CN108011837A - Message processing method and device - Google Patents
Message processing method and device Download PDFInfo
- Publication number
- CN108011837A CN108011837A CN201711164378.5A CN201711164378A CN108011837A CN 108011837 A CN108011837 A CN 108011837A CN 201711164378 A CN201711164378 A CN 201711164378A CN 108011837 A CN108011837 A CN 108011837A
- Authority
- CN
- China
- Prior art keywords
- service message
- service
- information field
- int
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 27
- 238000000034 method Methods 0.000 claims description 24
- 238000005538 encapsulation Methods 0.000 claims description 22
- 238000005259 measurement Methods 0.000 abstract 1
- 238000010586 diagram Methods 0.000 description 22
- 238000001514 detection method Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000004806 packaging method and process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/12—Avoiding congestion; Recovering from congestion
- H04L47/125—Avoiding congestion; Recovering from congestion by balancing the load, e.g. traffic engineering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/70—Admission control; Resource allocation
- H04L47/82—Miscellaneous aspects
- H04L47/825—Involving tunnels, e.g. MPLS
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention relates to a kind of message processing method and device, including the first service message is received, the tunnel header that the first service message carries includes band network remote measurement INT information fields;Information to be counted corresponding with INT information fields is obtained, and information to be counted is added in INT information fields;Tunnel decapsulation processing is carried out to the first service message, and INT information fields are adjusted into the internal layer message of the first service message after progress tunnel decapsulation processing, obtains the second service message;When definite second service message also needs to carry out business processing, the second service message is sent to the next-hop network equipment of the network equipment.Message processing method according to embodiments of the present invention and device can avoid the problem that INT information fields are lost due to the tunnel decapsulation of the first service message, it is possible to increase the collecting efficiency of SDN controller network information and accuracy.
Description
Technical Field
The present invention relates to the field of communications, and in particular, to a method and an apparatus for processing a packet.
Background
In-band Network Telemetry (INT for short) is a new Network management architecture. The network architecture may collect and report the status of the network through only the data plane of the network device without involvement of the control plane of the network device.
The INT idea is to add INT message header in Virtual Extensible LAN (VXLAN) or other protocol segment. The information to be counted is specified by the NT header so that the devices forwarding along the way can put their own information into the INT field. A Software Defined Network (SDN) controller may obtain statistical information of devices through which a message passes by, by obtaining a final forwarding message.
However, when a message needs to be forwarded through a gateway, since the gateway performs a tunnel decapsulation operation on the message, statistical information of a network device that has processed the message is lost after the message reaches the gateway, and the SDN controller cannot acquire information of the network device before the gateway when the message is processed; if the message is a message which needs to be processed by the security service, the message needs to pass through a firewall and other security devices, and the message received by the firewall and other security devices is a message which is processed by gateway decapsulation, so that no INT field exists in the message, and thus, statistical information of the firewall and other security devices cannot be acquired, so that the SDN controller cannot acquire information when the security devices process the message, and the acquisition efficiency and accuracy of the SDN controller on network information are reduced.
Disclosure of Invention
In view of this, the present invention provides a message processing method and device, so as to avoid the problem that an INT information field is lost due to a tunnel decapsulation operation of a gateway on a service message, and improve the acquisition efficiency and accuracy of network information of an SDN controller.
According to an aspect of the present invention, a method for processing a packet is provided, which is applied to a network device, and the method includes:
receiving a first service message, wherein a tunnel head carried by the first service message comprises an in-band network telemetry (INT) information field;
acquiring information to be counted corresponding to the INT information field, and adding the information to be counted into the INT information field;
performing tunnel decapsulation processing on the first service message, and adjusting the INT information field to an inner layer message of the first service message after the tunnel decapsulation processing, so as to obtain a second service message;
and when determining that the second service message needs to be subjected to service processing, sending the second service message to a next hop network device of the network device, wherein a header carried by the second service message comprises an identification field for identifying the INT information field, and the identification field is used for enabling the next hop network device to acquire corresponding information to be counted according to the identification field and adding the information to be counted into the INT information field.
According to another aspect of the present invention, there is provided a packet processing apparatus, applied to a network device, the apparatus including:
the system comprises a first receiving module, a second receiving module and a third receiving module, wherein the first receiving module is used for receiving a first service message, and a tunnel head carried by the first service message comprises an in-band network telemetry INT information field;
the first acquisition module is used for acquiring information to be counted corresponding to the INT information field and adding the information to be counted into the INT information field;
the first adjusting module is used for performing tunnel decapsulation processing on the first service message and adjusting the INT information field to an inner layer message of the first service message after the tunnel decapsulation processing to obtain a second service message;
and the first sending module is used for sending the second service message to a next hop network device of the network device when the second service message is determined to be further subjected to service processing, wherein a header carried by the second service message comprises an identification field for identifying the INT information field, and the identification field is used for enabling the next hop network device to obtain corresponding information to be counted according to the identification field and adding the information to be counted to the INT information field.
Therefore, after the network device decapsulates the first service packet, the network device may adjust the INT information field in the first service packet from the tunnel header to the inner layer packet of the first service packet, so as to obtain the second service packet. And when the second service message needs to be subjected to service processing, sending the second service message to the next hop network equipment of the network equipment. Therefore, according to the message processing method and device of the present invention, the network device adjusts the INT information field from the tunnel header to the inner layer message in the process of decapsulating the first service message to obtain the second service message. Therefore, the problem that the INT information field is lost due to the tunnel decapsulation operation of the network equipment on the first service message can be avoided; furthermore, the INT information field is not lost in the tunnel decapsulation process, so that the network device receiving the second service message can collect the information to be counted according to the INT information field. Therefore, the efficiency and accuracy of acquiring the SDN controller network information can be improved finally.
