CN107809364B - Message forwarding method and device - Google Patents

Message forwarding method and device Download PDF

Info

Publication number
CN107809364B
CN107809364B CN201610813271.8A CN201610813271A CN107809364B CN 107809364 B CN107809364 B CN 107809364B CN 201610813271 A CN201610813271 A CN 201610813271A CN 107809364 B CN107809364 B CN 107809364B
Authority
CN
China
Prior art keywords
message
sfc
vxlan
node
forwarding
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610813271.8A
Other languages
Chinese (zh)
Other versions
CN107809364A (en
Inventor
牟彦
徐燕
刘畅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou H3C Technologies Co Ltd
Original Assignee
Hangzhou H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou H3C Technologies Co Ltd filed Critical Hangzhou H3C Technologies Co Ltd
Priority to CN201610813271.8A priority Critical patent/CN107809364B/en
Publication of CN107809364A publication Critical patent/CN107809364A/en
Application granted granted Critical
Publication of CN107809364B publication Critical patent/CN107809364B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/64Hybrid switching systems
    • H04L12/6418Hybrid transport
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/302Route determination based on requested QoS
    • H04L45/306Route determination based on the nature of the carried application

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a message forwarding method and a device, wherein the method comprises the following steps: the Vxlan message from the SFC forwarding node or the remote SFC proxy node is received, and the Vxlan unpackaged message is matched with a prestored flow table item according to the service chain identifier carried by the Vxlan message; sending a message after Vxlan de-encapsulation according to the first forwarding information indicated by the matched first flow table item; receiving a message from a service node, and matching the message with a prestored flow table item according to a quintuple of the message, a port of the device for receiving the message and Vlan information corresponding to the port; and sending the message according to the second forwarding information indicated by the matched second flow table item.

