CN116366593A

CN116366593A - Message forwarding method and related device

Info

Publication number: CN116366593A
Application number: CN202111626635.9A
Authority: CN
Inventors: 陈山; 黄颂勋; 朱小蕾
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2021-12-28
Filing date: 2021-12-28
Publication date: 2023-06-30

Abstract

The application discloses a message forwarding method and a related device, and belongs to the technical field of communication. In the application, a first forwarding node acquires a first message, under the condition that the first message is matched with a redirection policy, the first forwarding node acquires N equivalent paths based on a VIP address corresponding to a first VAS cluster, the first forwarding node determines a target path from the N equivalent paths, and the first forwarding node sends the first message through the target path. Because the redirection policy is used for redirecting the message between the sending end and the receiving end to the first VAS cluster, the first message is indicated to be the message between the sending end and the receiving end under the condition that the first forwarding node obtains the first message and the first message is matched with the redirection policy. In this way, the first forwarding node can send the first message to any one of the VAS network elements included in the first VAS cluster, so as to perform value-added service processing on the first message, thereby guaranteeing the reliability of the service between the sending end and the receiving end.

Description

Message forwarding method and related device

Technical Field

The present disclosure relates to the field of communications technologies, and in particular, to a method and an apparatus for forwarding a message.

Background

With the application of network virtualization and mobile edge computing (mobile edge computing, MEC) technologies, value-added services (VAS) such as firewall, traffic cleaning, traffic acceleration, traffic offloading, etc. are usually deployed nearby the network edge, and in order to ensure the reliability of the traffic, a packet between a sending end and a receiving end needs to be forwarded to a VAS network element, so that the packet is processed by the value-added services provided by the VAS network element.

In the related art, each network edge side is deployed with a plurality of VAS network elements and load balancing equipment, and the plurality of VAS network elements form a VAS cluster. When a transmitting end transmits a message to a receiving end, load balancing equipment deployed at a certain network edge side forwards the message to a VAS network element in a VAS cluster deployed at the network edge side according to a load sharing mode. After a certain VAS network element in the VAS cluster processes the message, the load balancing equipment forwards the message to the receiving end.

In this way, in a large bandwidth service scenario, the load balancing device needs to forward a large number of messages, so that the load balancing device becomes a bottleneck and a concentrated fault point for message forwarding, and the message forwarding efficiency is reduced.

Disclosure of Invention

The application provides a message forwarding method and a related device, which can improve the message forwarding efficiency. The technical scheme is as follows:

in a first aspect, a method for forwarding a message is provided, where a first forwarding node obtains a first message, where the first forwarding node is one of a plurality of forwarding nodes, where the plurality of forwarding nodes are used for communications between a sending end and a receiving end. Under the condition that the first message matches a redirection policy, the first forwarding node obtains N equivalent paths based on a virtual internet protocol VIP address corresponding to a first value added service VAS cluster, the redirection policy is used for redirecting the message between the sending end and the receiving end to the first VAS cluster, the first VAS cluster comprises M VAS network elements, and M and N are both greater than or equal to each other. The first forwarding node determines a target path from the N equivalent paths. The first forwarding node sends the first message through the target path so as to send the first message to any one of the M VAS network elements.

The first message refers to a message sent by a sending end to a receiving end. In the present application, the first forwarding node may be a forwarding node connected to the sender, or may be a forwarding node connected to the VAS cluster. Under different conditions, the process of the first forwarding node obtaining the first message is different. Therefore, the following two cases will be separately described.

In the first case, the first forwarding node is a forwarding node to which the transmitting end is connected. At this time, the first forwarding node receives the first message sent by the sending end.

In the second case, the first forwarding node is a forwarding node to which the first VAS cluster is connected. At this time, the first forwarding node receives the third message, and performs tunnel decapsulation on the third message to obtain the first message.

The redirection policy includes a five-tuple and a VIP address of the first VAS cluster, where the five-tuple includes a port number of the sending end, a port number of the receiving end, a protocol number or a protocol type, an IP address of the sending end, and an IP address of the receiving end. After the first forwarding node obtains the first message, matching the quintuple in the first message with the quintuple in the redirection policy, and if the quintuple in the first message is the same as the quintuple in the redirection policy, determining that the first message matches the redirection policy. Or alternatively, the process may be performed,

the redirection policy includes a message ID and a VIP address of the first VAS cluster. After the first forwarding node acquires the first message, matching the message ID of the first message with the message ID in the redirection policy, and if the message ID of the first message is the same as the message ID in the redirection policy, determining that the first message matches the redirection policy.

Based on the foregoing description, the transmitting end and the receiving end are business layer objects, and for ease of understanding, computer devices that provide a business are referred to as business providers, and computer devices that use the business are referred to as business consumers. The service consumer may send a message to the service provider, which may also send a message to the service consumer. That is, the service consumer may be a transmitting end or a receiving end, and the service provider may be a transmitting end or a receiving end.

In the case that the first forwarding node is a forwarding node to which the service consumer is connected, the redirection policy includes a first policy, where the first policy is used to redirect a message sent by the service consumer to the service provider to the first VAS cluster, where the service consumer is used as a sending end and the service provider is used as a receiving end. In the case that the first forwarding node is a forwarding node connected to the first VAS cluster, the redirection policy includes a first policy and a second policy, where the second policy is used to redirect a packet sent by the service provider to the service consumer to the first VAS cluster, where the service consumer may serve as a sending end, a receiving end, and the service provider may serve as a sending end, or a receiving end. In case the first forwarding node is a forwarding node to which the service provider is connected, the redirection policy comprises a second policy, where the service provider acts as a sender and the service consumer acts as a receiver.

In this application, the first forwarding node stores a forwarding table, where a destination IP address and a corresponding next hop are stored. In this way, when the first forwarding node determines that the first packet matches the redirection policy, the forwarding table may be queried based on the VIP address of the first VAS cluster, so as to obtain N equivalent paths. The forwarding table stored in the first forwarding node may include forwarding entries with the same destination IP address, or may include forwarding entries with different destination IP addresses.

In this application, the redirection policy and forwarding table stored by the first forwarding node may be determined by the configuration of the controller or orchestrator. That is, in the case where the first forwarding node is a forwarding node to which the service consumer is connected, the controller or orchestrator sends a first policy to the first forwarding node. In case the first forwarding node is a forwarding node to which the service provider is connected, the controller or orchestrator sends a second policy to the first forwarding node. In case the first forwarding node is a forwarding node to which the first VAS cluster is connected, the controller or orchestrator may send the first policy and the second policy to the first forwarding node, and may also send route indication information to the first forwarding node, the route indication information comprising local equivalent route information of the first forwarding node, the local equivalent route information comprising route information between the first VAS cluster and a VAS network element to which the first forwarding node is connected. After receiving the route indication information, the first forwarding node sends the local equivalent route information to other forwarding nodes in the plurality of forwarding nodes so that the other forwarding nodes perform route learning, and therefore a forwarding table is determined. In this way, for each forwarding node of the plurality of forwarding nodes, a corresponding redirection policy and forwarding table can be determined.

When the first forwarding node is a forwarding node connected to the first VAS cluster, the first forwarding node can not only receive the local equivalent route information sent by the controller or the orchestrator, but also learn the local equivalent route information sent by other forwarding nodes, and use the local equivalent route information sent by other forwarding nodes as remote equivalent route information of the first forwarding node. The forwarding table of the first forwarding node therefore comprises local equivalent routing information as well as remote equivalent routing information. That is, when the local routing information and the remote routing information are used as equivalent routing information and the first forwarding node sends the first message to M VAS network elements included in the first VAS cluster based on the forwarding table, any one piece of equivalent routing information can be selected from the local equivalent routing information and the remote equivalent routing information, and the first message is sent to one of the M VAS network elements included in the first VAS cluster through the equivalent routing information, so that load sharing is better realized.

In the case that the first forwarding node is a forwarding node connected to a service consumer or a service provider, the first forwarding node performs route learning based on local equivalent route information sent by other forwarding nodes and a first routing table of the first forwarding node, so as to determine a forwarding table of the first forwarding node. The first routing table is used for indicating tunnel routing information from the current node to each destination device.

The first forwarding node determines a target path from the N equivalent paths based on a policy of load balancing. The policy of load balancing refers to that in the process of forwarding a message, load distribution is adjusted in real time based on the existing load conditions of all forwarding nodes, so that all forwarding nodes keep load balance.

The next hop of the target path may be the second forwarding node and may also be the first VAS network element. In different situations, the process of the first forwarding node sending the first message through the target path is different. Therefore, the following two cases will be separately described.

In the first case, the next hop of the target path is the second forwarding node. At this time, the first forwarding node performs tunnel encapsulation on the first message to obtain a second message, a source tunnel address of the second message is a tunnel address of the first forwarding node, a destination tunnel address of the second message is a tunnel address of the second forwarding node, and the first forwarding node sends the second message through the target path.

The first forwarding node queries a tunnel address table based on the source tunnel address and the destination tunnel address of the second message to determine an interface, and sends the second message to the intermediate node through the output interface. After the intermediate node receives the second message, the intermediate node queries a tunnel address table based on the source tunnel address and the destination tunnel address of the second message to determine an interface, and the second message is transmitted to the second forwarding node through the interface. After the second forwarding node receives the second message sent by the intermediate node, the second forwarding node may perform tunnel decapsulation on the received second message to obtain the first message. And the second forwarding node continues to send the first message according to the steps until the next hop of the target path is any one VAS network element in the M VAS network elements, and sends the first message to the any one VAS network element.

Based on the above description, the first forwarding node may be a forwarding node to which the sender is connected, and may also be a forwarding node to which the first VAS cluster is connected. If the first forwarding node is a forwarding node connected to the first VAS cluster, the first VAS cluster includes M VAS network elements connected to at least two forwarding nodes of the plurality of forwarding nodes, and if the next hop of the target path is the second forwarding node, the second forwarding node is one forwarding node except the first forwarding node of the at least two forwarding nodes, and the source tunnel address of the third message is not the tunnel address of the second forwarding node.

In the second case, the next hop of the target path is a first VAS network element, where the first VAS network element is one of the M VAS network elements connected to a first forwarding node, and the first forwarding node sends a first packet to the first VAS network element based on an IP address of the first VAS network element.

After the first forwarding node sends the first message to the first VAS network element, the first VAS network element may perform value added service processing on the first message. After the first VAS network element performs value added service processing on the first message, the first VAS network element may send the first message to the first forwarding node. Therefore, the first forwarding node sends the first message to the first VAS network element based on the IP address of the first VAS network element. The first forwarding node may also receive a first packet from the first VAS network element, where the first forwarding node queries a forwarding table based on an IP address of a receiving end in the first packet to obtain a tunnel address of a third forwarding node, the third forwarding node is a forwarding node connected to the receiving end, the first forwarding node performs tunnel encapsulation on the first packet to obtain a fourth packet, a source tunnel address of the fourth packet is a tunnel address of the first forwarding node, a destination tunnel address of the fourth packet is a tunnel address of the third forwarding node, and the first forwarding node sends the fourth packet.

The first forwarding node queries a tunnel address table based on the source tunnel address and the destination tunnel address of the fourth message to determine an interface, and sends the fourth message to the intermediate node through the output interface. After the intermediate node receives the fourth message, the tunnel address table is queried based on the source tunnel address and the destination tunnel address of the fourth message to determine an interface, and the fourth message is transmitted to the third forwarding node through the output interface.

The VAS network element connected with the first forwarding node may fail due to disconnection of the network element, power failure of a site where the network element is located, and the like. Therefore, the first forwarding node needs to determine the state change condition of the second VAS network element, where the second VAS network element is any one of the M VAS network elements connected to the first forwarding node, and when the second VAS network element changes from the normal state to the failure state, the first forwarding node sets the forwarding table entry corresponding to the second VAS network element to an unavailable state, and when the second VAS network element changes from the failure state to the normal state, the first forwarding node sets the forwarding table entry corresponding to the second VAS network element to an available state.

The first forwarding node may determine a state change condition of the second VAS network element through the heartbeat message. Of course, it may also be determined in other ways.

And under the condition that the VAS network elements connected with the first forwarding node are in a fault state in the M VAS network elements, the first forwarding node sends a state notification message to the second forwarding node, wherein the state notification message is used for indicating the second forwarding node to set a forwarding table item corresponding to the first forwarding node into an unavailable state.

The method provided by the application can also ensure that the message back and forth forwarding paths between the service consumer and the service provider are consistent. That is, when a service consumer sends a message to a service provider, the message is sent to the service provider through a target path. When the service provider sends the message to the service consumer, if the interval time length of the message to-and-fro forwarding is smaller than the time length threshold value, the load of each device is hardly changed, so that the message can be sent to the service consumer through the same target path.

The time length threshold is preset, and the time length threshold can be adjusted according to different requirements.

In a second aspect, a packet forwarding device is provided, where the packet forwarding device has a function of implementing the packet forwarding method behavior in the first aspect. The message forwarding device comprises at least one module, and the at least one module is used for realizing the message forwarding method provided by the first aspect.

In a third aspect, a forwarding node is provided, the forwarding node comprising a processor and a memory, the memory being configured to store a computer program for performing the method for forwarding a message provided in the first aspect. The processor is configured to execute a computer program stored in the memory to implement the message forwarding method according to the first aspect.

Optionally, the forwarding node may further comprise a communication bus for establishing a connection between the processor and the memory.

In a fourth aspect, a computer readable storage medium is provided, in which instructions are stored which, when executed on a computer, cause the computer to perform the steps of the method for forwarding a message according to the first aspect.

In a fifth aspect, there is provided a computer program product comprising instructions which, when run on a computer, cause the computer to perform the steps of the message forwarding method of the first aspect described above. Alternatively, there is provided a computer program which, when run on a computer, causes the computer to perform the steps of the message forwarding method of the first aspect described above.

The technical effects obtained in the second, third, fourth and fifth aspects are similar to the technical effects obtained in the corresponding technical means in the first aspect, and are not described in detail herein.

The technical scheme that this application provided can bring following beneficial effect at least:

since the redirection policy is used for redirecting the message between the sending end and the receiving end to the first VAS cluster, the first forwarding node indicates that the first message is the message between the sending end and the receiving end when the first forwarding node obtains the first message and the first message matches the redirection policy. In this way, the first forwarding node can send the first message to any one of the VAS network elements included in the first VAS cluster, so as to perform value-added service processing on the first message, thereby guaranteeing the reliability of the service between the sending end and the receiving end. And a plurality of forwarding nodes are arranged between the sending end and the receiving end, N equivalent paths can be constructed through the plurality of forwarding nodes, a first message can be forwarded through any path in the N equivalent paths, and the message forwarding is not performed through a load balancing device, so that the bottleneck and concentrated fault points of the message forwarding can not occur, and the forwarding efficiency of the message is improved.

Drawings

Fig. 1 is a schematic diagram of a network architecture according to an embodiment of the present application;

fig. 2 is a schematic structural diagram of a network device according to an embodiment of the present application;

fig. 3 is a flow chart of a message forwarding method provided in an embodiment of the present application;

fig. 4 is a schematic diagram of a correspondence between a service consumer, a service provider, and a VAS cluster according to an embodiment of the present application;

fig. 5 is a schematic diagram of a packet forwarding flow provided in an embodiment of the present application;

fig. 6 is a schematic diagram of another packet forwarding flow provided in an embodiment of the present application;

fig. 7 is a schematic structural diagram of a message forwarding device according to an embodiment of the present application.

Detailed Description

For the purposes of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the embodiments of the present application will be described in further detail below with reference to the accompanying drawings.

Fig. 1 is a schematic diagram of a network architecture according to an embodiment of the present application. Referring to FIG. 1, the network architecture includes a plurality of computer devices 101a-101f (collectively 101), a plurality of forwarding nodes 102a-102d (collectively 102), and a plurality of intermediate nodes 103a-103b (collectively 103). The plurality of computer devices 101 includes a transmitting end 101a, a receiving end 101f, and a plurality of VAS network elements 101b-101e. One computer device 101 is connected to one forwarding node 102, one forwarding node 102 being capable of establishing a communication connection with a plurality of computer devices 101, each of the forwarding nodes 102a-102d having a communication connection established with an

intermediate node

103a and 103 b. Optionally, each of the forwarding nodes 102a-102d is configured with a virtual tunnel endpoint, which may be a virtual extensible local area network tunnel endpoint (VXLAN tunnel end point, VTEP).

Optionally, in order to improve the reliability of communication between the VAS network elements and the forwarding nodes 102, at least two forwarding nodes 102 of the plurality of forwarding nodes 102 can establish a communication connection with the VAS network elements, and one forwarding node 102 can establish a communication connection with at least two VAS network elements. Moreover, the VAS network elements to which at least two forwarding nodes 102 of the plurality of forwarding nodes 102a-102d are connected form a VAS cluster (VAS 1, VAS2, VAS3 and VAS4 in the figure form a first VAS cluster).

The sending end 101a and the receiving end 101f are business layer objects, and may be physical machines, virtual machines, containers, and the like, for example, personal computers (personal computer, PCs), mobile phones, smart phones, personal digital assistants (personal digital assistant, PDAs), pocket PCs (PPCs), tablet computers, smart televisions, and the like. The VAS network elements 101b-101e are devices capable of realizing value added services such as firewall, flow cleaning, flow acceleration, traffic offloading, and the like, and may be physical machines, virtual machines, and the like. The forwarding node 102 and the intermediate node 103 may be routers, switches, virtual machines, etc.

Illustratively, when the network architecture is a two-tier leaf-spine (spine-leaf) architecture, the forwarding node 102 is a leaf node and the intermediate node 103 is a spine node. Optionally, in an embodiment of the present application, the network architecture may also include a multi-layer intermediate node 103. In this case, the network architecture is a spine-leaf multi-layer networking architecture.

Optionally, the network architecture may further include a controller or orchestrator. The controller or orchestrator is configured to issue corresponding configurations to the plurality of forwarding nodes 102, so that the plurality of forwarding nodes 102 and the plurality of intermediate nodes 103 can perform packet forwarding according to the method provided in the embodiments of the present application.

Referring to fig. 2, fig. 2 is a schematic structural diagram of a network device according to an embodiment of the present application, which may be the forwarding node 102 shown in fig. 1. The network device comprises at least one processor 201, a communication bus 202, a memory 203, and at least one communication interface 204.

The processor 201 may be a general purpose central processing unit (central processing unit, CPU), network processor (network processor, NP), microprocessor, or may be one or more integrated circuits for implementing aspects of the present application, such as application-specific integrated circuits (ASIC), programmable logic devices (programmable logic device, PLD), or a combination thereof. The PLD may be a complex programmable logic device (complex programmable logic device, CPLD), a field-programmable gate array (field-programmable gate array, FPGA), general-purpose array logic (generic array logic, GAL), or any combination thereof.

Communication bus 202 is used to transfer information between the above-described components. Communication bus 202 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, the figures are shown with only one bold line, but not with only one bus or one type of bus.

The Memory 203 may be, but is not limited to, a read-only Memory (ROM), a random-access Memory (random access Memory, RAM), an electrically erasable programmable read-only Memory (electrically erasable programmable read-only Memory, EEPROM), an optical disk (including a compact disk, a laser disk, a digital versatile disk, a blu-ray disc, etc.), a magnetic disk storage medium, or other magnetic storage device, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory 203 may exist separately and be connected to the processor 201 through the communication bus 202. Memory 203 may also be integrated with processor 201.

The communication interface 204 uses any transceiver-like device for communicating with other devices or communication networks. Communication interface 204 includes a wired communication interface and may also include a wireless communication interface. The wired communication interface may be, for example, an ethernet interface. The ethernet interface may be an optical interface, an electrical interface, or a combination thereof. The wireless communication interface may be a wireless local area network (wireless local area networks, WLAN) interface, a cellular network communication interface, a combination thereof, or the like.

In a particular implementation, as one embodiment, a network device may include multiple processors, such as processor 201 and processor 205 shown in FIG. 2. Each of these processors may be either single-core or multi-core. A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).

In some embodiments, the memory 203 is configured to store program code 210 for executing aspects of the present application, and the processor 201 may execute the program code 210 stored in the memory 203. The program code 210 may include one or more software modules, and the network device may implement the message forwarding method provided in the embodiment of fig. 3 below by the program code 210 in the processor 201 and the memory 203.

The method for forwarding the message provided in the embodiment of the present application is described below based on the network architecture shown in fig. 1. In the network architecture shown in fig. 1, the plurality of forwarding nodes are capable of establishing communication connections with a plurality of transmitting ends and a plurality of receiving ends, and are also capable of establishing communication connections with a plurality of VAS clusters. Next, description will be made taking one of the pair of the transmitting end and the receiving end as an example. Referring to fig. 3, fig. 3 is a flow chart of a message forwarding method according to an embodiment of the present application. The method comprises steps 301-304.

Step 301: the first forwarding node obtains a first message, wherein the first forwarding node is one of a plurality of forwarding nodes, and the plurality of forwarding nodes are used for communication between a sending end and a receiving end.

The first message refers to a message sent by a sending end to a receiving end. In this embodiment of the present application, the first forwarding node may be a forwarding node connected to the sender, or may be a forwarding node connected to the VAS cluster. Under different conditions, the process of the first forwarding node obtaining the first message is different. Therefore, the following two cases will be separately described.

Because the first forwarding node is a forwarding node connected with the sending end, the first forwarding node can directly receive the first message sent by the sending end when the sending end communicates with the receiving end.

Based on the foregoing description, the forwarding node is configured with a virtual tunnel endpoint for performing tunnel encapsulation or decapsulation, and the first forwarding node is a forwarding node connected to the first VAS cluster and is not a forwarding node connected to the sending end, and the third packet received by the first forwarding node may be transmitted to the first forwarding node through the intermediate node after the first packet is tunnel-encapsulated by the forwarding node connected to the sending end. Therefore, the first forwarding node needs to perform tunnel decapsulation on the third message, so as to obtain the first message.

The third message is obtained after tunnel encapsulation is carried out on the first message. Namely, a layer of tunnel header is added on the basis of the first message, so that a third message can be obtained. The tunnel header includes a source tunnel address and a destination tunnel address.

It should be noted that the tunnel address may be identified by a VTEP address, but may be identified by other means. The first VAS cluster is one of a plurality of VAS clusters connected with the forwarding nodes and is used for performing value-added service processing on the message between the sending end and the receiving end.

Step 302: under the condition that the first message is matched with a redirection strategy, the first forwarding node acquires N equivalent paths based on the VIP address of the first VAS cluster, the redirection strategy is used for redirecting the message between the sending end and the receiving end to the first VAS cluster, the first VAS cluster comprises M VAS network elements, and M and N are both greater than or equal to 2.

In some embodiments, the redirection policy includes a five-tuple including a port number of the sender, a port number of the receiver, a protocol number or protocol type, an IP address of the sender, and an IP address of the receiver, and a VIP address of the first VAS cluster. After the first forwarding node obtains the first message, matching the quintuple in the first message with the quintuple in the redirection policy, and if the quintuple in the first message is the same as the quintuple in the redirection policy, determining that the first message matches the redirection policy.

In other embodiments, the redirection policy includes a message Identifier (ID) and a VIP address of the first VAS cluster. After the first forwarding node acquires the first message, matching the message ID of the first message with the message ID in the redirection policy, and if the message ID of the first message is the same as the message ID in the redirection policy, determining that the first message matches the redirection policy.

The message ID of the first message is generated based on the quintuple in the first message. That is, the message ID of the first message is generated based on the port number of the transmitting end, the port number of the receiving end, the protocol number, the IP address of the transmitting end, and the IP address of the receiving end. And the message ID of the first message can be inserted into the first message by the forwarding node connected with the sending end, and the forwarding node connected with the receiving end deletes the message ID of the first message after the first message is subjected to value added service processing by the first VAS cluster.

It should be noted that, the message ID of the first message may be inserted into the message header of the first message, and the first message may be an IPv6 message, or of course, may also be another message, which is not limited in this embodiment of the present application.

In this embodiment of the present application, the first forwarding node stores a forwarding table, where a destination IP address and a corresponding next hop are stored in the forwarding table. In this way, when the first forwarding node determines that the first packet matches the redirection policy, the forwarding table may be queried based on the VIP address of the first VAS cluster, so as to obtain N equivalent paths.

For example, the VIP address of the first VAS cluster is VAS-VIP1, and the forwarding table stored by the first forwarding node is shown in table 1 below. In the case that the first packet matches the redirection policy, the first forwarding node obtains 2 equal-cost paths (i.e. n=2) by querying the forwarding table, and the next hops of the 2 equal-cost paths are respectively the IP address of the VTEP on L2 (VTEP-L2) and the IP address of the VTEP on L3 (VTEP-L3).

TABLE 1

Destination IP address	Next hop
		VAS-VIP1	VTEP-L2
VAS-VIP1	VTEP-L3
		……	……

For another example, the VIP address of the first VAS cluster is VAS-VIP1, and the forwarding table stored by the first forwarding node is shown in table 2 below. Under the condition that the first message matches the redirection policy, the first forwarding node obtains 3 equivalent paths (i.e. n=3) through querying the forwarding table, and the next hops of the 3 equivalent paths are VTEP-L3, the IP address (VAS 1-IP) of the VAS network element VAS1, and the IP address (VAS 2-IP) of the VAS network element VAS2, respectively.

TABLE 2

In some embodiments, the forwarding table stored in the first forwarding node may include forwarding entries with the same destination IP address, or may include forwarding entries with different destination IP addresses. For example, referring to table 2, the destination IP addresses corresponding to the first 3 forwarding entries in table 2 are all VAS-VIP1, the destination IP address corresponding to the 4 th forwarding entry is a service provider-IP, and the destination IP address corresponding to the 5 th forwarding entry is a service consumer-IP. That is, table 2 includes forwarding entries having different destination IP addresses.

In embodiments of the present application, the redirection policy and forwarding table stored by the first forwarding node may be determined by the configuration of the controller or orchestrator. That is, in the case where the first forwarding node is a forwarding node to which the service consumer is connected, the controller or orchestrator sends a first policy to the first forwarding node. In case the first forwarding node is a forwarding node to which the service provider is connected, the controller or orchestrator sends a second policy to the first forwarding node. In case the first forwarding node is a forwarding node to which the first VAS cluster is connected, the controller or orchestrator may send the first policy and the second policy to the first forwarding node, and may also send route indication information to the first forwarding node, the route indication information comprising local equivalent route information of the first forwarding node, the local equivalent route information comprising route information between the first VAS cluster and a VAS network element to which the first forwarding node is connected. After receiving the route indication information, the first forwarding node sends the local equivalent route information to other forwarding nodes in the plurality of forwarding nodes so that the other forwarding nodes perform route learning, and therefore a forwarding table is determined. In this way, for each forwarding node of the plurality of forwarding nodes, a corresponding redirection policy and forwarding table can be determined.

For example, referring to table 2 above, table 2 is a forwarding table of a first forwarding node, and the first forwarding node is a forwarding node connected to the first VAS cluster. In Table 2, the far-end equivalent routing information of the first forwarding node is the routing information with the destination IP address VAS-VIP1 and the next hop VTEP-L3. The local equivalent routing information of the first forwarding node is the routing information of which the destination IP address is VAS-VIP1 and the next hop is VAS1-IP, and the routing information of which the destination IP address is VAS-VIP1 and the next hop is VAS 2-IP.

Based on the foregoing description, the plurality of forwarding nodes can establish communication connection with a plurality of sending ends and a plurality of receiving ends, and can also establish communication connection with a plurality of VAS clusters, where the sending ends can be service consumers, service providers, and the receiving ends can be service providers, and service consumers. For different service consumers and service providers, the first forwarding node needs to forward messages between the service consumer and service provider to different VAS clusters based on the redirection policy sent by the controller or orchestrator. Therefore, before the controller or the orchestrator sends the redirection policy to the first forwarding node, the traffic chain needs to be orchestrated, so as to determine the correspondence between the traffic consumer, the traffic provider and the VAS cluster, and further determine the redirection policy corresponding to each forwarding node.

In some embodiments, the controller or orchestrator may employ logical ports to identify the service consumer, service provider, and VAS network element to which the forwarding node is connected, i.e., the service consumer, service provider, and VAS network element each correspond to a logical port. And then, creating a first port group, a second port group and a VAS cluster group, wherein the first port group comprises logic ports corresponding to service consumers connected with the forwarding nodes, the second port group comprises logic ports corresponding to service providers connected with the forwarding nodes, the VAS cluster group comprises a plurality of VAS clusters, each VAS cluster corresponds to one VIP address, and the VIP address corresponds to logic ports of M VAS network elements in the VAS cluster. Then, a logic port is selected from the first port group, a logic port is selected from the second port group, a VAS cluster is selected from the VAS cluster group, and then the corresponding relation among the service consumer, the service provider and the VAS cluster is determined based on the service consumer corresponding to the logic port selected from the first port group, the service provider corresponding to the logic port selected from the second port group and the VAS cluster selected from the VAS cluster group, and then the redirection strategy corresponding to each forwarding node is determined.

For example, assume that the transmitting end in the network architecture shown in fig. 1 is a service consumer, the receiving end is a service provider, and the 4 VAS network elements in fig. 1 are M VAS network elements included in the first VAS cluster. In the network architecture shown in fig. 1, logical ports corresponding to service consumers, service providers, and 4 VAS network elements are shown in table 3 below.

TABLE 3 Table 3

Computer equipment	Logical port
		Service consumer	L1-3
Service provider	L4-3
		VAS1	L2-3
VAS2	L2-3
		VAS3	L3-3
VAS4	L3-3

For example, referring to fig. 4, fig. 4 is a schematic diagram illustrating a correspondence relationship among a service consumer, a service provider, and a VAS cluster according to an embodiment of the present application. Since only one service consumer, one service provider, and one VAS cluster are illustrated in fig. 1, in fig. 4, the first port group includes one logical port corresponding to one service consumer, the second port group includes one logical port corresponding to one service provider, and the VAS cluster includes one VAS cluster, i.e., the first VAS cluster. The VIP address corresponding to the first VAS cluster is VAS-VIP1, and the VIP address corresponds to the logical ports of the 4 VAS network elements in the first VAS cluster. In this way, it can be determined that a correspondence exists between the service consumer corresponding to the logical port in the first port group, the service provider corresponding to the logical port in the second port group, and the first VAS cluster, so as to determine the redirection policy based on the correspondence.

Based on the above description, the computer devices may be physical machines, virtual machines, or containers, for example, service consumers, service providers, and VAS network elements. When the controller or orchestrator determines the correspondence between the service consumer, the service provider, and the VAS cluster, it is not necessary to distinguish whether these computer devices are physical machines, virtual machines, or containers. That is, the controller or orchestrator determines the correspondence between the service consumer, the service provider, and the VAS cluster independent of the morphology of these computer devices. Therefore, the logical ports are used to uniformly identify the computer devices to which the forwarding nodes are connected. In this way, the controller or orchestrator may select service consumers, service providers, and VAS clusters based on the logical ports, thereby facilitating determination of correspondence between the service consumers, service providers, and VAS clusters.

The controller or orchestrator can determine not only the correspondence between the service consumer, the service provider, and the VAS clusters, but also the VIP address of each VAS cluster by orchestrating the service chain. In this way, the local equivalent routing information for each forwarding node can be determined based on the VIP address of the VAS cluster and the IP address of the VAS network element to which each forwarding node is connected.

For example, for the forwarding node L2 in fig. 1, the local equivalent routing information of the forwarding node is shown in table 4 below. For the forwarding node L3 in fig. 1, the local equivalent routing information of the forwarding node is shown in table 5 below.

TABLE 4 Table 4

Destination IP address	Equivalent next hop
		VAS-VIP1	VAS1-IP
VAS-VIP1	VAS2-IP

TABLE 5

Destination IP address	Equivalent next hop
		VAS-VIP1	VAS3-IP
VAS-VIP1	VAS4-IP

When the first forwarding node is a forwarding node connected to the first VAS cluster, after the controller or the orchestrator sends route indication information to the first forwarding node, the first forwarding node performs route learning based on local equivalent route information of the first forwarding node, local equivalent route information sent by other forwarding nodes, and a first routing table of the first forwarding node, so as to determine a forwarding table of the first forwarding node. In the case that the first forwarding node is a forwarding node connected to a service consumer or a service provider, the first forwarding node performs route learning based on local equivalent route information sent by other forwarding nodes and a first routing table of the first forwarding node, so as to determine a forwarding table of the first forwarding node. The first routing table is used for indicating tunnel routing information from the current node to each destination device.

For example, assume that the sender in the network architecture shown in fig. 1 is a service consumer, and the receiver is a service provider. The first forwarding node is forwarding node L1 in fig. 1, and the first routing table of the forwarding node L1 is shown in the following table 6, and after receiving the local equivalent routing information sent by the forwarding node L2 and the forwarding node L3, the forwarding node L1 can determine the forwarding table shown in the above table 1 through route learning.

TABLE 6

Destination IP address	Next hop
		VAS1-IP	VTEP-L2
VAS2-IP	VTEP-L2
		VAS3-IP	VTEP-L3
VAS4-IP	VTEP-L3
		Service provider-IP	VTEP-L4

For another example, assume that the transmitting end in the network architecture shown in fig. 1 is a service consumer, and the receiving end is a service provider. The first forwarding node is forwarding node L2 in fig. 1, and the first routing table of the forwarding node L2 is shown in the following table 7, and after the forwarding node L2 receives the local equivalent routing information sent by the forwarding node L3, the forwarding table shown in the above table 2 can be determined through route learning.

TABLE 7

Destination IP address	Next hop
		VAS3-IP	VTEP-L3
VAS4-IP	VTEP-L3
		Service consumer-IP	VTEP-L1
Service provider-IP	VTEP-L4

Based on the foregoing description, each forwarding node is configured with a virtual tunnel endpoint, and the next hop in the first routing table is a tunnel address, so in the embodiment of the present application, the first routing table stored by the first forwarding node may be determined by an overlay control plane. That is, the tunnel address of each forwarding node, and the IP addresses of the service consumer, the service provider, and the VAS network element can be synchronized by the overlay control plane protocol, so as to determine and obtain the first routing table.

The overlay control plane protocol may be a border gateway protocol (Border Gateway Protocol, BGP), or an ethernet virtual private network (Ethernet Virtual Private Network, EVPN) protocol.

Step 303: the first forwarding node determines a target path from the N equivalent paths.

Step 304: the first forwarding node sends a first message through the target path to send the first message to any one of the M VAS network elements.

In some embodiments, the first forwarding node queries a tunnel address table based on the source tunnel address and the destination tunnel address of the second message to determine an interface through which to send the second message to the intermediate node. After the intermediate node receives the second message, the intermediate node queries a tunnel address table based on the source tunnel address and the destination tunnel address of the second message to determine an interface, and the second message is transmitted to the second forwarding node through the interface. After the second forwarding node receives the second message sent by the intermediate node, the second forwarding node may perform tunnel decapsulation on the received second message to obtain the first message. And the second forwarding node continues to send the first message according to the steps until the next hop of the target path is any one VAS network element in the M VAS network elements, and sends the first message to the any one VAS network element.

The tunnel address table stores correspondence between an active tunnel address, a destination tunnel address, and a next hop interface. The next hop interface in the tunnel address table may be an outgoing interface of the node, or may be an incoming interface of the next hop node. And if the next hop interface is the outgoing interface of the node, forwarding the message through the outgoing interface. If the next hop interface is the ingress interface of the next hop node, the corresponding egress interface of the node is acquired from the stored correspondence between the ingress interface of the next hop node and the egress interface of the node based on the ingress interface of the next hop node, and the message is forwarded through the egress interface.

The same entry in the tunnel address table may store one next hop interface or multiple next hop interfaces. If the same item in the tunnel address table stores a next-hop interface, the message is forwarded through the next-hop interface.

If the same item in the tunnel address table stores a plurality of next hop interfaces, the plurality of next hop interfaces are equivalent next hop interfaces, one next hop interface is selected from the plurality of equivalent next hop interfaces based on a load balancing strategy, and message forwarding is performed through the next hop interface.

The tunnel address tables in the forwarding node and the intermediate node are determined by the overlay control plane. That is, in synchronizing tunnel addresses of the forwarding nodes through the overlay control plane protocol, the forwarding nodes and the intermediate node may determine the tunnel address table based on the tunnel addresses of the forwarding nodes and the second routing table stored in the intermediate node. The second routing table is used for indicating physical routing information from the current node to each destination device.

Note that, the intermediate node does not configure a virtual tunnel endpoint, so the address table stored by the intermediate node may not be referred to as a tunnel address table, but in order to keep consistent with the forwarding node, the embodiments of the present application are collectively referred to as a tunnel address table.

For example, taking the forwarding node L1 in fig. 1 as an example, the forwarding node L1 obtains tunnel addresses of four forwarding nodes, namely VTEP-L1, VTEP-L2, VTEP-L3 and VTEP-L4, respectively, and the second routing table stored in the forwarding node L1 is shown in table 8 below, and the forwarding node L1 determines the tunnel address table based on the tunnel addresses of the forwarding nodes and the stored second routing table as shown in table 9 below.

TABLE 8

Destination device IP address	Next hop interface
		S1-IP	S1-1
S2-IP	S2-1

TABLE 9

Source tunnel address	Destination tunnel address	Next hop interface
			VTEP-L1	VTEP-L2	S1-1、S2-1
VTEP-L1	VTEP-L3	S1-1、S2-1
			VTEP-L1	VTEP-L4	S1-1、S2-1

For example, taking the intermediate node S1 in fig. 1 as an example, the intermediate node S1 obtains tunnel addresses of four forwarding nodes, namely VTEP-L1, VTEP-L2, VTEP-L3 and VTEP-L4, respectively, and the second routing table stored in the intermediate node S1 is shown in table 10 below, and the intermediate node S1 determines the tunnel address table based on the tunnel addresses of the forwarding nodes and the stored second routing table as shown in table 11 below.

Table 10

Destination device IP address	Next hop interface
		L1-IP	L1-1
L2-IP	L2-1
		L3-IP	L3-1
L4-IP	L4-1

TABLE 11

Source tunnel address	Destination tunnel address	Next hop interface
			VTEP-L1	VTEP-L2	L2-1
VTEP-L1	VTEP-L3	L3-1
			VTEP-L1	VTEP-L4	L4-1
VTEP-L2	VTEP-L1	L1-1
			VTEP-L2	VTEP-L3	L3-1
VTEP-L2	VTEP-L4	L4-1
			VTEP-L3	VTEP-L1	L1-1
VTEP-L3	VTEP-L2	L2-1
			VTEP-L3	VTEP-L4	L4-1
VTEP-L4	VTEP-L1	L1-1
			VTEP-L4	VTEP-L2	L2-1
VTEP-L4	VTEP-L3	L3-1

It should be noted that, the tunnel address table may include a plurality of source tunnel addresses, a plurality of destination tunnel addresses, and corresponding next-hop interfaces, and table 9 above only illustrates the next-hop interfaces from the source tunnel address to a different destination tunnel address of the forwarding node L1.

Based on the above description, the forwarding node and the intermediate node may each determine a tunnel address table based on the tunnel address of each forwarding node and the second routing table stored by themselves. Therefore, if the next hop interface in the second routing table stored by the forwarding node and the intermediate node is the outgoing interface of the node, the next hop interface in the tunnel address table is the outgoing interface of the node. If the next hop interface in the second routing table stored by the forwarding node and the intermediate node is the ingress interface of the next hop node, the next hop interface in the tunnel address table is the ingress interface of the next hop node.

In the case that the next hop interface in the second routing table stored by the forwarding node and the intermediate node is the ingress interface of the next hop node, the next hop interface in the tunnel address table may also be the egress interface of the node. At this time, when determining the tunnel address table, the forwarding node and the intermediate node need to acquire the corresponding outgoing interface of the node based on the correspondence between the incoming interface of the next hop node and the outgoing interface of the node.

The second routing tables in the forwarding node and the intermediate node are determined by an underley control plane. That is, in synchronizing the routing information of each forwarding node and the intermediate node through the unrelever control plane protocol, each forwarding node and the intermediate node may determine the second routing table based on the routing information of each forwarding node and the intermediate node.

The underlay control plane protocol may be an interior gateway protocol (Interior Gateway Protocols, IGP), among others.

That is, if the first forwarding node is a forwarding node connected to the first VAS cluster, the third packet received by the first forwarding node may be tunneled by the second forwarding node connected to the first VAS cluster and then transmitted to the first forwarding node through the intermediate node. Therefore, after the first forwarding node receives the third message and performs tunnel decapsulation on the third message to obtain the first message, in order to avoid the first forwarding node retransmitting the first message to the second forwarding node, it needs to determine whether the source tunnel address of the third message is the tunnel address of the second forwarding node. If the source tunnel address of the third message is not the tunnel address of the second forwarding node, it indicates that the third message received by the first forwarding node is not the first message which is tunnel-packaged by the second forwarding node and then is transmitted to the first forwarding node through the intermediate node, and at this time, the first forwarding node can send the first message to the second forwarding node. If the source tunnel address of the third message is the tunnel address of the second forwarding node, the third message received by the first forwarding node indicates that the second forwarding node tunnels the first message and then transmits the first message to the first forwarding node through the intermediate node, and at the moment, the first forwarding node cannot send the first message to the second forwarding node. In this way, the first message can be prevented from being forwarded back and forth between the first forwarding node and the second forwarding node connected with the first VAS cluster, so that the forwarding efficiency of the message is improved.

In the case where the value added services provided by the first VAS network element are different, the conditions under which the first VAS network element sends the first message to the first forwarding node may be different. For example, the value added service provided by the first VAS network element is a firewall. After the first VAS network element receives the first message, it can detect whether the first message has an abnormality. If the first VAS network element detects that the first message is abnormal, the first message is intercepted. And if the first VAS network element detects that the first message is not abnormal, the first message is sent to the first forwarding node. For another example, the value added service provided by the first VAS network element is traffic washing. After the first VAS network element receives the first message, it can determine whether the first message is a normal message or a malicious message. Under the condition that the first message is a malicious message, the first VAS network element intercepts the first message, and under the condition that the first message is a normal message, the first VAS network element sends the first message to the first forwarding node.

In some embodiments, the first forwarding node queries a tunnel address table based on the source tunnel address and the destination tunnel address of the fourth message to determine an interface through which the fourth message is sent to the intermediate node. After the intermediate node receives the fourth message, the tunnel address table is queried based on the source tunnel address and the destination tunnel address of the fourth message to determine an interface, and the fourth message is transmitted to the third forwarding node through the output interface.

When the state of the second VAS network element is changed from the normal state to the fault state, the second VAS network element is indicated to be unavailable, namely the second VAS network element cannot perform value added service processing on the first message. The first forwarding node sets a forwarding table entry corresponding to the second VAS network element in the forwarding table of the first forwarding node to an unavailable state. Therefore, the first forwarding node does not forward the message based on the forwarding table entry, thereby avoiding interruption of the service flow. When the state of the second VAS network element is changed from the fault state to the normal state, the second VAS network element is indicated to be available currently, namely the second VAS network element can perform value added service processing on the first message currently. The first forwarding node sets a forwarding table entry corresponding to the second VAS network element in the forwarding table of the first forwarding node to an available state. In this way, the first forwarding node can continue to send the service traffic to the second VAS network element, so as to avoid that other VAS network elements load a large amount of service traffic, and cause other network elements to fail.

In some embodiments, the first forwarding node may determine the state change condition of the second VAS network element through a heartbeat message. Of course, it may also be determined in other ways.

And when the VAS network elements connected with the first forwarding node are in a fault state, indicating that the VAS network elements connected with the first forwarding node cannot perform value-added service processing on the first message. The first forwarding node sends a status notification message to the second forwarding node, and the second forwarding node sets a forwarding table entry corresponding to the first forwarding node in a forwarding table of the second forwarding node to an unavailable state. In this way, the second forwarding node does not send a message to the first forwarding node based on the forwarding table entry corresponding to the first forwarding node, thereby avoiding interruption of the service flow.

The method provided by the embodiment of the application can also ensure that the message back and forth forwarding paths between the service consumer and the service provider are consistent. That is, when a service consumer sends a message to a service provider, the message is sent to the service provider through a target path. When the service provider sends the message to the service consumer, if the interval time length of the message to-and-fro forwarding is smaller than the time length threshold value, the load of each device is hardly changed, so that the message can be sent to the service consumer through the same target path.

In the embodiment of the present application, since the redirection policy is used to redirect the packet between the sending end and the receiving end to the first VAS cluster, when the first forwarding node obtains the first packet and the first packet matches the redirection policy, it indicates that the first packet is the packet between the sending end and the receiving end. In this way, the first forwarding node can send the first message to any one of the VAS network elements included in the first VAS cluster, so as to perform value-added service processing on the first message, thereby guaranteeing the reliability of the service between the sending end and the receiving end. And a plurality of forwarding nodes are arranged between the sending end and the receiving end, N equivalent paths can be constructed through the plurality of forwarding nodes, a first message can be forwarded through any path in the N equivalent paths, and the message forwarding is not performed through a load balancing device, so that the bottleneck and concentrated fault points of the message forwarding can not occur, and the forwarding efficiency of the message is improved. In addition, the first forwarding node can also determine the state change condition of the VAS network element in real time. When the state of the VAS network element is changed into a fault state, a forwarding table item corresponding to the VAS network element in a forwarding table of the first forwarding node is set to be in an unavailable state, so that the first forwarding node cannot forward the message based on the forwarding table item, and interruption of service flow is avoided. When the state of the VAS network element is changed into a normal state, a forwarding table item corresponding to the VAS network element in a forwarding table of the first forwarding node is set into an available state, so that the first forwarding node can continuously send service traffic to the VAS network element, and therefore other VAS network elements are prevented from loading a large amount of service traffic, and other network elements are prevented from being failed.

Next, taking the network architecture shown in fig. 1 as an example, a message forwarding method provided in the embodiment of the present application is illustrated. Referring to fig. 5, fig. 5 is a schematic diagram of a packet forwarding flow provided in an embodiment of the present application. In fig. 5, a service consumer serves as a transmitting end and a service provider serves as a receiving end. That is, the service consumer sends a message to the service provider, and the first VAS cluster includes M VAS network elements, which are respectively VAS1, VAS2, VAS3, and VAS4. Furthermore, based on the above description, the redirection policy stored by the forwarding node may include a five-tuple and a VIP address of the first VAS cluster, and may further include a message ID and a VIP address of the first VAS cluster. The following describes a procedure in which a service consumer sends a message to a service provider, taking as an example a redirection policy stored by a forwarding node, including a five-tuple and a VIP address of a first VAS cluster.

And the forwarding node L1 receives the message 1 sent by the service consumer, matches the quintuple in the message 1 with the quintuple in the stored redirection strategy, and redirects the message 1 to the first VAS cluster if the quintuple in the message 1 is the same as the quintuple in the redirection strategy. That is, the forwarding node L1 queries the above table 1 based on the VIP address VAS-VIP1 of the first VAS cluster, and the obtained next hops of the N equivalent paths are VTEP-L2 and VTEP-L3, respectively. The forwarding node L1 determines a target path from the N equivalent paths based on a policy of load balancing.

Assuming that the next hop of the target path determined by the forwarding node L1 is the forwarding node L2, tunnel encapsulation is performed on the packet 1, so as to obtain a packet 2. The source tunnel address of the message 2 is VTEP-L1, and the destination tunnel address is VTEP-L2. The forwarding node L1 queries the table 9 based on the source tunnel address VTEP-L1 and the destination tunnel address VTEP-L2 of the message 2 to obtain 2 equivalent next hop interfaces, which are S1-1 and S2-1 respectively. Assuming that the next hop interface selected by the forwarding node L1 based on the policy of load balancing is the ingress interface S1-1 of the intermediate node S1, the packet 2 is sent to the intermediate node S1 through the egress interface corresponding to the ingress interface. After the intermediate node S1 receives the message 2, it queries the above table 11 based on the source tunnel address VTEP-L1 and the destination tunnel address VTEP-L2 of the message 2, and obtains the ingress interface L2-1 of the forwarding node L2, and transmits the message 2 to the forwarding node L2 through the egress interface corresponding to the ingress interface.

After receiving the message 2, the forwarding node L2 performs tunnel decapsulation on the message 2, thereby obtaining a message 1. And the forwarding node L2 matches the five-tuple in the message 1 with the five-tuple in the stored redirection policy, and redirects the message 1 to the first VAS cluster if the five-tuple in the message 1 is the same as the five-tuple in the redirection policy. That is, the forwarding node L2 queries the above table 2 based on the VIP address VAS-VIP1 of the first VAS cluster, and the obtained next hops of the N equivalent paths are VTEP-L3, VAS1-IP, and VAS2-IP, respectively. The forwarding node L2 determines a target path from the N equivalent paths based on the policy of load balancing.

Assuming that the next hop of the target path determined by the forwarding node L2 is a VAS1, a message 1 is sent to the VAS 1. After the forwarding node L2 sends the message 1 to the VAS1, the VAS1 may perform value added service processing on the message 1. After the VAS1 performs value added service processing on the message 1, the VAS1 sends the message 1 to the forwarding node L2. After receiving the message 1, the forwarding node L2 queries the above table 2 based on the IP address of the service provider in the message 1, and determines that the next hop of the target path is the forwarding node L4. And the forwarding node L2 performs tunnel encapsulation on the message 1 so as to obtain a message 3. The source tunnel address of the message 3 is VTEP-L2, and the destination tunnel address is VTEP-L4. The forwarding node L2 queries a tunnel address table based on a source tunnel address VTEP-L2 and a destination tunnel address VTEP-L4 of the message 3 to obtain 2 equivalent next hop interfaces, namely S1-2 and S2-2 respectively. Assuming that the next hop interface selected by the forwarding node L2 based on the policy of load balancing is the ingress interface S2-2 of the intermediate node S2, the packet 3 is sent to the intermediate node S2 through the egress interface corresponding to the ingress interface. After receiving the message 3, the intermediate node S2 queries the tunnel address table based on the source tunnel address VTEP-L2 and the destination tunnel address VTEP-L4 of the message 3, obtains the ingress interface L4-1 of the forwarding node L4, and transparently transmits the message 3 to the forwarding node L4 through the egress interface corresponding to the ingress interface. After receiving the message 3, the forwarding node L4 performs tunnel decapsulation on the message 3, thereby obtaining a message 1. The forwarding node L4 sends the message 1 to the service provider based on the IP address of the service provider in the message 1, thereby realizing communication between the service consumer and the service provider.

The above steps assume that the next hop of the target path determined by the forwarding node L1 is the forwarding node L2, and in practical application, the next hop of the target path determined by the forwarding node L1 may also be the forwarding node L3. The implementation manner of the forwarding node L1 to send the message 1 to the service provider through the forwarding node L3 is the same as the related description of the above steps, so that a detailed description is omitted here.

Referring to fig. 6, fig. 6 is a schematic diagram of another packet forwarding flow provided in the embodiment of the present application. In fig. 6, a service provider serves as a transmitting end and a service consumer serves as a receiving end. That is, the service provider sends a message to the service consumer, and the first VAS cluster includes M VAS network elements, which are respectively VAS1, VAS2, VAS3, and VAS4. Furthermore, based on the above description, the redirection policy stored by the forwarding node may include a five-tuple and a VIP address of the first VAS cluster, and may further include a message ID and a VIP address of the first VAS cluster. The following describes a procedure in which a service provider sends a message to a service consumer, taking as an example that a redirection policy stored by a forwarding node includes a quintuple and a VIP address of a first VAS cluster.

And the forwarding node L4 receives the message 1 sent by the service provider, matches the five-tuple in the message 1 with the five-tuple in the stored redirection strategy, and redirects the message 1 to the first VAS cluster if the five-tuple in the message 1 is the same as the five-tuple in the redirection strategy. That is, the forwarding node L4 queries the above table 1 based on the VIP address VAS-VIP1 of the first VAS cluster, and the obtained next hops of the N equivalent paths are VTEP-L2 and VTEP-L3, respectively. The forwarding node L4 determines a target path from the N equivalent paths based on the policy of load balancing.

Assuming that the next hop of the target path determined by the forwarding node L4 is the forwarding node L2, tunnel encapsulation is performed on the packet 1, so as to obtain the packet 2. The source tunnel address of the message 2 is VTEP-L4, and the destination tunnel address is VTEP-L2. The forwarding node L4 queries a tunnel address table based on a source tunnel address VTEP-L4 and a destination tunnel address VTEP-L2 of the message 2 to obtain 2 equivalent next hop interfaces, namely S1-4 and S2-4 respectively. Assuming that the next hop interface selected by the forwarding node L4 based on the policy of load balancing is the ingress interface S2-4 of the intermediate node S2, the packet 2 is sent to the intermediate node S2 through the egress interface corresponding to the ingress interface. After the intermediate node S2 receives the message 2, it queries the above table 11 based on the source tunnel address VTEP-L4 and the destination tunnel address VTEP-L2 of the message 2, and obtains the ingress interface L2-1 of the forwarding node L2, and transmits the message 2 to the forwarding node L2 through the egress interface corresponding to the ingress interface.

Assuming that the next hop of the target path determined by the forwarding node L2 is a VAS1, a message 1 is sent to the VAS 1. After the forwarding node L2 sends the message 1 to the VAS1, the VAS1 may perform value added service processing on the message 1. After the VAS1 performs value added service processing on the message 1, the VAS1 sends the message 1 to the forwarding node L2. After receiving the message 1, the forwarding node L2 queries the above table 2 based on the IP address of the service consumer in the message 1, and determines that the next hop of the target path is the forwarding node L1. And the forwarding node L2 performs tunnel encapsulation on the message 1 so as to obtain a message 3. The source tunnel address of the message 3 is VTEP-L2, and the destination tunnel address is VTEP-L1. The forwarding node L2 queries a tunnel address table based on a source tunnel address VTEP-L2 and a destination tunnel address VTEP-L1 of the message 3 to obtain 2 equivalent next hop interfaces, namely S1-2 and S2-2 respectively. Assuming that the next hop interface selected by the forwarding node L2 based on the policy of load balancing is the ingress interface S1-2 of the intermediate node S1, the packet 3 is sent to the intermediate node S1 through the egress interface corresponding to the ingress interface. After the intermediate node S1 receives the packet 3, it queries the above table 11 based on the source tunnel address VTEP-L2 and the destination tunnel address VTEP-L1 of the packet 3, and obtains the ingress interface L1-1 of the forwarding node L1, and transmits the packet 3 to the forwarding node L1 through the egress interface corresponding to the ingress interface. After receiving the message 3, the forwarding node L1 performs tunnel decapsulation on the message 3, thereby obtaining the message 1. The forwarding node L1 sends the message 1 to the service consumer based on the IP address of the service consumer in the message 1, thereby realizing communication between the service provider and the service consumer.

The above steps are to assume that the next hop of the target path determined by the forwarding node L4 is the forwarding node L2, and in practical application, the next hop of the target path determined by the forwarding node L4 may also be the forwarding node L3. The implementation manner of the forwarding node L4 to send the message 1 to the service consumer through the forwarding node L3 is the same as the related description of the above steps, so that a detailed description is omitted here.

Fig. 7 is a schematic structural diagram of a packet forwarding device provided in the embodiment of the present application, where the packet forwarding device may be implemented by software, hardware, or a combination of both as part or all of a first forwarding node, and the first forwarding node is one of multiple forwarding nodes, where the multiple forwarding nodes are used for communications between a sending end and a receiving end. Referring to fig. 7, the apparatus includes: a first acquisition module 701, a second acquisition module 702, a first determination module 703 and a first transmission module 704.

A first obtaining module 701, configured to obtain a first message. The detailed implementation process refers to the corresponding content in each embodiment, and will not be repeated here.

The second obtaining module 702 is configured to obtain N equivalent paths based on a VIP address corresponding to the first VAS cluster when the first packet matches a redirection policy, where the redirection policy is used to redirect a packet between the sending end and the receiving end to the first VAS cluster, and the first VAS cluster includes M VAS network elements, where M and N are both greater than or equal to 2. The detailed implementation process refers to the corresponding content in each embodiment, and will not be repeated here.

A first determining module 703, configured to determine a target path from the N equivalent paths. The detailed implementation process refers to the corresponding content in each embodiment, and will not be repeated here.

A first sending module 704, configured to send a first packet through a target path, so that the first packet is sent to any one of the M VAS network elements. The detailed implementation process refers to the corresponding content in each embodiment, and will not be repeated here.

Optionally, the next hop of the target path is a second forwarding node, and the first sending module 704 is specifically configured to:

the first message is subjected to tunnel encapsulation to obtain a second message, the source tunnel address of the second message is the tunnel address of the first forwarding node, and the destination tunnel address of the second message is the tunnel address of the second forwarding node;

and sending the second message through the target path.

Optionally, the first forwarding node is a forwarding node connected to the transmitting end;

the first obtaining module 701 is specifically configured to:

and receiving the first message sent by the sending end.

Optionally, the first forwarding node is a forwarding node connected to the first VAS cluster;

the first obtaining module 701 is specifically configured to:

receiving a third message;

and carrying out tunnel decapsulation on the third message to obtain a first message.

Optionally, the M VAS network elements are connected to at least two forwarding nodes of the plurality of forwarding nodes, where, if the next hop of the target path is the second forwarding node, the second forwarding node is one forwarding node of the at least two forwarding nodes except the first forwarding node, and the source tunnel address of the third packet is not the tunnel address of the second forwarding node.

Optionally, the next hop of the target path is a first VAS network element, where the first VAS network element is one VAS network element connected to the first forwarding node in the M VAS network elements, and the first sending module 704 is specifically configured to:

and sending the first message to the first VAS network element based on the IP address of the first VAS network element.

Optionally, the apparatus further comprises:

the first receiving module is used for receiving a first message from a first VAS network element;

the inquiry module is used for inquiring the forwarding table based on the IP address of the receiving end in the first message to obtain the tunnel address of a third forwarding node, and the third forwarding node is a forwarding node connected with the receiving end;

the tunnel encapsulation module is used for tunnel encapsulation of the first message to obtain a fourth message, the source tunnel address of the fourth message is the tunnel address of the first forwarding node, and the destination tunnel address of the fourth message is the tunnel address of the third forwarding node;

And the second sending module is used for sending the fourth message.

Optionally, the apparatus further comprises:

a second determining module, configured to determine a state change condition of a second VAS network element, where the second VAS network element is any one of the M VAS network elements connected to the first forwarding node;

the first setting module is used for setting a forwarding table item corresponding to the second VAS network element to be in an unavailable state under the condition that the second VAS network element is changed from a normal state to a fault state;

and the second setting module is used for setting the forwarding table item corresponding to the second VAS network element into an available state under the condition that the second VAS network element is changed from a fault state to a normal state.

Optionally, the apparatus further comprises:

and the third sending module is used for sending a state notification message to the second forwarding node under the condition that all VAS network elements connected with the first forwarding node in the M VAS network elements are in a fault state, wherein the state notification message is used for indicating the second forwarding node to set a forwarding table item corresponding to the first forwarding node into an unavailable state.

Optionally, the apparatus further comprises:

and the second receiving module is used for receiving the redirection strategy sent by the controller or the orchestrator.

Optionally, the apparatus further comprises:

a third receiving module, configured to receive a route indication message sent by the controller or the orchestrator, where the route indication message includes local equivalent route information of the first forwarding node, and the local equivalent route information includes route information between the first VAS cluster and a VAS network element connected to the first forwarding node;

And the fourth sending module is used for sending the local equivalent routing information to other forwarding nodes in the plurality of forwarding nodes.

It should be noted that: in the message forwarding device provided in the foregoing embodiment, only the division of the functional modules is used for illustration, and in practical application, the functional allocation may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules, so as to complete all or part of the functions described above. In addition, the message forwarding apparatus and the message forwarding method embodiment provided in the foregoing embodiments belong to the same concept, and specific implementation processes thereof are detailed in the method embodiment, which is not described herein again.

In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer instructions are loaded and executed on a computer, the processes or functions described in accordance with embodiments of the present application are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by a wired (e.g., coaxial cable, fiber optic, data subscriber line (digital subscriber line, DSL)) or wireless (e.g., infrared, wireless, microwave, etc.) means. The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., digital versatile disk (digital versatile disc, DVD)), or a semiconductor medium (e.g., solid State Disk (SSD)), etc. It is noted that the computer readable storage medium mentioned in the embodiments of the present application may be a non-volatile storage medium, in other words, may be a non-transitory storage medium.

It should be understood that reference herein to "a plurality" means two or more. In the description of the embodiments of the present application, unless otherwise indicated, "/" means or, for example, a/B may represent a or B; "and/or" herein is merely an association relationship describing an association object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. In addition, in order to facilitate the clear description of the technical solutions of the embodiments of the present application, in the embodiments of the present application, the words "first", "second", and the like are used to distinguish the same item or similar items having substantially the same function and effect. It will be appreciated by those of skill in the art that the words "first," "second," and the like do not limit the amount and order of execution, and that the words "first," "second," and the like do not necessarily differ.

The above embodiments are provided for the purpose of not limiting the present application, but rather, any modifications, equivalent substitutions, improvements, etc. made within the spirit and principles of the present application are intended to be included within the scope of the present application.

Claims

1. A method for forwarding a message, the method comprising:

The method comprises the steps that a first forwarding node obtains a first message, wherein the first forwarding node is one of a plurality of forwarding nodes, and the plurality of forwarding nodes are used for communication between a sending end and a receiving end;

under the condition that the first message matches a redirection policy, the first forwarding node obtains N equivalent paths based on a Virtual Internet Protocol (VIP) address corresponding to a first Value Added Service (VAS) cluster, the redirection policy is used for redirecting the message between the sending end and the receiving end to the first VAS cluster, the first VAS cluster comprises M VAS network elements, and M and N are both greater than or equal to 2;

the first forwarding node determines a target path from the N equivalent paths;

the first forwarding node sends the first message through the target path so as to send the first message to any one of the M VAS network elements.

2. The method of claim 1, wherein the next hop of the target path is a second forwarding node, and wherein the first forwarding node sends the first message over the target path, comprising:

the first forwarding node performs tunnel encapsulation on the first message to obtain a second message, wherein a source tunnel address of the second message is a tunnel address of the first forwarding node, and a destination tunnel address of the second message is a tunnel address of the second forwarding node;

And the first forwarding node sends the second message through the target path.

3. The method according to claim 1 or 2, wherein the first forwarding node is a forwarding node to which the sender is connected;

the first forwarding node obtains a first message, including:

the first forwarding node receives the first message sent by the sending end.

4. The method according to claim 1 or 2, wherein the first forwarding node is a forwarding node to which the first VAS cluster is connected;

the first forwarding node obtains a first message, including:

the first forwarding node receives a third message;

and the first forwarding node performs tunnel decapsulation on the third message to obtain the first message.

5. The method of claim 4, wherein the M VAS network elements are connected to at least two forwarding nodes of the plurality of forwarding nodes, the second forwarding node is one of the at least two forwarding nodes other than the first forwarding node if the next hop of the target path is the second forwarding node, and a source tunnel address of the third message is not a tunnel address of the second forwarding node.

6. The method of claim 1, wherein the next hop of the target path is a first VAS network element, the first VAS network element being one of the M VAS network elements connected to the first forwarding node, the first forwarding node sending the first message over the target path, comprising:

the first forwarding node sends the first message to the first VAS network element based on the IP address of the first VAS network element.

7. The method of claim 6, wherein the first forwarding node, after sending the first message to the first VAS network element based on the IP address of the first VAS network element, further comprises:

the first forwarding node receives the first message from the first VAS network element;

the first forwarding node queries a forwarding table based on the IP address of the receiving end in the first message to obtain a tunnel address of a third forwarding node, wherein the third forwarding node is a forwarding node connected with the receiving end;

the first forwarding node performs tunnel encapsulation on the first message to obtain a fourth message, wherein a source tunnel address of the fourth message is a tunnel address of the first forwarding node, and a destination tunnel address of the fourth message is a tunnel address of the third forwarding node;

And the first forwarding node sends the fourth message.

8. The method of any one of claims 4-7, wherein the method further comprises:

the first forwarding node determines a state change condition of a second VAS network element, wherein the second VAS network element is any VAS network element connected with the first forwarding node in the M VAS network elements;

under the condition that the second VAS network element is changed from a normal state to a fault state, the first forwarding node sets a forwarding table item corresponding to the second VAS network element to be in an unavailable state;

and under the condition that the second VAS network element is changed from the fault state to the normal state, the first forwarding node sets a forwarding table item corresponding to the second VAS network element to be in an available state.

9. The method of claim 8, wherein the method further comprises:

and under the condition that all VAS network elements connected with the first forwarding node in the M VAS network elements are in a fault state, the first forwarding node sends a state notification message to a second forwarding node, wherein the state notification message is used for indicating the second forwarding node to set a forwarding table item corresponding to the first forwarding node into an unavailable state.

10. The method of any one of claims 1-9, wherein the method further comprises:

the first forwarding node receives the redirection policy sent by the controller or the orchestrator.

11. The method of any one of claims 1-9, wherein the method further comprises:

the first forwarding node receives a route indication message sent by a controller or an orchestrator, wherein the route indication message comprises local equivalent route information of the first forwarding node, and the local equivalent route information comprises route information between the first VAS cluster and a VAS network element connected with the first forwarding node;

the first forwarding node sends the local equivalent routing information to other forwarding nodes in the plurality of forwarding nodes.

12. A message forwarding apparatus, applied to a first forwarding node, where the first forwarding node is one of a plurality of forwarding nodes, and the plurality of forwarding nodes are used for communications between a sending end and a receiving end, the apparatus includes:

the first acquisition module is used for acquiring a first message;

the second obtaining module is configured to obtain N equivalent paths based on a virtual internet protocol VIP address corresponding to a first value added service VAS cluster when the first packet matches a redirection policy, where the redirection policy is used to redirect a packet between a sending end and a receiving end to the first VAS cluster, and the first VAS cluster includes M VAS network elements, where M and N are both greater than or equal to 2;

The first determining module is used for determining a target path from the N equivalent paths;

and the first sending module is used for sending the first message through the target path so as to send the first message to any one of the M VAS network elements.

13. The apparatus of claim 12, wherein the next hop of the target path is a second forwarding node, and wherein the first sending module is specifically configured to:

and sending the second message through the target path.

14. The apparatus according to claim 12 or 13, wherein the first forwarding node is a forwarding node to which the sender is connected;

the first obtaining module is specifically configured to:

and receiving the first message sent by the sending end.

15. The apparatus according to claim 12 or 13, wherein the first forwarding node is a forwarding node to which the first VAS cluster is connected;

the first obtaining module is specifically configured to:

Receiving a third message;

and carrying out tunnel decapsulation on the third message to obtain the first message.

16. The apparatus of claim 15, wherein the M VAS network elements are connected to at least two forwarding nodes of the plurality of forwarding nodes, the second forwarding node is one of the at least two forwarding nodes other than the first forwarding node if a next hop of the target path is a second forwarding node, and a source tunnel address of the third message is not a tunnel address of the second forwarding node.

17. The apparatus of claim 12, wherein a next hop of the target path is a first VAS network element, the first VAS network element being one of the M VAS network elements connected to the first forwarding node, the first transmitting module being specifically configured to:

18. The apparatus of claim 17, wherein the apparatus further comprises:

a first receiving module, configured to receive the first packet from the first VAS network element;

the query module is used for querying a forwarding table based on the IP address of the receiving end in the first message to obtain a tunnel address of a third forwarding node, wherein the third forwarding node is a forwarding node connected with the receiving end;

and the second sending module is used for sending the fourth message.

19. The apparatus of any one of claims 15-18, wherein the apparatus further comprises:

a first setting module, configured to set a forwarding table entry corresponding to the second VAS network element to an unavailable state when the second VAS network element changes from a normal state to a failure state;

20. The apparatus of claim 19, wherein the apparatus further comprises:

and the third sending module is used for sending a state notification message to a second forwarding node when all the VAS network elements connected with the first forwarding node are in a fault state, wherein the state notification message is used for indicating the second forwarding node to set a forwarding table item corresponding to the first forwarding node into an unavailable state.

21. The apparatus of any one of claims 12-20, wherein the apparatus further comprises:

22. The apparatus of any one of claims 12-20, wherein the apparatus further comprises:

a third receiving module, configured to receive a route indication message sent by a controller or an orchestrator, where the route indication message includes local equivalent route information of the first forwarding node, and the local equivalent route information includes route information between the first VAS cluster and a VAS network element connected to the first forwarding node;

23. A message forwarding system, the system comprising a plurality of forwarding nodes, and a controller or orchestrator;

the controller or the orchestrator is configured to send a redirection policy to a first forwarding node, where the redirection policy is used to redirect a packet between a sending end and a receiving end to a first value added service VAS cluster, the plurality of forwarding nodes are used for communication between the sending end and the receiving end, the first forwarding node is one of the plurality of forwarding nodes, and the first VAS cluster includes M VAS network elements, where M is greater than or equal to 2;

Said first forwarding node being adapted to implement the steps of the method of any of claims 1-11.

24. The system of claim 23, wherein the controller or orchestrator is further to:

sending a route indication message to the first forwarding node, wherein the route indication message comprises local equivalent route information of the first forwarding node, and the local equivalent route information comprises route information between the first VAS cluster and a VAS network element connected with the first forwarding node;

the routing indication message is used for indicating the first forwarding node to send the local equivalent routing information to other forwarding nodes in the plurality of forwarding nodes.