CN114389992A

CN114389992A - Control flow forwarding method, equipment and system

Info

Publication number: CN114389992A
Application number: CN202011622415.4A
Authority: CN
Inventors: 贺行健; 王海波
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2020-10-21
Filing date: 2020-12-30
Publication date: 2022-04-22

Abstract

A method, device and system for forwarding control traffic. The method comprises the step that the control equipment receives a first message sent by first network equipment, wherein the first message comprises a first service message. The destination of the first message is the control device, the destination of the first service message is the first user device, and the first user device is connected with the network through the second network device. Then, the control device determines a first forwarding policy according to the first packet and the first routing table entry, where the first forwarding policy is used to direct forwarding of a first data stream to which the first service packet belongs. And the control device sends the first forwarding policy to the first network device. Therefore, the control equipment realizes intervention and control on the forwarding path of the data stream to which the message belongs according to the message sent by the network equipment.

Description

Control flow forwarding method, equipment and system

The present application claims priority of chinese patent application entitled "a method, apparatus and system for controlling a traffic forwarding path" filed by the national intellectual property office on 21/10/2020, application number CN202011133176.6, which is incorporated herein by reference in its entirety.

Technical Field

The present application relates to the field of communications technologies, and in particular, to a method, a device, and a system for forwarding a control traffic.

Background

The underlying (underlay) network is a distributed network, and has no central control node, and all devices in the underlay network learn the reachable information of the network in a protocol transfer mode, and each device determines how to forward, which directly results in no holistic concept and can not regulate and control the flow from the angle of the whole network.

An overlay network is a virtualization technology mode overlaid on a network architecture, and a general framework of the overlay network realizes the load bearing applied to the network without large-scale modification of a basic network and can be separated from other network services. The overlay network is a virtual network established on an existing network and is composed of logical nodes and logical links. The overlay network has independent control and forwarding planes, and the physical network is transparent to the terminal system connected outside the edge device of the overlay network. By deploying the overlay network, the depth extension of the physical network to the cloud and virtualization can be realized, the cloud resource pooling capability can be free from the heavy limitation of the physical network, and the method is the key for realizing cloud network fusion. An overlay network is also a network, but a network built on top of an underlay network. The nodes of the overlay network communicate through virtual or logical links, each virtual or logical link corresponding to a path of the underlay network and consisting of a plurality of links connected back and forth.

Border Gateway Protocol (BGP) is a decentralized, autonomous routing protocol for a core on the internet. It realizes reachability between Autonomous Systems (AS) by maintaining Internet Protocol (IP) routing tables or 'prefix' tables, belonging to vector routing protocols. The basic idea of Ethernet Virtual Private Network (EVPN) is to learn a Media Access Control (MAC) address in a control plane through BGP, so as to implement a function of a layer 2virtual private network (L2 VPN).

In an overlay network scenario, a control device may actively diffuse routing information to a network device through a protocol, so that the network device may normally forward a packet, for example, an implementation manner of BGP EVPN. In another possible implementation, the network device may query the control device for routing information as needed, for example, an implementation based on Location Identity Separation Protocol (LISP). However, in the above implementation, the control device cannot intervene and control the forwarding path.

Disclosure of Invention

The application provides a method, a device and a system for controlling a flow forwarding path, so that the control device can intervene and control the forwarding path of a data stream to which a message belongs according to the message sent by a network device.

In a first aspect, a method of controlling traffic forwarding is provided. The method comprises the steps that a control device receives a first message sent by a first network device, wherein the first message comprises a first service message, the destination of the first message is the control device, the destination of the first service message is a first user device, and the first user device is connected with a network through a second network device. Then, the control device determines a first forwarding policy according to the first packet and the first routing table entry, where the first forwarding policy is used to direct forwarding of a first data stream to which the first service packet belongs. And the control device sends the first forwarding policy to the first network device.

Based on the scheme provided by the embodiment of the application, the control equipment realizes intervention and control on the forwarding path of the data stream to which the message belongs according to the message sent by the network equipment. The control device controls the path of the network device for sending the data stream according to the current network state by issuing the forwarding strategy. Optionally, the control device receives the first packet sent by the first network device via a first tunnel.

In a possible implementation manner of the first aspect, the determining, by the control device, a first forwarding policy according to the first packet and the first routing table entry includes determining, by the control device, that a destination of the first packet is the control device according to a destination address of the first packet; the control equipment determines the first routing table item according to the destination address of the first service message; and the control equipment determines the first forwarding strategy according to the first routing table entry.

In yet another possible implementation manner of the first aspect, the first forwarding policy includes a second routing table entry, where the second routing table entry includes second address information and second next hop information, the second address information is used to identify the first user equipment, and the second next hop information is used to identify a third network device. Optionally, before the control device determines the first forwarding policy according to the first packet and the first routing table entry, the method further includes determining, by the control device, a link congestion or a link failure from the first network device to the second network device according to the first packet and the first routing table entry. Optionally, the third network device is a firewall.

In yet another possible implementation manner of the first aspect, before the control device receives a first packet sent by a first network device, the method further includes that the control device receives first user equipment information sent by a second network device, where the first user equipment information includes the first address information and first location information, and the first location information indicates the first next hop information; and the control equipment determines the first routing table item according to the first user equipment information. Optionally, the first user equipment information further includes at least one of the following information: a second priority and a second Virtual Private Network (VPN) identifier, where the second priority is used to indicate a priority of the first user equipment, and the second VPN identifier is used to indicate a VPN to which the first user equipment belongs.

In yet another possible implementation manner of the first aspect, the control device forwards the first packet to the second network device according to the first routing table entry.

In yet another possible implementation manner of the first aspect, the control device receives a third packet sent by the first network device, where the third packet includes a third service packet, a destination of the third packet is the control device, a destination of the third service packet is a second user device, and the second user device is connected to the network through the second network device; the control equipment determines that the destination of the third message is the control equipment according to the destination address of the third message; the control device determines a third routing table entry according to the destination address of the third service packet, where the third routing table entry includes third address information and third next hop information, the third address information is used to identify the second user equipment, and the third next hop information is used to identify the second network equipment; the control equipment determines the level of a conversation from third user equipment to the second user equipment according to the third service message, wherein the source address of the third service message identifies the third user equipment; and the control equipment prevents a third forwarding strategy from being sent to the first network equipment according to the grade, wherein the third forwarding strategy is used for guiding the forwarding of a second data stream to which the third service message belongs. Optionally, the control device forwards the third packet to the second network device according to the third routing table entry. Optionally, the control device receives the third packet sent by the first network device via the first tunnel.

In a second aspect, a method of controlling traffic forwarding is provided. The method comprises the steps that first network equipment receives a first service message sent by third user equipment, the destination of the first service message is the first user equipment, and the first user equipment is connected with a network through second network equipment. Then, the first network device determines, according to the destination address of the first service packet, that the first network device does not include a first routing table entry, where the first routing table entry indicates a forwarding path of the first service packet. And in response to the first network device determining that the first network device does not include the first routing table entry, the first network device sends a first packet to the control device, where the destination of the first packet is the control device, and the first packet includes the first service packet. And the first network device receives a first forwarding policy sent by the control device, where the first forwarding policy is used to direct forwarding of a first data flow to which the first service packet belongs.

Based on the scheme provided by the embodiment of the application, the network device sends the message to the control device through the tunnel for processing under the condition that the corresponding forwarding table entry cannot be found, and the control device realizes intervention and control on the forwarding path of the data stream to which the message belongs according to the message sent by the network device. The control device controls the path of the network device for sending the data stream according to the current network state by issuing the forwarding strategy. Optionally, the first network device sends the first packet to the control device through a first tunnel.

In a possible implementation manner of the second aspect, before the first network device sends the first packet to the control device, the method further includes that the first network device generates the first packet according to a default routing table entry, where the default routing table entry includes default address information and default next hop information, and the default next hop information is used to identify the control device. Optionally, the default address information includes a default IP address and a default mask, where the value of the default IP address is zero and the value of the default mask is 0. Optionally, the default address information includes a default MAC address, and a value of the default MAC address is zero.

In yet another possible implementation manner of the second aspect, the method further includes that the first network device receives a second service packet sent by the third user equipment, and a destination of the second service packet is the first user equipment; and the first network equipment sends the second service message to the second network equipment according to the first forwarding strategy.

In yet another possible implementation manner of the second aspect, the first forwarding policy includes a second routing table entry, where the second routing table entry includes second address information and second next hop information, the second address information is used to identify the first user equipment, and the second next hop information is used to identify a third network device. Optionally, the method further includes that the first network device receives a second service packet sent by the third user equipment, and a destination of the second service packet is the first user equipment; and the first network equipment sends the second service message to the third network equipment according to the first forwarding strategy.

In the first aspect or the second aspect, optionally, the first forwarding policy includes the first routing table entry.

In the first aspect or the second aspect, optionally, the first forwarding policy further includes at least one of the following information: the first priority is used for indicating the priority of the first network device for sending the first data stream, the first rate is used for indicating the rate of the first network device for sending the first data stream, and the first VPN identifier is used for indicating the VPN to which the first user device belongs.

In the first aspect or the second aspect, optionally, the first tunnel is any one of the following tunnels: a virtual extensible local area network (VXLAN) tunnel, a multi-protocol label switching (MPLS) based tunnel, a Segment Routing (SR) tunnel, and a Generic Routing Encapsulation (GRE) tunnel.