Other features and aspects of the present invention will become apparent from the following detailed description of exemplary embodiments, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate exemplary embodiments, features, and aspects of the invention and, together with the description, serve to explain the principles of the invention.
FIG. 1 shows a flow diagram of a message processing method according to an embodiment of the invention;
fig. 2 is a schematic diagram illustrating an exemplary first service packet according to the present invention;
fig. 3 is a diagram illustrating an exemplary second service packet according to the present invention;
FIG. 4 shows a flow diagram of a message processing method according to an embodiment of the invention;
FIG. 5 illustrates a message forwarding diagram according to an example of the invention;
FIG. 6 shows a flow diagram of a message processing method according to an example of the invention;
FIG. 7 shows a flow diagram of a message processing method according to an embodiment of the invention;
FIG. 8 shows a flow diagram of a message processing method according to an embodiment of the invention;
FIG. 9 shows a flow diagram of a message processing method according to an embodiment of the invention;
fig. 10 illustrates a message forwarding diagram according to an example of the invention;
FIG. 11 is a flow diagram of a message processing method according to an example of the invention;
fig. 12 is a block diagram showing a configuration of a message processing apparatus according to an embodiment of the present invention;
fig. 13 is a block diagram showing a configuration of a message processing apparatus according to an embodiment of the present invention;
fig. 14 is a block diagram illustrating a hardware configuration of a message processing apparatus according to an example embodiment.
Detailed Description
Various exemplary embodiments, features and aspects of the present invention will be described in detail below with reference to the accompanying drawings. In the drawings, like reference numbers can indicate functionally identical or similar elements. While the various aspects of the embodiments are presented in drawings, the drawings are not necessarily drawn to scale unless specifically indicated.
The word "exemplary" is used exclusively herein to mean "serving as an example, embodiment, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.
Furthermore, in the following detailed description, numerous specific details are set forth in order to provide a better understanding of the present invention. It will be understood by those skilled in the art that the present invention may be practiced without some of these specific details. In some instances, methods, procedures, components, and circuits that are well known to those skilled in the art have not been described in detail so as not to obscure the present invention.
Fig. 1 shows a flowchart of a message processing method according to an embodiment of the present invention, which may be applied to a network device, for example: a gateway device. As shown in fig. 1, the message processing method may include the following steps:
step 101, receiving a first service message, wherein a tunnel head carried by the first service message comprises an in-band network telemetry INT information field;
the first service packet may be a packet after tunnel encapsulation processing is completed, for example: and finishing the VXLAN tunnel encapsulation message. The INT information field may be carried in a tunnel header of the first service packet. The INT information field may be used to specify information to be counted by the current network device (e.g., bandwidth, delay, packet loss rate, etc.).
For example, the INT information field may include an identifier of the information to be counted, so that the network device may determine the corresponding information to be counted according to the identifier.
102, acquiring information to be counted corresponding to the INT information field, and adding the information to be counted into the INT information field;
the network device can determine and acquire the information to be counted corresponding to the INT information field according to the INT information field. For example: the INT information field indicates that the network device counts the bandwidth information, and the network device may count the bandwidth information and add the counted bandwidth information to the INT information field.
103, performing tunnel decapsulation processing on the first service message, and adjusting the INT information field to an inner layer message of the first service message after the tunnel decapsulation processing to obtain a second service message;
fig. 2 is a schematic diagram of an exemplary first service packet of the present invention, and fig. 3 is a schematic diagram of an exemplary second service packet of the present invention.
After the network device adds the information to be counted to the INT information field, tunnel decapsulation processing may be performed on the first service packet (for example, refer to fig. 2) to which the information to be counted is added. That is, the tunnel header of the first service packet is removed to obtain an inner layer packet of the first service packet, and the INT information field in the tunnel header is adjusted into the inner layer packet to obtain a second service packet (for example, refer to fig. 3).
In a possible implementation manner, the adjusting, by the network device, the INT field to an inner layer packet of the first service packet after the tunnel decapsulation processing may specifically include:
the network equipment adjusts the INT information field to be in front of the user load field in the inner layer message;
or the network equipment adjusts the INT information field to the back of the user load field of the inner layer message.
It is to be understood that the inner layer packet of the first service packet may include a user payload field. The user payload field is used to carry traffic data. The network device may adjust the INT information field to be before the user payload field or the network device may adjust the INT information field to be after the user payload field.
It should be noted that, after the network device adjusts the INT information field to the rear of the user load, if the checksum of the packet is increased after the user load, the checksum may be increased after the INT information field.
And step 104, when it is determined that the second service packet needs to be further subjected to service processing, sending the second service packet to a next hop network device of the network device, where a header carried by the second service packet includes an identification field for identifying the INT information field, and the identification field is used to enable the next hop network device to obtain corresponding information to be counted according to the identification field, and add the information to be counted to the INT information field.
The service processing may be secure service processing. For example, when the second service packet needs to be processed by a security service, the next-hop network device of the network device may be a network security device (e.g., a firewall). And the network equipment sends the second service message to the network safety equipment so that the network safety equipment performs safety service processing on the second service message.
The header in the second service message may further include an identification field of the INT information field. For example, after the next-hop network device of the network device (taking the network security device as an example) receives the second service packet, the header of the second service packet may be identified. And when the identification field is identified, the network security equipment determines that the second service message carries an INT information field, determines the information to be counted of the network security equipment according to the INT information field, and adds the information to be counted to the INT information field.
