CN113300949B

CN113300949B - Method for forwarding message, method, device and system for releasing routing information

Info

Publication number: CN113300949B
Application number: CN202010113843.8A
Authority: CN
Inventors: 胡志波; 姚俊达
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2020-02-24
Filing date: 2020-02-24
Publication date: 2022-12-06
Anticipated expiration: 2040-02-24
Also published as: WO2021169258A1; CN113300949A

Abstract

The application provides a method for forwarding a message, a method for issuing routing information, a device and a system, and belongs to the technical field of communication. The method comprises the steps of providing a plurality of positioning information (locators) with different prefix lengths, using the locators with the low network segment prefixes as the locators for positioning all devices in an anycast group, using the locators with the plurality of high network segment prefixes as the locators for positioning each corresponding device in the anycast group respectively, and enabling the locators with the plurality of high network segment prefixes to be located in the network segment range of the locators with the low network segment prefixes. When the device in the anycast group is in failure, for the message with the destination address as the failed device, the locator of the low network segment prefix is matched when the destination address of the message is used for inquiring the local routing information, so that the message is forwarded to other devices in the anycast group. The method can realize the redundancy protection among a plurality of devices and protect the normal forwarding of the flow.

Description

Method for forwarding message, method, device and system for issuing routing information

Technical Field

The present application relates to the field of communications technologies, and in particular, to a method for forwarding a packet, a method for issuing routing information, an apparatus, and a system.

Background

Redundancy protection is a technique for performing redundancy backup on devices, links, etc. For example, in a network architecture in which a Customer Edge (CE) device is dually homed, two Provider Edge (PE) devices to which the CE device is dually homed may be protected from each other. If one PE device fails, another PE device may take over the forwarding operation of the failed PE device, and forward the packet sent by the Provider backbone (P) device to the CE device, so as to avoid interruption of service due to failure of a single PE device, and ensure high availability of the network.

In time, redundancy protection can be achieved through anycast (anycast) technology. Specifically, two or more devices are added to the same anycast group (anycast group), and the same locator is configured on each device in the same anycast group, so that each device in the same anycast group issues the same locator routing information according to the same locator. When one device in the anycast group fails, the Fast switch to another device is performed by anycast Fast Reroute (anycast FRR).

The locator is a term in an internet protocol version 6for Segment Routing (SRv 6) based on version 6 of the internet protocol, and may be translated into location information, addressing information, or location information, or may have other names according to different manufacturers or scenes. The locator occupies the high bits of the SRv6 Segment Identification (SID). The locator is essentially an internet protocol version 6 (IPv 6) network segment, and all IPv6 addresses in the network segment can be allocated as SRv6 SID. After the device is configured with the locator, the device generates a piece of locator routing information, the device can be located through the locator routing information, and all the SRv6 SIDs issued by the device can arrive through the piece of locator routing information. The locator routing information may be translated into the network segment routing information or the locator network segment routing information, and may also be referred to as other names according to different vendors or different scenes.

When the above-mentioned manner is adopted to perform redundancy protection, it needs to be ensured that each device in the anycast group is configured with the same locator, and it needs to configure the same SRv6 Virtual Private Network (VPN) SID for each device in the anycast group under the same locator. In order to ensure that the SRv6VPN SIDs of different devices are the same, the SRv6VPN SID can be manually specified by the user only in a static configuration manner, and the function of dynamically generating the VPN SID cannot be supported.

Disclosure of Invention

The embodiment of the application provides a method for forwarding a message, a method for issuing routing information, a device and a system, which can realize mutual protection among a plurality of devices and are beneficial to supporting the function of dynamically generating VPN SID. The technical scheme is as follows:

in a first aspect, a method for forwarding a packet is provided, in which a packet is received, a destination address of the packet includes first location information (locator), and the first locator is used to indicate an address of a first device; inquiring the routing information which is longest matched with the destination address of the message from the local routing information to obtain anycast routing information of the anycast group; and sending the message to the second equipment according to the anycast routing information. The anycast group includes the first device and the second device, the first device and the second device protect each other, the destination address of the anycast routing information includes a second locator, the prefix length of the second locator is smaller than that of the first locator, and the network segment range corresponding to the second locator includes the network segment range corresponding to the first locator.

The method may be performed by a P device in a network. According to the method, a plurality of locators with different prefix lengths are provided, the locators with the low network segment prefixes are used as the locators for positioning to all the devices in the anycast group, the locators with the high network segment prefixes are distributed for each device in the anycast group within the network segment range of the locators with the low network segment prefixes, the locators with the high network segment prefixes are respectively used as the locators for positioning to each corresponding device in the anycast group, and the locators with the high network segment prefixes are located within the network segment range of the locators with the low network segment prefixes. By skillfully designing the locator, under the condition that the equipment in the anycast group has a fault, for the message of which the destination address is the faulty equipment, because the locator of the destination address of the message is the own locator of the faulty equipment, in the process of inquiring the local routing information by using the destination address of the message, the locator of the low network segment prefix is matched, and according to the locator of the low network segment prefix, the message is forwarded to other equipment in the anycast group. The method leads the flow of the fault equipment to be led to other equipment, thereby protecting the normal forwarding of the flow, avoiding the problem of flow packet loss after route convergence after fault, realizing a redundancy protection mechanism among a plurality of equipment and increasing the robustness of the network. In particular, the method can be applied to a network in which a CE device is multi-homed to access a PE device, and a plurality of PE devices accessed by the same CE device form an anycast group, and the plurality of PE devices share a locator with a low network segment prefix and are respectively configured with the locators with respective high network segment prefixes. Then, when one PE device fails, the destination address is matched to the locator of the low network segment prefix, so that the traffic is forwarded to other PE devices, thereby implementing mutual protection among multiple PE devices.

In addition, different devices in the anycast group get rid of the harsh limitation that the configured VPN SID must be the same, and can support the dynamic generation of the VPN SID, and different devices in the anycast group can dynamically generate different VPN SIDs under the locators of respective high network segment prefixes, thereby reducing the constraint on network planning, reducing the difficulty of network deployment, improving the flexibility of issuing the VPN SID, being beneficial to avoiding the problem of influencing VPN convergence, and solving the problem of traffic bypassing.

Optionally, the first N bits of the first locator are the same as the first N bits of the second locator, the prefix length of the first locator is M bits, N and M are integers, and N is smaller than M.

By the alternative mode, the locator of the high-network-segment prefix and the locator of the low-network-segment prefix have the same high-order bit, and the locator of the low-network-segment prefix has more (M-N) bits, and different values of the (M-N) bits can be used for distinguishing different devices in the anycast group. In other words, the whole locator of the anycast group can be obtained by removing the (M-N) bit at the end of the own locator of the device in the anycast group, so that the locator of the anycast group is simpler to plan and has high feasibility. Optionally, the value of M-N may be 1, that is, the device's own locator removes the last 1 bit, so as to obtain the locator of the anycast group as a whole.

Optionally, before receiving the packet, the method further includes: and in response to the first device failing, deleting the first network segment routing information issued by the first device from the local routing information, wherein the destination address of the first network segment routing information comprises the first locator.

Through the optional mode, after the routing is converged, the router network segment routing issued by the fault equipment is deleted, then when the traffic to be sent to the fault equipment comes, the router with the low network segment prefix is matched according to the longest matching rule, and the message is forwarded to other equipment in the anycast group according to the router with the low network segment prefix. Therefore, the flow of the fault equipment can be guided to other equipment, so that the normal forwarding of the flow is protected, and the problem of flow packet loss after route convergence after the fault is avoided.

Optionally, before receiving the packet, the method further includes: receiving first network segment routing information issued by the first device, wherein a destination address of the first network segment routing information comprises the first locator; and receiving the anycast routing information of the anycast group issued by the first device and the second device.

Through the optional mode, the network segment routing information of the plurality of locators with different prefix lengths can be stored in the local routing information, and for the device in the anycast group, if the locator of the destination address of the message is the locator of the device per se under the condition that the device is normal, the locator of the high network segment prefix can be matched according to the longest matching rule, so that the message is forwarded to the device. Under the condition that the equipment is normal, the method is helpful for forwarding the traffic to the destination end along the shortest path, and the condition of normal bypassing is avoided, so that the forwarding time delay is reduced.

Optionally, before receiving the packet, the method further includes: receiving second network segment routing information issued by the second device, wherein a destination address of the second network segment routing information includes a third locator, the third locator is used for indicating an address of the second device, the third locator is different from the first locator, a prefix length of the second locator is smaller than that of the third locator, and a network segment range corresponding to the second locator includes a network segment range corresponding to the third locator.

In the method, a first device obtains a first locator and a second locator, where the first locator is used to indicate an address of the first device, a prefix length of the second locator is smaller than that of the first locator, and a network segment range corresponding to the second locator includes a network segment range corresponding to the first locator; the first device issues anycast routing information of an anycast group, the anycast group includes the first device and a second device, the first device and the second device are mutually protected, a destination address of the anycast routing information includes the second locator, and an address of the second device is located in a network segment range corresponding to the second locator.

The method may be performed by a PE device in a network. According to the method, a plurality of locators with different prefix lengths are provided, the locators with the low network segment prefixes are used as the locators for positioning all the devices in the anycast group, the locators with the high network segment prefixes are distributed for each device of the anycast group in the network segment range of the locators with the low network segment prefixes, and the locators with the high network segment prefixes of each device are respectively used as the locators for positioning the corresponding devices. By skillfully designing the locator, for the device in the anycast group, under the condition that the device is normal, if the locator of the destination address of the message is the locator of the device, the locator of the high-network-segment prefix is matched according to the longest matching rule, so that the message is forwarded to the device. Under the condition that the equipment is normal, the method is helpful for forwarding the traffic to the destination end along the shortest path, and the condition of normal bypassing is avoided, so that the forwarding time delay is reduced. If the device in the anycast group is in failure, the locator with the low network segment prefix can be used for guiding the flow to other devices which are not in failure in the anycast group, and the other devices replace the failed devices to forward the flow, so that the function of redundancy protection is realized. Therefore, the method can increase the robustness of the network and realize more flexible network guarantee.

Optionally, the method further comprises: and the first equipment issues first network segment routing information, and the destination address of the first network segment routing information comprises the first locator.

Optionally, the method further comprises: the first device receives a message, wherein a destination address of the message comprises a third locator, the third locator is used for indicating an address of the second device, and the third locator is different from the first locator; and the first equipment sends the message according to the destination address.

Optionally, the destination address of the packet includes a virtual private network segment identifier VPN SID, the VPN SID is used to send the packet to a customer edge CE device, the VPN SID includes the third locator, in the process of forwarding the packet, the first device queries a local SID list according to the VPN SID, if the VPN SID hits a remote SID in the local SID list, the packet is sent to the CE device according to the remote SID, the local SID list includes a remote identifier, and a value of the remote identifier corresponding to the remote SID in the local SID list is different from a value of the remote identifier corresponding to the local SID; or, the first device queries a far-end SID table according to the VPN SID, and sends a message to the CE device according to the far-end SID if the VPN SID hits the far-end SID in the far-end SID table, wherein the far-end SID table is used for storing the far-end SID.

Optionally, the VPN SID issued by the first device is different from the VPN SID issued by the second device, the VPN SID issued by the first device includes the first locator, the VPN SID issued by the second device includes a third locator, a prefix length of the third locator is greater than a prefix length of the second locator, and a network segment range corresponding to the third locator is within a network segment range corresponding to the second locator.

Optionally, the first device and the second device are two provider edge PE devices to which the CE device is dually connected.

Optionally, the method further comprises: and the first equipment sends private network routing information of the CE equipment to the second equipment, wherein the VPN SID carried by the private network routing information is used for sending a message to the CE equipment.

In a third aspect, a network device is provided, where the network device has a function of implementing redundancy protection in the first aspect or any one of the optional manners of the first aspect. The network device includes at least one module, where the at least one module is configured to implement the method for forwarding a packet provided by the first aspect or any one of the optional manners of the first aspect. For specific details of the network device provided in the third aspect, reference may be made to the first aspect or any optional manner of the first aspect, and details are not described here.

In a fourth aspect, a network device is provided, wherein the network device has a function of implementing redundancy protection in the second aspect or any of the alternatives of the second aspect. The network device comprises at least one module, and the at least one module is configured to implement the method for publishing routing information provided by the second aspect or any optional manner of the second aspect. For specific details of the network device provided in the fourth aspect, reference may be made to the second aspect or any optional manner of the second aspect, and details are not described here.

In a fifth aspect, a network device is provided, where the network device includes a processor, and the processor is configured to execute instructions to enable the network device to perform the method for forwarding a packet provided in the first aspect or any one of the optional manners of the first aspect. For specific details of the network device provided in the fifth aspect, reference may be made to the first aspect or any optional manner of the first aspect, and details are not described here.

In a sixth aspect, a network device is provided, which includes a processor configured to execute instructions to cause the network device to perform the method for issuing routing information provided in the second aspect or any one of the alternatives of the second aspect. For specific details of the network device provided by the sixth aspect, reference may be made to the second aspect or any optional manner of the second aspect, which is not described herein again.

In a seventh aspect, a computer-readable storage medium is provided, where at least one instruction is stored in the storage medium, and the instruction is read by a processor to enable a network device to execute the method for forwarding a packet provided in the first aspect or any one of the optional manners of the first aspect.

In an eighth aspect, a computer-readable storage medium is provided, where at least one instruction is stored in the storage medium, and the instruction is read by a processor to cause a network device to execute the method for issuing routing information provided in the second aspect or any optional manner of the second aspect.

A ninth aspect provides a computer program product, which, when running on a network device, causes the network device to execute the method for forwarding a packet provided in the first aspect or any one of the options of the first aspect.

A tenth aspect provides a computer program product, which, when run on a network device, causes the network device to execute the method for distributing routing information provided in the second aspect or any of the alternatives of the second aspect.

An eleventh aspect provides a chip, and when the chip runs on a network device, the chip enables the network device to execute the method for forwarding a packet provided in the first aspect or any one of the options of the first aspect.

In a twelfth aspect, a chip is provided, which when running on a network device, causes the network device to execute the method for publishing routing information provided in the second aspect or any one of the alternatives of the second aspect.

In a thirteenth aspect, a network system is provided, which includes the network device provided in the third aspect and the network device provided in the fourth aspect.

In a fourteenth aspect, the present application provides a network device, comprising: a main control board and an interface board. The main control board includes: a first processor and a first memory. The interface board includes: a second processor, a second memory, and an interface card. The main control board is coupled with the interface board.

The first memory may be configured to store program code, and the first processor is configured to call the program code in the first memory to: inquiring routing information which is longest matched with a destination address of a message from local routing information to obtain anycast routing information of an anycast group, wherein the anycast group comprises first equipment and second equipment, the first equipment and the second equipment are mutually protected, the destination address of the anycast routing information comprises second positioning information, the prefix length of the second positioning information is smaller than that of the first positioning information, and a network segment range corresponding to the second positioning information comprises a network segment range corresponding to the first positioning information.

The second memory may be configured to store program code, and the second processor may be configured to invoke the program code in the second memory to trigger the interface card to perform the following: receiving a message, wherein a destination address of the message comprises first positioning information, and the first positioning information is used for indicating an address of first equipment; and sending the message to the second equipment according to the anycast routing information.

In a possible implementation manner, an inter-process communication protocol (IPC) channel is established between the main control board and the interface board, and the main control board and the interface board communicate with each other through the IPC channel.

In a fifteenth aspect, a network device is provided, which includes: a main control board and an interface board. The main control board includes: a first processor and a first memory. The interface board includes: a second processor, a second memory, and an interface card. The main control board is coupled with the interface board.

The first memory may be configured to store program code, and the first processor is configured to call the program code in the first memory to perform the following: acquiring first positioning information and second positioning information, wherein the first positioning information is used for indicating an address of the first device, the prefix length of the second positioning information is smaller than that of the first positioning information, and the network segment range corresponding to the second positioning information comprises the network segment range corresponding to the first positioning information.

The second memory may be configured to store program code, and the second processor may be configured to invoke the program code in the second memory to trigger the interface card to perform the following: and issuing anycast routing information of an anycast group, wherein the anycast group comprises the first equipment and the second equipment, the first equipment and the second equipment are mutually protected, the destination address of the anycast routing information comprises the second positioning information, and the address of the second equipment is positioned in the network segment range corresponding to the second positioning information.

In a possible implementation manner, an IPC channel is established between the main control board and the interface board, and the main control board and the interface board communicate with each other through the IPC channel.

Drawings

Fig. 1 is a schematic diagram of an SRv6 packet provided in an embodiment of the present application;

fig. 2 is a schematic diagram of an SRH provided in an embodiment of the present application;

fig. 3 is a schematic diagram of an IPv6 destination address translation of a packet according to an embodiment of the present application;

fig. 4 is a schematic diagram of an SRv6SID provided in an embodiment of the present application;

FIG. 5 is a schematic diagram of an End SID according to an embodiment of the present application;

fig. 6 is a schematic diagram of a forwarding process based on an End SID according to an embodiment of the present application;

fig. 7 is a schematic diagram of a forwarding operation corresponding to an end.dt4SID provided in an embodiment of the present application;

FIG. 8 is a diagram of a system architecture 100 according to an embodiment of the present application;

fig. 9 is a schematic diagram of anycast (anycast) redundancy protection provided in an embodiment of the present application;

fig. 10 is a schematic diagram of Mirror image protection provided in the embodiment of the present application;

fig. 11 is a flowchart of a method for distributing routing information according to an embodiment of the present application;

fig. 12 is a schematic diagram of a locator configured with different prefix lengths according to an embodiment of the present application;

fig. 13 is a schematic diagram of distributing anycast routing information according to an embodiment of the present application;

fig. 14 is a flowchart of a method for forwarding a packet according to an embodiment of the present application;

fig. 15 is a flowchart of a method for forwarding a packet according to an embodiment of the present application;

fig. 16 is a flowchart of a method for forwarding a packet according to an embodiment of the present application;

fig. 17 is a schematic diagram of a message forwarding process in a fault state according to an embodiment of the present application;

fig. 18 is a schematic diagram of processing far-end cross-routes according to an embodiment of the present application;

fig. 19 is a flowchart of a method for forwarding a packet according to an embodiment of the present application;

fig. 20 is a schematic structural diagram of a network device 600 according to an embodiment of the present application;

fig. 21 is a schematic structural diagram of a network device 700 according to an embodiment of the present application;

fig. 22 is a schematic structural diagram of a network device 800 according to an embodiment of the present application;

fig. 23 is a schematic structural diagram of an interface board according to an embodiment of the present application;

fig. 24 is a schematic structural diagram of a network device 1000 according to an embodiment of the present application.

Detailed Description

To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.

The terms "first," "second," and the like in this application are used for distinguishing between similar items and items that have substantially the same function or similar functionality, and it should be understood that "first," "second," and "nth" do not have any logical or temporal dependency or limitation on the number or order of execution. It will be further understood that, although the following description uses the terms first, second, etc. to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another. For example, a first device may be termed a second device, and, similarly, a second device may be termed a first device, without departing from the scope of the various examples. The first device and the second device may both be devices, and in some cases, may be separate and distinct devices.

The term "at least one" in this application means one or more, and the term "plurality" in this application means two or more, for example, a plurality of second messages means two or more second messages. The terms "system" and "network" are often used interchangeably herein.

It is to be understood that the terminology used in the description of the various examples herein is for the purpose of describing particular examples only and is not intended to be limiting. As used in the description of the various examples and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.

It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items. The term "and/or" is an associative relationship that describes an associated object, meaning that three relationships may exist, e.g., A and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" in the present application generally indicates that the former and latter related objects are in an "or" relationship.

It should also be understood that, in the embodiments of the present application, the sequence numbers of the respective processes do not mean the execution sequence, and the execution sequence of the respective processes should be determined by the functions and the inherent logic thereof, and should not constitute any limitation to the implementation process of the embodiments of the present application.

It should be understood that determining B from a does not mean determining B from a alone, but may also be determined from a and/or other information.

It will be further understood that the terms "comprises," "comprising," "includes," and/or "including," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.

It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items. The term "and/or" is an associative relationship that describes an associated object, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" in the present application generally indicates that the preceding and following related objects are in an "or" relationship.

It is also understood that the term "if" may be interpreted to mean "when" ("where" or "upon") or "in response to a determination" or "in response to a detection". Similarly, the phrase "if it is determined." or "if [ a stated condition or event ] is detected" may be interpreted to mean "upon determining.. Or" in response to determining. "or" upon detecting [ a stated condition or event ] or "in response to detecting [ a stated condition or event ]" depending on the context.

It should be appreciated that reference throughout this specification to "one embodiment," "an embodiment," "one possible implementation" means that a particular feature, structure, or characteristic described in connection with the embodiment or implementation is included in at least one embodiment of the present application. Thus, the appearances of the phrases "in one embodiment" or "in an embodiment" or "one possible implementation" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.

The method for forwarding the message and the method for releasing the Routing information provided by the embodiment of the application can be applied to the scene of a Segment Routing (SR) network. Specifically, the method for forwarding a packet and the method for issuing Routing information in the embodiments of the present application can be applied to a scenario in which Client Edge (CE) equipment is doubly accessed to Provider Edge (PE) equipment in an internet protocol version 6 (internet protocol version 6for Segment Routing, abbreviated as SRv 6) based on internet protocol version 6, and for convenience of understanding, first, relevant terms in the SRv6 and technical principles of the SRv6 related to the embodiments of the present application are briefly introduced below.

SR is a technology designed based on the concept of source routing to forward messages in a network. The SR divides the network path into segments (segments) and assigns Segment Identifications (SID) to the segments and forwarding nodes in the network. By arranging the SIDs in order, a Segment List (Segment List) can be obtained, and the Segment List can indicate the forwarding path of the packet. Through the SR technology, the nodes and paths through which the messages carrying the Segment List pass can be specified, so that the requirement of flow optimization is met. By way of an analogy, the message may be compared to luggage, the SR may be compared to labels attached to luggage, and if luggage is to be sent from area a to area D, on the way to area B and area C, the luggage may be attached with a label "first to area B, then to area C, and finally to area D" at originating area a, so that each area only needs to identify the label on the luggage and forward the luggage from one area to another according to the label of the luggage. In the SR technique, a source node adds a label to a packet, and an intermediate node can forward the packet to a next node according to the label until the packet reaches a destination node. For example, if < SID1, SID2, SID3> is inserted into the packet header of the packet, the packet will be forwarded to the node corresponding to SID1, then to the node corresponding to SID2, and then to the node corresponding to SID 3. The SR technology includes a multiprotocol Label Switching Segment Routing (SR MPLS) technology and an SRv6 technology.

SID is the identification of a segment, used to identify a unique segment. In the forwarding plane of SR MPLS, the SID may be mapped to an MPLS label. In the forwarding plane of SRv6, the SID may be mapped to an IPv6 address. The SID can essentially represent a topology, an instruction, or a service. The currently working SID is a currently pending segment in the segment list, and may also be referred to as an active SID (active SID), a currently pending SID, and a currently working SID. When the SR node receives the message, the active segment is processed. In SR MPLS, the active segment is the outermost label of the label stack. In SRv6, the active segment is the destination address of the IPv6 packet carrying SRH. In addition, the active segment may be indicated by a value of a remaining segment quantity (SL) field. For example, if the segment list includes 5 SIDs, SID0, SID1, SID2, SID3 and SID4, respectively, and SL takes a value of 2, it indicates that there are 2 SIDs in the segment list, SID0 and SID1, respectively, that the SID to be processed currently in the segment list is SID2, and there are 2 SIDs in the segment list, SID3 and SID4, respectively, that have been processed.

The SRv6 technology refers to applying the SR technology in an IPv6 network. The SID of SRv6 is encoded using IPv6 addresses (128 bits) and encapsulated in the SRv6 extension header (SRH). When a message is forwarded, a node supporting the SRv6 queries a local SID table (local SID table) according to a Destination Address (DA) in the message, and when the Destination Address of the message is matched with any SID in the local SID table, determines that the Destination Address hits the local SID table, and executes corresponding operations based on a topology, an instruction or a service corresponding to the SID; and if the destination address of the message is not matched with each SID in the local SID table, inquiring the routing forwarding table of IPv6 according to the destination address, and forwarding the message according to the routing forwarding table hit by the destination address in the routing forwarding table.

A local SID table (also called a local SID table) is a table maintained by SRv 6-enabled nodes. The local SID table contains the SRv6SID generated by this node. From the local SID table, an SRv6 forwarding table FIB may be generated. The function of the local SID list is mainly three. First, a locally generated SID, such as an end.x SID, is defined. Second, instructions bound to these SIDs are specified. Third, forwarding information associated with the instructions, such as outgoing interfaces and next hops, is stored. In some embodiments, after entering the command display segment-routing ipv6 Local-SID, the Local SID table of the SRv6 configured on the device can be viewed. Where the command may carry a parameter End to specify viewing the Local SID table for SRv6 End. This command may carry a parameter end.x to specify the Local SID table to view SRv6 end.x. The command may carry a parameter end-dt4 to specify viewing the Local SID table for SRv6 end-dt 4.

SRv6 message: the IPv6 message consists of an IPv6 standard header, an extension header (0.. N) and a load Payload. In order to implement Segment Routing IPv6 (SRv 6) based on IPv6 forwarding plane, an IPv6 extension Header called SRH (Segment Routing Header) is newly added, which specifies an explicit path of IPv6, and Segment List information of IPv6 is stored, which has the same function as Segment List in SR MPLS. The head node adds an SRH extension head in the IPv6 message, and the intermediate node can forward the message according to the path information contained in the SRH extension head. By adding the extension header, the SR and the original IPv6 forwarding plane are smoothly merged.

Referring to fig. 1, fig. 1 is a schematic diagram of an SRv6 message provided in the embodiment of the present application. The SRv6 message may include an IPv6 header, SRH, and payload. Each part of the SRv6 message is described below by (1) to (3):

(1) IPv6 header in SRv6 message.

The IPv6 header in the SRv6 message may include a Source Address (SA) and a Destination Address (DA). In the ordinary IPv6 message, the IPv6DA is fixed and unchangeable. In SRv6, IPv6DA identifies the next node of the current packet, and in the SR tunnel, the SR node may continuously update the destination address to complete hop-by-hop forwarding. The SID carried by the destination address in the IPv6 header may be referred to as an active SID.

(2) SRH in SRv6 message.

SRH is an IPv6 extension header. SRH is used to implement SRv6 based on the IPv6 forwarding plane. Referring to fig. 2, fig. 2 is a schematic diagram of an SRH provided in an embodiment of the present application.

The SRH may include the following (2.1) to (2.2).

(2.1) segment List

The segment list may include one or more SIDs, each of which may be in the form of an IPv6 address, and thus the segment list may also be understood as an explicit IPv6 address stack. The Segment List may be written as Segment List [ n ] which is 128 x n bits long, and the Segment List may be encoded starting from the last Segment of the path. Segment List is an IPv6 address form.

(2.2) the number of remaining stages (Segments Left, SL).

The SL is used to indicate the number of intermediate nodes that should still be visited before reaching the destination node, and the SL field may also be referred to as the remaining nodes field. The value of the SL field may indicate the active SID in the segment list. The SL may be 8bits long. For example, if the segment list includes 5 SIDs, SID0, SID1, SID2, SID3 and SID4, respectively, and SL takes a value of 2, it indicates that there are 2 SIDs in the segment list, SID0 and SID1, respectively, that the SID to be processed currently in the segment list is SID2, and there are 2 SIDs in the segment list, SID3 and SID4, respectively, that have been processed.

In conjunction with (2.1) and (2.2) above, SRH can be abstracted to the following format:

SRH(SL＝n)

<Segment List[0],Segment List[1],Segment List[2],...,Segment List[n]>：

wherein < Segment List [0], segment List [1], segment List [2],. And Segment List [ n ] > are Segment lists of the Rv6 message, and are generated at the ingress node similarly to MPLS label stack information in SR MPLS. Segment List [0] is the first Segment List on the SRv6 path to be processed, segment List [1] is the second, segment List [2] is the third.

It should be noted that, when the SRH in the IPv6 message is expressed, the SRH can be expressed in a reverse order form, that is, in the form of (Segment List [2], segment List [1], segment List [0 ]).

Fig. 3 is a schematic diagram of IPv6DA conversion of a packet according to the embodiment of the present application, and as shown in fig. 3, in SRv6, every time an SRv6 node passes through, information conversion is performed by subtracting 1 from a Segment Left (SL) field, i.e., by IPv6 DA. The Segments Left and Segments List fields together determine IPv6DA information.

If the SL value is n (n-0), then the value of IPv6DA is the value of Segments List [0 ].

If the SL value is n-1, the value of IPv6DA is the value of Segments List [1 ].

If the SL value is n-2, the value of IPv6DA is the value of Segments List [2 ].

...

If the SL value is 0 (n-n = 0), the value of IPv6DA is the value of Segments List [ n ].

Further, the SRH may include (2.3) to (2.9) in addition to the above (2.1) and (2.2).

(2.3) one or more TLVs

TLV is an encoding format and includes a type (type), a length (length), and a value (value). One or more TLVs may be included in the SRH. Different TLVs in SRH may have a parallel relationship or a nested relationship.

Further, as shown in fig. 2, the SRH may further include the following fields:

(2.4) next header type (next header): the SRv6 message may also include one or more extension headers or one or more higher layer headers after the extension header, and the next header is used to identify the type of the message header that immediately follows the SRH. The next header type field may be 8bits in length.

(2.5) Length of extension header (English: header Extended Length, abbreviated as Hdr Ext Len) field: for indicating the length of the SRH header. Mainly means the length occupied from Segment List [0] to Segment List [ n ]. The length field of the extension header may be 8 bits.

(2.6) Routing Type (Routing Type) field: for identifying the routing header Type, the SRH Type is 4. The routing type field may be 8bits in length.

(2.7) Last element index (Last Entry) field. The index of the last element of the segment list is contained in the segment list. The Last Entry field may be 8bits in length.

(2.8) flag (Flags) field: indicating some identification of the packet. The Flags field may be 8bits in length.

(2.9) Tag field: for identifying the same group of packets. The Tag field may be 16 bits in length.

(3) The payload in the SRv6 message.

The payload in the SRv6 message may be the original message. The original packet may be an IPv4 packet, an IPv6 packet, or an Ethernet (english: ethernet) frame.

The structure of the SRv6 message is described above, and the SRv6SID is described below.

The SRv6SID includes 128 bits. The SRv6SID is an instantiated IPv6 address, and such IPv6 address is given a unique function. An SRv6SID may represent a node/link, or an L2/L3 VPN, or a service. It can be said that any network function can be defined by the SRv6 SID. The SRv6SID is a network Instruction (Instruction). The SRv6SID may be in 16-ary data form. The format of the SRv6SID may be X: X: X: X: X: X: X. Please refer to fig. 4, fig. 4 is a schematic diagram of an SRv6SID provided in the embodiment of the present application. After the SRv6SID is generated, the Local SID table is added on one hand, and on the other hand, the Local SID table can be externally issued through a routing protocol.

The SRv6SID includes location information (locator) and function information (function), and the format of the SID is locator: and (4) performing function. Optionally, the SID also includes parameter information (extensions), and the SID is in the format locator: function: extensions. The structure of the SRv6SID is more conducive to programming the network. During actual forwarding, the locator part in the SRv6SID is used to help other nodes in the network to perform routing addressing, find a generating node of the SRv6SID, and forward the SRv6 packet to the node, and the function part is used to instruct the generating node of the SRv6SID to perform corresponding functional operations.

The locator occupies the high order bits of the SID. The locator mainly takes charge of the routing function, that is, the SRv6 node carries out routing forwarding according to the locator, so the locator is only in the SRv6 domain. The locator is an IPv6 network segment, and all IPv6 addresses in the network segment can be distributed as SRv6 SIDs. After the node is configured with the locator, the system generates a locator network segment route, the node can be positioned through the locator network segment route, and all SIDs issued by the node can also reach through the locator network segment route. The locator of the SRv6 can be issued through the SRv6 locator TLV, after receiving the TLV, the device with SRv6 capability issues the corresponding locator to the forwarding table of the local machine, and the device without SRv6 capability does not issue the locator to the forwarding table. The locator may be configured via a locator command. The locator command includes, for example, parameters such as locator name (locator-name) for specifying the node routing segment name of the SID, IPV6 prefix (IPV 6-prefix), prefix length (prefix-length), and the like. The locator name may be in the form of a string. The IPV6 prefix is used to specify the IPV6 address prefix. The IPV6 prefix may be in the form of a 32-bit 16-ary number in the format of X: X: X: X: X: X: X. The prefix length is used to specify the IPv6 address prefix length. The prefix length may be in the form of an integer, and the value range is 32 to 120.

The function occupies the low bits of the SID. The function field is also called Opcode and can be dynamically allocated via IGP protocols or statically configured via Opcode commands. SRv6 can define the action corresponding to each Segment through the function. The function may indicate any function of the device, such as a certain forwarding behavior, or a certain traffic, etc.

The SRv6SID is introduced above. There are many types of SRv6 SIDs, and different types of SRv6 SIDs represent different functions. The most common are End SID and end.x SID, there is also end.dt4SID representing IPv4 VPN. The following describes a forwarding procedure based on SRv6SID with reference to specific types of SRv6 SID:

end in End SID represents endpoint. The End SID is an Endpoint SID, and is used to identify a certain destination address Prefix (Prefix) in the network. The End SID in SRv6 is similar to the Prefix SID in SR MPLS. The SRv6End SID may be issued via an SRv6End SID sub-TLV. The SRv6End SID may be flooded to other network elements based on IGP protocols. The SRv6End SID sub-TLV is a seed TLV for issuing an End-capable SRv6End SID. For example, please refer to fig. 5, fig. 5 is a schematic diagram of an End SID provided in the present application. The End SID of node A may be A: : . The End SID of the node B may be B: : . The End SID of node C may be C: : .

The End SID-based forwarding operation may include: and the SR node receives the message. And the SR node queries a Local SID table according to a destination address in an IPv6 header of the message. And the SR node judges the type (FuncType) of the active SID as an End type according to a Local SID table. The SR node continues to inquire the IPv6 FIB table. And forwarding the message according to the output interface and the next hop inquired in the IPv6 routing forwarding table. For example, referring to table 1 below, table 1 is an illustration of a local SID table. If the IPv6DA of the message is 10:: 1/128, and when an SR node receives an SRv6 message, the SRv6 message is inquired according to the IPv6DA of the SRv6 message, and if the FuncType of 1:: 1/128 is judged to be End, the routing forwarding table of the IPv6 is continuously inquired according to the following ratio of 10.

TABLE 1

Wherein, the header My Local-SID End Forwarding Table of Table 1 represents the Local SID Table of SRv6 End. FuncType denotes the function type. The flavour representation property may be, for example, a second last segment POP (PSP) of the SRH. The locator ID represents the identity assigned for the locator.

Referring to fig. 6, fig. 6 is a schematic diagram of a forwarding process based on an End SID provided in an embodiment of the present application, where the forwarding process includes: the message is pressed into an SRH at the node A, the path information in the SRH is < Z:, F:, D:, B: >, and the destination address in the IPv6 header of the message is B:. When the message passes through an intermediate node, such as a node B and a node D, the intermediate node queries a Local SID table according to IPv6DA of the message, and if the intermediate node judges that the message is of an End type, the intermediate node continues to query an IPv6 FIB table, forwards the message according to the next hop of the outgoing interface searched by the IPv6 FIB table, and simultaneously subtracts 1 from SL and transforms the IPv6DA once. When the message reaches the node F, the node F inquires a Local SID table according to the destination address of the IPv6 header in the message, judges that the message is of an End type, then continuously inquires an IPv6 FIB table, and forwards the message according to an outlet interface inquired by the IPv6 FIB table. And meanwhile, SL is reduced to 0, IPv6DA is changed into Z:, the path information is changed into Z:, F:, D:, B:, and has no practical value, so the node F removes SRH by utilizing the PSP characteristic and then forwards the message with the SRH removed to the node Z.

The end.DT4SID belongs to an End SID, and is specifically an End SID indicating a PE type. DT4SID is used to identify an Internet Protocol version 4 (English: internet Protocol version 4, IPv4) Virtual Private Network (VPN) instance in the Network. end.DT4SID is mainly applied in VPN scenario. End.dt4SID is similar to the label of IPv4 VPN. Referring to fig. 7, the forwarding operation corresponding to the end.dt4SID may include: and decapsulating the message, and searching an IPv4 VPN instance routing table for forwarding.

While the above briefly introduces the terminology and technical principles in the SRv6 technology related to the embodiments of the present application, some embodiments of the present application also relate to the application of anycast technology, and for the convenience of understanding, the following briefly introduces the related terminology and technical principles in the anycast technology related to the embodiments of the present application.

Anycast (anycast) is also called selective broadcast, flooding broadcast or anycast, and is a communication mode of IPv 6. Anycast is a communication method between a sender and a group of receivers, and the group of receivers share the same IP address. In other words, anycasting is to identify a group of nodes providing the same or corresponding service by the same address, each of the nodes can serve as a receiving end of a packet, thereby forming a group of receiving ends, and in the traffic forwarding process, the packet is forwarded to one of the nodes. Wherein, this group of receivers is usually called anycast group (anycast group). As to which node in the anycast group a packet will be forwarded to when communicating using anycast techniques, the packet will typically be routed by the network onto the "nearest" destination interface measured by the routing protocol. Here, the most recent may be determined by characteristic values (metric) such as a router hop count, a server load, a server throughput, a Round Trip Time (RTT) between a client and a server, and an available bandwidth of a link.

Anycast routing information: including the anycast address of the anycast group, which will be assigned to more than two interfaces (generally referring to nodes of different IP addresses), and packets sent to the anycast address are routed to the nearest interface.

In the SRv6 technology, two or more SR nodes may form an anycast group, and the SR nodes in the anycast group issue anycast SID, however, in the anycast technology of the SR in the time, it is required that the anycast SID issued by each SR node is the same, and each device in the same anycast group is configured with the same locator, so as to ensure that when one of the nodes fails, fast Re-Route (FRR) switching to another node is performed quickly. When forwarding is carried out according to the anycast SID, the shortest path can be selected from paths reaching each SR node in the anycast group, and forwarding is carried out according to the shortest path.

The principle of anycast technology is briefly introduced above, and the embodiment of the present application further relates to the application of the longest matching rule in the IP routing field, and the following introduces the principle of the longest matching rule.

The longest match principle is the route lookup for devices that support IP routing. After receiving the IP packet, the router reads the destination address of the IP packet, and performs bit-by-bit comparison between the destination address of the IP packet and each routing table entry in the local routing table to determine which routing table entry in the routing table matches the destination address. If multiple entries in the routing table are all matched with the destination IP, the matching entry is selected according to the longest matching principle, for example, in IPv4, the destination address of the packet is an IPv4 address, which corresponds to the concept of subnet mask, the router selects the entry with the longest mask from the multiple entries as the matching entry, in IPv6, the destination address of the packet is an IPv6 address, which corresponds to the concept of network prefix, and the router selects the entry with the longest prefix length from the multiple entries as the matching entry. And then, the router takes the next hop indicated in the matching entry as the next hop of the IP message. Taking IPV4 as an example, if IPV4 routing table contains such 2 entries: 192.168.20.16/28e0;192.168.0.0/16s0 in the format of IP address/mask length/egress interface. If an IP packet with a destination address of 192.168.20.19 is received, the IP packet may be understood to belong to the 192.168.20.16/28 network or the 192.168.0.0/16 network, and the mask length of 192.168.20.16/28 is longer, which is more precise, and the matching degree of 192.168.20.16/28 is greater than that of 192.168.20.19. At this time, the router selects the entry corresponding to 192.168.20.16/28 as the matching entry based on the longest matching rule, and sends the IP packet through the outgoing interface e 0.

While longest match rules are introduced above, some embodiments of the present application also relate to some terminology in the field of IP routing, which is briefly described below.

Route convergence (convergence) refers to a process that after the topological structure of the network changes, a routing table is reestablished, sent, learned until stable, and all relevant routers in the network are informed of the change. I.e., the behavior of discovering alternate routes by recalculating routes due to changes in network topology.

Fast Reroute (FRR) aims to provide backup protection for important nodes or nodes after a link or a node in a network fails, implement Fast Reroute, reduce the influence on traffic when the link or the node fails, and enable the traffic to be rapidly recovered. FRR protected objects include links and nodes.

Route crossing refers to copying a private network route to other VPN examples, and can be divided into two concepts of remote crossing and local crossing according to different route sources. The far-end intersection refers to a route learned from the VPNv4, and is matched with an IRT (Import Target) configured under a local VPN instance one by one according to an ERT (Export Target) attribute value carried by the route. If a match can be made, the BGP VPNv4 route is converted into a BGP private network route and then copied into the VPN instance routing table. Local crossing means that the route under a certain VPN instance is copied to other VPN instances according to matching rules of ERT and IRT (the same as the rules of remote crossing).

The system architecture provided by the embodiments of the present application is described below.

Referring to fig. 8, a system architecture 100 is provided in an embodiment of the present application. The system architecture 100 is an illustration of a CE dual homed PE scenario. The CE dual-homing PE refers to the condition that the same CE device is accessed to two PE devices. The system architecture 100 includes one or more CE devices, a plurality of PE devices, and one or more P devices.

The CE device is a border router of the customer network, which owns the route of the local site customer network while interfacing with the PE router. CE devices include, without limitation, routers, switches, and the like. Referring to fig. 8, the CE device is, for example, CE1 or CE2 in the system architecture 100, CE2 is dual-homed to PE1 and PE2, and CE2 is dual-homed to PE3 and PE4. Where CE1 has an IP address of 2.2.2.2 and CE2 has an IP address of 1.1.1.1.

The PE devices are connected to CE devices of different customers, and VPN instances are used to distinguish between the different customers. On one hand, the PE device learns private network routing information of the VPN customer from a directly connected CE through a PE-CE routing protocol, then the PE device changes the private network routing information into a VPNv4 prefix through a BGP neighbor relation, and sends the VPNv4 prefix to the remote PE device through MP-BGP; meanwhile, the PE device also obtains a customer VPN route from the far-end PE and transmits the VPN route to the proper direct connection CE device. PE devices include, without limitation, routers, switches, and the like. Referring to fig. 8, the PE device is, for example, PE1, PE2, PE3 or PE4 in the system architecture 100.

The P device is a core router device of the service provider and is responsible for fast forwarding of data. Is not connected to any client device and does not participate in the interaction of any client route and does not learn any client route. P devices include, without limitation, routers, switches, and the like. For example, referring to fig. 8, the P device is, for example, P1 or P2 in fig. 8.

It should be understood that the CE dual-homed PE scenario is only an illustration of the system architecture of the embodiment of the present application, and the embodiment of the present application may also be applied to a CE multi-homed access PE scenario, that is, a CE accesses three or more PEs, in this case, although not shown in fig. 8, CE1 or CE2 in the system architecture 100 accesses more PEs.

The system architecture 100 provided in the embodiment of the present application is introduced above, and a method flow for performing redundancy protection based on the system architecture 100 provided above is exemplarily described below with reference to the first to fifth embodiments. For ease of understanding, before describing the first to fifth embodiments, a description will be given of a case where the redundancy protection scheme is used in a specific application.

In recent times, how to implement redundancy protection of a PE under a CE dual-homed PE scenario has become a hot point of research. For example, in a CE dual homed PE scenario, redundancy protection is implemented by an anycast (anycast) redundancy protection scheme or a Mirror protection scheme. The anycast redundancy protection scheme and the Mirror protection scheme are briefly introduced below.

The anycast redundancy protection scheme is generally used in a pair of cross-domain Area Border Routers (ABRs) or Autonomous System Border Routers (ASBRs), CE dual-in-one PE nodes, and other scenarios. The technological means of the anycast redundancy protection scheme is that two or more devices are added into the same anycast group (anycast group), and the devices of the same anycast group need to be configured with the same locator route so as to ensure that when one node fails, the other node can be quickly switched to by an anycast FRR mode. For example, please refer to fig. 9, which illustrates the use of the anycast technique in a CE dual homed PE scenario.

In a CE dual-homed PE scene, the anycast protection technology needs to ensure that two PEs issue the same SRv6VPN SID in a way of statically specifying the SRv6VPN SID. In addition, because of the limitation of IGP routing preference, the VPN level routing cannot be guaranteed. And the traffic bypassing problem exists in the case of AC side link failure, namely, the P node prefers the next hop PE1 node to forward under the normal condition. If the AC side link of the PE1 fails, the traffic detours, wherein the traffic arrives at the PE1 first and then is forwarded to the PE2. Where AC side refers to the link where PE and CE are connected. The AC side links may be physical links or logical links.

The Mirror protection scheme is to implement redundancy protection of the tail node by configuring Mirror protection. Specifically, mirror image protection is used in a CE dual-homed PE scenario, and a Mirror image protection policy of Mirror SID is configured on a tail node on a dual-homed PE (that is, a PE2 device configured with a dual-homed PE is used to protect a PE1 device, and after a PE1 device fails, traffic is directly forwarded from P1 to PE 2), and is distributed to a direct-connection node P1 of the PE1, so that Mirror FRR protection is formed on the P1 node. For example, referring to fig. 10, fig. 10 illustrates the use of Mirror protection in a CE dual homed PE scenario.

However, the Mirror protection scheme has the following problems:

problem 1, because the Mirror protection is based on calculating backup routes by the locator route, when the network node converges, the locator route is deleted, and the Mirror backup route does not exist. In fig. 10, after the node G fails, the locator route of the node G is deleted after the node in the network converges, the node C cannot trigger the mirrorfrr protection any more, and the traffic is lost before the head node VPN FRR is switched.

Problem 2, since Mirror protection is usually triggered at the intermediate node of the networking topology, this requires that the intermediate node also supports SRv6.

The embodiment of the application provides a method for realizing redundancy protection by using an SRv6 multi-network segment route, and by providing a locator with a low network segment prefix, each node in an anycast group allocates the respective locator under the locator with the low network segment prefix, so that a redundancy protection mechanism among different nodes in the anycast group can be realized, and the robustness of a network is increased. Particularly, in a CE dual-homed PE scene, the method can effectively avoid the defects of the current anycast and Mirror schemes, and more flexible network guarantee is realized. Where locator is a term in the SRv6 technology, the positioning information is translated into locator in the claims of the present application, and for convenience of description, in the following method embodiments, the term locator will be used for explanation.

Below, based on the system architecture 100, through embodiments one to five, how to implement redundancy protection by a locator of a low network segment prefix is exemplarily described. Among other things, embodiments present the logic of the control plane with emphasis on describing how to issue a locator. The second to fifth embodiments represent the logic of the data plane, and focus on describing how to forward the message by using a locator.

Example one

Referring to fig. 11, fig. 11 is a flowchart of a method for publishing routing information according to an embodiment of the present application, where an interaction subject of the method includes a first device, a second device, and a third device.

Embodiment one is suitable for the scenario of a CE dual-homed access PE or a CE multi-homed access PE. For example, the first device is a first PE device, the second device is a second PE device, and the third device is a P device. The first PE device and the second PE device are two PE devices with double-homing access of the CE device. For example, referring to fig. 12, the first PE device is PE3 in fig. 12, the second PE device is PE2 in the system architecture 100, and the third PE device is P1 in the system architecture 100. Alternatively, the first PE device is PE2 in the system architecture 100, the second PE device is PE3 in the system architecture 100, and the third device is P1 in the system architecture 100. By adopting the method, under the scene of CE dual-homing PE or CE multi-homing PE, redundancy protection can be realized among different PE devices through the locator with the low network segment prefix, and the different PE devices get rid of the harsh limitation of configuring the same VPN SID.

Exemplary, one embodiment includes the following S101 to S105.

S101, the first device obtains a first locator and a second locator.

In this embodiment, multiple locators with different prefix lengths may be configured or generated on the same device of the anycast group. Among all the locators on a device in an anycast group, there is one locator that is relatively longer for locating to the device itself and another locator that is relatively shorter for locating to the anycast group to which the device belongs. In the following, taking the example that the anycast group includes the first device and the second device as an example, in order to distinguish and describe different locators, the locator used for locating to the first device is referred to as a first locator, the locator used for locating to the anycast group is referred to as a second locator, and the locator used for locating to the second device is referred to as a third locator. The first locator is issued by the first device. The third locator is issued by the second device. The second locator is commonly issued by the first device and the second device.

This paragraph exemplifies the first locator. The first locator is used for indicating the address of the first device, and the address of the first device is located in the network segment range corresponding to the first locator. The network segment range corresponding to the first locator is within the network segment range corresponding to the second locator. Optionally, the length of the first locator is 64 bits, that is, the prefix length of the first locator is 64. For example, referring to fig. 12, the first device is PE2, the first locator is the locator of PE2, the locator of PE2 is 2013.

Optionally, after the first device obtains the first locator, the first device dynamically generates the VPN SID according to the first locator. How to dynamically generate the VPN SID includes multiple implementation manners, for example, the essence of the first locator is an IPv6 network segment, the first device allocates an IPv6 address in the IPv6 network segment, and uses the IPv6 address as the VPN SID. Wherein, the locator of the VPN SID is the first locator. The VPN SID is, for example, end.DT4.SID. For example, please refer to fig. 12, a locator of the high-segment prefix is configured on the pe2, for example, the locator is configured with the following components. The PE2 allocates an IPv6 address 2013 in the following ratio of 2013. By the mode, the first device can automatically generate the VPN SID by distributing the IPv6 address under the high network segment prefix of the first device, thereby supporting the dynamic generation of the VPN SID, getting rid of the complex operation of manually configuring the VPN SID by a user, improving the efficiency of deploying the VPN SID, and flexibly distributing the IPv6 address under the first locator as the VPN SID due to the fact that the harsh limitation of manually assigning the VPN SID is avoided, thereby improving the flexibility of deploying the VPN SID. Optionally, after generating the VPN SID, the first device stores the VPN SID in a local SID list, and issues the VPN SID through a routing protocol.

This paragraph illustrates an anycast group. An anycast group includes a first device and a second device, which may be understood as two members of the anycast group. Optionally, the anycast group includes two devices, namely, the first device and the second device, or includes other devices besides the first device and the second device. For example, in a scenario of a CE dual-homed access or multi-homed access PE, an anycast group includes each PE device accessed by the same CE device.

Optionally, the anycast group is configured as a redundant protection group, different devices in the anycast group protect each other, and when one device fails, traffic can be switched to other devices in the anycast group. For example, for a first device and a second device in an anycast group, the first device and the second device protect each other, and when the first device fails, the second device performs packet forwarding instead of the first device in a failure state. Similarly, when the second device fails, the first device replaces the second device in the failure state to forward the message. In a possible implementation, each device in the anycast group is configured with the same locator (e.g., the second locator in this embodiment) of the low network segment prefix, and each device in the anycast group issues the same anycast locator route (e.g., anycast route information in this embodiment) based on the locator of the low network segment prefix, so that the locator of the low network segment prefix is used to implement redundancy protection between different devices in the anycast group.

This paragraph exemplifies the second locator. The second locator is used to indicate the anycast address of the anycast group. Optionally, the length of the second locator is 63 bits, that is, the prefix length of the second locator is 63. For example, referring to fig. 12, the anycast group includes PE2 and PE3, the second locator is the locator on PE2 and PE3 as the anycast group, the second locator is 2013 00000000:/63, and the address of the first device and the address of the second device are located in the network segment range corresponding to the second locator.

The relationship between the first locator and the second locator is exemplarily explained below. For example, in a scenario of a PE with dual homing to a CE, the relationship between the first locator and the second locator is an example of a relationship between anycast locators of two PEs and a locator of one PE itself.

From the length perspective, the prefix length of the second locator is smaller than that of the first locator. Among the first locator and the second locator, the second locator is the locator of the low segment prefix, and the first locator is the locator of the high segment prefix. In other words, among the first and second locators, the second locator is a shorter locator and the first locator is a longer locator.

From a range perspective, the second locator can comprise the first locator. In other words, the network segment range corresponding to the second locator includes the network segment range corresponding to the first locator. Among the first locator and the second locator, the second locator is a locator with a larger range, the second locator can cover relatively more IPv6 addresses, and the first locator is a locator with a smaller range, the first locator can cover relatively less IPv6 addresses. For example, the second locator is 2013 00000000:: 0002/63, and the first locator is 2013 00000000.

Optionally, the second locator has the same high order bits as the first locator. For example, the prefix length of the first locator is M bits, and the first N bits of the first locator are the same as the first N bits of the second locator. Optionally, the prefix length of the second locator is N bits, and the prefix length difference between the first locator and the second locator is (M-N) bits, that is, the first locator includes the remaining (M-N) bits in addition to the first N bits that are the same as the second locator, where the (M-N) bits are not part of the second locator, and different values of the (M-N) bits can be used to distinguish different devices in the anycast group. Wherein N and M are integers. N is less than M.

In one possible implementation, after removing the last (M-N) bit of the first locator, the remaining part of the first locator is used as the second locator. For example, referring to fig. 12, the locator of the pe2 is 2013. Through the method, a simple and flexible implementation mode is provided for the locator of the anycast group, for example, in a scene that the CE is accessed into the PE in a dual-homing mode, the last bit of the respective locator of the PE is removed, and the locator of the anycast group consisting of two PEs can be obtained, so that the locator of the anycast group is simpler during planning and high in feasibility.

The manner how the first locator and the second locator are obtained includes many ways, for example, the first device generates the first locator and the second locator. For another example, the user performs a configuration operation on the first device, and the first device obtains the first locator and the second locator according to the configuration operation of the user. The embodiment is not limited to whether the locator is manually configured or generated by a machine.

S102, the first device issues the first network segment routing information and the anycast routing information of the anycast group.

Optionally, the network segment routing information is called a locator network segment route, and the first network segment routing information is called a locator network segment route corresponding to the first locator. Specifically, in the SRV6 field, after each device configures a locator, a locator network segment route is generated, and the device can be located through the locator network segment route, and all SIDs issued by the device can also be reached through the locator network segment route. In this embodiment, after the first device obtains the first locator, the first device generates the first segment routing information according to the first locator, and by publishing the first segment routing information, the other devices can be located to the first device through the first segment routing information, and meanwhile, the SID published by the first device can reach through the first segment routing information. The destination address of the first network segment routing information comprises a first locator.

Optionally, anycast routing information is referred to as anycast routing. Specifically, after the first device acquires the second locator, the anycast routing information is generated according to the second locator, and by issuing the anycast routing information, the other devices can be located to the anycast group through the anycast routing information. Wherein the destination address of the anycast routing information comprises a second locator.

It should be understood that, in this embodiment, the timing sequence of issuing the first segment routing information and issuing the anycast routing information is not limited. In some embodiments, the first network segment routing information may be issued first, and then the anycast routing information may be issued; or the anycast routing information can be issued first and then the first network segment routing information can be issued. In other embodiments, the first segment routing information and the anycast routing information may be distributed simultaneously.

There are many ways to implement how to distribute anycast routing information. For example, the first device issues a second locator and a flag field, and indicates that the second locator belongs to the anycast routing information through the value of the flag field. Taking an extension of an Intermediate System-to-Intermediate System (ISIS) protocol to SRv6 as an example, the implementation manner is, for example: three bits are defined in an Extended Reachability Attribute flag (Extended Reachability Attribute Flags) of IPv4 or IPv6, and a new bit is added for defining the currently issued IPv6 prefix as an anycast route. For example, referring to fig. 13, fig. 13 is an exemplary illustration of issuing anycast routing information, wherein a prefix attribute flag (prefix attribute flag) field includes a flag bit X, a flag bit R, and a flag bit N, and a flag bit a is added, where the flag bit a is used to identify that the IPv6 prefix (second locator) is a locator of an anycast group. In addition, when an Open Shortest Path First (OSPF) protocol is adopted, the implementation manner is similar to this.

S103, the second equipment acquires the first locator and the third locator.

This paragraph illustrates the third locator. The third locator is used for indicating the address of the second device, and the address of the second device is located in the network segment range corresponding to the third locator. The network segment range corresponding to the third locator is within the network segment range corresponding to the second locator. Optionally, the length of the third locator is 64 bits, that is, the prefix length of the third locator is 64. For example, referring to fig. 12, the second device is PE3, and the third locator is the locator of PE3, i.e. 2013.

Optionally, after the second device acquires the third locator, the VPN SID is dynamically generated according to the third locator. How to dynamically generate the VPN SID includes multiple implementation manners, for example, the essence of the third locator is an IPv6 network segment, the second device allocates an IPv6 address in the IPv6 network segment, and the IPv6 address is used as the VPN SID. Wherein, the locator of the VPN SID is the third locator. The VPN SID is, for example, end.DT4.SID. For example, please refer to fig. 12, a locator of the high-segment prefix is configured on the pe3, for example, the locator is configured with the following reference numerals 2013. The PE3 allocates an IPv6 address 2013 in the following location of 2013. In this way, the second device can automatically generate the VPN SID by allocating the IPv6 address under the high network segment prefix of the second device, thereby supporting the dynamic generation of the VPN SID, getting rid of the complex operation of manually configuring the VPN SID by a user, improving the efficiency of deploying the VPN SID, and flexibly allocating the IPv6 address under the third locator as the VPN SID due to the avoidance of the harsh limitation of manually assigning the VPN SID, thereby improving the flexibility of deploying the VPN SID. Optionally, after generating the VPN SID, the second device stores the VPN SID in a local SID list, and issues the VPN SID through a routing protocol.

Optionally, the VPN SID issued by the first device and the VPN SID issued by the second device may be different, where the VPN SID issued by the first device includes a first locator, and the VPN SID issued by the second device includes a third locator. For example, referring to fig. 12, pe2 assigns a VPN SID at 2013; the PE3 allocates the VPN SID under 2013. By analogy, different devices in the same anycast group allocate the corresponding locators of the high network segment prefixes under the locator of the same low network segment prefix, and different devices in the same anycast group allocate the VPN SID under the corresponding locators of the high network segment prefixes respectively, so that the function of issuing different VPN SIDs by different devices is realized. Therefore, the embodiment provides a plurality of locators with different prefix lengths, breaks through the harsh limitation that each device in the same anycast group must guarantee the same VPN SID when issuing the VPN SID, solves various defects that the same VPN SID is assigned to face, and can still realize the function of redundancy protection. Please refer to the fourth and fifth embodiments below, wherein, how to implement the flow forwarding in the case of a failure by using a plurality of locators with different prefix lengths.

The relationship between the third locator and the second locator is exemplified below.

From the length perspective, the prefix length of the second locator is smaller than that of the third locator. Among the third locator and the second locator, the second locator is the locator of the low segment prefix, and the third locator is the locator of the high segment prefix. In other words, among the third and second locators, the second locator is a shorter locator, and the third locator is a longer locator.

From a range perspective, the second locator can comprise a third locator. In other words, the network segment range corresponding to the second locator includes the network segment range corresponding to the third locator. Among the third and second locators, the second locator is a locator with a larger range, the second locator can cover relatively more IPv6 addresses, and the third locator is a locator with a smaller range, and the third locator can cover relatively less IPv6 addresses. For example, the second locator is 2013 00000000:: 0002/63, and the third locator is 2013 00000000.

Optionally, the high order bits of the second locator and the third locator are the same. For example, the prefix length of the third locator is M bits, and the first N bits of the third locator are the same as the first N bits of the second locator. Optionally, the length of the second locator is N bits, and the length difference between the third locator and the second locator is (M-N) bits, that is, the third locator includes the remaining (M-N) bits in addition to the first N bits that are the same as the second locator, and the (M-N) bits are not part of the second locator, and different values of the (M-N) bits can be used to distinguish different devices in the anycast group. Wherein N and M are integers. N is less than M.

In one possible implementation, after removing the (M-N) bit at the end of the third locator, the remaining part of the third locator is used as the second locator. For example, referring to fig. 12, the locator of the pe3 is 2013. Through the method, a simple and flexible implementation mode is provided for the locator of the anycast group, for example, in a scene that the CE is dually accessed into the PE, the last bit of the locator of the PE is removed, and the locator of the anycast group consisting of the two PEs can be obtained, so that the locator of the anycast group is simpler in planning and high in feasibility.

This paragraph exemplifies the relationship between the third locator and the first locator. For example, in a scenario of a PE with dual homing to a CE, the relationship between the first locator and the second locator is an example of a relationship between the respective locators of two PEs. For example, the prefix length of the third locator is equal to the prefix length of the first locator. In other words, the first locator and the third locator are equally long, for example, the first locator and the third locator are both 64 bits.

Optionally, the third locator has the same high order bits as the first locator. For example, the prefix length of the first locator is M bits, the prefix length of the third locator is also M bits, and the first N bits of the first locator are the same as the first N bits of the third locator. For example, the first N bit of the first locator and the first N bit of the third locator are both the second locator. Optionally, the (M-N) bit at the end of the third locator is different from the (M-N) bit at the end of the first locator.

Whether the second locator is shorter than the first or third locator includes multiple cases, in other words, the difference in length between the locator of the anycast group and the locators of the devices themselves in the anycast group includes multiple cases. The following is exemplified by implementation one through implementation two.

In the first implementation manner, the prefix length of the second locator is 1 less than that of the first locator, and the prefix length of the second locator is 1 less than that of the third locator. In other words, the second locator is 1 bit shorter than both the first and third locators. For example, the second locator is 63 bits long, and the first and third locators are 64 bits long, which is 1 bit shorter than the third locator. In the first implementation manner, the last bit of the first locator is different from the last bit of the third locator, the other bits of the first locator except the last bit are the same as the other bits of the third locator except the last bit, and the first locator and the third locator can be distinguished by the value of the last bit of the two locators. For example, the first locator and the third locator are both 64 bits. The first 63 bits of the first locator are the same as the first 63 bits of the third locator, and the 64 th bit of the first locator is different from the 64 th bit of the third locator. For example, referring to fig. 12, the locator of pe2 is 2013 0000.

This paragraph exemplifies an application scenario of the first implementation. The first implementation mode is suitable for being applied to a scenario in which two devices in an anycast group are mutually protected, such as a scenario in which a CE dual-homed access PE is used. Specifically, when two devices are mutually protected, different locators may be allocated for the two devices within the range of the second locator. For example, the high order bits of the locators of the two devices are configured to be the same, the last bit of the locator of one device is configured to be 1, and the last bit of the locator of the other device is configured to be 0, so that the locators of the two devices are distinguished by whether the last bit is 1 or 0. Therefore, when two devices are both normal, other devices (such as P devices) in the network can determine which device to forward the packet to according to the route matching between the locator of the destination address and the locator of which device in the two devices, and when one device in the two devices fails, the packet can be forwarded to the device that has not failed according to the locator of the destination address and the second locator, so that the two devices can not only realize redundancy protection through the second locator, but also respectively undertake the task of traffic forwarding through the respective corresponding locators, for example, respectively send the packet to the CE device, thereby sharing the load.

In the second implementation manner, the prefix length of the second locator is 2 less than that of the first locator, and the prefix length of the second locator is 2 less than that of the third locator. In other words, the second locator is 2 bits shorter than both the first and third locators. For example, the second locator is 62 bits long, the first and third locators are 64 bits long, and the second locator is 2 bits shorter than the third locator. In the first implementation manner, the last 2 bits of the first locator are different from the last 2 bits of the third locator, the other bits except the last 2 bits in the first locator are the same as the other bits except the last 2 bits in the third locator, and the first locator and the third locator can be distinguished by the value of the last 2 bits of the two locators.

This paragraph exemplifies an application scenario of the second implementation. The second implementation is suitable for being applied to a scenario in which three or four devices in an anycast group are protected from each other, such as a scenario in which a CE multi-homed access PE is provided. For example, when four devices are mutually protected, two devices may be assigned different locators within the range of the second locator. For example, the high order bits of the locators of the four devices are configured to be the same, the last 2 bits of the locator of the device 1 are configured to be 00, the last 2 bits of the locator of the device 2 are configured to be 01, the last 2 bits of the locator of the device 3 are configured to be 10, and the last 2 bits of the locator of the device 4 are configured to be 11, so that the locators of the 4 devices are distinguished by the values of the last 2 bits.

It should be understood that the above-described first to second implementations are only optional, not necessarily optional. In other embodiments, the prefix length of the second locator is 3 or more values less than the prefix length of the first or third locator. For example, the anycast group includes the first device, a second device, and a second locator containing a locator located to the other device. And by analogy, if the anycast group includes P devices, each device in the P devices allocates its own locator within the range of the second locator, thereby implementing redundancy protection of the P devices. Wherein P is a positive integer greater than or equal to 2.

S104, the second device issues the second network segment routing information and the anycast routing information of the anycast group.

Optionally, the network segment routing information is called a locator network segment route, and the second network segment routing information is called a locator network segment route corresponding to the third locator. In this embodiment, after the second device obtains the third locator, the second device may generate the second segment routing information according to the third locator, and by publishing the second segment routing information, other devices may be located to the second device through the second segment routing information, and the SID published by the second device may arrive through the second segment routing information. And the destination address of the second network segment routing information comprises a third locator. S104 and S102 have the same principle, please refer to S102 for technical details.

S105, the third device receives the first network segment routing information issued by the first device, the second network segment routing information issued by the second device, and the anycast routing information of the anycast group issued by the first device and the second device, and stores the first network segment routing information, the second network segment routing information and the anycast routing information of the anycast group in the local routing information.

The local routing information is, for example, a routing forwarding table stored by the third device, such as an IPv6 routing forwarding table. The local routing information includes one or more routing entries, each routing entry including at least one of a destination address, an egress interface, a next hop, and a cost (cost). The first network segment routing information, the second network segment routing information, and the anycast routing information of the anycast group may be three routing entries in the local routing information.

Through S105, the plurality of locators with different prefix lengths may be stored in the local routing information of the third device, and the third device may subsequently forward the packet by using the locator stored in the local routing information. For example, before PE2 fails, the routing table of P1 stores the network segment routing information of PE2, the network segment routing information of PE3, and the anycast routing information of the anycast group. When PE2 and PE3 are normal, when P1 receives the message sent to PE2, P1 matches the network segment routing information of PE2 according to the destination address of the message, and when P1 receives the message sent to PE3, P1 matches the network segment routing information of PE3 according to the destination address of the message. When PE2 is in fault, when P1 receives a message sent to PE2, P1 matches anycast routing information of the anycast group according to a destination address of the message, and then P1 forwards the message to PE3 according to the anycast routing information of the anycast group. When PE3 is in fault, when P1 receives a message sent to PE3, P1 matches anycast routing information of the anycast group according to a destination address of the message, and then P1 forwards the message to PE2 according to the anycast routing information of the anycast group.

The method provided in this embodiment provides a plurality of locators with different prefix lengths, uses the locator with the low network segment prefix as the locator for locating to the anycast group, allocates the locator with the high network segment prefix to each device of the anycast group within the network segment range of the locator with the low network segment prefix, and uses the locator with the high network segment prefix of each device as the locator for locating to the corresponding device. Through the ingenious design of the locator, if the equipment in the anycast group is in failure, the locator of the low network segment prefix can be utilized to guide the flow to other equipment which is not in failure in the anycast group, the other equipment replaces the failure equipment to forward the flow, so that the function of redundancy protection is realized, different equipment in the anycast group gets rid of the harsh limitation that the configured VPN SID must be the same, the dynamic generation of the VPN SID can be supported, different equipment in the anycast group can dynamically generate different VPN SIDs under the respective locator of the high network segment prefix, so that the constraint on network planning is reduced, the difficulty of network deployment is reduced, the flexibility of issuing the VPN SID is improved, the problem of influencing VPN convergence is facilitated, and the problem of flow bypassing is solved. Therefore, the method can increase the robustness of the network and realize more flexible network guarantee.

The first embodiment introduces a procedure of issuing a locator, and through the first embodiment, the locators with different prefix lengths can be stored in the local routing information of the device. The following describes, by way of example two to example five, a flow for forwarding a packet based on a locator. In a possible implementation, the message forwarded in the second to fifth embodiments is an SRv6 message, the format of the message forwarded in the second to fifth embodiments refers to the above description of the SRv6 message, the forwarding process in the second to fifth embodiments is implemented based on the SRv6 technology, and the technical principle of the SRv6 refers to the above description of the SRv6 technology.

The following second and third embodiments describe a scenario in which the first device and the second device do not malfunction. In other words, the second embodiment and the third embodiment relate to how to forward the message by using the issued locator when the device in the anycast group does not fail.

The second embodiment takes a scenario in which the third device forwards a packet to the first device as an example. In other words, the second embodiment describes how to forward the packet to the first device by using the first locator pre-issued by the first device. It should be understood that the steps of the second embodiment that are the same as those of the first embodiment are also referred to in the first embodiment, and are not described in detail in the second embodiment.

Example two

Referring to fig. 14, fig. 14 is a flowchart of a method for forwarding a packet according to an embodiment of the present application, where an interaction subject of the method includes a first device, a second device, and a third device. An embodiment two includes S201 to S205.

S201, the third equipment receives the message.

The destination address of the packet in S201 includes a first locator. For example, referring to fig. 1, the message received by the third device is an SRv6 message, the SRv6 message includes an outer IPv6 header, the outer IPv6 header includes a DA field, a value of the DA field is an SID, the SID is a SID local to the first device, and the SID is issued by the first device in advance. The SID may be a VPN SID dynamically generated by the first device. The locator of the SID is the first locator.

S202, the third device inquires the routing information which is longest matched with the destination address of the message from the local routing information to obtain the first network segment routing information.

Under the condition that the first device and the second device are both normal, the local routing information of the third device stores routing information of a high network segment prefix and routing information of a low network segment prefix, wherein the routing information of the high network segment prefix comprises first network segment routing information used for positioning to the first device and second network segment routing information used for positioning to the second device, and the routing information of the low network segment prefix is anycast routing information used for positioning to an anycast group.

When the third device receives a message to be sent to the first device, the third device queries local routing information and matches a destination address of the message with each routing entry in the local routing information. In the matching process, the third device determines that the first network segment routing information is matched with the destination address of the message, and the anycast routing information is also matched with the destination address of the message. Under the condition that the two routing entries of the first network segment routing information and the anycast routing information are matched, the network prefix of the first network segment routing information is longer in the first network segment routing information and the anycast routing information, so that the first network segment routing information is the routing information which is matched with the destination address longest. Then, the third device selects the first network segment routing information as a matching entry of the destination address of the packet from the first network segment routing information and the anycast routing information according to the longest matching principle.

For example, referring to fig. 12, when PE2 is normal, the routing table of P1 is shown in table 2 below, where table 2 shows the first segment routing information and the anycast routing information, and the second segment routing information is not shown in table 1. The first segment information is, for example, routing information with a prefix length of 64 bits for routing to PE2, and the anycast routing information is, for example, routing information with a prefix length of 63 bits for routing to an anycast group. If under the condition that the PE2 is normal, the P1 receives a packet, the P1 reads a DA field of the packet, determines that the value of the DA field is 2013. Specifically, P1 decrements the value of the SL field, so that the value of the SL field changes from 1 to 0. Because SL is decreased to 0, P1 pops up the SRH extension header, and P1 modifies the value of the DA field of the outer IPv6, so that the value of the DA field is updated to the SRv6 end.dt4SID allocated to the VRF by the PE2 node. Then the packet is forwarded to PE2 node along the shortest path of P1- > PE2.

TABLE 2

When a device in the anycast group does not fail, the egress interface and the next hop in the anycast routing information stored by the third device may include multiple situations. In particular, there may be multiple paths from the third device to the anycast group, e.g., if N devices are included in the anycast group, there may be one or more paths between the third device and each of the N devices. The third device may determine a cost value of each path to the anycast group, select a path with a minimum cost value from each path to the anycast group, use a next hop corresponding to the path with the minimum cost value as a next hop in the anycast routing information, and use an egress interface corresponding to the path with the minimum cost value as an egress interface in the anycast routing information. For example, referring to FIG. 12 and Table 2, where an anycast group includes PE2 and PE3, and when PE2 and PE3 are not failed, there are two paths for P1 to reach the anycast group, one path is P1 → PE2, and the cost value of the path P1 → PE2 is 10. The cost value of the other path is P1 → P2 → PE3, and P1 → P2 → PE3 is 20, then since the cost value of P1 → PE2 is smaller, the next hop of the anycast routing information is PE2, and the egress interface of the anycast routing information is from the egress interface for sending to PE2. 2013 of the low network segment prefix.

S203, the third device sends a message to the first device according to the first network segment routing information.

The third device may send the message according to the outgoing interface and the next hop in the first network segment routing information, so as to forward the message to the first device.

S204, the first equipment receives the message.

S205, the first equipment sends the message according to the destination address.

Optionally, the first device is a first PE device, the destination address of the packet is a VPN SID issued by the first PE device, the locator of the VPN SID is a first locator, the first PE device queries a local SID table according to the destination address, matches the destination address with a SID in the local SID table, determines that the destination address matches the VPN SID, and executes a forwarding behavior corresponding to the VPN SID. For example, the destination address of the message is end.dt4SID issued by the first PE device, and the first PE device decapsulates the message according to the end.dt4SID, that is, pops up the SRH of the message to obtain an original message, and sends the message to the CE device according to the destination address in the original message.

The method provided in this embodiment provides a plurality of locators with different prefix lengths, uses the locator with the low network segment prefix as the locator for locating to the anycast group, allocates the locator with the high network segment prefix to each device of the anycast group within the network segment range of the locator with the low network segment prefix, and uses the locator with the high network segment prefix of each device as the locator for locating to the corresponding device. By skillfully designing the locator, for the device in the anycast group, under the condition that the device is normal, if the locator of the destination address of the message is the locator of the device, the locator of the prefix of the high network segment can be matched according to the longest matching rule, so that the message is forwarded to the device. Under the condition that the equipment is normal, the method is helpful for forwarding the traffic to the destination end along the shortest path, and the condition of normal bypassing is avoided, so that the forwarding time delay is reduced.

The second embodiment describes a scenario in which the third device forwards the packet to the first device, and the third embodiment describes a scenario in which the third device forwards the packet to the second device. In other words, the third embodiment describes how to forward the packet to the second device by using the third locator pre-issued by the second device. It should be understood that the steps in the third embodiment that are similar to those in the second embodiment are also referred to in the second embodiment, and are not described in detail in the third embodiment.

EXAMPLE III

Referring to fig. 15, fig. 15 is a flowchart of a method for forwarding a packet according to an embodiment of the present application, where an interaction subject of the method includes a first device, a second device, and a third device.

S301, the third device receives the message.

The destination address of the packet in S301 includes a third locator. For example, referring to fig. 1, the message received by the third device is an SRv6 message, where the SRv6 message includes an outer IPv6 header, the outer IPv6 header includes a DA field, a value of the DA field is an SID, the SID is a SID local to the second device, and the SID is issued by the second device in advance. The SID may be a VPN SID dynamically generated by the second device. The locator of the SID is the third locator.

S302, the third device inquires the routing information which is longest matched with the destination address of the message from the local routing information to obtain the second network segment routing information.

And S303, the third equipment sends a message to the second equipment according to the second network segment routing information.

S304, the second device receives the message.

S305, the second equipment sends the message according to the destination address.

The second embodiment and the third embodiment describe a flow forwarding process when the device in the anycast group does not fail, and the fourth embodiment and the fifth embodiment describe a scenario when the device in the anycast group fails. In other words, embodiment four and embodiment five pertain to how to protect the normal forwarding of traffic after a failure of a device in an anycast group. It should be understood that the steps in the fourth embodiment and the fifth embodiment that are processed together with the first embodiment are also referred to in the first embodiment, and are not described in detail in the fourth embodiment and the fifth embodiment.

The following fourth embodiment describes a scenario in which the first device fails. In other words, the fourth embodiment relates to how to avoid packet loss of traffic after the failure of the first device, thereby implementing redundant protection on the first device.

Example four

Referring to fig. 16, fig. 16 is a flowchart of a method for forwarding a packet according to an embodiment of the present application, where an interaction subject of the method includes a second device and a third device. Exemplarily, the fourth embodiment includes the following S401 to S407.

S401, the third equipment determines that the first equipment fails.

For example, the third device determines that the first device has a node failure, and for example, the third device determines that the link to the first device has a failure, and this embodiment does not limit whether the failure is a node failure or a link failure.

S402, responding to the first equipment failure, the third equipment deletes the first network segment routing information issued by the first equipment from the local routing information.

After the first device fails, the third device performs route convergence, and in the process of route convergence, the third device deletes the first network segment routing information, so that the local routing information does not store the first network segment routing information any more, but the local routing information still stores anycast routing information. In other words, after the third device route converges, the local routing information lacks routing information for locating high segment prefixes to the first device, but still includes anycast routing information for low segment prefixes.

For example, referring to fig. 17, in the process of forwarding a packet, if a link to PE2 fails or a node failure occurs in PE2, P1 deletes the locator route to PE2 in the process of route convergence. For example, referring to the following table 3, the P1 node deletes 64-bit 2013 00000000 of the PE2 node.

TABLE 3

IPv6 destination address	Outlet interface	Next hop	cost
				2013:0000:0000:0002::/63	P1->P2 output interface	P2	30

Optionally, the third device updates the anycast routing information after the failure of the first device. For example, in the process of route convergence, the third device updates the next hop of the anycast route information from the first device to the second device, and updates the outgoing interface of the anycast route information from the outgoing interface for sending to the first device to the outgoing interface for sending to the second device.

For example, referring to fig. 17, since PE2 has failed, after the route converges, P1 considers that the closest path to the anycast group is no longer P1 → PE2, but P1 → P2 → PE3, so that the next hop is updated from PE2 to P2, so as to forward the packet to PE3 through P2. For example, referring to table 2 and table 3 above, after the P1 route converges, the next hop of the route 2013.

S403, the third device receives the message.

The message forwarded in the fourth embodiment is, for example, an SRv6 message. The destination address of the message includes a first locator, and the first locator is used for indicating the address of the first device. For example, the first device is a first PE device, the destination address of the packet is a VPN SID issued by the first PE device, and the locator of the VPN SID is a first locator. For example, referring to fig. 17, the destination address of the packet received by P1 is the VPN SID issued by PE2, and the locator of the VPN SID is a 64-bit locator issued by PE2.

S404, the third equipment inquires the routing information which is longest matched with the destination address of the message from the local routing information to obtain the anycast routing information of the anycast group.

The third device deletes the first network segment routing information, so that the local routing information does not include the first network segment routing information, the third device queries the local routing information according to the longest matching principle, the local routing information cannot be matched with the first network segment routing information, but can be matched with the anycast routing information, and the third device forwards the message to the second device according to the anycast routing information, so that the normal operation of a forwarding process is ensured.

For example, referring to fig. 17, P1 receives a packet, and a value of a DA field of the packet is a VPN SID issued by PE2, for example, 2013.

S405, the third equipment sends a message to the second equipment according to the anycast routing information.

S406, the second device receives the message.

And S407, the second equipment sends the message according to the destination address of the message.

In a possible implementation, the first device is a first PE device, the second device is a second PE device, and the first PE device and the second PE device are dually connected to the CE device. The first PE device may learn private network routing information from the CE device, the first PE device transmitting the private network routing information of the CE device to the second PE device, the private network routing information including the VPN SID. The second PE device receives the private network routing information and stores the VPN SID in the local routing information of the second PE device. After the first PE device fails, if the second PE device receives the message and the destination address of the message includes the VPN SID, the second PE device can send the message to the CE device according to the VPN SID and the private network routing information of the CE device. The VPN SID is a local SID of the first PE device, and the VPN SID includes a first locator. And for the second PE device, the VPN SID is not a SID local to the second PE device, and optionally, the VPN SID is denoted as a remote SID (remote SID) on the second PE device.

The remote SID is a concept opposite to a local SID (local SID), a locator of the remote SID is used for locating to a remote device, the remote SID is issued by the remote device, and the remote SID can be configured on the remote device in advance. To clearly illustrate the concept of the far-end SID, see fig. 17, for 2013. After PE2 sends 2013. 2013. Similarly, for the 2013. After PE3 sends 2013. But 2013.

The VPN SID is, for example, an end.DT4 SID. For example, the VPN SID is configured to send a packet to the CE device, and the private network routing information may further include an RD (Route distribution) attribute, an RT (Route Target) attribute, and a next hop. The private network routing information includes at least one of IPv4 routing information and IPv6 routing information.

How the first PE device transmits private network routing information of the CE device includes various implementations. In one possible implementation, the first PE device sends private network routing information in a far-end interleaved manner. Specifically, a first PE device and a second PE device establish a BGP neighbor relation, and the first PE device reads private network routing information from a local VPN instance routing table; the first PE equipment converts private network routing information into BGP VPN routing; and the first PE equipment distributes the BGP VPN route to the second PE equipment through a BGP neighbor relation.

How the second PE device stores the private network routing information sent from the first PE device includes various implementations. In a possible implementation, the second PE device copies the private network routing information sent by the first PE device to the VPN instance routing table in a far-end crossing manner. For example, the VPN instance routing table of the second PE device includes primary routing information and standby routing information, the primary routing information being routing information learned by the second PE device from the CE device, and the standby routing information being private network routing information sent by the first PE device.

How the second PE device saves the VPN SID sent from the first PE device includes various implementations. The following is exemplified by implementation a to implementation b.

In implementation a, the second PE device stores the VPN SID sent by the first PE device in the local SID table.

The local SID list includes a far end tag, which is used to distinguish the local SID from the far end SID, and the far end tag is denoted as an R tag, for example. The value of the far-end mark corresponding to the far-end SID in the local SID table is different from the value of the far-end mark of the local SID. For example, the far end flag corresponding to the far end SID is set, and the far end flag of the local SID is not set. After receiving the VPN SID sent by the first PE device, the second PE device may not only store the VPN SID in the local SID list, but also set the remote flag corresponding to the VPN SID, thereby identifying that the VPN SID is a remote SID.

In implementation b, the second PE device stores the VPN SID sent by the first PE device in the far-end SID list.

The far-end SID table is different from the local SID table, and the far-end SID table is used for storing the far-end SID. Optionally, the far-end SID list is a routing list dedicated to holding far-end SIDs, and the far-end SID list does not include local SIDs of the second PE device.

How the second PE device forwards the packet to the CE device includes various implementation manners. The following is exemplified by implementation I to implementation II.

The implementation mode I is that the message is forwarded by inquiring the local SID table.

When the first PE equipment fails, after the second PE equipment receives a message with a destination address including a VPN SID, the second PE equipment inquires a local SID table according to the VPN SID, and if the VPN SID hits a far-end SID in the local SID table, the second PE equipment sends the message to the CE equipment according to the far-end SID;

for example, in combination with the description of implementation a above, when the first PE device sends the RT attribute, the RD attribute, and the next hop to the second PE device based on the SRv6VPN SID in a far-end intersection manner, the second PE device intersects the SRv6VPN SID into the local SID table or the FIB table. And the second PE device sets the far-end mark, establishes the association relation between the far-end SRv6VPN SID and the ID of the crossed local private network routing table, and the crossed local private network routing table stores the private network routing sent by the first PE device in a far-end crossed mode. When the first PE equipment fails and a message to be sent to the first PE equipment is sent to the second PE equipment, the second PE equipment inquires a local SID table or an FIB table according to a destination address of the message, determines that the destination address hits a remote SRv6VPN SID and identifies that the SID type is an end.DT4 type, and executes an action corresponding to the end.DT4, so that the message is forwarded.

And the implementation mode II is that the message is forwarded by inquiring the SID table at the far end.

When the first PE device is in fault, after the second PE device receives the message with the destination address including the VPN SID, the second PE device inquires a far-end SID table according to the VPN SID, if the VPN SID hits the far-end SID in the far-end SID table, the message is sent to the CE device according to the far-end SID, and the far-end SID table is used for storing the far-end SID.

For example, with reference to the description of the foregoing implementation b, when the first PE device sends the RT attribute, the RD attribute, and the next hop to the second PE device based on the SRv6VPN SID in a far-end crossing manner, the second PE device stores the far-end crossed SRv6VPN SID in the far-end SID table, and establishes an association relationship between the far-end SRv6VPN SID and the ID of the crossed local private network routing table; when the first PE equipment fails and a message to be sent to the first PE equipment is sent to the second PE equipment, the second PE equipment queries a local SID table or an FIB table according to a destination address of the message, determines that the destination address does not hit the local SID table and the FIB table, the second PE equipment continues to query the remote SID table, determines that the destination address hits an SRv6VPN SID in the remote SID table, identifies that the SID type is an end.DT4 type, and executes an action corresponding to the end.DT4, so that the message is forwarded. Of course, it is illustrated that querying the local SID list or the FIB list first and then querying the remote SID list, the second PE device may also query the remote SID list first, and query the local SID list or the FIB list if the remote SID list is missed, which does not limit the timing sequence for querying the local SID list and the remote SID list in this embodiment.

Executing the action corresponding to the end.DT4 comprises the following steps: the second PE device pops out an IPV6 message header of an outer layer from the message, exposes the original message, searches a VPN example routing table according to a destination address of the original message, and forwards the message according to a hit output interface and a next hop in the VPN example routing table. The second PE device may find the primary route information and the backup route information for reaching the CE device, and the second PE device may forward the packet according to the primary route information.

By synthesizing the various implementation manners described above, for example, referring to fig. 18, taking the first PE device as PE2 and the second PE device as PE3 as an example, because PE2 and PE3 are a pair of PEs in which CE is dually homed, a BGP neighbor relationship is established between PE2 and PE3, and PE2 converts the private network IPv4 route of the local VPN instance routing table into a BGP VPNv4 route, and issues the BGP neighbor relationship to PE3. Wherein, the BGP VPNv4 route carries SRv6VPN SID attribute, namely end.dt4SID of VPN instance. In addition, the BGP VPNv4 route may also carry RT/RD, next hop, etc. After receiving the VPNv4 route, the PE3 crosses the VPNv4 route to a local corresponding VPN instance routing table vrrf 1, and in a possible implementation, for an SRv6VPN SID carried by a remote cross route in a process of processing the remote cross route by the PE3, a PE3 node generates an association relationship between the remote SRv6VPN SID and a VRF index in a local SID table or FIB. In another possible implementation, PE3 generates a far-end SID table, where the far-end SRv6VPN SID is stored. Because the interface of PE3 connecting CE1 is also bound with VRF1, two main/standby forwarding table entries will be formed in the private network routing table. The route learned from CE1 is the primary route, the route sent by BGP is the backup route, and PE3 records the mapping relationship between end.dt4SID and VPN instance route table vrf1 in the local FIB table. When a message carrying DA of a PE2 node and taking the DA as an end.DT4SID reaches a PE3 node, the PE3 inquires an FIB table, identifies a far-end VPN SID crossed by the DA private network route, and a PE3pop drops an outer-layer IPv6 message header to enable the message to expose an original IPv4 message, then the PE3 searches a VPN route example table vrf1 crossed by the end.dt4SID by using a destination address 1.1..1.1 of the IPv4 message, at the moment, the PE3 searches two route table items reaching the CE1, wherein one route table item is a main route and the other route table item is a standby route, and forwards the message to the CE side according to an outlet interface/next hop searched by the main route.

The method provided in this embodiment provides a plurality of locators with different prefix lengths, uses the locator with the low network segment prefix as the locator for locating to the anycast group, allocates the locator with the high network segment prefix to each device of the anycast group within the network segment range of the locator with the low network segment prefix, and uses the locator with the high network segment prefix of each device as the locator for locating to the corresponding device. By skillfully designing the locator, for the device in the anycast group, under the condition that the device fails, if the locator of the destination address of the message is the locator of the device with the failure, because the router segment route issued by the failure device is deleted after the route convergence, the locator with the low network segment prefix is matched according to the longest matching rule, and the message is forwarded to other devices in the anycast group according to the locator with the low network segment prefix. Therefore, the flow of the fault equipment can be guided to other equipment, so that the normal forwarding of the flow is protected, the problem of flow packet loss after route convergence after the fault is avoided, a redundancy protection mechanism among a plurality of equipment is realized, and the robustness of the network is increased. In particular, the method can be applied to a network in which the CE device is multi-homed to access the PE device, wherein the PE devices accessed by the same CE device form an anycast group, and the PE devices share the locator with the low network segment prefix and are respectively configured with the locators with the high network segment prefixes. Then, when one PE device fails, the destination address is matched to the locator of the low network segment prefix, so that the traffic is forwarded to other PE devices, thereby implementing mutual protection among multiple PE devices.

In addition, the method breaks the limitation that the VPN SID issued by each device in the anycast group must be the same, and different devices in the anycast group can dynamically generate different VPN SIDs at the locators of the respective high network segment prefixes and issue different VPN SIDs, thereby being beneficial to VPN convergence.

The fourth embodiment described above introduces a scenario in which the first device fails, and the fifth embodiment described below describes a scenario in which the second device fails. In other words, the fifth embodiment relates to how to avoid packet loss of traffic after the second device fails, so as to implement redundancy protection for the second device.

EXAMPLE five

Referring to fig. 19, fig. 19 is a flowchart of a method for forwarding a packet according to an embodiment of the present application, where an interaction subject of the method includes a second device and a third device. Exemplarily, embodiment five includes the following S501 to S505. Exemplarily, embodiment five includes the following S501 to S505. Wherein S501 and S401 are the same, S502 and S402 are the same, S503 and S403 are the same, S504 and S404 are the same, and S505 and S405 are the same, and please refer to the fourth embodiment for technical details not shown in the fifth embodiment.

S501, the third equipment determines that the second equipment fails.

For example, the third device determines that the second device has a node failure, and for example, the third device determines that a link to the second device has a failure, and this embodiment does not limit whether the failure is a node failure or a link failure.

S502, in response to the second device failing, the third device deletes the second network segment routing information issued by the second device from the local routing information.

And after the second equipment fails, the third equipment performs route convergence, and deletes the second network segment routing information in the route convergence process, so that the local routing information does not store the second network segment routing information any more, but the local routing information still stores anycast routing information. In other words, after the third device route converges, the local routing information lacks routing information for locating the high segment prefix to the second device, but still includes anycast routing information for the low segment prefix. For example, referring to fig. 17, in the process of forwarding a packet, if a link to PE3 fails or a node failure occurs in PE3, P1 deletes the locator route to PE3 in the process of route convergence.

Optionally, the third device updates the anycast routing information after the failure of the second device. For example, in the process of route convergence, the third device updates the next hop of the anycast route information from the second device to the first device, and updates the outgoing interface of the anycast route information from the outgoing interface for sending to the second device to the outgoing interface for sending to the first device.

S503, the third equipment receives the message.

In the fifth embodiment, the forwarded message is, for example, an SRv6 message. The destination address of the message includes a third locator, and the third locator is used for indicating the address of the second device. For example, the second device is a second PE device, the destination address of the packet is a VPN SID issued by the second PE device, and the locator of the VPN SID is a third locator. For example, referring to fig. 18, the destination address of the packet received by P1 is the VPN SID issued by PE3, and the locator of the VPN SID is a 64-bit locator issued by PE3.

S504, the third device inquires the routing information which is longest matched with the destination address of the message from the local routing information to obtain the anycast routing information of the anycast group.

The third device deletes the second network segment routing information, so that the local routing information does not include the second network segment routing information, the third device queries the local routing information according to the longest matching principle, the second network segment routing information cannot be matched, the third device can be matched with the anycast routing information, and the third device forwards the message to the first device according to the anycast routing information, so that the normal forwarding process is ensured.

And S505, the third equipment sends a message to the first equipment according to the anycast routing information.

S506, the first device receives the message.

And S507, the first equipment sends the message according to the destination address of the message.

In a possible implementation, the first device is a first PE device, the second PE device is a second PE device, and the first PE device and the second PE device are dually connected to the CE device. The second PE device may learn private network routing information from the CE device, the second PE device transmitting the private network routing information of the CE device to the first PE device, the private network routing information including the VPN SID. The VPN SID is a SID local to the second PE device. The first PE device receives private network routing information and saves the VPN SID in local routing information of the first PE device. After the second PE device fails, if the first PE device receives the message and the destination address of the message includes the VPN SID, the first PE device can send the message to the CE device according to the VPN SID and the private network routing information of the CE device.

The method provided in this embodiment provides a plurality of locators with different prefix lengths, uses the locator with the low network segment prefix as the locator for locating to the anycast group, allocates the locator with the high network segment prefix to each device of the anycast group within the network segment range of the locator with the low network segment prefix, and uses the locator with the high network segment prefix of each device as the locator for locating to the corresponding device. By skillfully designing the locator, for the device in the anycast group, under the condition that the device fails, if the locator of the destination address of the message is the locator of the failed device, because the router network segment route issued by the failed device is deleted after the route is converged, the locator with the low network segment prefix is matched according to the longest matching rule, and the message is forwarded to other devices in the anycast group according to the locator with the low network segment prefix. Therefore, the flow of the fault equipment can be guided to other equipment, so that the normal forwarding of the flow is protected, the problem of flow packet loss after route convergence after the fault is avoided, a redundancy protection mechanism among a plurality of equipment is realized, and the robustness of the network is increased. In particular, the method can be applied to a network in which a CE device is multi-homed to access a PE device, and a plurality of PE devices accessed by the same CE device form an anycast group, and the plurality of PE devices share a locator with a low network segment prefix and are respectively configured with the locators with respective high network segment prefixes. Then, when one PE device fails, the destination address is matched to the locator of the low network segment prefix, so that the traffic is forwarded to other PE devices, thereby implementing mutual protection among multiple PE devices.

Through the above embodiments, the technical problems of the anycast redundancy protection scheme and the Mirror image protection scheme can be solved, more flexible network guarantee is realized, and the following explains the principle of solving the technical problems.

For the problem of static configuration, in the anycast redundancy protection scheme, a user needs to configure the same locator on two PEs for CE dual-homed access, and configure the same VPN SID under the locator, so that the VPN SIDs of the two PEs must be the same, which results in that the dynamic generation of the VPN SID under the locator cannot be supported, and the user must manually configure the VPN SIDs of the two PEs into the same VPN SID. For example, referring to fig. 9, the user needs to configure the same locator on PE1 and PE2, and configure the same VPN SID under the locator on PE1 and PE2. By applying the method for forwarding the packet provided by this embodiment, because redundancy protection can be already achieved through the locator of the low network segment prefix, PE2 and PE3 get rid of the limitation that the VPN SID must be the same, PE2 can automatically generate the VPN SID under the locator of its own high network segment prefix, PE3 can automatically generate the VPN SID under the locator of its own high network segment prefix, and further, each node in the anycast group can automatically generate the VPN SID under the locator of its corresponding high network segment prefix, thereby solving the problem of static configuration and supporting the generation of dynamic SID.

For the problem of affecting VPN convergence, in the scheme of protecting using anycast, PE2 and PE3 are an anycast group, the VPN SID issued by PE2 and the VPN SID issued by PE3 must be the same, and PE2 and PE3 establish an L3 VPN with the head-end node PE1 to the outside. For PE1, PE2 and PE3 correspond to the same node, so when one of PE2 and PE3 fails, the other node will still send the same information to the head-end node PE1. Thus, PE1 does not perceive that a node in the anycast group has failed, resulting in no convergence of the VPN. Only if all nodes of the anycast group fail, the head-end node PE1 can perceive the failure. Through the method of the embodiment, the limitation that the VPN SID of the PE2 and the VPN SID of the PE3 must be the same is eliminated, the PE2 can distribute the VPN SID and issue the VPN SID under the high network segment prefix of the PE2, the PE3 can distribute the VPN SID and issue the VPN SID under the high network segment prefix of the PE3, the VPN SID issued by the PE2 and the VPN SID issued by the PE3 can be different, the PE1, the PE2 and the PE3 can respectively establish a neighbor relation, when one node in the PE2 and the PE3 is in a fault, the PE1 can disconnect the neighbor relation with the fault node, and establish the neighbor relation with the fault node by using the VPN SID issued by the fault node, so that the influence on VPN convergence can be avoided.

For the problem of traffic detour, the traffic detour is for AC side link failure, for example, private network side link from PE1 to CE1 in fig. 9. In the scheme of protection using anycast, PE1 and PE2 seen by the P1 node are the same prefix and the same VPN SID. When a link from PE1 to CE1 fails, the P1 node cannot identify AC side link failure, the P1 node can also send flow to the PE1 according to an optimal path, when the PE1 queries a private network routing information table, the query cannot be performed, the PE1 sends the flow to the PE2, the PE2 sends the flow to the CE1, flow detour is caused, and the flow detour always exists before failure recovery. With the method for forwarding a packet provided in this embodiment, when a link between PE1 and CE1 fails, the traffic of the public network that reaches PE1 in a short time will encapsulate the VPN SID crossed by PE2 again, and forward the traffic to PE2 through the PE1- > PE2 link, and forward the traffic to the CE1 side through PE2. However, after the VPN of the head-end node converges, the traffic is directly forwarded to PE2, and does not pass through PE1, so the traffic bypass problem does not occur.

The method for forwarding a packet and the method for issuing routing information according to the embodiment of the present application are described above, and the network device according to the embodiment of the present application is described below.

Fig. 20 is a schematic structural diagram of a network device 600 according to an embodiment of the present application, and as shown in fig. 20, the network device 600 includes: a receiving module 601, configured to execute S403; a query module 602 for performing S404; a sending module 603 configured to execute S405.

Optionally, the apparatus further comprises: a deleting module for executing S402.

Optionally, the apparatus further comprises: a saving module, further configured to execute S105.

It should be understood that the network apparatus 600 corresponds to the third device in the foregoing method embodiment, and each module and the foregoing other operations and/or functions in the network apparatus 600 are respectively used for implementing various steps and methods implemented by the third device in the method embodiment, and for details, reference may be made to the foregoing method embodiment, and details are not described herein again for the sake of brevity.

It should be understood that, in the redundancy protection of the network device 600, the above-mentioned division of each functional module is merely exemplified, and in practical applications, the above-mentioned function distribution may be completed by different functional modules according to needs, that is, the internal structure of the network device 600 is divided into different functional modules to complete all or part of the above-mentioned functions. In addition, the network device 600 provided in the foregoing embodiment and the foregoing method embodiment of redundancy protection belong to the same concept, and details of a specific implementation process thereof are referred to in the method embodiment, and are not described herein again.

Fig. 21 is a schematic structural diagram of a network device 700 according to an embodiment of the present application, and as shown in fig. 21, the network device 700 includes: an obtaining module 701, configured to execute S101; a publishing module 702 configured to execute S102.

Optionally, the network apparatus 700 further comprises: and the query module is used for querying the local SID table or the remote SID table.

Optionally, the network apparatus 700 further comprises: a receiving module, configured to execute S301.

It should be understood that the network apparatus 700 corresponds to the first device or the second device in the foregoing method embodiment, and each module and the foregoing other operations and/or functions in the network apparatus 700 are respectively for implementing various steps and methods implemented by the first device or the second device in the method embodiment, and specific details may be referred to the foregoing method embodiment, which are not described herein again for brevity.

It should be understood that, in the redundancy protection of the network device 700, the above-mentioned division of the functional modules is merely exemplified, and in practical applications, the above-mentioned function distribution may be performed by different functional modules according to needs, that is, the internal structure of the network device 700 is divided into different functional modules to perform all or part of the above-mentioned functions. In addition, the network device 700 provided in the foregoing embodiment and the foregoing method embodiment of redundancy protection belong to the same concept, and details of a specific implementation process thereof are referred to in the method embodiment, and are not described herein again.

In some possible embodiments, the first device, the second device, or the third device is implemented as a network device, for example, the PE device and the P device are implemented as network devices. The network processor in the network device may perform the various steps of the above-described method embodiments. For example, the network device may be a router, a switch, or a firewall, or may be other network devices that support a message forwarding function.

Referring to fig. 22, fig. 22 is a schematic structural diagram of a network device 800 according to an embodiment of the present application.

The network device 800 may be provided as the first device, the second device, or the third device in any one of the first to fifth embodiments of the method embodiments described above. The network device 800 has any function of the first device, the second device, or the third device in any one of the first to fifth embodiments. The network device 800 includes a processor configured to execute the instructions, so that the network device 800 performs the method performed by the first device, the second device, or the third device in embodiments one through five.

Alternatively, the network device 800 corresponds to the network apparatus 600. The software of the network device 800 includes functional modules in the network apparatus 600, and each functional module in the network apparatus 600 is implemented by the software of the network device 800. In other words, the network apparatus 600 includes functional modules that are generated by a processor of the network device 800 after reading program codes stored in a memory.

Alternatively, the network device 800 corresponds to the network apparatus 700. The software of the network device 800 includes functional modules in the network apparatus 700, and each functional module in the network apparatus 700 is implemented by the software of the network device 800. In other words, the network device 700 includes functional modules that are generated by a processor of the network apparatus 800 reading program code stored in a memory.

The network device 800 may be any node of the system architecture 100 in fig. 8, for example, PE1, PE2, P1, P2, or the like.

The network device 800 includes: a main control board 810, an interface board 830, a switch board 820 and an interface board 840. The main control board 810 is used to complete the functions of system management, device maintenance, protocol processing, etc. The switch network board 820 is used to complete data exchange between interface boards (interface boards are also called line cards or service boards). Interface boards 830 and 840 are used to provide various service interfaces (e.g., ethernet interfaces, POS interfaces, etc.) and to enable forwarding of data packets. The main control board 810, the interface boards 830 and 840, and the switch board 820 are connected to the system backplane through the system bus to realize intercommunication. The central processor 831 on the interface board 830 is configured to perform control management on the interface board and communicate with the central processor 811 on the main control board 810.

If the network device 800 is configured as a first device, the network processor 832 executes S101 to send the first segment routing information and the anycast routing information of the anycast group from the physical interface card 833, so that the first segment routing information and the anycast routing information of the anycast group are released into the network. The physical interface card 833 executes S506 and sends the packet to the network processor 832, and after the network processor 832 queries the forwarding table entry memory 534, the packet is sent from the physical interface card 833 after the link layer encapsulation is completed according to the information such as the outgoing interface and the like.

If the network device 800 is configured as a second device, the network processor 832 executes S103 to send the second segment routing information and the anycast routing information of the anycast group from the physical interface card 833, so that the second segment routing information and the anycast routing information of the anycast group are published into the network. The physical interface card 833 executes S406 and sends the packet to the network processor 832, and after the network processor 832 queries the forwarding table entry memory 534, the packet is sent out from the physical interface card 833 after completing the link layer encapsulation according to the information such as the outgoing interface.

If the network device 800 is configured as a third device, the physical interface card 833 receives the first segment routing information, the second segment routing information, and the anycast routing information, and sends the first segment routing information, the second segment routing information, and the anycast routing information to the network processor 832, and the network processor 832 stores the first segment routing information, the second segment routing information, and the anycast routing information in the local routing information of the forwarding table entry memory 834.

If the network device 800 is configured as a third device, the network processor 832 removes the second device's published second segment routing information from the local routing information in the forwarding-entry store 834 in response to a failure of the second device. The physical interface card 833 receives the packet, the network processor 832 queries the local routing information of the forwarding table entry memory 834 to obtain the anycast routing information, and according to the information such as the outgoing interface, after the link layer encapsulation is completed, the packet is sent out from the physical interface card 833, so that the packet is transmitted to the first device.

If the network device 800 is configured as a third device, the network processor 832 removes the first segment routing information published by the first device from the local routing information in the forwarding table entry memory 834 in response to a failure of the first device. The physical interface card 833 receives the packet, the network processor 832 queries the local routing information of the forwarding table entry memory 834 to obtain the anycast routing information, and according to the information such as the outgoing interface, and after the link layer encapsulation is completed, the packet is sent out from the physical interface card 833, so that the packet is transmitted to the second device.

It should be understood that operations on the interface board 840 in the embodiment of the present application are the same as those of the interface board 830, and for brevity, are not described again. It should be understood that the network device 800 of this embodiment may correspond to the first device, the second device, or the third device in the foregoing various method embodiments, and the main control board 810, the interface board 830, and/or the interface board 840 in the network device 800 may implement the functions and/or the various steps that are implemented by the first device, the second device, or the third device in the foregoing various method embodiments, which are not described herein again for brevity.

It should be noted that there may be one or more main control boards, and when there are more main control boards, the main control boards may include a main control board and a standby main control board. The interface board may have one or more blocks, and the stronger the data processing capability of the network device, the more interface boards are provided. There may also be one or more physical interface cards on an interface board. The exchange network board may not have one or more blocks, and when there are more blocks, the load sharing redundancy backup can be realized together. Under the centralized forwarding architecture, the network device does not need a switching network board, and the interface board undertakes the processing function of the service data of the whole system. Under the distributed forwarding architecture, the network device can have at least one switching network board, and the data exchange among a plurality of interface boards is realized through the switching network board, so that the high-capacity data exchange and processing capacity is provided. Therefore, the data access and processing capabilities of the network devices in the distributed architecture are greater than those of the devices in the centralized architecture. Optionally, the form of the network device may also be only one board card, that is, there is no switching network board, and the functions of the interface board and the main control board are integrated on the one board card, at this time, the central processing unit on the interface board and the central processing unit on the main control board may be combined into one central processing unit on the one board card to perform the function after the two are superimposed, and the data switching and processing capability of the device in this form is low (for example, network devices such as a low-end switch or a router, etc.). Which architecture is specifically adopted depends on a specific networking deployment scenario, and is not limited herein.

Fig. 23 is a schematic structural diagram of the interface board 830 in the network device shown in fig. 22 according to an embodiment of the present application. The interface board 830 may include a Physical Interface Card (PIC) 930, a Network Processor (NP) 910, and a traffic management module (traffic management) 920.

Wherein, PIC: the physical interface card (physical interface card) is used for realizing the docking function of a physical layer, so that the original flow enters an interface board of the network equipment, and the processed message is sent out from the PIC card.

The network processor NP 910 is used to implement the forwarding processing of the packet. Specifically, the processing of the uplink packet includes: processing of the message ingress interface, forwarding table lookup (related content related to local routing information as in the above embodiments); and (3) downlink message processing: forwarding table lookups (related to local routing information as in the above embodiments), and so on.

The traffic management TM 920 is configured to implement QoS, line-speed forwarding, large-capacity caching, and queue management functions. Specifically, the uplink traffic management includes: uplink Qos processing (such as congestion management and queue scheduling) and slicing processing; the downlink traffic management comprises the following steps: group package processing, multicast replication, and downlink Qos processing (such as congestion management and queue scheduling).

It is understood that, in the case of a network device having a plurality of interface boards 830, the plurality of interface boards 830 can communicate with each other through the switching network 940.

It should be noted that fig. 23 only shows an exemplary process flow or module inside the NP, the processing order of each module in the specific implementation is not limited thereto, and other modules or process flows may be deployed as required in practical applications. The embodiments of the present application do not limit this.

Referring to fig. 24, fig. 24 is a schematic structural diagram illustrating a network device 1000 according to an embodiment of the present application.

The network device 1000 may be provided as the first device, the second device, or the third device in any one of the first to fifth embodiments of the method embodiments described above. The network device 1000 has any function of the first device, the second device, or the third device in any one of the first to fifth embodiments. The network device 1000 includes a processor configured to execute the instructions, so that the network device 1000 performs the method performed by the first device, the second device, or the third device in the first to fifth embodiments.

Alternatively, the network device 1000 corresponds to the network apparatus 600. The software of the network device 1000 includes functional modules in the network apparatus 600, and each functional module in the network apparatus 600 is implemented by the software of the network device 1000. In other words, the network apparatus 600 includes functional modules that are generated by a processor of the network device 1000 reading program codes stored in a memory.

Alternatively, the network device 1000 corresponds to the network apparatus 700. The software of the network device 1000 includes functional modules in the network apparatus 700, and each functional module in the network apparatus 700 is implemented by the software of the network device 1000. In other words, the network device 700 includes functional modules that are generated by a processor of the network apparatus 1000 reading program codes stored in a memory.

The network device 1000 may be any node of the system architecture 100 in fig. 8, for example, PE1, PE2, P1, or P2.

The network device 1000 may be any device involved in all or part of the description of the method embodiments, and for example, may be PE1, PE2, P1, P2, or the like. Network device 1000 includes at least one processor 1001, a communication bus 1002, memory 1003, and at least one communication interface 1004.

The processor 1001 may be a general-purpose Central Processing Unit (CPU), a Network Processor (NP), a microprocessor, or one or more integrated circuits such as an application-specific integrated circuit (ASIC), a Programmable Logic Device (PLD), or a combination thereof, for implementing the present solution. The PLD may be a Complex Programmable Logic Device (CPLD), a field-programmable gate array (FPGA), a General Array Logic (GAL), or any combination thereof.

A communication bus 1002 is used to communicate information between the above components. The communication bus 1002 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.

The Memory 1003 may be, but is not limited to, a read-only Memory (ROM) or other type of static storage device that may store static information and instructions, a Random Access Memory (RAM) or other type of dynamic storage device that may store information and instructions, an electrically erasable programmable read-only Memory (EEPROM), a compact disc read-only Memory (CD-ROM) or other optical disk storage, optical disk storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory 1003 may be separate and coupled to the processor 1001 via a communication bus 1002. The memory 1003 may also be integrated with the processor 1001.

The communication interface 1004 uses any transceiver or the like for communicating with other devices or a communication network. The communication interface 1004 includes a wired communication interface and may also include a wireless communication interface. The wired communication interface may be an ethernet interface, for example. The ethernet interface may be an optical interface, an electrical interface, or a combination thereof. The wireless communication interface may be a Wireless Local Area Network (WLAN) interface, a cellular network communication interface, or a combination thereof.

In particular implementations, processor 1001 may include one or more CPUs, such as CPU0 and CPU1 shown in fig. 3, as one embodiment.

In particular implementations, network device 1000 may include multiple processors, such as processor 1001 and processor 1005 shown in fig. 3, as an example. Each of these processors may be a single-Core Processor (CPU) or a multi-Core Processor (CPU). A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).

In this particular implementation, network device 1000 may further include an output device 1006 and an input device 1007 as an embodiment. An output device 1006, in communication with the processor 1001, may display information in a variety of ways. For example, the output device 1006 may be a Liquid Crystal Display (LCD), a Light Emitting Diode (LED) display device, a Cathode Ray Tube (CRT) display device, a projector (projector), or the like. The input device 1007 is in communication with the processor 1001 and may receive user input in a variety of ways. For example, the input device 1007 may be a mouse, a keyboard, a touch screen device, or a sensing device, among others.

In some embodiments, the memory 1003 is used for storing the program code 1010 for executing the present application scheme, and the processor 1001 can execute the program code 1010 stored in the memory 1003. That is, the network device 1000 may implement the MM method provided by the method embodiment through the processor 1001 and the program code 1010 in the memory 1003.

The network device 1000 of the embodiment of the present application may correspond to the first device, the second device, or the third device in the above-described various method embodiments, and the processor 1001, the communication interface 1004, and the like in the network device 1000 may implement the functions of the first device, the second device, or the third device in the above-described various method embodiments and/or various steps and methods implemented by the first device, the second device, or the third device. For brevity, no further description is provided herein.

An embodiment of the present application provides a computer-readable storage medium, where at least one instruction is stored in the storage medium, and the instruction is read by a processor, so that a network device executes the method for issuing routing information provided in the first embodiment, or the method for forwarding a packet provided in any one or more of the second to fifth embodiments.

The embodiment of the present application provides a computer program product, which when running on a network device, enables the network device to execute the method for publishing routing information provided in the first embodiment, or the method for forwarding a packet provided in any one or more of the second to fifth embodiments.

The embodiment of the present application provides a chip, and when the chip runs on a network device, the network device executes the method for issuing routing information provided in the first embodiment, or the method for forwarding a packet provided in any one or more of the second to fifth embodiments.

An embodiment of the present application provides a network system, where the network system includes the first device, the second device, and the third device.

Those of ordinary skill in the art will appreciate that the various method steps and elements described in connection with the embodiments disclosed herein can be implemented as electronic hardware, computer software, or combinations of both, and that the steps and elements of the various embodiments have been described above generally in terms of their functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the technical solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

It can be clearly understood by those skilled in the art that, for convenience and simplicity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the unit is only one logical functional division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may also be an electric, mechanical or other form of connection.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiments of the present application.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit may be implemented in the form of hardware, or may also be implemented in the form of a software functional unit.

The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method in the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.

The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive various equivalent modifications or substitutions within the technical scope of the present application, and these modifications or substitutions should be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

In the above embodiments, all or part of the implementation may be realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer program instructions. When loaded and executed on a computer, produce, in whole or in part, the procedures or functions according to the embodiments of the application. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer program instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer program instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wire or wirelessly. The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that includes one or more of the available media. The available media may be magnetic media (e.g., floppy disks, hard disks, tapes), optical media (e.g., digital Video Disks (DVDs), or semiconductor media (e.g., solid state disks), among others.

It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by hardware related to instructions of a program, and the program may be stored in a computer readable storage medium, where the above mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk.

The above description is intended only to be an alternative embodiment of the present application, and not to limit the present application, and any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the protection scope of the present application.

Claims

1. A method for forwarding a packet, the method comprising:

in response to a first device failure, deleting first network segment routing information issued by the first device from local routing information, wherein a destination address of the first network segment routing information comprises first positioning information, and the first positioning information is used for indicating an address of the first device;

receiving a message, wherein a destination address of the message comprises a virtual private network segment identifier (VPN SID) of the first device, and the VPN SID comprises the first positioning information;

inquiring routing information which is longest matched with a destination address of the message from the local routing information to obtain anycast routing information of an anycast group, wherein the anycast group comprises the first equipment and the second equipment, the first equipment and the second equipment are mutually protected, the destination address of the anycast routing information comprises second positioning information, the prefix length of the second positioning information is smaller than that of the first positioning information, and a network segment range corresponding to the second positioning information comprises a network segment range corresponding to the first positioning information;

sending the message to the second equipment according to the anycast routing information;

and the first equipment sends private network routing information of the CE equipment to the second equipment in a far-end crossing mode, wherein the private network routing information comprises the VPN SID, and the VPN SID is marked as a far-end SID on the second equipment.

2. The method according to claim 1, wherein first N bits of the first positioning information are the same as first N bits of the second positioning information, a prefix length of the first positioning information is M bits, N and M are integers, and N is smaller than M.

3. The method of claim 1, wherein prior to receiving the message, the method further comprises:

receiving first network segment routing information issued by the first device, wherein a destination address of the first network segment routing information comprises the first positioning information;

and receiving the anycast routing information of the anycast group issued by the first device and the second device.

4. The method of claim 3, wherein prior to receiving the message, the method further comprises:

receiving second network segment routing information issued by the second device, wherein a destination address of the second network segment routing information comprises third positioning information, the third positioning information is used for indicating an address of the second device, the third positioning information is different from the first positioning information, a prefix length of the second positioning information is smaller than a prefix length of the third positioning information, and a network segment range corresponding to the second positioning information comprises a network segment range corresponding to the third positioning information.

5. A method of distributing routing information, the method comprising:

a first device acquires first positioning information and second positioning information, wherein the first positioning information is used for indicating an address of the first device, the prefix length of the second positioning information is smaller than that of the first positioning information, the network segment range corresponding to the second positioning information comprises the network segment range corresponding to the first positioning information, and the first positioning information is included in a virtual private network segment identifier (VPN SID) of the first device;

the first device issues anycast routing information of an anycast group, where the anycast group includes the first device and a second device, the first device and the second device are protected from each other, a destination address of the anycast routing information includes the second positioning information, and an address of the second device is located in a network segment range corresponding to the second positioning information;

the method further comprises the following steps:

6. The method of claim 5, further comprising:

and the first equipment issues first network segment routing information, and the destination address of the first network segment routing information comprises the first positioning information.

7. The method of claim 5, further comprising:

the first equipment receives a message, wherein the destination address of the message comprises third positioning information, the third positioning information is used for indicating the address of the second equipment, and the third positioning information is different from the first positioning information;

and the first equipment sends the message according to the destination address.

8. The method according to claim 7, wherein the destination address of the packet includes a VPN SID of a second device, the VPN SID of the second device is used for sending the packet to a customer edge CE device, the VPN SID of the second device includes the third positioning information, and the sending of the packet by the first device according to the destination address includes:

the first device queries a local Segment Identifier (SID) table according to the VPN SID, and sends a message to the CE device according to the remote SID if the VPN SID hits the remote SID in the local SID table, wherein the local SID table comprises a remote mark, and the value of the remote mark corresponding to the remote SID in the local SID table is different from the value of the remote mark corresponding to the local SID; or the like, or, alternatively,

and the first equipment inquires a far-end SID table according to the VPN SID, and if the VPN SID hits the far-end SID in the far-end SID table, the first equipment sends a message to the CE equipment according to the far-end SID, wherein the far-end SID table is used for storing the far-end SID.

9. The method according to claim 5, wherein the first N bits of the first positioning information are the same as the first N bits of the second positioning information, the prefix length of the first positioning information is M bits, the N and M are integers, and the N is smaller than the M.

10. The method according to claim 5, wherein the VPN SID issued by the first device is different from the VPN SID issued by the second device, the VPN SID issued by the first device includes the first positioning information, the VPN SID issued by the second device includes third positioning information, a prefix length of the third positioning information is greater than a prefix length of the second positioning information, and a network segment range corresponding to the third positioning information is within a network segment range corresponding to the second positioning information.

11. The method of claim 5, wherein the first device and the second device are two operator edge (PE) devices for CE device dual homing access.

12. The method of claim 11, further comprising:

and the first equipment sends private network routing information of the CE equipment to the second equipment, wherein the VPN SID carried by the private network routing information is used for sending a message to the CE equipment.

13. A network apparatus, the apparatus comprising:

a deleting module, configured to delete, in response to a failure of a first device, first network segment routing information issued by the first device from local routing information, where a destination address of the first network segment routing information includes first positioning information, and the first positioning information is used to indicate an address of the first device;

a receiving module, configured to receive a packet, where a destination address of the packet includes a virtual private network segment identifier (VPN SID) of the first device, and the VPN SID includes the first positioning information;

a query module, configured to query, from the local routing information, routing information that is longest matched with a destination address of the packet, to obtain anycast routing information of an anycast group, where the anycast group includes the first device and the second device, the first device and the second device protect each other, the destination address of the anycast routing information includes second positioning information, a prefix length of the second positioning information is smaller than a prefix length of the first positioning information, and a network segment range corresponding to the second positioning information includes a network segment range corresponding to the first positioning information;

a sending module, configured to send the packet to the second device according to the anycast routing information; and the first equipment sends private network routing information of the CE equipment to the second equipment in a far-end crossing mode, wherein the private network routing information comprises the VPN SID, and the VPN SID is marked as a far-end SID on the second equipment.

14. The apparatus of claim 13, wherein the receiving module is further configured to receive first segment routing information issued by the first device, and a destination address of the first segment routing information includes the first positioning information; and receiving the anycast routing information of the anycast group issued by the first device and the second device.

15. The apparatus according to claim 14, wherein the receiving module is further configured to receive second segment routing information issued by the second device, a destination address of the second segment routing information includes third positioning information, the third positioning information is used to indicate an address of the second device, the third positioning information is different from the first positioning information, a prefix length of the second positioning information is smaller than a prefix length of the third positioning information, and a segment range corresponding to the second positioning information includes a segment range corresponding to the third positioning information.

16. A network apparatus, the apparatus comprising:

an obtaining module, configured to obtain first positioning information and second positioning information, where the first positioning information is used to indicate an address of a first device, a prefix length of the second positioning information is smaller than a prefix length of the first positioning information, a network segment range corresponding to the second positioning information includes a network segment range corresponding to the first positioning information, and the first positioning information is included in a virtual private network segment identifier (VPN SID) of the first device;

a publishing module, configured to publish anycast routing information of an anycast group, where the anycast group includes the first device and the second device, the first device and the second device protect each other, a destination address of the anycast routing information includes the second positioning information, and an address of the second device is located in a network segment range corresponding to the second positioning information; and the first equipment sends private network routing information of the CE equipment to the second equipment in a far-end crossing mode, wherein the private network routing information comprises the VPN SID, and the VPN SID is marked as a far-end SID on the second equipment.

17. The apparatus of claim 16, wherein the publishing module is further configured to publish first network segment routing information, and wherein a destination address of the first network segment routing information comprises the first positioning information.

18. The apparatus of claim 16, further comprising:

a receiving module, configured to receive a packet, where a destination address of the packet includes third positioning information, where the third positioning information is used to indicate an address of the second device, and the third positioning information is different from the first positioning information;

the issuing module is further configured to send the message according to the destination address.

19. The apparatus according to claim 18, wherein the destination address of the packet comprises a VPN SID of the second device, the VPN SID of the second device is used for transmitting the packet to the customer edge CE device, and the VPN SID of the second device comprises the third positioning information;

the device further comprises: the query module is used for querying a local Segment Identifier (SID) table according to the VPN SID; or, according to the VPN SID, inquiring a far-end SID table;

the publishing module is configured to send a packet to the CE device according to the remote SID if the VPN SID hits the remote SID in the local SID list, where the local SID list includes a remote token, and a value of the remote token corresponding to the remote SID in the local SID list is different from a value of the remote token corresponding to the local SID; or, if the VPN SID hits the remote SID in the remote SID table, sending a message to the CE device according to the remote SID, wherein the remote SID table is used for storing the remote SID.

20. The apparatus according to claim 19, wherein the publishing module is further configured to send private network routing information of the CE device, and a VPN SID carried in the private network routing information is used to send a packet to the CE device.

21. A network device, characterized in that the network device comprises a processor for executing instructions causing the network device to perform the method of any one of claims 1 to 12.

22. A network system, characterized in that the network system comprises a network device according to any one of claims 13 to 15 and a network device according to any one of claims 16 to 20.

23. A computer-readable storage medium having stored therein at least one instruction that is readable by a processor to cause a network device to perform the method of any one of claims 1-12.