In the first aspect or the second aspect, optionally, the network is a campus network, and the campus network includes the control device, the first network device, and the second network device, where the control device is a core network device, and the first network device and the second network device are edge network devices.

In addition, a method of controlling traffic forwarding. The control equipment receives a third message sent by first network equipment, wherein the third message comprises a third service message, the destination of the third message is the control equipment, the destination of the third service message is second user equipment, and the second user equipment is connected with a network through the second network equipment; the control equipment determines that the destination of the third message is the control equipment according to the destination address of the third message; the control device determines a third routing table entry according to the destination address of the third service packet, where the third routing table entry includes third address information and third next hop information, the third address information is used to identify the second user equipment, and the third next hop information is used to identify the second network equipment; the control equipment determines the level of a conversation from third user equipment to the second user equipment according to the third service message, wherein the source address of the third service message identifies the third user equipment; and the control equipment prevents a third forwarding strategy from being sent to the first network equipment according to the grade, wherein the third forwarding strategy is used for guiding the forwarding of a second data stream to which the third service message belongs. Optionally, the control device forwards the third packet to the second network device according to the third routing table entry. Optionally, the control device receives the third packet sent by the first network device via the first tunnel.

In a third aspect, a control device is provided, the control device having a function of implementing the behavior of the control device in the above method. The functions can be realized based on hardware, and corresponding software can be executed based on hardware. The hardware or software includes one or more modules corresponding to the above-described functions.

In one possible design, the structure of the control device includes a processor and an interface, and the processor is configured to support the control device to execute the corresponding functions in the above method. The interface is used to support communication between the control device and a first network device from which information or instructions involved in the above method are received. The interface is also used to support communication between the control device and other network devices. The control device may also include a memory for coupling with the processor that retains program instructions and data necessary for the control device.

In another possible design, the control device includes: a processor, a transmitter, a receiver, a random access memory, a read only memory, and a bus. The processor is coupled to the transmitter, the receiver, the random access memory and the read only memory through the bus respectively. When the control equipment needs to be operated, the basic input/output system solidified in the read-only memory or the bootloader bootstrap system in the embedded system is started to guide the control equipment to enter a normal operation state. After the control device enters a normal operation state, the application and the action system are run in the random access memory, so that the processor executes the method of the first aspect or any possible implementation manner of the first aspect.

In a fourth aspect, there is provided a control apparatus comprising: the main control board and the interface board, further, can also include the exchange network board. The control device is configured to perform the method of the first aspect or any possible implementation manner of the first aspect. In particular, the control device comprises means for performing the method of the first aspect or any possible implementation form of the first aspect.

In a fifth aspect, a control device is provided that includes a controller and a first forwarding sub-device. The first forwarding sub-apparatus comprises: the interface board further can also comprise a switching network board. The first forwarding sub-device is configured to execute the function of the interface board in the fourth aspect, and further, may also execute the function of the switching network board in the fourth aspect. The controller includes a receiver, a processor, a transmitter, a random access memory, a read only memory, and a bus. The processor is coupled to the receiver, the transmitter, the random access memory and the read only memory through the bus respectively. When the controller needs to be operated, the basic input/output system solidified in the read-only memory or the bootloader bootstrap system in the embedded system is started, and the bootstrap controller enters a normal operation state. After the controller enters a normal operation state, the application program and the action system are operated in the random access memory, so that the processor executes the functions of the main control board in the fourth aspect.

A sixth aspect provides a computer storage medium for storing a program, code or instructions for the control device, which when executed by a processor or hardware device, performs the functions or steps of the control device of the first aspect.

In a seventh aspect, a first network device is provided, where the first network device has a function of implementing the behavior of the first network device in the foregoing method. The functions can be realized based on hardware, and corresponding software can be executed based on hardware. The hardware or software includes one or more modules corresponding to the above-described functions.

In one possible design, the first network device includes a processor and an interface in a structure, and the processor is configured to support the first network device to perform corresponding functions in the above method. The interface is used for supporting communication between the first network device and the control device, and sending information or instructions related to the method to the control device or receiving information or instructions related to the method sent by the control device. The interface is also used to support communication between the control device and other network devices and user devices. The first network device may also include a memory, coupled to the processor, that retains program instructions and data necessary for the first network device.

In another possible design, the first network device includes: a processor, a transmitter, a receiver, a random access memory, a read only memory, and a bus. The processor is coupled to the transmitter, the receiver, the random access memory and the read only memory through the bus respectively. When the first network equipment needs to be operated, the first network equipment is guided to enter a normal operation state by starting a basic input/output system solidified in a read-only memory or a bootloader guiding system in an embedded system. After the first network device enters the normal operation state, the application program and the action system are executed in the random access memory, so that the processor executes the method of the second aspect or any possible implementation manner of the second aspect.

In an eighth aspect, a first network device is provided, the first network device comprising: the main control board and the interface board, further, can also include the exchange network board. The first network device is configured to perform the second aspect or the method in any possible implementation manner of the second aspect. In particular, the first network device comprises means for performing the method of the second aspect or any possible implementation of the second aspect.

In a ninth aspect, a first network device is provided that includes a controller and a second forwarding sub-device. The second forwarding sub-device comprises: the interface board further can also comprise a switching network board. The second forwarding sub-device is configured to execute a function of the interface board in the eighth aspect, and further, may also execute a function of the switching network board in the eighth aspect. The controller includes a receiver, a processor, a transmitter, a random access memory, a read only memory, and a bus. The processor is coupled to the receiver, the transmitter, the random access memory and the read only memory through the bus respectively. When the controller needs to be operated, the basic input/output system solidified in the read-only memory or the bootloader bootstrap system in the embedded system is started, and the bootstrap controller enters a normal operation state. After the controller enters a normal operation state, the application program and the action system are operated in the random access memory, so that the processor executes the functions of the main control board in the eighth aspect.

In a tenth aspect, a computer storage medium is provided for storing programs, codes or instructions for the first network device, which can be executed by a processor or a hardware device to perform the functions or steps of the first network device in the second aspect.

In an eleventh aspect, there is provided a network system, which includes a control device in the third aspect, the fourth aspect, or the fifth aspect, and a first network device in the seventh aspect, the eighth aspect, or the ninth aspect.

By the scheme, the control equipment realizes intervention and control on the forwarding path of the data stream to which the message belongs according to the message sent by the network equipment; correspondingly, the network equipment forwards the message flow according to the intervention and control requirements of the control equipment according to the forwarding strategy.

Drawings

Fig. 1 is a schematic structural diagram of a communication network according to an embodiment of the present application;

fig. 2 is a flowchart of a control traffic forwarding method according to an embodiment of the present application;

fig. 3 is a schematic structural diagram of a first network device according to an embodiment of the present application;

fig. 4 is a schematic hardware structure diagram of a first network device according to an embodiment of the present application;

fig. 5 is a schematic hardware structure diagram of another first network device according to an embodiment of the present application;

fig. 6 is a schematic structural diagram of a second network device according to an embodiment of the present application;

fig. 7 is a schematic hardware structure diagram of a second network device according to an embodiment of the present application;

fig. 8 is a schematic hardware structure diagram of another second network device according to an embodiment of the present application.

Detailed Description

The technical solution of the present application will be described in detail by the following specific examples.

Fig. 1 is a schematic structural diagram of a communication network according to an embodiment of the present application. The communication network may be, for example, a campus network. The communication network comprises a plurality of network devices, the plurality of network devices comprise a control device and a plurality of forwarding devices, and the plurality of forwarding devices comprise a first network device, a second network device, a third network device and a fourth network device. The plurality of forwarding devices may be switches or routers, and the control device may be a switch or a router. In one possible implementation, the control device may be a Route Reflector (RR). In the scenario shown in fig. 1, the plurality of forwarding devices may be edge network devices, such as edge switches or edge routers; the network device may be a core network device, such as a core switch or a core router. The control device communicates with each of the plurality of forwarding devices via a communication link. Any two network devices in the plurality of forwarding devices may communicate with each other via a communication link. The communication link may be a wired link or a wireless link. The communication link may be a direct link, or may include other network devices. Each of the plurality of forwarding devices may be connected to one or more user devices, for example, in fig. 1, the first network device is connected to a third user device, and the second network device is connected to the first user device and the second user device. The user equipment in fig. 1 may be a server or a Virtual Machine (VM) or a terminal device. The terminal device may specifically be a personal computer, a portable computer, a smart phone, a PAD, or the like. The control device may be connected to an egress network device for communicating with a network other than the communication network. For example, the control device receives the traffic from the plurality of forwarding devices and forwards the traffic to other networks through the egress network device. For another example, the egress network device receives traffic from another network, and transmits the traffic to the plurality of forwarding devices through the control device, so that the traffic finally reaches the user device.

Tunnels may be established between the control device and the plurality of forwarding devices, for example, a first tunnel is included between the control device and the first network device, a second tunnel is included between the control device and the second network device, a third tunnel is included between the control device and the third network device, and a fourth tunnel is included between the control device and the fourth network device. In a virtual extensible local area network (VXLAN) scenario, the communication network shown in fig. 1 is VXLAN, and the tunnel may be a VXLAN tunnel. In a Segment Routing (SR) scenario, the communication network shown in fig. 1 is an SR network, and the tunnel may be an SR tunnel. In a multi-protocol label switching (MPLS) scenario, the communication network shown in fig. 1 is an MPLS network, and the tunnel may be an MPLS-based tunnel. In a Generic Routing Encapsulation (GRE) protocol scenario, the communication network shown in fig. 1 is a GRE network and the tunnel may be a GRE tunnel.

The control device includes a full network topology of the communication network, that is, the control device stores a routing table entry of the full network of the communication network.

In one possible implementation, the controlling device may act as an RR and establish a peer-to-peer (peer) relationship with the plurality of forwarding devices based on BGP. For example, the control device establishes a peer relationship with the first network device, and the control device issues a routing table entry to the first network device based on BGP. Moreover, when the topology of the communication network changes (for example, a new forwarding device is online, or an original forwarding device is offline), the control device may also issue a routing table entry to the first network device based on BGP to notify a routing change condition. The first network device updates a local routing table based on the received routing table entry. Therefore, the network device can generate a plurality of forwarding table entries according to the routing table to guide traffic forwarding. Wherein the forwarding entries may be stored in a forwarding table local to the first network device. Similarly, the control device may also issue a routing table entry to the second network device, the third network device, and the fourth network device. Optionally, the implementation may be implemented based on a BGP EVPN protocol.

In another possible implementation, the forwarding device in the communication network may obtain the corresponding route by querying the route as needed. Based on the LISP implementation, the control device serves as a server, and the plurality of forwarding devices serve as clients, respectively. For example, the first network device sends a request message (e.g., a map-request message) to the control device based on traffic received from the third user device. The request message is used for requesting the first network device to forward the routing table entry of the traffic. The control device generates a corresponding response message (for example, a map-reply message), where the response message carries a routing table entry for forwarding the traffic. And the control equipment sends the response message to the first network equipment. And the first network equipment updates a routing table stored locally according to the response message.

In the above implementation, based on the BGP implementation, the control device needs to issue a large number of routing entries to the forwarding device. Also, there may be unfixed user equipment in the communication network, for example, the user equipment is a mobile terminal, and the mobile terminal accesses an Access Point (AP) through Wireless Fidelity (WIFI). Roaming of the mobile terminal will cause the routing distribution of BGP to be limited. Based on the LISP implementation, the control device needs to complete the process of querying the route on demand based on the mechanism of the request message and the response message. In addition, in the two implementation manners, the control device implements the issue and query of the route based on the stored routing table entry, and the control device cannot intervene and control the forwarding path of the data stream to which the packet belongs.

In order to solve the above problems, embodiments of the present application provide a corresponding solution. As shown in fig. 1, a first network device receives a first service packet sent by a third user equipment. And if the first network device does not find a matched forwarding table item in a forwarding table of the first network device according to the destination address information of the first service message, the first network device encapsulates the first service message according to a tunnel protocol to obtain a first message. And the first network equipment sends the first message to the control equipment so that the control equipment can process the first message. And the control equipment generates a first forwarding strategy according to the first message and a routing table entry stored by the control equipment, wherein the first forwarding strategy is used for guiding the forwarding of a first data stream to which the first service message belongs. In the process of generating the first forwarding policy, the control device may consider the forwarding path of the first data stream according to not only the routing table entry stored in the control device, but also the current link quality, the security and the permission level of the source user device of the first data stream, and other factors. Therefore, the first forwarding policy generated by the control device can implement intervention and control on a forwarding path of a data stream to which the packet belongs. The control device sends the first forwarding policy to the first network device via a first tunnel. The first network device may update a routing table entry in a local routing table of the first network device according to a first forwarding policy, and update a corresponding forwarding table entry according to the updated routing table entry. And the first network equipment forwards the first data stream according to the updated forwarding table entry. Therefore, through the implementation manner, the control device implements intervention and control on the forwarding path of the data stream to which the message belongs according to the message sent by the network device; correspondingly, the network equipment forwards the message flow according to the intervention and control requirements of the control equipment according to the forwarding strategy.

Fig. 2 is a flowchart of a control traffic forwarding method according to an embodiment of the present application. The method shown in fig. 2 can be applied to the network structure shown in fig. 1. In the embodiment of the present application, the interaction between the first network device and the control device in fig. 1 is described, and it should be understood that other network devices may be included on the communication link between the first network device and the control device. In the explanation of the embodiment of the present application, the communication network shown in fig. 1 is VXLAN as an example, and accordingly, the tunnel between the first network device and the control device is VXLAN tunnel. It should be understood that the method described in fig. 2 may also be applied in other overlay network scenarios, in particular, such as the aforementioned SR network, MPLS network, or GRE network. The method comprises the following steps:

s101, a first network device receives a first service message sent by a third user device, wherein the destination of the first service message is the first user device.

As shown in fig. 1, a first network device may communicate with a third user device and a second network device may communicate with the first user device. The third user equipment wishes to send traffic data to the first user equipment. And the third user equipment encapsulates the flow data to obtain a first service message. And the message header of the first service message comprises a source address and a destination address. The source address identifies the third user equipment, and is used for indicating the sending end equipment of the first service message. The source address may be an IP address, i.e., a source IP address; or the source address may be a MAC address, i.e. a source MAC address. The source IP address may be a device IP address of the third user device, and the source MAC address may be a device MAC address of the third user device. The destination address identifies the first user equipment, and is used for indicating receiving end equipment of the first service message. That is, the destination of the first service packet is the first user equipment. The destination address may be an IP address, i.e. a destination IP address; or the destination address may be a MAC address, i.e. a destination MAC address. The destination IP address may be a device IP address of the first user equipment, and the destination MAC address may be a device MAC address of the first user equipment. The second network device is connected to the first user device, and traffic reaching the first user device needs to be forwarded by the second network device, so that the next hop device of the first user device is the second network device. Therefore, the next hop device mentioned above specifically refers to a routing next hop device, that is, the routing next hop device of the first user equipment is the second network device. That is, the first user device is connected to a network, which may be a campus network, through a second network device.

And after the third user equipment generates the first service message, sending the first service message to the first network equipment. And the first network equipment receives the first service message.

S102, the first network device determines, according to the destination address of the first service packet, that the first network device does not include a first routing table entry, where the first routing table entry includes first address information and first next hop information, the first address information is used to identify the first user device, and the first next hop information is used to identify the second network device.

And after receiving the first service message, the first network equipment analyzes the first service message. And the first network equipment acquires the destination address in the first service message. And the first network equipment searches a forwarding table item in the first network equipment according to the destination address of the first service message.

If the first network device can find the corresponding forwarding table entry, it indicates that the local routing table of the first network device includes the first routing table entry. The first routing table entry includes first address information and first next hop information, where the first address information is used to identify the first user equipment, and the first next hop information is used to identify the second network equipment. Specifically, the first network device may match the first address information according to a destination address of the first service packet, and when the destination address of the first service packet matches the first address information, the first network device may determine the corresponding first next hop information. In this way, the first network device may encapsulate the first service packet according to the corresponding forwarding table entry, and directly forward the encapsulated first service packet to the second network device. Therefore, after receiving the encapsulated first service message, the second network device obtains the first service message and forwards the first service message to the first user equipment.

If the first network device does not find the corresponding forwarding table entry according to the destination address of the first service packet, the first network device may determine that the first network device does not include the first routing table entry.

In an implementation manner of the present application, the address information may be an IPv4 address, an IPv6 address, a MAC address, or a Segment Identifier (SID) tag.

S103, the first network device sends a first message to the control device, wherein the first message comprises the first service message. Optionally, the first network device sends the first packet to the control device through a first tunnel.

As can be seen from step S102, the first network device determines, according to the destination address of the first service packet, that the first network device does not include the first routing entry. Then, the first network device forwards the first service packet to a control device through a first tunnel, where the first tunnel is a tunnel between the first network device and the control device. In the embodiments of the present application, a VXLAN scenario is taken as an example for description, and therefore, in the following description, the first tunnel is expressed as a first VXLAN tunnel.

Next, we describe a specific implementation that the first network device forwards the first service packet to the control device through the first VXLAN tunnel.

In a VXLAN scenario, the first network device is a VXLAN Tunnel Endpoint (VTEP) device located at one end of the first VXLAN tunnel. The control device may act as a VTEP device located at the other end of the first VXLAN tunnel. And the first network equipment determines that the first network equipment does not comprise a first routing table item according to the destination address of the first service message. And the first network equipment encapsulates the first service message to obtain a first message. The first packet includes the first service packet and a first tunnel header. The first message may be a VXLAN message, and the first tunnel header may include a VXLAN header. The first tunnel header includes a source address and a destination address. The source address identifies the first network device, and is used to indicate a sending end device of the first packet. The source address may be an IP address, i.e., a source IP address; or the source address may be a MAC address, i.e. a source MAC address. The source IP address may be a device IP address of the first network device and the source MAC address may be a device MAC address of the first network device. The destination address identifies the control device, and is used for indicating a receiving end device of the first packet. That is, the destination of the first packet is the control device. The destination address may be an IP address, i.e. a destination IP address; or the destination address may be a MAC address, i.e. a destination MAC address. The destination IP address may be a device IP address of the control device, and the destination MAC address may be a device MAC address of the control device. In VXLAN scenarios, the source and destination addresses typically use IP addresses, which may also be referred to as VTEP addresses. And after the first network equipment generates the first message, the first network equipment sends the first message to the control equipment through a first tunnel.

In the implementation, the first network device may be prompted to send the data packet to the control device in a tunnel forwarding manner when determining that the data packet cannot be matched with the routing table entry by configuring a rule in the first network device. For example, the first network device includes a default routing table entry that includes default address information and default next hop information. The default address information indicates: and the address information is used when the first routing table entry is not found in the first network device. The missing next hop information is used to identify the control device. For example, the default address information is set to all zeros, and the default next hop information is set to the address of the control device. After the first network device determines that the first routing table entry is not found, the first network device generates the first message according to the default routing table entry and forwards the first message to the control device. Specifically, after the first network device determines that the first routing table entry is not found, the first network device determines that the destination address of the first service packet matches the default address information. Then, the first network device uses the default next hop information as a destination address of the first packet, thereby obtaining the first packet. Thus, the first network device can send the first packet to the control device through the first tunnel.

In a possible implementation, the first network device may implement forwarding of the first packet according to the default routing table entry based on a layer 2 (physical layer). As such, the default routing table entry may be referred to as a default MAC routing table entry, which includes a default MAC address and the missing next hop information. Wherein the default MAC address has a value of zero.

In another possible implementation, the first network device may implement forwarding of the first packet according to the default routing table entry based on a layer 3 (network layer). As such, the default routing entry may be referred to as a default IP routing entry, which includes a default IP address, a default mask, and the default next-hop information. Wherein the default IP address has a value of zero and the default mask has a value of zero. The default IP address and the default mask correspond to the aforementioned default address information.

S104, the control device receives the first message sent by the first network device. Optionally, the control device receives the first packet sent by the first network device through the first tunnel.

For example, the control device receives the first packet sent by the first network device via the first tunnel. In a VXLAN scenario, the first tunnel is a first VXLAN tunnel, the first message is a first VXLAN message, and the control device may receive the first VXLAN message as a VTEP device of the first VXLAN tunnel.

And S105, the control device determines a first forwarding policy according to the first packet and the first routing table entry, where the first forwarding policy is used to direct forwarding of a first data stream to which the first service packet belongs.

And after receiving the first message, the control equipment analyzes the first message to obtain a first service message. Further, the control device determines a first forwarding policy according to the first packet and the first routing table entry, where the first forwarding policy is used for forwarding a first data stream to which the first service packet belongs. Thus, the first network device may forward the first data flow according to the first forwarding policy. In the embodiments of the present application, the data flow may also be referred to as a traffic flow, that is, the first data flow may also be referred to as a first traffic flow. The data stream includes a plurality of traffic packets. After the plurality of service messages are sent to the network equipment by the user equipment, the network equipment packages the plurality of service messages so as to send the packaged messages through the tunnel. Since the encapsulated packet includes the service packet, the encapsulated packet may also be considered as a packet belonging to a data flow.

Optionally, the control device may determine whether a first forwarding policy needs to be sent to the first network device according to the first packet. Specifically, the control device determines whether a first forwarding policy needs to be sent to the first network device according to the destination address of the first packet and the destination address of the first service packet.

In a possible implementation manner, the control device determines that the destination of the first packet is the control device itself according to the destination address of the first packet. And the control device searches whether the control device stores the first routing table entry according to the destination address of the first service packet. If the control device stores the first routing table entry, the control device may determine that the next hop device corresponding to the destination address of the first service packet is the second network device, instead of the control device itself. In this way, the control device determines that the network device indicated by the destination address of the first packet is inconsistent with the network device indicated by the first next hop information in the first routing table entry. Thus, the control device determines that the first forwarding policy needs to be sent to the first network device. That is to say, the control device may determine, through the inconsistency of the above determination, that the first network device is the first packet generated and sent according to the default routing table entry. Then, the control device determines the first forwarding policy according to the first routing table entry. If the control device does not include the first routing entry, the control device may determine that the first traffic packet is not forwarded to a user equipment within the communication network, but is forwarded to a user equipment outside the communication network, for example, a user equipment in another communication network. In this manner, the control device determines that the first forwarding policy does not need to be sent to the first network device. The control device may forward the first packet to the outside of the communication network through the egress network device in fig. 1 according to a conventional forwarding procedure.

The following explains the first forwarding policy determined by the control device.

In one possible implementation, the first forwarding policy includes the first routing table entry. After the control device determines that the first forwarding policy needs to be sent to the first network device, the control device generates the first forwarding policy according to the first routing table entry. Specifically, the control device determines, according to the first routing table entry and the source address of the first packet, that the first data flow to which the first service packet belongs is a data flow sent from the first network device to the second network device. Accordingly, the control device may determine that a first link between the first network device and the second network device is used to transmit the first data stream. The control device then determines a link quality of the first link. The link quality may be information related to packet loss rate, congestion, failure, signal-to-noise ratio, or delay. For example, the implementation manner of the control device determining the link quality of the first link may be: a Bidirectional Forwarding Detection (BFD) session is established between the first network device and the second network device. And then, the first network equipment and the second network equipment mutually send BFD messages. And the first network equipment and the second network equipment check the link quality according to the BFD messages. After the detection, the first network device and the second network device report the detection result to the control device. Optionally, the first network device and the second network device may implement reporting of the detection result based on BGP. The control device determines that the first link is capable of assuming transmission of the first data stream based on the link quality of the first link. For example, the first link is not congested or failing, and the control device determines that the first data flow can be transmitted using the first link. For another example, the packet loss rate of the first link is lower than a threshold, and the control device determines that the first data stream can be transmitted using the first link. After determining that the first link is available for transmitting the first data flow, the control device generates the first forwarding policy, where the first forwarding policy includes the first routing table entry.

In a possible implementation manner, the first forwarding policy includes a second routing table entry, where the second routing table entry includes second address information and second next hop information, the second address information is used to indicate the first user equipment, and the second next hop information is used to identify a third network device. After the control device determines that a first forwarding policy needs to be sent to the first network device, the control device generates the first forwarding policy according to the first routing table entry. Specifically, with reference to the foregoing implementation manner, the control device determines, according to the link quality of the first link, that the first link does not meet the requirement for transmitting the first data stream. E.g., the first link is congested or failed, the control device determines not to transmit the first data flow using the first link. For another example, the packet loss rate of the first link is higher than a threshold, and the control device determines not to transmit the first data stream using the first link. The control device determines, according to topology information, that a path from the first network device to the second network device further includes a backup path, which is a path from the first network device to the second network device via a third network device. Optionally, the control device may detect the link quality between the first network device and the third network device, and detect the link quality between the third network device and the second network device according to the aforementioned test manner. And when the link quality meets the condition of transmitting the first data stream, the control equipment generates a corresponding routing table entry of the standby path. Specifically, the control device generates a second routing table entry, where the second routing table entry includes second address information and second next hop information, the second address information is used to identify the first user equipment, and the second next hop information is used to identify a third network device. Then, the control device generates a first forwarding policy and a second forwarding policy, where the first forwarding policy includes a second routing table entry, and the second forwarding policy includes the first routing table entry. And the control device sends the first forwarding policy to the first network device and sends the second forwarding policy to the third network device. In this way, messages belonging to the first data flow may be sent by the first network device to a third network device based on a first forwarding policy that includes a second routing table entry. Then, the third network device forwards the packet belonging to the first data flow to the second network device according to a second forwarding policy including the first routing table entry. Therefore, the first data stream reaches the second network device via the backup path, and the second network device forwards the service traffic in the first data stream to the first user equipment. It should be appreciated that a variant implementation of the foregoing implementation is that the control device determines possible paths from the first network device to the second network device according to the first packet, then detects link qualities of these paths, selects a path with the best link quality, determines a routing table entry, and sends a forwarding policy to the network device associated with the routing table entry.

In the foregoing implementation manner, the control device determines, according to the link quality of the forwarding path, to select the backup path to transmit the first data stream, and does not select a link that directly reaches the second network device from the first network device to transmit the first data stream. In another possible implementation, the control device may determine to select the backup path to transmit the first data stream not because of link quality of a forwarding path. And after receiving the first message, the control device determines that the first data stream is from the network device with lower security level according to the first message. And, the third network device is a firewall. Therefore, the control device selects an alternative path to transmit the first data stream, so that the first data stream can reach the second network device after passing through the firewall (third network device).

In the foregoing implementation manner, optionally, the first forwarding policy further includes at least one of the following information: a first priority, a first rate, and a first Virtual Private Network (VPN) identifier, where the first priority is used to indicate a priority for the first network device to send the first data stream, the first rate is used to indicate a rate for the first network device to send the first data stream, and the first VPN identifier is used to indicate a VPN to which the first user device belongs. The control device can not only carry the routing table entry in the forwarding strategy and send the routing table entry to the network device, but also carry strategy control parameters in the forwarding strategy. The policy control parameter may be a priority, a rate, or a VPN identification. For example, the control device determines that the first data stream is a video service with a high real-time requirement according to the first packet, and the control device achieves the purpose of increasing the rate of transmitting the first data stream by issuing a first forwarding policy carrying a first rate to the first network device. For example, the control device determines, according to the first packet, a VPN to which the first user equipment belongs, and then carries the first VPN identifier in the first forwarding policy, so that the first network device can send a packet belonging to the first data flow according to the VPN identifier. In the embodiment of the present application, the VPN Identifier may be a VXLAN Network Identifier (VNI) or an EVPN Identifier.

In the above implementation, the control device may send the forwarding policy to the network device based on the BGP message.

In combination with the foregoing, the control device stores topology information, so that the control device can generate a corresponding routing table entry. Thus, the control device collects user device information of the respective user devices before the communication network in which the control device is located is operated. Or, in the operation process of the communication network, the control device may also receive an update message carrying user equipment information. For example, before the control device receives a first packet sent by a first network device via a first tunnel, the control device receives first user equipment information sent by a second network device, where the first user equipment information includes the first address information and first location information, and the first location information indicates the first next hop information. Corresponding to the foregoing implementation manner, the first user equipment information further includes at least one of the following information: the second priority is used for indicating the priority of the first user equipment, and the second VPN mark is used for indicating the VPN to which the first user equipment belongs. In this way, the control device may acquire the user device information of the user devices to which the first network device, the second network device, the third network device, and the fourth network device are connected. And the control equipment generates a corresponding routing table item according to the acquired user equipment information of each user equipment. In one possible implementation, the network device may report the ue information to the control device by sending a BGP message. In addition, the control device may also obtain user equipment information of each user equipment from a Dynamic Host Configuration Protocol (DHCP) server; or the control equipment acquires the user equipment information of each user equipment based on a data message learning mode.

According to the foregoing, after the first network device receives the first service packet sent by the third user equipment, the first network device does not find the corresponding first routing entry according to the destination address of the first service packet. The first network device encapsulates the first service packet into a first packet and sends the first packet to the control device through the first tunnel. Thus, the first network device requests the control device to replace the first network device to forward the first packet. In combination with the foregoing, after receiving the first message, the control device generates a first forwarding policy according to the first message, and sends the first forwarding policy to the first network device. Thus, the first forwarding policy may direct the first network device to transmit a first data flow. In this way, the first network device does not need to send the packets in the first data flow to the control device any more, but sends the packets in the first data flow directly to the destination. Correspondingly, the control device forwards the first packet to the second network device according to the first routing table entry, so as to avoid packet loss caused by the fact that the first network device cannot find the first routing table entry.

For example, the first network device receives a second service packet sent by the third user device, where a destination of the second service packet is the first user device. And the first network equipment sends a second message to the second network equipment according to the first forwarding strategy, wherein the second message comprises the second service message.

For example, the control device may select an alternate path for transmitting the packets in the first data stream. In this case, the first network device receives a second service packet sent by the third user device, where a destination of the second service packet is the first user device. And the first network equipment sends a second message to the third network equipment according to the first forwarding strategy, wherein the second message comprises the second service message. Correspondingly, the third network device forwards the second message to the second network device according to the second forwarding policy.

In combination with the foregoing, the control device may only forward the packet instead of the network device according to the level of the session, and does not send the forwarding policy to the network device. The level of the session may be an authority level or a security level of the session from the source of the message to the destination of the message. For example, the control device considers that the source of the packet belongs to an insecure user device; or the control device considers that the authority level of the user device as the source of the message is lower. In this way, the control device does not send a forwarding policy to the network device. For example, the control device receives, via the first tunnel, a third packet sent by the first network device, where the third packet includes a third service packet, a destination of the third packet is the control device, a destination of the third service packet is a second user device, and a next hop device of the second user device is a second network device, that is, the second user device is connected to a network through the second network device, and the network may be a campus network. And the control equipment determines that the destination of the third message is the control equipment according to the destination address of the third message. And the control device determines that a third routing table item is stored in the control device according to the destination address of the third service packet, where the third routing table item includes third address information and third next hop information, the third address information is used to identify the second user equipment, and the third next hop information is used to identify the second network device. And the control equipment determines the level of the conversation from the third user equipment to the second user equipment according to the third service message, wherein the source address of the third service message identifies the third user equipment. And the control equipment prevents a third forwarding strategy from being sent to the first network equipment according to the grade, wherein the third forwarding strategy is used for guiding the forwarding of a second data stream to which the third service message belongs.

Optionally, the network is a campus network, and the campus network includes the control device, the first network device, and the second network device. Wherein the control device is a core network device, such as a core switch or a core router. The first network device and the second network device are edge network devices, such as edge switches or edge routers.

In an implementation manner of the present application, when the control device sends the forwarding policy to the network device, the control device may use address information of the user equipment at the receiving end as an index. For example, the control device sends a first forwarding policy to the first network device, where the first forwarding policy includes index information, and the index information includes address information of the first user device. After receiving the first forwarding policy, the first network device may determine, based on index information, that the first forwarding policy is a forwarding policy addressed to itself. Optionally, the index information may further include a VPN identifier.

Fig. 3 is a schematic structural diagram of a control device 1000 according to an embodiment of the present application. The control device 1000 shown in fig. 3 may perform the corresponding steps performed by the control device in the method of the above-described embodiment. The control device 1000 is deployed in a communication network, which further includes a first network device, and optionally, a second network device, a third network device, and a fourth network device. As shown in fig. 3, the control apparatus 1000 includes a receiving unit 1002, a processing unit 1004, and a transmitting unit 1006.

The receiving unit 1002 is configured to receive a first packet sent by a first network device, where the first packet includes a first service packet, a destination of the first packet is the control device, a destination of the first service packet is a first user equipment, and the first user equipment is connected to a network through a second network device;

the processing unit 1004 is configured to determine a first forwarding policy according to the first packet and a first routing table entry, where the first forwarding policy is used to instruct forwarding of a first data stream to which the first service packet belongs, the first routing table entry includes first address information and first next hop information, the first address information is used to identify the first user equipment, and the first next hop information is used to identify the second network equipment;

the sending unit 1006 is configured to send the first forwarding policy to the first network device.

Optionally, the receiving unit 1002 is configured to receive a first packet sent by a first network device through a first tunnel.

Optionally, in the determining, by the processing unit 1004, a first forwarding policy according to the first packet and the first routing table entry, the processing unit 1004 is specifically configured to: determining that the destination of the first message is the control device according to the destination address of the first message; determining the first routing table entry according to the destination address of the first service message; and determining the first forwarding strategy according to the first routing table entry.

Optionally, the first forwarding policy includes the first routing table entry.

Optionally, the first forwarding policy includes a second routing table entry, where the second routing table entry includes second address information and second next hop information, the second address information is used to identify the first user equipment, the second next hop information is used to identify a third network device, and the sending unit 1006 is further configured to send a second forwarding policy to the third network device, where the second forwarding policy includes the first routing table entry.

Optionally, before the processing unit 1004 determines the first forwarding policy according to the first packet and the first routing entry, the processing unit 1004 is further configured to determine, according to the first packet and the first routing entry, a link congestion or a link failure from the first network device to the second network device.

Optionally, the third network device is a firewall.

Optionally, the first forwarding policy further includes at least one of the following information: the first priority is used for indicating the priority of the first network device for sending the first data stream, the first rate is used for indicating the rate of the first network device for sending the first data stream, and the first VPN identifier is used for indicating the VPN to which the first user device belongs.

Optionally, before the receiving unit 1002 receives a first packet sent by a first network device, the receiving unit 1002 is further configured to receive first user equipment information sent by a second network device, where the first user equipment information includes the first address information and first location information, and the first location information indicates the first next hop information; the processing unit 1004 is further configured to determine the first routing entry according to the first user equipment information.

Optionally, the first user equipment information further includes at least one of the following information: the second priority is used for indicating the priority of the first user equipment, and the second VPN mark is used for indicating the VPN to which the first user equipment belongs.

Optionally, the processing unit 1004 is further configured to forward the first packet to the second network device according to the first routing table entry.

Optionally, the receiving unit 1002 is further configured to receive a third packet sent by the first network device, where the third packet includes a third service packet, a destination of the third packet is the control device, and a destination of the third service packet is a second user device, and the second user device is connected to the network through a second network device; the processing unit 1004 is further configured to determine that a destination of the third packet is the control device according to a destination address of the third packet; the processing unit 1004 is further configured to determine a third routing table entry according to a destination address of the third service packet, where the third routing table entry includes third address information and third next hop information, the third address information is used to identify the second user equipment, and the third next hop information is used to identify the second network equipment; the processing unit 1004 is further configured to determine, according to the third service packet, a level of a session from a third user equipment to the second user equipment, where a source address of the third service packet identifies the third user equipment; the processing unit 1004 is further configured to prevent, according to the level, sending a third forwarding policy to the first network device, where the third forwarding policy is used to direct forwarding of a second data stream to which the third service packet belongs. Further optionally, the receiving unit 1002 is configured to receive a third packet sent by the first network device through the first tunnel.

Optionally, the sending unit 1006 is further configured to forward the third packet to the second network device according to the third routing table entry.

Optionally, the first tunnel is any one of the following tunnels: VXLAN tunnels, MPLS-based tunnels, SR tunnels, and GRE tunnels.

The control device 1000 shown in fig. 3 may perform the corresponding steps performed by the control device in the method of the above-described embodiment. Through the implementation mode, the control equipment implements intervention and control on the forwarding path of the data stream to which the message belongs according to the message sent by the network equipment, and correspondingly, the network equipment forwards the message stream according to the intervention and control requirements of the control equipment according to the forwarding strategy.

Fig. 4 is a schematic diagram of a hardware structure of a control device 1100 according to an embodiment of the present application. The control device 1100 shown in fig. 4 may perform the corresponding steps performed by the control device in the methods of the above-described embodiments.

As shown in fig. 4, the control device 1100 includes a processor 1101, a memory 1102, an interface 1103, and a bus 1104. Wherein the interface 1103 can be implemented in a wireless or wired manner. The processor 1101, memory 1102 and interface 1103 are connected by a bus 1104.

The interface 1103 may specifically include a transmitter and a receiver, which are used for the control device to send and receive information to and from the first network device in the above-mentioned embodiment, and for the control device to send and receive information to and from the second network device or the third network device in the above-mentioned embodiment. For example, the interface 1103 is configured to support receiving a first packet sent by the first network device. And the interface 1103 is configured to support sending a first forwarding policy to the first network device. The interface 1103 is used to support the processes S104 and S106 in fig. 2, by way of example. The processor 1101 is configured to execute the processing performed by the control device in the above-described embodiment. For example, the processor 1101 is configured to perform determining the first forwarding policy; and/or other processes for the techniques described herein. By way of example, the processor 1101 is configured to support the process S105 in fig. 2. Memory 1102 is used to store programs, code or instructions, such as, for example, operating system 11021 and application programs 11022, which when executed by a processor or hardware device may perform the processes involved in controlling the device in the method embodiments. Alternatively, the Memory 1102 may include a Read-only Memory (ROM) and a Random Access Memory (RAM). Wherein, the ROM comprises a Basic Input/Output System (BIOS) or an embedded System; the RAM includes an application program and an action system. When the control device 1100 needs to be operated, the boot control device 1100 enters a normal operation state by booting through a BIOS that is solidified in a ROM or a bootloader boot system in an embedded system. After the control device 1100 enters the normal operation state, the application program and the action system that are run in the RAM, thereby completing the processing procedures related to the control device in the method embodiment.

It will be appreciated that fig. 4 only shows a simplified design of the control device 1100. In practice, the control device may comprise any number of interfaces, processors or memories.

Fig. 5 is a schematic diagram of a hardware structure of another control device 1200 according to an embodiment of the present application. The control device 1200 shown in fig. 5 may perform the corresponding steps performed by the control device in the method of the above-described embodiment.

As illustrated in fig. 5, the control apparatus 1200 includes: main control board 1210, interface board 1230, switch board 1220 and interface board 1240. The main control board 1210, the interface boards 1230 and 1240, and the switch board 1220 are connected to the system backplane through the system bus to realize intercommunication. The main control board 1210 is used to complete functions such as system management, device maintenance, and protocol processing. The switch network board 1220 is used for completing data exchange between interface boards (interface boards are also called line cards or service boards). Interface boards 1230 and 1240 are used to provide various service interfaces (e.g., POS interface, GE interface, ATM interface, etc.) and to enable forwarding of data packets.

Interface board 1230 may include a central processor 1231, a forwarding entry store 1234, a physical interface card 1233, and a network processor 1232. The central processing unit 1231 is used for controlling and managing the interface board and communicating with the central processing unit on the main control board. The forwarding table entry store 1234 is used to store forwarding table entries. The physical interface card 1233 is used to complete the reception and transmission of traffic. The network memory 1232 is configured to control the physical interface card 1233 to transmit and receive traffic according to the forwarding table entry.

Specifically, the physical interface card 1233 is configured to receive a first packet sent by the first user equipment. The physical interface card 1233 may also be used to send the first forwarding policy to the first network device.

After receiving the first packet, the physical interface card 1233 sends the first packet to the central processing unit 1231, and the central processing unit 1231 determines, according to the information in the packet header of the first packet, that the first packet needs to be processed by the central processing unit 1231, and correspondingly, the central processing unit 1231 processes the first packet.

Optionally, after receiving the first message, the physical interface card 1233 sends the first message to the central processor 1231, the central processor 1231 determines, according to information in a message header of the first message, that the first message needs to be processed by the central processor 1211, the central processor 1231 sends the first message to the central processor 1211, and the central processor 1211 processes the first message.

The central processor 1231 is further configured to control the network memory 1232 to obtain the forwarding entries in the forwarding entry memory 1234, and the central processor 1231 is further configured to control the network memory 1232 to send the first forwarding policy to the first network device via the physical interface card 1233.

It should be understood that the actions on the interface board 1240 in the embodiment of the present invention are the same as the actions of the interface board 1230, and therefore, for brevity, the description is omitted. It should be understood that the control device 1200 of the present embodiment may correspond to the functions and/or various steps of the above method embodiments, and are not described herein again.

In addition, it should be noted that there may be one or more main control boards, and when there are multiple main control boards, the main control board may include an active main control board and a standby main control board. The interface board may have one or more blocks, and the stronger the data processing capability of the control device, the more interface boards are provided. There may also be one or more physical interface cards on an interface board. The exchange network board may not have one or more blocks, and when there are more blocks, the load sharing redundancy backup can be realized together. Under the centralized forwarding architecture, the control device does not need a switching network board, and the interface board undertakes the processing function of the service data of the whole system. Under the distributed forwarding architecture, the control device can have at least one switching network board, and the data exchange among a plurality of interface boards is realized through the switching network board, so that the large-capacity data exchange and processing capacity is provided. Therefore, the data access and processing capabilities of the control devices of the distributed architecture are greater than those of the devices of the centralized architecture. Which architecture is specifically adopted depends on the specific networking deployment scenario, and is not limited herein.

In addition, the present application provides a computer storage medium for storing computer software instructions for the control device, which includes a program designed to execute the method embodiments.

Fig. 6 is a schematic structural diagram of a first network device 2000 according to an embodiment of the present application. The first network device 2000 shown in fig. 6 may perform the corresponding steps performed by the first network device in the methods of the above embodiments. The first network device is deployed in a communication network that further includes a control device, a second network device, a third network device, and a fourth network device. As shown in fig. 6, the first network device 2000 includes a receiving unit 2002, a processing unit 2004, and a transmitting unit 2006.

The receiving unit 2002 is configured to receive a first service packet sent by a third user equipment, where a destination of the first service packet is the first user equipment, and the first user equipment is connected to a network through a second network device;

the processing unit 2004 is configured to determine, according to a destination address of the first service packet, that the first network device does not include a first routing table entry, where the first routing table entry includes first address information, and the first address information is used to identify the first user equipment;

the sending unit 2006 is configured to send a first packet to the control device, where a destination of the first packet is the control device, and the first packet includes the first service packet;

the receiving unit 2002 is further configured to receive a first forwarding policy sent by the control device, where the first forwarding policy is used to direct forwarding of a first data flow to which the first service packet belongs.

Optionally, the sending unit 2006 is configured to send a first packet to the control device through a first tunnel.

Optionally, the first routing table entry further includes first next hop information, where the first next hop information is used to identify the second network device.

Optionally, before the sending unit 2006 sends the first packet to the control device, the processing unit 2004 is further configured to generate the first packet according to a default routing table entry, where the default routing table entry includes default address information and default next hop information, and the default next hop information is used to identify the control device.

Optionally, the first forwarding policy includes the first routing table entry.

Optionally, the receiving unit 2002 is further configured to receive a second service packet sent by the third user equipment, where a destination of the second service packet is the first user equipment; the sending unit 2006 is further configured to send the second service packet to the second network device according to the first forwarding policy.

Optionally, the first forwarding policy includes a second routing table entry, where the second routing table entry includes second address information and second next hop information, the second address information is used to identify the first user equipment, and the second next hop information is used to identify a third network device.

Optionally, the receiving unit 2002 is further configured to receive a second service packet sent by the third user equipment, where a destination of the second service packet is the first user equipment; the sending unit 2006 is further configured to send the second service packet to the third network device according to the first forwarding policy.

Optionally, the default address information includes a default IP address and a default mask, where the value of the default IP address is zero and the value of the default mask is 0.

Optionally, the default address information includes a default MAC address, and a value of the default MAC address is zero.

The first network device 2000 shown in fig. 6 may perform the corresponding steps performed by the first network device in the methods of the above embodiments. Through the implementation mode, the control equipment implements intervention and control on the forwarding path of the data stream to which the message belongs according to the message sent by the network equipment, and correspondingly, the network equipment forwards the message stream according to the intervention and control requirements of the control equipment according to the forwarding strategy.

Fig. 7 is a schematic hardware structure diagram of a first network device 2100 according to an embodiment of the present disclosure. The first network device 2100 shown in fig. 7 may perform the corresponding steps performed by the first network device in the methods of the above embodiments.

As shown in fig. 7, the first network device 2100 includes a processor 2101, a memory 2102, an interface 2103, and a bus 2104. Wherein the interface 2103 may be implemented in a wireless or wired manner. The processor 2101, memory 2102 and interface 2103 described above are connected by a bus 2104.

The interface 2103 may particularly comprise a transmitter and a receiver for transceiving information or data between the first network device and the control device in the above embodiments. For example, the interface 2103 is configured to support receiving a first service packet sent by the third user equipment; the interface 2103 is further configured to support sending the first packet to the control device; the interface 2103 is further configured to support receiving a first forwarding policy sent by the control device. By way of example, the interface 2103 is used to support the processes S101, S103 and S107 in fig. 2. The processor 2101 is configured to perform the processing performed by the first network device in the above-described embodiments. For example, the processor 2101 is configured to determine whether a first network device includes a first routing table entry according to a destination address of a first service packet; the processor 2101 is configured to generate a corresponding forwarding entry according to a first forwarding policy; and/or other processes for the techniques described herein. By way of example, the processor 2101 is configured to support the process S102 in fig. 2. The memory 2102 includes an action system 21021 and an application program 21022 for storing programs, code or instructions which when executed by a processor or hardware device may perform the processes of the method embodiments involving the first network device. Alternatively, the Memory 2102 may include a Read-only Memory (ROM) and a Random Access Memory (RAM). Wherein, the ROM comprises a Basic Input/Output System (BIOS) or an embedded System; the RAM includes an application program and an action system. When the first network device 2100 needs to be operated, the first network device 2100 is booted to enter a normal operation state by booting through a BIOS that is solidified in a ROM or a bootloader boot system in an embedded system. After the first network device 2100 enters the normal operation state, the application and the action system that run in the RAM thereby complete the processing procedures related to the first network device in the method embodiment.

It is to be appreciated that fig. 7 only shows a simplified design of the first network device 2100. In practical applications, the first network device may comprise any number of interfaces, processors or memories.

Fig. 8 is a schematic hardware structure diagram of another first network device 2200 according to an embodiment of the present application. The first network device 2200 shown in fig. 8 may perform the corresponding steps performed by the first network device in the methods of the above embodiments.

As illustrated in fig. 8, the first network device 2200 includes: a main control board 2210, an interface board 2230, a switch screen 2220 and an interface board 2240. The main control board 2210, the interface boards 2230 and 2240, and the switch board 2220 are connected to the system backplane through the system bus to realize intercommunication. The main control board 2210 is used for performing functions such as system management, device maintenance, and protocol processing. The switch fabric 2220 is used to complete data exchange between interface boards (also called line cards or service boards). The interface boards 2230 and 2240 are used to provide various service interfaces (e.g., POS interface, GE interface, ATM interface, etc.) and implement forwarding of data packets. In one possible implementation, first network device 2200 is a blade server.

Interface board 2230 may include a central processor 2231, a forwarding entry store 2234, a physical interface card 2233, and a network processor 2232. The central processor 2231 is used for controlling and managing the interface board and communicating with the central processor 2211 on the main control board 2210. The forwarding table entry storage 2234 is used for storing forwarding table entries. Physical interface card 2233 is used to complete the reception and transmission of traffic. The network storage 2232 is configured to control the physical interface card 2233 to receive and transmit traffic according to the forwarding table entry.

Specifically, the physical interface card 2233 is configured to receive a first service packet sent by the third user equipment. The physical interface card 2233 is further configured to send a first packet; physical interface card 2233 is also used to receive a first forwarding policy.

After receiving the first service packet, the physical interface card 2233 sends the first service packet to the central processor 2231, where the central processor 2231 determines, according to information in a packet header of the first service packet, that the first service packet needs to be processed by the central processor 2231, and correspondingly, the central processor 2231 processes the first service packet.

Optionally, after receiving the first service packet, the physical interface card 2233 sends the first service packet to the central processor 2231, where the central processor 2231 determines, according to information in a packet header of the first service packet, that the first service packet needs to be processed by the central processor 2211, the central processor 2231 sends the first service packet to the central processor 2211, and the central processor 2211 processes the first service packet.

The central processor 2231 is further configured to control the network storage 2232 to obtain the forwarding entry in the forwarding entry storage 2234, and the central processor 2231 is further configured to control the network storage 2232 to complete the receiving and sending of the traffic via the physical interface card 2233.

It should be understood that, in the embodiment of the present invention, the actions on the interface board 2240 are the same as the actions on the interface board 2230, and therefore, for brevity, the description is not repeated. It should be understood that the first network device 2200 of the present embodiment may correspond to the functions and/or various steps of the foregoing method embodiments, and are not described herein again.

In addition, it should be noted that there may be one or more main control boards, and when there are multiple main control boards, the main control board may include an active main control board and a standby main control board. The interface board may have one or more boards, and the more the data processing capability of the first network device is, the more interface boards are provided. There may also be one or more physical interface cards on an interface board. The exchange network board may not have one or more blocks, and when there are more blocks, the load sharing redundancy backup can be realized together. Under the centralized forwarding architecture, the first network device may not need the switching network board, and the interface board undertakes the processing function of the service data of the whole system. Under the distributed forwarding architecture, the first network device may have at least one switching network board, and data exchange between the plurality of interface boards is realized through the switching network board, so as to provide large-capacity data exchange and processing capability. Therefore, the data access and processing capabilities of the first network device of the distributed architecture are greater than those of the centralized architecture. Which architecture is specifically adopted depends on the specific networking deployment scenario, and is not limited herein.

In addition, the present application provides a computer storage medium for storing computer software instructions for the first network device, which includes a program designed to execute the method embodiments.

The embodiment of the present application further includes a network system, where the network system includes a control device and a first network device, the control device is the control device in fig. 3, or fig. 4, or fig. 5, and the first network device is the first network device in fig. 6, or fig. 7, or fig. 8.

The steps of a method or algorithm described in connection with the disclosure herein may be embodied in hardware or in software instructions executed by a processor. The software instructions may be comprised of corresponding software modules that may be stored in RAM memory, flash memory, ROM memory, erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEOROM), registers, a hard disk, a removable disk, a compact disc read-only memory (CD-ROM), or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. Of course, the storage medium may also be integral to the processor. The processor and the storage medium may reside in an application-specific integrated circuit (ASIC). Additionally, the ASIC may reside in user equipment. Of course, the processor and the storage medium may reside as discrete components in user equipment.

Those skilled in the art will recognize that, in one or more of the examples described above, the functions described in the embodiments of the present application may be implemented in hardware or a combination of hardware and software. When implemented using a combination of hardware and software, the software may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.

The above-mentioned embodiments further explain the objects, technical solutions and advantages of the present application in detail. It should be understood that the above description is only illustrative of particular embodiments of the present application.

Claims

1. A method of controlling traffic forwarding, the method comprising:

the method comprises the steps that a control device receives a first message sent by a first network device, wherein the first message comprises a first service message, the destination of the first message is the control device, the destination of the first service message is a first user device, and the first user device is connected with a network through a second network device;

the control device determines a first forwarding policy according to the first packet and a first routing table entry, where the first forwarding policy is used to instruct forwarding of a first data stream to which the first service packet belongs, the first routing table entry includes first address information and first next hop information, the first address information is used to identify the first user equipment, and the first next hop information is used to identify the second network device;

the control device sends the first forwarding policy to the first network device.

2. The method of claim 1, wherein the determining, by the control device, the first forwarding policy based on the first packet and the first routing table entry comprises:

the control equipment determines that the destination of the first message is the control equipment according to the destination address of the first message;

the control equipment determines the first routing table item according to the destination address of the first service message;

and the control equipment determines the first forwarding strategy according to the first routing table entry.

3. The method of claim 1 or 2, wherein the first forwarding policy comprises the first routing table entry.

4. The method of claim 1 or 2, wherein the first forwarding policy comprises a second routing table entry, the second routing table entry comprising second address information and second next hop information, the second address information identifying the first user device, the second next hop information identifying a third network device, the method further comprising:

and the control device sends a second forwarding strategy to the third network device, wherein the second forwarding strategy comprises the first routing table entry.

5. The method of claim 4, wherein prior to the control device determining the first forwarding policy based on the first packet and the first routing table entry, the method further comprises:

and the control equipment determines the link congestion or the link failure from the first network equipment to the second network equipment according to the first message and the first routing table entry.

6. The method of claim 4, wherein the third network device is a firewall.

7. The method of any of claims 3-6, wherein the first forwarding policy further comprises at least one of: the first priority is used for indicating the priority of the first network device for sending the first data stream, the first rate is used for indicating the rate of the first network device for sending the first data stream, and the first VPN identifier is used for indicating the VPN to which the first user device belongs.

8. The method of any of claims 1-7, wherein prior to the control device receiving the first message sent by the first network device, the method further comprises:

the control device receives first user equipment information sent by the second network device, wherein the first user equipment information comprises the first address information and first position information, and the first position information indicates the first next hop information;

and the control equipment determines the first routing table item according to the first user equipment information.

9. The method of claim 8, wherein the first user device information further comprises at least one of: the second priority is used for indicating the priority of the first user equipment, and the second VPN mark is used for indicating the VPN to which the first user equipment belongs.

10. The method of any one of claims 1-9, further comprising:

and the control equipment forwards the first message to the second network equipment according to the first routing table item.

11. The method of any one of claims 1-10, further comprising:

the control device receives a third message sent by the first network device, where the third message includes a third service message, a destination of the third message is the control device, a destination of the third service message is a second user device, and the second user device is connected to the network through the second network device;

the control equipment determines that the destination of the third message is the control equipment according to the destination address of the third message;

the control device determines a third routing table entry according to the destination address of the third service packet, where the third routing table entry includes third address information and third next hop information, the third address information is used to identify the second user equipment, and the third next hop information is used to identify the second network equipment;

the control equipment determines the level of a conversation from third user equipment to the second user equipment according to the third service message, wherein the source address of the third service message identifies the third user equipment;

and the control equipment prevents a third forwarding strategy from being sent to the first network equipment according to the grade, wherein the third forwarding strategy is used for guiding the forwarding of a second data stream to which the third service message belongs.

12. The method of claim 11, wherein the method further comprises:

and the control equipment forwards the third message to the second network equipment according to the third routing table entry.

13. The method according to any of claims 1-12, wherein the receiving, by the control device, the first packet sent by the first network device comprises: the control device receives the first packet sent by the first network device via a first tunnel, where the first tunnel is any one of the following tunnels: virtual extensible local area network VXLAN tunnels, multiprotocol label switching (MPLS) -based tunnels, Segment Routing (SR) tunnels and generic routing encapsulation protocol (GRE) tunnels.

14. The method of any one of claims 1-13, wherein the network is a campus network comprising the control device, the first network device, and the second network device, wherein the control device is a core network device and the first network device and the second network device are edge network devices.

15. A method of controlling traffic forwarding, the method comprising:

the method comprises the steps that first network equipment receives a first service message sent by third user equipment, the destination of the first service message is the first user equipment, and the first user equipment is connected with a network through second network equipment;

the first network device determines, according to a destination address of the first service packet, that the first network device does not include a first routing table entry, where the first routing table entry includes first address information, and the first address information is used to identify the first user equipment;

the first network device sends a first message to the control device, wherein the destination of the first message is the control device, and the first message comprises the first service message;

and the first network equipment receives a first forwarding strategy sent by the control equipment, wherein the first forwarding strategy is used for guiding the forwarding of a first data flow to which the first service packet belongs.

16. The method of claim 15, wherein prior to the first network device sending the first packet to the control device, the method further comprises:

the first network device generates the first message according to a default routing table entry, the default routing table entry includes default address information and default next hop information, and the default next hop information is used for identifying the control device.

17. The method of claim 15 or 16, wherein the first forwarding policy includes the first routing table entry, the first routing table entry further including first next hop information, the first next hop information identifying the second network device.

18. The method of claim 17, wherein the method further comprises:

the first network equipment receives a second service message sent by the third user equipment, wherein the destination of the second service message is the first user equipment;

and the first network equipment sends the second service message to the second network equipment according to the first forwarding strategy.

19. The method of claim 15 or 16, wherein the first forwarding policy comprises a second routing table entry, the second routing table entry comprising second address information and second next hop information, the second address information identifying the first user device, the second next hop information identifying a third network device.

20. The method of any one of claim 19, further comprising:

and the first network equipment sends the second service message to the third network equipment according to the first forwarding strategy.

21. The method of any of claims 17-20, wherein the first forwarding policy further comprises at least one of: the first priority is used for indicating the priority of the first network device for sending the first data stream, the first rate is used for indicating the rate of the first network device for sending the first data stream, and the first VPN identifier is used for indicating the VPN to which the first user device belongs.

22. The method of any one of claims 15-21, wherein the default address information includes a default internet protocol, IP, address and a default mask, the default IP address having a value of zero and the default mask having a value of 0.

23. The method of any one of claims 15-21, wherein the default address information comprises a default medium access control, MAC, address, the default MAC address having a value of zero.

24. The method according to any of claims 15-23, wherein the first network device sending a first packet to the control device comprises the first network device sending the first packet to the control device via a first tunnel, the first tunnel being any of: virtual extensible local area network VXLAN tunnels, multiprotocol label switching (MPLS) -based tunnels, Segment Routing (SR) tunnels and generic routing encapsulation protocol (GRE) tunnels.

25. The method of any one of claims 15-24, wherein the network is a campus network comprising the control device, the first network device, and the second network device, wherein the control device is a core network device and the first network device and the second network device are edge network devices.

26. A control apparatus, characterized in that the control apparatus comprises:

a receiving unit, configured to receive a first packet sent by a first network device, where the first packet includes a first service packet, a destination of the first packet is the control device, a destination of the first service packet is a first user equipment, and the first user equipment is connected to a network through a second network device;

a processing unit, configured to determine a first forwarding policy according to the first packet and a first routing table entry, where the first forwarding policy is used to instruct forwarding of a first data stream to which the first service packet belongs, the first routing table entry includes first address information and first next hop information, the first address information is used to identify the first user equipment, and the first next hop information is used to identify the second network equipment;

a sending unit, configured to send the first forwarding policy to the first network device.

27. The control device according to claim 26, wherein, in the processing unit determining the first forwarding policy according to the first packet and the first routing table entry, the processing unit is specifically configured to:

determining that the destination of the first message is the control device according to the destination address of the first message;

determining the first routing table entry according to the destination address of the first service message;

and determining the first forwarding strategy according to the first routing table entry.

28. The control device according to claim 26 or 27, wherein the first forwarding policy comprises the first routing table entry.

29. The control device of claim 26 or 27, wherein the first forwarding policy comprises a second routing table entry, the second routing table entry comprising second address information and second next hop information, the second address information identifying the first user device, the second next hop information identifying a third network device,

the sending unit is further configured to send a second forwarding policy to the third network device, where the second forwarding policy includes the first routing table entry.

30. The control device of claim 29, wherein before the processing unit determines a first forwarding policy based on the first packet and a first routing entry, the processing unit is further configured to determine a link congestion or a link failure of the first network device to the second network device based on the first packet and the first routing entry.

31. The control device of any of claims 28-30, wherein the first forwarding policy further comprises at least one of: the first priority is used for indicating the priority of the first network device for sending the first data stream, the first rate is used for indicating the rate of the first network device for sending the first data stream, and the first VPN identifier is used for indicating the VPN to which the first user device belongs.

32. The control device according to any of claims 26-31, wherein, before the receiving unit receives the first message sent by the first network device,

the receiving unit is further configured to receive first user equipment information sent by the second network device, where the first user equipment information includes the first address information and first location information, and the first location information indicates the first next hop information;

the processing unit is further configured to determine the first routing entry according to the first user equipment information.

33. The control device of claim 32, wherein the first user device information further comprises at least one of: the second priority is used for indicating the priority of the first user equipment, and the second VPN mark is used for indicating the VPN to which the first user equipment belongs.

34. The control device according to any of claims 26-33, wherein the processing unit is further configured to forward the first packet to the second network device according to the first routing entry.

35. The control apparatus of any one of claims 26-34,

the receiving unit is further configured to receive a third packet sent by the first network device, where the third packet includes a third service packet, a destination of the third packet is the control device, and a destination of the third service packet is a second user device, and the second user device is connected to the network through the second network device;

the processing unit is further configured to determine that a destination of the third packet is the control device according to a destination address of the third packet;

the processing unit is further configured to determine a third routing table entry according to a destination address of the third service packet, where the third routing table entry includes third address information and third next hop information, the third address information is used to identify the second user equipment, and the third next hop information is used to identify the second network equipment;

the processing unit is further configured to determine, according to the third service packet, a level of a session from a third user equipment to the second user equipment, where a source address of the third service packet identifies the third user equipment;

the processing unit is further configured to prevent, according to the level, sending a third forwarding policy to the first network device, where the third forwarding policy is used to direct forwarding of a second data stream to which the third service packet belongs.

36. The control apparatus of claim 35,

the sending unit is further configured to forward the third packet to the second network device according to the third routing table entry.

37. A first network device, wherein the first network device comprises:

a receiving unit, configured to receive a first service packet sent by a third user equipment, where a destination of the first service packet is the first user equipment, and the first user equipment is connected to a network through a second network device;

a processing unit, configured to determine, according to a destination address of the first service packet, that the first network device does not include a first routing table entry, where the first routing table entry includes first address information, and the first address information is used to identify the first user equipment;

a sending unit, configured to send a first packet to the control device, where a destination of the first packet is the control device, and the first packet includes the first service packet;

the receiving unit is further configured to receive a first forwarding policy sent by the control device, where the first forwarding policy is used to direct forwarding of a first data flow to which the first service packet belongs.

38. The first network device of claim 37, wherein, prior to the sending unit sending the first packet to the control device,

the processing unit is further configured to generate the first packet according to a default routing table entry, where the default routing table entry includes default address information and default next hop information, and the default next hop information is used to identify the control device.

39. The first network device of claim 37 or 38, wherein the first forwarding policy includes the first routing entry, the first routing entry further including first next hop information, the first next hop information identifying the second network device.

40. The first network device of claim 39,

the receiving unit is further configured to receive a second service packet sent by the third user equipment, where a destination of the second service packet is the first user equipment;

the sending unit is further configured to send the second service packet to the second network device according to the first forwarding policy.

41. The first network device of claim 37 or 38, wherein the first forwarding policy comprises a second routing table entry, the second routing table entry comprising second address information and second next hop information, the second address information identifying the first user device, the second next hop information identifying a third network device.

42. The first network device of any one of claims 41,

the sending unit is further configured to send the second service packet to the third network device according to the first forwarding policy.

43. The first network device of any one of claims 39-42, wherein the first forwarding policy further comprises at least one of: the first priority is used for indicating the priority of the first network device for sending the first data stream, the first rate is used for indicating the rate of the first network device for sending the first data stream, and the first VPN identifier is used for indicating the VPN to which the first user device belongs.

44. A communication network system, characterized in that the communication network system comprises a control device according to any one of claims 26-36 and a first network device according to any one of claims 37-43.