For example, the identification field of the INT information field may include: the identity of the INT information field, and the length of the INT information field. The header of the second service packet may further include a header length and a total length of the packet.
When the network device adjusts the INT information field into the inner layer message, the total length of the second service message may be determined according to the length of the INT information field and the length of the inner layer message, so that after the next hop network device of the network device receives the second service message, the length of the inner layer message to which the INT information field is not added may be determined according to the header length of the second service message, the length of the INT information field, and the total length of the second service message, so as to distinguish the user load field from the INT information field in the second service message.
It should be noted that, if the second service packet needs to be processed by a load balancing device (e.g., a load balancer) to allocate a task to an idle network device, the load balancing device receives the second service packet from the gateway device, and obtains information to be counted, which is indicated by an INT information field in the second service packet. And the load balancing equipment adds the information to be counted into an INT information field of the second service message and sends the second service message added with the INT information field back to the gateway equipment.
Therefore, after the network device decapsulates the first service message, the network device may adjust the INT information field in the first service message from the tunnel header to the inner layer message of the first service message to obtain the second service message, and send the second service message to the next hop network device of the network device when the second service message needs to be subjected to service processing. Therefore, according to the message processing method of the present invention, the network device adjusts the INT information field from the tunnel header to the inner layer message in the process of decapsulating the first service message to obtain the second service message. Therefore, the problem that the INT information field is lost due to the tunnel decapsulation operation of the network equipment on the first service message can be avoided.
Furthermore, the INT information field is not lost in the tunnel decapsulation process, so that the network device receiving the second service packet can collect the information to be counted according to the INT information field, and therefore, the efficiency and accuracy of collecting the network information of the SDN controller can be finally improved.
Fig. 4 shows a flow chart of a message processing method according to an embodiment of the invention. In fig. 4, steps 101 to 103 are the same as those in the previous embodiment, and the embodiment of the present invention is not described herein again. In a possible implementation manner, referring to fig. 4, the sending, in step 104, the second service packet to the next hop network device of the network device may include the following steps:
step 1041, sending the second service packet to a network security device according to the destination IP address of the second service packet. When the second service packet is a packet that needs to be subjected to security service processing, the next hop network device of the network device may be a network security device. The second service message carries a destination IP address, and when the destination IP address is an IP address inside the data center, the network device may send the second service message to the network security device.
Wherein, the data center can be composed of at least one network segment. For example, the data center may include a plurality of network segments, which may be network segments determined by those skilled in the art according to the service requirement. The network device judges whether the destination IP address corresponding to the second service packet is an IP address in any network segment, if so, the network device may determine that the destination IP address is an IP address located inside the data center, and if not, the network device may determine that the destination IP address is not an IP address inside the middle of the data.
The above method may further comprise the steps of:
and 105, receiving a third service message sent by the network security device, where a header carried by the third service message includes the identification field, and an INT information field included in the third service message includes information to be counted added by the network security device.
And after determining that the destination IP address of the second service message is in the data center, the network equipment sends the second service message to the network safety equipment. After the network security device identifies the identification information of the INT information field from the head of the second service message, the network security device determines the INT information field in the second service message, acquires the information to be counted indicated by the INT information field, and adds the information to be counted to the INT information field of the second service message to obtain a third service message. And the network safety equipment sends the third service message to the network equipment.
And 106, performing tunnel encapsulation processing on the third service message, and adjusting the INT information field into a tunnel header.
And 107, acquiring information to be counted corresponding to the INT information field, and adding the information to be counted to the INT information field to obtain a fourth service message.
And the network equipment receives the third service message sent by the network safety equipment and carries out tunnel encapsulation processing on the third service message. That is, the network device adds a tunnel header to the third service packet (e.g., performs VXLAN tunnel encapsulation on the third service packet), and adjusts the INT information field from the inner layer packet into the VXLAN tunnel header.
And after the INT information field is adjusted into the VXLAN tunnel header, the network equipment acquires the information to be counted corresponding to the INT information field, and adds the information to be counted into the INT information field to obtain a fourth service message.
It should be noted that, the sequence of the steps 106 and 107 is not specifically limited in the present invention, and after the actual network device receives the third service packet, the network device may first acquire the information to be counted corresponding to the INT information field, and add the statistical information to the INT information field. And after the information to be counted is added, adjusting the INT information field into the tunnel head to obtain a fourth service message.
And step 108, performing tunnel forwarding on the fourth service message.
Fig. 5 is a diagram illustrating packet forwarding according to an example of the present invention.
According to the foregoing description of the embodiment, the network device forwards the fourth service packet through the tunnel. For example, refer to fig. 5. Currently, the network device is a Gateway (GW) device, and the GW sends the second service packet to a network security device (e.g., Firewall (FW) device). And the FW adds corresponding information to be counted in an INT information field of the second service message to obtain a third service message, and sends the third service message to the GW. And after receiving the third service message, the GW performs tunnel encapsulation processing on the third service message, adjusts an INT information field from an inner layer message to the tunnel header, and adds corresponding information to be counted in the INT information field to obtain a fourth service message.
Further, the GW may send the fourth service packet to a VXLAN tunnel endpoint (VTEP for short). For example, VTEP2 and VTEP2 in fig. 5 decapsulate the fourth service packet, and send the decapsulated fourth service packet to a Virtual Machine (VM) on the terminal device. Such as VM2 in fig. 5.
Therefore, when the network device encapsulates the third service message again, the INT information field can be adjusted from the inner layer message to the tunnel header to obtain the fourth service message, so that the network device receiving the fourth service message supports the existing INT protocol INT over VXLAN loaded on the VXLAN encapsulation.
Fig. 6 shows a flow diagram of a message processing method according to an example of the invention. The above example shows the message processing flow for a security service across VXLAN.
In an example, referring to fig. 5 and fig. 6, the message processing method may include:
601, sending an INT original service message to a virtual machine VM2 on a second terminal device by a virtual machine VM1 on the first terminal device;
the INT original service packet may carry a first identifier. The first identifier is used for identifying the INT original service message as a detection message and identifying information to be counted, so that a tunnel terminal receiving the INT original service message can add an INT information field in a tunnel head according to the first identifier.
Step 602, after receiving the INT original service message, the first VXLAN tunnel endpoint VTEP1 queries a forwarding table, and determines that the INT original service message is forwarded through the VXLAN tunnel, and the tunnel destination is a gateway device. The VTEP1 carries out VXLAN packaging processing on the INT original service message, determines information to be counted, and adds the information to be counted to the INT information field to obtain a first service message. The VTEP1 sends the first service packet to the gateway device GW through the VXLAN tunnel.
It can be understood that the first service packet is a packet obtained by performing tunnel encapsulation processing on the INT original service packet by the VTEP 1.
Step 603, the gateway device GW receives the first service packet, acquires the information to be counted corresponding to the INT information field, and adds the information to be counted to the INT information field. And the GW performs VXLAN decapsulation processing on the first service message added with the information to be counted, adjusts the INT information field into the INT original service message of the inner layer to obtain a second service message, and sends the second service message to the firewall FW.
Step 604, the FW receives the second service packet, and acquires the information to be counted corresponding to the INT information field. And the FW adds the information to be counted to the INT information field to obtain a third service message, and sends the third service message to the GW.
Step 605, after receiving the third service message, the GW queries the forwarding table, determines that the third service message is forwarded through the VXLAN tunnel, and the destination of the tunnel is the second tunnel terminal VTEP2, and performs corresponding VXLAN encapsulation processing on the third service message. And the GW adjusts the INT information field into the tunnel head and acquires the information to be counted corresponding to the INT information field. And the GW adds the information to be counted to the INT information field to obtain a fourth service message. And the GW sends the fourth service message to a second VXLAN tunnel endpoint VTEP 2.
Step 606, after receiving the fourth service packet, the VTEP2 acquires the information to be counted corresponding to the INT information field. And the VTEP2 adds the information to be counted to the INT information field to obtain a fifth service message. After the fifth service packet is decapsulated by the VTEP2, the decapsulated fifth service packet is sent to the virtual machine VM2 on the second terminal device.
Note that, the VTEP2 sends the fifth service message to the SDN controller. After receiving the fifth service packet, the SDN controller may analyze the fifth service packet to obtain a complete path and obtain related information of related network devices in the path.
Fig. 7 shows a flow chart of a message processing method according to an embodiment of the invention.
In a possible implementation manner, referring to fig. 7, after the network device receives the third service packet sent by the network security device, the method may further include the following steps:
and step 109, performing tunnel encapsulation processing on the third service message to obtain a fifth service message. And the tunnel header carried by the fifth service message comprises a first INT information field. The inner layer packet of the fifth service packet includes a second INT information field. The first INT information field has information to be counted, which is acquired by the network device, and the second INT information field is the same as the INT information field included in the third service packet.
And after receiving the third service message from the network security equipment, the network equipment carries out tunnel encapsulation processing on the third service message and adds a first INT information field in the tunnel head.
The first INT information field may carry information to be counted, which is acquired by the network device. Meanwhile, an INT information field in the third service message is reserved as a second INT information field to obtain a fifth service message comprising the first INT information field and the second INT information field.
And step 110, performing tunnel forwarding on the fifth service packet.
It should be noted that step 110 is similar to step 108, and reference may be made to step 108, which is not described herein again.
Fig. 8 is a flowchart illustrating a message processing method according to an embodiment of the present invention.
In a possible implementation manner, referring to fig. 8, before the network device sends the second service packet to the next-hop network device of the network device, the method may further include:
and step 111, deleting the INT information field included in the second service message according to the destination IP address of the second service message.
And step 112, sending the second service message with the INT information field deleted to a next hop network device of the network device.
When the second service packet is a packet that needs to be subjected to security service processing, the next hop network device of the network device may be a network security device. And when the destination IP address is not the IP address in the data center, the network equipment deletes the INT information field in the second service message and sends the second service message with the INT information field deleted to the network safety equipment.
Therefore, the security of the network equipment in message forwarding can be improved.
Fig. 9 shows a flow chart of a message processing method according to an embodiment of the invention.
In one possible implementation, referring to fig. 9, the method may further include:
and 113, when determining that the second service message does not need to be subjected to service processing and that the next hop network device of the network device and the network device are in different VXLANs, performing tunnel encapsulation processing on the second service message, and adjusting the INT information field to a tunnel header to obtain a sixth service message.
When the network device determines that the second service message does not need to perform service processing (for example, the second service message does not perform security service processing), the network device determines that the next-hop network device and the network device are in different VXLAN by querying the forwarding table, the network device performs VXLAN encapsulation processing on the second service message, and adjusts the INT information field into the tunnel header to obtain a sixth service message.
And step 114, performing tunnel forwarding on the sixth service packet.
It should be noted that step 114 is similar to step 108, and reference may be made to step 108, which is not described herein again.
Fig. 10 shows a message forwarding diagram according to an example of the present invention, and fig. 11 shows a flow chart of a message processing method according to an example of the present invention. The above example shows the message processing flow for a non-secure service across VXLAN.
In an example, referring to fig. 10 and fig. 11, the message processing method may include:
step 1101, the virtual machine VM1 on the first terminal device sends an INT original service packet to the virtual machine VM2 on the second terminal device.
Wherein, the INT original service message carries the first identifier. The first identifier is used for identifying the INT original service message as a detection message and identifying information to be counted, so that a tunnel terminal receiving the INT original service message adds an INT information field in a tunnel head according to the first identifier.
Step 1102, after receiving the INT original service message, VTEP1 queries a forwarding table, and determines that the INT original service is forwarded through the VXLAN tunnel, where the destination of the tunnel is gateway device GW. The VTEP1 performs VXLAN packaging processing on the INT original service message and determines information to be counted. The VTEP1 adds the information to be counted to the INT information field to obtain a first service message, and the VTEP1 sends the first service message to the gateway device GW through the VXLAN tunnel.
Step 1103, the GW receives the first service packet, acquires information to be counted corresponding to the INT information field, and adds the information to be counted to the INT information field. And the GW carries out VXLAN decapsulation processing on the first service message added with the information to be counted, and adjusts the INT information field into the INT original service message of the inner layer to obtain a second service message.
Step 1104, the GW queries the forwarding table, determines that the forwarding path of the packet is a VXLAN tunnel, and the destination of the tunnel is a second tunnel terminal VTEP 2. And the GW repackages the second service message, the tunnel destination end is a second VXLAN tunnel endpoint VTEP2, and the INT information field is adjusted into the tunnel head to obtain a sixth service message.
Step 1105, after receiving the sixth service packet, the VTEP2 obtains information to be counted corresponding to the INT information field, adds the information to be counted to the INT information field to obtain a seventh service packet, decapsulates the seventh service packet, and sends the decapsulated first service packet to the virtual machine VM2 on the second terminal device.
It should be noted that, after obtaining the seventh service packet, the second tunnel terminal sends the seventh service packet to the SDN controller, so that after receiving the seventh service packet, the SDN controller may analyze the seventh service packet to obtain a complete path and obtain related information of related network devices in the path.
Fig. 12 is a block diagram illustrating a structure of a message processing apparatus according to an embodiment of the present invention, where the apparatus may be applied to a network device, and the apparatus includes: a first receiving module 1201, a first obtaining module 1202, a first adjusting module 1203 and a first sending module 1204.
The first receiving module 1201 can be configured to receive a first service packet, where a tunnel header carried by the first service packet includes an in-band network telemetry INT information field;
a first obtaining module 1202, configured to obtain information to be counted corresponding to the INT information field, and add the information to be counted to the INT information field;
a first adjusting module 1203, configured to perform tunnel decapsulation processing on the first service packet, and adjust the INT information field to an inner layer packet of the first service packet after the tunnel decapsulation processing, so as to obtain a second service packet;
the first sending module 1204 may be configured to send the second service packet to a next hop network device of the network device when it is determined that the second service packet needs to be further subjected to service processing, where a header carried by the second service packet includes an identification field for identifying the INT information field, and the identification field is used to enable the next hop network device to obtain corresponding information to be counted according to the identification field, and add the information to be counted to the INT information field.
Fig. 13 is a block diagram showing a configuration of a message processing apparatus according to an embodiment of the present invention.
In one possible implementation manner, referring to fig. 13, the first sending module 1204 may include:
the first sending submodule 12041 may be configured to send the second service packet to the network security device according to the destination IP address of the second service packet;
the apparatus may further include:
a second receiving module 1205, configured to receive a third service packet sent by the network security device, where a header carried in the third service packet may include the identifier field, and an INT information field included in the third service packet includes information to be counted added by the network security device;
a second adjusting module 1206, configured to perform tunnel encapsulation processing on the third service packet, and adjust the INT information field to a tunnel header;
a second obtaining module 1207, configured to obtain information to be counted corresponding to the INT information field, and add the information to be counted to the INT information field to obtain a fourth service packet;
the first forwarding module 1208 may be configured to forward the fourth service packet through a tunnel.
In one possible implementation, referring to fig. 13, the apparatus may further include:
the first processing module 1209 may be configured to perform tunnel encapsulation processing on the third service packet to obtain a fifth service packet, where a tunnel header carried in the fifth service packet may include a first INT information field, and an inner layer packet of the fifth service packet may include a second INT information field; wherein,
the first INT information field has information to be counted, which is acquired by the network equipment, and the second INT information field is the same as the INT information field included in the third service message;
the second forwarding module 1210 may be configured to perform tunnel forwarding on the fifth service packet.
In one possible implementation, referring to fig. 13, the apparatus may further include:
a deleting module 1211, configured to delete the INT information field included in the second service packet according to a destination IP address of the second service packet;
the second sending module 1212 may be configured to send the second service packet from which the INT information field is deleted to a next hop network device of the network device.
In one possible implementation manner, referring to fig. 13, the first adjusting module 1203 may include:
a first adjusting submodule 12031, configured to adjust the INT information field to be in front of a user payload field in the inner layer message;
or,
a second adjusting submodule 12032 may be configured to adjust the INT information field to be behind a user payload field of the inner layer packet.
In one possible implementation, referring to fig. 13, the apparatus may further include:
the second processing module 1213 may be configured to, when it is determined that the second service packet does not need to be subjected to service processing and a next hop network device of the network device and the network device are in different virtual extensible local area networks VXLANs, perform tunnel encapsulation processing on the second service packet, and adjust the INT information field to a tunnel header to obtain a sixth service packet;
a third forwarding module 1214, configured to forward the sixth service packet through a tunnel.
