CN115174474B - SRv 6-based SFC implementation method and device in private cloud - Google Patents

SRv 6-based SFC implementation method and device in private cloud Download PDF

Info

Publication number
CN115174474B
CN115174474B CN202211095509.XA CN202211095509A CN115174474B CN 115174474 B CN115174474 B CN 115174474B CN 202211095509 A CN202211095509 A CN 202211095509A CN 115174474 B CN115174474 B CN 115174474B
Authority
CN
China
Prior art keywords
data packet
sfc
service
information
service chain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211095509.XA
Other languages
Chinese (zh)
Other versions
CN115174474A (en
Inventor
魏嘉琳
王龙
龚永生
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Jiuzhou Future Information Technology Co ltd
Original Assignee
Zhejiang 99Cloud Information Service Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang 99Cloud Information Service Co Ltd filed Critical Zhejiang 99Cloud Information Service Co Ltd
Priority to CN202211095509.XA priority Critical patent/CN115174474B/en
Publication of CN115174474A publication Critical patent/CN115174474A/en
Application granted granted Critical
Publication of CN115174474B publication Critical patent/CN115174474B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/745Address table lookup; Address filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/54Organization of routing tables
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention provides a method and a device for realizing SRv 6-based SFC in a private cloud, wherein the method comprises the following steps: when receiving the service configuration information of the SFC service chain, generating a service chain information table and generating a corresponding datapath flow table; based on a first service node in the service configuration information, sending a corresponding data packet to the OVS, and encapsulating the data packet; and then sending the encapsulated data packet to a second service node according to next hop information, judging whether the second service node is a destination address or not according to the destination address in the IPv6 message header when the identification result of the OVS of the second service node passes through the data packet, and unpacking the data packet and forwarding the unpacked data packet to a vport of a VPC corresponding to the destination address when the second service node is the destination address. By adopting the method, the SFC can be conveniently and quickly used on the cloud, the flow is not influenced by the deployment node, the function of using the SFC anywhere in the cloud can be realized, the functions of cloud addressing and the like are optimized, and the speed and the performance are greatly improved.

Description

SRv 6-based SFC implementation method and device in private cloud
Technical Field
The invention relates to the technical field of IT cloud computing, in particular to an SFC implementation method and device based on SRv6 in private cloud.
Background
In order to meet the requirements of users on safety, stability and the like of service data and provide various basic guarantee or value-added optimization services, service function nodes (such as load balancing, firewalls and the like) are often used for realizing service supply in the traditional network. However, these service function nodes are often closely coupled with the network topology and hardware resources, and each service function node is in a dedicated device form and is complex to deploy. When a new service is opened or a service flow is changed, a network topology needs to be changed, and even network equipment needs to be changed and upgraded, which also has an influence on a surrounding support system. With the popularization of cloud computing networks, the maturity and the application of virtualization technologies in recent years, the characteristics of network function dynamic loading, resource allocation as required, flexible service opening and the like are obviously enhanced, and service supply is also indispensable. Therefore, the service chain SFC technology is provided, and the technology is more suitable for the network characteristics of the new era from the viewpoint of meeting the requirements of safety, stability and the like of business data of customers, so that the flexibility of business functions is exerted more.
However, in the prior art, SFC schemes in the cloud are implemented by using an IPv4 policy-based routing or static routing manner and using an NSH standardized service chain technique, and these schemes still have a certain limitation, and during configuration, hop-by-hop configuration is required to be performed on each service node in sequence based on each service flow according to a forwarding path of a traffic. When the SFC service chain expands, its configuration complexity also increases geometrically. Therefore, the existing scheme is complex in operation and poor in expandability, and is not beneficial to the floor promotion of the SFC.
Disclosure of Invention
Aiming at the problems in the prior art, the embodiment of the invention provides an SFC implementation method and device based on SRv6 in a private cloud.
The embodiment of the invention provides an SFC implementation method based on SRv6 in a private cloud, which comprises the following steps:
when receiving service configuration information of an SFC service chain, generating a corresponding service chain rule according to the service configuration information, sending the service chain rule to an OVS (operation and maintenance system), and generating a service chain information table and a corresponding datapath flow table by the OVS according to the service chain rule;
based on the first service node in the service configuration information, sending a corresponding data packet to the OVS, and detecting whether the data packet meets a preset SFC packaging requirement, wherein the SFC packaging requirement comprises the following steps: whether the data packet hits the datapath flow table, whether SFC is required, and whether the service chain information table is hit;
when the data packet meets the preset SFC packaging requirement, performing SFC packaging on the data packet, wherein the SFC packaging comprises the following steps: according to SID information in a service chain information table, packaging an SRH message header, and according to next hop information in the service configuration information, packaging an IPv6 message header;
and sending the encapsulated data packet to a second service node according to the next hop information, wherein the identification of the data packet by the OVS of the second service node comprises the following steps: whether the data packet contains an IPv6 message header or not, whether the data packet contains an SRH message header or not, and whether quintuple in the data packet hits the service chain information table or not are inquired;
and when the identification result passes, judging whether the second service node is a destination address according to the destination address in the IPv6 message header, and when the second service node is the destination address, unpacking the data packet and forwarding the data packet to a vport of the VPC corresponding to the destination address.
In one embodiment, the method further comprises:
acquiring a key field in the data packet, and inquiring whether a record of the key field is contained in the datapath flow table or not;
if the datapath flow table contains the record of the key field, acquiring the action of the key field, and judging whether the action needs to execute SFC operation;
if the action needs to execute SFC operation, acquiring quintuple information, checking whether the service chain information table contains a corresponding record according to the quintuple information, and if the service chain information table contains the corresponding record of the quintuple information, acquiring corresponding SID information in the service chain information table.
In one embodiment, the method further comprises:
if the datapath flow table does not contain the record of the key field, uploading the data packet to a user mode;
acquiring a key field in the data packet by a user mode, and inquiring whether a record of the key field is contained in an openflow flow table;
if the datapath flow table contains the record of the key field, acquiring the action of the key field, including:
and if the openflow flow table contains the record of the key field, acquiring the action of the key field.
In one embodiment, the method further comprises:
and issuing the rule corresponding to the key field in the openflow flow table to a kernel mode to generate a corresponding datapath flow table.
In one embodiment, the method further comprises:
when the second service node is not the destination address, modifying the destination address in the IPv6 message into a next hop node of the second service node, and updating the pointer and the residual hop count in the SRH;
the unpacking the data packet and forwarding the data packet to the vport of the VPC corresponding to the destination address includes:
and unpacking the data packet and forwarding the data packet to a vport of the VPC corresponding to a next hop node of the second service node.
In one embodiment, the service types in the SFC service chain include:
load balancing, firewall, web security, filter.
The embodiment of the invention provides an SFC implementation device based on SRv6 in a private cloud, which comprises:
the receiving module is used for generating a corresponding business chain rule according to the business configuration information when the business configuration information of the SFC service chain is received, and sending the business chain rule to the OVS, and the OVS generates a service chain information table according to the business chain rule and generates a corresponding datapath flow table;
a sending module, configured to send, based on the first service node in the service configuration information, a corresponding data packet to the OVS, and detect whether the data packet meets a preset SFC encapsulation requirement, where the SFC encapsulation requirement includes: whether the data packet hits the datapath flow table, whether SFC is needed, and whether the service chain information table is hit;
the encapsulation module is used for performing SFC encapsulation on the data packet when the data packet meets the preset SFC encapsulation requirement, and comprises the following steps: according to SID information in a service chain information table, packaging an SRH message header, and according to next hop information in the service configuration information, packaging an IPv6 message header;
an identification module, configured to send the encapsulated packet to a second service node according to the next hop information, where the OVS of the second service node identifies the packet, including: whether the data packet contains an IPv6 message header or not, whether the data packet contains an SRH message header or not, and whether a quintuple in the data packet hits the service chain information table or not are inquired;
and the unpacking module is used for judging whether the second service node is a destination address according to the destination address in the IPv6 message header when the identification result passes, and unpacking the data packet and forwarding the data packet to the vport of the VPC corresponding to the destination address when the second service node is the destination address.
In one embodiment, the apparatus further comprises:
the query module is used for acquiring the key field in the data packet and querying whether the datapath flow table contains the record of the key field;
a judging module, configured to obtain an action of the key field if the datapath flow table includes the record of the key field, and judge whether the action needs to execute an SFC operation;
and the checking module is used for acquiring quintuple information if the action needs to execute SFC operation, checking whether the service chain information table contains a corresponding record according to the quintuple information, and acquiring corresponding SID information in the service chain information table if the service chain information table contains the corresponding record of the quintuple information.
The embodiment of the invention provides electronic equipment, which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor executes the program to realize the steps of the SRv 6-based SFC realization method in the private cloud.
An embodiment of the present invention provides a non-transitory computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the above-mentioned SRv 6-based SFC implementation method in a private cloud.
According to the SFC implementation method and device based on SRv6 in the private cloud, when the service configuration information of the service chain of the SFC is received, the corresponding service chain rule is generated according to the service configuration information, the service chain rule is sent to the OVS, and the OVS generates the service chain information table according to the service chain rule and generates the corresponding datapath flow table; based on a first service node in the service configuration information, sending a corresponding data packet to the OVS, and detecting whether the data packet meets a preset SFC packaging requirement, wherein the SFC packaging requirement comprises the following steps: whether the data packet hits the datapath flow table, whether SFC is needed, and whether service chain information table is hit; when the data packet meets the preset SFC packaging requirement, performing SFC packaging on the data packet, wherein the SFC packaging comprises the following steps: according to SID information in the service chain information table, packaging SRH message header, and according to next hop information in the service configuration information, packaging IPv6 message header; and sending the encapsulated data packet to a second service node according to the next hop information, wherein the OVS of the second service node identifies the data packet and comprises the following steps: whether the data packet contains an IPv6 message header or not, whether the data packet contains an SRH message header or not and whether a quintuple in the data packet hits a service chain information table or not are inquired; and when the identification result passes, judging whether the second service node is the destination address according to the destination address in the IPv6 message header, and when the second service node is the destination address, unpacking the data packet and forwarding the data packet to the vport of the VPC corresponding to the destination address. Therefore, by the method for realizing the SFC in the cloud based on the SRv6, a user can conveniently and quickly use the SFC in the cloud only by issuing the SFC path information and associating the dialogue needing service, the flow is not influenced by the deployment node, and the SFC function can be used anywhere in the cloud. Because the scheme uses the IPv6, the scheme is still applicable when the network scale is enlarged, and because of the characteristic of the SRv6 with the address list, the functions of cloud addressing and the like are optimized, and the speed and the performance are greatly improved.
Drawings
In order to more clearly illustrate the embodiments or technical solutions of the present invention, the drawings used in the embodiments or technical solutions in the prior art are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart of an SRv 6-based SFC implementation method in a private cloud according to an embodiment of the present invention;
fig. 2 is a flowchart of an SFC implementation method based on SRv6 in a private cloud according to another embodiment of the present invention;
fig. 3 is another flowchart of an SFC implementation method based on SRv6 in a private cloud according to another embodiment of the present invention;
fig. 4 is a structural diagram of an SFC implementation apparatus based on SRv6 in a private cloud according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device in an embodiment of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic flow diagram of an SFC implementation method based on SRv6 in a private cloud according to an embodiment of the present invention, and as shown in fig. 1, an SFC implementation method based on SRv6 in a private cloud according to an embodiment of the present invention includes:
step S101, when receiving service configuration information of an SFC service chain, generating a corresponding service chain rule according to the service configuration information, sending the service chain rule to an OVS, and the OVS generating a service chain information table and generating a corresponding datapath flow table according to the service chain rule.
Specifically, when Service configuration information for an SFC Service Chain (Service Function Chain) is received, where the Service type in the SFC Service Chain may include, but is not limited to, a load balancing Service, a firewall Service, a web security Service, a filter Service, and the like, then a control plane of a Service system may generate a corresponding Service Chain rule according to the Service configuration information, and send the Service Chain rule to an OVS (Open may be a virtual switch with vSwitch Open source, and an OVS generates a corresponding Service Chain information table, such as quintuple information, and the like, according to the Service Chain rule, and generates a corresponding datapath flow table (a kernel state flow table of the OVS).
Step S102, based on the first service node in the service configuration information, sending a corresponding data packet to an OVS, and detecting whether the data packet meets a preset SFC packaging requirement, wherein the SFC packaging requirement comprises: whether the data packet hits the datapath flow table, whether SFC is required, and whether the service chain information table is hit.
Specifically, based on a first service node, that is, a service initial node, in the service configuration information, a corresponding service data packet is generated and sent to a Virtual machine port of the OVS, where the content of the service data packet may be generated by SFC information of a VPC (Virtual Private Cloud), and after receiving the data packet, an SRv6-SFC identification module in the Virtual machine port of the OVS detects whether the data packet meets a preset SFC encapsulation requirement, where the SFC encapsulation requirement sequentially includes: whether the data packet hits the datapath flow table, whether the SFC is needed, whether the service chain information table is hit, and 3 packaging requirements need to be sequentially met, specifically including:
acquiring a key field in a data packet, and inquiring whether a datapath flow table contains a record of the key field, wherein the key field can comprise information such as an IP field and the like; if the datapath flow table contains the records of the key fields, acquiring the actions of the key fields, and judging whether the actions need to execute SFC operation; if the action needs to execute the SFC operation, acquiring quintuple information, checking whether the service chain information table contains the corresponding record according to the quintuple information, and if the service chain information table contains the corresponding record of the quintuple information, acquiring corresponding SID information in the service chain information table.
Step S103, when the data packet meets the preset SFC packaging requirement, performing SFC packaging on the data packet, including: and packaging an SRH message header according to SID information in a service chain information table, and packaging an IPv6 message header according to next hop information in the service configuration information.
Specifically, when the data packet meets the preset SFC encapsulation requirement, the data packet is sent to the SRv6-SFC processing module of the OVS, and the encapsulation process includes: from the data of VPC (Virtual Private Cloud), SFC packaging operation is carried out according to a routing information list in a service chain information table hit by a quintuple, an SRv6-SFC processing module sequentially presses SID information into an SRH, then a next hop destination address is packaged into an IPv6 message header to form an IPv6-SRH-Payload message, and finally the message is forwarded to a port corresponding to the next hop.
Step S104, sending the encapsulated data packet to a second service node according to the next hop information, wherein the OVS of the second service node identifies the data packet, and the step comprises the following steps: whether the data packet contains an IPv6 message header or not, whether the data packet contains an SRH message header or not, and whether the quintuple in the data packet hits the service chain information table or not are inquired.
Specifically, the encapsulated data packet is sent to the second service node according to the next hop information, and if the physical port in the OVS of the second service node receives the data packet, the data packet is identified by the SRv6-SFC identification module of the OVS, and the identification process sequentially includes: whether the data packet contains an IPv6 message header or not, whether the data packet contains an SRH message header or not, and whether the quintuple in the data packet hits a service chain information table or not are inquired.
And step S105, when the identification result passes, judging whether the second service node is a destination address according to the destination address in the IPv6 message header, and when the second service node is the destination address, unpacking the data packet and forwarding the data packet to the vport of the VPC corresponding to the destination address.
Specifically, when the identification result of the data packet passes, the data packet is sent to the SRv6-SFC processing module, the SRv6-SFC processing module detects a destination address in an IPv6 packet header, determines whether a second service node is a destination address, and when the second service node is the destination address, unpacks the data packet and forwards the data packet to a vport (window configuration table) of the VPC corresponding to the destination address, that is, if the current SID is the last unpacked service path information, the packet headers such as IPv6, SRH, and the like are sent to the vport corresponding to the corresponding VPC.
In addition, when the second service node is not the destination address, the destination address in the IPv6 message is modified to be the next hop node of the second service node, that is, the destination address of the header of the IPv6 message is updated to the SID value of the next hop, the pointer and the remaining hop count in the SRH are updated, and then the message is forwarded to the vport corresponding to the next hop.
According to the SFC implementation method based on the SRv6 in the private cloud, when the service configuration information of the SFC service chain is received, the corresponding service chain rule is generated according to the service configuration information, the service chain rule is sent to the OVS, and the OVS generates the service chain information table according to the service chain rule and generates the corresponding datapath flow table; based on a first service node in the service configuration information, sending a corresponding data packet to the OVS, and detecting whether the data packet meets a preset SFC packaging requirement, wherein the SFC packaging requirement comprises the following steps: whether the data packet hits the datapath flow table, whether SFC is needed, and whether service chain information table is hit; when the data packet meets the preset SFC packaging requirement, performing SFC packaging on the data packet, wherein the SFC packaging comprises the following steps: according to SID information in the service chain information table, packaging SRH message header, and according to next hop information in the service configuration information, packaging IPv6 message header; and sending the encapsulated data packet to a second service node according to the next hop information, wherein the OVS of the second service node identifies the data packet and comprises the following steps: whether the data packet contains an IPv6 message header or not, whether the data packet contains an SRH message header or not and whether a quintuple in the data packet hits a service chain information table or not are inquired; and when the identification result passes, judging whether the second service node is the destination address according to the destination address in the IPv6 message header, and when the second service node is the destination address, unpacking the data packet and forwarding the data packet to the vport of the VPC corresponding to the destination address. Therefore, by the method for realizing the SFC in the cloud based on the SRv6, a user can conveniently and quickly use the SFC in the cloud only by issuing the SFC path information and associating the dialogue needing service, the flow is not influenced by the deployment node, and the SFC function can be used anywhere in the cloud. Because the scheme uses the IPv6, the scheme is still applicable when the network scale is enlarged, and because of the characteristic of the SRv6 with the address list, the functions of cloud addressing and the like are optimized, and the speed and the performance are greatly improved.
In another embodiment, the SRv 6-based SFC implementation method in the private cloud may have a case when the OVS in the first service node in the service configuration information receives a data packet for the first time ("when the data packet is received for the first time" or "when the data packet is received and the data packet does not hit the datapath flow table"), as shown in fig. 2 and 3, if the datapath flow table does not include a record of a key field, the data packet is uploaded to the user mode; the user mode acquires a key field in the data packet, and inquires whether the openflow flow table contains a record of the key field; and acquiring action of the key field according to a record containing the key field in the openflow flow table, wherein the subsequent steps are the same as the processing steps in the embodiment, and after unpacking the data packet and forwarding the data packet to the vport of the VPC corresponding to the destination address, issuing a rule corresponding to the key field in the openflow flow table to a kernel state to generate a corresponding datapath flow table.
Fig. 4 is an SFC implementation apparatus based on SRv6 in a private cloud according to an embodiment of the present invention, including: a receiving module S201, a sending module S202, an encapsulating module S203, an identifying module S204 and an unpacking module S205, wherein:
the receiving module S201 is configured to, when receiving service configuration information of an SFC service chain, generate a corresponding service chain rule according to the service configuration information, and send the service chain rule to the OVS, and the OVS generates a service chain information table according to the service chain rule and generates a corresponding datapath flow table.
A sending module S202, configured to send, based on the first service node in the service configuration information, a corresponding data packet to the OVS, and detect whether the data packet meets a preset SFC encapsulation requirement, where the SFC encapsulation requirement includes: whether the data packet hits the datapath flow table, whether SFC is required, and whether the service chain information table is hit.
The encapsulating module S203 is configured to perform SFC encapsulation on the data packet when the data packet meets a preset SFC encapsulation requirement, and includes: and packaging an SRH message header according to SID information in a service chain information table, and packaging an IPv6 message header according to next hop information in the service configuration information.
An identifying module S204, configured to send the encapsulated data packet to a second service node according to the next hop information, where an OVS of the second service node identifies the data packet, and includes: whether the data packet contains an IPv6 message header or not, whether the data packet contains an SRH message header or not, and whether quintuple in the data packet hits the service chain information table or not are inquired.
And the unpacking module S205 is configured to, when the identification result passes, determine whether the second service node is a destination address according to a destination address in an IPv6 packet header, and when the second service node is the destination address, unpack the data packet and forward the unpacked data packet to the vport of the VPC corresponding to the destination address.
In one embodiment, the apparatus may further comprise:
and the query module is used for acquiring the key field in the data packet and querying whether the datapath flow table contains the record of the key field.
And the judging module is used for acquiring the action of the key field if the datapath flow table contains the record of the key field, and judging whether the action needs to execute SFC operation.
And the checking module is used for acquiring quintuple information if the action needs to execute SFC operation, checking whether the service chain information table contains a corresponding record according to the quintuple information, and acquiring corresponding SID information in the service chain information table if the service chain information table contains the corresponding record of the quintuple information.
For specific limitations of the SRv 6-based SFC implementation apparatus in the private cloud, reference may be made to the above limitations of the SRv 6-based SFC implementation method in the private cloud, and details are not described herein again. The various modules in the SRv 6-based SFC implementation apparatus in the private cloud described above may be implemented in whole or in part by software, hardware, and combinations thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
Fig. 5 illustrates a physical structure diagram of an electronic device, which may include, as shown in fig. 5: a processor (processor) 301, a memory (memory) 302, a communication Interface (Communications Interface) 303 and a communication bus 304, wherein the processor 301, the memory 302 and the communication Interface 303 complete communication with each other through the communication bus 304. The processor 301 may call logic instructions in the memory 302 to perform the following method: when receiving the service configuration information of the SFC service chain, generating a corresponding service chain rule according to the service configuration information, sending the service chain rule to the OVS, and generating a service chain information table and a corresponding datapath flow table by the OVS according to the service chain rule; based on a first service node in the service configuration information, sending a corresponding data packet to the OVS, and detecting whether the data packet meets a preset SFC packaging requirement, wherein the SFC packaging requirement comprises the following steps: whether the data packet hits the datapath flow table, whether SFC is needed, and whether service chain information table is hit; when the data packet meets the preset SFC packaging requirement, performing SFC packaging on the data packet, wherein the SFC packaging comprises the following steps: according to SID information in the service chain information table, packaging SRH message header, and according to next hop information in the service configuration information, packaging IPv6 message header; and sending the encapsulated data packet to a second service node according to the next hop information, wherein the OVS of the second service node identifies the data packet and comprises the following steps: whether the data packet contains an IPv6 message header or not, whether the data packet contains an SRH message header or not and whether a quintuple in the data packet hits a service chain information table or not are inquired; and when the identification result passes, judging whether the second service node is the destination address according to the destination address in the IPv6 message header, and when the second service node is the destination address, unpacking the data packet and forwarding the data packet to the vport of the VPC corresponding to the destination address.
Furthermore, the logic instructions in the memory 302 may be implemented in software functional units and stored in a computer readable storage medium when sold or used as a stand-alone product. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk, and various media capable of storing program codes.
In another aspect, an embodiment of the present invention further provides a non-transitory computer-readable storage medium, on which a computer program is stored, where the computer program is implemented to perform the transmission method provided in the foregoing embodiments when executed by a processor, and for example, the method includes: when receiving the service configuration information of the SFC service chain, generating a corresponding service chain rule according to the service configuration information, sending the service chain rule to the OVS, and generating a service chain information table and a corresponding datapath flow table by the OVS according to the service chain rule; based on a first service node in the service configuration information, sending a corresponding data packet to the OVS, and detecting whether the data packet meets a preset SFC packaging requirement, wherein the SFC packaging requirement comprises the following steps: whether the data packet hits the datapath flow table, whether SFC is needed, and whether service chain information table is hit; when the data packet meets the preset SFC packaging requirement, performing SFC packaging on the data packet, wherein the SFC packaging comprises the following steps: according to SID information in the service chain information table, packaging SRH message header, and according to next hop information in the service configuration information, packaging IPv6 message header; and sending the encapsulated data packet to a second service node according to the next hop information, wherein the OVS of the second service node identifies the data packet and comprises the following steps: whether the data packet contains an IPv6 message header or not, whether the data packet contains an SRH message header or not and whether a quintuple in the data packet hits a service chain information table or not are inquired; and when the identification result passes, judging whether the second service node is the destination address according to the destination address in the IPv6 message header, and when the second service node is the destination address, unpacking the data packet and forwarding the data packet to the vport of the VPC corresponding to the destination address.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. Based on the understanding, the above technical solutions substantially or otherwise contributing to the prior art may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the various embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. An SFC implementation method based on SRv6 in a private cloud, which is characterized by comprising the following steps:
when receiving service configuration information of an SFC service chain, generating a corresponding service chain rule according to the service configuration information, sending the service chain rule to an OVS (operation virtual system), and generating a service chain information table and a corresponding datapath flow table by the OVS according to the service chain rule;
based on the first service node in the service configuration information, sending a corresponding data packet to the OVS, and detecting whether the data packet meets a preset SFC packaging requirement, wherein the SFC packaging requirement comprises the following steps: whether the data packet hits the datapath flow table, whether SFC is required, and whether the service chain information table is hit;
when the data packet meets the preset SFC packaging requirement, performing SFC packaging on the data packet, wherein the SFC packaging comprises the following steps: according to SID information in a service chain information table, packaging an SRH message header, and according to next hop information in the service configuration information, packaging an IPv6 message header;
sending the encapsulated data packet to a second service node according to the next hop information, wherein the identification of the data packet by the OVS of the second service node comprises the following steps: whether the data packet contains an IPv6 message header or not, whether the data packet contains an SRH message header or not, and whether a quintuple in the data packet hits the service chain information table or not are inquired;
and when the identification result passes, judging whether the second service node is a destination address according to the destination address in the IPv6 message header, and when the second service node is the destination address, unpacking the data packet and forwarding the data packet to a vport of the VPC corresponding to the destination address.
2. The private cloud SFC implementation method based on SRv6 as claimed in claim 1, wherein the detecting whether the data packet meets the preset SFC encapsulation requirement comprises:
acquiring a key field in the data packet, and inquiring whether the datapath flow table contains a record of the key field;
if the datapath flow table contains the record of the key field, acquiring the action of the key field, and judging whether the action needs to execute SFC operation;
if the action needs to execute SFC operation, acquiring quintuple information, checking whether the service chain information table contains a corresponding record according to the quintuple information, and if the service chain information table contains the corresponding record of the quintuple information, acquiring corresponding SID information in the service chain information table.
3. The private intra-cloud SRv 6-based SFC implementation method of claim 2, further comprising:
if the datapath flow table does not contain the record of the key field, uploading the data packet to a user mode;
the user mode acquires the key fields in the data packet and inquires whether the openflow flow table contains the records of the key fields;
and if the openflow flow table contains the record of the key field, acquiring the action of the key field.
4. The private cloud SFC implementation method based on SRv6 as claimed in claim 3, wherein after the unpacking the data packet and forwarding to VPC vport corresponding to the destination address, the method further comprises:
and issuing the rule corresponding to the key field in the openflow flow table to a kernel mode to generate a corresponding datapath flow table.
5. The method of claim 1, wherein the method further comprises:
when the second service node is not the destination address, modifying the destination address in the IPv6 message into a next hop node of the second service node, and updating a pointer and the residual hop count in the SRH;
the unpacking the data packet and forwarding the data packet to the vport of the VPC corresponding to the destination address includes:
and unpacking the data packet and forwarding the data packet to a vport of the VPC corresponding to a next hop node of the second service node.
6. The method for implementing the SFC based on SRv6 in the private cloud of claim 1, wherein the service types in the SFC service chain comprise:
load balancing, firewall, web security, filter.
7. An apparatus for SRv 6-based SFC implementation within a private cloud, the apparatus comprising:
the receiving module is used for generating a corresponding business chain rule according to the business configuration information when the business configuration information of the SFC service chain is received, sending the business chain rule to the OVS, and the OVS generates a service chain information table and generates a corresponding datapath flow table according to the business chain rule;
a sending module, configured to send a corresponding data packet to the OVS based on the first service node in the service configuration information, and detect whether the data packet meets a preset SFC encapsulation requirement, where the SFC encapsulation requirement includes: whether the data packet hits the datapath flow table, whether SFC is required, and whether the service chain information table is hit;
the encapsulation module is used for performing SFC encapsulation on the data packet when the data packet meets the preset SFC encapsulation requirement, and comprises the following steps: according to SID information in a service chain information table, packaging an SRH message header, and according to next hop information in the service configuration information, packaging an IPv6 message header;
an identification module, configured to send the encapsulated packet to a second service node according to the next hop information, where the OVS of the second service node identifies the packet, and includes: whether the data packet contains an IPv6 message header or not, whether the data packet contains an SRH message header or not, and whether a quintuple in the data packet hits the service chain information table or not are inquired;
and the unpacking module is used for judging whether the second service node is a destination address according to the destination address in the IPv6 message header when the identification result passes, and unpacking the data packet and forwarding the data packet to the vport of the VPC corresponding to the destination address when the second service node is the destination address.
8. The apparatus for SRv 6-based SFC implementation within a private cloud as claimed in claim 7, wherein said apparatus further comprises:
the query module is used for acquiring the key field in the data packet and querying whether the datapath flow table contains the record of the key field;
a judging module, configured to obtain an action of the key field if the datapath flow table includes the record of the key field, and judge whether the action needs to execute an SFC operation;
and the checking module is used for acquiring quintuple information if the action needs to execute SFC operation, checking whether the service chain information table contains a corresponding record according to the quintuple information, and acquiring corresponding SID information in the service chain information table if the service chain information table contains the corresponding record of the quintuple information.
9. An electronic device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor when executing the program implements the steps of the SRv 6-based SFC implementation method within the private cloud of any of claims 1 to 6.
10. A non-transitory computer readable storage medium having stored thereon a computer program, which when executed by a processor, performs the steps of the SRv 6-based SFC implementation method within the private cloud of any one of claims 1 to 6.
CN202211095509.XA 2022-09-08 2022-09-08 SRv 6-based SFC implementation method and device in private cloud Active CN115174474B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211095509.XA CN115174474B (en) 2022-09-08 2022-09-08 SRv 6-based SFC implementation method and device in private cloud

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211095509.XA CN115174474B (en) 2022-09-08 2022-09-08 SRv 6-based SFC implementation method and device in private cloud

Publications (2)

Publication Number Publication Date
CN115174474A CN115174474A (en) 2022-10-11
CN115174474B true CN115174474B (en) 2022-12-02

Family

ID=83482314

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211095509.XA Active CN115174474B (en) 2022-09-08 2022-09-08 SRv 6-based SFC implementation method and device in private cloud

Country Status (1)

Country Link
CN (1) CN115174474B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115412512B (en) * 2022-10-31 2023-03-24 浙江九州云信息科技有限公司 IPv 6-based multi-cloud cross-network intercommunication method and device
CN116248570B (en) * 2022-12-16 2024-05-14 中国联合网络通信集团有限公司 Service chain configuration method, device and storage medium

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9363180B2 (en) * 2013-11-04 2016-06-07 Telefonkatiebolaget L M Ericsson (Publ) Service chaining in a cloud environment using Software Defined Networking
CN107809364B (en) * 2016-09-09 2020-06-09 新华三技术有限公司 Message forwarding method and device
CN108965000B (en) * 2018-07-12 2021-06-01 成都安恒信息技术有限公司 Private cloud SDN drainage implementation method
US11095559B1 (en) * 2019-09-18 2021-08-17 Cisco Technology, Inc. Segment routing (SR) for IPV6 (SRV6) techniques for steering user plane (UP) traffic through a set of user plane functions (UPFS) with traffic handling information
US11336573B2 (en) * 2020-02-26 2022-05-17 Cisco Technology, Inc. Service chaining in multi-fabric cloud networks
CN111884863B (en) * 2020-08-04 2023-11-07 浪潮云信息技术股份公司 VPC service chain implementation method and system for cloud computing environment
CN112953831A (en) * 2021-01-22 2021-06-11 新华三大数据技术有限公司 Message forwarding method and device
CN113179299B (en) * 2021-04-19 2022-06-21 温州职业技术学院 Service function chain cooperative control system and method for industrial internet application
CN114726774B (en) * 2022-04-08 2023-06-23 安超云软件有限公司 Method and device for realizing service chain of cloud platform and cloud platform-based system

Also Published As

Publication number Publication date
CN115174474A (en) 2022-10-11

Similar Documents

Publication Publication Date Title
US11929945B2 (en) Managing network traffic in virtual switches based on logical port identifiers
CN115174474B (en) SRv 6-based SFC implementation method and device in private cloud
US11374899B2 (en) Managing network connectivity between cloud computing service endpoints and virtual machines
CN113326228B (en) Message forwarding method, device and equipment based on remote direct data storage
CN106878194B (en) Message processing method and device
US11575566B2 (en) Telecommunication network analytics platform
CN110311860B (en) Multilink load balancing method and device under VXLAN
US11184281B2 (en) Packet processing method and apparatus
US20180248789A1 (en) Processing rule modification method, apparatus and device
CN112887229B (en) Session information synchronization method and device
EP4329248A1 (en) Packet forwarding method and apparatus, network device, and storage medium
US20200028779A1 (en) Packet processing method and apparatus
CN110022263B (en) Data transmission method and related device
CN115412512B (en) IPv 6-based multi-cloud cross-network intercommunication method and device
CN109450767B (en) Message processing method and device
CN113709016B (en) Communication system, communication method, communication apparatus, communication device, and storage medium
CN110830477B (en) Service identification method, device, gateway, system and storage medium
CN113918326A (en) Request processing method and device
CN109462535A (en) A kind of message processing method and device
US11570193B2 (en) Malware propagation risk assessment in software defined networks
CN113055287B (en) Data packet processing method and device and computer readable storage medium
EP4113336A1 (en) Detecting and blocking a malicious file early in transit on a network
CN114915492A (en) Flow forwarding method, device, equipment and medium
CN116132295A (en) Message interaction method and network function virtualization network element
CN115632980A (en) Method and device for realizing routing configuration, storage medium and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: 313000 floor 2, building C, building 9, Huzhou multimedia Industrial Park, No. 999, Wuxing Avenue, Wuxing District, Huzhou City, Zhejiang Province

Patentee after: Zhejiang Jiuzhou Future Information Technology Co.,Ltd.

Country or region after: China

Address before: 313000 floor 2, building C, building 9, Huzhou multimedia Industrial Park, No. 999, Wuxing Avenue, Wuxing District, Huzhou City, Zhejiang Province

Patentee before: Zhejiang Jiuzhou cloud Mdt InfoTech Ltd.

Country or region before: China