Description

Message forwarding method and device
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method and an apparatus for forwarding a packet.
Background
In addition to SFC (Service Function Chain) networking, there may be many Service nodes, such as traditional Service nodes like firewalls (firewalls), QoS (quality of Service), IPS (Intrusion Prevention System), load balancers, etc., which provide necessary services.
In an environment with service chain deployment requirements, specific services can be combined into an ordered set, and service messages are guided to pass through service nodes in sequence, so that when the messages are transmitted in a data center, corresponding processing can be completed through various service nodes, and safe, rapid and stable network service is guaranteed.
However, since the service node device is expensive, the updating speed is slow, and in order to save cost, when the SFC networking is deployed, there is a conventional service node that does not support the SFC function, so how to implement service processing in the SFC networking having the service node that does not support the SFC function is an urgent problem to be solved.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a message forwarding method and a message forwarding device.
The invention provides a message forwarding method, which is applied to SFC proxy nodes in an SFC network, wherein the number of the SFC proxy nodes in the SFC network is one or more, the SFC network also comprises SFC forwarding nodes, a Vxlan tunnel is established between the SFC forwarding nodes and the SFC proxy nodes, and if the SFC network has a plurality of SFC proxy nodes, the Vxlan tunnel is established between the SFC proxy nodes, wherein the method comprises the following steps:
the Vxlan message from the SFC forwarding node or the remote SFC proxy node is received, and the Vxlan unpackaged message is matched with a prestored flow table item according to the service chain identifier carried by the Vxlan message; sending a message after Vxlan de-encapsulation according to the first forwarding information indicated by the matched first flow table item;
receiving a message from a service node, and matching the message with a prestored flow table item according to a quintuple of the message, a port of the device for receiving the message and Vlan information corresponding to the port; and sending the message according to the second forwarding information indicated by the matched second flow table item.
The invention also provides a message forwarding device, which is applied to the SFC proxy nodes in the SFC network, wherein one or more SFC proxy nodes in the SFC network are provided, the SFC network also comprises the SFC forwarding nodes, Vxlan tunnels are established between the SFC forwarding nodes and the SFC proxy nodes, and if a plurality of SFC proxy nodes are provided in the SFC network, Vxlan tunnels are established between the SFC proxy nodes, the device comprises:
the first receiving unit is used for receiving Vxlan messages from the SFC forwarding node or the remote SFC proxy node, and matching the messages after Vxlan decapsulation with the prestored flow table items according to the service chain identifiers carried by the Vxlan messages; sending a message after Vxlan de-encapsulation according to the first forwarding information indicated by the matched first flow table item;
a second receiving unit, configured to receive a packet from a service node, and match the packet with a pre-stored flow table entry according to a quintuple of the packet, a port of the device receiving the packet, and Vlan information corresponding to the port; and sending the message according to the second forwarding information indicated by the matched second flow table item.
According to the message forwarding method and device provided by the invention, a high-volume service node with an SFC function is not required to be deployed in an SFC network, the deployed SFC proxy node is interconnected with the traditional service node through Vlan, the flow is introduced into the traditional service node for processing through message characteristics and Vlan information, the flow returned by the traditional service node is returned to the Vxlan network after service chain encapsulation is carried out again, the usability of the SFC network is increased, and the node deployment cost is greatly reduced.
Drawings
Fig. 1 is a schematic diagram of an SFC network to which a packet forwarding method is applied in an embodiment of the present invention;
fig. 2 is a schematic flow chart of a message forwarding method in the embodiment of the present invention;
fig. 3 is a schematic diagram of a format of Vxlan header information in the embodiment of the present invention;
fig. 4 is a schematic diagram of a logic structure of a message forwarding apparatus according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a hardware architecture of an SFC proxy node where a packet forwarding device is located in the embodiment of the present invention.
Detailed Description
For the purpose of making the present application more apparent, its technical solutions and advantages will be further described in detail with reference to the accompanying drawings.
In order to solve the problems in the prior art, the invention provides a message forwarding method and a message forwarding device.
Fig. 1 shows an SFC network schematic diagram applied to a message forwarding method of the present invention, which includes multiple SFC forwarding nodes 101 and 102, a virtual host VM103 accessing the SFC forwarding node 101, a virtual host VM104 and a virtual host VM105 accessing the SFC forwarding node 102, an SFC proxy node 106 connecting the SFC forwarding node 101, an SFC proxy node 107 connecting the SFC forwarding node 102, multiple service nodes 108 and 109 accessing the SFC proxy node 106, and a service node 110 accessing the SFC proxy node 107, where a Vxlan tunnel is established between the SFC forwarding node 101 and the SFC proxy node 106, a Vxlan tunnel is established between the SFC forwarding node 102 and the SFC proxy node 107, and a Vxlan tunnel is established between the SFC proxy node 106 and the SFC proxy node 107. In addition, an SFC controller (not shown in fig. 1) may be included in the SFC network. The SFC forwarding nodes 101 and 102 may be an Access Controller (AC), a switch, etc., the service nodes 108, 109, and 110 are conventional service nodes that do not support the SFC function, such as FireWall, QoS, IPS, and a load balancer, and the SFC Controller may issue flow entries for each SFC forwarding node and SFC proxy node according to a preconfigured service chain to guide the service packet to complete corresponding processing through the service nodes in sequence.
In an SFC networking, it is one of the currently mainstream SFC technologies to implement drainage of an SFC message by using a Vxlan (Virtual Extensible Lan) encapsulation, and therefore, in the following embodiment of the present invention, an SFC message is exemplarily described as a Vxlan message for Vxlan encapsulation.
In this embodiment, a user may deploy a service chain through the SFC controller as needed, and services in the service chain may be configured to be one or more, for example, three services, i.e., FireWall- > QoS- > IPS, may be configured to construct a service chain. Each service chain has its own identity, i.e. ServicepathID (service chain identity).
After the service chain is deployed, the SFC controller may generate a corresponding flow entry according to the service chain, and issue the flow entry to each SFC forwarding node and the SFC proxy node, so that after the SFC forwarding node and the SFC proxy node receive the SFC packet, the SFC packet may be forwarded to the corresponding service node according to the corresponding flow entry for corresponding processing, and the processed packet is forwarded to the corresponding destination host.
In combination with the networking shown in fig. 1, in the embodiment of the present invention, the SFC proxy node needs to send a packet from the SFC forwarding node or the remote SFC proxy node to the service node for processing according to the flow table entry, and send the packet processed by the service node to the next-hop service node for processing or to the destination host. For the convenience of description, a flow entry hit by a packet from an SFC forwarding node or a remote SFC proxy node is referred to as a first flow entry, and a flow entry hit by a packet from a service node is referred to as a second flow entry, and the method includes the following steps:
step 201, receiving a Vxlan message from an SFC forwarding node or a remote SFC proxy node, and matching the Vxlan decapsulated message with a prestored flow table item according to a service chain identifier carried by the Vxlan message; and sending the message after Vxlan decapsulation according to the first forwarding information indicated by the matched first flow table item.
Before the SFC proxy node receives the Vxlan message from the SFC forwarding node, the processing of the message by the SFC forwarding node is simply introduced.
In this embodiment, when the hosts communicate with each other, the source host may carry, in a message, an Identifier of a Vlan (virtual local Area Network Identification), that is, a Vlan id, of a Vlan id to which the host belongs (for convenience of subsequent description, referred to as a source SFC forwarding node for short), where the Vlan id is sent to an SFC forwarding node to which the host accesses, and after receiving the message, the source SFC forwarding node obtains the Vlan id carried in the message, and obtains, in the pre-stored correspondence information between the Vlan and the Vxlan, a VNI (Vxlan Network Identifier ) corresponding to the Vlan id carried in the message.
The source SFC forwarding node may also obtain a packet characteristic of the packet, where the packet characteristic is at least one item of quintuple information, for example: the source IP address and the destination IP address of the message. And the source SFC forwarding node matches the acquired message characteristics with the flow table items issued by the SFC controller. The flow entry may be as shown in table 1:
Figure BDA0001112397520000051
TABLE 1
Table 1 shows a flow entry issued by the SFC controller to the source SFC forwarding node, which is merely an example for further understanding the present invention and is not used to limit the specific content of the flow entry in the embodiment of the present invention.
After the source SFC forwarding node matches the source IP address and the destination IP address in the acquired packet feature in the flow table entry, if the matching is successful, for example, the flow table entry shown in table 1 is matched, the information of the action domain in the flow table entry may be acquired, including: a Vxlan tunnel source IP address, a Vxlan tunnel destination IP address and a servicepathID. The Vxlan tunnel source IP address is the VtepIP address of the SFC forwarding node, and the Vxlan tunnel destination IP address is the VtepIP address of the SFC proxy node to which the first service node in the service chain belongs. Then, the source SFC forwarding node performs Vxlan encapsulation on the packet according to the information of the action domain, and sends the packet to the SFC proxy node to which the first service node in the service chain belongs, where it is noted that the servicepath id is carried in the tunnel information (Vxlan header information) of the Vxlan packet.
The format of the Vxlan header information may be as shown in fig. 3, and includes a flag bit, a service Chain field, a Vxlan id field, and a reserved field. When the 'S' bit of the mark bit is 1, the ServiceChain field in the Vxlan header information is valid, and when the 'S' bit of the mark bit is 0, the ServiceChain field is invalid; the Service Chain field length is 24 bits, and the Service Chain field length is composed of a direction mark bit D and a servicePath ID, when the direction mark of the D bit is 0, the Vxlan message is represented as a forward message, and when the direction mark is 1, the Vxlan message is represented as a reverse message; the length of the ServicePathID is 23 bits and is used for identifying a service chain, and the acquired ServicePathID can be added to the field; the VxlaniD field is the VNI acquired by the SFC forwarding node; the reserved field is used to add reservation information.
It is worth mentioning that in an implementation manner, when the forward and reverse Vxlan messages have the same servicepath id, the direction of the Vxlan message can be distinguished by setting a corresponding direction identifier at a "D" bit of a Service Chain field of the Vxlan message; in another embodiment, the Vxlan message and the reverse Vxlan message can be configured with different service chains and different servicepathids, respectively, without distinguishing the direction of the Vxlan message.
In the networking shown in fig. 1, when an SFC proxy node to which a first service node in a service chain belongs receives a Vxlan message sent by a source SFC forwarding node, Vxlan decapsulation is performed on the Vxlan message, and then the message is sent to the first service node according to a matched flow table item; the message processed by the first service node is retransmitted to the SFC proxy node; and if the next-hop service node is not accessed to the SFC proxy node, the SFC proxy node performs Vxlan packaging on the message according to the flow table entry and then sends the message to a remote SFC proxy node accessed to the next-hop service node. Therefore, the sources of the Vxlan packet received by the SFC proxy node in this embodiment include two nodes, one is an SFC forwarding node, and the other is a remote SFC proxy node.
The first flow entry maintained on the SFC proxy node may be as shown in table 2.
Matching domains Action domain
ServicepathID Egress port, vlan ID
TABLE 2
Wherein, the output port and the vlan id are the first forwarding information. If the Vxlan message received by the SFC proxy node is from the SFC forwarding node (for example, the Vxlan message sent by the source SFC forwarding node according to the flow table entry shown in the table 1), the output port is a port of a first service node connected with a service chain on the SFC proxy node; if the Vxlan message received by the SFC proxy node comes from the remote SFC proxy node, the output port is a port connected to the next-hop service node on the SFC proxy node (the next-hop service node is determined according to the service chain, and here, may be an intermediate service node or a tail service node of the service chain). The vlan id is pre-configured for the port on the SFC proxy node to which the service node is connected.
Then, when the SFC proxy node receives the Vxlan message from the SFC forwarding node, the Vxlan decapsulated message may be sent to the first service node accessed to itself according to the matched first flow entry; when the SFC proxy node receives a Vxlan message from a remote SFC proxy node, the message after Vxlan decapsulation can be sent to a middle service node or a tail service node according to the matched first flow table item.
Step 203, receiving a message from a service node, and matching the message with a prestored flow table item according to a five-tuple of the message, a port of the device for receiving the message and Vlan information corresponding to the port; and sending the message according to the second forwarding information indicated by the matched second flow table item.
In this embodiment, after the service node performs service processing on the packet, the service node needs to send the processed packet to the SFC proxy node to which the service node is accessed.
Here, the packet after the service node performs the service processing may be forwarded according to a forwarding function supported by the service node. For example: when the service node is a forwarding function supporting single-arm access, the method comprises the following steps: an output port when the SFC proxy node sends the message to the service node and an input port when the SFC proxy node receives the message processed by the service node are the same; when the service node supports the forwarding function of two arms and the Vlan, the output port and the input port are different ports, and the vlans of the two ports are the same; when the service node supports the forwarding function of dual-arm cross-Vlan, the output port and the input port are different ports, and the vlans to which the two ports belong are different.
No matter what forwarding mode is adopted, after the SFC proxy node receives the message sent by the service node, the five-tuple of the message, the port of the device receiving the message, and the Vlan information (Vlan id) corresponding to the port are obtained, and the message is matched with the pre-stored flow table entry according to the five-tuple of the message, the port of the device receiving the message, and the Vlan id corresponding to the port, and the matched flow table entry is the second flow table entry.
If the SFC proxy node receives the packet from the service node and the next hop service node also accesses the SFC proxy node, in an embodiment, the content of the second flow entry may be as shown in table 3:
Figure BDA0001112397520000071
TABLE 3
The egress port and vlan id are the second forwarding information. Wherein, the output port is the port connected with the next hop service node on the SFC proxy node. The vlan id is pre-configured for that port.
And then, the SFC proxy node sends the message from the service node hitting the second flow table item to a corresponding next hop service node for processing according to the output port and the vlan ID.
In another embodiment, the contents of the second flow entry may also be as shown in table 4, where the SFC proxy node receives a message from the service node, and if the next-hop service node of the message is not accessed to the SFC proxy node, it indicates that the message needs to be sent to the SFC proxy node accessed by the next-hop service node through the Vxlan tunnel:
Figure BDA0001112397520000081
TABLE 4
And the service chain identifier, the source IP address and the destination IP address of the Vxlan tunnel are the second forwarding information.
Then, the SFC proxy node performs Vxlan encapsulation on the message hitting the second flow table entry, adds the ServicePathID in the action domain information of the second flow table entry in the Vxlan encapsulated message, and sends the Vxlan encapsulated message to the SFC proxy node corresponding to the destination IP address of the Vxlan tunnel.
In another embodiment, the contents of the second flow entry may also be as shown in table 5, where the SFC proxy node receives a packet from the service node, and if the service node is a tail node of the service chain (that is, there is no next-hop service node), it indicates that the packet needs to be sent to the SFC forwarding node through the Vxlan tunnel:
Figure BDA0001112397520000082
TABLE 5
The Normal may be an identifier indicating that the service chain is completed, but may also be replaced by another identifier, which is not limited in the present invention. Which is used to instruct the SFC proxy node to send the message to the SFC forwarding node accessed by the destination host.
When the message hits the second flow table entry with the action domain being Normal, it is determined that the message completes service processing on all service nodes according to the service chain, the SFC forwarding node to which the destination host of the message is accessed can be searched, and after Vxlan encapsulation is performed on the message, the Vxlan encapsulated message is sent to the SFC forwarding node according to the Vxlan tunnel established with the SFC forwarding node, so that the SFC forwarding node matches the host online flow table according to the destination MAC address of the message, and finally the message is sent to the corresponding destination host according to forwarding information in the matched flow table entry, so as to complete communication between the hosts. At this time, since the packet completes all services on the service node according to the service chain, the service chain identifier does not need to be added when the packet is sent to the SFC forwarding node.
When the source host and the target host are three-layer cross-network-segment hosts, the SFC proxy node receives a message from the service node at the tail, the message hits a second flow table item shown in table 5, and the message is Vxlan-encapsulated according to a flow table action domain and then is sent to the SFC forwarding node accessed by the target host through the three-layer gateway.
Therefore, the message forwarding method provided by the embodiment of the invention does not need to deploy a high-volume service node with an SFC function in an SFC network, but interconnects the deployed SFC proxy node with the traditional service node through Vlan, introduces the flow into the traditional service node for processing through the message characteristics and Vlan information, performs service chain encapsulation on the flow returned by the traditional service node again, and returns the flow to the Vxlan network, thereby increasing the usability of the SFC network and greatly reducing the node deployment cost.
The following describes an exemplary communication process between the VM103 and the VM104 of the same IP address network segment in conjunction with fig. 1.
Take SFC forwarding nodes 101 and 102 as ACs 101 and 102, service node 108 as FW node 108 providing FireWall service, service node 109 as QoS node 109 providing QoS service, and service node 110 as IPS node 110 providing IPS service as examples.
Suppose that the service chain configured in advance for the message that the VM103 accesses the VM104 is three services, namely, firewall- > QoS- > IPS, and the ServicepathID is 01.
The flow table entries issued by the SFC controller for the AC101, AC102, and SFC proxy nodes 106, 107 may be as follows:
Figure BDA0001112397520000091
Figure BDA0001112397520000101
TABLE 6
Figure BDA0001112397520000102
TABLE 7
Figure BDA0001112397520000103
TABLE 8
Flow table entry identification Matching domains Action domain
1 VM104-MAC Address Port12 with output Port as connection destination host
TABLE 9
Table 6 shows flow table entries issued by the SFC controller for the AC101, table 7 shows flow table entries issued by the SFC controller for the SFC proxy node 106, table 8 shows flow table entries issued by the SFC controller for the SFC proxy node 107, and table 9 shows flow table entries issued by the SFC controller for the AC102, which are only examples for further understanding the present invention and are not used to limit specific contents of the flow table entries in the embodiments of the present invention.
After receiving the message sent by VM103 to VM104, SFC forwarding node AC101 may match a pre-stored forwarding flow table according to the message source IP address and the destination IP address, and when matching the flow table entry shown in table 6, execute the following operations:
the Vxlan encapsulation processing is performed on the message to obtain a Vxlan message, the action domain information servicepath id01 in the flow table entry shown in table 6 is added to the tunnel information of the Vxlan message, a corresponding exit Port (for example, Port1) on the AC101 is searched according to the Vxlan tunnel destination IP address (namely, the VtepIP address of the next-hop SFC proxy node 106) in the action domain information, and finally the Vxlan message is sent to the SFC proxy node 106 to which the service node (FW node 108) in the service chain belongs through the Vxlan tunnel established between the AC101 and the SFC proxy node 106 through the exit Port 1.
After receiving the Vxlan message, the SFC proxy node 106 performs Vxlan decapsulation processing on the Vxlan message, and obtains servicepath id01 carried in the tunnel information of the Vxlan message. After matching the obtained servicepath id01 in the pre-stored forwarding flow table, the SFC proxy node 106 may match the flow table entry 1 in the flow table entry shown in table 7, and send the packet subjected to the Vxlan decapsulation processing to the corresponding FW node 108 through the output Port3 in the action domain information of the flow table entry 1 to perform firewall service processing. The FW node 108 performs firewall service processing on the packet, and then sends the processed packet to a Port3 assigned to the SFC proxy node 106.
After receiving the message through the Port3 not configured with Vxlan, the SFC proxy node 106 obtains the quintuple information of the message, the Port3 on the SFC proxy node that receives the message, and the Vlan id (for example, Vlan01) configured for the Port3, matches the prestored flow table entry according to the quintuple information of the message, the Port3, and the Vlan01, and after matching the flow table entry 2 shown in table 7, sends the message to the corresponding QoS node 109 through the Port5 in the action domain information of the flow table entry 2 to perform QoS service processing. After the QoS processing is performed on the packet by the QoS node 109, the packet is sent to the SFC proxy node 106.
After receiving the message, the SFC proxy node 106 obtains quintuple information of the message, the Port5 on the SFC proxy node, which receives the message, and the Vlan id (for example, Vlan02) configured for the Port5, matches a prestored flow table entry according to the quintuple information of the message, the Port5, and the Vlan02, performs Vxlan encapsulation processing on the message after matching to the flow table entry 3 shown in table 7, obtains a Vxlan message, adds the ServicepathID01 in the action domain information of the flow table entry 3 to tunnel information of the Vxlan message, searches for a corresponding exit Port (for example, Port7) according to the Vxlan tunnel destination IP address, and sends the Vxlan message to the next-hop SFC proxy node 107 through the Vxlan tunnel established between the SFC proxy node 106 and the SFC proxy node 107 via the exit Port 7.
After receiving the Vxlan message, the SFC proxy node 107 performs Vxlan decapsulation processing on the Vxlan message to obtain servicepath id01 carried in the tunnel information of the Vxlan message.
After matching the obtained servicepath id01 with the flow table entry, the SFC proxy node 107 matches the flow table entry 1 shown in table 8, and sends the packet subjected to Vxlan decapsulation processing to the corresponding IPS node 110 through the Port9 to perform IPS service processing. After the IPS node 110 performs IPS service processing on the packet, the processed packet is sent to the SFC proxy node 107.
After the SFC proxy node 107 receives the message, it obtains the quintuple information of the message, the Port9 on the SFC proxy node 107 that receives the message, and the Vlan id (for example, Vlan03) configured for the Port9, matches the flow entry according to the quintuple information of the message, the Port9, and the Vlan03, finds that the flow entry 2 is Normal after matching the flow entry 2 shown in table 8, determines that the service processing has been completed on the message according to the service chain, may perform Vxlan encapsulation processing on the message, obtains a Vxlan message, and sends the Vxlan message to the AC102 via the Vxlan tunnel established between the SFC proxy node 107 and the AC 102.
After receiving the Vxlan message, the AC102 performs Vxlan decapsulation processing on the Vxlan message, matches a host online flow table according to a destination MAC address of the message, and after matching a flow table entry 1 shown in table 9, transmits the message subjected to Vxlan decapsulation processing to a corresponding destination host VM104 through a Port12 according to information in an action domain.
The present invention further provides a packet forwarding apparatus, fig. 4 is a schematic structural diagram of the packet forwarding apparatus, the apparatus may be applied to an SFC proxy node in an SFC network, the SFC proxy node in the SFC network is one or more, the SFC network further includes an SFC forwarding node, a Vxlan tunnel is established between the SFC forwarding node and the SFC proxy node, and if the SFC network has a plurality of SFC proxy nodes, a Vxlan tunnel is established between the SFC proxy nodes, the packet forwarding apparatus may include:
the first receiving unit 401 is configured to receive a Vxlan message from an SFC forwarding node or from a remote SFC proxy node, and match the Vxlan decapsulated message with a pre-stored flow table entry according to a service chain identifier carried in the Vxlan message; sending a message after Vxlan de-encapsulation according to the first forwarding information indicated by the matched first flow table item;
a second receiving unit 402, configured to receive a packet from a service node, and match the packet with a pre-stored flow table entry according to a quintuple of the packet, a port of the device receiving the packet, and Vlan information corresponding to the port; and sending the message according to the second forwarding information indicated by the matched second flow table item.
In an optional embodiment, the first forwarding information comprises: egress port and corresponding Vlan information;
the second forwarding information includes: a service chain identifier and a source IP address and a destination IP address of the Vxlan tunnel; or, include the egress port and corresponding Vlan information; or, an identification indicating that the service chain is complete.
In an optional implementation manner, the first receiving unit 401 may further be configured to:
if the received Vxlan message comes from the SFC forwarding node, the message after Vxlan de-encapsulation is sent to a first service node of a service chain through an output port in the first forwarding information;
and if the received Vxlan message comes from the remote SFC proxy node, sending the Vxlan decapsulated message to an intermediate service node or a tail service node of a service chain through an output port in the first forwarding information.
In an optional implementation manner, when the second forwarding information includes a service chain identifier and a source IP address and a destination IP address of a Vxlan tunnel, the second receiving unit 402 may further be configured to: the message is subjected to Vxlan encapsulation and then sent to a remote SFC proxy node corresponding to the Vxlan tunnel destination IP address; the service chain identification is carried by the Vxlan-encapsulated message;
when the second forwarding information includes an egress port and corresponding Vlan information, the second receiving unit 402 may further be configured to: sending the message to a service node according to the output port and the corresponding Vlan information;
when the second forwarding information includes an identifier indicating that a service chain is completed, the second receiving unit 402 may further be configured to: and transmitting the message to an SFC forwarding node accessed by a target host after Vxlan packaging.
In an optional implementation manner, an output port of the device that sends a message to the service node is the same as an input port of the device that receives the message sent by the service node; alternatively, the first and second electrodes may be,
the output port is different from the input port, and the output port and the input port belong to different VLANs; alternatively, the first and second electrodes may be,
the output port is different from the input port, and the VLAN to which the output port and the input port belong is the same.
The message forwarding device applied to the SFC proxy node in the present invention may be consistent with the processing flow of the above-mentioned message forwarding method applied to the SFC proxy node in the SFC network in the specific processing flow, and is not described herein again.
The above-mentioned device can be implemented by software or hardware, the SFC proxy node and the AC where the message forwarding device of the present invention is located can be represented by fig. 5, and the basic hardware environment includes a central processing unit CPU501, a forwarding chip 502, a memory 503 and other hardware 504, where the memory 503 includes machine-readable instructions, and the CPU501 reads and executes the machine-readable instructions to execute the functions of the units in fig. 4.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (8)

1. A message forwarding method is applied to SFC proxy nodes in a service chain SFC network, the number of the SFC proxy nodes in the SFC network is one or more, the SFC network further comprises SFC forwarding nodes, Vxlan tunnels are established between the SFC forwarding nodes and the SFC proxy nodes, and if the SFC network has a plurality of SFC proxy nodes, Vxlan tunnels are established between the SFC proxy nodes, the method comprises the following steps:
the Vxlan message from the SFC forwarding node or the remote SFC proxy node is received, and the Vxlan unpackaged message is matched with a prestored flow table item according to the service chain identifier carried by the Vxlan message; sending a message after Vxlan de-encapsulation according to the first forwarding information indicated by the matched first flow table item; the first forwarding information includes: egress port and corresponding Vlan information;
receiving a message from a service node, and matching the message with a prestored flow table item according to a quintuple of the message, a port of the device for receiving the message and Vlan information corresponding to the port; sending the message according to the second forwarding information indicated by the matched second flow table item; the second forwarding information includes: a service chain identifier and a source IP address and a destination IP address of the Vxlan tunnel; or, include the egress port and corresponding Vlan information; or, an identification indicating that the service chain is complete.
2. The message forwarding method according to claim 1, wherein the sending of the Vxlan decapsulated message according to the first forwarding information indicated by the matched first flow entry comprises:
if the received Vxlan message comes from the SFC forwarding node, the message after Vxlan de-encapsulation is sent to a first service node of a service chain through an output port in the first forwarding information;
and if the received Vxlan message comes from the remote SFC proxy node, sending the Vxlan decapsulated message to an intermediate service node or a tail service node of a service chain through an output port in the first forwarding information.
3. The message forwarding method of claim 1,
when the second forwarding information includes the service chain identifier and the source IP address and the destination IP address of the Vxlan tunnel, the sending the message according to the second forwarding information indicated by the matched second flow table entry includes: the message is subjected to Vxlan encapsulation and then sent to a remote SFC proxy node corresponding to the Vxlan tunnel destination IP address; the service chain identification is carried by the Vxlan-encapsulated message;
when the second forwarding information includes an egress port and corresponding Vlan information, the sending the packet according to the second forwarding information indicated by the matched second flow entry includes: sending the message to a service node according to the output port and the corresponding Vlan information;
when the second forwarding information includes an identifier indicating that the service chain is completed, the sending the packet according to the second forwarding information indicated by the matched second flow table entry includes: and transmitting the message to an SFC forwarding node accessed by a target host after Vxlan packaging.
4. The method of claim 3,
the output port of the device for sending the message to the service node is the same as the input port of the device for receiving the message sent by the service node; alternatively, the first and second electrodes may be,
the output port is different from the input port, and the output port and the input port belong to different VLANs; alternatively, the first and second electrodes may be,
the output port is different from the input port, and the VLAN to which the output port and the input port belong is the same.
5. A message forwarding device is applied to SFC proxy nodes in a service chain SFC network, the number of the SFC proxy nodes in the SFC network is one or more, the SFC network further comprises SFC forwarding nodes, Vxlan tunnels are established between the SFC forwarding nodes and the SFC proxy nodes, and if the SFC network has a plurality of SFC proxy nodes, Vxlan tunnels are established between the SFC proxy nodes, the device comprises:
the first receiving unit is used for receiving Vxlan messages from the SFC forwarding node or the remote SFC proxy node, and matching the messages after Vxlan decapsulation with the prestored flow table items according to the service chain identifiers carried by the Vxlan messages; sending a message after Vxlan de-encapsulation according to the first forwarding information indicated by the matched first flow table item; the first forwarding information includes: egress port and corresponding Vlan information;
a second receiving unit, configured to receive a packet from a service node, and match the packet with a pre-stored flow table entry according to a quintuple of the packet, a port of the device receiving the packet, and Vlan information corresponding to the port; sending the message according to second forwarding information indicated by the matched second flow table item, where the second forwarding information includes: a service chain identifier and a source IP address and a destination IP address of the Vxlan tunnel; or, include the egress port and corresponding Vlan information; or, an identification indicating that the service chain is complete.
6. The message forwarding device of claim 5, wherein the first receiving unit is configured to:
if the received Vxlan message comes from the SFC forwarding node, the message after Vxlan de-encapsulation is sent to a first service node of a service chain through an output port in the first forwarding information;
and if the received Vxlan message comes from the remote SFC proxy node, sending the Vxlan decapsulated message to an intermediate service node or a tail service node of a service chain through an output port in the first forwarding information.
7. The message forwarding device of claim 5,
when the second forwarding information includes a service chain identifier and a source IP address and a destination IP address of the Vxlan tunnel, the second receiving unit is configured to: the message is subjected to Vxlan encapsulation and then sent to a remote SFC proxy node corresponding to the Vxlan tunnel destination IP address; the service chain identification is carried by the Vxlan-encapsulated message;
when the second forwarding information includes an egress port and corresponding Vlan information, the second receiving unit is configured to: sending the message to a service node according to the output port and the corresponding Vlan information;
when the second forwarding information includes an identifier indicating that a service chain is completed, the second receiving unit is configured to: and transmitting the message to an SFC forwarding node accessed by a target host after Vxlan packaging.
8. The apparatus of claim 7,
the output port of the device for sending the message to the service node is the same as the input port of the device for receiving the message sent by the service node; alternatively, the first and second electrodes may be,
the output port is different from the input port, and the output port and the input port belong to different VLANs; alternatively, the first and second electrodes may be,
the output port is different from the input port, and the VLAN to which the output port and the input port belong is the same.
CN201610813271.8A 2016-09-09 2016-09-09 Message forwarding method and device Active CN107809364B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610813271.8A CN107809364B (en) 2016-09-09 2016-09-09 Message forwarding method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610813271.8A CN107809364B (en) 2016-09-09 2016-09-09 Message forwarding method and device

Publications (2)

Publication Number Publication Date
CN107809364A CN107809364A (en) 2018-03-16
CN107809364B true CN107809364B (en) 2020-06-09

Family

ID=61569643

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610813271.8A Active CN107809364B (en) 2016-09-09 2016-09-09 Message forwarding method and device

Country Status (1)

Country Link
CN (1) CN107809364B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109039916B (en) * 2018-09-13 2021-08-06 迈普通信技术股份有限公司 Message forwarding method, device and storage medium
CN111385212B (en) * 2018-12-29 2021-08-31 华为技术有限公司 Data transmission technology and neural network system
CN111614505B (en) * 2019-02-25 2022-02-25 华为技术有限公司 Message processing method and gateway equipment
CN109756521B (en) * 2019-03-21 2021-07-13 浪潮云信息技术股份公司 NSH message processing method, device and system
CN111464443B (en) * 2020-03-10 2022-06-28 中移(杭州)信息技术有限公司 Message forwarding method, device, equipment and storage medium based on service function chain
CN111884863B (en) * 2020-08-04 2023-11-07 浪潮云信息技术股份公司 VPC service chain implementation method and system for cloud computing environment
CN115225545B (en) * 2022-07-21 2023-11-03 天翼云科技有限公司 Message transmission method and device
CN115174474B (en) * 2022-09-08 2022-12-02 浙江九州云信息科技有限公司 SRv 6-based SFC implementation method and device in private cloud

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103957161A (en) * 2014-04-04 2014-07-30 杭州华三通信技术有限公司 Packet forwarding method and device
CN104184664A (en) * 2014-08-05 2014-12-03 杭州华三通信技术有限公司 Router forwarding entry generation method and apparatus
CN104639414A (en) * 2015-01-30 2015-05-20 杭州华三通信技术有限公司 Message transmitting method and message transmitting equipment
CN104796353A (en) * 2014-01-17 2015-07-22 华为技术有限公司 Packet forwarding method and switch
CN105591925A (en) * 2015-12-10 2016-05-18 杭州华三通信技术有限公司 Message forwarding method and device applied to SDN

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9794079B2 (en) * 2014-03-31 2017-10-17 Nicira, Inc. Replicating broadcast, unknown-unicast, and multicast traffic in overlay logical networks bridged with physical networks

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104796353A (en) * 2014-01-17 2015-07-22 华为技术有限公司 Packet forwarding method and switch
CN103957161A (en) * 2014-04-04 2014-07-30 杭州华三通信技术有限公司 Packet forwarding method and device
CN104184664A (en) * 2014-08-05 2014-12-03 杭州华三通信技术有限公司 Router forwarding entry generation method and apparatus
CN104639414A (en) * 2015-01-30 2015-05-20 杭州华三通信技术有限公司 Message transmitting method and message transmitting equipment
CN105591925A (en) * 2015-12-10 2016-05-18 杭州华三通信技术有限公司 Message forwarding method and device applied to SDN

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
《OpenFlow交换机流表转发设计与实现》;张俊帅等;《中国计量学院学报》;20150915;第26卷(第3期);第316-323页 *

Also Published As

Publication number Publication date
CN107809364A (en) 2018-03-16

Similar Documents

Publication Publication Date Title
CN107809364B (en) Message forwarding method and device
CN109873760B (en) Method and device for processing route, and method and device for data transmission
US10110490B2 (en) Method and apparatus for forwarding packet
CN107547402B (en) Forwarding table generation method and device
US8819267B2 (en) Network virtualization without gateway function
EP2100406B1 (en) Method and apparatus for implementing multicast routing
EP3079301B1 (en) Packet processing method, apparatus and system
EP3282649B1 (en) Data packet forwarding
US7633921B2 (en) Mobile network automatic tunnels
US8879569B2 (en) Virtual network connection method, network system, and network device
CN112953831A (en) Message forwarding method and device
CN108429680B (en) Route configuration method, system, medium and equipment based on virtual private cloud
JPH10164118A (en) Inter-lan connecting device
JP2007060456A (en) Packet transfer device having filtering
CN109474507B (en) Message forwarding method and device
RU2007109068A (en) WAYS AND DEVICES FOR SUPPORTING VPN WITH MOBILITY MANAGEMENT
EP4189925A1 (en) Normalized lookup and forwarding for diverse virtual private networks
CN107666428B (en) Method and device for detecting silent equipment
US20160006684A1 (en) Communication system, control apparatus, communication method, and program
CN108306825B (en) Equivalent forwarding table item generation method and VTEP device
JP6222505B2 (en) Method and apparatus for generating input parameters
CN110391984B (en) Message forwarding method and device
JP5976956B2 (en) Shared media bridging
EP4027592A1 (en) Packet processing method and apparatus
CN106656810B (en) MAC address learning method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant