CN116248570B - Service chain configuration method, device and storage medium - Google Patents

Service chain configuration method, device and storage medium Download PDF

Info

Publication number
CN116248570B
CN116248570B CN202211624942.8A CN202211624942A CN116248570B CN 116248570 B CN116248570 B CN 116248570B CN 202211624942 A CN202211624942 A CN 202211624942A CN 116248570 B CN116248570 B CN 116248570B
Authority
CN
China
Prior art keywords
service
segment
node
identification list
traffic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211624942.8A
Other languages
Chinese (zh)
Other versions
CN116248570A (en
Inventor
黎宇
梁洪智
周婧莹
郝立谦
吴在学
陈孟尝
刘北阳
薛松荃
莫俊彬
李世英
方遒铿
杨振东
张超
薛强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202211624942.8A priority Critical patent/CN116248570B/en
Publication of CN116248570A publication Critical patent/CN116248570A/en
Application granted granted Critical
Publication of CN116248570B publication Critical patent/CN116248570B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/34Source routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0876Aspects of the degree of configuration automation
    • H04L41/0886Fully automatic configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/38Flow based routing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Automation & Control Theory (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application provides a service chain configuration method, a device and a storage medium, relates to the technical field of communication, and can solve the problem that the prior art cannot realize cross-network deployment. The method comprises the following steps: determining service segment identifiers of a plurality of node devices; configuring a first segment identification list and a second segment identification list according to service segment identifications of a plurality of node devices; the first segment identification list is used for indicating a node device forwarding path of traffic from the target device; the second segment identification list is used for indicating a node device forwarding path of the service flow from the network side device; instructing the secure pool gateway to establish a service chain configuration according to the first segment identification list; instructing the bandwidth access device to establish a service chain configuration according to the second segment identification list; the bandwidth access device is used for forwarding the service traffic from the network side device through the second segment identification list. The application can realize service chain deployment among one or more networks.

