WO2016058463A1 - 业务功能链中协议报文的处理方法、系统及业务功能节点 - Google Patents
业务功能链中协议报文的处理方法、系统及业务功能节点 Download PDFInfo
- Publication number
- WO2016058463A1 WO2016058463A1 PCT/CN2015/089082 CN2015089082W WO2016058463A1 WO 2016058463 A1 WO2016058463 A1 WO 2016058463A1 CN 2015089082 W CN2015089082 W CN 2015089082W WO 2016058463 A1 WO2016058463 A1 WO 2016058463A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- packet
- protocol
- service function
- attribute
- function node
- Prior art date
Links
Images
Definitions
- the present invention relates to the field of Internet devices, and in particular, to a method, a system, and a service function node for processing protocol packets in a Service Function Chaining (SFC).
- SFC Service Function Chaining
- the data center network gradually develops into an overlay network.
- Overlay technology does not solve all the problems.
- the data center also has a lot of middleware such as firewalls, load balancers, etc. It is deployed based on user services.
- a service processing function such as a virtual firewall, a load balancer, and a gateway is called a service function, and traffic is processed through a series of Service Functions to form an SFC, as shown by a thick solid line and a thick dotted line in FIG. Two business chains (Service Chain).
- SFC technology is a network technology currently being researched and standardized. It is a technology that separates network device service functions and forwarding, thereby implementing independent operations, processing and forming a service chain of business functions. Forwarding performance of network devices.
- the embodiments of the present invention provide a method, a system, and a service function node for processing protocol packets in an SFC.
- the embodiment of the invention provides a method for processing protocol packets in an SFC, including:
- the first service function node encapsulates the protocol type and the packet attribute of the protocol packet
- the first service function node encapsulates the protocol type and the packet attribute of the encapsulated protocol packet and the protocol packet.
- the method before the first service function node encapsulates the protocol type and the packet attribute of the protocol packet, the method further includes:
- the protocol component of the first service function node generates the protocol packet for the service function instance associated with the first service function node.
- the first service function node encapsulates the protocol type and the packet attribute of the protocol packet in a Service Function Header (NSH).
- NSH Service Function Header
- the embodiment of the invention further provides a method for processing protocol packets in an SFC, including:
- the second service function node receives the message
- the second service function node parses the protocol type and the packet attribute of the received packet
- the second service function node determines, according to the parsed protocol type, that the received packet is a protocol packet, and performs protocol-related processing on the received packet according to the parsed packet attribute.
- the performing protocol-related processing on the received packet according to the parsed packet attribute includes:
- the protocol component of the second service function node is corresponding to the service function instance associated with the received message Reply message
- the packet encapsulating component of the second service function node encapsulates the protocol type and the packet attribute of the response packet, and encapsulates the protocol type and the packet attribute of the response packet and the response.
- the message is encapsulated and sent.
- the packet encapsulating component encapsulates the protocol type and the packet attribute of the response packet in the NSH.
- the protocol type and the packet attribute of the received packet are encapsulated in the NSH.
- the embodiment of the invention further provides a method for processing protocol packets in an SFC, including:
- the first service function node encapsulates the protocol type and the packet attribute of the protocol packet, and encapsulates the protocol type, the packet attribute, and the corresponding protocol packet of the encapsulated protocol packet, and then sends the packet to the second service function node. ;
- the second service function node After receiving the packet, the second service function node parses the protocol type and the packet attribute of the received packet, and determines, according to the parsed protocol type, that the received packet is a protocol packet, according to the parsed packet. Attribute, protocol-related processing of received messages.
- the method before the first service function node encapsulates the protocol type and the packet attribute of the protocol packet, the method further includes:
- the protocol component of the first service function node generates the protocol packet for the service function instance associated with the first service function node.
- the first service function node encapsulates the protocol type and the packet attribute of the protocol packet in the NSH.
- the performing protocol-related processing on the received packet according to the parsed packet attribute includes:
- the protocol component of the second service function node is corresponding to the service function instance associated with the received message Reply message
- the packet encapsulating component of the second service function node encapsulates the protocol type and the packet attribute of the response packet, and encapsulates the protocol type and the packet attribute of the response packet and the response.
- the packet is encapsulated and sent to the first service function node.
- the packet encapsulating component of the second service function node encapsulates the protocol type and the packet attribute of the response packet in the NSH.
- the embodiment of the present invention further provides a service function node, including: a first packet encapsulating component and a first transmitter; wherein
- the first packet encapsulating component is configured to encapsulate the protocol type and the packet attribute of the protocol packet, and encapsulate the protocol type, the packet attribute, and the protocol packet of the encapsulated protocol packet;
- the first transmitter is configured to send the encapsulated message.
- the service function node further includes: a first protocol component, configured to generate the protocol packet for a service function instance associated with the service.
- the embodiment of the present invention further provides a service function node, including: a first receiver, a second packet encapsulating component, and a second protocol component;
- the first receiver is configured to receive a message
- the second packet encapsulating component is configured to parse the protocol type and the packet attribute of the received packet, and determine, after the received packet is a protocol packet, the received packet according to the parsed protocol type. Sent to the second protocol component;
- the second protocol component is configured to perform protocol-related processing on the received packet according to the parsed packet attribute.
- the service function node further includes: a second transmitter; wherein
- the second protocol component is configured to: when the received packet is a request message according to the parsed message attribute, generate a corresponding service function instance corresponding to the received message corresponding to the received message Reply message
- the second packet encapsulating component is further configured to encapsulate the generated protocol type and the packet attribute of the response packet, and encapsulate the protocol type and the packet attribute of the response packet.
- the response message is encapsulated;
- the second transmitter is configured to send the encapsulated message.
- An embodiment of the present invention further provides a processing system for a protocol packet in an SFC, including: a first service function node and a second service function node;
- the first service function node is configured to enter a protocol type and a packet attribute of the protocol packet. And encapsulating the protocol type of the encapsulated protocol packet, the packet attribute, and the corresponding protocol packet, and sending the packet to the second service function node;
- the second service function node is configured to: after receiving the packet sent by the first service function node, parse the protocol type and the packet attribute of the received packet; and determine the received report according to the parsed protocol type. After the protocol is a protocol packet, the received packet is subjected to protocol-related processing according to the parsed packet attribute.
- the first service function node includes: a first packet encapsulating component and a first transmitter; and the second service function node includes: a first receiver, a second packet encapsulating component, and a second protocol component ;among them,
- the first packet encapsulating component is configured to encapsulate the protocol type and the packet attribute of the protocol packet, and encapsulate the protocol type, the packet attribute, and the protocol packet of the encapsulated protocol packet;
- the first transmitter is configured to send the encapsulated packet to the second function node
- the first receiver is configured to receive a packet sent by the first function node
- the second packet encapsulating component is configured to parse the protocol type and the packet attribute of the received packet, and determine, after the received packet is a protocol packet, the received packet according to the parsed protocol type. Sent to the second protocol component;
- the second protocol component is configured to perform protocol-related processing on the received packet according to the parsed packet attribute.
- the first service function node further includes: a first protocol component, configured to generate the protocol packet for a service function instance associated with the first service component.
- the second service function node further includes: a second transmitter; the first service function node further includes: a second receiver;
- the second protocol component is configured to: when the received packet is a request packet according to the parsed packet attribute, the protocol component of the second service function node is the received packet.
- the service function instance corresponding to the text corresponding to the text generates a corresponding response message;
- the second packet encapsulating component is further configured to encapsulate the generated protocol type and the packet attribute of the response packet, and encapsulate the protocol type and the packet attribute of the response packet.
- the response message is encapsulated;
- the second transmitter is configured to send the encapsulated packet to the first service function node
- the second receiver is further configured to receive a packet sent by the second service function node.
- the first service function node encapsulates the protocol type and the packet attribute of the protocol packet; and encapsulates the protocol packet
- the protocol type and the packet attribute and the corresponding protocol packet are encapsulated and sent to the second service function node; after receiving the packet, the second service function node parses the protocol type and the packet attribute of the received message;
- the parsed protocol type determines that the received packet is a protocol packet, and performs protocol-related processing on the received packet according to the parsed packet attribute, so that the service function node can correctly process the protocol report effectively.
- 1 is a schematic structural diagram of an SFC network
- FIG. 2 is a schematic view of a structure of an SFP
- FIG. 3 is a schematic diagram of an NSH format
- FIG. 4 is a schematic flowchart of a method for processing a protocol packet in an SFC according to an embodiment of the present invention
- FIG. 5 is a schematic flowchart of a method for processing protocol packets in an SFC according to Embodiment 2 of the present invention.
- FIG. 6 is a schematic flowchart of a method for processing a protocol packet in a third SFC according to an embodiment of the present invention
- FIG. 7 is a schematic diagram of an overall architecture of an embodiment of the present invention.
- FIG. 8 is a schematic diagram of a protocol type and a packet attribute in an NSH according to an embodiment of the present invention.
- FIG. 9 is a schematic diagram of an application scenario of Embodiment 4 of the present invention.
- FIG. 10 is a schematic flowchart of a method for processing protocol packets in an SFC according to an embodiment of the present invention
- FIG. 11 is a schematic diagram of an application scenario according to Embodiment 5 of the present invention.
- FIG. 12 is a schematic flowchart of a method for processing protocol packets in an SFC according to Embodiment 5 of the present invention.
- FIG. 13 is a schematic structural diagram of a service function node according to Embodiment 6 of the present invention.
- FIG. 14 is a schematic structural diagram of a service function node according to Embodiment 7 of the present invention.
- 15 is a schematic structural diagram of a system for processing a protocol packet in an SFC according to an embodiment of the present invention.
- FIG. 16 is a schematic structural diagram of a system for processing a protocol packet in an SFC according to an embodiment of the present invention.
- Service Overlay that is, Overlay overlay technology that each network edge node needs to communicate
- GSCP Generic Service Control Plane
- Control plane metadata (Dataplane Metadata), which is a major feature. Metadata allows each edge service processing node to exchange information with each other to achieve certain business processing purposes.
- SFP Service Function Path
- the SFP refers to a service processing path from the classifier that passes through several business function instances to reach the destination.
- SFF Service Function Forwarder
- the application scenario of the service function chain cannot be satisfied. For example, establish an Internet Protocol Security (IPSec) channel between the classifier and the service function node and create a Security Association (SA), classifier and business functions.
- IPSec Internet Protocol Security
- SA Security Association
- IKE key exchange protocol
- the two ends of the IKE negotiation are two service function instances. Therefore, when the IKE protocol packet is sent from the classifier to the service function node, The SFF component of the peer service function node cannot be identified. This is an IKE signaling negotiation packet. The packet is considered to be a data packet and sent to the service function instance. Wrongly processed and forwarded.
- the first service function node encapsulates the protocol type and the packet attribute of the protocol packet, and encapsulates the protocol type and the packet attribute of the protocol packet and the corresponding
- the protocol packet is encapsulated and sent to the second service function node; after receiving the packet, the second service function node parses the protocol type and the packet attribute of the received packet; and determines the receiving according to the parsed protocol type.
- the received packet is subjected to protocol-related processing according to the parsed packet attribute.
- the processing method of the protocol packet in the SFC in this embodiment includes the following steps:
- Step 401 The first service function node encapsulates the protocol type and the packet attribute of the protocol packet.
- the first service function node may encapsulate the protocol type and the packet attribute of the protocol packet in the NSH.
- the method may further include:
- the protocol component of the first service function node generates the protocol packet for the service function instance associated with the first service function node.
- the corresponding protocol component needs to be configured in the first service function node; and the protocol component is configured to be associated with a service function instance, so that the protocol component can be associated with itself.
- the service function instance generates the protocol message.
- the protocol may be an IPSec and an IKE protocol, or a Port Control Protocol (PCP).
- the protocol component refers to a component that can run the functions of a specified protocol.
- the protocol packet refers to various network protocol packets, and the packet is different from the user data packet.
- protocol packets that is, various routing protocols, deliver the generated packets.
- the data message is the traffic of the user using various applications.
- the protocol type is used to identify the protocol to which the protocol message belongs, and the message attribute is used to identify that the protocol message is a request message or a response message.
- Step 402 The first service function node encapsulates the protocol type and the packet attribute of the encapsulated protocol packet and the protocol packet.
- the processing method of the protocol packet in the SFC in this embodiment includes the following steps:
- Step 501 The second service function node receives the packet.
- Step 502 The second service function node parses the protocol type and the packet attribute of the received packet.
- the protocol type and the packet attribute of the received packet may be encapsulated.
- NSH the protocol type and the packet attribute of the received packet
- Step 503 After the second service function node determines that the received packet is a protocol packet according to the parsed protocol type, performs protocol-related processing on the received packet according to the parsed packet attribute.
- the performing protocol-related processing on the received packet according to the parsed packet attribute includes:
- the protocol component of the second service function node is corresponding to the service function instance associated with the received message Reply message
- the packet encapsulating component of the second service function node encapsulates the protocol type and the packet attribute of the response packet, and encapsulates the protocol type and the packet attribute of the response packet and the response.
- the message is encapsulated and sent.
- the protocol component when it is determined that the received message is a response message according to the parsed message attribute, the protocol component does not perform any processing.
- the packet encapsulating component may encapsulate the protocol type and the packet attribute of the response packet in the NSH.
- the function of the message encapsulation component can be implemented by an SFF component or the like.
- the protocol packet refers to various network protocol packets, and the packet is different from the user data packet.
- protocol packets that is, various routing protocols, deliver the generated packets.
- the data message is the traffic of the user using various applications.
- the corresponding service component is configured in the second service function node, and the protocol component is associated with a service function instance, so that the protocol component can process the service function instance associated with the service component instance.
- Protocol message The protocol may be IPSec and IKE protocols, or PCP, and the like.
- the received packet After determining, according to the parsed protocol type, that the received packet is a non-protocol packet, The received packet is processed and forwarded by the service function chain.
- the processing method of the protocol packet in the SFC in this embodiment includes the following steps:
- Step 601 The first service function node encapsulates the protocol type and the packet attribute of the protocol packet, and encapsulates the protocol type, the packet attribute, and the corresponding protocol packet of the encapsulated protocol packet, and sends the packet to the first Two business function nodes;
- the method may further include:
- the protocol component of the first service function node generates the protocol packet for the service function instance associated with the first service function node.
- an end-to-end protocol component needs to be configured between the first service function node and the second service function node; and respectively in the first service function node and
- the configuration protocol component is associated with a service function instance on the second service function node, so that the protocol component can process the protocol message for the service function instance associated with the protocol component.
- the protocol may be IPSec and IKE protocols, or PCP, and the like.
- the protocol component refers to a component that can run the functions of a specified protocol.
- the protocol packet refers to various network protocol packets, and the packet is different from the user data packet.
- protocol packets that is, various routing protocols, deliver the generated packets.
- the data message is the traffic of the user using various applications.
- the protocol type is used to identify the protocol to which the protocol message belongs, and the message attribute is used to identify that the protocol message is a request message or a response message.
- the first service function node may encapsulate the protocol type and the packet attribute of the protocol packet in the NSH.
- the NSH and the corresponding protocol packet are encapsulated into data frames, and then sent to the The second service function node; the specific setting of the protocol type may be: 0 indicates a non-protocol packet, 1 indicates an IKE packet, 2 indicates an Open Shortest Path First (OSPF) message, and 3 indicates a label.
- Step 602 After receiving the packet, the second service function node parses the protocol type and the packet attribute of the received packet, and determines, according to the parsed protocol type, that the received packet is a protocol packet, according to the parsing
- the message attribute is used to perform protocol-related processing on the received message.
- the performing protocol-related processing on the received packet according to the parsed packet attribute includes:
- the protocol component of the second service function node is corresponding to the service function instance associated with the received message Reply message
- the packet encapsulating component of the second service function node encapsulates the protocol type and the packet attribute of the response message generated, and encapsulates the protocol type and packet attribute of the response message and the The response packet is encapsulated and sent to the first service function node.
- the protocol component of the second service function node does not perform any processing.
- the packet encapsulating component of the second service function node may encapsulate the generated protocol type and the packet attribute of the response packet in the NSH.
- the function of the packet encapsulation component of the second service function node may be implemented by an SFF component or the like.
- the first service function node encapsulates the protocol type and the packet attribute of the protocol packet, and encapsulates the protocol type and the packet attribute of the protocol packet.
- the corresponding protocol packet is encapsulated and sent to the second service function node; after receiving the packet, the second service function node parses the protocol type and the packet attribute of the received packet; And determining, according to the parsed protocol type, that the received packet is a protocol packet, performing protocol-related processing on the received packet according to the parsed packet attribute, so that the service function node can be effectively processed correctly.
- a protocol packet can solve the technical problem of processing service packets between service function nodes as data packets.
- the application scenario in this embodiment is: in the service function instance 1 -> service function instance 2 -> service function instance 3, in the service function chain, the service function instance 1 and the service function instance 2 create a security alliance and IPSec security channel; the service function node where the service function instance 1 is located is called node A, and the service function node where the service function instance 2 is located is called node B.
- the processing method of the protocol packet in the SFC in this embodiment includes the following steps:
- Step 1001 Configure service function instance 1 and service function instance 2 as information about a pair of SA, IPSec, and IKE protocols on the node A and B where the service function instance 1 and the service function instance 2 are located, and then perform step 1002.
- Step 1002 Configure the IPSec protocol component of the node A to be associated with the service function instance 1, and configure the IPSec protocol component of the node B to be associated with the service function instance 2, and then perform step 1003;
- Step 1003 The IPSec component of node A generates an IKE packet.
- the content of the generated IKE message is: a locally supported ISAKMP policy
- the content of the policy includes five elements: an encryption algorithm, a hash algorithm, a D-H group, an authentication method, and an SA lifetime.
- Step 1004 The SFF component of the node A performs NSH encapsulation on the protocol type and the packet attribute of the generated IKE packet.
- the packet attribute is set to 1, indicating that the packet attribute of the packet is a request packet.
- the protocol type is set to 1, indicating that the protocol type of the packet is an IKE packet.
- Step 1005 The SFF component of the node A encapsulates the encapsulated NSH in the front part of the protocol packet, and sends the encapsulated protocol packet to the node B.
- Step 1006 After receiving the protocol packet sent by the node A, the SFF component of the node B resolves the packet attribute and the protocol type field in the protocol packet NSH, and determines that the received packet is an IKE request packet.
- Step 1007 The IPSec component of the Node B performs IKE negotiation processing, and generates a corresponding response packet according to the policy of the ISAKMP supported by the Node B.
- Step 1008 The SFF component of the Node B performs NSH encapsulation on the protocol type and the packet attribute of the generated response packet.
- the packet attribute is set to 2, indicating that the packet attribute of the packet is a response packet.
- the protocol type is set to 1, indicating that the protocol type of the packet is an IKE packet.
- Step 1009 The SFF component of the Node B encapsulates the encapsulated NSH in the front part of the response packet, and sends the encapsulated response packet to the node A.
- Step 1010 After receiving the response message of the Node B, the SFF component of the node A parses the packet attribute and the protocol type field in the response message NSH, and determines that the received message is an IKE response message, and then proceeds to step 1011;
- Step 1011 Node A and Node B perform the negotiation and identity authentication process in the IKE subsequent phase.
- the process of the negotiation between the node A and the node B in the subsequent phase of the IKE negotiation and the process of the protocol packet in the identity authentication process is similar to the process of the protocol packet in the policy negotiation process, and is not described here.
- the application scenario of this embodiment is: in the service function chain of the service function instance 1 -> service function instance 2 -> service function instance 3, the service function instance 1 has no address pool itself, and the service function instance 1 passes The PCP requests the IP address pool resource from the service function instance 2; the service function node where the service function instance 1 is located is referred to as the node A, and the service function node where the service function instance 2 is located is referred to as the node B.
- the processing method of the protocol packet in the SFC in this embodiment includes the following steps:
- Step 1201 Configure related information on the nodes A and B where the service function instance 1 and the service function instance 2 are located, and then perform step 1202.
- an IP address pool is configured on the Node B, and PCP-related information is respectively configured on the nodes A and B.
- Step 1202 Configure the PCP component of the node A to be associated with the service function instance 1, and configure the PCP component of the node B to be associated with the service function instance 2, and then perform step 1203;
- Step 1203 The PCP component of the node A generates a PCP request message.
- the generated PCP request message requires the service function instance 2 to provide an IP address of 192.168.1.1, and the port range between 1024 and 32767 is used by the service function instance 1, and the allocation policy is try best.
- Step 1204 The SFF component of the node A performs NSH encapsulation on the protocol type and the packet attribute of the generated protocol packet.
- the packet attribute is set to 1, indicating that the packet attribute of the packet is a request packet.
- the protocol type is set to 18, indicating that the protocol type of the packet is a PCP packet.
- Step 1205 The SFF component of the node A encapsulates the encapsulated NSH in the front part of the protocol packet, and sends the encapsulated protocol packet to the node B.
- Step 1206 After receiving the protocol packet sent by the node A, the SFF component of the Node B resolves the packet attribute and the protocol type field in the protocol packet NSH, and determines that the received packet is a PCP request packet.
- Step 1207 The SFF component of the Node B sends the packet to the PCP component of the Node B.
- the PCP component of the Node B has no IP address of 192.168.1.1 in the address pool of the service function embodiment 2, and then step 1208 is performed;
- Step 1208 The PCP component of the Node B allocates an IP address of 192.168.1.2 according to the principle of allocation as much as possible, and the port range is 1024 to 32767, and the related IP address and port segment value are sealed. Installed in the response message;
- Step 1209 The SFF component of the Node B performs NSH encapsulation on the protocol type and the packet attribute of the response packet.
- the packet attribute is set to 2, indicating that the packet attribute of the packet is a response packet.
- the protocol type is set to 18, indicating that the protocol type of the packet is a PCP packet.
- Step 1210 The SFF component of the Node B encapsulates the encapsulated NSH in the front part of the response packet, and sends the encapsulated response packet to the node A.
- Step 1211 After receiving the response packet of the Node B, the SFF component of the node A parses the packet attribute and the protocol type field in the response packet NSH, determines that the received packet is a response packet of the PCP, and obtains the IP address and port. The segment value is delivered to the business function instance 1, and the current processing flow is ended.
- the embodiment provides a service function node.
- the service function node includes: a first packet encapsulating component 131 and a first transmitter 132;
- the first packet encapsulating component 131 is configured to encapsulate the protocol type and the packet attribute of the protocol packet, and encapsulate the protocol type, the packet attribute, and the protocol packet of the encapsulated protocol packet;
- the first transmitter 132 is configured to send the encapsulated message.
- the first packet encapsulating component 131 may encapsulate the protocol type and the packet attribute of the protocol packet in the NSH.
- the function of the first packet encapsulating component 131 can be implemented by an SFF component or the like.
- the service function node may further include: a first protocol component, configured to generate the protocol packet for the service function instance associated with the service module.
- the protocol component is configured to associate the first protocol component with a service function instance, so that the first protocol component can generate the protocol packet for the service function instance associated with itself.
- the protocol may be IPSec and IKE protocols, or PCP, and the like.
- the first protocol component refers to a component that is capable of running a specified protocol function.
- the protocol packet refers to various network protocol packets, and the packet is different from the user data packet.
- protocol packets that is, various routing protocols, deliver the generated packets.
- the data message is the traffic of the user using various applications.
- the protocol type is used to identify the protocol to which the protocol message belongs, and the message attribute is used to identify that the protocol message is a request message or a response message.
- the embodiment provides a service function node.
- the service function node includes: a first receiver 141, a second packet encapsulating component 142, and a second protocol component 143; among them,
- the first receiver 141 is configured to receive a message
- the second packet encapsulating component 142 is configured to parse the protocol type and the packet attribute of the received packet, and determine, according to the parsed protocol type, that the received packet is a protocol packet, and the received packet is received.
- the text is sent to the second protocol component 143;
- the second protocol component 143 is configured to perform protocol correlation processing on the received packet according to the parsed message attribute.
- the protocol type and the packet attribute of the received packet may be encapsulated in the NSH.
- the service function node may further include: a second transmitter; wherein
- the second protocol component 143 is configured to: when the received packet is a request packet according to the parsed packet attribute, generate a service function instance corresponding to the received packet Corresponding response message;
- the second packet encapsulating component 142 is further configured to encapsulate the generated protocol type and packet attribute of the response packet, and encapsulate the protocol type and packet attribute of the response packet. And the response message encapsulation;
- the second transmitter is configured to send the encapsulated message.
- the second protocol component 143 when it is determined that the received message is a response message according to the parsed message attribute, the second protocol component 143 does not perform any processing.
- the second packet encapsulating component 142 may encapsulate the protocol type and the packet attribute of the response packet in the NSH.
- the function of the second packet encapsulating component 142 can be implemented by an SFF component or the like.
- the protocol packet refers to various network protocol packets, and the packet is different from the user data packet.
- protocol packets that is, various routing protocols, deliver the generated packets.
- the data message is the traffic of the user using various applications.
- the corresponding second protocol component 143 needs to be configured in the service function node; and the second protocol component 143 is configured to be associated with a service function instance, so that the second protocol component 143 can be configured.
- the protocol packet corresponding to the service function instance associated with the protocol is processed.
- the protocol may be IPSec and IKE protocols, or PCP, and the like.
- the second protocol component 143 refers to a component capable of running a specified protocol function.
- the received packet is determined to be a non-protocol packet according to the parsed protocol type, the received packet is processed and forwarded by the service function chain.
- the embodiment provides a processing system for the protocol packet in the SFC.
- the processing system includes: a first service function node 151 and a second service function node 152;
- the first service function node 151 is configured to encapsulate the protocol type and the packet attribute of the protocol packet, and encapsulate the protocol type and the packet attribute of the protocol packet and the corresponding protocol.
- the packet is encapsulated and sent to the second service function node 152;
- the second service function node 152 is configured to: after receiving the packet sent by the first service function node, parsing the protocol type and the packet attribute of the received packet; and determining the received according to the parsed protocol type. After the packet is a protocol packet, the received packet is subjected to protocol-related processing according to the parsed packet attribute.
- the first service function node 151 may include: a first packet encapsulating component 1511 and a first transmitter 1512.
- the second service function node 152 may include: a first receiver 1521. a second message encapsulating component 1522 and a second protocol component 1523; wherein
- the first packet encapsulating component 1511 is configured to encapsulate the protocol type and the packet attribute of the protocol packet, and encapsulate the protocol type, the packet attribute, and the protocol packet of the encapsulated protocol packet;
- the first transmitter 1512 is configured to send the encapsulated message to the second function node 152;
- the receiver 1521 is configured to receive a packet sent by the first function node 151;
- the second packet encapsulating component 1522 is configured to parse the protocol type and the packet attribute of the received packet, and determine, according to the parsed protocol type, that the received packet is a protocol packet, and the received packet is received.
- the text is sent to the second protocol component 1523;
- the second protocol component 1523 is configured to perform protocol-related processing on the received packet according to the parsed message attribute.
- the first service function node 151 may further include: a first protocol component 1513 configured to generate the protocol message for a service function instance associated with itself.
- an end-to-end protocol component (first protocol component 1513 and second protocol component 1523) needs to be configured between the first service function node and the second service function node.
- the piece 1513 and the second protocol component 1523 may process the protocol message for the service function instance associated with itself.
- the protocol may be IPSec and IKE protocols, or PCP, and the like.
- the protocol packet refers to various network protocol packets, and the packet is different from the user data packet.
- protocol packets that is, various routing protocols, deliver the generated packets.
- the data message is the traffic of the user using various applications.
- the protocol type is used to identify the protocol to which the protocol message belongs, and the message attribute is used to identify that the protocol message is a request message or a response message.
- the first packet encapsulating component 1511 may encapsulate the protocol type and the packet attribute of the protocol packet in the NSH.
- the NSH and the corresponding protocol packet are encapsulated into a data frame, and then sent to the second service function node.
- the specific setting of the protocol type may be: 0 indicates a non-protocol packet, and 1 indicates an IKE packet. For example, 2 indicates OSPF packets, and 3 indicates LDP packets.
- the specific settings of the packet attributes are: 1 for request packets, 2 for response packets, and so on.
- the second service function node 152 may further include: a second transmitter 1524; the first service function node 151 may further include: a second receiver 1514;
- the second protocol component 1523 is configured to determine, according to the parsed packet attribute, that the received packet is a request packet, and the protocol component of the second service function node is the received packet.
- the corresponding service function instance associated with itself generates a corresponding response message;
- the second packet encapsulating component 1522 is further configured to encapsulate the generated protocol type and the packet attribute of the response packet, and encapsulate the protocol type and the packet attribute of the response packet. And the response message encapsulation;
- the second transmitter 1524 is configured to send the encapsulated packet to the first service function node 151;
- the second receiver 1514 is configured to receive a message sent by the second service function node.
- the second protocol component 1523 does not perform any processing.
- the second packet encapsulating component may encapsulate the generated protocol type and packet attribute of the response packet in the NSH.
- the received packet is determined to be a non-protocol packet according to the parsed protocol type, the received packet is processed and forwarded by the service function chain.
- the first protocol component 1513 and the second protocol component 1523 refer to components capable of running a specified protocol function.
- the functions of the first packet encapsulating component 1511 and the second packet encapsulating component 1522 may be implemented by an SFF component or the like.
- the first service function node 151 encapsulates the protocol type and the packet attribute of the protocol packet, and encapsulates the protocol type and packet attribute of the protocol packet. And the corresponding protocol packet is encapsulated and sent to the second service function node 152; after receiving the packet, the second service function node 152 parses the protocol type and the packet attribute of the received packet; and according to the parsed protocol After the type of the received packet is a protocol packet, the protocol is processed according to the parsed packet attribute, so that the service function node can correctly process the protocol packet. It solves the technical problem that the service function node treats the protocol packet as a data packet to perform business function processing.
- embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention can take the form of a hardware embodiment, a software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage and optical storage, etc.) including computer usable program code.
- the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
- the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
- These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
- the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Telephonic Communication Services (AREA)
Abstract
本发明公开了一种业务功能链(SFC)中协议报文的处理方法,包括:第一业务功能节点将协议报文的协议类型及报文属性进行封装;所述第一业务功能节点将封装的所述协议报文的协议类型及报文属性和所述协议报文封装后发出。本发明同时还公开了一种业务功能节点及SFC中协议报文的处理系统。
Description
本发明涉及互联网设备领域,尤其涉及一种业务功能链(SFC,Service Function Chaining)中协议报文的处理方法、系统及业务功能节点。
随着网络技术的发展,数据中心网络逐渐向叠加(Overlay)网络发展,然而Overlay技术并未能解决所有问题,数据中心还有很多中间件(Middleware)如防火墙、负载均衡器等,这些设备都是基于用户业务来部署的。
通常,将虚拟防火墙、负载均衡器、网关等业务处理功能,称为业务功能(Service Function),而流量经过一系列Service Function的处理,形成SFC,如图1中粗实线和粗虚线所示的两条业务链(Service Chain)。
SFC技术是目前正在研究和标准化的一种网络技术,是一种将网络设备业务功能和转发分离开来,从而实现业务功能的独立运算、处理并形成一条业务链的技术,这种技术能够提升网络设备的转发性能。
但是,现有SFC技术中,SFC中各个节点针对数据流的处理并不区分用户数据报文和协议报文,如此,会使得各个节点不能够正确识别协议报文,从而会使得协议报文被当作用户数据报文而进行错误地处理和转发。
发明内容
为解决现有存在的技术问题,本发明实施例提供一种SFC中协议报文的处理方法、系统及业务功能节点。
本发明实施例提供了一种SFC中协议报文的处理方法,包括:
第一业务功能节点将协议报文的协议类型及报文属性进行封装;
所述第一业务功能节点将封装的所述协议报文的协议类型及报文属性和所述协议报文封装后发出。
上述方案中,所述第一业务功能节点将协议报文的协议类型及报文属性进行封装之前,所述方法还包括:
所述第一业务功能节点的协议组件为与自身关联的业务功能实例产生所述协议报文。
上述方案中,所述第一业务功能节点将所述协议报文的协议类型及报文属性封装在业务功能报文头(NSH,Network Service Header)中。
本发明实施例还提供了一种SFC中协议报文的处理方法,包括:
第二业务功能节点接收报文;
所述第二业务功能节点解析接收的报文的协议类型及报文属性;
所述第二业务功能节点根据解析的协议类型确定所述接收的报文为协议报文后,根据解析的报文属性,对所述接收的报文进行协议相关处理。
上述方案中,所述根据解析的报文属性,对所述接收的报文进行协议相关处理,包括:
根据所述解析的报文属性确定所述接收的报文为请求报文时,所述第二业务功能节点的协议组件为所述接收的报文对应的与自身关联的业务功能实例产生相应的应答报文;
所述第二业务功能节点的报文封装组件将产生的所述应答报文的协议类型及报文属性进行封装;并将封装的所述应答报文的协议类型及报文属性和所述应答报文封装后发出。
上述方案中,所述报文封装组件将所述应答报文的协议类型及报文属性封装在NSH中。
上述方案中,所述接收的报文的协议类型及报文属性封装在NSH中。
本发明实施例又提供了一种SFC中协议报文的处理方法,包括:
第一业务功能节点将协议报文的协议类型及报文属性进行封装;并将封装的所述协议报文的协议类型及报文属性和对应的协议报文封装后发送给第二业务功能节点;
所述第二业务功能节点收到报文后,解析接收的报文的协议类型及报文属性;并根据解析的协议类型确定所述接收的报文为协议报文后,根据解析的报文属性,对接收的报文进行协议相关处理。
上述方案中,所述第一业务功能节点将协议报文的协议类型及报文属性进行封装之前,所述方法还包括:
所述第一业务功能节点的协议组件为与自身关联的业务功能实例产生所述协议报文。
上述方案中,所述第一业务功能节点将所述协议报文的协议类型及报文属性封装在NSH中。
上述方案中,所述根据解析的报文属性,对接收的报文进行协议相关处理,包括:
根据所述解析的报文属性确定所述接收的报文为请求报文时,所述第二业务功能节点的协议组件为所述接收的报文对应的与自身关联的业务功能实例产生相应的应答报文;
所述第二业务功能节点的报文封装组件将产生的所述应答报文的协议类型及报文属性进行封装;并将封装的所述应答报文的协议类型及报文属性和所述应答报文封装后发送给所述第一业务功能节点。
上述方案中,所述第二业务功能节点的报文封装组件将所述应答报文的协议类型及报文属性封装在NSH中。
本发明实施例还提供了一种业务功能节点,包括:第一报文封装组件及第一发射机;其中,
所述第一报文封装组件,配置为将协议报文的协议类型及报文属性进行封装;并将封装的所述协议报文的协议类型及报文属性和所述协议报文封装;
所述第一发射机,配置为将封装后的报文发出。
上述方案中,所述业务功能节点还包括:第一协议组件,配置为为与自身关联的业务功能实例产生所述协议报文。
本发明实施例又提供了一种业务功能节点,包括:第一接收机、第二报文封装组件及第二协议组件;其中,
所述第一接收机,配置为接收报文;
所述第二报文封装组件,配置为解析接收的报文的协议类型及报文属性;并根据解析的协议类型确定所述接收的报文为协议报文后,将所述接收的报文发送给所述第二协议组件;
所述第二协议组件,配置为根据解析的报文属性,对所述接收的报文进行协议相关处理。
上述方案中,所述业务功能节点还包括:第二发射机;其中,
所述第二协议组件,配置为:根据所述解析的报文属性确定所述接收的报文为请求报文时,为所述接收的报文对应的与自身关联的业务功能实例产生相应的应答报文;
相应地,所述第二报文封装组件,还配置为将产生的所述应答报文的协议类型及报文属性进行封装;并将封装的所述应答报文的协议类型及报文属性和所述应答报文封装;
所述第二发射机,配置为将封装后的报文发出。
本发明实施例还提供了一种SFC中协议报文的处理系统,包括:第一业务功能节点及第二业务功能节点;其中,
所述第一业务功能节点,配置为将协议报文的协议类型及报文属性进
行封装;并将封装的所述协议报文的协议类型及报文属性和对应的协议报文封装后发送给所述第二业务功能节点;
所述第二业务功能节点,配置为收到所述第一业务功能节点发送的报文后,解析接收的报文的协议类型及报文属性;并根据解析的协议类型确定所述接收的报文为协议报文后,根据解析的报文属性,对接收的报文进行协议相关处理。
上述方案中,所述第一业务功能节点包括:第一报文封装组件及第一发射机;所述第二业务功能节点包括:第一接收机、第二报文封装组件及第二协议组件;其中,
所述第一报文封装组件,配置为将协议报文的协议类型及报文属性进行封装;并将封装的所述协议报文的协议类型及报文属性和所述协议报文封装;
所述第一发射机,配置为将封装后的报文发送给所述第二功能节点;
所述第一接收机,配置为接收所述第一功能节点发送的报文;
所述第二报文封装组件,配置为解析接收的报文的协议类型及报文属性;并根据解析的协议类型确定所述接收的报文为协议报文后,将所述接收的报文发送给所述第二协议组件;
所述第二协议组件,配置为根据解析的报文属性,对所述接收的报文进行协议相关处理。
上述方案中,所述第一业务功能节点还包括:第一协议组件,配置为为与自身关联的业务功能实例产生所述协议报文。
上述方案中,所述第二业务功能节点还包括:第二发射机;所述第一业务功能节点还包括:第二接收机;其中,
所述第二协议组件,配置为:根据所述解析的报文属性确定所述接收的报文为请求报文时,所述第二业务功能节点的协议组件为所述接收的报
文对应的与自身关联的业务功能实例产生相应的应答报文;
相应地,所述第二报文封装组件,还配置为将产生的所述应答报文的协议类型及报文属性进行封装;并将封装的所述应答报文的协议类型及报文属性和所述应答报文封装;
所述第二发射机,配置为将封装后的报文发送给所述第一业务功能节点;
所述第二接收机,还配置为接收所述第二业务功能节点发送的报文。
本发明实施例提供的SFC中协议报文的处理方法、系统及业务功能节点,第一业务功能节点将协议报文的协议类型及报文属性进行封装;并将封装的所述协议报文的协议类型及报文属性和对应的协议报文封装后发送给第二业务功能节点;所述第二业务功能节点收到报文后,解析接收的报文的协议类型及报文属性;并根据解析的协议类型确定所述接收的报文为协议报文后,根据解析的报文属性,对接收的报文进行协议相关处理,如此,能有效地实现业务功能节点之间正确地处理协议报文,能解决业务功能节点之间将协议报文当作数据报文进行业务功能处理的技术问题。
在附图(其不一定是按比例绘制的)中,相似的附图标记可在不同的视图中描述相似的部件。具有不同字母后缀的相似附图标记可表示相似部件的不同示例。附图以示例而非限制的方式大体示出了本文中所讨论的各个实施例。
图1为一种SFC网络结构示意图;
图2为一种SFP结构示意图;
图3为一种NSH格式示意图;
图4为本发明实施例一SFC中协议报文的处理方法流程示意图;
图5为本发明实施例二SFC中协议报文的处理方法流程示意图;
图6为本发明实施例三SFC中协议报文的处理方法流程示意图;
图7为本发明实施例整体架构示意图;
图8为本发明实施例协议类型及报文属性在NSH中的格式示意图;
图9为本发明实施例四应用场景示意图;
图10为本发明实施例四SFC中协议报文的处理方法流程示意图;
图11为本发明实施例五应用场景示意图;
图12为本发明实施例五SFC中协议报文的处理方法流程示意图;
图13为本发明实施例六业务功能节点结构示意图;
图14为本发明实施例七业务功能节点结构示意图;
图15为本发明实施例八SFC中协议报文的处理系统结构示意图;
图16为本发明实施例SFC中协议报文的处理系统具体结构示意图。
为了能更好的理解本发明实施例的内容,本文先介绍SFC的框架,目前现有技术中基本可以包含以下技术及组件:
1、业务叠加(Service Overlay),即各个网络边缘节点需要通信的Overlay叠加技术;
2、通用业务控制平面(GSCP,Generic Service Control Plane),即形成SFC的控制器;
3、业务分类(Service Classification),即需要进行流识别,然后特定的流,进行特定的SFC处理;
4、控制平面元数据(Dataplane Metadata),这是一大特点,元数据(Metadata)允许各个边缘业务处理节点能够互相交换信息,达到某种业务处理目的。
6、业务功能转发器(SFF,Service Function Forwarder)组件,如图3所示,数据报文在业务功能链的各个节点之间传递,会在数据帧以外封装一层NSH;这个NSH由业务功能节点上的SFF组件来进行解析、封装和解封装。
目前,如果在SFC中各个节点之间运行某种协议,并不能够满足业务功能链的应用场景。举个例子来说,例如,在分类器和业务功能节点(Service function node)之间建立因特网协议安全(IPSec,Internet Protocol Security)通道并创建安全联盟(SA,Security Association),分类器和业务功能节点之间运行密钥交换协议(IKE,Internet Key Exchange Protocol);现有技术中,由于IKE协商的两端是两个业务功能实例,所以当IKE协议报文从分类器发送到业务功能节点时会被封装NSH;而对端业务功能节点的SFF组件无法识别出来这是一个IKE信令协商报文,会认为这是一个数据报文并将其发送到业务功能实例,这样就造成该报文被错误地处理和转发。
基于此,在本发明的各种实施例中:第一业务功能节点将协议报文的协议类型及报文属性进行封装;并将封装的所述协议报文的协议类型及报文属性和对应的协议报文封装后发送给第二业务功能节点;所述第二业务功能节点收到报文后,解析接收的报文的协议类型及报文属性;并根据解析的协议类型确定所述接收的报文为协议报文后,根据解析的报文属性,对接收的报文进行协议相关处理。
下面结合附图及实施例对本发明再作进一步详细地描述。
实施例一
本实施例SFC中协议报文的处理方法,如图4所示,包括以下步骤:
步骤401:第一业务功能节点将协议报文的协议类型及报文属性进行封装;
具体地,所述第一业务功能节点可以将所述协议报文的协议类型及报文属性封装在NSH中。
这里,所述第一业务功能节点将协议报文的协议类型及报文属性进行封装之前,该方法还可以包括:
所述第一业务功能节点的协议组件为与自身关联的业务功能实例产生所述协议报文。
这里,实际应用时,需要先在所述第一业务功能节点配置对应的所述协议组件;并配置所述协议组件与某个业务功能实例关联,从而使得所述协议组件可以为与自身关联的业务功能实例产生所述协议报文。其中,所述协议可以是IPSec及IKE协议、或端口控制协议(PCP,Port Control Protocol)等等。
所述协议组件是指能运行规定协议功能的组件。
所述协议报文是指各种网络协议报文,此报文区别于用户数据报文。例如,在路由器处理中,协议报文即各种路由协议传递所产生的报文。其中,数据报文是用户使用各种应用的流量。
所述协议类型用于标识所述协议报文所属的协议;所述报文属性用于标识所述协议报文是请求报文或应答报文。
步骤402:所述第一业务功能节点将封装的所述协议报文的协议类型及报文属性和所述协议报文封装后发出。
实施例二
本实施例SFC中协议报文的处理方法,如图5所示,包括以下步骤:
步骤501:第二业务功能节点接收报文;
步骤502:所述第二业务功能节点解析接收的报文的协议类型及报文属性;
这里,实际应用时,所述接收的报文的协议类型及报文属性可以封装
在NSH中。
步骤503:所述第二业务功能节点根据解析的协议类型确定所述接收的报文为协议报文后,根据解析的报文属性,对所述接收的报文进行协议相关处理。
这里,所述根据解析的报文属性,对所述接收的报文进行协议相关处理,具体包括:
根据所述解析的报文属性确定所述接收的报文为请求报文时,所述第二业务功能节点的协议组件为所述接收的报文对应的与自身关联的业务功能实例产生相应的应答报文;
所述第二业务功能节点的报文封装组件将产生的所述应答报文的协议类型及报文属性进行封装;并将封装的所述应答报文的协议类型及报文属性和所述应答报文封装后发出。
这里,当根据所述解析的报文属性确定所述接收的报文为应答报文时,所述协议组件不进行任何处理。
实际应用时,所述报文封装组件可以将所述应答报文的协议类型及报文属性封装在NSH中。
所述报文封装组件的功能可以由SFF组件等来实现。
所述协议报文是指各种网络协议报文,此报文区别于用户数据报文。例如,在路由器处理中,协议报文即各种路由协议传递所产生的报文。其中,数据报文是用户使用各种应用的流量。
实际应用时,需要先在所述第二业务功能节点配置对应的协议组件;并配置所述协议组件与某个业务功能实例关联,从而使得所述协议组件可以处理与自身关联的业务功能实例对应的协议报文。其中,所述协议可以是IPSec及IKE协议、或PCP等等。
当根据解析的协议类型确定所述接收的报文是非协议报文后,对所述
接收的报文进行业务功能链的处理并转发。
实施例三
在实施例一、二的基础上,本实施例SFC中协议报文的处理方法,如图6所示,包括以下步骤:
步骤601:第一业务功能节点将协议报文的协议类型及报文属性进行封装中;并将封装的所述协议报文的协议类型及报文属性和对应的协议报文封装后发送给第二业务功能节点;
其中,所述第一业务功能节点将协议报文的协议类型及报文属性进行封装之前,该方法还可以包括:
所述第一业务功能节点的协议组件为与自身关联的业务功能实例产生所述协议报文。
这里,实际应用时,如图7所示,需要先在所述第一业务功能节点及所述第二业务功能节点之间配置端到端的协议组件;并分别在所述第一业务功能节点及所述第二业务功能节点上配置协议组件与某个业务功能实例关联,从而使得所述协议组件可以为与自身关联的业务功能实例处理协议报文。其中,所述协议可以是IPSec及IKE协议、或PCP等等。
所述协议组件是指能运行规定协议功能的组件。
所述协议报文是指各种网络协议报文,此报文区别于用户数据报文。例如,在路由器处理中,协议报文即各种路由协议传递所产生的报文。其中,数据报文是用户使用各种应用的流量。
所述协议类型用于标识所述协议报文所属的协议;所述报文属性用于标识所述协议报文是请求报文或应答报文。
实际应用时,所述第一业务功能节点可以将所述协议报文的协议类型及报文属性封装在NSH中。
如图8所示,NSH及对应的协议报文封装成数据帧,然后发送给所述
第二业务功能节点;其中,协议类型具体的设置可以为:0表示非协议报文,1表示IKE报文,2表示开放式最短路径优先(OSPF,Open Shortest Path First)报文、3表示标签分发协议(LDP,Label Distribution Protocol)报文等等;报文属性具体的设置可以为:1表示请求报文,2表示应答报文等等。
步骤602:所述第二业务功能节点收到报文后,解析接收的报文的协议类型及报文属性;并根据解析的协议类型确定所述接收的报文为协议报文后,根据解析的报文属性,对接收的报文进行协议相关处理。
这里,所述根据解析的报文属性,对接收的报文进行协议相关处理,具体包括:
根据所述解析的报文属性确定所述接收的报文为请求报文时,所述第二业务功能节点的协议组件为所述接收的报文对应的与自身关联的业务功能实例产生相应的应答报文;
所述第二业务功能节点的报文封装组件将产生的所述应答报文的协议类型及报文属性进行封装中;并将封装的所述应答报文的协议类型及报文属性和所述应答报文封装后发送给所述第一业务功能节点。
这里,当根据所述解析的报文属性确定所述接收的报文为应答报文时,所述第二业务功能节点的协议组件不进行任何处理。
所述第二业务功能节点的报文封装组件可以将产生的所述应答报文的协议类型及报文属性封装在NSH中。
所述第二业务功能节点的报文封装组件的功能可以由SFF组件等来实现。
本实施例提供的SFC中协议报文的处理方法,第一业务功能节点将协议报文的协议类型及报文属性进行封装;并将封装的所述协议报文的协议类型及报文属性和对应的协议报文封装后发送给第二业务功能节点;所述第二业务功能节点收到的报文后,解析接收的报文的协议类型及报文属性;
并根据解析的协议类型确定所述接收的报文为协议报文后,根据解析的报文属性,对接收的报文进行协议相关处理,如此,能有效地实现业务功能节点之间正确地处理协议报文,能解决业务功能节点之间将协议报文当作数据报文进行业务功能处理的技术问题。
实施例四
如图9所示,本实施例的应用场景为:业务功能实例1->业务功能实例2->业务功能实例3的业务功能链中,在业务功能实例1和业务功能实例2创建安全联盟和IPSec安全通道;将业务功能实例1所在的业务功能节点称为节点A,将业务功能实例2所在的业务功能节点称为节点B。
本实施例SFC中协议报文的处理方法,如图10所示,包括以下步骤:
步骤1001:在业务功能实例1和业务功能实例2所在的节点A、B上分别配置业务功能实例1和业务功能实例2为一对SA、IPSec及IKE协议相关的信息,之后执行步骤1002;
步骤1002:配置节点A的IPSec协议组件与业务功能实例1关联,并配置节点B的IPSec协议组件和业务功能实例2关联,之后执行步骤1003;
步骤1003:节点A的IPSec组件产生一个IKE报文;
这里,产生的IKE报文的内容为:本地所支持的ISAKMP的策略,该策略的内容包含加密算法、哈希(hash)算法、D-H组、认证方式、SA的生存时间五个元素。
步骤1004:节点A的SFF组件对产生的IKE报文的协议类型及报文属性进行NSH的封装;
其中,将报文属性设置为1,表明该报文的报文属性为请求报文;将协议类型设置为1,表明该报文的协议类型为IKE报文。
步骤1005:节点A的SFF组件将封装后的NSH封装在协议报文前部,并将封装后的协议报文发送到节点B;
步骤1006:节点B的SFF组件收到节点A发送的协议报文后,解析协议报文NSH中的报文属性和协议类型字段,确定接收的报文为IKE的请求报文;
步骤1007:节点B的IPSec组件进行IKE协商处理,并根据自身支持的ISAKMP的策略,产生相应的响应报文;
步骤1008:节点B的SFF组件对产生的响应报文的协议类型及报文属性进行NSH的封装;
其中,将报文属性设置为2,表明该报文的报文属性为响应报文;将协议类型设置为1,表明该报文的协议类型为IKE报文。
步骤1009:节点B的SFF组件将封装后的NSH封装在响应报文前部,并将封装后的响应报文发送到节点A;
步骤1010:节点A的SFF组件收到节点B的响应报文后,解析响应报文NSH中的报文属性和协议类型字段,确定接收的报文为IKE的响应报文,之后执行步骤1011;
这里,本步骤执行完成后,表明策略协商成功。
步骤1011:节点A与节点B进行IKE后续阶段的协商和身份认证流程。
这里,节点A与节点B进行IKE后续阶段的协商和身份认证流程中的协议报文的处理过程与上述的策略协商流程中的协议报文的处理过程类似,这里不再赘述。
实施例五
如图11所示,本实施例的应用场景为:业务功能实例1->业务功能实例2->业务功能实例3的业务功能链中,业务功能实例1本身没有地址池,业务功能实例1通过PCP向业务功能实例2请求IP地址池资源;将业务功能实例1所在的业务功能节点称为节点A,将业务功能实例2所在的业务功能节点称为节点B。
本实施例SFC中协议报文的处理方法,如图12所示,包括以下步骤:
步骤1201:在业务功能实例1和业务功能实例2所在的节点A、B上分别配置相关的信息,之后执行步骤1202;
具体地,在节点B上配置IP地址池,并在节点A、B上分别配置PCP相关的信息。
步骤1202:配置节点A的PCP组件与业务功能实例1关联,并配置节点B的PCP组件和业务功能实例2关联,之后执行步骤1203;
步骤1203:节点A的PCP组件产生PCP请求报文;
这里,产生的PCP请求报文,要求业务功能实例2提供IP地址为192.168.1.1,端口范围1024至32767之间的端口给业务功能实例1使用,分配策略为尽量分配(try best)。
步骤1204:节点A的SFF组件对产生的协议报文的协议类型及报文属性进行NSH的封装;
其中,将报文属性设置为1,表明该报文的报文属性为请求报文;将协议类型设置为18,表明该报文的协议类型为PCP报文。
步骤1205:节点A的SFF组件将封装后的NSH封装在协议报文前部,并将封装后的协议报文发送到节点B;
步骤1206:节点B的SFF组件收到节点A发送的协议报文后,解析协议报文NSH中的报文属性和协议类型字段,确定接收的报文为PCP的请求报文;
步骤1207:节点B的SFF组件将报文发送到节点B的PCP组件,节点B的PCP组件发现业务功能实施例2的地址池中并没有192.168.1.1这个IP地址,之后执行步骤1208;
步骤1208:节点B的PCP组件根据尽量分配的原则,分配192.168.1.2的IP地址,端口范围是1024至32767,并将相关的IP地址和端口段值封
装在响应报文中;
步骤1209:节点B的SFF组件对响应报文的协议类型及报文属性进行NSH的封装;
其中,将报文属性设置为2,表明该报文的报文属性为响应报文;将协议类型设置为18,表明该报文的协议类型为PCP报文。
步骤1210:节点B的SFF组件将封装后的NSH封装在响应报文前部,并将封装后的响应报文发送到节点A;
步骤1211:节点A的SFF组件收到节点B的响应报文后,解析响应报文NSH中的报文属性和协议类型字段,确定接收的报文为PCP的响应报文,获取IP地址和端口段值并交付业务功能实例1,结束当前处理流程。
这里,本步骤完成后,表明业务功能实例1获取IP地址和端口段资源成功。
实施例六
为实现实施例一的方法,本实施例提供一种业务功能节点,如图13所示,该业务功能节点包括:第一报文封装组件131及第一发射机132;其中,
所述第一报文封装组件131,配置为将协议报文的协议类型及报文属性进行封装;并将封装的所述协议报文的协议类型及报文属性和所述协议报文封装;
所述第一发射机132,配置为将封装后的报文发出。
具体地,所述第一报文封装组件131可以将所述协议报文的协议类型及报文属性封装在NSH中。
实际应用时,第一报文封装组件131的功能可由SFF组件等来实现。
其中,该业务功能节点还可以包括:第一协议组件,配置为为与自身关联的业务功能实例产生所述协议报文。
这里,实际应用时,需要先在所述业务功能节点配置对应的所述第一
协议组件;并配置所述第一协议组件与某个业务功能实例关联,从而使得所述第一协议组件可以为与自身关联的业务功能实例产生所述协议报文。其中,所述协议可以是IPSec及IKE协议、或PCP等等。
所述第一协议组件是指能运行规定协议功能的部件。
所述协议报文是指各种网络协议报文,此报文区别于用户数据报文。例如,在路由器处理中,协议报文即各种路由协议传递所产生的报文。其中,数据报文是用户使用各种应用的流量。
所述协议类型用于标识所述协议报文所属的协议;所述报文属性用于标识所述协议报文是请求报文或应答报文。
实施例七
为实现实施例二的方法,本实施例提供一种业务功能节点,如图14所示,该业务功能节点包括:第一接收机141、第二报文封装组件142及第二协议组件143;其中,
所述第一接收机141,配置为接收报文;
所述第二报文封装组件142,配置为解析接收的报文的协议类型及报文属性;并根据解析的协议类型确定所述接收的报文为协议报文后,将所述接收的报文发送给所述第二协议组件143;
所述第二协议组件143,配置为根据解析的报文属性,对所述接收的报文进行协议相关处理。
这里,实际应用时,所述接收的报文的协议类型及报文属性可以封装在NSH中。
该业务功能节点还可以包括:第二发射机;其中,
所述第二协议组件143,具体配置为:根据所述解析的报文属性确定所述接收的报文为请求报文时,为所述接收的报文对应的与自身关联的业务功能实例产生相应的应答报文;
相应地,所述第二报文封装组件142,还配置为将产生的所述应答报文的协议类型及报文属性进行封装;并将封装的所述应答报文的协议类型及报文属性和所述应答报文封装;
所述第二发射机,配置为将封装后的报文发出。
这里,当根据所述解析的报文属性确定所述接收的报文为应答报文时,所述第二协议组件143不进行任何处理。
实际应用时,所述第二报文封装组件142可以将所述应答报文的协议类型及报文属性封装在NSH中。
所述第二报文封装组件142的功能可由SFF组件等来实现。
所述协议报文是指各种网络协议报文,此报文区别于用户数据报文。例如,在路由器处理中,协议报文即各种路由协议传递所产生的报文。其中,数据报文是用户使用各种应用的流量。
实际应用时,需要先在所述业务功能节点配置对应的所述第二协议组件143;并配置所述第二协议组件143与某个业务功能实例关联,从而使得所述第二协议组件143可以处理与自身关联的业务功能实例对应的协议报文。其中,所述协议可以是IPSec及IKE协议、或PCP等等。
所述第二协议组件143是指能运行规定协议功能的组件。
当根据解析的协议类型确定所述接收的报文是非协议报文后,对所述接收的报文进行业务功能链的处理并转发。
实施例八
为实现实施例三的方法,本实施例提供一种SFC中协议报文的处理系统,如图15所示,该处理系统包括:第一业务功能节点151及第二业务功能节点152;其中,
所述第一业务功能节点151,配置为将协议报文的协议类型及报文属性进行封装;并将封装的所述协议报文的协议类型及报文属性和对应的协议
报文封装后发送给所述第二业务功能节点152;
所述第二业务功能节点152,配置为收到所述第一业务功能节点发送的报文后,解析接收的报文的协议类型及报文属性;并根据解析的协议类型确定所述接收的报文为协议报文后,根据解析的报文属性,对接收的报文进行协议相关处理。
其中,如图16所示,所述第一业务功能节点151可以包括:第一报文封装组件1511及第一发射机1512;所述第二业务功能节点152可以包括:第一接收机1521、第二报文封装组件1522及第二协议组件1523;其中,
所述第一报文封装组件1511,配置为将协议报文的协议类型及报文属性进行封装;并将封装的所述协议报文的协议类型及报文属性和所述协议报文封装;
所述第一发射机1512,配置为将封装后的报文发送给所述第二功能节点152;
所述接收机1521,配置为接收所述第一功能节点151发送的报文;
所述第二报文封装组件1522,配置为解析接收的报文的协议类型及报文属性;并根据解析的协议类型确定所述接收的报文为协议报文后,将所述接收的报文发送给所述第二协议组件1523;
所述第二协议组件1523,配置为根据解析的报文属性,对所述接收的报文进行协议相关处理。
这里,所述第一业务功能节点151还可以包括:第一协议组件1513,配置为为与自身关联的业务功能实例产生所述协议报文。
这里,实际应用时,如图7所示,需要先在所述第一业务功能节点及所述第二业务功能节点之间配置端到端的协议组件(第一协议组件1513及第二协议组件1523);并分别在所述第一业务功能节点及所述第二业务功能节点上配置协议组件与某个业务功能实例关联,从而使得所述第一协议组
件1513及所述第二协议组件1523可以为与自身关联的业务功能实例处理协议报文。其中,所述协议可以是IPSec及IKE协议、或PCP等等。
所述协议报文是指各种网络协议报文,此报文区别于用户数据报文。例如,在路由器处理中,协议报文即各种路由协议传递所产生的报文。其中,数据报文是用户使用各种应用的流量。
所述协议类型用于标识所述协议报文所属的协议;所述报文属性用于标识所述协议报文是请求报文或应答报文。
实际应用时,所述第一报文封装组件1511可以将所述协议报文的协议类型及报文属性封装在NSH中。
如图8所示,NSH及对应的协议报文封装成数据帧,然后发送给所述第二业务功能节点;其中,协议类型具体的设置可以为:0表示非协议报文,1表示IKE报文,2表示OSPF报文、3表示LDP报文等等;报文属性具体的设置可以为:1表示请求报文,2表示应答报文等等。
所述第二业务功能节点152还可以包括:第二发射机1524;所述第一业务功能节点151还可以包括:第二接收机1514;其中,
所述第二协议组件1523,具体配置为:根据所述解析的报文属性确定所述接收的报文为请求报文时,所述第二业务功能节点的协议组件为所述接收的报文对应的与自身关联的业务功能实例产生相应的应答报文;
相应地,所述第二报文封装组件1522,还配置为将产生的所述应答报文的协议类型及报文属性进行封装;并将封装的所述应答报文的协议类型及报文属性和所述应答报文封装;
所述第二发射机1524,配置为将封装后的报文发送给所述第一业务功能节点151;
相应地,所述第二接收机1514配置为接收所述第二业务功能节点发送的报文。
这里,当根据所述解析的报文属性确定所述接收的报文为应答报文时,所述第二协议组件1523不进行任何处理。
所述第二报文封装组件可以将产生的所述应答报文的协议类型及报文属性封装在NSH中。
当根据解析的协议类型确定所述接收的报文是非协议报文后,对所述接收的报文进行业务功能链的处理并转发。
所述第一协议组件1513及所述第二协议组件1523是指能运行规定协议功能的组件。
实际应用时,所述第一报文封装组件1511及所述第二报文封装组件1522的功能可由SFF组件等来实现。
本实施例提供的SFC中协议报文的处理系统,第一业务功能节点151将协议报文的协议类型及报文属性进行封装;并将封装的所述协议报文的协议类型及报文属性和对应的协议报文封装后发送给第二业务功能节点152;所述第二业务功能节点152收到的报文后,解析接收的报文的协议类型及报文属性;并根据解析的协议类型确定所述接收的报文为协议报文后,根据解析的报文属性,对接收的报文进行协议相关处理,如此,能有效地实现业务功能节点之间正确地处理协议报文,能解决业务功能节点之间将协议报文当作数据报文进行业务功能处理的技术问题。
本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用硬件实施例、软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器和光学存储器等)上实施的计算机程序产品的形式。
本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程
图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。
以上所述,仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围。
Claims (20)
- 一种业务功能链SFC中协议报文的处理方法,所述方法包括:第一业务功能节点将协议报文的协议类型及报文属性进行封装;所述第一业务功能节点将封装的所述协议报文的协议类型及报文属性和所述协议报文封装后发出。
- 根据权利要求1所述的方法,其中,所述第一业务功能节点将协议报文的协议类型及报文属性进行封装之前,所述方法还包括:所述第一业务功能节点的协议组件为与自身关联的业务功能实例产生所述协议报文。
- 根据权利要求1所述的方法,其中,所述第一业务功能节点将所述协议报文的协议类型及报文属性封装在业务功能报文头NSH中。
- 一种SFC中协议报文的处理方法,所述方法包括:第二业务功能节点接收报文;所述第二业务功能节点解析接收的报文的协议类型及报文属性;所述第二业务功能节点根据解析的协议类型确定所述接收的报文为协议报文后,根据解析的报文属性,对所述接收的报文进行协议相关处理。
- 根据权利要求4所述的方法,其中,所述根据解析的报文属性,对所述接收的报文进行协议相关处理,包括:根据所述解析的报文属性确定所述接收的报文为请求报文时,所述第二业务功能节点的协议组件为所述接收的报文对应的与自身关联的业务功能实例产生相应的应答报文;所述第二业务功能节点的报文封装组件将产生的所述应答报文的协议类型及报文属性进行封装;并将封装的所述应答报文的协议类型及报文属性和所述应答报文封装后发出。
- 根据权利要求5所述的方法,其中,所述报文封装组件将所述应答 报文的协议类型及报文属性封装在NSH中。
- 根据权利要求4所述的方法,其中,所述接收的报文的协议类型及报文属性封装在NSH中。
- 一种SFC中协议报文的处理方法,所述方法包括:第一业务功能节点将协议报文的协议类型及报文属性进行封装;并将封装的所述协议报文的协议类型及报文属性和对应的协议报文封装后发送给第二业务功能节点;所述第二业务功能节点收到报文后,解析接收的报文的协议类型及报文属性;并根据解析的协议类型确定所述接收的报文为协议报文后,根据解析的报文属性,对接收的报文进行协议相关处理。
- 根据权利要求8所述的方法,其中,所述第一业务功能节点将协议报文的协议类型及报文属性进行封装之前,所述方法还包括:所述第一业务功能节点的协议组件为与自身关联的业务功能实例产生所述协议报文。
- 根据权利要求8所述的方法,其中,所述第一业务功能节点将所述协议报文的协议类型及报文属性封装在NSH中。
- 根据权利要求8所述的方法,其中,所述根据解析的报文属性,对接收的报文进行协议相关处理,包括:根据所述解析的报文属性确定所述接收的报文为请求报文时,所述第二业务功能节点的协议组件为所述接收的报文对应的与自身关联的业务功能实例产生相应的应答报文;所述第二业务功能节点的报文封装组件将产生的所述应答报文的协议类型及报文属性进行封装;并将封装的所述应答报文的协议类型及报文属性和所述应答报文封装后发送给所述第一业务功能节点。
- 根据权利要求11所述的方法,其中,所述第二业务功能节点的报 文封装组件将所述应答报文的协议类型及报文属性封装在NSH中。
- 一种业务功能节点,所述业务功能节点包括:第一报文封装组件及第一发射机;其中,所述第一报文封装组件,配置为将协议报文的协议类型及报文属性进行封装;并将封装的所述协议报文的协议类型及报文属性和所述协议报文封装;所述第一发射机,配置为将封装后的报文发出。
- 根据权利要求13所述的业务功能节点,其中,所述业务功能节点还包括:第一协议组件,配置为为与自身关联的业务功能实例产生所述协议报文。
- 一种业务功能节点,其中,所述业务功能节点包括:第一接收机、第二报文封装组件及第二协议组件;其中,所述第一接收机,配置为接收报文;所述第二报文封装组件,配置为解析接收的报文的协议类型及报文属性;并根据解析的协议类型确定所述接收的报文为协议报文后,将所述接收的报文发送给所述第二协议组件;所述第二协议组件,配置为根据解析的报文属性,对所述接收的报文进行协议相关处理。
- 根据权利要求15所述的业务功能节点,其中,所述业务功能节点还包括:第二发射机;其中,所述第二协议组件,配置为:根据所述解析的报文属性确定所述接收的报文为请求报文时,为所述接收的报文对应的与自身关联的业务功能实例产生相应的应答报文;相应地,所述第二报文封装组件,还配置为将产生的所述应答报文的协议类型及报文属性进行封装;并将封装的所述应答报文的协议类型及报 文属性和所述应答报文封装;所述第二发射机,配置为将封装后的报文发出。
- 一种SFC中协议报文的处理系统,所述处理系统包括:第一业务功能节点及第二业务功能节点;其中,所述第一业务功能节点,配置为将协议报文的协议类型及报文属性进行封装;并将封装的所述协议报文的协议类型及报文属性和对应的协议报文封装后发送给所述第二业务功能节点;所述第二业务功能节点,配置为收到所述第一业务功能节点发送的报文后,解析接收的报文的协议类型及报文属性;并根据解析的协议类型确定所述接收的报文为协议报文后,根据解析的报文属性,对接收的报文进行协议相关处理。
- 根据权利要求17所述的处理系统,其中,所述第一业务功能节点包括:第一报文封装组件及第一发射机;所述第二业务功能节点包括:第一接收机、第二报文封装组件及第二协议组件;其中,所述第一报文封装组件,配置为将协议报文的协议类型及报文属性进行封装;并将封装的所述协议报文的协议类型及报文属性和所述协议报文封装;所述第一发射机,配置为将封装后的报文发送给所述第二功能节点;所述第一接收机,配置为接收所述第一功能节点发送的报文;所述第二报文封装组件,配置为解析接收的报文的协议类型及报文属性;并根据解析的协议类型确定所述接收的报文为协议报文后,将所述接收的报文发送给所述第二协议组件;所述第二协议组件,配置为根据解析的报文属性,对所述接收的报文进行协议相关处理。
- 根据权利要求18所述的处理系统,其中,所述第一业务功能节点 还包括:第一协议组件,配置为为与自身关联的业务功能实例产生所述协议报文。
- 根据权利要求18所述的处理系统,其中,所述第二业务功能节点还包括:第二发射机;所述第一业务功能节点还包括:第二接收机;其中,所述第二协议组件,配置为:根据所述解析的报文属性确定所述接收的报文为请求报文时,所述第二业务功能节点的协议组件为所述接收的报文对应的与自身关联的业务功能实例产生相应的应答报文;相应地,所述第二报文封装组件,还配置为将产生的所述应答报文的协议类型及报文属性进行封装;并将封装的所述应答报文的协议类型及报文属性和所述应答报文封装;所述第二发射机,配置为将封装后的报文发送给所述第一业务功能节点;所述第二接收机,还配置为接收所述第二业务功能节点发送的报文。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410554999.4 | 2014-10-17 | ||
CN201410554999.4A CN105577579B (zh) | 2014-10-17 | 2014-10-17 | 业务功能链中协议报文的处理方法、系统及业务功能节点 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016058463A1 true WO2016058463A1 (zh) | 2016-04-21 |
Family
ID=55746110
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2015/089082 WO2016058463A1 (zh) | 2014-10-17 | 2015-09-07 | 业务功能链中协议报文的处理方法、系统及业务功能节点 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN105577579B (zh) |
WO (1) | WO2016058463A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113839872A (zh) * | 2021-11-29 | 2021-12-24 | 军事科学院系统工程研究院网络信息研究所 | 一种面向虚链路的安全标签分发协议方法和系统 |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111884933B (zh) | 2016-07-01 | 2021-07-09 | 华为技术有限公司 | 业务功能链sfc中用于转发报文的方法、装置和系统 |
CN109150720B (zh) * | 2017-06-19 | 2022-04-12 | 中兴通讯股份有限公司 | 业务链报文转发方法、装置、设备及计算机可读存储介质 |
CN110099011B (zh) * | 2019-04-30 | 2022-05-10 | 烽火通信科技股份有限公司 | 一种实体网关接入虚拟家庭网关的方法及系统 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101155107A (zh) * | 2006-09-25 | 2008-04-02 | 华为技术有限公司 | 在弹性分组环上承载点到点协议的方法、装置及系统 |
CN101471923A (zh) * | 2007-12-27 | 2009-07-01 | 华为技术有限公司 | 发送协议报文、识别协议报文类型的方法、设备和系统 |
CN102055645A (zh) * | 2009-11-11 | 2011-05-11 | 上海贝尔股份有限公司 | 一种接入网络中ip业务数据流自动分类的方法及其装置 |
CN102238164A (zh) * | 2011-01-18 | 2011-11-09 | 北京中京创原通信技术有限公司 | 面向ip电信网的多协议报文适配方法 |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100454853C (zh) * | 2006-10-25 | 2009-01-21 | 华为技术有限公司 | 检测业务通道的方法及提供检测业务通道方法的系统 |
CN101925058B (zh) * | 2009-06-16 | 2013-03-27 | 杭州华三通信技术有限公司 | 一种身份认证的方法、系统和鉴别器实体 |
US10097452B2 (en) * | 2012-04-16 | 2018-10-09 | Telefonaktiebolaget Lm Ericsson (Publ) | Chaining of inline services using software defined networking |
-
2014
- 2014-10-17 CN CN201410554999.4A patent/CN105577579B/zh active Active
-
2015
- 2015-09-07 WO PCT/CN2015/089082 patent/WO2016058463A1/zh active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101155107A (zh) * | 2006-09-25 | 2008-04-02 | 华为技术有限公司 | 在弹性分组环上承载点到点协议的方法、装置及系统 |
CN101471923A (zh) * | 2007-12-27 | 2009-07-01 | 华为技术有限公司 | 发送协议报文、识别协议报文类型的方法、设备和系统 |
CN102055645A (zh) * | 2009-11-11 | 2011-05-11 | 上海贝尔股份有限公司 | 一种接入网络中ip业务数据流自动分类的方法及其装置 |
CN102238164A (zh) * | 2011-01-18 | 2011-11-09 | 北京中京创原通信技术有限公司 | 面向ip电信网的多协议报文适配方法 |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113839872A (zh) * | 2021-11-29 | 2021-12-24 | 军事科学院系统工程研究院网络信息研究所 | 一种面向虚链路的安全标签分发协议方法和系统 |
Also Published As
Publication number | Publication date |
---|---|
CN105577579B (zh) | 2020-09-01 |
CN105577579A (zh) | 2016-05-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9930008B2 (en) | Dynamic service chain with network address translation detection | |
EP3286896B1 (en) | Scalable intermediate network device leveraging ssl session ticket extension | |
US9979711B2 (en) | Authentication for VLAN tunnel endpoint (VTEP) | |
US10992709B2 (en) | Efficient use of IPsec tunnels in multi-path environment | |
US9871766B2 (en) | Secure path determination between devices | |
US9258218B2 (en) | Software-defined network overlay | |
US9516061B2 (en) | Smart virtual private network | |
WO2016091047A1 (zh) | 一种处理报文的方法及装置 | |
US10050870B2 (en) | Handling multipath flows in service function chaining | |
EP3424183A1 (en) | System and method for dataplane-signaled packet capture in ipv6 environment | |
US20160014016A1 (en) | Encoding Inter-Domain Shared Service Paths | |
US10601610B2 (en) | Tunnel-level fragmentation and reassembly based on tunnel context | |
US20150288603A1 (en) | Path Maximum Transmission Unit Handling For Virtual Private Networks | |
WO2014071605A1 (zh) | 处理报文的方法、转发面装置及网络设备 | |
CN104283701A (zh) | 配置信息的下发方法、系统及装置 | |
US20140095862A1 (en) | Security association detection for internet protocol security | |
WO2016058463A1 (zh) | 业务功能链中协议报文的处理方法、系统及业务功能节点 | |
WO2015143802A1 (zh) | 业务功能链处理方法及装置 | |
WO2013113171A1 (zh) | 流识别的方法、设备和系统 | |
WO2015184771A1 (zh) | 一种业务功能链操作、管理和维护方法及节点设备 | |
US12052229B2 (en) | Secure frame encryption as a service | |
WO2016165277A1 (zh) | 一种实现IPsec分流的方法和装置 | |
WO2022001937A1 (zh) | 业务传输方法、装置、网络设备和存储介质 | |
EP3224997B1 (en) | Communication path switching apparatus, method for controlling communication path switching apparatus, and computer program product | |
CN110636083B (zh) | 网络地址复用方法、装置、网络设备及存储介质 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15850372 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 15850372 Country of ref document: EP Kind code of ref document: A1 |