Fig. 14 is a block diagram illustrating a hardware configuration of a message processing apparatus according to an example embodiment. In practical applications, the device may be implemented by a server. Referring to fig. 14, the apparatus 1400 may include a processor 1401, a machine-readable storage medium 1402 storing machine-executable instructions. The processor 1401 and the machine-readable storage medium 1402 may communicate via a system bus 1403. Also, the processor 1401 performs the message processing method described above by reading machine executable instructions corresponding to the message processing method logic in the machine readable storage medium 1402.
The machine-readable storage medium 1402 referred to herein may be any electronic, magnetic, optical, or other physical storage device that can contain or store information such as executable instructions, data, and the like. For example, the machine-readable storage medium may be: random Access Memory (RAM), volatile Memory, non-volatile Memory, flash Memory, a storage drive (e.g., a hard drive), a solid state drive, any type of storage disk (e.g., an optical disk, dvd, etc.), or similar storage media, or a combination thereof. Having described embodiments of the present invention, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terms used herein were chosen in order to best explain the principles of the embodiments, the practical application, or technical improvements to the techniques in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.
Claims (12)
1. A message processing method is applied to network equipment, and is characterized in that the method comprises the following steps:
receiving a first service message, wherein a tunnel head carried by the first service message comprises an in-band network telemetry (INT) information field;
acquiring information to be counted corresponding to the INT information field, and adding the information to be counted into the INT information field;
performing tunnel decapsulation processing on the first service message, and adjusting the INT information field to an inner layer message of the first service message after the tunnel decapsulation processing, so as to obtain a second service message;
and when determining that the second service message needs to be subjected to service processing, sending the second service message to a next hop network device of the network device, wherein a header carried by the second service message comprises an identification field for identifying the INT information field, and the identification field is used for enabling the next hop network device to acquire corresponding information to be counted according to the identification field and adding the information to be counted into the INT information field.
2. The method of claim 1, wherein the sending the second traffic packet to a next hop network device of the network devices comprises:
sending the second service message to network security equipment according to the destination IP address of the second service message;
the method further comprises the following steps:
receiving a third service message sent by the network security device, wherein a header carried by the third service message comprises the identification field, and an INT information field included in the third service message has information to be counted, which is added by the network security device;
performing tunnel encapsulation processing on the third service message, and adjusting the INT information field into a tunnel header;
acquiring information to be counted corresponding to the INT information field, and adding the information to be counted to the INT information field to obtain a fourth service message;
and forwarding the fourth service message through a tunnel.
3. The method according to claim 2, wherein after receiving the third service packet sent by the security device, the method further comprises:
performing tunnel encapsulation processing on the third service message to obtain a fifth service message, wherein a tunnel header carried by the fifth service message comprises a first INT information field, and an inner layer message of the fifth service message comprises a second INT information field; wherein,
the first INT information field has information to be counted, which is acquired by the network equipment, and the second INT information field is the same as the INT information field included in the third service message;
and forwarding the fifth service message through a tunnel.
4. The method according to claim 1, wherein before the sending the second traffic packet to the next hop network device of the network devices, the method comprises:
deleting the INT information field included in the second service message according to the destination IP address of the second service message;
and sending the second service message with the deleted INT information field to a next hop network device of the network device.
5. The method according to claim 1, wherein the adjusting the INT field to an inner layer packet of the first service packet after performing tunnel decapsulation processing specifically includes:
adjusting the INT information field to be in front of a user load field in the inner layer message;
or,
and adjusting the INT information field to be behind the user load field of the inner layer message.
6. The method of claim 1, further comprising:
when determining that the second service message does not need service processing and that a next hop network device of the network device and the network device are in different virtual extensible local area networks VXLAN, performing tunnel encapsulation processing on the second service message;
adjusting the INT information field into a tunnel head to obtain a sixth service message;
and forwarding the sixth service message through a tunnel.
7. A message processing apparatus, applied to a network device, the apparatus comprising:
the system comprises a first receiving module, a second receiving module and a third receiving module, wherein the first receiving module is used for receiving a first service message, and a tunnel head carried by the first service message comprises an in-band network telemetry INT information field;
the first acquisition module is used for acquiring information to be counted corresponding to the INT information field and adding the information to be counted into the INT information field;
the first adjusting module is used for performing tunnel decapsulation processing on the first service message and adjusting the INT information field to an inner layer message of the first service message after the tunnel decapsulation processing to obtain a second service message;
and the first sending module is used for sending the second service message to a next hop network device of the network device when the second service message is determined to be further subjected to service processing, wherein a header carried by the second service message comprises an identification field for identifying the INT information field, and the identification field is used for enabling the next hop network device to obtain corresponding information to be counted according to the identification field and adding the information to be counted to the INT information field.
8. The apparatus of claim 7, wherein the first sending module comprises:
the first sending submodule is used for sending the second service message to network security equipment according to the destination IP address of the second service message;
the device further comprises:
a second receiving module, configured to receive a third service packet sent by the network security device, where a header carried in the third service packet includes the identifier field, and an INT information field included in the third service packet includes information to be counted added by the network security device;
a second adjusting module, configured to perform tunnel encapsulation processing on the third service packet, and adjust the INT information field to a tunnel header;
the second acquisition module is used for acquiring information to be counted corresponding to the INT information field and adding the information to be counted into the INT information field to obtain a fourth service message;
and the first forwarding module is used for forwarding the fourth service message through a tunnel.
9. The apparatus of claim 8, further comprising:
the first processing module is configured to perform tunnel encapsulation processing on the third service packet to obtain a fifth service packet, where a tunnel header carried by the fifth service packet includes a first INT information field, and an inner layer packet of the fifth service packet includes a second INT information field; wherein,
the first INT information field has information to be counted, which is acquired by the network equipment, and the second INT information field is the same as the INT information field included in the third service message;
and the second forwarding module is used for forwarding the fifth service message through a tunnel.
10. The apparatus of claim 7, further comprising:
a deleting module, configured to delete the INT information field included in the second service packet according to a destination IP address of the second service packet;
and the second sending module is used for sending the second service message of which the INT information field is deleted to the next hop network equipment of the network equipment.
11. The apparatus of claim 7, wherein the first adjusting module comprises:
a first adjusting submodule, configured to adjust the INT information field to be in front of a user payload field in the inner layer message;
or,
and the second adjusting submodule is used for adjusting the INT information field to the back of the user load field of the inner layer message.
12. The apparatus of claim 7, further comprising:
a second processing module, configured to perform tunnel encapsulation processing on the second service packet when it is determined that the second service packet does not need to be subjected to service processing and a next hop network device of the network device and the network device are in different virtual extensible local area networks VXLAN;
the second processing module is further configured to adjust the INT information field to a tunnel header to obtain a sixth service packet;
and the third forwarding module is used for forwarding the sixth service message through a tunnel.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711164378.5A CN108011837B (en) | 2017-11-21 | 2017-11-21 | Message processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711164378.5A CN108011837B (en) | 2017-11-21 | 2017-11-21 | Message processing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108011837A true CN108011837A (en) | 2018-05-08 |
| CN108011837B CN108011837B (en) | 2021-06-29 |
Family
ID=62052969
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711164378.5A Active CN108011837B (en) | 2017-11-21 | 2017-11-21 | Message processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108011837B (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109787833A (en) * | 2019-01-23 | 2019-05-21 | 清华大学 | Network exception event cognitive method and system |
| CN110752993A (en) * | 2019-10-24 | 2020-02-04 | 新华三信息安全技术有限公司 | Message forwarding method and device |
| WO2020052557A1 (en) * | 2018-09-10 | 2020-03-19 | Zte Corporation | Techniques to collect and transport telemetry information in a communication network |
| CN111277426A (en) * | 2018-12-05 | 2020-06-12 | 中兴通讯股份有限公司 | IOAM information processing method and device |
| CN111371754A (en) * | 2020-02-24 | 2020-07-03 | 盛科网络(苏州)有限公司 | Service message with INT data segment and service message processing method |
| CN112003776A (en) * | 2020-08-12 | 2020-11-27 | 广东省新一代通信与网络创新研究院 | Message processing method and system |
| CN112436951A (en) * | 2019-08-26 | 2021-03-02 | 北京京东尚科信息技术有限公司 | Method and device for predicting flow path |
| WO2021128927A1 (en) * | 2019-12-27 | 2021-07-01 | 盛科网络(苏州)有限公司 | Message processing method and apparatus, storage medium, and electronic apparatus |
| CN113328956A (en) * | 2021-06-07 | 2021-08-31 | 新华三技术有限公司 | Message processing method and device |
| CN113364778A (en) * | 2021-06-07 | 2021-09-07 | 新华三技术有限公司 | Message processing method and device |
| JP2022071112A (en) * | 2018-06-06 | 2022-05-13 | 華為技術有限公司 | Data packet detection method, device, and system |
| CN114697160A (en) * | 2020-12-28 | 2022-07-01 | 国家计算机网络与信息安全管理中心 | Tunnel message processing method and device |
| CN114760166A (en) * | 2020-12-28 | 2022-07-15 | 国家计算机网络与信息安全管理中心 | Tunnel message processing method and device |
| CN115150420A (en) * | 2021-03-29 | 2022-10-04 | 中移(上海)信息通信科技有限公司 | Service processing method, device and related equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102377663A (en) * | 2010-08-24 | 2012-03-14 | 华为技术有限公司 | Method, device and system for processing clock message |
| US20120155472A1 (en) * | 2010-12-16 | 2012-06-21 | Electronics Telecommunications Research Institute | Apparatus and method for classifying packets |
| CN104468391A (en) * | 2014-12-16 | 2015-03-25 | 盛科网络(苏州)有限公司 | Method and system for achieving load balance according to user information of tunnel message |
| CN106878259A (en) * | 2016-12-14 | 2017-06-20 | 新华三技术有限公司 | A kind of message forwarding method and device |
-
2017
- 2017-11-21 CN CN201711164378.5A patent/CN108011837B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102377663A (en) * | 2010-08-24 | 2012-03-14 | 华为技术有限公司 | Method, device and system for processing clock message |
| US20120155472A1 (en) * | 2010-12-16 | 2012-06-21 | Electronics Telecommunications Research Institute | Apparatus and method for classifying packets |
| CN104468391A (en) * | 2014-12-16 | 2015-03-25 | 盛科网络(苏州)有限公司 | Method and system for achieving load balance according to user information of tunnel message |
| CN106878259A (en) * | 2016-12-14 | 2017-06-20 | 新华三技术有限公司 | A kind of message forwarding method and device |
Cited By (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP7375068B2 (en) | 2018-06-06 | 2023-11-07 | 華為技術有限公司 | Data packet detection methods, devices, and systems |
| JP2022071112A (en) * | 2018-06-06 | 2022-05-13 | 華為技術有限公司 | Data packet detection method, device, and system |
| US10979787B2 (en) | 2018-09-10 | 2021-04-13 | Zte Corporation | Techniques to collect and transport telemetry information in a communication network |
| WO2020052557A1 (en) * | 2018-09-10 | 2020-03-19 | Zte Corporation | Techniques to collect and transport telemetry information in a communication network |
| CN112689977A (en) * | 2018-09-10 | 2021-04-20 | 中兴通讯股份有限公司 | Techniques for collecting and transmitting telemetry information in a communication network |
| CN111277426A (en) * | 2018-12-05 | 2020-06-12 | 中兴通讯股份有限公司 | IOAM information processing method and device |
| CN111277426B (en) * | 2018-12-05 | 2022-08-19 | 中兴通讯股份有限公司 | IOAM information processing method and device |
| CN109787833A (en) * | 2019-01-23 | 2019-05-21 | 清华大学 | Network exception event cognitive method and system |
| CN109787833B (en) * | 2019-01-23 | 2020-05-08 | 清华大学 | Network abnormal event sensing method and system |
| CN112436951A (en) * | 2019-08-26 | 2021-03-02 | 北京京东尚科信息技术有限公司 | Method and device for predicting flow path |
| CN112436951B (en) * | 2019-08-26 | 2024-05-24 | 北京京东尚科信息技术有限公司 | Method and device for predicting flow path |
| CN110752993B (en) * | 2019-10-24 | 2022-02-25 | 新华三信息安全技术有限公司 | Message forwarding method and device |
| CN110752993A (en) * | 2019-10-24 | 2020-02-04 | 新华三信息安全技术有限公司 | Message forwarding method and device |
| WO2021128927A1 (en) * | 2019-12-27 | 2021-07-01 | 盛科网络(苏州)有限公司 | Message processing method and apparatus, storage medium, and electronic apparatus |
| CN111371754A (en) * | 2020-02-24 | 2020-07-03 | 盛科网络(苏州)有限公司 | Service message with INT data segment and service message processing method |
| CN112003776A (en) * | 2020-08-12 | 2020-11-27 | 广东省新一代通信与网络创新研究院 | Message processing method and system |
| CN112003776B (en) * | 2020-08-12 | 2022-05-20 | 广东省新一代通信与网络创新研究院 | Message processing method and system |
| CN114760166A (en) * | 2020-12-28 | 2022-07-15 | 国家计算机网络与信息安全管理中心 | Tunnel message processing method and device |
| CN114697160A (en) * | 2020-12-28 | 2022-07-01 | 国家计算机网络与信息安全管理中心 | Tunnel message processing method and device |
| CN114760166B (en) * | 2020-12-28 | 2023-05-26 | 国家计算机网络与信息安全管理中心 | Tunnel message processing method and device |
| CN114697160B (en) * | 2020-12-28 | 2023-05-26 | 国家计算机网络与信息安全管理中心 | Tunnel message processing method and device |
| CN115150420A (en) * | 2021-03-29 | 2022-10-04 | 中移(上海)信息通信科技有限公司 | Service processing method, device and related equipment |
| CN115150420B (en) * | 2021-03-29 | 2024-04-09 | 中移(上海)信息通信科技有限公司 | Service processing method and device and related equipment |
| CN113328956B (en) * | 2021-06-07 | 2022-07-01 | 新华三技术有限公司 | Message processing method and device |
| CN113364778B (en) * | 2021-06-07 | 2022-07-29 | 新华三技术有限公司 | Message processing method and device |
| CN113364778A (en) * | 2021-06-07 | 2021-09-07 | 新华三技术有限公司 | Message processing method and device |
| CN113328956A (en) * | 2021-06-07 | 2021-08-31 | 新华三技术有限公司 | Message processing method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108011837B (en) | 2021-06-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108011837B (en) | Message processing method and device | |
| CN108924062B (en) | Message processing method and device | |
| US10412008B2 (en) | Packet processing method, apparatus, and system | |
| CN110703817B (en) | Control method, device and system for statistical flow | |
| CN110650076B (en) | VXLAN implementation method, network equipment and communication system | |
| US20220086236A1 (en) | User Plane Connection Establishment Method And Apparatus, And System | |
| CN113055127B (en) | Data message duplicate removal and transmission method, electronic equipment and storage medium | |
| CN108521371B (en) | Message forwarding method and device | |
| US10873562B2 (en) | IP address allocation system and method | |
| CN106878181A (en) | A kind of message transmitting method and device | |
| EP3618393B1 (en) | Packet forwarding | |
| WO2016150205A1 (en) | Method, device and system for processing vxlan message | |
| CN109412927B (en) | Multi-VPN data transmission method and device and network equipment | |
| CN113852552B (en) | Network communication method, system and storage medium | |
| KR100748698B1 (en) | Apparatus and method of packet processing in security communication system | |
| CN108600109A (en) | A kind of message forwarding method and device | |
| CN108390812B (en) | Message forwarding method and device | |
| CN112751871A (en) | Data transmission method, device, network equipment and storage medium | |
| CN112995053A (en) | Method and device for sending message | |
| EP2996303A1 (en) | Input parameter generation method and device | |
| CN108471374B (en) | Data message forwarding method and device | |
| CN108156066B (en) | Message forwarding method and device | |
| EP3905634A1 (en) | Network defense method and security detection device | |
| US9998376B2 (en) | Control device, communication system, control method, and non-transitory recording medium | |
| WO2021047317A1 (en) | Packet processing method and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |