WO2015100751A1 - Procédé et dispositif de réexpédition de paquets - Google Patents

Procédé et dispositif de réexpédition de paquets Download PDF

Info

Publication number
WO2015100751A1
WO2015100751A1 PCT/CN2014/070184 CN2014070184W WO2015100751A1 WO 2015100751 A1 WO2015100751 A1 WO 2015100751A1 CN 2014070184 W CN2014070184 W CN 2014070184W WO 2015100751 A1 WO2015100751 A1 WO 2015100751A1
Authority
WO
WIPO (PCT)
Prior art keywords
address
service
message
value
forwarding
Prior art date
Application number
PCT/CN2014/070184
Other languages
English (en)
Chinese (zh)
Inventor
张先国
史扬
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2014/070184 priority Critical patent/WO2015100751A1/fr
Priority to CN201480000859.0A priority patent/CN105103503B/zh
Publication of WO2015100751A1 publication Critical patent/WO2015100751A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type

Definitions

  • the present invention relates to the field of communications, and in particular, to a method and apparatus for forwarding a message.
  • a value-added service device such as a firewall, a load balancer (English: load balancer, LB), an intrusion prevention system (English: intrusion prevention system, abbreviation: IPS), an intrusion detection system (English: Intrusion Detection System, Abbreviation: IDS), data loss prevention (abbreviation: DLP) device, anti-virus (English: anti-virus, abbreviation: AV)
  • the deployment location of the device is usually strongly related to the network topology. That is, the value-added service device is generally deployed on the forwarding path of the packet that needs to be processed by the value-added service device, or is connected to a network device (such as a router or a switch) on the forwarding path.
  • the problem with the tight coupling of the value-added service equipment and packet forwarding described above is that the service processing path is not flexible. For example, on a forwarding path, packets that are normally forwarded pass through the firewall and IPS. However, some packets passing through the forwarding path may only need to be processed by the firewall, and some may need to be processed by both the firewall and the IPS. In the traditional deployment mode, packets that do not need to be processed by IPS must pass through IPS, which wastes the processing power of IPS.
  • the invention provides a method and a device for forwarding a message, so as to avoid the use of the field in the standard tunnel header to identify the service conflict caused by the service path and reduce the burden on the network device on the service path.
  • the first aspect provides a method for forwarding a message, including:
  • the first packet is obtained according to the service packet, and the service packet is a packet that needs to be processed by the value-added service, where the first packet includes an address table, and the address table includes the value-added The IP address of the service device and the forwarding address, where the forwarding address is the address in the last item of the address table; the value-added service device is located on the service path of the service packet;
  • the method is performed by a flow distribution point, where the method further includes:
  • Receiving the service packet ; acquiring a service flow identifier of the service flow to which the service packet belongs; obtaining a service path of the service packet according to the service flow identifier, where the service path includes a sequence of the value-added service device; An IP address of the value-added service device in the service path; and obtaining the forwarding address, where the forwarding address is a destination IP address of the service packet or an IP address of the stream distribution point.
  • the obtaining the first packet includes:
  • the obtaining, by the service flow identifier, the service path of the service packet includes: Determining, according to the service flow identifier, a policy, a policy to which the service flow identifier belongs, and obtaining a service path in the policy;
  • the policy table includes at least one policy, where each policy includes a service flow identifier, a service path, and Corresponding relationship of the forwarding mode;
  • the obtaining the forwarding address includes any one of the following: obtaining a forwarding mode in the policy, and when the forwarding mode is a return mode, using the IP address of the stream distribution point as the forwarding
  • the destination address of the service packet is used as the forwarding address when the forwarding mode is the direct forwarding mode.
  • a fourth implementation manner of the first aspect when the sequence of the value-added service device includes the value-added service device And the obtaining the IP address of the value-added service device in the service path, the acquiring, by the mapping table, the IP address of the value-added service device corresponding to the identifier of the value-added service device in the service path, where the mapping is performed.
  • Each entry of the table includes a correspondence between an IP address of the value-added service device and an identifier of the value-added service device; or when the sequence of the value-added service device includes a sequence of IP addresses of the value-added service device, the obtaining The IP address of the value-added service device in the service path includes: obtaining an IP address of the value-added service device directly from the service path.
  • the method is performed by a value-added service device, where the acquiring the first packet includes: receiving a flow distribution point or a last hop value-added service device The first message sent.
  • the method further includes: performing value-added service device processing on the first packet, and obtaining the processed First message, said The destination IP address and address table of the first packet is the same as the destination IP address and address table of the first packet.
  • the obtaining the second packet includes:
  • the obtaining the The second message includes:
  • the second aspect provides an apparatus for forwarding a message, including:
  • the device further includes a receiving module and a second acquiring module, where the receiving module is configured to receive the service packet;
  • the second obtaining module is configured to obtain a service flow identifier of the service flow to which the service packet belongs, and obtain a service path of the service packet according to the service flow identifier, where the service path includes a sequence of the value-added service device; Acquiring an IP address of the value-added service device in the service path; and acquiring the forwarding address, where the forwarding address is a destination IP address of the service packet or an IP address of the stream distribution point.
  • the first acquiring module is specifically configured to: add an address table to a service packet received by the receiving module
  • the IP address of the value-added service device in the service path is sequentially added to the address table, and the forwarding address is added to the last item of the address table to obtain the first packet.
  • the device further includes a storage module, configured to store a policy table
  • the obtaining, by the second acquiring module, the service path of the service packet according to the service flow identifier is: searching the policy table stored in the storage module according to the service flow identifier, and obtaining the service flow identifier a policy, the service path in the policy is obtained;
  • the policy table includes at least one policy, where each policy includes a service flow identifier, a service path, and a correspondence manner of a forwarding manner;
  • the forwarding address includes any one of the following: obtaining a forwarding mode in the policy, and when the forwarding mode is a return mode, using an IP address of the stream distribution point as the forwarding address; as well as Obtaining a forwarding mode in the policy.
  • the forwarding mode is the direct forwarding mode
  • the destination IP address of the service packet is used as the forwarding address.
  • the device further includes a second storage module, configured to store a mapping table Each entry of the mapping table includes a correspondence between an IP address of the value-added service device and an identifier of the value-added service device;
  • the acquiring, by the second acquiring unit, the IP address of the value-added service device in the service path includes: acquiring the service path according to the mapping table The IP address of the value-added service device corresponding to the identifier of the value-added service device, and each entry of the mapping table includes a correspondence between the IP address of the value-added service device and the identifier of the value-added service device.
  • the first acquiring module is specifically configured to receive the first packet sent by the stream distribution point or the last hop value-added service device.
  • the device further includes:
  • a processing module configured to perform the value-added service device processing on the first packet, to obtain the processed first packet, the destination IP address and address table of the processed first packet, and the first packet
  • the destination IP address is the same as the address table.
  • the modifying module is specifically configured to: according to the first item of the address table of the processed first packet The address in the address modifies the destination IP address of the processed first packet, and deletes the first item in the address table of the processed first packet to obtain the second packet.
  • the modifying unit when the IP address of the value-added service device in the address table is empty, the modifying unit is specifically used.
  • a third aspect provides an apparatus for forwarding a message, including a processor, a communication interface, a memory, and a bus, wherein the processor, the communication interface, and the memory communicate with each other through the bus;
  • the memory is used to store a program
  • the processor is configured to invoke the program in the memory, execute the method of the first aspect according to the program, and forward the second message through the communication interface.
  • the stream distribution point adds an IP address including the value-added service device by receiving the service packet.
  • the address table of the forwarding address the service packet can be sent to the value-added service device in the corresponding service path in turn, and the value-added service processing is performed on the service packet, and the service packet is avoided. Sending to unrelated value-added service equipment, thereby avoiding the waste of value-added service equipment capabilities.
  • the address distribution table is added by the flow distribution point to be sent in the service packet, which avoids the configuration complexity caused by separately configuring the service path on each value-added service device.
  • FIG. 1 is a schematic structural diagram of a network system according to an embodiment of the present invention.
  • FIG. 2 is a schematic flowchart of a method for forwarding a packet according to an embodiment of the present invention
  • FIG. 3 is a schematic flowchart diagram of another method for forwarding a packet according to an embodiment of the present disclosure
  • FIG. 4 is a schematic flowchart of still another method for forwarding a message according to an embodiment of the present disclosure
  • FIG. 5 is a schematic structural diagram of an apparatus for forwarding a message according to an embodiment of the present disclosure
  • FIG. 6 is a schematic structural diagram of another apparatus for forwarding a message according to an embodiment of the present disclosure.
  • FIG. 7 is a schematic structural diagram of another apparatus for forwarding a message according to an embodiment of the present disclosure.
  • FIG. 8 is a schematic structural diagram of another apparatus for forwarding a message according to an embodiment of the present invention.
  • the technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. example. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
  • the embodiment of the present invention provides a system for forwarding a message.
  • the system stream distribution point 12 and the value-added service device 13 may have one or more value-added service devices, and the figure shows A plurality of value added service devices 13a-n.
  • the stream distribution point 12 and the value-added service device 13 may each be a virtual node, a virtual function module or a hardware physical entity in the network.
  • the stream distribution point 12 is configured to obtain a policy table, and select according to the policy table.
  • the service path sends a service flow to the value-added service device 13 through the selected service path.
  • Two service paths are shown in Figure 1, which are service path 1 and service path 2.
  • the value-added service device 13 is configured to perform value-added service processing on the service flow, and forward the processed service flow.
  • the specific functions of the stream distribution point 12 and the value-added service device 13 can be referred to the description in the following embodiments.
  • an embodiment of the present invention provides a method for forwarding a packet, where the execution entity of the method may be a stream distribution point 12 or a value-added service device 13, as shown in FIG. Executed by the value-added service device, and may also be performed by a stream distribution point, the method includes:
  • the first packet may be a packet obtained by the stream distribution point after the received service packet is processed, or may be a packet processed by the value-added service device after being processed by the stream distribution point, or may be a value-added service.
  • the packet received by the device and processed by the other value-added service device may be a packet obtained by further processing the processed service packet sent by the value-added service device to the distribution point. Regardless of how the first packet is obtained, the first packet is finally obtained according to the service packet.
  • the service path is a path formed by a value-added service device that needs to perform value-added service processing on the service packet, that is, the service path includes a sequence of value-added service devices that need to perform value-added service processing on the service packet.
  • the address table may include IP address information of all value-added service devices on the service path or IP address information of a part of the value-added service device.
  • the IP address of the value-added service device in the address table may also be empty, that is, the address table only includes the forwarding address.
  • the forwarding address is an address in the last item of the address table.
  • the step 202 is specifically: modifying the destination IP address of the first packet to the address in the first item in the address table, and deleting the first item in the address table, where the first packet is sent The message obtained after the above processing is used as the second message.
  • the address in the first item of the address table is the IP address of the value-added service device.
  • the address in the first item may be an IP address of the next-hop value-added service device, or may be a forwarding address.
  • step 203 the second packet is forwarded to the value-added service device corresponding to the destination IP address of the second packet according to the destination IP address of the second packet, that is, the next hop value is added.
  • the value-added service device corresponding to the destination IP address of the second packet according to the destination IP address of the second packet, that is, the next hop value is added.
  • the first packet of the IP address including the value-added service device and the address table of the forwarding address is obtained, and the first packet is modified to obtain a second packet, and then the second packet is sent.
  • the message, the designation of the value-added service device is implemented, and the value-added service processing of the message is avoided, and the message is not sent to the unrelated value-added service device, thereby avoiding the capability of the value-added service device. waste.
  • the method shown in Figure 2 is further elaborated from the perspective of stream distribution points and value-added service equipment.
  • the method shown in FIG. 2 when the method shown in FIG. 2 is performed by a stream distribution point, the method may specifically include:
  • the traffic distribution point receives the service packet, where the service packet is a packet that needs to be processed by the value-added service.
  • the service packet may be a packet received from the user side, or may be a packet received from the network side, which is not limited in this embodiment.
  • the service packet is an IP packet.
  • the flow distribution point acquires a service flow identifier of the service flow to which the service packet belongs.
  • the service flow may be identified by using at least one of a source IP address, a destination IP address, a source port, a destination port, and a protocol number. Therefore, the service flow identifier may include a source IP address of the service packet. At least one of a destination IP address, a source port, a destination port, and a protocol number.
  • the service flow identifier may be a quintuple information of the service packet, or may be a value obtained by using a certain algorithm according to the quintuple information of the service packet, for example, by hashing (hash) The value obtained by the algorithm.
  • the flow distribution point obtains a service path of the service packet according to the service flow identifier, where the service path includes a sequence of a value-added service device that needs to perform value-added service processing on the service packet.
  • the flow distribution point obtains a policy that belongs to the service flow identifier according to the service flow identifier search policy table, and obtains a service path in the policy.
  • the policy table is used to indicate a value-added service processing mode of the service flow.
  • the policy table includes at least one policy, and each policy includes a correspondence between a service flow identifier, a service path, and a forwarding manner.
  • the sequence of the value-added service device may specifically be a sequence of identifiers of the value-added service devices or a sequence of IP addresses.
  • the sequence indicates the order in which the value-added service device processes the traffic flow.
  • the identifier may be a numeric number, for example, the FW number is 1, the IPS number is 2, the IDS number is 3, and the service path (3, 1, 2) Indicates that the service flow needs to be processed by three value-added service devices.
  • the processing sequence is first IDS, then FW, and finally IPS.
  • the identifier may also be a code of a value-added service device, for example, may be FW, IPS or IDS.
  • the forwarding mode refers to the forwarding mode of the last value-added service device in the corresponding service path, including the return mode and the direct forwarding mode.
  • the return mode refers to the message that the last value-added service device will process after being processed by all value-added service devices, and still return to the stream distribution point.
  • the direct forwarding mode refers to that the packet obtained by the last value-added service device after being processed by all the value-added service devices is forwarded according to the destination IP address of the service packet.
  • the policy table may be obtained by the stream distribution point from the management device, or may be pre-configured by the user on the stream distribution point, and is not limited herein.
  • the stream distribution point acquires an IP address of the value-added service device in the service path.
  • the IP address of the value-added service device in the service path is obtained when the service path includes multiple value-added service devices, and the IP address of the multiple value-added service devices in the service path is obtained in sequence. .
  • the flow distribution point sequentially acquires the IP address of the value-added service device corresponding to the identifier of the value-added service device in the service path according to the mapping table.
  • Each entry of the mapping table includes a correspondence between an IP address of the value-added service device and an identifier of the value-added service device.
  • the mapping table may be determined by the management device and the stream distribution point, or may be sent by the management device to the stream distribution point according to the configuration.
  • the flow distribution point directly obtains an IP address of the value-added service device from the service path.
  • the flow distribution point acquires a forwarding address of the service packet.
  • the forwarding address is a destination IP address of the packet obtained after the service packet is processed by all the value-added service devices.
  • the forwarding address is determined by the flow distribution point according to the forwarding manner of the last value-added service device in the service path. As described above, the forwarding mode is obtained by using the policy table.
  • the obtaining, by the stream distribution point, the forwarding address of the service packet includes: obtaining a forwarding mode in the policy, and when the forwarding mode is a return mode, using an IP address of the stream distribution point as the forwarding address; And obtaining the forwarding mode in the policy.
  • the forwarding mode is the direct forwarding mode
  • the destination IP address of the service packet is used as the forwarding address.
  • the flow distribution point obtains a first packet, where the first packet is obtained according to the service packet, where the first packet includes an address table, where the address table includes an IP address of the value-added service device. And a forwarding address, The value-added service device is located on the service path of the service packet.
  • the obtaining, by the stream distribution point, the first packet includes: adding an address table to the service packet, and sequentially adding, in the address table, the value-added service device on the service path obtained in step 304 And adding the forwarding address obtained in step 305 to the last entry in the address table to obtain the first packet, where the forwarding address is an address in a last item of the address table.
  • the service path includes a sequence of a plurality of value-added service devices
  • the address table correspondingly includes an IP address of the plurality of value-added service devices.
  • the sequence of the IP addresses of the plurality of value-added service devices in the address table is the same as the sequence of the corresponding value-added service devices in the service path.
  • the address table may be added to the service packet in a plurality of manners, for example, adding the address table to an extension header of the service packet, or adding the address table to the service packet.
  • the IP option of the message may be added to the service packet in a plurality of manners, for example, adding the address table to an extension header of the service packet, or adding the address table to the service packet.
  • value-added service devices 13a-13d in the service path 1, which can be recorded as (13a, 13b, 13c, 13d), and the IP addresses of the value-added service devices 13a-13d. They are 1.1.1.10, 1.1.1.11, 1.1.1.12 and 1.1.1.13 respectively.
  • the service flow identifier of the service flow to which the service packet belongs is obtained, and the service flow identifier of the service flow to which the service packet belongs is obtained.
  • the forwarding mode of the last value-added service device in the service path is the direct forwarding mode
  • the flow distribution point determines that the forwarding address is 2.2.2.2, and then adds an address table to the service packet, and the The IP address of each value-added service device is added to the address table according to the sequence of the identifiers of the value-added service devices in the service path 1, and the forwarding address is added to the last item in the address table to obtain the source IP address.
  • the first packet with the address of 1.1.1.1 and the destination IP address of 2.2.2.2 carrying the address table (1.1.1.10, 1.1.1.11, 1.1.1.12, 1.1.1.13, 2.2.2.2).
  • the address table is represented by parentheses for convenience of presentation.
  • the address table may have multiple representations.
  • the flow distribution point modifies the destination IP address of the first packet according to the address in the first item of the address table, and deletes the first item of the address table to obtain the second packet.
  • the stream distribution point modifies the destination IP address of the first packet according to the IP address in the first item of the address table, that is, the IP address of the first value-added service device in the service path. And deleting the first item of the address table in the first packet, to obtain a second packet.
  • the source IP address of the first packet is 1.1.1.1
  • the destination IP address is 2.2.2.2.
  • the address table with the address is (1.1.1.10, 1.1.1.11, 1.1.1.12, 1.1.1.13, 2.2.2.2).
  • the stream distribution point modifies the destination IP address of the first packet from 2.2.2.2 to the first item in the address table, namely 1.1.1.10, and from the address table. Delete the 1.1.1.10 and obtain the second packet.
  • the source IP address of the second packet is 1.1.1.1
  • the destination IP address is 1.1.1.10
  • the address table carried is (1.1.1.11, 1.1.1.12, 1.1). .1.13, 2.2.2.2).
  • the stream distribution point sends the second packet according to the destination IP address of the second packet.
  • the destination IP address of the second packet is the IP address of the first value-added service device in the service path, and the stream distribution point sends the second packet to the location in this step.
  • the first value-added service device in the service path is the IP address of the first value-added service device in the service path.
  • steps 306, 307 and 308 are specific implementations of steps 201, 202 and 203 in Fig. 2, respectively.
  • the stream distribution point adds a value-added service device by adding a service value to the received service message.
  • the address table of the IP address and the forwarding address can be sent to the value-added service device in the corresponding service path in turn, so that the value-added service processing is performed on the service packet, and the service is avoided.
  • the message is sent to the unrelated value-added service device, thereby avoiding the waste of the value-added service device capability.
  • the address table is added to the service packet by the traffic distribution point, which avoids the configuration complexity caused by separately configuring the service path on each value-added service device.
  • the method shown in FIG. 2 when the method shown in FIG. 2 is performed by a value-added service device, the method may specifically include:
  • the value-added service device obtains the first packet, where the first packet is obtained according to the service packet, and the service packet is a packet that needs to be processed by the value-added service, where the first packet includes an address table.
  • the address table includes an IP address of the value-added service device and a forwarding address, and the value-added service device is located on the service path of the service packet.
  • the forwarding address is an address in the last item of the address table. When there is only one address in the address forwarding table, the address is the forwarding address. In this case, the IP address of the value-added service device is considered to be empty.
  • the value-added service device obtains the first packet, which may be the first packet sent by the receiving stream distribution point, or the first packet sent by the last-hop value-added service device.
  • the service path 1 shown in FIG. 1 has four value-added service devices 13a-13d in the service path 1, and the IP addresses of the value-added service devices 13a-13d are 1.1.1.10, 1.1.1.11, 1.1.1.12, respectively. And 1.1.1.13.
  • the first packet may be sent by the stream distribution point, the source IP address is 1.1.1.1, the destination IP address is 1.1.1.10, and the carried address table is (1.1.1.11, Messages for 1.1.1.12, 1.1.1.13, 2.2.2.2).
  • the IP address of the value-added service device is 1.1.1.11, 1.1.1.12, and 1.1.1.13 in the address table.
  • 2.2.2.2 is the forwarding address.
  • the value-added service device performs value-added service processing on the first packet, and obtains the processed first packet.
  • the value-added service device Since the main function of the value-added service device is to perform value-added service processing on the packet, the value-added service device performs value-added service processing on the first packet after receiving the first packet, and is processed. First message.
  • the destination IP address and address table of the processed first packet is the same as the destination IP address and address table of the first packet.
  • the value-added service device modifies the destination IP address of the processed first packet according to the address in the first item of the address table of the processed first packet, and deletes the processed first packet.
  • the first item in the address table of the packet obtains the second message.
  • the IP address of the value-added service device is not empty, and the value-added service device 13a is still taken as an example.
  • the value-added service device 13a receives the source IP address
  • the source IP address is 1.1. 1.1.
  • the destination IP address is 1.1.1.10.
  • the first packet of the address table (1.1.1.11, 1.1.1.12, 1.1.1.13, 2.2.2.2) is carried, it is assumed that the first packet passes the value-added service.
  • the destination IP address and the address table of the processed first packet are unchanged.
  • the value-added service device 13a sets the destination IP address of the processed first packet to 1.1.1.10.
  • the source IP address of the packet is 1.1.1.1
  • the destination IP address is 1.1.1.11
  • the address table carried is (1.1.1.12, 1.1.1.13, 2.2.2.2).
  • the value-added service device can obtain the second report by deleting the address table of the processed first packet, because only one of the address tables of the processed first packet is deleted.
  • Text For example, when the first packet is a packet received by the value-added service device 13d from the value-added service device 13c, the source IP address of the first packet is 1.1.1.1, and the destination IP address is 1.1.1.13.
  • the address table is (2.2.2.2).
  • the value-added service device 13d sets the destination IP address of the processed first packet. Modifying, 2.2.2.2, and deleting 2.2.2.2 in the address table, after deleting 2.2.2.2, since the address table in the processed first packet is already empty, the value-added service device 13d further deletes the address. Table, get the second message.
  • the second packet at this time is a packet without an address table.
  • the value-added service device forwards the second packet according to the destination IP address of the second packet.
  • the value-added service device 13a sends the second packet to the value-added service device 13b according to the destination IP address 1.1.1.11 of the second packet.
  • the value-added service device 13d forwards the second packet according to the destination IP address 2.2.2.2 of the second packet.
  • steps 401, 403 and 404 are specific implementations of steps 201, 202 and 203 in Fig. 2, respectively.
  • the value-added service device receives the first packet sent by the stream distribution point or the last-hop value-added service device, and sends the first packet to the other packet according to the address table carried in the first packet.
  • the value-added service device is forwarded, that is, the value-added service device is specified by the address table, and the value-added service processing is performed on the packet, and the packet is not sent to the unrelated value-added service device, and further The waste of value-added service equipment capabilities is avoided.
  • the embodiment of the present invention further provides an apparatus 500 for forwarding a message.
  • the apparatus includes a first acquiring module 501, a modifying module 502, and a forwarding module 503.
  • the first obtaining module 501 is configured to obtain a first packet, where the first packet is obtained according to a service packet, and the service packet is a packet that needs to be processed by a value-added service, where the first packet includes An address table, where the address table includes an IP address of the value-added service device and a forwarding address, where the value-added service device is located in a service path of the service packet.
  • the modifying module 502 is configured to modify the destination IP address of the first packet according to the address in the first item of the address table, delete the first item of the address table, and obtain the second packet.
  • the forwarding module 503 is configured to forward the second packet according to the destination IP address of the second packet.
  • the first obtaining module 501, the modifying module 502, and the forwarding module 503 are respectively used to perform steps 201, 202 and 203.
  • steps 201, 202 and 203 For specific functions, please refer to the related description in FIG.
  • the device 500 when the device for forwarding a message is a stream distribution point, as shown in FIG. 6, the device 500 further includes: a receiving module 601 and a second obtaining module 602.
  • the receiving module 601 is configured to receive the service packet.
  • the second obtaining module 602 is configured to obtain the service flow identifier of the service flow to which the service packet belongs, and obtain the service path of the service packet according to the service flow identifier, where the service path includes a value-added service device. Obtaining an IP address of the value-added service device in the service path; and acquiring the forwarding address, where the forwarding address is a destination IP address of the service packet or an IP address of the stream distribution point.
  • the first obtaining module 501 is specifically configured to add an address table to the service packet received by the receiving module, where Adding the IP address of the value-added service device in the service path to the address table, and adding the forwarding address to the last item in the address table to obtain the first packet.
  • the apparatus 500 further includes a first storage module 603, configured to store a policy table, where the second obtaining module 602 obtains the service path of the service packet according to the service flow identifier, including: according to the service flow The identifier is searched for the policy table stored in the first storage module 603, and the policy to which the service flow identifier belongs is obtained, and the service path in the policy is obtained; the policy table includes at least one policy, and each policy includes a service flow.
  • the second obtaining module 602 obtaining the forwarding address includes any one of the following: obtaining a forwarding mode in the policy, when the forwarding mode is a return mode, And the destination IP address of the service packet is used as the forwarding address.
  • the device further includes a second storage module 604, configured to store a mapping table, where the second obtaining module 602 obtains the sequence when the sequence of the value-added service device includes a sequence of the identifier of the value-added service device
  • the IP address of the value-added service device in the service path includes: obtaining, according to the mapping table, the IP address of the value-added service device corresponding to the identifier of the value-added service device in the service path, where each entry of the mapping table includes the value added Correspondence between the IP address of the service device and the identifier of the value-added service device.
  • the device for forwarding a message when the device for forwarding a message is a value-added service device, as shown in FIG. 7, the device further includes a processing module 701.
  • the first obtaining module 501 is specifically configured to receive the first packet sent by the stream distribution point or the last hop value-added service device.
  • the processing module 701 is configured to perform value-added service processing on the first packet, and obtain the processed first packet, the destination IP address and address table of the processed first packet, and the first The destination IP address of the packet is the same as the address table.
  • the modifying module 502 is specifically configured to: modify the destination IP address of the processed first packet according to the address in the first item of the processed address table of the first packet, and delete the processed The first item of the address table of the first packet obtains the second packet.
  • the device that forwards the message is a value-added service device
  • the IP address of the value-added service device in the address table of the first packet acquired by the first acquiring module 501 is If the address table includes only one item (the address of which is the forwarding address), the modifying module 502 is specifically configured to use the address in the first item of the address table of the processed first packet.
  • the destination IP address of the processed first packet is modified, and the processed address table of the first packet is deleted, to obtain the second packet.
  • the device in the foregoing embodiments of the present invention obtains the first packet of the IP address including the value-added service device and the address table of the forwarding address, and modifies the first packet to obtain the second packet, and then sends the The second packet, the designation of the value-added service device is implemented, and the value-added service processing is performed on the packet, and the packet is not sent to the unrelated value-added service device, thereby avoiding the value-added service device.
  • a waste of ability obtained by the packet of the IP address including the value-added service device and the address table of the forwarding address, and modifies the first packet to obtain the second packet, and then sends the The second packet, the designation of the value-added service device is implemented, and the value-added service processing is performed on the packet, and the packet is not sent to the unrelated value-added service device, thereby avoiding the value-added service device.
  • the embodiment of the present invention further provides an apparatus 800 for forwarding a message, where the apparatus may be a host server including a computing capability, or a router, a network switch, etc., and the specific embodiment of the present invention does not perform the specific implementation of the computing node. limited.
  • the apparatus 800 includes:
  • the processor 810, the communication interface 820, and the memory 830 communicate with each other via the bus 840.
  • the communication interface 820 is configured to communicate with an external network element. In one embodiment, the communication interface 820 is configured to communicate with the management device 11, the value-added service device 13, and the like. In another embodiment, the communication interface 820 is for communicating with the stream distribution point 12, the value added service device 13, and the like. Communication interface 820 can be implemented by an optical transceiver, an electrical transceiver, a wireless transceiver, or any combination thereof.
  • the optical transceiver can be a small form factor pluggable transceiver (English: small form-factor pluggable transceiver) (English: transceiver), enhanced small form-factor pluggable (English: enhanced small form-factor pluggable, Abbreviations: SFP+) Transceiver or 10 Gigabit small form-factor pluggable (English: 10 Gigabit small form-factor pluggable, abbreviation: XFP) Transceiver.
  • the electrical transceiver can be an Ethernet (English: Ethernet) network interface controller (English: network interface controller, abbreviation: NIC).
  • the wireless transceiver can be a wireless network interface controller (English: wireless network interface controller, abbreviation: WNIC).
  • Communication interface 820 can include multiple physical interfaces, such as communication interface 820 including a plurality of Ethernet interfaces.
  • the processor 810 is configured to execute the program 832.
  • program 832 can include program code, the program code including computer operating instructions.
  • the processor 810 may be a central processing unit (English: central processing unit, abbreviated as: CPU), or an application-specific integrated circuit (ASIC).
  • CPU central processing unit
  • ASIC application-specific integrated circuit
  • the memory 830 is configured to store the program 832.
  • the memory 830 may include a volatile memory, such as a random access memory (English: random-access memory, abbreviation: RAM); the memory 830 may also include a non-volatile memory (English: non-volatile memory) ), such as read-only memory (English: read-only memory, abbreviation: ROM), flash memory (English: flash memory), hard disk (English: hard Disk drive, abbreviation: HDD) or solid state drive (English: solid-state drive, abbreviated: SSD);
  • the memory 830 may also include a combination of the above types of memory.
  • the processor 810 is configured to invoke the program 832 in the memory, execute the method shown in FIG. 2, FIG. 3 or FIG. 4 according to the program 832, and forward the second message through the communication interface.
  • a person skilled in the art may understand that all or part of the steps of implementing the above embodiments may be completed by hardware, or may be instructed by a program to execute related hardware, and the program may be stored in a computer readable storage medium.
  • the storage medium mentioned may be a read only memory, a magnetic disk or an optical disk or the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

La présente invention concerne le domaine des communications, en particulier un procédé et un dispositif de réexpédition de paquets, le procédé comportant les étapes suivantes: un point de distribution de flux ou un dispositif de services à valeur ajoutée acquiert un premier paquet, le premier paquet étant obtenu en fonction d'un paquet de services et comportant une table d'adresses, la table d'adresses comportant l'adresse IP et l'adresse de réexpédition de the dispositif de services à valeur ajoutée, et l'adresse de réexpédition étant une adresse figurant dans la dernière entrée de la table d'adresses; le dispositif de services à valeur ajoutée est localisé sur le trajet de services du paquet de services; l'adresse IP de destination du premier paquet est modifiée en fonction de l'adresse dans la première entrée de la table d'adresses, et la première entrée de la table d'adresses est supprimée pour obtenir un deuxième paquet; et réexpédier le deuxième paquet d'après l'adresse IP de destination du deuxième paquet. La présente invention spécifie un dispositif de services à valeur ajoutée, de façon à éviter d'envoyer un paquet à un dispositif de services à valeur ajoutée non pertinent pendant la réalisation d'un traitement de services à valeur ajoutée sur le paquet, évitant en outre un gaspillage de capacité du dispositif de services à valeur ajoutée.
PCT/CN2014/070184 2014-01-06 2014-01-06 Procédé et dispositif de réexpédition de paquets WO2015100751A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2014/070184 WO2015100751A1 (fr) 2014-01-06 2014-01-06 Procédé et dispositif de réexpédition de paquets
CN201480000859.0A CN105103503B (zh) 2014-01-06 2014-01-06 一种转发报文的方法和装置

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2014/070184 WO2015100751A1 (fr) 2014-01-06 2014-01-06 Procédé et dispositif de réexpédition de paquets

Publications (1)

Publication Number Publication Date
WO2015100751A1 true WO2015100751A1 (fr) 2015-07-09

Family

ID=53493054

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/070184 WO2015100751A1 (fr) 2014-01-06 2014-01-06 Procédé et dispositif de réexpédition de paquets

Country Status (2)

Country Link
CN (1) CN105103503B (fr)
WO (1) WO2015100751A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113992592A (zh) * 2021-10-27 2022-01-28 锐捷网络股份有限公司 一种报文转发方法、装置、端口引流系统及存储介质
CN114124777A (zh) * 2020-08-27 2022-03-01 中国电信股份有限公司 增值业务处理方法、装置和系统

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101510845A (zh) * 2009-03-27 2009-08-19 北京星网锐捷网络技术有限公司 一种标签转发方法和装置
CN102769557A (zh) * 2012-08-09 2012-11-07 深圳市共进电子股份有限公司 一种业务数据报文的传输方法及装置
CN103051629A (zh) * 2012-12-24 2013-04-17 华为技术有限公司 一种基于软件定义网络中数据处理的系统、方法和节点
WO2013189272A1 (fr) * 2012-06-18 2013-12-27 华为技术有限公司 Procédé, dispositif et système de traitement de services

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8699488B2 (en) * 2009-12-30 2014-04-15 Verizon Patent And Licensing Inc. Modification of peer-to-peer based feature network based on changing conditions / session signaling
CN101984598B (zh) * 2010-11-04 2012-11-07 成都市华为赛门铁克科技有限公司 一种报文转向的方法和深度包检测设备
CN102075438B (zh) * 2011-02-14 2016-03-30 中兴通讯股份有限公司 单播数据帧传输方法及装置
CN103346974B (zh) * 2013-06-03 2015-04-08 华为技术有限公司 一种业务流程的控制方法及网络设备

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101510845A (zh) * 2009-03-27 2009-08-19 北京星网锐捷网络技术有限公司 一种标签转发方法和装置
WO2013189272A1 (fr) * 2012-06-18 2013-12-27 华为技术有限公司 Procédé, dispositif et système de traitement de services
CN102769557A (zh) * 2012-08-09 2012-11-07 深圳市共进电子股份有限公司 一种业务数据报文的传输方法及装置
CN103051629A (zh) * 2012-12-24 2013-04-17 华为技术有限公司 一种基于软件定义网络中数据处理的系统、方法和节点

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114124777A (zh) * 2020-08-27 2022-03-01 中国电信股份有限公司 增值业务处理方法、装置和系统
CN113992592A (zh) * 2021-10-27 2022-01-28 锐捷网络股份有限公司 一种报文转发方法、装置、端口引流系统及存储介质
CN113992592B (zh) * 2021-10-27 2023-11-17 锐捷网络股份有限公司 一种报文转发方法、装置、端口引流系统及存储介质

Also Published As

Publication number Publication date
CN105103503A (zh) 2015-11-25
CN105103503B (zh) 2018-07-31

Similar Documents

Publication Publication Date Title
US11233724B2 (en) Multicast data packet processing method, and apparatus
JP6982104B2 (ja) Brasシステムベースのパケットカプセル化方法および装置
JP2020520612A (ja) パケット伝送方法、エッジデバイス及び機械可読記憶媒体
US11570093B2 (en) Data transmission method, node and system
WO2014176740A1 (fr) Classificateur de flux, déclencheur de routage de service, et procédé et système de traitement de message
WO2018036254A1 (fr) Procédé et dispositif de retransmission de paquets
US9009782B2 (en) Steering traffic among multiple network services using a centralized dispatcher
WO2014089799A1 (fr) Procédé et appareil pour déterminer une dérive d'une machine virtuelle
WO2014166073A1 (fr) Procédé de transfert de paquets, et dispositif de réseau
EP3806404A1 (fr) Procédé de communication, dispositif et système pour éviter une boucle
JP7430224B2 (ja) パケット処理方法およびゲートウェイ・デバイス
US20150188815A1 (en) Packet Forwarding Method and System
WO2014139157A1 (fr) Procédé de traitement de paquet et dispositif et système de paquet
CN113489646A (zh) 基于vxlan的分段路由传输方法、服务器、源节点及存储介质
WO2019196914A1 (fr) Procédé de découverte de trajet de réacheminement, et dispositif associé
WO2012088934A1 (fr) Procédé et dispositif de commutation pour filtrer des messages
WO2015192360A1 (fr) Procédé et appareil d'envoi de paquets de données
WO2015149367A1 (fr) Procédé et dispositif pour le traitement de paquets
WO2015100751A1 (fr) Procédé et dispositif de réexpédition de paquets
WO2012041168A1 (fr) Procédé de traitement pour une connexion à distance destinée à un réseau ipv6 et dispositif associé
US9847929B2 (en) Cluster and forwarding method
WO2014101192A1 (fr) Dispositif de réseau et procédé de traitement de messages
WO2013023465A1 (fr) Procédé d'interconnexion et d'intercommunication entre un réseau à séparation d'adresse url et d'identifiant et un réseau classique, et ilr et asr associés
WO2015100644A1 (fr) Procédé et appareil de traitement de paquet
CN108881015B (zh) 一种报文广播方法和装置

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201480000859.0

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14877435

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14877435

Country of ref document: EP

Kind code of ref document: A1