Description

Service chain configuration method, device and storage medium
Technical Field
The present application relates to the field of communications technologies, and in particular, to a service chain configuration method, apparatus, and storage medium.
Background
Segment routing (segmentroutingIPv, SRv) service chaining (servicefunctionchain, SFC) based on internet protocol version6 (internetprotocolversion, IPv 6) forwarding plane is a technique that directs messages to follow a specified path through application layer service devices by adding SRv path information to the original message.
In actual networking, the security devices/security clouds are managed by the security controller, and the network devices are managed by the network controller, while deployment may occur across multiple networks, which makes it difficult for SFCs to co-deploy in multiple networks.
Disclosure of Invention
The application provides a service chain configuration method, a device and a storage medium, which can realize service chain deployment among one or more networks.
In order to achieve the above purpose, the application adopts the following technical scheme:
in a first aspect, the present application provides a service chain configuration method, including: determining service segment identifiers of a plurality of node devices; configuring a first segment identification list and a second segment identification list according to service segment identifications of a plurality of node devices; the first segment identification list is used for indicating a node device forwarding path of traffic from the target device; the second segment identification list is used for indicating a node device forwarding path of the service flow from the network side device; instructing the secure pool gateway to establish a service chain configuration according to the first segment identification list; the secure pool gateway is used for forwarding the service traffic from the target device through the first segment identification list; instructing the bandwidth access device to establish a service chain configuration according to the second segment identification list; the bandwidth access device is used for forwarding the service traffic from the network side device through the second segment identification list.
Based on the above technical solution, the service chain configuration device provided by the embodiment of the present application may determine service segment identifiers of a plurality of node devices, and configure a first segment identifier list and a second segment identifier list according to the service segment identifiers of the plurality of node devices. The first segment identification list is used for indicating a node device forwarding path of the traffic from the target device, and the second segment identification list is used for indicating a node device forwarding path of the traffic from the network side device. In this way, the service chain configuration device can instruct the secure pool gateway to establish the service chain configuration according to the first segment identification list, and instruct the bandwidth access device to establish the service chain configuration according to the second segment identification list. Therefore, the service chain configuration device can cooperatively carry out service chain arrangement, realizes automatic deployment of the service chain through the devices such as the linkage safety pool gateway, the bandwidth access equipment and the like, and is suitable for service chain configuration scenes in one or more networks.
With reference to the first aspect, in one possible implementation manner, the method includes: for each node device in a plurality of node devices, acquiring a service segment identifier of the node device under the condition that the node device is configured with the service segment identifier; and under the condition that the node equipment is not configured with the service segment identifiers, distributing the service segment identifiers for the node equipment from a plurality of unused service segment identifiers.
With reference to the first aspect, in one possible implementation manner, the plurality of node devices include security proxy nodes; the method further comprises the steps of: transmitting, by the security controller, security proxy service configuration information to a security proxy node in the plurality of node devices; the security proxy service configuration information is used for indicating the security proxy node to perform security detection on the received service traffic.
With reference to the first aspect, in one possible implementation manner, the method includes: and sending the first segment identification list to the secure pool gateway through the secure controller so that the secure pool gateway establishes service chain configuration according to the first segment identification list.
With reference to the first aspect, in one possible implementation manner, the method includes: and sending the second segment identification list to the bandwidth access device through the network controller so that the bandwidth access device establishes service chain configuration according to the second segment identification list.
In a second aspect, the present application provides a service chain configuration apparatus, the apparatus comprising: a processing unit and a communication unit; a processing unit, configured to determine service segment identifiers of a plurality of node devices; the processing unit is also used for configuring a first segment identification list and a second segment identification list according to the service segment identifications of the plurality of node devices; the first segment identification list is used for indicating a node device forwarding path of traffic from the target device; the second segment identification list is used for indicating a node device forwarding path of the service flow from the network side device; the communication unit is used for indicating the secure pool gateway to establish service chain configuration according to the first section identification list; the secure pool gateway is used for forwarding the service traffic from the target device through the first segment identification list; the communication unit is also used for indicating the bandwidth access equipment to establish service chain configuration according to the second section identification list; the bandwidth access device is used for forwarding the service traffic from the network side device through the second segment identification list.
With reference to the second aspect, in one possible implementation manner, the processing unit is configured to: for each node device in a plurality of node devices, acquiring a service segment identifier of the node device under the condition that the node device is configured with the service segment identifier; and under the condition that the node equipment is not configured with the service segment identifiers, distributing the service segment identifiers for the node equipment from a plurality of unused service segment identifiers.
With reference to the second aspect, in one possible implementation manner, the plurality of node devices include security agent nodes; the communication unit is also used for sending the security proxy service configuration information to the security proxy nodes in the plurality of node devices through the security controller; the security proxy service configuration information is used for indicating the security proxy node to perform security detection on the received service traffic.
With reference to the second aspect, in one possible implementation manner, the communication unit is configured to: and sending the first segment identification list to the secure pool gateway through the secure controller so that the secure pool gateway establishes service chain configuration according to the first segment identification list.
With reference to the second aspect, in one possible implementation manner, the communication unit is configured to: and sending the second segment identification list to the bandwidth access device through the network controller so that the bandwidth access device establishes service chain configuration according to the second segment identification list.
In a third aspect, the present application provides a service chain configuration apparatus, the apparatus comprising: a processor and a communication interface; the communication interface is coupled to a processor for running a computer program or instructions to implement the service chain configuration method as described in any one of the possible implementations of the first aspect and the first aspect.
In a fourth aspect, the present application provides a computer readable storage medium having instructions stored therein which, when run on a terminal, cause the terminal to perform a service chain configuration method as described in any one of the possible implementations of the first aspect and the first aspect.
In a fifth aspect, the present application provides a computer program product comprising instructions which, when run on a service chain configuration device, cause the service chain configuration device to perform the service chain configuration method as described in any one of the possible implementations of the first aspect and the first aspect.
In a sixth aspect, the present application provides a chip comprising a processor and a communications interface, the communications interface and the processor being coupled, the processor being for running a computer program or instructions to implement a service chain configuration method as described in any one of the possible implementations of the first aspect and the first aspect.
In particular, the chip provided in the present application further includes a memory for storing a computer program or instructions.
It should be noted that the above-mentioned computer instructions may be stored in whole or in part on a computer-readable storage medium. The computer readable storage medium may be packaged together with the processor of the apparatus or may be packaged separately from the processor of the apparatus, which is not limited in this respect.
The description of the second to sixth aspects of the present application may refer to the detailed description of the first aspect; also, the advantageous effects described in the second aspect to the sixth aspect may refer to the advantageous effect analysis of the first aspect, and are not described herein.
In the present application, the names of the above-described service chain configuration means do not constitute limitations on the devices or function modules themselves, and in actual implementation, these devices or function modules may appear under other names. Insofar as the function of each device or function module is similar to that of the present application, it falls within the scope of the claims of the present application and the equivalents thereof.
These and other aspects of the application will be more readily apparent from the following description.
Drawings
FIG. 1 is a system architecture diagram of a service chaining network provided in accordance with some embodiments;
Fig. 2 is a schematic architecture diagram of a service chain configuration system according to an embodiment of the present application;
fig. 3 is a flowchart of a service chain configuration method according to an embodiment of the present application;
FIG. 4 is a flowchart of another service chain configuration method according to an embodiment of the present application;
FIG. 5 is a flowchart of another service chain configuration method according to an embodiment of the present application;
Fig. 6 is a schematic structural diagram of a service chain configuration device according to an embodiment of the present application;
Fig. 7 is a schematic structural diagram of another service chain configuration device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The term "and/or" is herein merely an association relationship describing an associated object, meaning that there may be three relationships, e.g., a and/or B, may represent: a exists alone, A and B exist together, and B exists alone.
The terms "first" and "second" and the like in the description and in the drawings are used for distinguishing between different objects or between different processes of the same object and not for describing a particular order of objects.
Furthermore, references to the terms "comprising" and "having" and any variations thereof in the description of the present application are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed but may optionally include other steps or elements not listed or inherent to such process, method, article, or apparatus.
It should be noted that, in the embodiments of the present application, words such as "exemplary" or "such as" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "e.g." in an embodiment should not be taken as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion.
In the description of the present application, unless otherwise indicated, the meaning of "a plurality" means two or more.
The following explains terms related to the embodiments of the present application, so as to facilitate the understanding of readers.
(1) Service chain (servicefunctionchain SFC)
The SFC network is used for guiding the specific service message of the tenant to the appointed application service node for processing and forwarding to the destination. Illustratively, the SFC network may be a segment routing (segmentrouting IPv, SRv 6) SFC network based on the internet protocol version6 (internetprotocolversion, IPv 6) forwarding plane.
As shown in fig. 1, fig. 1 is a system architecture diagram of a service chaining network 10 provided in accordance with some embodiments.
The service chaining network 10 includes: traffic classification node 101 (SERVICECLASSIFIER, SC), service chaining forwarding node 102 (servicefunctionforwarder, SFF), tail node 103 (tail endpoint), and application service node 104 (servicefunction, SF).
It should be noted that the number of service chain forwarding nodes 102 and application service nodes 104 may be one or more.
The traffic classification node 101 is located at the edge of SRv SFC service chain network, which is the head node (also called source node, head node) on the service chain path. The traffic classification node 101 may employ different drainage methods to introduce traffic into SRv traffic engineering policy (TRAFFICENGINEERING POLICY) tunnels for forwarding.
The service chain forwarding node 102 is a service chain proxy of the application service node 104, and can forward the received message to a plurality of application service nodes 104 associated with the service chain forwarding node 102 according to SRv encapsulation information. After the application service node 104 processes the message, the message is sent to the service chain forwarding node 102, and the service chain forwarding node 102 determines whether to continue forwarding the message.
The tail node 103 is used for forwarding the traffic to the network side.
Application service node 104 is a node that provides application-specific services for traffic. The application service node that cannot identify SRv message is called SRv6-unawareSF, and the application service node that can identify SRv message is called SRv6-awareSF.
Segment routing (segmentroutingIPv, SRv) service chaining (servicefunctionchain, SFC) based on internet protocol version6 (internetprotocolversion, IPv 6) forwarding plane is a technique that directs messages to follow a specified path through application layer service devices by adding SRv path information to the original message.
Illustratively, the segment routing adopts a source node path selection mechanism, a segment identifier (SEGMENTIDENTIFIER, SID) of a segment to be passed by a path is packaged in the source node in advance, and when a message passes through the SR node, the node forwards the message according to the SID of the message. Other nodes besides the source node need not maintain path states. SRv6 refers to forwarding the message using SR in the IPv6 network, using the IPv6 address as SID.
In the related art, the SFF node is usually implemented by a hardware router, so that the SFF node and the SC node/Tail node need to be deployed in the same network, which results in that each user needs to implement security protection in a customized manner, and the deployment is difficult and has high cost.
Corresponding security devices can be deployed individually for each user by deploying a security pool. However, in actual networking, the security devices/security clouds are managed by the security controller, and the network devices are managed by the network controller, and may be deployed across multiple networks, which makes it difficult for SFCs to co-deploy in multiple networks.
In view of this, the present application provides a service chain configuration method, where a service chain configuration device may determine service segment identifiers of a plurality of node devices, and configure a first segment identifier list and a second segment identifier list according to the service segment identifiers of the plurality of node devices. The first segment identification list is used for indicating a node device forwarding path of the traffic from the target device, and the second segment identification list is used for indicating a node device forwarding path of the traffic from the network side device. In this way, the service chain configuration device can instruct the secure pool gateway to establish the service chain configuration according to the first segment identification list, and instruct the bandwidth access device to establish the service chain configuration according to the second segment identification list. Therefore, compared with the prior art, the service chain configuration device can cooperatively carry out service chain arrangement, realizes automatic deployment of the service chain through devices such as the linkage safety pool gateway and the bandwidth access equipment, and is suitable for service chain configuration scenes in one or more networks.
Fig. 2 is a schematic diagram of a service chain configuration system 20 according to an embodiment of the present application. As shown in fig. 2, the service chain configuration system 20 includes: service chain configuration means 201, network controller 202, security controller 203, security pool gateway 204, bandwidth access device 205, target device 206, and network side device 207.
The network-side device 207 is connected to the bandwidth access device 205 through an enterprise router, an optical fiber line terminal (opticalline terminal, OLT), or a switch. The target device 206 is connected to the bandwidth access device 205 and the secure pool gateway 204 via core routers (corerouter, CR), respectively. The bandwidth access device 205 is connected to the network controller 202. The security controller 203 is connected to a secure pool gateway 204. The service chain configuration device 201 is connected to the network controller 202 and the security controller 203, respectively.
Inside the secure pool, the secure pool gateway 204 is connected through a switch (e.g., EOR device) to a forwarding node (e.g., virtual service router (virtualservicesrouter, VSR)) in the SFC service chaining device, which is connected to the secure network element.
By way of example, the security network element may be a service network element such as a virtual firewall (virtualfirewall, vFW), web application guard, or the like.
It should be noted that, the service chain configuration method provided in the embodiment of the present application may be applied to the service chain configuration apparatus 201, where the service chain configuration apparatus 201 may be an independent communication apparatus, for example, a communication apparatus such as an access network device or a core network device. The service chain configuration means 201 described above may also be a functional module coupled in a communication device, such as a communication network element. The service chain configuration device 201 may be a computer program (APP) for executing the service chain configuration method. The service chain configuration device 201 may be a server connected to the communication device.
For example, the service chain configuration apparatus 201, the network controller 202, the security controller 203, the security pool gateway 204, the bandwidth access device 205, the target device 206, and the network side device 207 in the embodiment of the present application may be servers, where the servers include:
the processor may be a general purpose central processing unit (centralprocessingunit, CPU), microprocessor, application-specific integrated circuit (ASIC), or one or more integrated circuits configured to control the execution of the programs of the present application.
The transceiver may be a device using any type of transceiver for communicating with other devices or communication networks, such as ethernet, radio access network (radioaccessnetwork, RAN), wireless local area network (wirelesslocalareanetworks, WLAN), etc.
Memory, which may be, but is not limited to, read-only memory (ROM) or other type of static storage device that may store static information and instructions, random access memory (random accessmemory, RAM) or other type of dynamic storage device that may store information and instructions, but may also be, but is not limited to, electrically erasable programmable read-only memory (electricallyerasableprogrammable read-only memory, EEPROM), compact disc read-only memory (compactdiscread-only memory, CD-ROM) or other optical disc storage, optical disc storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory may be stand alone and be coupled to the processor via a communication line. The memory may also be integrated with the processor.
The target device 206 may also be a device with wireless or wired communication capabilities, and may be deployed on land, including indoors or outdoors, hand-held or vehicle-mounted. Can also be deployed on the water surface (such as a ship, etc.). But may also be deployed in the air (e.g., on aircraft, balloon, satellite, etc.). The target device 206, also referred to as a User Equipment (UE), a Mobile Station (MS), a mobile terminal device (mobileterminal, MT), a terminal device, etc., is a device that provides voice and/or data connectivity to a user. For example, the target device 206 includes a handheld device, an in-vehicle device, and the like having a wireless connection function. Currently, the target device 206 may be: a mobile phone (mobilephone), a tablet, a notebook, a palm, a mobile internet device (mobileinternetdevice, MID), a wearable device (e.g., a smartwatch, a smartband, a pedometer, etc.), a vehicle-mounted device (e.g., an automobile, a bicycle, an electric car, an airplane, a ship, a train, a high-speed rail, etc.), a virtual reality (virtualreality, VR) device, an augmented reality (augmentedreality, AR) device, a wireless terminal device in industrial control (industrialcontrol), a smart home device (e.g., a refrigerator, a television, an air conditioner, an ammeter, etc.), a smart robot, a workshop device, a wireless terminal device in an unmanned (selfdriving), a wireless terminal device in a teleoperation (remotemedicalsurgery), a wireless terminal device in a smart grid (smartgrid), a wireless terminal device in a transportation safety (transportationsafety), a wireless terminal device in a smart city (smartcity), a wireless terminal device in a smart home (smarthome), a flying device (e.g., a smart robot, a hot air balloon, an unmanned aerial vehicle, an airplane), etc. In one possible application scenario of the application, the terminal is a terminal that is often operated on the ground, for example a vehicle-mounted device. In the present application, for convenience of description, a Chip disposed in the above-described device, such as a System-On-a-Chip (SOC), a baseband Chip, etc., or other chips having a communication function may also be referred to as a terminal device.
The target device 206 may be a vehicle with corresponding communication functions, or an in-vehicle communication device, or other embedded communication devices, or may be a user-held communication device, including a mobile phone, a tablet computer, etc.
As an example, in an embodiment of the present application, the target device 206 may also be a wearable device. The wearable device can also be called as a wearable intelligent device, and is a generic name for intelligently designing daily wear by applying wearable technology and developing wearable devices, such as glasses, gloves, watches, clothes, shoes and the like. The wearable device is a portable device that is worn directly on the body or integrated into the clothing or accessories of the user. The wearable device is not only a hardware device, but also can realize a powerful function through software support, data interaction and cloud interaction. The generalized wearable intelligent device includes full functionality, large size, and may not rely on the smart phone to implement complete or partial functionality, such as: smart watches or smart glasses, etc., and focus on only certain types of application functions, and need to be used in combination with other devices, such as smart phones, for example, various smart bracelets, smart jewelry, etc. for physical sign monitoring.
The target device 206 is configured to perform traffic transmission with the network side device 207.
In one possible implementation, to ensure server security, the target device 206 may apply for corresponding firewall protection requirements to the operator network.
It should be noted that, the target device 206 and the network-side device 207 may be communication devices in the same network, or may be communication devices in different networks.
The service chain configuration means 201 are for determining service segment identities of a plurality of node devices.
Illustratively, a plurality of node devices may include a secure pool gateway 204, a bandwidth access device 205, and a security proxy node.
The service segment is identified as the SID of the node device corresponding to the traffic of the network device 207 at the transmission destination device 206.
In a possible implementation manner, the service chain configuration apparatus 201 may obtain service segment identifiers of a plurality of node devices through the network controller 202 and the security controller 203.
Illustratively, the network controller 202, the security controller 203 may be a metropolitan area network orchestrator. Such as flexible open container (agileopencontainer, AOC), web services orchestrator (network servicesorchestrator, NSO). The bandwidth access device 205 may be a bandwidth access server (broadbandremoteaccessserver, BRAS).
The service chain configuration device 201 is further configured to configure the first segment identifier list and the second segment identifier list according to service segment identifiers of the plurality of node devices.
Wherein the first segment identification list is used to indicate a node device forwarding path of traffic from the target device 206, and the second segment identification list is used to indicate a node device forwarding path of traffic from the network side device 207.
Illustratively, the plurality of node devices are a security pool gateway 204, a bandwidth access device 205, a first security proxy node, and a second security proxy node, respectively. Wherein the secure pool gateway 204 and the bandwidth access device 205 act as head nodes and tail nodes, respectively.
The service segment identifier corresponding to the security pool gateway 204 is 1000:2, and the service segment identifier corresponding to the bandwidth access device 205 is 4000:2. The first security proxy node is identified as 2000::2 for traffic segments of traffic from the target device 206 and 2000::3 for traffic segments of traffic from the network side device 207. The second security proxy node has a traffic segment identification of 3000::2 for traffic from the target device 206 and a traffic segment identification of 3000::3 for traffic from the network side device 207.
For traffic from the target device 206, the service chain configuration apparatus 201 may use the secure pool gateway 204 as the starting node, i.e. the service segment of the starting node is identified as 1000:2, the first segment identification list is: 2000::2, 3000::2, 4000::2.
For the traffic from the network side device 207, the service chain configuration apparatus 201 may use the bandwidth access device 205 as the starting node, i.e. the service segment of the starting node is identified as 4000:2, and the second segment identification list is: 3000::3, 2000::3, 1000::2.
The service chain configuration means 201 is further configured to instruct the secure pool gateway 204 to establish a service chain configuration according to the first segment identification list.
Wherein the secure pool gateway 204 is configured to forward traffic from the target device 206 via the first segment identification list.
In connection with the above example, after the secure pool gateway 204 establishes the service chain configuration, the secure pool gateway 204 may forward the received traffic from the target device 206 to the first security proxy node having a traffic segment identifier of 2000:2 according to the first segment identifier list.
The first security agent node forwards the received service traffic to the security network element for security processing, and then the first security agent node forwards the service traffic to a second security agent node with a service segment identification of 3000:2.
The second security proxy node forwards the received traffic to the security network element for security processing, and then the second security proxy node forwards the traffic to the bandwidth access device 205 with the traffic segment identification of 4000:2.
The bandwidth access device 205 forwards the traffic to the network side device 207.
The service chain configuration means 201 is further configured to instruct the bandwidth access device 205 to establish a service chain configuration according to the second segment identification list.
Wherein the bandwidth access device 205 is configured to forward the traffic from the network side device 207 through the second segment identifier list.
In connection with the above example, after the bandwidth access device 205 establishes the service chain configuration, the bandwidth access device 205 may forward the received traffic from the network side device 207 to a second security proxy node having a traffic segment identifier of 3000:3 according to the second segment identifier list.
The second security agent node forwards the received service traffic to the security network element for security processing, and then the second security agent node forwards the service traffic to the first security agent node with the service segment identifier of 2000:3.
The first security proxy node forwards the received traffic to the security network element for security processing, and then the first security proxy node forwards the traffic to the security pool gateway 204 with the service segment identifier of 1000:2.
The secure pool gateway 204 forwards the traffic to the target device 206.
It should be noted that, the embodiments of the present application may refer to or refer to each other, for example, the same or similar steps, and the method embodiment, the system embodiment and the device embodiment may refer to each other, which is not limited.
Fig. 3 is a flowchart of a service chain configuration method according to an embodiment of the present application. As shown in fig. 3, the method comprises the steps of:
Step 301, the service chain configuration device determines service segment identifiers of a plurality of node devices.
Illustratively, a security pool gateway, a bandwidth access device, and a security proxy node may be included in the plurality of node devices.
The service segment identifier is SID corresponding to the service flow of the node device in the transmission target device and the network device.
In a possible implementation manner, the service chain configuration device may obtain service segment identifiers of a plurality of node devices through the network controller and the security controller.
In yet another possible implementation manner, for each node device in the plurality of node devices, the service chain configuration apparatus obtains a service segment identifier of the node device in a case where the node device is configured with the service segment identifier. In the case that the node device is not configured with the service segment identifier, the service chain configuration device allocates the service segment identifier to the node device from a plurality of unused service segment identifiers.
Step 302, the service chain configuration device configures a first segment identifier list and a second segment identifier list according to service segment identifiers of the plurality of node devices.
Wherein the first segment identification list is used to indicate a node device forwarding path for traffic from the target device. The second segment identifier list is used for indicating a node device forwarding path of the traffic from the network side device.
Illustratively, the plurality of node devices are a secure pool gateway, a bandwidth access device, a first secure proxy node, and a second secure proxy node, respectively. The security pool gateway and the bandwidth access device are respectively used as a head node and a tail node.
The service section identifier corresponding to the security pool gateway is 1000:2, and the service section identifier corresponding to the bandwidth access device is 4000:2. The first security proxy node has a traffic segment identifier of 2000::2 for traffic from the target device and a traffic segment identifier of 2000::3 for traffic from the network side device. The second security proxy node has a traffic segment identification of 3000::2 for traffic from the target device and a traffic segment identification of 3000::3 for traffic from the network side device.
For the service flow from the target equipment, the service chain configuration device can use the security pool gateway as the starting node, namely the service segment identifier of the starting node is 1000:2, and the first segment identifier list is as follows: 2000::2, 3000::2, 4000::2.
For the service flow from the network side equipment, the service chain configuration device can use the bandwidth access equipment as the starting node, namely the service segment identifier of the starting node is 4000:2, and the second segment identifier list is: 3000::3, 2000::3, 1000::2.
Step 303, the service chain configuration device instructs the secure pool gateway to establish service chain configuration according to the first segment identification list.
The secure pool gateway is used for forwarding the traffic from the target device through the first segment identification list.
In connection with the above example, after the secure pool gateway establishes the service chain configuration, the secure pool gateway may forward the received traffic from the target device to the first security proxy node having a traffic segment identifier of 2000:2 according to the first segment identifier list.
The first security agent node forwards the received service traffic to the security network element for security processing, and then the first security agent node forwards the service traffic to a second security agent node with a service segment identification of 3000:2.
And the second security agent node forwards the received service traffic to the security network element for security processing, and then the second security agent node forwards the service traffic to the bandwidth access device with the service segment identification of 4000:2.
The bandwidth access device forwards the traffic to the network side device.
Step 304, the service chain configuration device instructs the bandwidth access device to establish service chain configuration according to the second segment identification list.
The bandwidth access device is used for forwarding the service traffic from the network side device through the second segment identification list.
In combination with the above example, after the bandwidth access device establishes the service chain configuration, the bandwidth access device may forward the received traffic from the network side device to the second security proxy node with the service segment identifier of 3000:3 according to the second segment identifier list.
The second security agent node forwards the received service traffic to the security network element for security processing, and then the second security agent node forwards the service traffic to the first security agent node with the service segment identifier of 2000:3.
The first security agent node forwards the received service traffic to a security network element for security processing, and then the first security agent node forwards the service traffic to a security pool gateway with a service segment identifier of 1000:2.
The secure pool gateway forwards the traffic to the target device.
The execution order of step 303 and step 304 is not limited in the present application, and step 303 may be executed before step 304 or after step 304, and step 303 and step 304 may be executed in parallel. Fig. 3 illustrates the service chain configuration method provided by the present application only by way of example in which step 304 is performed after step 303.
Based on the above technical solution, the service chain configuration device provided by the embodiment of the present application may determine service segment identifiers of a plurality of node devices, and configure a first segment identifier list and a second segment identifier list according to the service segment identifiers of the plurality of node devices. The first segment identification list is used for indicating a node device forwarding path of the traffic from the target device, and the second segment identification list is used for indicating a node device forwarding path of the traffic from the network side device. In this way, the service chain configuration device can instruct the secure pool gateway to establish the service chain configuration according to the first segment identification list, and instruct the bandwidth access device to establish the service chain configuration according to the second segment identification list. Therefore, compared with the prior art, the service chain configuration device can cooperatively carry out service chain arrangement, realizes automatic deployment of the service chain through devices such as the linkage safety pool gateway and the bandwidth access equipment, and is suitable for service chain configuration scenes in one or more networks.
Hereinafter, a procedure of configuring the security proxy service by the service chain configuration device will be described.
As a possible embodiment of the present application, when a security agent node is included in a plurality of node devices, as shown in fig. 4, the method may further include the following step 401.
Step 401, the service chain configuration device sends security proxy service configuration information to the security proxy nodes in the plurality of node devices through the security controller. Accordingly, a security proxy node of the plurality of node devices receives security proxy service configuration information.
The security proxy service configuration information is used for indicating the security proxy node to perform security detection on the received service flow.
In connection with the above example, the security proxy service configuration information sent by the service chain configuration device to the first security proxy node through the security controller may be represented by:
segment-routingipv6
locatoras1ipv6-prefix2000::64static32
opcode2end-as// for traffic from a target device
inner-typeipv4
encapsulationipv4nexthop10.1.1.1out-interfacege0/0/130
in-interfacege0/0/2
cachesource-address1000::2
cachelist2000::23000::24000::2
Opcode3end-as// for traffic from network side device
inner-typeipv4
encapsulationipv4nexthop10.1.2.1out-interfacege0/0/230
in-interfacege0/0/1
cachesource-address4000::2
cachelist3000::32000::31000::2
The security proxy service configuration information sent by the service chain configuration device to the second security proxy node through the security controller may be represented by:
segment-routingipv6
locatoras1ipv6-prefix3000::64static32
opcode2end-as// for traffic from a target device
inner-typeipv4
encapsulationipv4nexthop11.1.1.1out-interfacege0/0/130
in-interfacege0/0/2
cachesource-address1000::2
cachelist2000::23000::24000::2
Opcode3end-as// for traffic from network side device
inner-typeipv4
encapsulationipv4nexthop11.1.2.1out-interfacege0/0/230
in-interfacege0/0/1
cachesource-address4000::2
cachelist3000::32000::31000::2
Based on the above technical solution, the service chain configuration device provided by the embodiment of the present application may send security proxy service configuration information to security proxy nodes in a plurality of node devices through the security controller. The security proxy service configuration information is used for indicating the security proxy node to perform security detection on the received service flow. Therefore, the service chain configuration device can realize the security detection configuration of the security proxy node and provide security protection service for users.
Hereinafter, a procedure for instructing the secure pool gateway and the bandwidth access device to establish the service chain configuration by the service chain configuration means will be described.
As a possible embodiment of the present application, in connection with fig. 3, as shown in fig. 5, the above-mentioned step 303 may be implemented by the following steps 501-502.
Step 501, the service chain configuration device sends a first segment identification list to the secure pool gateway through the secure controller. Accordingly, the secure pool gateway receives the first segment identification list.
In connection with the above example, the first segment identification list may be represented by:
segment-routingipv6
traffic-engineering
segment-lists1
index10ipv62000::2
index20ipv63000::2
index30ipv64000::2
step 502, the secure pool gateway establishes service chain configuration according to the first segment identification list.
It should be noted that, after the secure pool gateway establishes the service chain configuration, the secure pool gateway may perform policy matching on the received service traffic, and then encapsulate the received service traffic from the target device according to the first segment identifier list, so that the subsequent node device forwards the traffic according to the first segment identifier list encapsulated in the service traffic.
As a possible embodiment of the present application, in connection with fig. 3, as shown in fig. 5, the above-mentioned step 304 may be implemented by the following steps 503 to 504.
Step 503, the service chain configuration device sends the second segment identification list to the bandwidth access device through the network controller. Accordingly, the bandwidth access device receives the second segment identification list.
In connection with the above example, the second segment identification list may be represented by:
segment-routingipv6
traffic-engineering
segment-lists1
index10ipv63000::2
index20ipv62000::2
index30ipv61000::2
step 504, the bandwidth access device establishes a service chain configuration according to the second segment identification list.
It should be noted that, after the bandwidth access device establishes the service chain configuration, the bandwidth access device may perform policy matching on the received service traffic, and then encapsulate the received service traffic from the network side device according to the second segment identifier list, so that the subsequent node device forwards the traffic according to the second segment identifier list encapsulated in the service traffic.
Based on the technical scheme, the bandwidth access device in the embodiment of the application can carry out service chain configuration on the security pool gateway and the bandwidth access device through the security controller and the network controller respectively. Therefore, the service chain configuration method based on the multi-level controller can realize the service chain configuration of forward flow and reverse flow between the target equipment and the network side equipment, and avoid the problem that the service chain cannot be automatically deployed in a multi-network-crossing scene.
The embodiment of the application can divide the functional modules or functional units of the service chain configuration device according to the method example, for example, each functional module or functional unit can be divided corresponding to each function, and two or more functions can be integrated in one processing module. The integrated modules may be implemented in hardware, or in software functional modules or functional units. The division of the modules or units in the embodiment of the present application is schematic, which is merely a logic function division, and other division manners may be implemented in practice.
As shown in fig. 6, a schematic structural diagram of a service chain configuration device 60 according to an embodiment of the present application is provided, where the service chain configuration device 60 includes:
a processing unit 601 is configured to determine service segment identifiers of a plurality of node devices.
The processing unit 601 is further configured to configure a first segment identifier list and a second segment identifier list according to service segment identifiers of the plurality of node devices; the first segment identification list is used for indicating a node device forwarding path of traffic from the target device; the second segment identifier list is used for indicating a node device forwarding path of the traffic from the network side device.
A communication unit 602, configured to instruct the secure pool gateway to establish a service chain configuration according to the first segment identification list; the secure pool gateway is operable to forward traffic from the target device through the first segment identification list.
A communication unit 602, configured to further instruct the bandwidth access device to establish a service chain configuration according to the second segment identification list; the bandwidth access device is used for forwarding the service traffic from the network side device through the second segment identification list.
In one possible implementation, the processing unit 601 is configured to: for each node device in a plurality of node devices, acquiring a service segment identifier of the node device under the condition that the node device is configured with the service segment identifier; and under the condition that the node equipment is not configured with the service segment identifiers, distributing the service segment identifiers for the node equipment from a plurality of unused service segment identifiers.
In one possible implementation, the plurality of node devices include security agent nodes therein; a communication unit 602, configured to send, by using a security controller, security proxy service configuration information to a security proxy node in the plurality of node devices; the security proxy service configuration information is used for indicating the security proxy node to perform security detection on the received service traffic.
In one possible implementation, the communication unit 602 is configured to: and sending the first segment identification list to the secure pool gateway through the secure controller so that the secure pool gateway establishes service chain configuration according to the first segment identification list.
In one possible implementation, the communication unit 602 is configured to: and sending the second segment identification list to the bandwidth access device through the network controller so that the bandwidth access device establishes service chain configuration according to the second segment identification list.
When implemented in hardware, the communication unit 602 in an embodiment of the present application may be integrated on a communication interface, and the processing unit 601 may be integrated on a processor. A specific implementation is shown in fig. 7.
Fig. 7 shows still another possible structural schematic diagram of the service chain configuration device involved in the above-described embodiment. The service chain configuration device 70 includes: a processor 702 and a communication interface 703. The processor 702 is configured to control and manage the actions of the service chaining configuration apparatus 70, e.g., perform the steps performed by the processing unit 601 described above, and/or perform other processes of the techniques described herein. The communication interface 703 is used to support communication of the service chaining configuration apparatus 70 with other network entities, for example, to perform the steps performed by the communication unit 602 described above. The service chain configuration device 70 may further comprise a memory 701 and a bus 704, the memory 701 being used for storing program codes and data of the service chain configuration device 70.
Wherein the memory 701 may be a memory or the like in the service chain configuration device 70, which may include a volatile memory, such as a random access memory; the memory may also include non-volatile memory, such as read-only memory, flash memory, hard disk or solid state disk; the memory may also comprise a combination of the above types of memories.
The processor 702 may be implemented or executed with the various exemplary logic blocks, modules, and circuits described in connection with this disclosure. The processor may be a central processing unit, a general purpose processor, a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, a transistor logic device, a hardware component, or any combination thereof. Which may implement or perform the various exemplary logic blocks, modules and circuits described in connection with this disclosure. The processor may also be a combination that performs the function of a computation, e.g., a combination comprising one or more microprocessors, a combination of a DSP and a microprocessor, etc.
Bus 704 may be an extended industry standard architecture (ExtendedIndustryStandard Architecture, EISA) bus or the like. The bus 704 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in fig. 7, but not only one bus or one type of bus.
The service chain configuration device 70 in fig. 7 may also be a chip. The chip includes one or more (including two) processors 702 and a communication interface 703.
In some embodiments, the chip also includes memory 701, which memory 701 may include read only memory and random access memory, and provides operating instructions and data to processor 702. A portion of memory 701 may also include non-volatile random access memory (NVRAM).
In some implementations, the memory 701 stores the elements, execution modules or data structures, or a subset thereof, or an extended set thereof.
In an embodiment of the present application, the corresponding operation is performed by calling an operation instruction stored in the memory 701 (the operation instruction may be stored in an operating system).
From the foregoing description of the embodiments, it will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of functional modules is illustrated, and in practical application, the above-described functional allocation may be implemented by different functional modules according to needs, i.e. the internal structure of the apparatus is divided into different functional modules to implement all or part of the functions described above. The specific working processes of the above-described systems, devices and units may refer to the corresponding processes in the foregoing method embodiments, which are not described herein.
An embodiment of the present application provides a computer program product containing instructions which, when run on a computer, cause the computer to perform the service chain configuration method in the above method embodiment.
The embodiment of the application also provides a computer readable storage medium, wherein the computer readable storage medium stores instructions which, when run on a computer, cause the computer to execute the service chain configuration method in the method flow shown in the method embodiment.
The computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access Memory (RandomAccess Memory, RAM), a Read-Only Memory (ROM), an erasable programmable Read-Only Memory (ErasableProgrammableReadOnlyMemory, EPROM), a register, a hard disk, an optical fiber, a portable compact disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing, or any other form of computer readable storage medium known in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an application specific integrated circuit (application specific IntegratedCircuit, ASIC). In embodiments of the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
Since the service chain configuration device, the computer readable storage medium and the computer program product in the embodiments of the present application can be applied to the above-mentioned method, the technical effects that can be obtained by the method can also refer to the above-mentioned method embodiments, and the embodiments of the present application are not described herein again.
In the several embodiments provided by the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interface, indirect coupling or communication connection of devices or units, electrical, mechanical, or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The present application is not limited to the above embodiments, and any changes or substitutions within the technical scope of the present application should be covered by the scope of the present application. Therefore, the protection scope of the present application should be subject to the protection scope of the claims.

Claims (8)

1. A method of service chaining configuration, the method comprising:
Determining service segment identifiers of a plurality of node devices;
configuring a first segment identification list and a second segment identification list according to service segment identifications of the plurality of node devices; the first segment identification list is used for indicating a node device forwarding path of traffic from the target device; the second segment identification list is used for indicating a node equipment forwarding path of the service flow from the network side equipment; the target equipment is used for carrying out service traffic transmission with the network side equipment;
sending a first segment identification list to a secure pool gateway through a secure controller, so that the secure pool gateway establishes service chain configuration according to the first segment identification list; the secure pool gateway is used for forwarding the service traffic from the target device through the first segment identification list;
transmitting a second segment identification list to bandwidth access equipment through a network controller, so that the bandwidth access equipment establishes service chain configuration according to the second segment identification list; the bandwidth access device is configured to forward, through the second segment identifier list, traffic from the network device.
2. The method of claim 1, wherein the determining the service segment identities of the plurality of node devices comprises:
For each node device in the plurality of node devices, acquiring a service segment identifier of the node device under the condition that the node device is configured with the service segment identifier;
and under the condition that the node equipment is not configured with the service segment identifiers, distributing the service segment identifiers for the node equipment from a plurality of unused service segment identifiers.
3. The method of claim 1, wherein the plurality of node devices include security proxy nodes therein; the method further comprises the steps of:
Transmitting, by the security controller, security proxy service configuration information to a security proxy node in the plurality of node devices; the security proxy service configuration information is used for indicating the security proxy node to perform security detection on the received service flow.
4. A service chain configuration device, which is characterized by comprising a processing unit and a communication unit;
the processing unit is used for determining service segment identifiers of a plurality of node devices;
The processing unit is further configured to configure a first segment identification list and a second segment identification list according to service segment identifications of the plurality of node devices; the first segment identification list is used for indicating a node device forwarding path of traffic from the target device; the second segment identification list is used for indicating a node equipment forwarding path of the service flow from the network side equipment; the target equipment is used for carrying out service traffic transmission with the network side equipment;
The communication unit is used for sending a first segment of identification list to the secure pool gateway through the secure controller so that the secure pool gateway establishes service chain configuration according to the first segment of identification list; the secure pool gateway is used for forwarding the service traffic from the target device through the first segment identification list;
The communication unit is further configured to send a second segment identifier list to a bandwidth access device through a network controller, so that the bandwidth access device establishes a service chain configuration according to the second segment identifier list; the bandwidth access device is configured to forward, through the second segment identifier list, traffic from the network device.
5. The apparatus of claim 4, wherein the processing unit is configured to:
For each node device in the plurality of node devices, acquiring a service segment identifier of the node device under the condition that the node device is configured with the service segment identifier;
and under the condition that the node equipment is not configured with the service segment identifiers, distributing the service segment identifiers for the node equipment from a plurality of unused service segment identifiers.
6. The apparatus of claim 4, wherein the plurality of node devices comprise security proxy nodes;
the communication unit is further used for sending security proxy service configuration information to the security proxy nodes in the plurality of node devices through the security controller; the security proxy service configuration information is used for indicating the security proxy node to perform security detection on the received service flow.
7. A service chain configuration apparatus, comprising: a processor and a communication interface; the communication interface being coupled to the processor for running a computer program or instructions to implement the service chaining configuration method according to any of the claims 1-3.
8. A computer-readable storage medium, wherein instructions are stored in the computer-readable storage medium, which when executed by a computer, perform the service chaining configuration method according to any of claims 1-3.
CN202211624942.8A 2022-12-16 2022-12-16 Service chain configuration method, device and storage medium Active CN116248570B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211624942.8A CN116248570B (en) 2022-12-16 2022-12-16 Service chain configuration method, device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211624942.8A CN116248570B (en) 2022-12-16 2022-12-16 Service chain configuration method, device and storage medium

Publications (2)

Publication Number Publication Date
CN116248570A CN116248570A (en) 2023-06-09
CN116248570B true CN116248570B (en) 2024-05-14

Family

ID=86625038

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211624942.8A Active CN116248570B (en) 2022-12-16 2022-12-16 Service chain configuration method, device and storage medium

Country Status (1)

Country Link
CN (1) CN116248570B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015080634A1 (en) * 2013-11-26 2015-06-04 Telefonaktiebolaget L M Ericsson (Publ) A method and system of supporting service chaining in a data network
CN108377262A (en) * 2017-01-30 2018-08-07 汤姆逊许可公司 Manage the method for the service chaining at the network equipment, the corresponding network equipment
CN109889533A (en) * 2019-03-11 2019-06-14 北京网御星云信息技术有限公司 Security defend method and system, computer readable storage medium under cloud environment
CN111045751A (en) * 2019-12-27 2020-04-21 中国银行股份有限公司 Multi-service configuration chain processing method and device
CN111130811A (en) * 2019-12-24 2020-05-08 广东省新一代通信与网络创新研究院 Broadband access method based on segment routing, BRAS controller and data center system
CN112953831A (en) * 2021-01-22 2021-06-11 新华三大数据技术有限公司 Message forwarding method and device
CN113381933A (en) * 2021-06-04 2021-09-10 烽火通信科技股份有限公司 SRv6 bidirectional forwarding detection method and system in network
CN113794637A (en) * 2021-08-20 2021-12-14 新华三信息安全技术有限公司 SID list processing method and device
CN115174474A (en) * 2022-09-08 2022-10-11 浙江九州云信息科技有限公司 Private cloud SFC implementation method and device based on SRv6
CN115297521A (en) * 2022-08-02 2022-11-04 中国电信股份有限公司 Message forwarding method, device, system, medium and electronic equipment based on SRv6

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9634936B2 (en) * 2014-06-30 2017-04-25 Juniper Networks, Inc. Service chaining across multiple networks
US9686181B2 (en) * 2014-10-07 2017-06-20 Cisco Technology, Inc. Selective service bypass in service function chaining
US11032193B2 (en) * 2018-09-11 2021-06-08 Cisco Technology, Inc. In-situ operation, administration, and maintenance in segment routing with multiprotocol label switching networks

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015080634A1 (en) * 2013-11-26 2015-06-04 Telefonaktiebolaget L M Ericsson (Publ) A method and system of supporting service chaining in a data network
CN108377262A (en) * 2017-01-30 2018-08-07 汤姆逊许可公司 Manage the method for the service chaining at the network equipment, the corresponding network equipment
CN109889533A (en) * 2019-03-11 2019-06-14 北京网御星云信息技术有限公司 Security defend method and system, computer readable storage medium under cloud environment
CN111130811A (en) * 2019-12-24 2020-05-08 广东省新一代通信与网络创新研究院 Broadband access method based on segment routing, BRAS controller and data center system
CN111045751A (en) * 2019-12-27 2020-04-21 中国银行股份有限公司 Multi-service configuration chain processing method and device
CN112953831A (en) * 2021-01-22 2021-06-11 新华三大数据技术有限公司 Message forwarding method and device
CN113381933A (en) * 2021-06-04 2021-09-10 烽火通信科技股份有限公司 SRv6 bidirectional forwarding detection method and system in network
CN113794637A (en) * 2021-08-20 2021-12-14 新华三信息安全技术有限公司 SID list processing method and device
CN115297521A (en) * 2022-08-02 2022-11-04 中国电信股份有限公司 Message forwarding method, device, system, medium and electronic equipment based on SRv6
CN115174474A (en) * 2022-09-08 2022-10-11 浙江九州云信息科技有限公司 Private cloud SFC implementation method and device based on SRv6

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
S1-202101 "SID: Feasibility Study on Support for Service Function Chaining in 5G System (FS_SFCin5GS)";Intel;3GPP TSG-SA WG1 Meeting #90-e;20200520;全文 *
面向视频云综合承载的SRv6的研究与实践;解冲锋;蒋文洁;马晨昊;严皓;王思斐;李聪;陈运清;;电信科学;20191231(第12期);全文 *

Also Published As

Publication number Publication date
CN116248570A (en) 2023-06-09

Similar Documents

Publication Publication Date Title
CN111031080B (en) Message transmission method and device
US9923732B2 (en) Virtual gateways and implicit routing in distributed overlay virtual environments
EP3127286B1 (en) Handling of traffic flows in a communications system
CN106302206B (en) Message forwarding processing method, device and system
CN111030912B (en) Method for intercommunication between virtual private cloud VPCs
CN113207192B (en) Message forwarding method and device
CN110677345B (en) User message transmission method and communication equipment
US20180198643A1 (en) Packet transmission method and apparatus
CN110383792B (en) Computing system and method in a communication system
CN111953805B (en) Method and device for transmitting data
US11516184B2 (en) Firewall service insertion across secure fabric preserving security group tags end to end with dual homed firewall
CN113765874B (en) Private network and dual-mode networking method based on 5G mobile communication technology
CN115004656A (en) Message sending method, equipment and system
CN106941437A (en) A kind of information transferring method and device
CN108259297B (en) Message processing method and device
CN105554176A (en) Method and device for sending message and communication system
CN111404797B (en) Control method, SDN controller, SDN access point, SDN gateway and CE
CN116248570B (en) Service chain configuration method, device and storage medium
US20230336377A1 (en) Packet forwarding method and apparatus, and network system
CN113132200B (en) Data forwarding method, repeater, system, server and storage medium
CN109756409B (en) Bridge forwarding method
CN110351394B (en) Network data processing method and device, computer device and readable storage medium
WO2016074478A1 (en) Method and device for identifying service chain path, and service chain
US20150109945A1 (en) On-demand transmission path providing system and method
CN115802417A (en) Automatic driving data transmission method, system and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant