CN113556282A

CN113556282A - Route processing method and equipment

Info

Publication number: CN113556282A
Application number: CN202010632264.4A
Authority: CN
Inventors: 邰博; 张耀坤; 吕金生; 王海波; 潘欣宇
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2020-04-23
Filing date: 2020-07-03
Publication date: 2021-10-26
Also published as: WO2021213185A1

Abstract

The application discloses a route processing method and equipment, wherein the method comprises the following steps: the method comprises the steps that first equipment receives a first routing message sent by second equipment, wherein the first routing message carries first role identification information, the first role identification information is used for indicating a role of the second equipment in a network, and the first routing message is used for issuing a first route; and the first equipment determines the first route priority of the first route according to the first corner identification information. By carrying the role identification information of the second device in the routing message, the first device can sense the role of the second device in the network, so that the routing priority of the issued route is correspondingly set, even if the abnormal device exists in the network, the first device can distinguish the route issued by the abnormal device and the route issued by the second device, and the influence of the abnormal device on the operation of the network is overcome, so that the network can stably operate, the reliability of the network with a centralized network architecture is improved, and the network safety is realized.

Description

Route processing method and equipment

The priority of the chinese patent application entitled "a method and apparatus for communication" filed on chinese patent office, application number 202010326321.6, filed on 23/04/2020, is hereby incorporated by reference in its entirety.

Technical Field

The present application relates to the field of network communication technologies, and in particular, to a method and an apparatus for processing a route.

Background

With the increase of network requirements, devices in the network are also increasing, and a network with a centralized network architecture is preferably deployed in many network deployment processes. A network with a centralized network architecture refers to at least one central device connected to a plurality of distributed devices, and a small number of central devices may be used to control and manage the plurality of distributed devices connected thereto, for example, may also serve as gateways for the plurality of distributed devices.

For a network with a centralized network architecture, each distributed device is connected to a central device, but once an abnormal device exists in the network, an Internet Protocol (IP) address of the abnormal device is the same as an IP address of the central device, for example, the abnormal device may be a network device in which an IP address of the central device is configured incorrectly, or an attacker device that counterfeits the IP address of the central device. Due to the existence of the abnormal device, each distributed device receives two routes with the same route prefix, and then the message which is sent to the central device on the distributed device can be sent to the abnormal device, so that the network with the centralized network structure cannot work normally.

Based on this, it is desirable to provide a routing processing method, which is directed to a network with a centralized network architecture, to avoid the problem that messages sent by distributed devices cannot reach a central device due to device misconfiguration or attack messages, and to ensure the normal operation of the network with the centralized network architecture.

Disclosure of Invention

Based on this, embodiments of the present application provide a routing processing method and device, in a network with a centralized network architecture, even if there is an abnormal device, each distributed device can also distinguish the abnormal device from a central device, so as to ensure that the central device effectively controls each distributed device, or ensure that the central device effectively forwards a packet of each distributed device, so as to ensure that the network with the centralized network architecture can normally operate.

In a first aspect, an embodiment of the present application provides a routing processing method, where the method is implemented by a first device, and the method may include: the method comprises the steps that a first device receives a first routing message which is sent by a second device and complies with a first routing protocol, wherein the first routing message carries first role identification information, the first role identification information is used for indicating a role of the second device in a network, and the first routing message is used for issuing a first route; then, the first device determines a first route priority of the first route according to the first corner identification information. It can be seen that, in order to overcome the influence of the abnormal device on the network, the routing message sent by the second device carries role identification information, where the role identification information is used to indicate the role of the second device in the network, so that the first device receiving the routing message can sense the role of the second device in the network, and set the routing priority of the route issued by the second device based on the role identification information, and even if the first device also receives the routing message sent by the abnormal device having the same IP address as the second device, the first device can distinguish the routes issued by the abnormal device and the second device, so that when the first device sends the protocol message whose destination address is the IP address of the second device, although there are two routes having the same prefix, the protocol message can still be sent to the second device based on the route issued by the second device, the protocol message is not sent to the abnormal device, for example, for a network with a centralized network architecture, each distributed device can be stably managed or controlled by a trusted central device, or each distributed device can stably communicate with the trusted central device, so that the reliability of the network with the centralized network architecture is improved, and the network security is realized.

In this embodiment, the network has a centralized network architecture, that is, the network may include at least one central device and a plurality of distributed devices, where the at least one central device and the plurality of distributed devices respectively establish communication connections, the at least one central device includes the second device, and the first device is a distributed device to which the second device is connected. As an example, the network is a control-forwarding separation network, the second device is a controller in the control-forwarding separation network, and the first device is any one of forwarding devices connected to the controller. As another example, the network is a central Hub-backbone Spine network, the second device is a Hub device in the Hub-Spine network, and the first device is any Spine device connected to the Hub device. As another example, the network is a backbone Spine-Leaf network, the second device is a Spine device in the Spine-Leaf network, and the first device is any Leaf connected to the Spine device. As yet another example, the network is a CU separation network with control plane CP-user plane UP separation, the second device is a CP device in the CU separation network, and the first device is any one of the UP devices connected to the CP device. As another example, the network is a VXLAN network, the second device is a VXLAN gateway in the VXLAN network, and the first device is any one of endpoint devices connected to the VXLAN gateway.

The first routing protocol may be, for example, an open shortest path first OSPF protocol, an intermediate system to intermediate system ISIS, a border gateway protocol BGP, or a path computation element communication protocol PCEP.

As an example, the first routing message carries the first role identification information through a newly added extended community attribute or a newly added type length value TLV field. For example, the first routing message carries the first role identification information through the newly added extended community attribute or the Type field in the newly added TLV field, that is, the first routing message is used to identify the role of the second device in the network through the value of the newly added extended community attribute or the Type field in the newly added TLV field.

In some possible implementations, the first routing message may also carry priority association information, which is used to determine the first routing priority. Wherein the priority associated information comprises one or more of the following information: first indication information, configured to indicate that the first route priority is configured to be higher than route priorities of other routes issued by other devices through the first routing protocol, where the first route and the other routes have the same route prefix; second indication information, which is used for indicating that the first device needs to modify the protocol priority of the first routing protocol in the routing among the multiple routing protocols; third indication information, configured to indicate that the first device does not need to modify the protocol priority of the first routing protocol in the inter-routing of the multiple routing protocols; fourth indication information, configured to indicate that the second device is a standby device; the fifth indication information is used for indicating that the second equipment is the main equipment; sixth indication information, configured to instruct the first device to perform authentication on the second device; seventh indication information, configured to indicate the route attribute information in the first route message. It should be noted that the priority association information may be carried in an extended community attribute added to the first routing message or a type length value TLV field added to the first routing message.

In addition, the first routing message may also carry one or more of the following items of information: eighth indication information, configured to indicate an autonomous system in which the second device is located; ninth indication information, configured to indicate a network entity within the autonomous system where the second device is located; tenth indication information, configured to indicate a device identifier of the second device, where the device identifier is used to uniquely identify the second device. It should be noted that the eighth to tenth indication information may be carried in an extended community attribute or a type length value TLV field added to the first routing message.

It should be noted that the type length value TLV fields (or extended group attributes) added for carrying the information of the first corner identification information, the priority association information, and the eighth to tenth indication information may be the same TLV field (or extended group attribute), or two or three different TLV fields (or extended group attributes), which is not specifically limited in this embodiment of the application.

As an example, when one central device is included in the network, or when a plurality of central devices included in the network are all master central devices, the first role identification information may be used to indicate that the role of the second device in the network is a central device.

As another example, when a plurality of center apparatuses are included in a network, and the plurality of center apparatuses include a main center apparatus and a standby center apparatus, if a role of a second apparatus in the network is the main center apparatus, the first role identification information may be used to indicate that the role of the second apparatus in the network is the main center apparatus. If the role of the second device in the network is the standby center device, the first role identification information may be used to indicate that the role of the second device in the network is the standby center device.

In some specific implementations, the method may further include: the first device receives a second routing message sent by a third device, wherein the second routing message carries second role identification information, the second role identification information is used for indicating that the role of the third device in the network is a standby center device, and the second routing message is used for issuing a second route; and the first equipment determines the second routing priority of the second route according to the second role identification information.

In this case, the data packet sent by the first device is forwarded through the main central device, and is switched to the standby central device when the main central device fails, and the standby central device forwards the data packet.

Or, the second device and the third device may be both standby center devices, and then, the first role identification information or the fifth indication information in the first routing message is further used to indicate that the role of the second device in the network is a standby center device, in this case, the data packet sent by the first device is forwarded through the main center device, and is switched to the second device or the third device when the main center device fails, and the second device or the third device serves as the standby center device to forward the data packet; or, the data message is switched to the second device and the third device, and the second device and the third device are used as standby center devices to share the load of the data message.

Or, the second device and the third device may both be the main central device, then, the first role identification information or the fifth indication information in the first routing message is further used to indicate that the role of the second device in the network is the main central device, and the second role identification information or the fifth indication information in the second routing message is further used to indicate that the role of the third device in the network is the main central device, in this case, the data packet sent by the first device is load-shared by the second device and the third device.

To increase security, before the first device determines the first route priority of the first route according to the first role identification information, the method may further include: and the first equipment carries out identity verification on the second equipment. The authentication of the second device by the first device may include: and the first equipment carries out the identity verification on the second equipment according to the first role identification information. In one case, the first device performs the identity authentication on the second device according to the first role identification information, which may mean that the first device determines a role of the second device in the network based on the first role identification, and a policy locally configured by the first device requires the identity authentication on the device in the role, so that the first device determines that the identity authentication needs to be performed on the second device. In another case, the first device performs the identity authentication on the second device according to the first role identification information, which may also refer to that the first device determines the role of the second device in the network based on the first role identification, and in a newly added TLV field (or extended community attribute) used for carrying the first role identification information in the first routing message, sixth indication information is also carried, where the sixth indication information is used for indicating the first device to perform the identity authentication on the second device, so that the first device determines that the identity authentication needs to be performed on the second device.

As an example, if the first routing message also carries a digital signature, the authenticating, by the first device, of the second device may include, for example: and the first equipment carries out identity verification on the second equipment according to the digital signature. The first routing message may carry a digital signature obtained by a trusted signing system signing a target field of the first routing message, where the target field may contain part or all of the content of the first routing message. Then, authenticating the second device may for example comprise: the first equipment determines that the second equipment needs to be subjected to identity authentication based on the first role identification information or the sixth indication information in the first routing message; the first device verifies the digital signature by using the first public key; and after the digital signature verification is passed, the first equipment determines that the second equipment is the central equipment with legal identity. In this example, in order to further improve the security of the routing processing method, the first routing message may further carry a first public key corresponding to a first private key for signing the target field, the first device locally stores a first baseline value, and the first baseline value corresponds to the first public key, for example: the first baseline value may be the first public key or a hash of the first public key. Then, the authentication process may further include: the first device verifies the first public key in the first routing message based on the locally stored first baseline value, and only after the verification is passed, the first device can use the first public key which is verified to verify the digital signature.

As another example, if the first routing message carries a first hash check value, the authenticating, by the first device, the second device may include, for example: and the first equipment carries out the identity authentication on the second equipment according to the first hash check value. The first hash check value is a hash value obtained by performing a hash operation on a target field of the first routing message, and the target field may include part or all of the content of the first routing message. Then, authenticating the second device may for example comprise: the first equipment determines that the second equipment needs to be subjected to identity authentication based on the first role identification information or the sixth indication information in the first routing message; the first equipment carries out hash operation on the target field of the first routing message to obtain a second hash value; and if the second hash value is the same as the first hash check value, the first equipment determines that the second equipment is the central equipment with legal identity.

For the first device, determining, according to the first angle identification information, a first route priority of the first route, in some possible implementations, for example, the determining may include: the first device determines the role of the second device in the network based on the first role identification information; and the first equipment determines the first routing priority based on the corresponding relation between a local preset strategy and the role of the second equipment in the network. Therefore, the first routing message does not need to carry routing attribute information, the first device can determine the priority of the first routing based on the preset strategy corresponding to the role of the second device in the local preset strategy, the message space and the network transmission resource of the first routing message are saved to a certain extent, and the routing processing efficiency is improved.

In other possible implementations, if the seventh indication information is carried in the first routing message, the determining, by the first device according to the first angle identification information, the first routing priority of the first route may include: the first device determines the first routing priority based on the first corner identification information and the seventh indication information. The seventh indication information is routing attribute information carried in the first routing message, and the first routing message may carry the routing attribute information through a newly added extended community attribute or a newly added TLV field. The route attribute information includes one or more of the following parameters: link overhead, Local _ priority, route source Origin, and multi-egress identification MED. For example, for the BGP protocol, the routing attribute information includes, but is not limited to, one or more of the following parameters: local _ prediction, Origin and MED; as another example, for the ISIS protocol, the routing attribute information includes, but is not limited to, link cost. Therefore, the first routing message needs to carry routing attribute information, the first device can determine the first routing priority of the first route based on the first corner identification information and the routing attribute information, the first device does not need to perform local configuration, and the storage space on the first device is saved to a certain extent.

In some possible implementations, the method may further include: the method comprises the steps that a first device receives a third routing message of a fourth device, the IP address of the fourth device is the same as that of a second device, the third routing message is used for issuing a third route, and the first route and the third route have the same routing prefix; the first device determines that roles of the fourth device and the second device in the network are different according to the third routing message; the first device determines a third routing priority for the third route, the third routing priority being different from the first routing priority. Wherein the third routing priority may be lower than the first routing priority.

As an example, if the third routing message complies with the first routing protocol, i.e. a routing message for issuing two routes having the same routing prefix complies with the same routing protocol, the receiver device determines different routing priorities for the two routes if the roles of the two sender devices in the network are different.

As another example, if the third routing message conforms to the second routing protocol, i.e., if the routing messages for issuing two routes having the same routing prefix conform to different routing protocols, the manner in which the receiver device determines different routing priorities for the two routes may include: the protocol priorities of the two routing protocols are set to be different, for example, the protocol priority of the first routing protocol is higher than the protocol priority of the second routing protocol.

In other possible implementations, the method may further include: the first device receives a fourth routing message of a fifth device, the IP address of the fifth device is the same as the IP address of the second device, the fourth routing message is used for issuing a fourth route, and the first route and the fourth route have the same routing prefix; the first device determines that the fourth route is an illegal route; the first device does not save the fourth route. The first device may determine, based on the fourth routing message that does not carry the role identification message, that the fourth route issued by the fourth routing message is an illegal route, so that the fourth route is not saved, thereby saving resources of the first device. In one case, the first device does not store the fourth route, which may refer to: when the first device receives the first routing message first, or receives the first routing message and the fourth routing message simultaneously, determining that the fourth routing is an illegal routing, and not storing the fourth routing locally; in another case, the first device does not store the fourth route, which may also refer to: when the first device receives the fourth routing message first, the fourth routing is saved, when the first routing message carrying the first role identification information is received subsequently, the fourth routing is determined to be an illegal routing, a routing table entry corresponding to the locally saved fourth routing is deleted or set to be in an invalid state, and the fourth routing is cancelled.

As an example, the method may further comprise: a first device acquires a first message, wherein the destination address of the first message is the IP address of a second device; and the first equipment sends the first message to the second equipment based on the first route. The first message may be a protocol message.

In a second aspect, an embodiment of the present application provides a routing processing method, where the method is implemented by a second device, and the routing processing method may include, for example: the method comprises the steps that a second device generates a first routing message, wherein the first routing message carries first role identification information, and the first role identification information is used for indicating a role of the second device in a network; the second device then sends the first routing message to the first device, the first routing message for publishing a first route, the first routing message complying with a first routing protocol.

As an example, the first routing message carries the first role identification information through a newly added extended community attribute or a newly added type length value TLV field.

As an example, the Type field in the newly added extended community attribute or the newly added TLV field is used to carry the first role identification information.

As an example, the first routing message further carries priority association information, where the priority association information is used to determine a first routing priority corresponding to the first route.

As an example, the priority association information includes one or more of the following information: first indication information, configured to indicate that the first route priority is configured to be higher than route priorities of other routes issued by other devices through the first routing protocol, where the first route and the other routes have the same route prefix; second indication information, which is used for indicating that the first device needs to modify the protocol priority of the first routing protocol in the routing among the multiple routing protocols; third indication information, configured to indicate that the first device does not need to modify a protocol priority of the first routing protocol in the inter-routing of multiple routing protocols; fourth indication information, configured to indicate that the second device is a standby device; the fifth indication information is used for indicating that the second equipment is the main equipment; sixth indication information, configured to instruct the first device to perform authentication on the second device; seventh indication information, configured to indicate the route attribute information in the first route message.

As an example, the first routing message further carries one or more of the following items of information: eighth indication information, configured to indicate an autonomous system in which the second device is located; ninth indication information, configured to indicate a network entity within the autonomous system where the second device is located; tenth indication information, configured to indicate a device identifier of the second device, where the device identifier is used to uniquely identify the second device.

As an example, the first role identification information is used to indicate that the role of the second device in the network is a central device.

As another example, the role of the second device in the network is a master center device or a standby center device.

Wherein the network has a centralized network architecture, and the network includes at least one central device and a plurality of distributed devices, wherein the at least one central device and the plurality of distributed devices respectively establish communication connections, and the at least one central device includes the second device. For example, the network is a control-forwarding separation network, the second device is a controller in the control-forwarding separation network, and the first device is any one of forwarding devices connected to the controller. For another example, the network is a Hub-backbone Spine network, the second device is a Hub device in the Hub-Spine network, and the first device is any Spine device connected to the Hub device. For another example, the network is a backbone Spine-Leaf network, the second device is a Spine device in the Spine-Leaf network, and the first device is any Leaf connected to the Spine device. For example, the network is a CU separation network with a control plane CP-user plane UP separation, the second device is a CP device in the CU separation network, and the first device is any one UP device connected to the CP device. For another example, the network is a VXLAN network, the second device is a VXLAN gateway in the VXLAN network, and the first device is any one of endpoint devices connected to the VXLAN gateway.

As one example, the first routing message also carries a digital signature or a hash check value, which is used to authenticate the second device.

As an example, the first routing message includes a newly added extended community attribute or a newly added TLV field, where the newly added extended community attribute or the newly added TLV field is used to carry routing attribute information, and the routing attribute information is used by the first device to determine a first routing priority corresponding to the first route. Wherein the route attribute information includes one or more of the following parameters: link overhead, Local _ priority, route source Origin, and multi-egress identification MED.

The first routing protocol is an open shortest path first OSPF protocol, an intermediate system to intermediate system ISIS, a border gateway protocol BGP, or a path computation element communication protocol PCEP.

It should be noted that the method provided by the second aspect corresponds to the method provided by the first aspect, and for specific implementation and achieved effects, reference may be made to the relevant description in the method provided by the first aspect.

In a third aspect, an embodiment of the present application further provides a communication device, where the device includes a transceiver unit and a processing unit. Wherein, the transceiver unit is configured to perform a transceiving operation performed by the first device in the method provided by the first aspect; the processing unit is configured to perform other operations, except for transceiving operations, performed by the first device in the method provided by the first aspect. For example: when the device performs the method implemented by the first device in the first aspect, the transceiving unit may be configured to receive a first routing message sent by a second device; the processing unit may be configured to determine a first route priority for the first route based on the first corner identification information.

In a fourth aspect, an embodiment of the present application further provides a communication device, where the device includes a transceiver unit and a processing unit. The transceiver unit is configured to perform transceiving operations performed by the second device in the method provided by the second aspect; the processing unit is configured to perform other operations than the transceiving operation performed by the second device in the method provided by the second aspect. For example: the transceiving unit may be configured to send the first routing message to a first device when the device performs the method implemented by the second device in the second aspect; the processing unit may be operative to generate a first routing message.

In a fifth aspect, an embodiment of the present application further provides a communication device, which includes a communication interface and a processor. Wherein, the communication interface is used for executing the transceiving operation in the method provided by the first aspect; a processor configured to perform other operations than the transceiving operation in the method provided by the foregoing first aspect or any one of the possible implementation manners of the first aspect.

In a sixth aspect, an embodiment of the present application further provides a communication device, which includes a communication interface and a processor. Wherein, the communication interface is used for executing the transceiving operation in the method provided by the second aspect; a processor configured to perform other operations than the transceiving operation in the method provided by the second aspect or any one of the possible implementation manners of the second aspect.

In a seventh aspect, an embodiment of the present application further provides a communication device, where the device includes a memory and a processor. Wherein the memory comprises computer readable instructions; a processor in communication with the memory is configured to execute the computer readable instructions to cause the communication device to perform the method provided by the first aspect or any one of the possible implementations of the first aspect.

In an eighth aspect, an embodiment of the present application further provides a communication device, which includes a memory and a processor. Wherein the memory comprises computer readable instructions; a processor in communication with the memory is configured to execute the computer readable instructions to cause the communication device to perform the method provided by the second aspect or any one of the possible implementations of the second aspect.

In a ninth aspect, an embodiment of the present application further provides a communication system. The communication system includes a first device and a second device, where the first device may specifically be the communication device provided in the third aspect, the fifth aspect, or the seventh aspect; accordingly, the second device may specifically be the communication device provided in the fourth aspect, the sixth aspect or the eighth aspect.

In a tenth aspect, embodiments of the present application further provide a computer-readable storage medium, which stores instructions that, when executed on a computer, cause the computer to perform the method provided in any one of the above first aspect or any one of the above possible implementations, or cause the computer to perform the method provided in any one of the above second aspect or any one of the above possible implementations.

In an eleventh aspect, this embodiment of the present application further provides a computer program product, which includes a computer program or computer readable instructions, when the computer program or computer readable instructions runs on a computer, cause the computer to execute the method provided by the foregoing first aspect or any one of the possible implementations of the first aspect, or cause the computer to execute the method provided by any one of the possible implementations of the second aspect or the second aspect.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments described in the present application, and other drawings can be obtained by those skilled in the art according to the drawings.

FIG. 1 is a schematic structural diagram of a network with a star topology according to an embodiment of the present application;

fig. 2 is a schematic structural diagram of a network with a tree topology in an embodiment of the present application;

fig. 3a is a schematic structural diagram of a control-forwarding separated network in an embodiment of the present application;

fig. 3b is a schematic structural diagram of a central Hub-backbone Spine network in the embodiment of the present application;

fig. 3c is a schematic structural diagram of a bone Spine-Leaf network in the embodiment of the present application;

fig. 3d is a schematic structural diagram of a VXLAN network in an embodiment of the present application;

fig. 3e is a schematic structural diagram of a CU separation network according to an embodiment of the present disclosure;

FIG. 4a is a diagram illustrating a scenario of a misconfiguration occurring in the network shown in FIG. 3e according to an embodiment of the present application;

fig. 4b is a schematic diagram of a scenario in which an attack device appears in the network shown in fig. 3e in the embodiment of the present application;

fig. 5 is a signaling interaction diagram of a routing processing method 100 according to an embodiment of the present application;

fig. 6a is a schematic diagram of a format of a newly added extended community attribute or TLV field in a BGP message according to an embodiment of the present application;

fig. 6b is a schematic diagram illustrating a format of a TLV field added in an ISIS protocol packet or an OSPF protocol packet in the embodiment of the present application;

FIG. 7a is a diagram illustrating a Flags field in the format shown in FIG. 6a or FIG. 6b according to an embodiment of the present application;

FIG. 7b is a diagram illustrating a format of an Optional Para of the formats shown in FIG. 6a or FIG. 6b according to an embodiment of the present application;

fig. 8 is a schematic structural diagram of a CU separation network according to an embodiment of the present disclosure;

fig. 9a is a schematic flowchart of a method for authenticating a CP device 341 in an embodiment of the present application;

fig. 9b is a schematic flowchart of another method for authenticating the CP device 341 in this embodiment;

fig. 10 is a flowchart illustrating a routing processing method 200 according to an embodiment of the present application;

fig. 11 is a signaling interaction diagram of another routing processing method 300 according to an embodiment of the present application;

fig. 12 is a schematic structural diagram of a communication device 1200 in an embodiment of the present application;

fig. 13 is a schematic structural diagram of another communication device 1300 in the embodiment of the present application;

fig. 14 is a schematic structural diagram of a communication device 1400 in an embodiment of the present application;

fig. 15 is a schematic structural diagram of another communication device 1500 in the embodiment of the present application;

fig. 16 is a schematic structural diagram of a communication device 1600 in an embodiment of the present application;

fig. 17 is a schematic structural diagram of another communication device 1700 in the embodiment of the present application;

fig. 18 is a schematic structural diagram of a communication system 1800 according to an embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application will be described below with reference to the accompanying drawings. The network architecture and the service scenario described in the embodiment of the present application are for more clearly illustrating the technical solution of the embodiment of the present application, and do not form a limitation on the technical solution provided in the embodiment of the present application, and as a person of ordinary skill in the art knows that along with the evolution of the network architecture and the appearance of a new service scenario, the technical solution provided in the embodiment of the present application is also applicable to similar technical problems.

In the present application, ordinal numbers such as "1", "2", "3", "first", "second", and "third" are used to distinguish a plurality of objects, and are not used to limit the sequence of the plurality of objects.

Reference to "a and/or B" in this application should be understood to include the following: including only a, only B, or both a and B.

Currently, networks with a centralized network architecture are favored by many users. The network having a centralized network architecture may include, for example, at least one central device and a plurality of distributed devices, where the at least one central device establishes a connection with each of the plurality of distributed devices. In a specific application scenario, in a centralized Network architecture, at least one central device may manage or control a plurality of distributed devices, for example, in a Software Defined Network (SDN), the at least one central device is a controller in the SDN, the distributed devices are forwarding devices in the SDN, and the controller manages or controls the plurality of forwarding devices. In another application scenario, in a centralized network architecture, one or more distributed devices establish communication connections with other devices via the at least one central device, for example, the at least one central device is a gateway device, and the multiple distributed devices are network devices connected to the gateway device, so that the network devices establish communication connections with other devices through the gateway device. In one particular example, the centralized network architecture may have a star topology or a tree topology.

In the embodiment of the present application, a central device in a network having a centralized network architecture may also be referred to as a core device of the network.

Fig. 1 shows a schematic structural diagram of a network of a star topology, which, with reference to fig. 1, comprises: the network comprises a central node 1, distributed devices 2, distributed devices 3 and … …, and distributed devices N (N is an integer greater than 1), where the central node 1 is a central device in a network with a centralized network architecture, and each distributed device is connected only to the central node 1. In the network, the central node 1 can manage or control each distributed device; alternatively, the central node 1 may serve as a bridge for each distributed device to communicate with other devices. For example, in a VXLAN network, the central node 1 may act as a VXLAN gateway, and each distributed device communicates with a network-side device through the central node 1.

Fig. 2 shows a schematic structural diagram of a network of a tree topology, see fig. 2, comprising: root node 20, branch node 21, branch node 22, leaf node 23, branch node 24, leaf node 25, branch node 26 … …. The network with the tree topology structure can be regarded as a plurality of networks with a centralized network architecture, and in each network with the centralized network architecture, the central device can manage or control each distributed device, or each distributed device can also communicate with other devices through the central node. When the root node 20 is a central device in a network having a centralized network architecture, each of the other branch nodes establishing a communication connection with the root node 20 may be a distributed device in the centralized architecture; when a branch node except for a leaf node is used as a central device, each of the other branch nodes establishing a communication connection with the branch node may be used as a distributed device in the network having the centralized network architecture, for example: the branch node 21 is a central device, and the leaf node 23 and the branch node 24 may be distributed devices.

Those skilled in the art will appreciate that fig. 1 and fig. 2 are only exemplary illustrations of star topology and tree topology, and a network architecture with a star topology may have any number of distributed devices, and a network architecture with a tree topology may have any number of root nodes, branch nodes, and leaf nodes.

Several commonly used networks with a centralized network architecture are described below.

Fig. 3a shows a control-forwarding separated network, which includes a controller 301, a forwarding device 302, forwarding devices 303, … …, and a forwarding device 307, where each forwarding device establishes a communication connection with the controller 301, and the controller 301 is responsible for controlling or managing each forwarding device as a central device. Fig. 3b shows a central Hub-backbone Spine network, where the network includes Hub 311, Spine 312, Spine 313 and Spine 314, each Spine establishes a communication connection with Hub 311, and Hub 311 is used as a central device to control and manage each Spine or forward a packet of each Spine. Fig. 3c shows a backbone Spine-Leaf network, where the network includes Spine 321, Spine 322, Leaf 323, Leaf 324, Leaf 325, and Leaf 326, 4 leaves respectively establish communication connections with Spine 321 and Spine 322, Spine 321 is used as a main central device to control, manage, or forward a message of a corresponding Leaf, Spine 322 is used as a standby central device, and when Spine 321 fails, Leaf 323, Leaf 324, Leaf 325, and Leaf 326 are controlled, managed, or forward a message of a corresponding Leaf. Fig. 3d shows a Virtual eXtensible Local Area Network (VXLAN) Network, where the Network includes a VXLAN gateway 331, an endpoint device 332, an endpoint device 333, and an endpoint device 334, each endpoint device establishes a communication connection with the VXLAN gateway 331, and the VXLAN gateway 331 serves as a central device to forward a message sent by each endpoint device. Fig. 3e shows a Control Plane (CP) -User Plane (UP) separated network (also referred to as CU separated network), where the network includes a CP device 341, a UP device 342, UP devices 343, … …, and a UP device 349, each UP device establishes a communication connection with the CP device 341, and the CP device 341 is responsible for controlling, managing, or forwarding packets of each UP device as a central device.

The CP device 341 and the UP devices in fig. 3e may be network devices such as switches and routers, for example. The controller 301 in fig. 3a may be, for example, an entity for implementing a control management function, and may be deployed on a separate server, or may be deployed in a forwarding device, or may be a separate network device. Each forwarding device may be, for example, a network device such as a switch, router, etc. The network architectures of fig. 3a and 3e differ in that: when a server is used as a controller to perform unified management or control on a plurality of forwarding devices, the network shown in fig. 3a is usually adopted; under the conditions of high computational complexity and heavy computational tasks among network devices, the network shown in fig. 3e is usually adopted, a plurality of UP devices are respectively responsible for processing the computational tasks, and a CP device performs unified management or control on each UP device, or the CP device forwards a message sent by each UP device.

Therefore, the network with the centralized network architecture is widely applied in reality, a stable one-to-many network model is constructed, and convenience is provided for centralized management and control of users.

Hereinafter, the network shown in fig. 3e is taken as an example for explanation, and the routing processing method of other networks with centralized network architecture is similar to the routing processing method of the network shown in fig. 3 e.

Currently, the CP device 341 and each UP device establish a connection through a routing protocol, taking the CP device 341 and the UP device 342 as an example, the process of establishing the connection from the UP device 342 to the CP device 341 may include: UP device 342 receives route message 1 sent by CP device 341, which route message 1 is used to publish route 1. In this way, when the UP device 342 receives the protocol packet 1, and the destination address of the protocol packet 1 is the IP address 1, the UP device 342 may send the protocol packet 1 to the CP device 341 based on the route 1. However, if there is an abnormal device in the network, and the abnormal device configures the same IP address as the CP device 341, that is, the abnormal device configures IP address 1, then the UP device 342 also receives a routing message 2 sent by the abnormal device, where the routing message 2 carries the IP address 1 of the abnormal device and is used for issuing the route 2. Thus, two routes both pointing to IP address 1 exist in the network, when the UP device 342 receives the protocol packet 2, and the destination address of the protocol packet 2 is IP address 1, the UP device 342 performs routing, and once the routing priority of the route 2 is higher than that of the route 1, the UP device 342 sends the protocol packet 2 to the abnormal device based on the route 2. Thus, the existence of the abnormal device may cause a plurality of UP devices in the network with the centralized network architecture to send the protocol packet to be sent to the CP device 341 to the abnormal device, which may cause the plurality of UP devices to be separated from the control of the CP device 341, or cause the plurality of UP devices to fail to send the packet to other devices through the CP device 341, which may cause serious impact on the network.

The scene of the abnormal device includes but is not limited to: scenario one, at least one UP device in the network misconfigures the IP address of the CP device 341, for example, the scenario shown in fig. 4a, the UP device 345 configures the same IP address as the CP device 341: 192.168.100.100, respectively; scenario two, an attacking device appearing in the network spoofs the IP address of the CP341, the attacking source establishes a communication connection with at least one device in the network, for example, the scenario shown in fig. 4b, and the attacking device 350 configures the same IP address as the CP device 341: 192.168.100.100, and the attacking device 350 and the UP device 348 establish a communication connection, publish its own routes in the network through the UP device 348 to attack the network.

Based on this, an embodiment of the present application provides a routing processing method, in order to overcome an influence that an abnormal device brings to a central device, role identification information is carried in a routing message sent by the central device, where the role identification information is used to indicate a role of the central device in a network, so that a distributed device receiving the routing message can sense the role of the central device in the network, and set a routing priority of a route issued by the central device based on the role identification information, and even if the distributed device also receives a routing message sent by the abnormal device having the same IP address as the central device, the distributed device can also distinguish the routes issued by the abnormal device and the central device, so that when the distributed device sends a protocol packet whose destination address is the IP address of the central device, although there are two routes having the same routing prefix, the protocol packet can still be sent to the central device based on the route issued by the central device, the protocol message is not sent to the abnormal device, so that the distributed devices can be stably managed or controlled by the credible central device through the routing processing method, or the distributed devices can be stably communicated with the credible central device, the reliability of the network with the centralized network architecture is improved, and the network safety is realized.

For example, taking the network shown in fig. 4a as an example, in a specific implementation, the CP device 341 sends a routing message 1 to the UP device 342, where the routing message 1 carries role identification information 1, where the role identification information 1 is used to indicate that the role of the CP device 341 in the network is a CP device (that is, a central device in the network having the centralized network architecture), and the routing message 1 is used to issue a route 1; then UP device 342 determines route priority 1 for route 1 based on role identification information 1 in the received route message 1. Assume that the UP device 345 misconfigured the same IP address as the CP device 341: 192.168.100.100. then, the UP device 345 sends a routing message 2 to the UP device 342, where the routing message 2 does not carry role identification information 2, the role identification information 2 is used to indicate that the UP device 345 has the same role as the CP device 341 in the network, the routing message 2 is used to issue a route 2, and the route 2 and the route 1 have the same route prefix; then the UP device 342 determines a route priority of 2 for route 2, with route priority 2 being lower than route priority 1. Thus, when the destination address of the protocol packet 1 of the UP device 342 is 192.168.100.100, the UP device 342 selects the route 1 corresponding to the route priority 1 with the higher route priority based on the route priorities corresponding to the route 1 and the route 2 with the same route prefix, and sends the protocol packet 1 to the CP device 341 based on the route 1.

As can be seen, by carrying the role identification information 1 in the routing message 1 sent by the CP device 341, the UP device 342 receiving the routing message 1 can perceive the role of the CP device 341 in the network, so as to set the routing priority 1 of the routing 1 issued by the CP device 341 based on the role identification information 1, and even if an abnormal device configured with the same IP address as that of the CP device 341 exists in the network, the UP device 342 can distinguish the abnormal device from the routing issued by the CP device 341, so that each UP device can be stably managed or controlled by the CP device 341, or each UP device can stably communicate with the CP device 341, thereby improving the reliability of the CU separation network, and achieving network security.

It is to be understood that the above scenario is only one example of a scenario provided in the embodiment of the present application, and the embodiment of the present application is not limited to this scenario.

Next, referring to fig. 5, a route processing method 100 provided in the embodiment of the present application is described.

It should be noted that the routing processing method 100 provided in the embodiment of the present application may be applied to a network having a centralized network architecture, where the network may include at least one central device and a plurality of distributed devices, where the at least one central device and the plurality of distributed devices respectively establish communication connections. Specifically, the network having a centralized network architecture includes, but is not limited to: the networks shown in fig. 3a to 3 e. In the network shown in fig. 3a, the central device is a controller 301, and the distributed device performing routing processing may be any one of a forwarding device 302 to a forwarding device 307; in the network shown in fig. 3b, the central device is Hub 311, and the distributed device performing routing processing may be any one of Spine 312, Spine 313, and Spine 314; in the network shown in fig. 3c, when the central device is Spine 321, the distributed device performing routing processing may be any one of Leaf 323 and Leaf 324, and when the central device is Spine 322, the distributed device performing routing processing may be any one of Leaf 325 and Leaf 326; in the network shown in fig. 3d, the central device is VXLAN gateway 331, and the distributed device performing routing processing may be any one of endpoint device 332, endpoint device 333, and endpoint device 334; in the network shown in fig. 3e, the central device is a CP device 341, and the distributed device performing routing processing may be any one of the UP device 342 to the UP device 349.

Taking the attack device 350 that spoofs the IP address of the CP device 341 in the CU separation network shown in fig. 3e as an example, that is, taking the scenario shown in fig. 4b as an example, the routing processing method 100 provided in the embodiment of the present application is described. Fig. 5 is a signaling interaction diagram of a routing processing method 100 according to an embodiment of the present application. Referring to fig. 5, the method 100 may include, for example, the following S101 to S104:

s101, the CP device 341 obtains a routing message 1, where the routing message 1 carries a role identifier 1, the role identifier 1 is used to indicate a role of the CP device 341 in the network, the routing message 1 is used to issue a route 1, and the routing message 1 complies with a routing protocol 1.

In one case, route message 1 is generated by CP device 341, then route 1 may be the route to CP device 341. Alternatively, route message 1 may be a route to other devices that generated route message 1 if the other devices are forwarded to UP device 342 through CP device 341.

S102, CP device 341 sends routing message 1 to UP device 342.

S103, the UP device 342 receives the routing message 1 sent by the CP device 341.

Routing protocol 1 may include, but is not limited to: an Interior Gateway Protocol (IGP), an Exterior Gateway Protocol (EGP), or a Path Computation Element Protocol (PCEP). If the routing protocol 1 is IGP, the routing protocol 1 may be, for example: an Open Shortest Path First (OSPF) protocol, an Intermediate system to Intermediate system (ISIS), if a routing protocol 1 is an EGP, the routing protocol 1 may be, for example: border Gateway Protocol (BGP).

CP device 341 may add a new extended community attribute or a new Type Length Value (TLV) field in routing message 1, where the new extended community attribute or the new TLV field is used to carry role identification information 1, and for example, a Value of a Type field in the new extended community attribute or the new TLV field is used to indicate role identification information 1.

As an example, if the routing protocol 1 followed by the routing message 1 is BGP, the routing message 1 is a BGP message, and the BGP message may carry the role identification information 1 through the newly added extended community attribute or TLV field. Referring to the format of the extended community attribute or TLV field added in the routing message 1 shown in fig. 6a for carrying role identification information 1, the extended community attribute or TLV field at least includes: a Type field and a Length field, and one or more of the following information may be further included in the extended community attribute or TLV field: a flag bits Flags field, a Reserved field, an autonomous system Number AS Number field, a Router identification Router ID field, and an Optional field Optional Para.

As another example, if the routing protocol 1 followed by the routing message 1 is the ISIS protocol or the OSPF protocol, the routing message 1 is an ISIS protocol packet or an OSPF protocol packet, and the ISIS protocol packet or the OSPF protocol packet may carry the role identification information 1 through the newly added TLV field. Referring to the format of the TLV field added in the routing message 1 for carrying role identification information 1 shown in fig. 6b, the TLV field at least includes: a Type field and a Length field, and one or more of the following information may be further included in the extended community attribute or TLV field: flag field, Reserved field, Network identification (Network ID) field, Router identification (Router ID) field and Optional field Optional Para.

Fig. 6a and 6b are different in that: since the BGP packet shown in fig. 6a may span multiple ASs, an AS Number may be included in the newly added extended community attribute or the newly added TLV field shown in fig. 6a, and is used to indicate an AS to which a sender device that uses the BGP packet to issue a route belongs, and a receiver device may determine, based on the AS Number of the BGP packet, an AS to which the sender device belongs, and determine, based on the AS to which the receiver device belongs and the AS to which the sender device belongs, whether an AS-spanning condition exists; the ISIS protocol packet or the OSPF protocol packet shown in fig. 6b only relates to each Network entity in one AS, so the newly added TLV field shown in fig. 6b may include a Network ID for indicating a sender device that uses the ISIS protocol packet or the OSPF protocol packet to issue a route, and the receiver device may determine the sender device based on the Network ID in the ISIS protocol packet or the OSPF protocol packet.

In a specific embodiment, in the added extended community attribute or the added TLV field, the Type field may be used to carry role identification information 1. For example: in the format shown in fig. 6a, a Type field of 0x01 is defined to indicate that the CP device 341 has a central role in the network. Another example is: in the format shown in fig. 6b, a Type field of 0x169 is defined to indicate that the CP device 341 has a central role in the network.

In another specific embodiment, the role identification information 1 may also be carried by one or more bits included in a newly added extended community attribute or a newly added TLV field.

In some possible implementation manners, the routing message 1 may also carry priority association information, where the priority association information is used to instruct the receiving device to determine a corresponding routing priority for the route 1. The priority associated information may be carried, for example, by a newly added TLV field or a newly added extended community attribute.

In a specific implementation, the priority associated information includes one or more of the following information:

(1) and indication information 1, which is used for indicating that the route priority level 1 is configured to be higher than the route priority level of other routes issued by other devices through the routing protocol 1, and the route 1 and the other routes have the same route prefix. In this way, even if the routing message 2 issued by the attack device 350 conforms to the routing protocol 1, it is ensured that the CP device 341 has the highest priority in all routes issued using the routing protocol 1, thereby ensuring the control or transmission function of the CP device 341 on each UP device.

(2) Indication information 2 for indicating that the protocol priority of the routing protocol 1 in the multi-routing protocol routing needs to be modified, and indication information 3 for indicating that the protocol priority of the routing protocol 1 in the multi-routing protocol routing does not need to be modified. In one case, the indication information 2 and the indication information 3 may be carried by two different bits or two different sub-TLV fields in the added TLV field or the added extended community attribute. In another case, the indication information 2 and the indication information 3 may also be carried by a bit or a sub-TLV field in the newly added TLV field or the newly added extended community attribute, where two different values of the bit or the sub-TLV field are respectively used to embody the indication information 2 and the indication information 3, for example: when the Value of the Value field of the bit or the sub-TLV field is the first Value, it indicates that the bearer is indication information 2, which is used to indicate that the protocol priority of the routing protocol 1 in the routing between the multiple routing protocols needs to be modified; when the Value of the Value field of the bit or the sub-TLV field is the second Value, it indicates that the carried indication information 3 is used to indicate that the protocol priority of the routing protocol 1 in the multi-routing protocol routing does not need to be modified. Thus, when the routing message 1 includes the indication information 2, even if the attacking device 350 issues the routing protocol 2 to which the routing message 2 of the routing 2 complies, the protocol priority of the default routing protocol 2 is higher than the protocol priority of the routing protocol 1, and the receiving device may modify the protocol priority of the routing protocol 1 in the routing among the multiple routing protocols based on the indication of the indication information 2, so that the protocol priority of the routing protocol 1 is higher than the protocol priority of the routing protocol 2, and thus, it is ensured that the routing priority 1 is higher than the routing priority 2, thereby ensuring that the CP device 341 manages or controls the UP devices, or ensuring that the UP devices forward the packet to other devices through the CP device 341. For example: by default, the protocol priority of the ISIS protocol is lower than that of the OSPF protocol, and if the indication information 2 is included in the route message 1 complying with the ISIS protocol, the protocol priority of the ISIS protocol may be adjusted to be higher than that of the OSPF protocol, so that the route priority 1 of the route 1 issued by the ISIS protocol may be higher than that of the route issued by the OSPF protocol.

(3) The CP device 341 is configured to indicate that the CP device 341 is a standby device (when only the route issued by the central device carries the role identification information by default, the standby device may also be referred to as a standby core device or a standby central device), and the indication information 5 is configured to indicate that the CP device 341 is an active device (when only the route issued by the central device carries the role identification information by default, the active device may also be referred to as a primary core device or a primary central device). In one case, the indication information 4 and the indication information 5 may be carried by two different bits or two different sub-TLV fields in the added TLV field or the added extended community attribute. In another case, the indication information 4 and the indication information 6 may also be carried by a bit or a sub-TLV field in the newly added TLV field or the newly added extended community attribute, where two different values of the bit or the sub-TLV field are respectively used to embody the indication information 4 and the indication information 5, for example: when the Value of the Value field of the bit or the sub-TLV field is the third Value, it indicates that the bearer is indication information 4, which is used to indicate that the sender device is a standby device; when the Value of the Value field of the bit or the sub-TLV field is the fourth Value, it indicates that the carried indication information 5 is used to indicate that the sender device is the active device. Therefore, when a centralized network architecture of a plurality of CP devices appears, the more detailed roles of the CP devices in the network can be effectively identified. The related description can be referred to the related description in the scenario shown in fig. 8 below.

(4) And indication information 6 for indicating the UP device 342 to authenticate the CP device 341. In this way, by authenticating the device claiming to be the CP device, the trusted CP device 341 can be identified more securely, thereby ensuring the security of the network. The description can be found in relation to the description shown in fig. 9a and 9b below.

(5) And indication information 7 for indicating the route attribute information in the route message 1. The instruction information 7 is a data basis for specifying the route priority 1 of the route 1 in S102 described below. The description can be found in relation to the description shown in fig. 7b below.

In addition, the routing message 1 may also carry device association information, where the device association information is used to indicate device-related information of the sender device. The device association information may be carried, for example, by a newly added TLV field or a newly added extended community attribute.

In a specific implementation, the device association information includes one or more of the following items of information:

(1) indication information 8 for indicating the autonomous system in which the CP device 341 is located, and indication information 9 for indicating a network entity inside the autonomous system in which the CP device 341 is located. The indication information 8 may be, for example, the AS Number of the AS in which the CP device 341 is located, and the indication information 9 may be, for example, the Network ID inside the AS in which the CP device 341 is located. For example: if the routing message 1 is a BGP message, the BGP message may relate to an AS-spanning condition, so that the routing message 1 may include indication information 8 for notifying the receiving device of the AS to which the CP device 341 belongs; another example is: the routing message 1 is an ISIS protocol packet or an OSPF protocol packet, and since the ISIS protocol packet or the OSPF protocol packet only relates to one AS, the routing message 1 may include indication information 9 for informing the receiving device of which network entity the CP device 341 is specifically.

(2) The indication information 10 is used to indicate a device identifier of the CP device 341, where the device identifier is used to uniquely identify the CP device 341, for example, the indication information 10 may be, for example, a Router ID of the CP device 341. The indication information 10 may carry any information that needs to be used in the subsequent extension, and no attention and relevant explanation are given in the embodiment of the present application.

As an example, the added TLV field or extended community attribute for carrying at least one of the indication information may be a TLV field or an extended community attribute for carrying role identification information, that is, by adding an extended community attribute or TLV field, at least one of role identification information 1 and the indication information is carried. For example, a TLV field 1 is newly added in the routing message 1, a Type field of the TLV field 1 is used for carrying the role identification information 1, and a Value field of the TLV field 1 is used for carrying at least one indication information of the indication information.

As another example, the added TLV field or the extended community attribute for carrying at least one of the indication information may not be the TLV field or the extended community attribute for carrying role identification information, that is, the added extended community attribute 1 or TLV field 1 is used for carrying role identification information 1, and the added extended community attribute 2 or TLV field 2 is used for carrying at least one of the indication information. It should be noted that, if two different extended community attributes or TLV fields are added to carry role identification information and indication information, respectively, in a specific embodiment, the two added extended community attributes or TLV fields may be associated, so as to ensure that the receiving device associates the role identification information and the indication information, and thus the routing processing method is more reliable. The method for associating the two newly added extended community attributes or TLV fields includes, but is not limited to: the first method is as follows: adding an identification field in the newly added extended community attribute 1 (or TLV field 1), wherein the value of the identification field is used for indicating to read the newly added extended community attribute 2 (or TLV field 2); the second method comprises the following steps: an identification field is added in the routing message 1, and the value of the identification field is used for indicating that the newly added extended community attribute 1 (or TLV field 1) and the newly added extended community attribute 2 (or TLV field 2) have an association relationship.

The role identification information 1 and the indication information are carried by the same newly added extended community attribute or TLV. As an example, the indication information 1 to the indication information 6 may be carried in a Flags field in the format shown in fig. 6a or fig. 6b, the format of the Flags field is shown in fig. 7a, and the Flags field may include at least 4 bits: p bits, R bits, S bits, and B bits. For example: the value of the P bit corresponds to indication information 1, and when the P bit is 1, it indicates that the route priority 1 is configured to be higher than the priority of other routes issued by the routing protocol 1; when the P bit is 0, it indicates that the route priority 1 of the route 1 does not need to be configured. For example: the value of the R bit corresponds to the indication information 2 and the indication information 3, when the R bit is equal to 1, the R bit corresponds to the indication information 2, and the protocol priority of the routing protocol 1 in the multi-routing protocol routing needs to be modified; when the P bit is 0, the indication information 3 is corresponding to indicate that the protocol priority of the routing protocol 1 in the multi-routing protocol routing does not need to be modified. For example: the value of the B bit corresponds to indication information 4 and indication information 5, and when the B bit is 1, the value corresponds to indication information 4, indicating that the CP device 341 is a standby device; when the B bit is 0, the CP device 341 is indicated as the active device corresponding to the indication information 5. For example: the value of the S bit corresponds to indication information 6, and when the S bit is 1, corresponds to indication information 6, which indicates that the CP device 341 is authenticated; when the S bit is 0, it indicates that the indication information 6 is invalid, and indicates that the CP device 341 is not authenticated. It should be noted that bits included in the Flags field can be flexibly set according to actual scene requirements, such as: any one or more of a P bit, an R bit, an S bit, and a B bit may be set in the Flags field, as another example: other bits may also be set in the Reserved field of the Flags field according to the actual scene requirement to implement other indication functions, which is not specifically limited in the embodiment of the present application.

As an example, the indication information 7 may be carried in an Optional Para in the format shown in fig. 6a or fig. 6b, where the format of the Optional Para is shown in fig. 7b, and may be, for example, a new sub-TLV added in the format shown in fig. 6a or fig. 6b, where a Priority Type field of the sub-TLV is used to carry a Type of the routing attribute information according to which the routing Priority 1 is configured, for example: the Priority Type field may carry one or more of the following parameter types: link overhead, Local _ prediction, route source or Multi-egress identifier (MED for short); the Priority Data field of the sub-TLV (i.e., Value of the sub-TLV) is used to carry specific values of the routing attribute information, for example: when the Priority Type field carries an MED, the Priority Data may be an offset of the MED (e.g., 100). Therefore, the role identification information 1 and the routing attribute information for configuring the routing priority are carried in the same TLV field or the extended community attribute, so that the role identification information 1 and the routing attribute information can be ensured to reach the receiving party equipment strictly and synchronously without respectively maintaining a state machine, and the routing processing method is simpler and more reliable.

For S101 to S103, the role identification information 1 is used to indicate that the role of the CP device 341 in the network is a central device.

In addition, in the scenario shown in fig. 8, it is assumed that the CU separation network further includes a CP device 341 ' in addition to the devices shown in fig. 4b, and the CP device 341 ' is also connected to each UP device, so that the CP device 341 and the CP device 341 ' in the network may both be active devices, or one may be an active device and the other is a standby device. In this case, the UP device 342 may also receive a routing message 3 sent by the CP device 341 ', where the routing message 3 carries role identification information 3, the role identification information 3 is used to indicate the role of the CP device 341' in the network, and the routing message 3 is used to publish the routing 3.

If the CP device 341 and the CP device 341 'are both active devices, the role identification information 1 or the indication information 5 in the routing message 1 is further used to indicate that the role of the CP device 341 in the network is the main center device, and the role identification information 3 or the indication information 5 in the routing message 3 is used to indicate that the role of the CP device 341' in the network is the main center device. In this case, the data packet sent by the UP device 342 is subjected to load sharing by the CP device 341 and the CP device 341'.

If the CP device 341 is a master device and the CP device 341 'is a standby device, the role identification information 1 or the indication information 5 in the routing message 1 is further used to indicate that the role of the CP device 341 in the network is a master center device, and the role identification information 3 or the indication information 4 in the routing message 3 is used to indicate that the role of the CP device 341' in the network is a standby center device; or, the role identification information 1 or the indication information 4 in the routing message 1 is further used to indicate that the role of the CP device 341 in the network is the backup center device, and the role identification information 5 or the indication information 3 in the routing message 3 is used to indicate that the role of the CP device 341' in the network is the main center device. In this case, the data packet sent by the UP device 342 is forwarded by the main center device, and is switched to the standby center device when the main center device fails, and the standby center device forwards the data packet.

In one specific embodiment, to ensure that the device sending the routing message 1 is secure and trusted, before S104, the method 100 may further include: s104a, the UP device 342 authenticates the CP device 341. Wherein, S104a may refer to, for example: the UP device 342 authenticates the CP device 341 based on the role identification information 1; alternatively, S104a may also refer to: the UP device 342 authenticates the CP device 341 based on the indication information 6. The UP device 342 performs authentication on the CP device 341 based on the role identification information 1 or the indication information 6, which means that the UP device 342 determines that the CP device 341 needs to be authenticated based on the role identification information 1 or the indication information 6.

As an example, the routing message 1 may carry a digital signature obtained by a trusted signing system signing a target field of the routing message 1, where the target field may contain part or all of the content of the routing message 1. Then, for example, see fig. 9a for S104a, including: s11, the UP device 342 determines that the CP device 341 needs to be authenticated based on the role identification information 1 or the indication information 6 in the routing message 1; s12, the UP device 342 verifies the digital signature using public key 1; s13, after the digital signature verification passes, the UP device 342 determines that the CP device 341 is the central device whose identity is legal. In this example, in order to further improve the security of the routing processing method, the routing message 1 may further carry a public key 1 corresponding to a private key 1 for signing a target field, and the UP device 342 locally stores a baseline value 1, where the baseline value 1 corresponds to the public key 1, for example: the baseline value of 1 may be public key 1 or a hash value a of public key 1. Then, between S11 and S12 of S104a, the method may further include: the UP device 342 verifies the public key 1 in the routing message 1 based on the locally stored baseline value 1, and after the verification is passed, the UP device 342 can use the verified public key 1 to verify the digital signature.

As another example, the routing message 1 may also carry a hash check value 1, where the hash check value 1 is a hash value obtained by performing a hash operation on a destination field of the routing message 1, and the destination field may contain part or all of the content of the routing message 1. Then, for example, see fig. 9b with respect to S104a, including: s21, the UP device 342 determines that the CP device 341 needs to be authenticated based on the role identification information 1 or the indication information 6 in the routing message 1; s22, the UP device 342 performs hash operation on the target field of the routing message 1 to obtain a hash value 2; s23, if the hash value 2 is the same as the hash check value 1, the UP device 342 determines that the CP device 341 is the center device whose identity is legal.

In S11 and S21 of the above example, the UP device 342 determines that the CP device 341 needs to be authenticated based on the role identification information 1 in the routing message 1, and may be: the UP device 342 determines that the CP device 341 is a central device based on the role identification information 1, and the UP device 342 is locally configured with a policy: if the central device in the network is authenticated, then, when the UP device 342 receives the routing message 1 carrying the role identification information 1 and the role identification information 1 indicates that the sender device CP device 341 is the central device, the UP device 342 determines that the CP device 341 needs to be authenticated.

S104, the UP device 342 determines the routing priority 1 of the route 1 according to the role identification information 1.

In one possible implementation, S104 may include: first, the UP device 342 determines the role of the CP device 341 in the network based on the role identification information 1; the UP device 342 then determines the route priority 1 for route 1 based on the priority association information. Wherein, the priority associated information includes but is not limited to: the instruction information 1, the instruction information 2 or the instruction information 3, and the relevant description of the instruction information 1 to the instruction information 3 refers to the relevant content of the priority related information.

In another possible implementation manner, S104 may also include: first, the UP device 342 may determine the role of the CP device 341 in the network based on role identification information 1; next, the UP device 342 determines a routing priority 1 based on a correspondence between a local preset policy and a role of the CP device 341 in the network. The UP device 342 may include, for example: a correspondence 1 between the central device and the local preset policy 1, a correspondence 2 between the main central device and the local preset policy 2, and a correspondence 3 between the standby central device and the local preset policy 3, then, the UP device 342 determines the routing priority 1 based on the correspondence between the local preset policy and the role of the CP device 341 in the network, which may include, for example: the UP device 342 determines that the local preconfigured policy 1 corresponds to the central device based on the 3-group correspondence between the local preset policy and the role of the CP device 341 in the network; UP device 342 determines a routing priority of 1 based on locally preconfigured policy 1. The specific content of the locally preconfigured policy may refer to the related content of the priority association information, that is, the locally preconfigured policy includes: the routing priority 1 is configured to be higher than the routing priority of other routes issued by other devices through the routing protocol 1, or the protocol priority of the routing protocol 1 in the multi-routing inter-protocol routing is modified to be higher than the protocol priority, or the protocol priority of the routing protocol 1 in the multi-routing inter-protocol routing is not modified. In this implementation, the routing message 1 does not need to carry the indication information 1, the indication information 2, and the indication information 3, and the corresponding content is configured locally to the UP device 342 in the form of a preconfigured policy, which can save network resources consumed by transmitting the routing message 1.

In a specific implementation, S104 may include, for example: the UP device 342 determines route attribute information according to the role of the CP device 341 in the network indicated by the role identification information 1, and determines a route priority 1 based on the route attribute information. Wherein, the routing attribute information may be obtained by the UP device 342 from the routing message 1, for example, obtaining the routing attribute information from the indication information 7 of the routing message 1. Alternatively, the routing attribute information may also be locally configured by the UP device 342, such as: the UP device 342 configures a correspondence between the route attribute information and the role of the device in the network, and acquires the route attribute information corresponding to the determined role from the correspondence.

Regarding the manner of determining the route priority 1 in S104, in one case, upon receiving the route message 1, the UP device 342 determines the route priority 1 based on the route attribute information and the role identification information 1. In another case, after receiving the routing message 1, the UP device 342 determines a routing priority 1 'for the route 1, and when the UP device 342 receives the route 2 having the same routing prefix as the route 1 again, it determines the routing attribute information that can make the routing priority of the route 1 higher by comparing with the routing attribute information of the route 2, and adjusts the routing priority of the route 1 from the routing priority 1' to the routing priority 1 based on the determined routing attribute information.

For the BGP protocol, the route attribute information includes, but is not limited to, one or more of the following parameters: local _ reference, Origin, and MED. Wherein, the values of Local _ prediction and MED are both larger than 1, and the values of Origin are 0, 1 and 2. Under the condition that other parameters are the same, the larger the Local _ prediction is, the higher the corresponding routing priority is; under the condition that other parameters are the same, the smaller the MED is, the higher the corresponding routing priority is; under the condition that other parameters are the same, the larger the Origin is, the higher the corresponding routing priority is.

If the routing attribute information includes a parameter (e.g., MED), the UP device 342 determines, based on the routing attribute information, the routing priority 1 to be: the UP device 342 determines a routing priority of 1 based on the unique parameter.

If the routing attribute information includes multiple parameters, the UP device 342 determines, based on the routing attribute information, that the routing priority 1 specifically is: UP device 342 determines a routing priority of 1 based on all or a portion of the plurality of parameters included in the routing attribute information. The parameters may be carried in a plurality of sub-TLVs in the newly added extended community attribute or TLV field, respectively.

Assuming that the routing attribute information carried in the BGP-compliant routing message 1 is MED, in one case, in order to be attacked with the lowest possible probability in the case that no other routing attribute information is included or the other routing attribute information is the same, the MED value in the indication information 5 of the routing message 1 sent by the CP device 341 may be set as small as possible, for example: set to 50, then if the MED carried in the routing message sent by the attacking device 350 is 150, it may be determined based thereon that the routing priority 1 of the CP device 341 is higher than the routing priority 2 of the attacking device 350. Or, in another case, if the MED in the routing message 1 is 200 and the routing message 1 is also used to indicate that, when a route 2 having the same routing prefix as the route 1 appears, the routing priority of route 1 is adjusted based on the routing priority 2 of route 2, in this case, the UP device 342 determines a lower routing priority 1 ' for the CP device 341 based on the routing message 1, and when the MED of the attacking device is 150, the routing priority 2 of the attacking device 350 is higher than the routing priority 1 ', and at this time, the value of the MED may be adjusted to be less than 150, for example, to be 100, and the routing priority 1 ' may be adjusted to be routing priority 1, and the routing priority 1 is higher than the routing priority 2 according to the indication of the routing message 1 sent by the CP device 341.

Another example is: for the ISIS protocol, since the primary routing basis is link cost, then the route attribute information includes link cost. In the shortest path algorithm, when no other route attribute information is included or the included other route attribute information is the same, the smaller the link cost is, the higher the corresponding route priority is.

As can be seen, according to the method 100 provided in this embodiment of the present application, role identification information is carried in a routing message sent by a central device, where the role identification information is used to indicate a role of the central device in a network, so that a distributed device that receives the routing message can sense the role of the central device in the network, and a routing priority of a route issued by the central device is set based on the role identification information, so that a network with a centralized network architecture that includes each distributed device and at least one central device can stably operate, reliability of the network with the centralized network architecture is improved, and network security is achieved.

In some possible implementations, as shown in fig. 5, the method 100 may further include the following S105 to S107:

s105, the UP device 342 receives the routing message 2 sent by the attack device 350, where the IP address of the attack device 350 is the same as the IP address of the CP device 341, the routing message 2 is used to issue the route 2, and the route 1 and the route 2 have the same routing prefix.

S106, the UP device 342 determines that the roles of the attack device 350 and the UP device 342 in the network are different according to the routing message 2.

S107, the UP device 342 determines the route priority 2 of the route 2, and the route priority 2 is different from the route priority 1.

In a specific embodiment, if the routing message 2 does not carry role identification information, and since the routing message 1 carries role identification information 1, the UP device 342 may determine that sender devices of two routing messages belong to different roles in the network, so as to determine different routing priorities for routes corresponding to the two sender devices, for example: UP device 342 determines route priority 2 for route 2, where route priority 2 is lower than route priority 1.

In another specific embodiment, if the routing message 2 carries role identification information 2, and the role identification information 2 is used to indicate that the role of the attacking device 350 in the network is a distributed device, and the role identification information 1 is used to indicate that the role of the CP device 341 in the network is a central device, the UP device 342 may determine that the sender devices of the two routing messages belong to different roles in the network, so as to determine different routing priorities for the routes corresponding to the two sender devices, specifically: UP device 342 determines that route priority 2 of route 2 is lower than route priority 1 of route 1.

In another specific embodiment, if the routing message 2 carries the role identification information 2, but the role identification information 2 is used to indicate that the role of the attacking device 350 in the network is the same as the role of the CP device 341 in the network, in order to ensure network security, it may be determined that the CP device 341 passes the identity authentication and the attacking device 350 cannot pass the identity authentication in the manner shown in fig. 9a or fig. 9b, so as to determine that the routing priority 1 is higher than the routing priority 2, thereby effectively defending against the attack and enabling the network to operate safely.

It should be noted that, in order to achieve the purpose of attacking the network, the attacking device 350 may access the network through any one UP device in the network, and the route of the attacking device 350 may be flooded in the network, thereby forming a great hidden danger to the network security.

Generally, the attacking device 350 can only spoof the IP address of the CP device 341, but does not carry role identification information in its routing message 2, so that the UP device 342 receives two routing messages, which are used to issue routes with the same routing prefix, and can also perceive which device is the CP device 341 and which device is the attacking device 350 based on whether the two routing messages carry role identification information, so that the UP device 342 can determine a higher routing priority 1 for the route 1 issued by the routing message 1 sent by the CP device 341, and determine a routing priority 2 lower than the routing priority 1 for the route 2 issued by the routing message 2 sent by the attacking device 350, thereby providing a reliable data base for the normal operation of the subsequent network. Furthermore, if the attacking device 350 not only spoofs the IP address of the CP device 341, but also carries role identification information 2 in its routing message 2, then the manner in which the UP device 342 distinguishes the CP device 341 from the attacking device 350 includes, but is not limited to: in the first mode, based on the difference of role identification information carried in two routing messages, the CP device 341 and the attack device 350 are perceived, and in the second mode, the CP device 341 and the attack device 350 are distinguished through an identity verification mode, so that the UP device 342 determines a routing priority 2 lower than the routing priority 1 for a routing 2 issued by a routing message 2 sent by the attack device 350, and provides a reliable data base for the subsequent normal operation of the network.

As an example, if routing message 2 also complies with routing protocol 1, S104 may specifically include: UP device 342 configures route priority 1 to be higher than route priority 2; alternatively, S107 may include, for example: UP device 342 configures route priority 2 to be lower than route priority 1.

As another example, if routing message 2 complies with routing protocol 2, S107 may comprise, for example: UP device 342 determines routing priority 2 based on the protocol priority of routing protocol 2, where the protocol priority of routing protocol 2 is lower than the protocol priority of routing protocol 1. For example: the routing protocol 1 is an ISIS protocol, the routing protocol 2 is an OSPF protocol, and before executing S107 and S104, the protocol priority based on the ISIS protocol is lower than the protocol priority based on the OSPF protocol by default, so the protocol priority of the ISIS protocol may be set higher than the protocol priority of the OSPF protocol in S104, or the protocol priority of the OSPF protocol may be set lower than the protocol priority of the ISIS protocol in S107.

The execution of S101 to S104 and S105 to S107 is not limited to a sequential order, and may be executed sequentially or simultaneously.

In a specific embodiment, if the UP device 342 receives the route message 1 and the route message 2, where the route message 1 and the route message 2 are used to issue the route 1 and the route 2, respectively, and the route 1 and the route 2 have the same route prefix, the route message includes role identification information 1, the role identification information 1 is used to indicate that the CP device 341 is a central device, and the route message 2 does not include the role identification information, then the UP device 342 may determine that the route 2 is an illegal route based on the route message 2 that does not carry the role identification information, so as to not store the route 2, and save resources of the UP device 342. In one case, the UP device 342 does not save the route 2, which may refer to: when the UP device 342 receives the route message 1 first, or receives the route message 1 and the route message 2 at the same time, it determines that the route 2 is an illegal route, and does not locally store the route 2; in another case, the UP device 342 does not save the route 2, and may also refer to: when the UP device 342 receives the route message 2 first, the route 2 is saved, and when the route message 1 carrying the role identification information 1 is received later, the route 2 is determined to be an illegal route, the route table entry corresponding to the locally saved route 2 is deleted or set to be in an invalid state, and the route 2 is cancelled.

As can be seen, the method 100 provided in this embodiment of the present application carries role identification information in a routing message sent by a central device, where the role identification information is used to indicate a role of the central device in a network, enabling the distributed device receiving the routing message to sense the role of the central device in the network, setting the routing priority of the route issued by the central device based on the role identification information, even if the distributed device also receives a routing message sent by an abnormal device having the same IP address as the central device, the distributed device can distinguish the route issued by the abnormal device from the route issued by the central device, therefore, the routing priority corresponding to the central equipment is set to be higher than the routing priority corresponding to the abnormal equipment, and the subsequent distributed equipment can send the protocol message to the central equipment based on the route issued by the central equipment.

In other possible implementation manners, if the network device determines an illegal route 2 from two routes 1 and 2 having the same route prefix, and only stores the legal route 1, when the UP device 342 acquires the packet with the destination address being the IP address of the CP device 341, the UP device 342 may directly send the packet to the CP device 341 based on the legal route 1. If two routes 1 and 2 with the same routing prefix are stored in the network device, as shown in fig. 5, the method 100 may further include S108 to S109:

s108, the UP device 342 obtains the message 1, and the destination address of the message 1 is the IP address of the CP device 341.

S109, the UP device 342 sends the packet 1 to the CP device 341 based on the route 1.

It should be noted that, through the above S101 to S107, the UP device 342 has two routes 1 and 2 with the same route prefix, and since the routing message 1 sent by the CP device 341 carries the role identification information 1, the UP device 342 can sense the CP device 341 and distinguish the CP device 341 from the abnormal device 350, so that the UP device 342 can normally send the protocol packet to the CP device 341, and the network operates normally.

In specific implementation, when the UP device 342 acquires the packet 1 whose destination address is the IP address of the CP device 341, the UP device 342 needs to select a route, and send the packet 1 based on a route with a higher route priority, for example, the UP device may determine the route priority 1 with a higher route priority, and send the packet 1 to the CP device 341 based on the route 1 corresponding to the route priority 1.

It can be seen that, in the method 100 provided in this embodiment of the present application, role identification information is carried in a routing message sent by a central device, where the role identification information is used to indicate a role of the central device in a network, so that a distributed device receiving the routing message can sense the role of the central device in the network, and set a routing priority of a route issued by the central device based on the role identification information, and even if the distributed device also receives a routing message sent by an abnormal device having the same IP address as the central device, the distributed device can distinguish routes issued by the abnormal device and the central device, and overcome an influence brought by the abnormal device on the central device, so that when the distributed device sends a protocol packet whose destination address is the IP address of the central device, although there are two routes having the same routing prefix, the protocol packet can still be sent to the central device based on the route issued by the central device, without sending the protocol message to the abnormal device. Therefore, the network can stably operate, the reliability of the network with the centralized network architecture is improved, and the network safety is realized.

Fig. 10 is a flowchart illustrating a routing processing method 200 in an embodiment of the present application, where the method 200 is implemented by a first device, and the routing processing method 200 may include, for example:

s201, a first device receives a first routing message sent by a second device, where the first routing message carries first role identification information, the first role identification information is used to indicate a role of the second device in a network, the first routing message is used to issue a first route, and the first routing message complies with a first routing protocol;

s202, the first device determines a first route priority of the first route according to the first corner identification information.

Taking the network as the CU separation network as an example, the specific implementation manner and the achieved effect in the method 200 can be seen from the related description in the method 100. The first device in the method 200 may specifically be the UP device 342 in the method 100, and the operation performed by the first device may specifically refer to the operation performed by the UP device 342 in the method 100, and specifically, the relevant descriptions of S201 and S202 may refer to S103 and S104 in the method 100, respectively. Wherein, the second device may be the CP device 341 in the method 100, the first routing message may be the routing message 1 in the method 100, the first role identification information may be the role identification information 1 in the method 100, the first routing may be the routing 1 in the method 100, the first routing protocol may be the routing protocol 1 in the method 100, and the first routing priority may be the routing priority 1 in the method 100.

In some possible implementations, the first routing message may also carry priority association information, which is used to determine the first routing priority. Wherein the priority associated information comprises one or more of the following information: first indication information, configured to indicate that the first route priority is configured to be higher than route priorities of other routes issued by other devices through the first routing protocol, where the first route and the other routes have the same route prefix; second indication information, which is used for indicating that the first device needs to modify the protocol priority of the first routing protocol in the routing among the multiple routing protocols; third indication information, configured to indicate that the first device does not need to modify the protocol priority of the first routing protocol in the inter-routing of the multiple routing protocols; fourth indication information, configured to indicate that the second device is a standby device; the fifth indication information is used for indicating that the second equipment is the main equipment; sixth indication information, configured to instruct the first device to perform authentication on the second device; seventh indication information, configured to indicate the route attribute information in the first route message. For the relevant description of the first to seventh indication information, reference may be made to the corresponding description of indication information 1 to indication information 7 in method 100. It should be noted that the priority association information may be carried in an extended community attribute added to the first routing message or a type length value TLV field added to the first routing message.

In addition, the first routing message may also carry one or more of the following items of information: eighth indication information, configured to indicate an autonomous system in which the second device is located; ninth indication information, configured to indicate a network entity within the autonomous system where the second device is located; tenth indication information, configured to indicate a device identifier of the second device, where the device identifier is used to uniquely identify the second device. For the relevant description of the eighth to tenth indication information, reference may be made to the corresponding description of indication information 8 to indication information 10 in method 100. It should be noted that the eighth to tenth indication information may be carried in an extended community attribute or a type length value TLV field added to the first routing message.

In some specific implementations, the method 200 may further include: the first device receives a second routing message sent by a third device, wherein the second routing message carries second role identification information, the second role identification information is used for indicating that the role of the third device in the network is a standby center device, and the second routing message is used for issuing a second route; and the first equipment determines the second routing priority of the second route according to the second role identification information. In this case, the data packet sent by the first device is forwarded through the main central device, and is switched to the standby central device when the main central device fails, and the standby central device forwards the data packet. Or, the second device and the third device may be both standby center devices, and then, the first role identification information or the fifth indication information in the first routing message is further used to indicate that the role of the second device in the network is a standby center device, in this case, the data packet sent by the first device is forwarded through the main center device, and is switched to the second device or the third device when the main center device fails, and the second device or the third device serves as the standby center device to forward the data packet; or, the data message is switched to the second device and the third device, and the second device and the third device are used as standby center devices to share the load of the data message. Or, the second device and the third device may both be the main central device, then, the first role identification information or the fifth indication information in the first routing message is further used to indicate that the role of the second device in the network is the main central device, and the second role identification information or the fifth indication information in the second routing message is further used to indicate that the role of the third device in the network is the main central device, in this case, the data packet sent by the first device is load-shared by the second device and the third device.

To increase security, before S202, the method 200 may further include: and the first equipment carries out identity verification on the second equipment. The authentication of the second device by the first device may include: and the first equipment carries out the identity verification on the second equipment according to the first role identification information. In one case, the first device performs the identity authentication on the second device according to the first role identification information, which may mean that the first device determines a role of the second device in the network based on the first role identification, and a policy locally configured by the first device requires the identity authentication on the device in the role, so that the first device determines that the identity authentication needs to be performed on the second device. In another case, the first device performs the identity authentication on the second device according to the first role identification information, which may also refer to that the first device determines the role of the second device in the network based on the first role identification, and in a newly added TLV field (or extended community attribute) used for carrying the first role identification information in the first routing message, sixth indication information is also carried, where the sixth indication information is used for indicating the first device to perform the identity authentication on the second device, so that the first device determines that the identity authentication needs to be performed on the second device.

As an example, if the first routing message also carries a digital signature, the authenticating, by the first device, of the second device may include, for example: and the first equipment carries out identity verification on the second equipment according to the digital signature. It should be noted that, in this case, the process of authenticating the second device by the first device may refer to the related description of the embodiment shown in fig. 9 a.

As another example, if the first routing message carries a first hash check value, the authenticating, by the first device, the second device may include, for example: and the first equipment carries out the identity authentication on the second equipment according to the first hash check value. It should be noted that, in this case, the process of authenticating the second device by the first device may refer to the related description of the embodiment shown in fig. 9 b.

For S202, some possible implementations may include, for example: the first device determines the role of the second device in the network based on the first role identification information; and the first equipment determines the first routing priority based on the corresponding relation between a local preset strategy and the role of the second equipment in the network. Therefore, the first routing message does not need to carry routing attribute information, the first device can determine the priority of the first routing based on the preset strategy corresponding to the role of the second device in the local preset strategy, the message space and the network transmission resource of the first routing message are saved to a certain extent, and the routing processing efficiency is improved. In other possible implementations, if the seventh indication information is carried in the first routing message, S202 may include: the first device determines the first routing priority based on the first corner identification information and the seventh indication information. The seventh indication information is routing attribute information carried in the first routing message, and the first routing message may carry the routing attribute information through a newly added extended community attribute or a newly added TLV field. The route attribute information includes one or more of the following parameters: link overhead, Local _ priority, route source Origin, and multi-egress identification MED. For example, for the BGP protocol, the routing attribute information includes, but is not limited to, one or more of the following parameters: local _ prediction, Origin and MED; as another example, for the ISIS protocol, the routing attribute information includes, but is not limited to, link cost. Therefore, the first routing message needs to carry routing attribute information, the first device can determine the first routing priority of the first route based on the first corner identification information and the routing attribute information, the first device does not need to perform local configuration, and the storage space on the first device is saved to a certain extent.

In some possible implementations, the method 200 may further include: the method comprises the steps that a first device receives a third routing message of a fourth device, the IP address of the fourth device is the same as that of a second device, the third routing message is used for issuing a third route, and the first route and the third route have the same routing prefix; the first device determines that roles of the fourth device and the second device in the network are different according to the third routing message; the first device determines a third routing priority for the third route, the third routing priority being different from the first routing priority. Wherein the third routing priority may be lower than the first routing priority. As an example, if the third routing message complies with the first routing protocol, i.e. a routing message for issuing two routes having the same routing prefix complies with the same routing protocol, the receiver device determines different routing priorities for the two routes if the roles of the two sender devices in the network are different. As another example, if the third routing message conforms to the second routing protocol, i.e., if the routing messages for issuing two routes having the same routing prefix conform to different routing protocols, the manner in which the receiver device determines different routing priorities for the two routes may include: the protocol priorities of the two routing protocols are set to be different, for example, the protocol priority of the first routing protocol is higher than the protocol priority of the second routing protocol. It should be noted that the fourth device in this embodiment may be the attack device 350 in the method 100, the third routing message may be the routing message 2 in the method 100, the third routing may be the routing 2 in the method 100, and the third routing priority may be the routing priority 2 in the method 100. For the description of this embodiment, reference may be made to the corresponding descriptions of S105 to S107 in the method 100.

In other possible implementations, the method 200 may further include: the first device receives a fourth routing message of a fifth device, the IP address of the fifth device is the same as the IP address of the second device, the fourth routing message is used for issuing a fourth route, and the first route and the fourth route have the same routing prefix; the first device determines that the fourth route is an illegal route; the first device does not save the fourth route. The first device may determine, based on the fourth routing message that does not carry the role identification message, that the fourth route issued by the fourth routing message is an illegal route, so that the fourth route is not saved, thereby saving resources of the first device. In one case, the first device does not store the fourth route, which may refer to: when the first device receives the first routing message first, or receives the first routing message and the fourth routing message simultaneously, determining that the fourth routing is an illegal routing, and not storing the fourth routing locally; in another case, the first device does not store the fourth route, which may also refer to: when the first device receives the fourth routing message first, the fourth routing is saved, when the first routing message carrying the first role identification information is received subsequently, the fourth routing is determined to be an illegal routing, a routing table entry corresponding to the locally saved fourth routing is deleted or set to be in an invalid state, and the fourth routing is cancelled.

As an example, the method 200 may further include: a first device acquires a first message, wherein the destination address of the first message is the IP address of a second device; and the first equipment sends the first message to the second equipment based on the first route. The first message may be a protocol message. It should be noted that the first message in this embodiment may be the message 1 in the method 100, and for the relevant description of this embodiment, reference may be made to corresponding descriptions of S108 to S109 in the method 100.

It can be seen that, in the method 200 provided in this embodiment of the present application, first role identification information is carried in a first routing message sent by a second device, where the first role identification information is used to indicate a role of the second device in a network, so that a first device receiving the first routing message can perceive the role of the second device in the network, and set a routing priority of the first route issued by the second device based on the first role identification information, even if the first device also receives a routing message sent by an abnormal device having the same IP address as the second device, the first device can distinguish between routes issued by the abnormal device and the second device, and overcome an influence that the abnormal device brings to the second device, so that when the second device sends a protocol packet whose destination address is the IP address of the second device, although there are two routes with the same routing prefix on the first device, the protocol packet can still be sent to the second device based on the first route issued by the second device without sending the protocol packet to the abnormal device. Therefore, the network can stably operate, the reliability of the network with the centralized network architecture is improved, and the network safety is realized.

It should be noted that, in the embodiment of the present application, the method 200, the specific implementation manner, and the obtained effect may be referred to the related description of the method 100 shown in fig. 5.

Fig. 11 shows a flowchart of a routing processing method 300 in an embodiment of the present application, where the method 300 is implemented by a second device, and the routing processing method 300 may include, for example:

s301, a second device generates a first routing message, wherein the first routing message carries first role identification information, and the first role identification information is used for indicating a role of the second device in a network;

s302, the second device sends the first routing message to the first device, the first routing message is used for issuing a first route, and the first routing message complies with a first routing protocol.

The specific implementation manner and the achieved effect of the method 300 can be referred to the related descriptions of the method 100 and the method 200. The second device in the method 300 may specifically be the CP device 341 in the method 100, and the operation performed by the second device may specifically refer to the operation performed by the CP device 341 in the method 100, and specifically, the relevant descriptions of S301 and S302 may refer to S101 and S102 in the method 100, respectively. Wherein the first device may be the UP device 342 in the method 100, the first routing message may be the routing message 1 in the method 100, the first role identification information may be the role identification information 1 in the method 100, the first route may be the routing 1 in the method 100, the first routing protocol may be the routing protocol 1 in the method 100, and the first routing priority may be the routing priority 1 in the method 100.

It should be noted that, for the method 300 in the embodiment of the present application, specific implementation and achieved effects can be referred to the related descriptions of the method 100 shown in fig. 5 and the method 200 shown in fig. 10.

In addition, the present application also provides a communication device 1200, as shown in fig. 12. The communication device 1200 includes a transceiving unit 1201 and a processing unit 1202. Wherein, the transceiving unit 1201 is configured to perform transceiving operation implemented by a distributed device in this embodiment of the present application, for example, to implement transceiving operation implemented by the UP device 342 in the method 100, or the transceiving unit 1201 is further configured to perform transceiving operation implemented by a first device in the method 200; the processing unit 1202 is configured to perform other operations besides the transceiving operation, which are implemented by the distributed device in the embodiment of the present application, for example, to implement other operations besides the transceiving operation implemented by the UP device 342 in the method 100 described above, or the processing unit 1202 is further configured to perform other operations besides the transceiving operation implemented by the first device in the method 200 described above. For example: when the communication device 1200 executes the method implemented by the UP device 342 in the method 100, the transceiving unit 1201 may be configured to receive a routing message 1 sent by the CP device 341; the processing unit 1202 may be configured to determine a route priority 1 of the route 1 according to the role identification information 1.

Further, the present application provides a communication device 1300, as shown in fig. 13. The communication device 1300 includes a transceiving unit 1301 and a processing unit 1302. The transceiver unit 1301 is configured to perform a transceiving operation performed by the central device in each embodiment of the present application. For example, the transceiving operation performed by the CP device 341 in the method 100 is performed, or the transceiving unit 1301 is further configured to perform the transceiving operation performed by the second device in the method 300; the processing unit 1302 is configured to perform operations other than transceiving operations performed by the central device. For example, for performing operations other than transceiving operations performed by the CP device 341 in the method 100 described above, or the processing unit 1302 may be further configured to perform operations other than transceiving operations performed by the second device in the method 300 described above. For example: when the communication device 1300 performs the method implemented by the CP device 341 in the method 100, the transceiving unit 1301 may be configured to send a routing message 1 to the UP device 342; the processing unit 1302 may be configured to obtain a routing message 1.

In addition, an embodiment of the present application further provides a communication device 1400, which is shown in fig. 14. The communication device 1400 includes a communication interface 1401 and a processor 1402. Among other things, the communications interface 1401 includes a first communications interface 1401a and a second communications interface 1401 b. The first communication interface 1401a is used to perform the receiving operation performed by the distributed apparatus in the embodiment of the present application. Such as the receiving operation performed by the UP device 342 in the embodiment illustrated in the foregoing method 100, or the first communication interface 1401a is also used to perform the receiving operation performed by the first device in the embodiment illustrated in the foregoing method 200. The second communication interface 1401b is used to perform the transmission operation performed by the distributed apparatus in the embodiment of the present application. For example, the sending operation performed by the UP device 342 in the embodiment illustrated in the foregoing method 100, or the second communication interface 1401b is also used to perform the sending operation performed by the first device in the embodiment illustrated in the foregoing method 200. The processor 1402 is configured to perform operations other than the receiving and transmitting operations described above, such as other operations than the receiving and transmitting operations performed by the UP device 342 in the embodiment illustrated in the foregoing method 100, or the processor 1402 is also configured to perform other operations than the receiving and transmitting operations performed by the first device in the embodiment illustrated in the foregoing method 200. For example: the processor 1402 may perform the operations in the embodiments of the method 100: and determining the routing priority 1 of the route 1 according to the role identification information 1.

In addition, an embodiment of the present application further provides a communication device 1500, which is shown in fig. 15. The communication device 1500 includes a communication interface 1501 and a processor 1502. Among other things, communication interface 1501 includes a first communication interface 1501a and a second communication interface 1501 b. The first communication interface 1501a is used to perform a reception operation performed by the center apparatus. For example, the receiving operation performed by the CP device 341 in the embodiment illustrated in the foregoing method 100 is performed, or the first communication interface 1501a is also used to perform the receiving operation performed by the second device in the embodiment illustrated in the foregoing method 300. The second communication interface 1501b is used to perform a transmission operation performed by the center apparatus. For example, the CP device 341 in the embodiment illustrated in the foregoing method 100 performs the sending operation, or the second communication interface 1501b is also used to perform the sending operation performed by the second device in the embodiment illustrated in the foregoing method 300. The processor 1502 is configured to perform operations other than the receiving operation and the transmitting operation performed by the center device. For example, the CP device 341 in the embodiment of the method 100 may perform operations other than the receiving operation and the transmitting operation, or the processor 1502 may be configured to perform operations other than the receiving operation and the transmitting operation performed by the second device in the embodiment of the method 300. For example: the processor 1502 may perform the operations in the embodiments of the method 100: a routing message 1 is obtained.

In addition, the embodiment of the present application also provides a communication device 1600, which is shown in fig. 16. The communication device 1600 includes a memory 1601 and a processor 1602 in communication with the memory 1601. Wherein memory 1601 comprises computer readable instructions; the processor 1602 is configured to execute the computer-readable instructions to enable the communication device 1600 to perform the methods described in the embodiments of the present application. For example, for performing the method performed by the UP device 342 side in the above method 100, or causing the communication device 1600 to perform the method performed by the first device side in the above method 200.

In addition, an embodiment of the present application further provides a communication device 1700, which is shown in fig. 17. The communication device 1700 includes a memory 1701 and a processor 1702 in communication with the memory 1701. Wherein memory 1701 includes computer readable instructions; the processor 1702 is configured to execute the computer readable instructions to enable the communication device 1700 to perform the methods described in the embodiments of the present application. For example, for performing the method performed by the CP device 341 side in the above method 100, or causing the communication device 1700 to perform the method performed by the second device side in the above method 300.

It is understood that in the above embodiments, the processor may be a Central Processing Unit (CPU), a Network Processor (NP), or a combination of CPU and NP. The processor may also be an application-specific integrated circuit (ASIC), a Programmable Logic Device (PLD), or a combination thereof. The PLD may be a Complex Programmable Logic Device (CPLD), a field-programmable gate array (FPGA), a General Array Logic (GAL), or any combination thereof. The processor may refer to one processor or may include a plurality of processors. The memory may include a volatile memory (RAM), such as a random-access memory (RAM); the memory may also include a non-volatile memory (ROM), such as a read-only memory (ROM), a flash memory (flash memory), a hard disk (HDD) or a solid-state drive (SSD); the memory may also comprise a combination of memories of the kind described above. The memory may refer to one memory, or may include a plurality of memories. In one embodiment, the memory has stored therein computer-readable instructions comprising a plurality of software modules, such as a sending module, a processing module, and a receiving module. After the processor executes each software module, the processor can perform corresponding operation according to the instruction of each software module. In the present embodiment, the operation performed by one software module actually refers to an operation performed by the processor according to the instruction of the software module. The processor, upon executing the computer-readable instructions in the memory, may perform all operations that the communication device may perform, as directed by the computer-readable instructions.

It is to be understood that, in the above embodiments, the communication interface 1401 of the communication device 1400 may be specifically used as the transceiving unit 1201 in the communication device 1200, so as to implement data communication between the communication device 1200 and other devices. The communication interface 1501 of the communication device 1500 can be specifically used as the transceiving unit 1301 in the communication device 1300, and realizes data communication between the communication device 1300 and another device.

In addition, the embodiment of the present application further provides a communication system 1800, which is shown in fig. 18. The communication system 1800 includes a first communication device 1801 and a second communication device 1802, where the first communication device 1801 may specifically be the communication device 1201, the communication device 1401, or the communication device 1601, and correspondingly, the second communication device 1802 may specifically be the communication device 1301, the communication device 1501, or the communication device 1701.

Furthermore, an embodiment of the present application also provides a computer-readable storage medium, which stores instructions that, when executed on a computer, cause the computer to execute the routing processing method in the embodiment shown in the above method 100, method 200 or method 300.

Furthermore, the present application also provides a computer program product, which includes a computer program or computer readable instructions, when the computer program or the computer readable instructions runs on a computer, the computer executes the routing processing method in the embodiment shown in the foregoing method 100, method 200, or method 300.

As can be seen from the above description of the embodiments, those skilled in the art can clearly understand that all or part of the steps in the above embodiment methods can be implemented by software plus a general hardware platform. Based on such understanding, the technical solution of the present application may be embodied in the form of a software product, which may be stored in a storage medium, such as a read-only memory (ROM)/RAM, a magnetic disk, an optical disk, or the like, and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network communication device such as a router) to execute the method according to the embodiments or some parts of the embodiments of the present application.

The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the apparatus and system embodiments, since they are substantially similar to the method embodiments, they are described in a relatively simple manner, and reference may be made to some of the descriptions of the method embodiments for related points. The above-described embodiments of the apparatus and system are merely illustrative, wherein modules described as separate parts may or may not be physically separate, and parts shown as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.

The above description is only a preferred embodiment of the present application and is not intended to limit the scope of the present application. It should be noted that, for a person skilled in the art, several improvements and modifications can be made without departing from the scope of the present application, and these improvements and modifications should also be considered as the protection scope of the present application.

Claims

1. A method for processing a route, comprising:

a first device receives a first routing message sent by a second device, wherein the first routing message carries first role identification information, the first role identification information is used for indicating a role of the second device in a network, the first routing message is used for issuing a first route, and the first routing message complies with a first routing protocol;

and the first equipment determines the first route priority of the first route according to the first corner identification information.

2. The method of claim 2, further comprising:

the first equipment acquires a first message, and the destination address of the first message is the IP address of the second equipment;

and the first equipment sends the first message to the second equipment based on the first route.

3. The method according to claim 1 or 2, wherein the first routing message carries the first role identification information through a new extended community attribute or a new type length value, TLV, field.

4. The method of claim 3, wherein a Type field in the newly added extended community attribute or the newly added TLV field is used for carrying the first role identification information.

5. The method according to claim 3 or 4, wherein said first routing message further carries priority association information, said priority association information being used for determining said first routing priority.

6. The method of claim 5, wherein the priority association information comprises one or more of the following:

first indication information, configured to indicate that the first route priority is configured to be higher than route priorities of other routes issued by other devices through the first routing protocol, where the first route and the other routes have the same route prefix;

second indication information, which is used for indicating that the first device needs to modify the protocol priority of the first routing protocol in the routing among the multiple routing protocols;

third indication information, configured to indicate that the first device does not need to modify the protocol priority of the first routing protocol in the inter-routing of the multiple routing protocols;

fourth indication information, configured to indicate that the second device is a standby device;

the fifth indication information is used for indicating that the second equipment is the main equipment;

sixth indication information, configured to instruct the first device to perform authentication on the second device;

seventh indication information, configured to indicate the route attribute information in the first route message.

7. The method according to any of claims 1-6, wherein the first routing message further carries one or more of the following information:

eighth indication information, configured to indicate an autonomous system in which the second device is located;

ninth indication information, configured to indicate a network entity within the autonomous system where the second device is located;

tenth indication information, configured to indicate a device identifier of the second device, where the device identifier is used to uniquely identify the second device.

8. The method according to any of claims 1-7, wherein the first role identification information is used to indicate that the role of the second device in the network is a central device.

9. The method according to any of claims 1-8, wherein the role of the second device in the network is a master central device.

10. The method of any of claims 1-8, wherein the role of the second device in the network is a standby center device.

11. The method according to any one of claims 1-10, further comprising:

the first device receives a second routing message sent by a third device, wherein the second routing message carries second role identification information, the second role identification information is used for indicating that the role of the third device in the network is a standby center device, and the second routing message is used for issuing a second route;

and the first equipment determines the second routing priority of the second route according to the second role identification information.

12. The method according to any of claims 1-11, wherein the network has a centralized network architecture, and wherein the network comprises at least one central device and a plurality of distributed devices, wherein the at least one central device and the plurality of distributed devices each establish a communication connection, and wherein the at least one central device comprises the second device.

13. The method according to any one of claims 1 to 12,

the network is a control-forwarding separation network, and the second device is a controller in the control-forwarding separation network;

the network is a central Hub-backbone Spine network, and the second equipment is Hub equipment in the Hub-Spine network;

the network is a backbone Spine-Leaf network, and the second device is a Spine device in the Spine-Leaf network;

the network is a CU separation network with a Control Plane (CP) -User Plane (UP) separation, and the second device is a CP device in the CU separation network;

the network is a virtual extensible local area network VXLAN network, and the second device is a VXlan gateway in the VXLAN network.

14. The method according to any of claims 1-13, wherein before the first device determines the first route priority of the first route according to the first role identification information, the method further comprises:

and the first equipment carries out identity verification on the second equipment.

15. The method of claim 14, wherein the first device authenticating the second device comprises:

and the first equipment carries out the identity verification on the second equipment according to the first role identification information.

16. The method according to claim 14 or 15, wherein the first routing message further carries a digital signature, and wherein the first device authenticates the second device, comprising:

and the first equipment carries out identity verification on the second equipment according to the digital signature.

17. The method according to claim 14 or 15, wherein the first routing message carries a first hash check value, and the first device authenticates the second device, comprising:

and the first equipment carries out the identity authentication on the second equipment according to the first hash check value.

18. The method according to any of claims 1-17, wherein the first device determining a first routing priority of the first route according to the first angular identification information comprises:

the first device determining a role of the second device in the network based on the first role identification information;

and the first equipment determines the first routing priority based on the corresponding relation between a local preset strategy and the role of the second equipment in the network.

19. The method according to any one of claims 1-18, further comprising:

the first device receives a third routing message of a fourth device, wherein the IP address of the fourth device is the same as the IP address of the second device, the third routing message is used for issuing a third route, and the first route and the third route have the same routing prefix;

the first device determines that roles of the fourth device and the second device in the network are different according to the third routing message;

the first device determines a third routing priority for the third route, the third routing priority being different from the first routing priority.

20. The method of claim 19, wherein the third routing priority is lower than the first routing priority.

21. The method of claim 20, wherein the third routing message conforms to the first routing protocol.

22. The method of claim 20, wherein the third routing message conforms to a second routing protocol, and wherein the protocol priority of the first routing protocol is higher than the protocol priority of the second routing protocol.

23. The method according to any of claims 1-22, wherein the first routing message carries route attribute information, and the first device determines the first route priority of the first route according to the first angular identification information, including:

the first device determines the first routing priority based on the route attribute information and the first role identification information.

24. The method according to claim 23, wherein said first routing message includes a new extended community attribute or a new TLV field for carrying said routing attribute information.

25. The method according to claim 23 or 24, wherein the route attribute information comprises one or more of the following parameters:

link overhead, Local _ priority, route source Origin, and multi-egress identification MED.

26. The method according to any one of claims 1-18, further comprising:

the first device receives a fourth routing message of a fifth device, the IP address of the fifth device is the same as the IP address of the second device, the fourth routing message is used for issuing a fourth route, and the first route and the fourth route have the same routing prefix;

the first device determines that the fourth route is an illegal route;

the first device does not save the fourth route.

27. The method of any of claims 1-26, wherein the first routing protocol is an open shortest path first, OSPF, intermediate system to intermediate system, ISIS, border gateway protocol, BGP, or path computation element communication protocol, PCEP.

28. A method for processing a route, comprising:

the method comprises the steps that a second device generates a first routing message, wherein the first routing message carries first role identification information, and the first role identification information is used for indicating a role of the second device in a network;

the second device sends the first routing message to a first device, the first routing message for publishing a first route, the first routing message complying with a first routing protocol.

29. The method of claim 28, wherein the first routing message carries the first role identification information through a new extended community attribute or a new type length value, TLV, field.

30. The method of claim 29, wherein a Type field in the added extended community attribute or the added TLV field is used to carry the first role identification information.

31. The method according to any of the claims 28-30, wherein said first routing message further carries priority association information, said priority association information being used for determining a first routing priority corresponding to said first route.

32. The method of claim 31, wherein the priority association information comprises one or more of the following:

third indication information, configured to indicate that the first device does not need to modify a protocol priority of the first routing protocol in the inter-routing of multiple routing protocols;

33. The method according to any of claims 28-32, wherein said first routing message further carries one or more of the following information:

34. The method according to any of claims 28-33, wherein the first role identification information is used to indicate that the role of the second device in the network is a central device.

35. The method of any of claims 28-34, wherein the role of the second device in the network is a master center device or a standby center device.

36. The method according to any of claims 28-35, wherein the network has a centralized network architecture, and wherein the network comprises at least one central device and a plurality of distributed devices, wherein the at least one central device and the plurality of distributed devices each establish a communication connection, and wherein the at least one central device comprises the second device.

37. The method of any one of claims 28-36,

the network is a central Hub-backbone Spine network, and the second equipment is a Hub in the Hub-Spine network;

38. The method of any of claims 28-37, wherein the first routing message further carries a digital signature or a hash check value, and wherein the digital signature or the hash check value is used to authenticate the second device.

39. The method according to any of claims 28-38, wherein said first routing message comprises a new extended community attribute or a new TLV field, said new extended community attribute or said new TLV field being used for carrying routing attribute information, said routing attribute information being used by said first device for determining a first routing priority corresponding to said first route.

40. The method of claim 39, wherein the route attribute information comprises one or more of the following parameters:

41. The method of any of claims 28-40, wherein the first routing protocol is an open shortest Path first, OSPF, intermediate System to intermediate System, ISIS, Border gateway protocol, BGP, or Path computation element communication protocol, PCEP.

42. A communication device, comprising:

a memory comprising computer readable instructions;

a processor in communication with the memory, the processor to execute the computer readable instructions to cause the communication device to perform the method of any of claims 1-27.

43. A communication device, comprising:

a memory comprising computer readable instructions;

a processor in communication with the memory, the processor to execute the computer readable instructions to cause the communication device to perform the method of any of claims 28-41.

44. A communication system comprising the communication device of claim 42 and the communication device of claim 43.

45. A computer readable storage medium comprising computer readable instructions which, when run on a computer, cause the computer to implement the method of any one of claims 1-41.