CN116248570A - Service chain configuration method, device and storage medium - Google Patents
Service chain configuration method, device and storage medium Download PDFInfo
- Publication number
- CN116248570A CN116248570A CN202211624942.8A CN202211624942A CN116248570A CN 116248570 A CN116248570 A CN 116248570A CN 202211624942 A CN202211624942 A CN 202211624942A CN 116248570 A CN116248570 A CN 116248570A
- Authority
- CN
- China
- Prior art keywords
- service
- segment
- node
- identification list
- chain configuration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 61
- 238000004891 communication Methods 0.000 claims abstract description 49
- 238000012545 processing Methods 0.000 claims description 26
- 238000004590 computer program Methods 0.000 claims description 9
- 238000001514 detection method Methods 0.000 claims description 8
- 230000015654 memory Effects 0.000 description 29
- 239000003795 chemical substances by application Substances 0.000 description 18
- 230000006870 function Effects 0.000 description 15
- 238000004808 supercritical fluid chromatography Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 7
- 230000003287 optical effect Effects 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000006855 networking Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000003190 augmentative effect Effects 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000011022 operating instruction Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000004984 smart glass Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- XLYOFNOQVPJJNP-UHFFFAOYSA-N water Substances O XLYOFNOQVPJJNP-UHFFFAOYSA-N 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/34—Source routing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0876—Aspects of the degree of configuration automation
- H04L41/0886—Fully automatic configuration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/38—Flow based routing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Automation & Control Theory (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a service chain configuration method, a device and a storage medium, relates to the technical field of communication, and can solve the problem that cross-network deployment cannot be realized in the prior art. The method comprises the following steps: determining service segment identifiers of a plurality of node devices; configuring a first segment identification list and a second segment identification list according to service segment identifications of a plurality of node devices; the first segment identification list is used for indicating a node device forwarding path of traffic from the target device; the second segment identification list is used for indicating a node device forwarding path of the service flow from the network side device; instructing the secure pool gateway to establish a service chain configuration according to the first segment identification list; instructing the bandwidth access device to establish a service chain configuration according to the second segment identification list; the bandwidth access device is used for forwarding the service traffic from the network side device through the second segment identification list. The present application enables service chaining deployment between one or more networks.
Description
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a service chain configuration method, apparatus, and storage medium.
Background
Segment routing (SRv) service chaining (SFC) based on internet protocol version6 (IPv 6) forwarding plane is a technique that guides a message to sequentially pass through application layer service devices according to a specified path by adding SRv path information to an original message.
In actual networking, the security devices/security clouds are managed by the security controller, and the network devices are managed by the network controller, while deployment may occur across multiple networks, which makes it difficult for SFCs to co-deploy in multiple networks.
Disclosure of Invention
The application provides a service chain configuration method, a device and a storage medium, which can realize service chain deployment among one or more networks.
In order to achieve the above purpose, the present application adopts the following technical scheme:
in a first aspect, the present application provides a service chain configuration method, including: determining service segment identifiers of a plurality of node devices; configuring a first segment identification list and a second segment identification list according to service segment identifications of a plurality of node devices; the first segment identification list is used for indicating a node device forwarding path of traffic from the target device; the second segment identification list is used for indicating a node device forwarding path of the service flow from the network side device; instructing the secure pool gateway to establish a service chain configuration according to the first segment identification list; the secure pool gateway is used for forwarding the service traffic from the target device through the first segment identification list; instructing the bandwidth access device to establish a service chain configuration according to the second segment identification list; the bandwidth access device is used for forwarding the service traffic from the network side device through the second segment identification list.
Based on the above technical solution, the service chain configuration device provided in the embodiments of the present application may determine service segment identifiers of a plurality of node devices, and configure a first segment identifier list and a second segment identifier list according to the service segment identifiers of the plurality of node devices. The first segment identification list is used for indicating a node device forwarding path of the traffic from the target device, and the second segment identification list is used for indicating a node device forwarding path of the traffic from the network side device. In this way, the service chain configuration device can instruct the secure pool gateway to establish the service chain configuration according to the first segment identification list, and instruct the bandwidth access device to establish the service chain configuration according to the second segment identification list. Therefore, the service chain configuration device can cooperatively carry out service chain arrangement, realizes automatic deployment of the service chain through devices such as the linkage safety pool gateway, the bandwidth access equipment and the like, and is suitable for service chain configuration scenes in one or more networks.
With reference to the first aspect, in one possible implementation manner, the method includes: for each node device in a plurality of node devices, acquiring a service segment identifier of the node device under the condition that the node device is configured with the service segment identifier; and under the condition that the node equipment is not configured with the service segment identifiers, distributing the service segment identifiers for the node equipment from a plurality of unused service segment identifiers.
With reference to the first aspect, in one possible implementation manner, the plurality of node devices include security proxy nodes; the method further comprises the steps of: transmitting, by the security controller, security proxy service configuration information to a security proxy node in the plurality of node devices; the security proxy service configuration information is used for indicating the security proxy node to perform security detection on the received service traffic.
With reference to the first aspect, in one possible implementation manner, the method includes: and sending the first segment identification list to the secure pool gateway through the secure controller so that the secure pool gateway establishes service chain configuration according to the first segment identification list.
With reference to the first aspect, in one possible implementation manner, the method includes: and sending the second segment identification list to the bandwidth access device through the network controller so that the bandwidth access device establishes service chain configuration according to the second segment identification list.
In a second aspect, the present application provides a service chain configuration apparatus, the apparatus comprising: a processing unit and a communication unit; a processing unit, configured to determine service segment identifiers of a plurality of node devices; the processing unit is also used for configuring a first segment identification list and a second segment identification list according to the service segment identifications of the plurality of node devices; the first segment identification list is used for indicating a node device forwarding path of traffic from the target device; the second segment identification list is used for indicating a node device forwarding path of the service flow from the network side device; the communication unit is used for indicating the secure pool gateway to establish service chain configuration according to the first section identification list; the secure pool gateway is used for forwarding the service traffic from the target device through the first segment identification list; the communication unit is also used for indicating the bandwidth access equipment to establish service chain configuration according to the second section identification list; the bandwidth access device is used for forwarding the service traffic from the network side device through the second segment identification list.
With reference to the second aspect, in one possible implementation manner, the processing unit is configured to: for each node device in a plurality of node devices, acquiring a service segment identifier of the node device under the condition that the node device is configured with the service segment identifier; and under the condition that the node equipment is not configured with the service segment identifiers, distributing the service segment identifiers for the node equipment from a plurality of unused service segment identifiers.
With reference to the second aspect, in one possible implementation manner, the plurality of node devices include security agent nodes; the communication unit is also used for sending the security proxy service configuration information to the security proxy nodes in the plurality of node devices through the security controller; the security proxy service configuration information is used for indicating the security proxy node to perform security detection on the received service traffic.
With reference to the second aspect, in one possible implementation manner, the communication unit is configured to: and sending the first segment identification list to the secure pool gateway through the secure controller so that the secure pool gateway establishes service chain configuration according to the first segment identification list.
With reference to the second aspect, in one possible implementation manner, the communication unit is configured to: and sending the second segment identification list to the bandwidth access device through the network controller so that the bandwidth access device establishes service chain configuration according to the second segment identification list.
In a third aspect, the present application provides a service chain configuration apparatus, including: a processor and a communication interface; the communication interface is coupled to a processor for running a computer program or instructions to implement the service chain configuration method as described in any one of the possible implementations of the first aspect and the first aspect.
In a fourth aspect, the present application provides a computer readable storage medium having instructions stored therein which, when run on a terminal, cause the terminal to perform a service chain configuration method as described in any one of the possible implementations of the first aspect and the first aspect.
In a fifth aspect, the present application provides a computer program product comprising instructions which, when run on a service chain configuration device, cause the service chain configuration device to perform the service chain configuration method as described in any one of the possible implementations of the first aspect and the first aspect.
In a sixth aspect, the present application provides a chip comprising a processor and a communication interface, the communication interface and the processor being coupled, the processor being for running a computer program or instructions to implement a service chain configuration method as described in any one of the possible implementations of the first aspect and the first aspect.
In particular, the chip provided in the present application further includes a memory for storing a computer program or instructions.
It should be noted that the above-mentioned computer instructions may be stored in whole or in part on a computer-readable storage medium. The computer readable storage medium may be packaged together with the processor of the apparatus or may be packaged separately from the processor of the apparatus, which is not limited in this application.
For descriptions of the second aspect through the sixth aspect in the present application, reference may be made to the detailed description of the first aspect; also, the advantageous effects described in the second aspect to the sixth aspect may refer to the advantageous effect analysis of the first aspect, and are not described herein.
In this application, the names of the service chain configuration devices described above do not constitute limitations on the devices or function modules themselves, and in actual implementations, these devices or function modules may appear under other names. Insofar as the function of each device or function module is similar to the present application, it is within the scope of the claims of the present application and the equivalents thereof.
These and other aspects of the present application will be more readily apparent from the following description.
Drawings
FIG. 1 is a system architecture diagram of a service chaining network provided in accordance with some embodiments;
Fig. 2 is a schematic architecture diagram of a service chain configuration system according to an embodiment of the present application;
fig. 3 is a flowchart of a service chain configuration method provided in an embodiment of the present application;
FIG. 4 is a flowchart of another service chain configuration method according to an embodiment of the present application;
FIG. 5 is a flowchart of another service chain configuration method according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a service chain configuration device according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of another service chain configuration device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
The term "and/or" is herein merely an association relationship describing an associated object, meaning that there may be three relationships, e.g., a and/or B, may represent: a exists alone, A and B exist together, and B exists alone.
The terms "first" and "second" and the like in the description and in the drawings are used for distinguishing between different objects or for distinguishing between different processes of the same object and not for describing a particular sequential order of objects.
Furthermore, references to the terms "comprising" and "having" and any variations thereof in the description of the present application are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed but may optionally include other steps or elements not listed or inherent to such process, method, article, or apparatus.
It should be noted that, in the embodiments of the present application, words such as "exemplary" or "such as" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "for example" should not be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion.
In the description of the present application, unless otherwise indicated, the meaning of "a plurality" means two or more.
The following explains the terms related to the embodiments of the present application, so as to facilitate the understanding of the reader.
(1) Service chain (servicefunctionchain SFC)
The SFC network is used for guiding the specific service message of the tenant to the appointed application service node for processing and forwarding to the destination. Illustratively, the SFC network may be a segment routing (segmentrouting IPv, SRv 6) SFC network based on internet protocol version6 (IPv 6) forwarding plane.
As shown in fig. 1, fig. 1 is a system architecture diagram of a service chaining network 10 provided in accordance with some embodiments.
The service chaining network 10 includes: service classification node 101 (SC), service chain forwarding node 102 (SFF), tail node 103 (tail node), and application service node 104 (SF).
It should be noted that the number of service chain forwarding nodes 102 and application service nodes 104 may be one or more.
The traffic classification node 101 is located at the edge of the SRv SFC service chain network, being the head node (also referred to as source node, head node) on the service chain path. The traffic classification node 101 may employ different drainage methods to introduce traffic into a SRv traffic engineering policy (trafficengineering policy) tunnel for forwarding.
The service chain forwarding node 102 is a service chain proxy of the application service node 104, and can forward the received message to a plurality of application service nodes 104 associated with the service chain forwarding node 102 according to the SRv encapsulation information. After the application service node 104 processes the message, the message is sent to the service chain forwarding node 102, and the service chain forwarding node 102 determines whether to continue forwarding the message.
The tail node 103 is used for forwarding the traffic to the network side.
Application service node 104 is a node that provides application-specific services for traffic. The application service node incapable of recognizing the SRv6 message is called SRv6-unaware SF, and the application service node capable of recognizing the SRv6 message is called SRv6-awareSF.
Segment routing (SRv) service chaining (SFC) based on internet protocol version6 (IPv 6) forwarding plane is a technique that guides a message to sequentially pass through application layer service devices according to a specified path by adding SRv path information to an original message.
Illustratively, the segment routing adopts a source node path selection mechanism, a Segment Identifier (SID) of a segment to be passed by a path is encapsulated in a source node in advance, and when a message passes through an SR node, the node forwards the message according to the SID of the message. Other nodes besides the source node need not maintain path states. SRv6 means that the SR is used in the IPv6 network, and the message is forwarded using the IPv6 address as the SID.
In the related art, the SFF node is usually implemented by a hardware router, so that the SFF node and the SC node/Tail node need to be deployed in the same network, which results in that each user needs to implement security protection in a customized manner, and the deployment is difficult and has high cost.
Corresponding security devices can be deployed individually for each user by deploying a security pool. However, in actual networking, the security devices/security clouds are managed by the security controller, and the network devices are managed by the network controller, and may be deployed across multiple networks, which makes it difficult for SFCs to co-deploy in multiple networks.
In view of this, the present application provides a service chain configuration method, where a service chain configuration device may determine service segment identifiers of a plurality of node devices, and configure a first segment identifier list and a second segment identifier list according to the service segment identifiers of the plurality of node devices. The first segment identification list is used for indicating a node device forwarding path of the traffic from the target device, and the second segment identification list is used for indicating a node device forwarding path of the traffic from the network side device. In this way, the service chain configuration device can instruct the secure pool gateway to establish the service chain configuration according to the first segment identification list, and instruct the bandwidth access device to establish the service chain configuration according to the second segment identification list. Therefore, compared with the prior art, the service chain configuration device can cooperatively carry out service chain arrangement, realizes automatic deployment of the service chain through devices such as the linkage safety pool gateway and the bandwidth access equipment, and is suitable for service chain configuration scenes in one or more networks.
Fig. 2 is a schematic diagram of a service chain configuration system 20 according to an embodiment of the present application. As shown in fig. 2, the service chain configuration system 20 includes: service chain configuration means 201, network controller 202, security controller 203, security pool gateway 204, bandwidth access device 205, target device 206, and network side device 207.
The network-side device 207 is connected to the bandwidth access device 205 through an enterprise router, an optical line terminal (opticalline terminal, OLT), or a switch. The target device 206 is connected to the bandwidth access device 205 and the secure pool gateway 204 via a Core Router (CR), respectively. The bandwidth access device 205 is connected to the network controller 202. The security controller 203 is connected to a secure pool gateway 204. The service chain configuration device 201 is connected to the network controller 202 and the security controller 203, respectively.
Inside the secure pool, the secure pool gateway 204 is connected to a forwarding node (e.g., virtual Service Router (VSR)) in the SFC service chaining device through a switch (e.g., EOR device), and the forwarding node is connected to a secure network element.
By way of example, the security network element may be a service network element such as a virtual firewall (vww), web application guard, or the like.
It should be noted that, the service chain configuration method provided in the embodiment of the present application may be applied to the service chain configuration apparatus 201, where the service chain configuration apparatus 201 may be an independent communication apparatus, for example, a communication apparatus such as an access network device or a core network device. The service chain configuration means 201 described above may also be a functional module coupled in a communication device, such as a communication network element. The service chain configuration device 201 may be a computer program (APP) for executing the service chain configuration method. The service chain configuration device 201 may be a server connected to the communication device.
For example, the service chain configuration apparatus 201, the network controller 202, the security controller 203, the security pool gateway 204, the bandwidth access device 205, the target device 206, and the network side device 207 in the embodiments of the present application may be servers, where the servers include:
a processor, which may be a general purpose Central Processing Unit (CPU), microprocessor, application-specific integrated circuit (ASIC), or one or more integrated circuits for controlling the execution of the programs of the present application.
The transceiver may be a device using any transceiver type for communicating with other devices or communication networks, such as ethernet, radio Access Network (RAN), wireless Local Area Networks (WLAN), etc.
Memory, which may be, but is not limited to, read-only memory (ROM) or other type of static storage device that may store static information and instructions, random access memory (random accessmemory, RAM) or other type of dynamic storage device that may store information and instructions, but may also be electrically erasable programmable read-only memory (electricallyerasableprogrammable read-only memory, EEPROM), compact disc-only memory (CD-ROM) or other optical disk storage, optical disk storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory may be stand alone and be coupled to the processor via a communication line. The memory may also be integrated with the processor.
The target device 206 may also be a device with wireless or wired communication capabilities, and may be deployed on land, including indoors or outdoors, hand-held or vehicle-mounted. Can also be deployed on the water surface (such as a ship, etc.). But may also be deployed in the air (e.g., on aircraft, balloon, satellite, etc.). The target device 206, also called User Equipment (UE), mobile Station (MS), mobile terminal device (MT), terminal device, etc., is a device that provides voice and/or data connectivity to a user. For example, the target device 206 includes a handheld device, an in-vehicle device, and the like having a wireless connection function. Currently, the target device 206 may be: a mobile phone (mobile), a tablet, a notebook, a palm, a Mobile Internet Device (MID), a wearable device (e.g., smart watch, smart bracelet, pedometer, etc.), a vehicle-mounted device (e.g., car, bicycle, electric car, airplane, ship, train, high-speed rail, etc.), a Virtual Reality (VR) device, an Augmented Reality (AR) device, a wireless terminal device in industrial control (industrial control), a smart home device (e.g., refrigerator, television, air conditioner, electric meter, etc.), a smart robot, a workshop device, a wireless terminal device in unmanned aerial vehicle (selfdriv), a wireless terminal device in teleoperation (remodelling), a wireless terminal device in smart grid (smart grid), a wireless terminal device in transportation security (transport security), a wireless terminal device in smart city (smart city), or a wireless terminal device in smart home (e.g., air balloon, wireless terminal device, unmanned aerial vehicle, etc.). In one possible application scenario, the terminal device is a terminal device that is often operated on the ground, for example a vehicle-mounted device. In this application, for convenience of description, a Chip disposed in the above device, such as a System-On-a-Chip (SOC), a baseband Chip, or the like, or other chips having a communication function may also be referred to as a terminal device.
The target device 206 may be a vehicle with corresponding communication functions, or an in-vehicle communication device, or other embedded communication devices, or may be a user-held communication device, including a mobile phone, a tablet computer, etc.
As an example, in embodiments of the present application, the target device 206 may also be a wearable device. The wearable device can also be called as a wearable intelligent device, and is a generic name for intelligently designing daily wear by applying wearable technology and developing wearable devices, such as glasses, gloves, watches, clothes, shoes and the like. The wearable device is a portable device that is worn directly on the body or integrated into the clothing or accessories of the user. The wearable device is not only a hardware device, but also can realize a powerful function through software support, data interaction and cloud interaction. The generalized wearable intelligent device includes full functionality, large size, and may not rely on the smart phone to implement complete or partial functionality, such as: smart watches or smart glasses, etc., and focus on only certain types of application functions, and need to be used in combination with other devices, such as smart phones, for example, various smart bracelets, smart jewelry, etc. for physical sign monitoring.
The target device 206 is configured to perform traffic transmission with the network side device 207.
In one possible implementation, to ensure server security, the target device 206 may apply for corresponding firewall protection requirements to the operator network.
It should be noted that, the target device 206 and the network-side device 207 may be communication devices in the same network, or may be communication devices in different networks.
The service chain configuration means 201 are for determining service segment identities of a plurality of node devices.
Illustratively, a plurality of node devices may include a secure pool gateway 204, a bandwidth access device 205, and a security proxy node.
The service segment is identified as the SID of the node device corresponding to the traffic of the network device 207 at the transmission destination device 206.
In a possible implementation manner, the service chain configuration apparatus 201 may obtain service segment identifiers of a plurality of node devices through the network controller 202 and the security controller 203.
Illustratively, the network controller 202, the security controller 203 may be a metropolitan area network orchestrator. Such as flexible open containers (AOCs), web services orchestrators (network servicesorchestrator, NSOs). The bandwidth access device 205 may be a bandwidth access server (BRAS).
The service chain configuration device 201 is further configured to configure the first segment identifier list and the second segment identifier list according to service segment identifiers of the plurality of node devices.
Wherein the first segment identification list is used to indicate a node device forwarding path of traffic from the target device 206, and the second segment identification list is used to indicate a node device forwarding path of traffic from the network side device 207.
Illustratively, the plurality of node devices are a security pool gateway 204, a bandwidth access device 205, a first security proxy node, and a second security proxy node, respectively. Wherein the secure pool gateway 204 and the bandwidth access device 205 act as head nodes and tail nodes, respectively.
The service segment identifier corresponding to the security pool gateway 204 is 1000:2, and the service segment identifier corresponding to the bandwidth access device 205 is 4000:2. The first security proxy node is identified as 2000::2 for traffic segments of traffic from the target device 206 and 2000::3 for traffic segments of traffic from the network side device 207. The second security proxy node has a traffic segment identification of 3000::2 for traffic from the target device 206 and a traffic segment identification of 3000::3 for traffic from the network side device 207.
For traffic from the target device 206, the service chain configuration apparatus 201 may use the secure pool gateway 204 as the starting node, i.e. the service segment of the starting node is identified as 1000:2, the first segment identification list is: 2000::2, 3000::2, 4000::2.
For the traffic from the network side device 207, the service chain configuration apparatus 201 may use the bandwidth access device 205 as the starting node, i.e. the service segment of the starting node is identified as 4000:2, and the second segment identification list is: 3000::3, 2000::3, 1000::2.
The service chain configuration means 201 is further configured to instruct the secure pool gateway 204 to establish a service chain configuration according to the first segment identification list.
Wherein the secure pool gateway 204 is configured to forward traffic from the target device 206 via the first segment identification list.
In connection with the above example, after the secure pool gateway 204 establishes the service chain configuration, the secure pool gateway 204 may forward the received traffic from the target device 206 to the first security proxy node having a traffic segment identifier of 2000:2 according to the first segment identifier list.
The first security agent node forwards the received service traffic to the security network element for security processing, and then the first security agent node forwards the service traffic to a second security agent node with a service segment identification of 3000:2.
The second security proxy node forwards the received traffic to the security network element for security processing, and then the second security proxy node forwards the traffic to the bandwidth access device 205 with the traffic segment identification of 4000:2.
The bandwidth access device 205 forwards the traffic to the network side device 207.
The service chain configuration means 201 is further configured to instruct the bandwidth access device 205 to establish a service chain configuration according to the second segment identification list.
Wherein the bandwidth access device 205 is configured to forward the traffic from the network side device 207 through the second segment identifier list.
In connection with the above example, after the bandwidth access device 205 establishes the service chain configuration, the bandwidth access device 205 may forward the received traffic from the network side device 207 to a second security proxy node having a traffic segment identifier of 3000:3 according to the second segment identifier list.
The second security agent node forwards the received service traffic to the security network element for security processing, and then the second security agent node forwards the service traffic to the first security agent node with the service segment identifier of 2000:3.
The first security proxy node forwards the received traffic to the security network element for security processing, and then the first security proxy node forwards the traffic to the security pool gateway 204 with the service segment identifier of 1000:2.
The secure pool gateway 204 forwards the traffic to the target device 206.
It should be noted that, the embodiments of the present application may refer to or refer to each other, for example, the same or similar steps, and the method embodiment, the system embodiment and the device embodiment may refer to each other, which is not limited.
Fig. 3 is a flowchart of a service chain configuration method provided in an embodiment of the present application. As shown in fig. 3, the method comprises the steps of:
Illustratively, a security pool gateway, a bandwidth access device, and a security proxy node may be included in the plurality of node devices.
The service segment identifier is SID corresponding to the service flow of the node device in the transmission target device and the network device.
In a possible implementation manner, the service chain configuration device may obtain service segment identifiers of a plurality of node devices through the network controller and the security controller.
In yet another possible implementation manner, for each node device in the plurality of node devices, the service chain configuration apparatus obtains a service segment identifier of the node device in a case where the node device is configured with the service segment identifier. In the case that the node device is not configured with the service segment identifier, the service chain configuration device allocates the service segment identifier to the node device from a plurality of unused service segment identifiers.
Wherein the first segment identification list is used to indicate a node device forwarding path for traffic from the target device. The second segment identifier list is used for indicating a node device forwarding path of the traffic from the network side device.
Illustratively, the plurality of node devices are a secure pool gateway, a bandwidth access device, a first secure proxy node, and a second secure proxy node, respectively. The security pool gateway and the bandwidth access device are respectively used as a head node and a tail node.
The service section identifier corresponding to the security pool gateway is 1000:2, and the service section identifier corresponding to the bandwidth access device is 4000:2. The first security proxy node has a traffic segment identifier of 2000::2 for traffic from the target device and a traffic segment identifier of 2000::3 for traffic from the network side device. The second security proxy node has a traffic segment identification of 3000::2 for traffic from the target device and a traffic segment identification of 3000::3 for traffic from the network side device.
For the service flow from the target equipment, the service chain configuration device can use the security pool gateway as the starting node, namely the service segment identifier of the starting node is 1000:2, and the first segment identifier list is as follows: 2000::2, 3000::2, 4000::2.
For the service flow from the network side equipment, the service chain configuration device can use the bandwidth access equipment as the starting node, namely the service segment identifier of the starting node is 4000:2, and the second segment identifier list is: 3000::3, 2000::3, 1000::2.
The secure pool gateway is used for forwarding the traffic from the target device through the first segment identification list.
In connection with the above example, after the secure pool gateway establishes the service chain configuration, the secure pool gateway may forward the received traffic from the target device to the first security proxy node having a traffic segment identifier of 2000:2 according to the first segment identifier list.
The first security agent node forwards the received service traffic to the security network element for security processing, and then the first security agent node forwards the service traffic to a second security agent node with a service segment identification of 3000:2.
And the second security agent node forwards the received service traffic to the security network element for security processing, and then the second security agent node forwards the service traffic to the bandwidth access device with the service segment identification of 4000:2.
The bandwidth access device forwards the traffic to the network side device.
The bandwidth access device is used for forwarding the service traffic from the network side device through the second segment identification list.
In combination with the above example, after the bandwidth access device establishes the service chain configuration, the bandwidth access device may forward the received traffic from the network side device to the second security proxy node with the service segment identifier of 3000:3 according to the second segment identifier list.
The second security agent node forwards the received service traffic to the security network element for security processing, and then the second security agent node forwards the service traffic to the first security agent node with the service segment identifier of 2000:3.
The first security agent node forwards the received service traffic to a security network element for security processing, and then the first security agent node forwards the service traffic to a security pool gateway with a service segment identifier of 1000:2.
The secure pool gateway forwards the traffic to the target device.
The order of execution of step 303 and step 304 is not limited in this application, and step 303 may be executed before step 304 or after step 304, and step 303 and step 304 may be executed in parallel. Fig. 3 illustrates the service chain configuration method provided in the present application as an example only with step 304 performed after step 303.
Based on the above technical solution, the service chain configuration device provided in the embodiments of the present application may determine service segment identifiers of a plurality of node devices, and configure a first segment identifier list and a second segment identifier list according to the service segment identifiers of the plurality of node devices. The first segment identification list is used for indicating a node device forwarding path of the traffic from the target device, and the second segment identification list is used for indicating a node device forwarding path of the traffic from the network side device. In this way, the service chain configuration device can instruct the secure pool gateway to establish the service chain configuration according to the first segment identification list, and instruct the bandwidth access device to establish the service chain configuration according to the second segment identification list. Therefore, compared with the prior art, the service chain configuration device can cooperatively carry out service chain arrangement, realizes automatic deployment of the service chain through devices such as the linkage safety pool gateway and the bandwidth access equipment, and is suitable for service chain configuration scenes in one or more networks.
Hereinafter, a procedure of configuring the security proxy service by the service chain configuration device will be described.
As a possible embodiment of the present application, when a security proxy node is included in a plurality of node devices, as shown in fig. 4, the method may further include the following step 401.
The security proxy service configuration information is used for indicating the security proxy node to perform security detection on the received service flow.
In connection with the above example, the security proxy service configuration information sent by the service chain configuration device to the first security proxy node through the security controller may be represented by:
segment-routingipv6
locatoras1ipv6-prefix2000::64static32
opcode2end-as// for traffic from a target device
inner-typeipv4
encapsulationipv4nexthop10.1.1.1out-interfacege0/0/130
in-interfacege0/0/2
cachesource-address1000::2
cachelist2000::23000::24000::2
opcode3end-as// for traffic from network side device
inner-typeipv4
encapsulationipv4nexthop10.1.2.1out-interfacege0/0/230
in-interfacege0/0/1
cachesource-address4000::2
cachelist3000::32000::31000::2
The security proxy service configuration information sent by the service chain configuration device to the second security proxy node through the security controller may be represented by:
segment-routingipv6
locatoras1ipv6-prefix3000::64static32
opcode2end-as// for traffic from a target device
inner-typeipv4
encapsulationipv4nexthop11.1.1.1out-interfacege0/0/130
in-interfacege0/0/2
cachesource-address1000::2
cachelist2000::23000::24000::2
opcode3end-as// for traffic from network side device
inner-typeipv4
encapsulationipv4nexthop11.1.2.1out-interfacege0/0/230
in-interfacege0/0/1
cachesource-address4000::2
cachelist3000::32000::31000::2
Based on the above technical solution, the service chain configuration device provided in the embodiments of the present application may send security proxy service configuration information to security proxy nodes in multiple node devices through the security controller. The security proxy service configuration information is used for indicating the security proxy node to perform security detection on the received service flow. In this way, the service chain configuration device in the application can realize the security detection configuration of the security proxy node and provide security protection service for users.
Hereinafter, a procedure for instructing the secure pool gateway and the bandwidth access device to establish the service chain configuration by the service chain configuration means will be described.
As a possible embodiment of the present application, in conjunction with fig. 3, as shown in fig. 5, the above step 303 may be implemented by the following steps 501-502.
In connection with the above example, the first segment identification list may be represented by:
segment-routingipv6
traffic-engineering
segment-lists1
index10ipv62000::2
index20ipv63000::2
index30ipv64000::2
It should be noted that, after the secure pool gateway establishes the service chain configuration, the secure pool gateway may perform policy matching on the received service traffic, and then encapsulate the received service traffic from the target device according to the first segment identifier list, so that the subsequent node device forwards the traffic according to the first segment identifier list encapsulated in the service traffic.
As a possible embodiment of the present application, in conjunction with fig. 3, as shown in fig. 5, the above step 304 may be implemented by the following steps 503-504.
In connection with the above example, the second segment identification list may be represented by:
segment-routingipv6
traffic-engineering
segment-lists1
index10ipv63000::2
index20ipv62000::2
index30ipv61000::2
It should be noted that, after the bandwidth access device establishes the service chain configuration, the bandwidth access device may perform policy matching on the received service traffic, and then encapsulate the received service traffic from the network side device according to the second segment identifier list, so that the subsequent node device forwards the traffic according to the second segment identifier list encapsulated in the service traffic.
Based on the above technical solution, the bandwidth access device in the embodiments of the present application may perform service chain configuration on the security pool gateway and the bandwidth access device through the security controller and the network controller, respectively. Therefore, the service chain configuration method based on the multi-level controller can realize the service chain configuration of forward flow and reverse flow between the target equipment and the network side equipment, and the problem that the service chain cannot be automatically deployed in a multi-network-crossing scene is avoided.
The embodiment of the present application may divide the functional modules or functional units of the service chain configuration device according to the above method example, for example, each functional module or functional unit may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated modules may be implemented in hardware, or in software functional modules or functional units. The division of the modules or units in the embodiments of the present application is merely a logic function division, and other division manners may be implemented in practice.
As shown in fig. 6, a schematic structural diagram of a service chain configuration device 60 according to an embodiment of the present application is provided, where the service chain configuration device 60 includes:
a processing unit 601 is configured to determine service segment identifiers of a plurality of node devices.
The processing unit 601 is further configured to configure a first segment identifier list and a second segment identifier list according to service segment identifiers of the plurality of node devices; the first segment identification list is used for indicating a node device forwarding path of traffic from the target device; the second segment identifier list is used for indicating a node device forwarding path of the traffic from the network side device.
A communication unit 602, configured to instruct the secure pool gateway to establish a service chain configuration according to the first segment identification list; the secure pool gateway is operable to forward traffic from the target device through the first segment identification list.
A communication unit 602, configured to further instruct the bandwidth access device to establish a service chain configuration according to the second segment identification list; the bandwidth access device is used for forwarding the service traffic from the network side device through the second segment identification list.
In one possible implementation, the processing unit 601 is configured to: for each node device in a plurality of node devices, acquiring a service segment identifier of the node device under the condition that the node device is configured with the service segment identifier; and under the condition that the node equipment is not configured with the service segment identifiers, distributing the service segment identifiers for the node equipment from a plurality of unused service segment identifiers.
In one possible implementation, the plurality of node devices include security agent nodes therein; a communication unit 602, configured to send, by using a security controller, security proxy service configuration information to a security proxy node in the plurality of node devices; the security proxy service configuration information is used for indicating the security proxy node to perform security detection on the received service traffic.
In one possible implementation, the communication unit 602 is configured to: and sending the first segment identification list to the secure pool gateway through the secure controller so that the secure pool gateway establishes service chain configuration according to the first segment identification list.
In one possible implementation, the communication unit 602 is configured to: and sending the second segment identification list to the bandwidth access device through the network controller so that the bandwidth access device establishes service chain configuration according to the second segment identification list.
When implemented in hardware, the communication unit 602 in the embodiments of the present application may be integrated on a communication interface, and the processing unit 601 may be integrated on a processor. A specific implementation is shown in fig. 7.
Fig. 7 shows still another possible structural schematic diagram of the service chain configuration device involved in the above-described embodiment. The service chain configuration device 70 includes: a processor 702 and a communication interface 703. The processor 702 is configured to control and manage the actions of the service chaining configuration apparatus 70, e.g., perform the steps performed by the processing unit 601 described above, and/or perform other processes of the techniques described herein. The communication interface 703 is used to support communication of the service chaining configuration apparatus 70 with other network entities, for example, to perform the steps performed by the communication unit 602 described above. The service chain configuration device 70 may further comprise a memory 701 and a bus 704, the memory 701 being used for storing program codes and data of the service chain configuration device 70.
Wherein the memory 701 may be a memory or the like in the service chain configuration device 70, which may include a volatile memory, such as a random access memory; the memory may also include non-volatile memory, such as read-only memory, flash memory, hard disk or solid state disk; the memory may also comprise a combination of the above types of memories.
The processor 702 may be implemented or executed with the various exemplary logic blocks, modules, and circuits described in connection with this disclosure. The processor may be a central processing unit, a general purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a transistor logic device, a hardware component, or any combination thereof. Which may implement or perform the various exemplary logic blocks, modules, and circuits described in connection with this disclosure. The processor may also be a combination that performs the function of a computation, e.g., a combination comprising one or more microprocessors, a combination of a DSP and a microprocessor, etc.
The service chain configuration device 70 in fig. 7 may also be a chip. The chip includes one or more (including two) processors 702 and a communication interface 703.
In some embodiments, the chip also includes memory 701, which memory 701 may include read only memory and random access memory, and provides operating instructions and data to processor 702. A portion of memory 701 may also include non-volatile random access memory (NVRAM).
In some implementations, the memory 701 stores the elements, execution modules or data structures, or a subset thereof, or an extended set thereof.
In the embodiment of the present application, the corresponding operation is performed by calling the operation instruction stored in the memory 701 (the operation instruction may be stored in the operating system).
From the foregoing description of the embodiments, it will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of functional modules is illustrated, and in practical application, the above-described functional allocation may be implemented by different functional modules according to needs, i.e. the internal structure of the apparatus is divided into different functional modules to implement all or part of the functions described above. The specific working processes of the above-described systems, devices and units may refer to the corresponding processes in the foregoing method embodiments, which are not described herein.
The present application provides a computer program product comprising instructions which, when executed on a computer, cause the computer to perform the service chain configuration method of the method embodiments described above.
The embodiment of the application also provides a computer readable storage medium, in which instructions are stored, which when executed on a computer, cause the computer to execute the service chain configuration method in the method flow shown in the method embodiment.
The computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access Memory (RandomAccess Memory, RAM), a Read-Only Memory (ROM), an erasable programmable Read-Only Memory (ErasableProgrammableReadOnlyMemory, EPROM), a register, a hard disk, an optical fiber, a portable compact disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing, or any other form of computer readable storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an application specific integrated circuit (application specific IntegratedCircuit, ASIC). In the context of the present application, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
Since the service chain configuration device, the computer readable storage medium and the computer program product in the embodiments of the present application may be applied to the above-mentioned method, the technical effects that can be obtained by the service chain configuration device, the computer readable storage medium and the computer program product may also refer to the above-mentioned method embodiments, and the embodiments of the present application are not repeated herein.
In the several embodiments provided in this application, it should be understood that the disclosed systems, devices, and methods may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interface, indirect coupling or communication connection of devices or units, electrical, mechanical, or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The foregoing is merely a specific embodiment of the present application, but the protection scope of the present application is not limited thereto, and any changes or substitutions within the technical scope of the present disclosure should be covered in the protection scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (12)
1. A method of service chaining configuration, the method comprising:
determining service segment identifiers of a plurality of node devices;
configuring a first segment identification list and a second segment identification list according to service segment identifications of the plurality of node devices; the first segment identification list is used for indicating a node device forwarding path of traffic from the target device; the second segment identification list is used for indicating a node equipment forwarding path of the service flow from the network side equipment;
instructing a secure pool gateway to establish a service chain configuration according to the first segment identification list; the secure pool gateway is used for forwarding the service traffic from the target device through the first segment identification list;
Indicating the bandwidth access equipment to establish service chain configuration according to the second section identification list; the bandwidth access device is configured to forward, through the second segment identifier list, traffic from the network device.
2. The method of claim 1, wherein the determining the service segment identities of the plurality of node devices comprises:
for each node device in the plurality of node devices, acquiring a service segment identifier of the node device under the condition that the node device is configured with the service segment identifier;
and under the condition that the node equipment is not configured with the service segment identifiers, distributing the service segment identifiers for the node equipment from a plurality of unused service segment identifiers.
3. The method of claim 1, wherein the plurality of node devices include security proxy nodes therein; the method further comprises the steps of:
transmitting, by the security controller, security proxy service configuration information to a security proxy node in the plurality of node devices; the security proxy service configuration information is used for indicating the security proxy node to perform security detection on the received service flow.
4. A method according to any of claims 1-3, wherein said instructing a secure pool gateway to establish a service chain configuration from said first segment identification list comprises:
And sending a first segment of identification list to the secure pool gateway through a secure controller, so that the secure pool gateway establishes service chain configuration according to the first segment of identification list.
5. A method according to any of claims 1-3, wherein said instructing the bandwidth access device to establish a service chain configuration from said second segment identification list comprises:
and sending a second segment identification list to the bandwidth access equipment through a network controller, so that the bandwidth access equipment establishes service chain configuration according to the second segment identification list.
6. A service chain configuration device, which is characterized by comprising a processing unit and a communication unit;
the processing unit is used for determining service segment identifiers of a plurality of node devices;
the processing unit is further configured to configure a first segment identification list and a second segment identification list according to service segment identifications of the plurality of node devices; the first segment identification list is used for indicating a node device forwarding path of traffic from the target device; the second segment identification list is used for indicating a node equipment forwarding path of the service flow from the network side equipment;
the communication unit is used for indicating the secure pool gateway to establish service chain configuration according to the first segment identification list; the secure pool gateway is used for forwarding the service traffic from the target device through the first segment identification list;
The communication unit is further configured to instruct a bandwidth access device to establish a service chain configuration according to the second segment identification list; the bandwidth access device is configured to forward, through the second segment identifier list, traffic from the network device.
7. The apparatus of claim 6, wherein the processing unit is configured to:
for each node device in the plurality of node devices, acquiring a service segment identifier of the node device under the condition that the node device is configured with the service segment identifier;
and under the condition that the node equipment is not configured with the service segment identifiers, distributing the service segment identifiers for the node equipment from a plurality of unused service segment identifiers.
8. The apparatus of claim 6, wherein the plurality of node devices comprise security proxy nodes;
the communication unit is further used for sending security proxy service configuration information to the security proxy nodes in the plurality of node devices through the security controller; the security proxy service configuration information is used for indicating the security proxy node to perform security detection on the received service flow.
9. The apparatus according to any of claims 6-8, wherein the communication unit is configured to:
And sending a first segment of identification list to the secure pool gateway through a secure controller, so that the secure pool gateway establishes service chain configuration according to the first segment of identification list.
10. The apparatus according to any of claims 6-8, wherein the communication unit is configured to:
and sending a second segment identification list to the bandwidth access equipment through a network controller, so that the bandwidth access equipment establishes service chain configuration according to the second segment identification list.
11. A service chain configuration apparatus, comprising: a processor and a communication interface; the communication interface being coupled to the processor for executing a computer program or instructions to implement the service chaining configuration method according to any of the claims 1-5.
12. A computer-readable storage medium, wherein instructions are stored in the computer-readable storage medium, which when executed by a computer, perform the service chaining configuration method according to any of claims 1-5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211624942.8A CN116248570B (en) | 2022-12-16 | 2022-12-16 | Service chain configuration method, device and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211624942.8A CN116248570B (en) | 2022-12-16 | 2022-12-16 | Service chain configuration method, device and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN116248570A true CN116248570A (en) | 2023-06-09 |
CN116248570B CN116248570B (en) | 2024-05-14 |
Family
ID=86625038
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211624942.8A Active CN116248570B (en) | 2022-12-16 | 2022-12-16 | Service chain configuration method, device and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116248570B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN118101555A (en) * | 2024-04-22 | 2024-05-28 | 新华三技术有限公司 | Message forwarding method and device, electronic equipment and computer readable storage medium |
Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015080634A1 (en) * | 2013-11-26 | 2015-06-04 | Telefonaktiebolaget L M Ericsson (Publ) | A method and system of supporting service chaining in a data network |
US20150381493A1 (en) * | 2014-06-30 | 2015-12-31 | Juniper Networks, Inc. | Service chaining across multiple networks |
US20160099864A1 (en) * | 2014-10-07 | 2016-04-07 | Cisco Technology, Inc. | Selective service bypass in service function chaining |
CN108377262A (en) * | 2017-01-30 | 2018-08-07 | 汤姆逊许可公司 | Manage the method for the service chaining at the network equipment, the corresponding network equipment |
CN109889533A (en) * | 2019-03-11 | 2019-06-14 | 北京网御星云信息技术有限公司 | Security defend method and system, computer readable storage medium under cloud environment |
US20200084143A1 (en) * | 2018-09-11 | 2020-03-12 | Cisco Technology, Inc. | In-situ operation, administration, and maintenance in segment routing with multiprotocol label switching networks |
CN111045751A (en) * | 2019-12-27 | 2020-04-21 | 中国银行股份有限公司 | Multi-service configuration chain processing method and device |
CN111130811A (en) * | 2019-12-24 | 2020-05-08 | 广东省新一代通信与网络创新研究院 | Broadband access method based on segment routing, BRAS controller and data center system |
CN112953831A (en) * | 2021-01-22 | 2021-06-11 | 新华三大数据技术有限公司 | Message forwarding method and device |
CN113381933A (en) * | 2021-06-04 | 2021-09-10 | 烽火通信科技股份有限公司 | SRv6 bidirectional forwarding detection method and system in network |
CN113794637A (en) * | 2021-08-20 | 2021-12-14 | 新华三信息安全技术有限公司 | SID list processing method and device |
CN115174474A (en) * | 2022-09-08 | 2022-10-11 | 浙江九州云信息科技有限公司 | Private cloud SFC implementation method and device based on SRv6 |
CN115297521A (en) * | 2022-08-02 | 2022-11-04 | 中国电信股份有限公司 | Message forwarding method, device, system, medium and electronic equipment based on SRv6 |
-
2022
- 2022-12-16 CN CN202211624942.8A patent/CN116248570B/en active Active
Patent Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015080634A1 (en) * | 2013-11-26 | 2015-06-04 | Telefonaktiebolaget L M Ericsson (Publ) | A method and system of supporting service chaining in a data network |
US20150381493A1 (en) * | 2014-06-30 | 2015-12-31 | Juniper Networks, Inc. | Service chaining across multiple networks |
US20160099864A1 (en) * | 2014-10-07 | 2016-04-07 | Cisco Technology, Inc. | Selective service bypass in service function chaining |
CN108377262A (en) * | 2017-01-30 | 2018-08-07 | 汤姆逊许可公司 | Manage the method for the service chaining at the network equipment, the corresponding network equipment |
US20200084143A1 (en) * | 2018-09-11 | 2020-03-12 | Cisco Technology, Inc. | In-situ operation, administration, and maintenance in segment routing with multiprotocol label switching networks |
CN109889533A (en) * | 2019-03-11 | 2019-06-14 | 北京网御星云信息技术有限公司 | Security defend method and system, computer readable storage medium under cloud environment |
CN111130811A (en) * | 2019-12-24 | 2020-05-08 | 广东省新一代通信与网络创新研究院 | Broadband access method based on segment routing, BRAS controller and data center system |
CN111045751A (en) * | 2019-12-27 | 2020-04-21 | 中国银行股份有限公司 | Multi-service configuration chain processing method and device |
CN112953831A (en) * | 2021-01-22 | 2021-06-11 | 新华三大数据技术有限公司 | Message forwarding method and device |
CN113381933A (en) * | 2021-06-04 | 2021-09-10 | 烽火通信科技股份有限公司 | SRv6 bidirectional forwarding detection method and system in network |
CN113794637A (en) * | 2021-08-20 | 2021-12-14 | 新华三信息安全技术有限公司 | SID list processing method and device |
CN115297521A (en) * | 2022-08-02 | 2022-11-04 | 中国电信股份有限公司 | Message forwarding method, device, system, medium and electronic equipment based on SRv6 |
CN115174474A (en) * | 2022-09-08 | 2022-10-11 | 浙江九州云信息科技有限公司 | Private cloud SFC implementation method and device based on SRv6 |
Non-Patent Citations (2)
Title |
---|
INTEL: "S1-202101 "SID: Feasibility Study on Support for Service Function Chaining in 5G System (FS_SFCin5GS)"", 3GPP TSG-SA WG1 MEETING #90-E, 20 May 2020 (2020-05-20) * |
解冲锋;蒋文洁;马晨昊;严皓;王思斐;李聪;陈运清;: "面向视频云综合承载的SRv6的研究与实践", 电信科学, no. 12, 31 December 2019 (2019-12-31) * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN118101555A (en) * | 2024-04-22 | 2024-05-28 | 新华三技术有限公司 | Message forwarding method and device, electronic equipment and computer readable storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN116248570B (en) | 2024-05-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111031080B (en) | Message transmission method and device | |
EP3127286B1 (en) | Handling of traffic flows in a communications system | |
CN111030912B (en) | Method for intercommunication between virtual private cloud VPCs | |
CN110677345B (en) | User message transmission method and communication equipment | |
CN111953805B (en) | Method and device for transmitting data | |
CN110383792B (en) | Computing system and method in a communication system | |
CN113207192A (en) | Message forwarding method and device | |
CN116248570B (en) | Service chain configuration method, device and storage medium | |
CN113839995A (en) | Cross-domain resource management system, method, device and storage medium | |
US20230336377A1 (en) | Packet forwarding method and apparatus, and network system | |
CN111404797B (en) | Control method, SDN controller, SDN access point, SDN gateway and CE | |
CN110768903A (en) | Method, device, terminal and storage medium for optimizing network connection | |
JP6206594B2 (en) | Control apparatus and control method | |
CN113132200B (en) | Data forwarding method, repeater, system, server and storage medium | |
CN117336272A (en) | Number processing method, device and storage medium | |
CN109756409B (en) | Bridge forwarding method | |
CN110351394B (en) | Network data processing method and device, computer device and readable storage medium | |
WO2016074478A1 (en) | Method and device for identifying service chain path, and service chain | |
EP4075739B1 (en) | Service chain forwarding control methods and devices | |
US20210119859A1 (en) | Topology Agnostic Security Services | |
CN114631350B (en) | Service flow routing method, device and system | |
CN105099911B (en) | Communication system, communication means and device using the communication system | |
CN116488839A (en) | Service chain deployment method and device, security pool gateway and security orchestrator | |
CN111092772B (en) | Network service processing method, device and system | |
CN107995084B (en) | Tunnel selection method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |