list items when be used to instruct message to forward Priority.
  2. 2. according to the method for claim 1, it is characterised in that
    The first network equipment is the controller Controller under control forwarding separated network framework;Or
    The first network equipment is that the forwarding unit of bgp peer is formed with the forwarding unit;Or
    The first network equipment is flow analysis servers.
  3. 3. method according to claim 1 or 2, it is characterised in that the flow-spec priority is carried on described In the extended community attribute field of BGP UPDATE messages.
  4. A kind of 4. method for generating list item, it is characterised in that methods described includes:
    Forwarding unit receives the Border Gateway Protocol (BGP) renewal UPDATE message that first network equipment is sent, the BGP UPDATE message is used to issue the regular flow-spec routes of BGP streams, and it is excellent that the BGP UPDATE messages include flow-spec First level;
    The forwarding unit generates BGP flow-spec list items according to the BGP UPDATE messages, and by the BGP flow- Spec list items are stored in BGP flow-spec tables, and the BGP flow-spec list items include the flow-spec priority, The flow-spec priority is preferential when be used to instruct message to forward for identifying the BGP flow-spec list items Level.
  5. 5. method according to claim 4, it is characterised in that when a plurality of BGP flow- in the BGP flow-spec tables being present During spec list items, and every BGP flow-spec list item includes flow-spec priority respectively, and methods described also includes:
    When the forwarding unit carries out message forwarding, according to BGP flow- described in the keyword priority match of the message The high BGP flow-spec list items of flow-spec priority in spec tables, and according to the BGP flow-spec list items matched In action item information instruction processing mode the message is handled.
  6. 6. the method according to claim 4 or 5, it is characterised in that the first network equipment is control forwarding separate mesh Controller Controller under network framework;Or
    The first network equipment is that the forwarding unit of bgp peer is formed with the forwarding unit;Or
    The first network equipment is flow analysis servers.
  7. A kind of 7. network equipment, it is characterised in that including:
    Processing unit, for generating Border Gateway Protocol (BGP) renewal UPDATE message, the BGP UPDATE messages are used to issue BGP flows regular flow-spec routes, and the BGP UPDATE messages include flow-spec priority;
    Transmitting element, for sending the BGP UPDATE messages of the processing unit generation to forwarding unit, to trigger State forwarding unit and BGP flow-spec list items, the BGP flow-spec list item bags are generated according to the BGP UPDATE messages Include the flow-spec priority, the flow-spec priority be used to identifying the BGP flow-spec list items by with Priority when instructing message to forward.
  8. 8. the network equipment according to claim 7, it is characterised in that
    The network equipment is the controller Controller under control forwarding separated network framework;Or
    The network equipment is the forwarding unit that bgp peer is formed with the forwarding unit;Or
    The network equipment is flow analysis servers.
  9. 9. the network equipment according to claim 7 or 8, it is characterised in that
    The flow-spec priority is carried in the extended community attribute field of the BGP UPDATE messages.
  10. A kind of 10. forwarding unit, it is characterised in that including:
    Receiving unit, the Border Gateway Protocol (BGP) for receiving the transmission of first network equipment update UPDATE message, the BGP UPDATE message is used to issue the regular flow-spec routes of BGP streams, and it is excellent that the BGP UPDATE messages include flow-spec First level;
    List processing unit, the BGP UPDATE messages for being received according to receiving unit generate BGP flow-spec list items, And the BGP flow-spec list items are stored in BGP flow-spec tables, the BGP flow-spec list items include institute Flow-spec priority is stated, the flow-spec priority be used to refer to for identifying the BGP flow-spec list items Priority during Leader text forwarding.
  11. 11. forwarding unit according to claim 10, it is characterised in that the forwarding unit also includes:
    Message retransmission unit, for when the forwarding unit carries out message forwarding, according to preferential of the keyword of the message With the high BGP flow-spec list items of flow-spec priority in the BGP flow-spec tables, and according to the BGP matched The processing mode of action item information instruction in flow-spec list items is handled the message;Wherein, the BGP A plurality of BGP flow-spec list items in flow-spec tables be present, and every BGP flow-spec list item includes flow- respectively Spec priority.
  12. 12. the forwarding unit according to claim 10 or 11, it is characterised in that
    The flow-spec priority is carried in the extended community attribute field of the BGP UPDATE messages.
  13. 13. according to the forwarding unit described in claim any one of 10-12, it is characterised in that
    The first network equipment is the controller Controller under control forwarding separated network framework;Or
    The first network equipment is that the forwarding unit of bgp peer is formed with the forwarding unit;Or
    The first network equipment is flow analysis servers.
  14. 14. a kind of communication system, including any one of the network equipment described in claim any one of 7-9 and claim 10-13 Described forwarding unit.
CN201610506186.7A 2016-06-30 2016-06-30 Method and equipment for generating table entry Active CN107566298B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201610506186.7A CN107566298B (en) 2016-06-30 2016-06-30 Method and equipment for generating table entry
CN202111366024.5A CN114205312A (en) 2016-06-30 2016-06-30 Method and equipment for generating table entry

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610506186.7A CN107566298B (en) 2016-06-30 2016-06-30 Method and equipment for generating table entry

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN202111366024.5A Division CN114205312A (en) 2016-06-30 2016-06-30 Method and equipment for generating table entry

Publications (2)

Publication Number Publication Date
CN107566298A true CN107566298A (en) 2018-01-09
CN107566298B CN107566298B (en) 2021-11-19

Family

ID=60969879

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202111366024.5A Pending CN114205312A (en) 2016-06-30 2016-06-30 Method and equipment for generating table entry
CN201610506186.7A Active CN107566298B (en) 2016-06-30 2016-06-30 Method and equipment for generating table entry

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN202111366024.5A Pending CN114205312A (en) 2016-06-30 2016-06-30 Method and equipment for generating table entry

Country Status (1)

Country Link
CN (2) CN114205312A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108616451A (en) * 2018-04-25 2018-10-02 新华三技术有限公司 A kind of Flow Spec routing take-effective method, device and the network equipment
CN110868429A (en) * 2019-12-20 2020-03-06 北京网太科技发展有限公司 BGP routing protocol security protection method and device
WO2022228410A1 (en) * 2021-04-30 2022-11-03 华为技术有限公司 Routing information processing method and apparatus
EP4203427A4 (en) * 2020-09-22 2024-02-28 Huawei Tech Co Ltd Traffic processing method, apparatus, and network device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2146465A1 (en) * 2008-07-15 2010-01-20 Deutsche Thomson OHG A method for managing data transmission according to a quality of service in a network assembly and a computer network system
CN101888334A (en) * 2009-05-11 2010-11-17 丛林网络公司 Utilize the routing policy expanded that dynamically the redefines structure of route priority value
CN103457820A (en) * 2013-08-27 2013-12-18 华为技术有限公司 Method and device for achieving layering virtual special local area network service
CN104426768A (en) * 2013-09-05 2015-03-18 华为技术有限公司 Data message forwarding method and device
CN104821890A (en) * 2015-03-27 2015-08-05 上海博达数据通信有限公司 Realization method for OpenFlow multi-level flow tables based on ordinary switch chip

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2146465A1 (en) * 2008-07-15 2010-01-20 Deutsche Thomson OHG A method for managing data transmission according to a quality of service in a network assembly and a computer network system
CN101888334A (en) * 2009-05-11 2010-11-17 丛林网络公司 Utilize the routing policy expanded that dynamically the redefines structure of route priority value
CN103457820A (en) * 2013-08-27 2013-12-18 华为技术有限公司 Method and device for achieving layering virtual special local area network service
CN104426768A (en) * 2013-09-05 2015-03-18 华为技术有限公司 Data message forwarding method and device
CN104821890A (en) * 2015-03-27 2015-08-05 上海博达数据通信有限公司 Realization method for OpenFlow multi-level flow tables based on ordinary switch chip

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ZIED BEN HOUIDI: "A new VPN routing approach for large scale networks", 《 THE 18TH IEEE INTERNATIONAL CONFERENCE ON NETWORK PROTOCOLS》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108616451A (en) * 2018-04-25 2018-10-02 新华三技术有限公司 A kind of Flow Spec routing take-effective method, device and the network equipment
CN108616451B (en) * 2018-04-25 2020-12-29 新华三技术有限公司 Flow Spec route validation method, device and network equipment
CN110868429A (en) * 2019-12-20 2020-03-06 北京网太科技发展有限公司 BGP routing protocol security protection method and device
EP4203427A4 (en) * 2020-09-22 2024-02-28 Huawei Tech Co Ltd Traffic processing method, apparatus, and network device
US11924103B2 (en) 2020-09-22 2024-03-05 Huawei Technologies Co., Ltd. Traffic processing method, apparatus, and network device
WO2022228410A1 (en) * 2021-04-30 2022-11-03 华为技术有限公司 Routing information processing method and apparatus

Also Published As

Publication number Publication date
CN114205312A (en) 2022-03-18
CN107566298B (en) 2021-11-19

Similar Documents

Publication Publication Date Title
CN104243270B (en) A kind of method and apparatus for establishing tunnel
EP3213489B1 (en) Content classification and content marking for information centric networks
EP3213480B1 (en) Content filtering for information centric networks
JP6430634B2 (en) Chaining network service functions in communication networks
CN105051688B (en) Expanded mark networking
US9548896B2 (en) Systems and methods for performing network service insertion
CN106789542B (en) A kind of implementation method of cloud data center security service chain
US8259612B2 (en) Method of routing multicast traffic
CN108989212A (en) The Routing Protocol signaling and its relationship of multiple next-hops
CN108989213A (en) It is arranged using the selected structural path transmission LSP between dummy node
CN108989202A (en) The forwarding based on structural path context for dummy node
CN108989203A (en) Selected structural path of the notice for the service routing in dummy node
CN106921572B (en) A kind of method, apparatus and system for propagating qos policy
CN106797347A (en) Method, system and computer-readable medium for virtual architecture route
JP6248938B2 (en) Communication system, virtual network management apparatus, virtual network management method and program
CN106936715A (en) virtual machine message control method and device
CN108259341A (en) A kind of prefix label distribution method and SDN controllers
CN104579894B (en) The IGMP Snooping implementation methods and device of the distributed virtual switch system
CN107181691B (en) Method, equipment and system for realizing message routing in network
US9973578B2 (en) Real time caching efficient check in a content centric networking (CCN)
CN107566298A (en) A kind of method and apparatus for generating list item
Kulkarni et al. Neo-NSH: Towards scalable and efficient dynamic service function chaining of elastic network functions
CN104486229B (en) A kind of method and apparatus for realizing the forwarding of VPN message
RU2675212C1 (en) Adaptive load balancing during package processing
Balasas et al. Performance Evaluation of Routing Protocols for BIG Data Application

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant