WO2016150296A1

WO2016150296A1 - Method and device for sending and receiving flow specification rule

Info

Publication number: WO2016150296A1
Application number: PCT/CN2016/075632
Authority: WO
Inventors: 梁乾灯; 尤建洁; 郝卫国
Original assignee: 华为技术有限公司
Priority date: 2015-03-23
Filing date: 2016-03-04
Publication date: 2016-09-29
Also published as: CN106161226A; CN106161226B

Abstract

Provided in embodiments of the present invention are a method and device for sending and receiving the flow specification rule. A first network device receives a flow specification rule ORF record sent from a second network device after determining that the second network device has the ability of sending the flow specification rule ORF record to the first network device, the flow specification rule ORF record being used for the first network device to filter the flow specification rule to be sent to the second network device. When the flow specification rule is available to be sent to the second network device by the first network device, the first network device filters the flow specification rule to be sent to the second network device according to the flow specification rule ORF record in order to send only the flow specification rule satisfied the flow specification rule ORF record filtering condition to the second network device, thereby solving the problem of resources waste caused by the network device of sending numerous invalid flow specification rules.

Description

Method and device for transmitting and receiving flow specification rules

This application claims the priority of the Chinese Patent Application filed on March 23, 2015, the Chinese Patent Application No. CN 201510127833.9, entitled "Method and Apparatus for Sending and Receiving Flow Specification Rules", the entire contents of which are incorporated by reference. In this application.

Technical field

The embodiments of the present invention relate to communication technologies, and in particular, to a method and an apparatus for transmitting and receiving a flow specification rule.

Background technique

The Border Gateway Protocol (BGP) protocol is widely used on the Internet to transfer routing information between Autonomous Systems (ASs) and ASs. The routing information that is transmitted includes: Network Protocol Reachability Information (NLRI) information such as Internet Protocol (IP) routing, Media Access Control (MAC) routing, and flow specification rules. . The flow specification rule is mainly used for network security defense, and the attack information or the suspected attack traffic information and the coping strategy (speed limit, dyeing, redirection, etc.) detected in the AS are distributed to the AS network edge router, and even spread across the domain, so that Attack traffic as early as possible.

For a router, there may be a large number of invalid flow specification rules in the received flow specification rules. In the prior art, in order to avoid the impact of the invalid flow specification rule on normal communication, the receiving end filters the flow specification rule sent by the sending end locally, and filters out the invalid flow specification rule. However, in the prior art method, the transmitting end still needs to send a large number of invalid flow specification rules, and the network bandwidth occupied by a large number of invalid flow specification rules and the central processing unit (CPU) computing resources are generated. Waste of network resources and computing resources.

Summary of the invention

Embodiments of the present invention provide a method and apparatus for transmitting and receiving a flow specification rule, which can support outbound route filtering for a flow specification rule, and reduce transmission of an invalid flow specification rule.

A first aspect of the present invention provides a method for transmitting a flow specification rule, including:

Determining, by the first network device, the second network device to send a flow specification rule outbound route filtering ORF record to the first network device;

Receiving, by the first network device, the flow specification rule ORF record sent by the second network device, where the flow specification rule ORF records a flow specification used by the first network device to be sent to the second network device Rules are filtered;

The first network device records, according to the flow specification rule ORF, a flow specification rule to be sent to the second network device;

The first network device sends the filtered flow specification rule to the second network device.

With reference to the first aspect of the present invention, in a first possible implementation manner of the first aspect of the present invention, the flow specification rule ORF record includes: a sequence number field of a flow specification rule ORF record, an action matching field, a filter type field, a filter specific operation and a value field, the sequence number field of the flow specification rule ORF record is used to carry a priority of the flow specification rule ORF record, and the action matching field is used to carry an action type that matches the flow specification rule. The filter type field is used to carry a filter type, and the filter specific operation and value field are used to carry a filter condition corresponding to the filter type.

With reference to the first possible implementation manner of the first aspect of the present invention, in a second possible implementation manner of the first aspect of the present disclosure, the flow specification rule ORF record further includes: a route identifier number field and a route identifier field The route identifier number field is used to carry the number of route identifiers, and the route identifier field is used to carry the route identifier.

With reference to the first or second possible implementation manner of the first aspect of the present invention, in a third possible implementation manner of the first aspect of the present disclosure, the flow specification rule ORF record further includes: a filter number field The filter number field is used to carry the number of filters.

With reference to the first possible implementation manner of the first aspect of the present invention, in a fourth possible implementation manner of the first aspect, the first network device records, according to the flow specification rule ORF, the The flow specification rules of the second network device are filtered, including:

The first network device includes, by the flow specification rule ORF record, an action matching field, a filter number field, a filter type field, a filter specific operation, and a value field, respectively, and the to-be-sent to the The flow specification rule of the second network device includes: an action type field, a filter Type field, filter specific operation, and value field for comparison;

If the action type set to be matched by the action matching field included in the flow specification rule ORF record is empty or the action type to be matched is included in the flow specification rule to be sent to the second network device In the action type included, the flow specification rule ORF record includes a filter set that is empty or a filter-specific operation of each filter type and a value space of the value field contain the to-be-sent to the second network The flow specification rule of the device includes a filter-specific operation of the filter type and a numerical space of the value field, and the first network device determines that the flow specification rule to be sent to the second network device matches the flow Specification rule ORF record.

With reference to the second possible implementation manner of the first aspect of the present invention, in a fifth possible implementation manner of the first aspect, the first network device records, according to the flow specification rule ORF, the The flow specification rules of the second network device are filtered, including:

The first network device includes, by the flow specification rule ORF record, an action matching field, a filter type field, a filter specific operation and a value field, and a route identifier field, respectively, to be sent to the second The flow specification rule of the network device includes: an action type field, a filter type field, a filter specific operation and a value field, and a route identifier field for comparison;

If the action type set to be matched by the action matching field included in the flow specification rule ORF record is empty or the action type to be matched is included in the flow specification rule to be sent to the second network device In the action type included, the flow specification rule ORF record includes a filter set that is empty or a filter-specific operation of each filter type and a value space of the value field contain the to-be-sent to the second network The flow specification rule of the device includes a filter-specific operation of the corresponding filter type and a numerical space of the value field, and the flow specification rule ORF record includes a route identifier set consisting of a route identifier that is empty or included in the route identifier set. And the first network device determines that the flow specification rule to be sent matches the flow specification rule ORF record, where the flow specification rule is to be sent to the second network device.

In conjunction with the first aspect of the present invention and any one of the first to fifth possible implementations of the first aspect of the present invention, in a sixth possible implementation of the first aspect of the present invention, the first The network device determines that the second network device is capable of transmitting the flow specification rule ORF record to the first network device, including:

The first network device obtains a first flow specification rule ORF capability parameter, where the first flow specification rule ORF capability parameter indicates a flow specification rule ORF capability supported by the second network device, where the first flow specification rule ORF capability parameter includes: At least one group is identified by an address family identifier, a sub-address family, a parameter set consisting of a flow specification rule ORF type and a transceiver capability identifier, and the transceiver capability identifier included in the first flow specification rule ORF capability parameter is used to indicate whether the second network device supports sending and/or receiving a flow specification rule ORF record. ;

The first network device compares the first flow specification rule ORF capability parameter with a second flow specification rule ORF capability parameter, and the second flow specification rule ORF capability parameter indicates a flow specification rule ORF capability supported by the first network device The second flow specification rule ORF capability parameter includes: at least one set of parameters consisting of an address family identifier, a sub-address family identifier, a flow specification rule ORF type, and a transceiving capability identifier, and the second flow specification rule ORF capability parameter The transceiver capability identifier included in the method is used to indicate whether the first network device supports sending and/or receiving a flow specification rule ORF record;

And if the first parameter set included in the first flow specification rule ORF capability parameter and the second parameter set included in the second flow specification rule ORF capability parameter include a flow specification rule ORF type, the first parameter set and the The second parameter set includes the same address family identifier and the sub-address family identifier, and the transceiver capability identifier of the first parameter set indicates the indication, and the second network device supports transmission, the flow specification rule ORF record, the second The transceiver capability identifier of the parameter set indicates that the first network device supports receiving the flow specification rule ORF record, and the first network device determines that the second network device can send the flow specification rule ORF record to the first network device.

With reference to the sixth possible implementation manner of the first aspect of the present invention, in a seventh possible implementation manner of the first aspect of the present disclosure, the first network device obtains the first flow specification rule ORF capability parameter, including:

Receiving, by the first network device, the BGP open message sent by the second network device in the process of establishing a BGP connection with the second network device, where the BGP open message sent by the second network device includes the first flow Standardize the ORF capability parameters.

In conjunction with the first aspect of the present invention and any one of the first to fourth possible implementations of the first aspect of the present invention, in a seventh possible implementation of the first aspect of the present invention, the first Receiving, by the network device, a flow specification rule ORF record sent by the second network device, including:

The first network device receives a BGP route refresh message sent by the second network device, where the BGP route refresh message includes the flow specification rule ORF record.

In conjunction with the first aspect of the present invention and any one of the first to fifth possible implementations of the first aspect of the present invention, in a ninth possible implementation of the first aspect of the present invention, the first After the network device receives the flow specification rule ORF record sent by the second network device, the method further includes:

Determining, by the first network device, the type of the flow specification rule ORF record according to the address family identifier and the sub-address family identifier included in the flow specification rule ORF record, and according to the sequence number recorded by the flow specification rule ORF The stream specification rule ORF records are stored in an ordered manner into the stream specification rule ORF list of the corresponding type.

A second aspect of the present invention provides a method for receiving a flow specification rule, including:

The second network device determines that the first network device is capable of receiving the flow specification rule outbound route filtering ORF record;

The second network device generates a flow specification rule ORF record according to the flow specification rule policy saved by itself;

Transmitting, by the second network device, the flow specification rule ORF record to the first network device;

The second network device receives the flow specification rule sent by the first network device, where the flow specification rule is that the first network device records the filtered flow specification rule according to the flow specification rule ORF.

With reference to the second aspect of the present invention, in a first possible implementation manner of the second aspect of the present invention, the flow specification rule ORF record includes: a sequence number field of a flow specification rule ORF record, an action matching field, and a filter type field. a filter specific operation and a value field, wherein the sequence number field of the flow specification rule ORF record is used to carry a priority of the flow specification rule ORF record, and the action matching field is used to carry an action type that matches the flow specification rule. The filter type field is used to carry a filter type, and the filter specific operation and value field are used to carry a filter condition corresponding to the filter type.

With reference to the first possible implementation manner of the second aspect of the present invention, in a second possible implementation manner of the second aspect of the present invention, the flow specification rule ORF record further includes: a route identifier number field and a route identifier field The route identifier number field is used to carry the number of route identifiers, and the route identifier field is used to carry the route identifier.

With reference to the first or second possible implementation manner of the second aspect of the present invention, in a third possible implementation manner of the second aspect of the present invention, the flow specification rule ORF record further includes: a filter number field The filter number field is used to carry the number of filters.

In conjunction with the second aspect of the present invention and any one of the first to third possible implementations of the second aspect of the present invention, in a fourth possible implementation of the second aspect of the present invention, the second The network device determines that the flow specification rule outbound route filtering ORF record can be sent to the first network device, including:

The second network device obtains a second flow specification rule ORF capability parameter, where the second flow specification rule ORF capability parameter indicates a flow specification rule ORF capability supported by the first network device, and the second flow specification rule ORF capability The parameter includes: at least one set of parameters consisting of an address family identifier and a sub-address family identifier, a flow specification rule ORF type, and a transceiver capability identifier, where the transceiver capability identifier included in the second flow specification rule ORF capability parameter is used to indicate the Whether the first network device supports sending and/or receiving a flow specification rule ORF record;

The second network device compares the second flow specification rule ORF capability parameter with a first flow specification rule ORF capability parameter, where the first flow specification rule ORF capability parameter indicates a flow specification rule ORF capability supported by the second network device, The first flow specification rule ORF capability parameter includes: at least one set of parameters consisting of an address family identifier and a sub-address family identifier, a flow specification rule ORF type, and a transceiving capability identifier, and the first stream specification rule ORF capability parameter includes The capability identifier is used to indicate whether the second network device supports sending and/or receiving a flow specification rule ORF record;

And if the first parameter set included in the first flow specification rule ORF capability parameter and the second parameter set included in the second flow specification rule ORF capability parameter include a flow specification rule ORF type, the first parameter set and the The second parameter set includes the same address family identifier and the sub-address family identifier, and the transceiver capability identifier of the first parameter set indicates that the second network device supports the sending flow specification rule ORF record, and the second parameter set is capable of transmitting and receiving. The identifier indicates that the first network device supports receiving the flow specification rule ORF record, and the second network device determines that the flow specification rule ORF record can be sent to the first network device.

With reference to the fourth possible implementation manner of the second aspect of the present invention, in a fifth possible implementation manner of the second aspect of the present disclosure, the second network device obtains the second flow specification rule ORF capability parameter, including:

Receiving, by the second network device, the BGP open message sent by the first network device in the process of establishing a BGP connection with the first network device, where the BGP open message sent by the first network device includes the The second-flow specification rules ORF capability parameters.

In conjunction with the second aspect of the present invention and any one of the first to fifth possible implementations of the second aspect of the present invention, in a sixth possible implementation of the second aspect of the present invention, the second The network device sends the flow specification rule ORF record to the first network device, including:

The second network device sends a BGP route refresh message to the first network device, where the route BGP refresh message includes the flow specification rule ORF record.

A third aspect of the present invention provides a first network device, including:

a determining module, configured to determine, by the second network device, a flow specification rule outbound route filtering ORF record to the first network device;

a receiving module, configured to receive the flow specification rule ORF record sent by the second network device, where the flow specification rule ORF records a flow specification rule to be sent by the first network device to the second network device Filtering;

a filtering module, configured to filter, according to the flow specification rule ORF, a flow specification rule to be sent to the second network device;

And a sending module, configured to send the filtered flow specification rule to the second network device.

With reference to the third aspect of the present invention, in a first possible implementation manner of the third aspect of the present invention, the flow specification rule ORF record includes: a sequence number field, an action matching field, and a filter type field of a flow specification rule ORF record a filter specific operation and a value field, wherein the sequence number field of the flow specification rule ORF record is used to carry a priority of the flow specification rule ORF record, and the action matching field is used to carry an action type that matches the flow specification rule. The filter type field is used to carry a filter type, and the filter specific operation and value field are used to carry a filter condition corresponding to the filter type.

With reference to the first possible implementation manner of the third aspect of the present invention, in a second possible implementation manner of the third aspect of the present invention, the flow specification rule ORF record further includes: a route identifier number field and a route identifier field The route identifier number field is used to carry the number of route identifiers, and the route identifier field is used to carry the route identifier.

With reference to the first or second possible implementation manner of the third aspect of the present invention, in a third possible implementation manner of the third aspect of the present invention, the flow specification rule ORF record further includes: a filter number field The filter number field is used to carry the number of filters.

With reference to the first possible implementation manner of the third aspect of the present invention, in a fourth possible implementation manner of the third aspect, the filtering module is specifically configured to:

And the flow specification rule ORF record includes: an action matching field, a filter number field, a filter type field, a filter specific operation, and a value field, respectively, and the flow to be sent to the second network device The specification rules include: action type fields, filter type fields, filter specific operations, and value fields for comparison;

If the action type set to be matched by the action matching field included in the flow specification rule ORF record is empty or the action type to be matched is included in the flow specification rule to be sent to the second network device Among the types of actions included, the flow specification rule ORF records include filtering The filter set is empty or the value space of the filter specific operation and value field of each filter type contains the filter specific operation of the filter type included in the flow specification rule to be sent to the second network device and And determining a value space of the value field, determining that the flow specification rule to be sent to the second network device matches the flow specification rule ORF record.

With reference to the second possible implementation manner of the third aspect of the present invention, in a fifth possible implementation manner of the third aspect, the filtering module is specifically configured to:

And the flow specification rule ORF record includes: an action matching field, a filter type field, a filter specific operation and a value field, and a route identification field, respectively, and the flow specification rule to be sent to the second network device Included: action type field, filter type field, filter specific operation and value field and route identification field are compared;

If the action type set to be matched by the action matching field included in the flow specification rule ORF record is empty or the action type to be matched is included in the action type included in the flow specification rule to be sent, The flow specification rule ORF record includes a filter set that is empty or a filter-specific operation of each filter type and a value space of the value field that includes the flow specification rule to be sent to the second network device a filter-specific operation and a value space of a value field, the flow specification rule ORF record includes a route identifier set consisting of a route identifier that is empty or the route identifier set includes the to-be-sent to the first And determining, by the flow specification rule of the network device, the flow identifier rule to be sent to the second network device, and matching the flow specification rule ORF record.

With reference to the third aspect of the present invention and any one of the first to fifth possible implementation manners of the third aspect of the present invention, in a sixth possible implementation manner of the third aspect of the present invention, the determining module Specifically used for:

Obtaining a first flow specification rule ORF capability parameter, the first flow specification rule ORF capability parameter indicating a flow specification rule ORF capability supported by the second network device, the first flow specification rule ORF capability parameter comprising: at least one group of address families The parameter set consisting of the identifier, the sub-address family identifier, the flow specification rule ORF type, and the transceiver capability identifier, and the transceiver capability identifier included in the first-flow specification rule ORF capability parameter is used to indicate whether the second network device supports sending and/or Or receive a flow specification rule ORF record;

Comparing the first flow specification rule ORF capability parameter with a second flow specification rule ORF capability parameter, the second flow specification rule ORF capability parameter indicating a flow specification rule ORF capability supported by the first network device, the second flow The specification rule ORF capability parameters include: at least one group is identified by an address family, a parameter set consisting of a sub-address family identifier, a flow specification rule ORF type, and a transceiving capability identifier, where the transceiving capability identifier included in the second-flow specification rule ORF capability parameter is used to indicate whether the first network device supports sending and/or Receive stream specification rule ORF record;

And if the first parameter set included in the first flow specification rule ORF capability parameter and the second parameter set included in the second flow specification rule ORF capability parameter include a flow specification rule ORF type, the first parameter set and the The second parameter set includes the same address family identifier and the sub-address family identifier, and the transceiver capability identifier of the first parameter set indicates that the second network device supports the sending flow specification rule ORF record, and the second parameter set is capable of transmitting and receiving. The identifier indicates that the first network device supports receiving the flow specification rule ORF record, and determining that the second network device is capable of sending a flow specification rule ORF record to the first network device.

With reference to the sixth possible implementation manner of the third aspect of the present invention, in the seventh possible implementation manner of the third aspect of the present invention, the acquiring the first flow specification rule ORF capability parameter includes:

The BGP open message sent by the second network device is received in the process of establishing a BGP connection with the second network device, and the BGP open message sent by the second network device includes the first flow specification rule ORF capability parameter.

With reference to the third aspect of the present invention and any one of the first to fifth possible implementation manners of the third aspect of the present invention, in the eighth possible implementation manner of the third aspect of the present invention, the receiving module Specifically used for:

Receiving a BGP route refresh message sent by the second network device, where the BGP route refresh message includes the flow specification rule ORF record.

With reference to the third aspect of the present invention and any one of the first to fifth possible implementation manners of the third aspect of the present invention, in a ninth possible implementation manner of the third aspect of the present invention, the device is further Including a storage processing module;

The storage processing module, configured to determine, after the receiving module receives the flow specification rule ORF record sent by the second network device, according to the address family identifier and the sub-address family identifier included in the flow specification rule ORF record The flow specification rules the type of ORF record, and stores the flow specification rule ORF record in an orderly manner according to the sequence number of the flow specification rule ORF record into the flow specification rule ORF list of the corresponding type.

A fourth aspect of the present invention provides a second network device, including:

a determining module, configured to determine that the first network device is capable of receiving a flow specification rule outbound route filtering ORF record;

a generating module, configured to generate a flow specification rule ORF record according to a flow specification rule policy saved by the second network device;

a sending module, configured to send, to the first network device, a flow specification rule ORF record generated by the generating module;

And a receiving module, configured to receive a flow specification rule sent by the first network device, where the flow specification rule is that the first network device records the filtered flow specification rule according to the flow specification rule ORF.

With reference to the fourth aspect of the present invention, in a first possible implementation manner of the fourth aspect of the present invention, the flow specification rule ORF record includes: a sequence number field of a flow specification rule ORF record, an action matching field, and a filter type field. a filter specific operation and a value field, wherein the sequence number field of the flow specification rule ORF record is used to carry a priority of the flow specification rule ORF record, and the action matching field is used to carry an action type that matches the flow specification rule. The filter type field is used to carry a filter type, and the filter specific operation and value field are used to carry a filter condition corresponding to the filter type.

With reference to the first possible implementation manner of the fourth aspect of the present invention, in a second possible implementation manner of the fourth aspect of the present invention, the flow specification rule ORF record further includes: a route identifier number field and a route identifier field The route identifier number field is used to carry the number of route identifiers, and the route identifier field is used to carry the route identifier.

With reference to the first or second possible implementation manner of the fourth aspect of the present invention, in a third possible implementation manner of the fourth aspect of the present invention, the flow specification rule ORF record further includes: a filter number field The filter number field is used to carry the number of filters.

With reference to the fourth aspect of the present invention and any one of the first to third possible implementation manners of the fourth aspect of the present invention, in a fourth possible implementation manner of the fourth aspect of the present invention, the determining module Specifically used for:

Obtaining a second flow specification rule ORF capability parameter, where the second flow specification rule ORF capability parameter indicates a flow specification rule ORF capability supported by the first network device, and the second flow specification rule ORF capability parameter includes: at least one group a parameter set consisting of an address family identifier, a sub-address family identifier, a flow specification rule ORF type, and a transceiver capability identifier, where the transceiver capability identifier included in the second-flow specification rule ORF capability parameter is used to indicate whether the first network device is Support for sending and/or receiving flow specification rules ORF records;

Comparing the second flow specification rule ORF capability parameter with a first flow specification rule ORF capability parameter, the first flow specification rule ORF capability parameter indicating a flow specification rule supported by the second network device ORF capability, the first flow specification rule ORF capability parameter includes: at least one set of parameters consisting of an address family identifier, a sub-address family identifier, a flow specification rule ORF type, and a transceiving capability identifier, and the first flow specification rule ORF capability parameter The transceiver capability identifier included in the indication is used to indicate whether the second network device supports sending and/or receiving a flow specification rule ORF record;

And if the first parameter set included in the first flow specification rule ORF capability parameter and the second parameter set included in the second flow specification rule ORF capability parameter include a flow specification rule ORF type, the first parameter set and the The second parameter set includes the same address family identifier and the sub-address family identifier, and the transceiver capability identifier of the first parameter set indicates that the second network device supports sending, the flow specification rule ORF records, and the second parameter set of the transceiver capability identifier Instructing the first network device to support receiving a flow specification rule ORF record, determining that the second network device is capable of transmitting a flow specification rule ORF record to the first network device.

With reference to the fourth possible implementation manner of the fourth aspect of the present invention, in the fifth possible implementation manner of the fourth aspect of the present invention, the acquiring the second flow specification rule ORF capability parameter includes:

Receiving, in the process of establishing a BGP connection between the second network device and the first network device, receiving a BGP open message sent by the first network device, where the BGP open message sent by the first network device includes the The second-flow specification rules ORF capability parameters.

With reference to the fourth aspect of the present invention and any one of the first to fifth possible implementation manners of the fourth aspect of the present invention, in a sixth possible implementation manner of the fourth aspect of the present invention, the sending module Specifically used for:

Sending a BGP route refresh message to the first network device, where the BGP route refresh message includes the flow specification rule ORF record.

A fifth aspect of the present invention provides a network system, where the network system includes: a first network device and a second network device;

The first network device is configured to perform the method according to any one of the first to ninth possible implementations of the first aspect of the present invention and the first aspect of the present invention;

The second network device is configured to perform the method of any one of the second aspect of the present invention and the first to sixth possible implementations of the second aspect of the present invention.

The method and device for transmitting and receiving a flow specification rule provided by the embodiment of the present invention, after determining that the second network device can send the flow specification rule ORF record to the first network device, the first network device receives the flow specification sent by the second network device. The rule ORF record, the flow specification rule ORF record is used by the first network device to filter the flow specification rule sent to the second network device, when the first network device has When the flow specification rule is sent to the second network device, the first network device filters the flow specification rule to be sent according to the flow specification rule ORF, and only sends the flow specification rule that satisfies the flow specification rule ORF record filter condition to the second network device, The problem that the network device sends a large number of invalid flow specification rules and wastes resources is solved.

DRAWINGS

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly introduced one by one. It is obvious that the drawings in the following description are Some embodiments of the present invention may also be used to obtain other drawings based on these drawings without departing from the prior art.

FIG. 1 is a flowchart of a method for sending a flow specification rule according to Embodiment 1 of the present invention;

2 is a format of a flow specification ORF record newly defined in an embodiment of the present invention;

FIG. 3 is a format of a filter corresponding to four types of Filter Types provided by the embodiment;

4 is an example of a message content carrying an IPv4 flow specification rule ORF record A that rejects any filter that matches the value of ICMP Type;

5 is an example of message content of an IPv4 flow specification rule ORF record B carrying a filter that rejects any matching ICMP Code value;

FIG. 6 is a flowchart of a method for receiving a flow specification rule according to Embodiment 2 of the present invention;

FIG. 7 is a schematic structural diagram of a first network device according to Embodiment 3 of the present invention;

FIG. 8 is a schematic structural diagram of a second network device according to Embodiment 4 of the present invention;

FIG. 9 is a schematic structural diagram of a first network device according to Embodiment 5 of the present invention;

FIG. 10 is a schematic structural diagram of a second network device according to Embodiment 6 of the present invention;

FIG. 11 is a schematic structural diagram of a network system according to Embodiment 7 of the present invention.

detailed description

The technical solutions in the embodiments of the present invention will be clearly and completely described in conjunction with the drawings in the embodiments of the present invention. It is a partial embodiment of the invention, and not all of the embodiments. Based on the embodiments of the present invention, those of ordinary skill in the art obtain the following without creative efforts. All other embodiments obtained are within the scope of the invention.

FIG. 1 is a flowchart of a method for sending a flow specification rule according to Embodiment 1 of the present invention. As shown in FIG. 1 , the method in this embodiment may include the following steps:

Step 101: The first network device determines that the second network device is capable of sending a flow specification rule ORF record to the first network device.

In this embodiment, an outbound route filtering (English translation is: Outbound Route Filtering, ORF for short) type: flow specification rule (English translation: Flow Specification rule) ORF type, flow specification rule ORF capability for border gateway The Border Gateway Protocol (BGP) is a new capability. To implement the functions of this embodiment, the BGP protocol needs to be extended accordingly. A new ORF type is added to the original BGP protocol, that is, the flow specification ORF type is supported, so that the flow specification ORF capability is supported. Negotiation.

In this embodiment, the first network device may determine, by using the flow specification rule ORF capability negotiation, that the second network device can send the flow specification rule outbound route filtering ORF record to the first network device. The negotiation process is specifically as follows:

First, the first network device obtains a first flow specification rule ORF capability parameter, where the first flow specification rule ORF capability parameter indicates a flow specification rule ORF capability supported by the second network device, and the first flow specification rule ORF capability parameter includes: at least one group of addresses A set of parameters consisting of an address family identifier (AFI), a sub-address family identifier sub-address family identifier (SAFI), a flow specification rule ORF type, and a transceiver capability identifier. The first-flow specification rule ORF capability. The transceiving capability identifier included in the parameter is used to indicate whether the second network device supports sending and/or receiving a stream specification rule ORF record (Entry).

The first network device obtains the first flow specification rule ORF capability parameter, where the first network device receives the BGP open (OPEN) message sent by the second network device in the process of establishing a BGP connection with the second network device, and the second network The BGP OPEN message sent by the device includes the first flow specification rule ORF capability parameter. The first-flow specification rule ORF capability parameter can be expressed in the following manner: <AFI=1/SAFI=133, FlowSpec-ORF-Type, Send/Receive=both>, the expression indicates that the first network device can receive and transmit the IPv4 type. The flow specification rule ORF record, Flow Spec-ORF-Type indicates the flow specification rule ORF type, and the specific value of the flow specification rule ORF type can be set as needed, for example, by the Internet Assigned Numbers Authority (IANA). The distribution is not limited by the present invention.

In the above example, the first network device supports sending and receiving an IPv4 flow specification rule ORF record, Of course, the first network device may also support sending and/or receiving multiple types of flow specification rule ORF records, as shown in Table 1:

Table 1

It can be seen from Table 1 that when AFI=1/SAFI=134, the first network device supports sending and/or receiving an IPV4-based Virtual Private Network (VPN) flow specification rule ORF record when AFI=2/ When SAFI=133, the first network device supports sending and/or receiving IPV6-based flow specification rule ORF records. When AFI=2, SAFI=134, the first network device supports sending and/or receiving IPV6-based VPN flow specifications. The rule ORF records that when AFI=25, SAFI=134, the first network device supports sending and/or receiving a Layer 2 VPN flow specification rule ORF record.

After obtaining the first flow specification rule ORF capability parameter, the first network device compares the first flow specification rule ORF capability parameter with the second flow specification rule ORF capability parameter, where the second flow specification rule ORF capability parameter indicates the flow supported by the first network device Regulating the rule ORF capability, the second flow specification rule ORF capability parameter includes: at least one set of parameters consisting of AFI, SAFI, flow specification rule ORF type, and transceiving capability identifier, the second flow specification rule included in the ORF capability parameter The transceiving capability identifier is used to indicate whether the first network device supports sending and/or receiving a flow specification rule ORF record. If the first parameter set included in the first flow specification rule ORF capability parameter and the second parameter set included in the second flow specification rule ORF capability parameter both contain a flow specification rule ORF type, the first parameter set and the second parameter set include the same AFI and SAFI, and the transceiver capability identifier of the first parameter set indicates that the second network device supports the transmission flow specification rule ORF record, and the transceiver capability identifier of the second parameter set indicates that the first network device supports the receive flow specification rule ORF record, then A network device determines that the second network device can send a flow specification rule ORF record to the first network device, and the flow specification rule ORF capability is negotiated. In the embodiment of the present invention, if the first flow specification rule ORF capability parameter includes multiple groups In the parameter set, the first parameter set is the first stream specification rule. The ORF capability parameter includes at least one set of parameters in the plurality of sets of parameters. Similarly, if the second stream specification rule ORF capability parameter includes multiple sets of parameter sets, the second parameter set is the second stream specification rule. The ORF capability parameter includes at least one set of parameter sets in the plurality of sets of parameter sets. If the first norm rule ORF capability parameter includes a set of parameters, the first parameter set is the set of parameters included in the first stream specification rule ORF capability parameter, and if the second stream specification rule ORF capability parameter includes a set of parameters The second parameter set is the set of parameters included in the second flow specification rule ORF capability parameter.

In this embodiment, the first network device is used as the sending end of the flow specification rule, and the receiving end of the flow specification rule ORF record, and the second network device is used as the receiving end of the flow specification rule and the sending end of the flow specification rule ORF record. Of course, the first network device may be used as the receiving end of the flow specification rule, the sending end of the flow specification rule ORF record, and the second network device is used as the transmitting end of the flow specification rule and the receiving end of the flow specification rule ORF record. It is also possible that the first network device and the second network device simultaneously serve as a transmitting end and a receiving end of the flow specification rule and the flow specification rule ORF record. The flow specification rule ORF capability negotiation result of the first network device and the second network device may have the following four results: (1) the first network device only sends the flow specification rule ORF record corresponding to at least one type of flow specification rule, The second network device only receives the flow specification rule ORF record corresponding to the at least one type of flow specification rule sent by the first network device. (2) The first network device only receives the flow specification rule ORF record corresponding to the at least one type of flow specification rule, and the second network device sends only the flow specification corresponding to the at least one type of flow specification rule that the first network device can receive. Regular ORF record. (3) Both the first network device and the second network device support sending and receiving a flow specification rule ORF record corresponding to at least one type of flow specification rule. (4) If the negotiation is unsuccessful, the first network device and the second network device cannot spread the ORF of the flow specification rule to each other.

In this embodiment, the flow specification rule ORF capability supported or enabled by the first network device and the second network device should be based on the capability of the flow specification rule supported or enabled, for example, the first network device and the second network device are only in the The IPv4 flow specification rule ORF function can be supported or enabled when the IPv4 flow specification rule function is enabled or enabled.

Step 102: The first network device receives a flow specification rule ORF record sent by the second network device, where the flow specification rule ORF records a flow specification rule used by the first network device to be sent to the second network device.

In this embodiment, the second network device generates a flow specification rule ORF record according to its own flow specification rule policy, and the flow specification rule policy may be a network operation and maintenance personnel through a configuration command/network management or application. The program is configured into a second network device through a device open interface (eg, RESTful API Over Http), which is a filtering policy for a particular type of flow specification rule for the first network device.

In this embodiment, the flow specification rule ORF type needs to match the filter set expressing the message characteristics in the flow specification rule, so the filter type supported by the flow specification rule ORF type and the filter type supported by the flow specification rule are completely consistent. For example, the packet feature tuple corresponding to the filter type supported by the flow specification rule ORF type includes: the packet length, the destination IP address of the Internet Protocol (IP) header, the source IP address, the protocol type, and the difference. Source port and destination of the Service Code Point (DSCP), the Fragment Flag, and the User Datagram Protocol (UDP)/Transmission Control Protocol (TCP) Port, TCP Flag field and Internet Control Message Protocol (ICMP) Type field and Code field.

For the newly added flow specification rule ORF type of the present invention, a new ORF entity message format needs to be defined, which is used to carry the filter condition of the flow specification rule, and the basic format of the flow specification rule ORF record newly defined in this embodiment is existing. The ORF [RFC5291] definition is consistent and extends the Type specific part field of the ORF record.

2 is a format of a flow specification ORF record newly defined in the embodiment of the present invention. As shown in FIG. 2, the format of the flow specification rule ORF record includes the following fields: an Action field, a Match field, and a Reserved (Reserved). ) field and Type specific part field. The Action field usually takes 2 bits and has three values. For example, you can use 00 for the Add operation, 01 for the Remove operation, and 10 for the Remove-all operation. The Match field usually takes 1 bit and can represent two different meanings by two values. For example, 0 means Permit, 1 means Deny, and when the stream specification rule ORF records the value of the Match field. 0 indicates that the flow specification rule that satisfies the filter condition is allowed to pass. When the value of the Match field of the flow specification rule ORF record is 1, it indicates that the flow specification rule that satisfies the filter condition is not allowed to pass. The sender of the Reserved field shall pad it to 0, and the receiver shall ignore this field.

The Type specific part field is a variable length field. In this embodiment, the Type specific part field includes: a sequence number (Sequence) field, an action matching (Action Matching) field, and a filter number (Filter Number) of the flow specification rule ORF record. Field, Filter Type field, filter specific action, and value field. Where the Sequence field can occupy 4 The byte is generally used to carry the priority of the flow specification rule ORF record, and can also be used to carry the ID or key value of the flow specification rule ORF record. When the first network device stores the flow specification rule ORF entry, it can follow the sequence of the sequence. In-order storage, when the flow specification rule is matched, the flow specification rule to be matched is preferentially matched with the flow specification rule ORF entry with higher priority. The Filter Number field can occupy 8 bits and is used to carry the number of filters included in the flow specification ORF record. A flow specification rule ORF record can include multiple filters, which can also be called a filter set. Action Matching is used to carry the action type that matches the flow specification rule. The action type of each flow specification rule corresponds to a tag bit, and the action position corresponding to the action type of the flow specification rule indicates that the action type matches the flow specification rule. The mark position 0 corresponding to the action type of the rule indicates the action type that does not match the flow specification rule. Once some of the flag bits of the Action Matching field are set, in the matching process, it is necessary to check whether the action type of the flow specification rule corresponding to the set flag bit is included in the currently compared flow specification rule, if If the part of the action type of the flow specification rule corresponding to the set flag bit is not in the currently compared flow specification rule, the currently compared flow specification rule does not match. The value of the Action Matching field is 0, that is, no flag bit is set, indicating that the action type set of the flow specification rule to be matched is empty, and the matching result of the action type is matched by default. The action type definition of the flow specification rule represented by the bit of the Action Matching is as shown in Table 2. The definition is changed according to the standard change of the type of the flow specification rule action. Table 2 is the action type of the commonly used flow specification rule:

Table 2

Table 2 shows that when the action matching bit 0 is set, the action type of the flow specification rule to be matched is traffic-rate. When the bit 1 of the Action Matching is set, the flow to be matched is indicated. The action type of the canonical rule is traffic-action. When the bit 2 of the Action Matching is set, the action type of the flow specification rule to be matched is redirect. When the bit 3 of the Action Matching is set. , indicating that the action type of the flow specification rule to be matched is traffic-marking. The specific definition of the action types of the above four flow specification rules can be referred to RFC5575, and will not be described in detail herein.

In the embodiment, the flow specification rule ORF record may further include more or less fields. For example, the flow specification rule ORF record may have no Filter Number field, and the SAFI value is 134 (representing the VPN flow) The ORF record also includes: the number of the route identifier (RD number: Route Distinguisher, RD for short) field and the route identifier field, the RD number field is used to carry the number of RDs, and the RD field is used for the rule ORF record. Carrying a route identifier, the RD field can carry multiple RDs. When the value of SAFI is other, the RD number field and the RD field are not included in the flow specification rule ORF record. And the order of the fields of the flow specification rule ORF record can be adjusted, and only one possible format is shown in FIG. 2, and the length of each field is not limited in this embodiment.

The filter type field is used to carry the filter type. In this embodiment, the Filter Type of the flow specification rule ORF record is consistent with the definition of the Filter Type of the existing flow specification rule, and most of the flow specification rules ORF record and flow specification The filter-specific actions and the format definition of the values are also consistent. Only a few flow specification rules ORF record Filter Type filter specific operation and value format definition (specifically the filter corresponding to the four Filter Types in Table 3) and filter specification rules filter specific operations and take The format definition of the value is different.

table 3

The four Filter Types in Table 3 are all Filter Types of the prefix type. Type 1 is used to match the destination IP address prefix of the flow specification rule. The destination IP address can be of IPv4 or IPv6 type (for example, the flow specification rule ORF record corresponds to AFI). When the value is 1, the filter type is the IPv4 destination address prefix filter. Type 2 is used to match the source IP address prefix of the flow specification rule. The source IP address can be IPv4 or IPv6, and Type 14 is used for the flow specification rule. The destination MAC prefix is matched, and Type 15 is used to match the source MAC prefix of the flow specification rule.

The definition of the Filter format corresponding to the four Filter Types in Table 3 is as shown in FIG. 3. FIG. 3 is a format of a Filter corresponding to the four Filter Types provided by the embodiment. The format of the Filter includes the following fields: a Filter Type field and a matching prefix. Maximum length (MaxLen), minimum length of matching prefix (MinLen), actual length of matching prefix, and matching prefix (Prefix), The definitions of the MaxLen, MinLen, Length, and Prefix fields are consistent with the definitions of the same fields in RFC5292, and are not described in detail here. When Filter is the source address prefix or destination address prefix filter of IPv4, MaxLen is not greater than 32. When Filter is the source address prefix or destination address prefix filter of IPv6, MaxLen is not greater than 128.

For the four Filter Types in Table 3, the filter-specific rules and value fields of the flow specification rule ORF record are the collection of MaxLen, MinLen, Length, and Prefix fields. The filter-specific operation and value field of the flow specification rule are Length. , a collection of Prefix fields.

In addition to the above 4 Filter Type, the Filter Type can also include:

Type3: IP protocol, used to match the protocol type of the flow specification rule message.

Type 4: Port used to match the source port and destination port of the flow specification packet.

Type 5: Destination port, used to match the destination port of the flow specification rule packet.

Type6: Source port, used to match the source port of the flow specification rule packet.

Type7: ICMP type, used to match the ICMP type field of the flow specification rule packet.

Type 8: ICMP code, used to match the ICMP code field of the flow specification rule message.

Type 9: TCP Flags, used to match the TCP Flags field of the flow specification rule message.

Type 10: Packet length, used to match the total length of the flow specification rule message.

Type11: DSCP is used to match the DSCP field of the flow specification rule packet.

Type12: Fragment, used to match the mask bit format of the flow specification rule message.

For the four Filter Types shown in Table 3, the corresponding filter-specific operations and value fields of the flow specification rule ORF record and the flow specification rule are at least one of the option field and the value corresponding to the option field. A collection of two-tuple fields.

For specific applications, the flow specification rule ORF record can be used to indicate the specific capability or some security policy of the second network device to support the flow specification rule. For example, a conventional router and a three-layer (L3) switch implement a forwarding information table FIB in a hardware manner, for example, a Ternary Content Addressable Memory (TCAM) or an application specific integrated circuit (Application Specific Integrated). Circuits (referred to as ASICs) implement FIB. Generally, they can support IPv4/IPv6 Access Control List (ACL) and Layer 2 (L2) ACLs. However, the forwarding planes of such network devices generally do not support ICMP Types and Codes. Match of fields. The matching tuples of the virtual router (vRouter) or some new forwarding devices that support the flow specification rules are more comprehensive. Therefore, even if different network devices have the flow specification rule function enabled, their support The flow specification rules Filter and Action Type may also differ. In this case, the network device can generate a flow specification rule ORF record to express the specific capability difference of the network device supporting the flow specification rule, and advertise it to its own BGP peer to avoid receiving the BGP peer from the BGP peer. Flow specification rules that are not fully supported.

Assuming that the second network device does not support the matching of the Code and Type fields of the ICMP packet of the traffic specification rule, the two stream specification rule ORF entries generated by the second network device will be rejected (Deny) containing any matching ICMP Code or Type field values. The flow specification rules for the filter. After generating the flow specification rule ORF record, the second network device sends the flow specification rule ORF record to the first network device, where the flow specification rule ORF record is used by the first network device to perform flow specification rules sent to the second network device. filter. The second network device sends the flow specification rule ORF record in a BGP Route Refresh (ROUTE-REFRESH) message to the first network device.

4 is an example of a packet content carrying an IPv4 flow specification rule ORF record A that rejects any filter matching the ICMP Type value, and FIG. 5 is an IPv4 flow specification rule ORF carrying a filter that rejects any matching ICMP Code value. An example of a message content of record B. As shown in FIG. 4, the fields of the packet of the flow specification rule ORF record A are: 2-bit Action field, 1-bit Match field, 32-bit Sequence field, 8-bit Filter Number field, 32-bit Action Matching Field, 8-bit Filter Type field, 8-bit first option field (op1), 8-bit first value field (value1), 8-bit second option field (op2) and 8-bit second ratio Value field (value2). The Action field of the Action field has the value of Add, the corresponding enumeration value is 0; the value of the Match field is Deny, the enumeration value of Deny is 1, and the value of the Sequence field is 1; the Filter Number field The value of 1 indicates that there is only one Filter in the ORF record of the flow specification rule; the value of the Action Matching field is 0, indicating that the action type of any flow specification rule does not match. The value of the Filter Type field is ICMP Type, ICMP Type. The corresponding enumeration value can be 7, the value of op1 is 0x03, the value of value1 is 0x00, indicating that the value of ICMP Type is greater than or equal to 0, the value of op2 is 0xc5, and the value of value2 is 0xff, indicating ICMP Type. The value of the filter-specific operation and value field of the "ICMP Type" type filter included in the flow specification rule ORF record is 0 to 255. The format of the "ICMP Code" type filter included in the ORF record B of the Pv4 stream specification rule in FIG. 5 is the same as the format definition of the "ICMP Type" type filter included in the ORF record A of FIG. 4, and will not be described here. -

Optionally, the first network device receives the flow specification rule ORF record sent by the second network device. After that, the first network device may further determine the type of the flow specification rule ORF record according to the AFI and SAFI included in the flow specification rule ORF record, and store the flow specification rule ORF record in an orderly manner according to the sequence number of the flow specification rule ORF record. The corresponding type of flow specification is in the ORF list. For example, suppose there are two types of flow specification rule ORF lists, which are used to store AFI=1, SAFI=133 IPv4 flow specification rule ORF record, AFI=1, SAFI=134 VPNv4 flow specification rule ORF record. Each type of flow specification rule ORF list stores the sequence specification ORF record according to the sequence number of the stream specification rule ORF.

Step 103: The first network device records, according to the flow specification rule ORF, a flow specification rule to be sent to the second network device.

When the first network device sends the flow specification rule to the second network device, the first network device queries the flow specification rule ORF record sent by the second network device, and performs matching filtering processing on the flow specification rule to be sent to the second network device. . Different types of flow specification rules ORF records are stored in different flow specification rule ORF lists. Before matching, the first network device first determines to be sent to the second according to the AFI and SAFI of the flow specification rules to be sent to the second network device. The type of the flow specification rule of the network device, query the corresponding type flow specification rule ORF list, and then use the flow specification rule ORF record in the flow specification rule ORF list to match the flow specification rule to be sent to the second network device, and match first. The flow specification rules ORF records take effect. After the matching is successful, the action indicated by the matching field recorded by the matched ORF specification rule ORF (allow or deny) determines whether to send the flow specification rule to be sent to the second network device to the second network device. If the action indicated by the matching field is allowed, the first network device sends the flow specification rule to be sent to the second network device to the second network device, and if the action indicated by the matching field is rejected, the first network device is to be sent. The flow specification rules for the second network device are filtered out and are not sent to the second network device.

In this embodiment, the to-be-sent flow specification rule that the first network device sends to the second network device may be sent by the other network device to the first network device, or may be generated by the first network device according to the configuration.

When matching each flow specification rule ORF record, the first network device records the flow specification rule ORF record: an Action Matching field, a Filter Type field, a filter specific operation, and a value field, respectively, to be sent to the second The flow specification rules of the network device include: an Action Type field, a Filter Type field, a filter specific operation, and a value field for comparison. If the flow specification rule ORF record includes an Action Matching field indicating that the set of action types to match is empty (ie, the value of the Action Matching field is 0) or the flow specification rule ORF record includes The action type indicated by the Action Matching field to be matched is included in the action type included in the flow specification rule to be sent to the second network device, and the flow specification rule ORF record includes the filter set as empty or the flow specification rule ORF record includes The value space of the filter-specific operation and value field for each filter type contains the value space of the filter-specific operation and value field of the filter type to be sent to the flow specification rule of the second network device. The first network device determines that the flow specification rule to be sent to the second network device matches the flow specification rule ORF record.

When the Type specific part field of the flow specification rule ORF record includes the RD field, the first network device filters the flow specification rule to be sent according to the flow specification rule ORF, specifically: the first network device includes the flow specification rule ORF record. The Action Matching field, the Filter Type field, the filter specific operation and the value field, and the RD field are respectively included in the flow specification rule to be sent to the second network device: an Action Type field, a Filter Type field, a filter specific operation, and The value field and the RD field are compared. If the action type specified by the Action Matching field included in the flow specification rule ORF record is set to be empty or the flow specification rule ORF record includes the action type indicated by the Action Matching field to be matched, the action type to be matched is included in the second network to be sent. Among the action types included in the flow specification rule of the device, the flow specification rule ORF record includes a filter set that is empty or the flow specification rule ORF records contain filter-specific operations and the value space of each value field contains The flow specification rule of the filter type to be sent to the second network device includes a filter-specific operation and a value space of the value field, and the flow specification rule ORF record includes a set of route identifiers consisting of RDs or is in the route identifier set. And including the RD included in the flow specification rule to be sent to the second network device, the first network device determines that the flow specification rule to be sent to the second network device matches the flow specification rule ORF record.

Step 104: The first network device sends the filtered flow specification rule to the second network device.

Specifically, the first network device may send the filtered flow specification rule to the second network device in the BGP update (UPDATE) message. Of course, the first network device may also carry the filtered flow specification rule in other messages. The method is sent to the second network device, which is not limited in this embodiment.

In this embodiment, after determining that the second network device can send the flow specification rule outbound route filtering ORF record to the first network device, the first network device receives the flow specification rule ORF record sent by the second network device, and the flow specification rule ORF Recording a flow specification rule for the first network device to send to the second network device, when the first network device has a flow specification rule sent to the second network device, the first network device records the ORF according to the flow specification rule Flow specification rules Filtering, only the flow specification rule that satisfies the flow specification rule ORF record filtering condition is sent to the second network device, which solves the problem that the network device sends a large number of invalid flow specification rules, resulting in waste of resources.

FIG. 6 is a flowchart of a method for receiving a flow specification rule according to Embodiment 2 of the present invention. This embodiment is described from the perspective of a second network device. As shown in FIG. 6, the method provided in this embodiment may include the following steps:

Step 201: The second network device determines that the first network device is capable of receiving the flow specification rule ORF record.

Specifically, the second network device obtains a second flow specification rule ORF capability parameter, where the second flow specification rule ORF capability parameter indicates a flow specification rule ORF capability supported by the first network device, and the second flow specification The rule ORF capability parameter includes: at least one set of parameters consisting of AFI, SAFI, flow specification rule ORF type, and transceiver capability identifier, and the transceiver capability identifier included in the second flow specification rule ORF capability parameter is used to indicate the first network device. Whether to support sending and/or receiving flow specification rules ORF records. The second network device obtains the second flow specification rule ORF capability parameter, where the second network device receives the BGP OPEN message sent by the first network device in the process of establishing a BGP connection with the first network device, where the first network The BGP OPEN message sent by the device includes the second flow specification rule ORF capability parameter.

Then, the second network device compares the second flow specification rule ORF capability parameter with the first flow specification rule ORF capability parameter, the first flow specification rule ORF capability parameter indicates a flow specification rule ORF capability supported by the second network device, and the first flow specification rule ORF The capability parameter includes: a set of parameters consisting of the AFI, the SAFI, the flow specification rule ORF type, and the transceiver capability identifier, where the transceiver capability identifier included in the first flow specification rule ORF capability parameter is used to indicate whether the second network device supports sending And/or receive flow specification rules ORF records.

If the first parameter set included in the first flow specification rule ORF capability parameter and the second parameter set included in the second flow specification rule ORF capability parameter both contain a flow specification rule ORF type, the first parameter set and the second parameter set include the same AFI and SAFI, and the transceiver capability identifier of the first parameter set indicates that the second network device supports the transmission flow specification rule ORF record, and the transceiver capability identifier of the second parameter set indicates that the first network device supports the receive flow specification rule ORF record, then The second network device determines that the flow specification rule ORF record can be sent to the first network device.

For a specific implementation of this step, reference may be made to the related description of Embodiment 1, and details are not described herein again.

Step 202: The second network device generates a flow specification rule ORF record according to its own flow specification rule policy.

The flow specification rule ORF record includes: Action field, Match field, Reserved a field and a Type specific part field, where the Type specific part field includes: a Sequence field of the flow specification rule ORF record, an Action Matching field, a Filter Type field, a filter specific operation and a value field, and a Sequence field is used to carry the flow specification rule ORF The priority of the record. The Action Matching field is used to carry the Action Type that matches the flow specification rule. The Filter Type field is used to carry the Filter Type. The filter specific operation and the value field are used to carry the filter condition corresponding to the Filter Type. Optionally, the Type specific part field may further include a Filter Number field, where the Filter Number field is used to carry the number of filters.

When the SAFI is 134, the Type specific part field further includes: an RD Number field and an RD field.

Step 203: The second network device sends the flow specification rule ORF record to the first network device.

The second network device transmits the flow specification rule ORF record to the first network device, so that the first network device records the flow specification rule to be sent to the second network device according to the flow specification rule ORF.

Step 204: The second network device receives a flow specification rule sent by the first network device, where the flow specification rule is that the first network device records the filtered flow specification rule according to the flow specification rule ORF.

In this embodiment, after the second network device determines that the flow specification rule outbound ORF record can be sent to the first network device, the flow specification rule ORF record is generated according to the flow specification rule policy, and the flow specification rule ORF record is sent to the first a network device, the first network device records, according to the flow specification rule ORF sent by the second network device, the flow specification rule to be sent to the second network device, and only sends the flow specification that meets the flow specification rule filtering condition to the second network device. The rule solves the problem of waste of resources caused by the network device sending a large number of invalid flow specification rules.

FIG. 7 is a schematic structural diagram of a first network device according to Embodiment 3 of the present invention. As shown in FIG. 7, the network device provided in this embodiment includes: a determining module 11, a receiving module 12, a filtering module 13, and a sending module 14.

The determining module 11 is configured to determine that the second network device can send the flow specification rule ORF record to the first network device.

The receiving module 12 is configured to receive the flow specification rule ORF record sent by the second network device, where the flow specification rule ORF records a flow specification used by the first network device to be sent to the second network device Rules are filtered;

a filtering module 13 configured to send, according to the flow specification rule, an ORF record to the second network Filtering the flow specification rules of the network device;

The sending module 14 is configured to send the filtered flow specification rule to the second network device.

The flow specification rule ORF record includes: a sequence number field of the flow specification rule ORF record, an action matching field, a filter type field, and a filter specific operation and value field, and the sequence number field of the flow specification rule ORF record is used for Carrying a priority of the flow specification rule ORF record, the action matching field is used to carry an action type that matches whether the flow specification rule is used, and the filter type field is used to carry a filter type, the filter specific operation and the value field It is used to carry the filter condition corresponding to the filter type. Optionally, the flow specification rule ORF record further includes: a filter number field, where the filter number field is used to carry the number of filters.

The filtering module 13 is specifically configured to: include, by the flow specification rule ORF record, an action matching field, a filter type field, a filter specific operation, and a value field, respectively, and the flow specification rule to be sent : an action type field, a filter type field, a filter specific operation, and a value field are compared; if the action specification field included in the flow specification rule ORF record indicates that the set of action types to be matched is empty or the match is to be matched The action types are all included in the action type included in the flow specification rule to be sent to the second network device, the flow specification rule ORF record includes a filter set that is empty or a filter of each filter type The value space of the specific operation and the value field includes the value space of the filter-specific operation and the value field of the filter type to be sent to the flow specification rule of the second network device, and then the to-be-sent is determined. A flow specification rule for the second network device matches the flow specification rule ORF record.

Optionally, the flow specification rule ORF record further includes: a route identifier number field and a route identifier field, where the route identifier number field is used to carry the number of route identifiers, and the route identifier field is used to carry the route identifier .

When the flow specification rule ORF record includes a route identifier number field and a route identifier field, the filtering module 13 is specifically configured to: include the flow specification rule ORF record: an action matching field, a filter type field, and filtering The specific operation and value field and the route identification field are respectively included in the flow specification rule to be sent to the second network device: an action type field, a filter type field, a filter specific operation, and a value field. The route identifier field is compared; if the action type set to be matched by the action matching field included in the flow specification rule ORF record is empty or the action type to be matched is included in the second to be sent to the second In the action type included in the flow specification rule of the network device, the filter specification included in the flow specification rule ORF record is empty or the value space of the filter specific operation and the value field of each filter type includes the to-be-sent The flow specification rule sent to the second network device includes a filter-specific filter operation-specific value and a value space of the value field, and the flow specification rule ORF record includes a route identifier set consisting of a route identifier set to be empty or The routing identifier set includes the routing identifier included in the flow specification rule to be sent to the second network device, and determining that the flow specification rule to be sent to the second network device matches the flow specification rule ORF record.

In this embodiment, the determining module 11 is specifically configured to:

First, the first flow specification rule ORF capability parameter is obtained, where the first flow specification rule ORF capability parameter indicates a flow specification rule ORF capability supported by the second network device, and the first flow specification rule ORF capability parameter includes: at least one group consisting of The parameter set consisting of the address family identifier, the sub-address family identifier, the flow specification rule ORF type, and the transceiver capability identifier, and the transceiver capability identifier included in the first-flow specification rule ORF capability parameter is used to indicate whether the second network device supports sending And/or receive flow specification rules ORF records.

And comparing, the first flow specification rule ORF capability parameter and the second flow specification rule ORF capability parameter, the second flow specification rule ORF capability parameter indicating a flow specification rule ORF capability supported by the first network device, where the The second-flow specification rule ORF capability parameter includes: at least one set of parameters consisting of an address family identifier, a sub-address family identifier, a flow specification rule ORF type, and a transceiving capability identifier, and the second stream specification rule ORF capability parameter includes The capability identifier is used to indicate whether the first network device supports sending and/or receiving a flow specification rule ORF record.

The determining module 11 obtains the first flow specification rule ORF capability parameter, specifically: receiving the BGP open message sent by the second network device during the process of establishing a BGP connection between the first network device and the second network device, The BGP open message sent by the second network device includes the first flow specification rule ORF capability parameter.

In this embodiment, the receiving module 12 is specifically configured to: receive a BGP route refresh message sent by the second network device, where the BGP route refresh message includes the flow specification rule ORF record.

Optionally, the first network device further includes a storage processing module. The storage processing module is configured to determine, after the receiving module 12 receives the flow specification rule ORF record sent by the second network device, according to the address family identifier and the sub-address family identifier included in the flow specification rule ORF record. The flow specification rules the type of the ORF record, and stores the flow specification rule ORF record in an orderly manner according to the sequence number of the flow specification rule ORF record into the flow specification rule ORF list of the corresponding type.

The first network device provided in this embodiment may be used to perform the method in the first embodiment. The specific implementation manners and technical effects are similar, and details are not described herein again.

FIG. 8 is a schematic structural diagram of a second network device according to Embodiment 4 of the present invention. As shown in FIG. 8, the second network device provided in this embodiment includes: a determining module 21, a generating module 22, a sending module 23, and a receiving module 24. .

The determining module 21 is configured to determine that the first network device is capable of receiving the flow specification rule ORF record;

The generating module 22 is configured to generate a flow specification rule ORF record according to the flow specification rule policy saved by the second network device;

The sending module 23 is configured to send the flow specification rule ORF record generated by the generating module 22 to the first network device;

The receiving module 24 is configured to receive a flow specification rule sent by the first network device, where the flow specification rule is that the first network device records the filtered flow specification rule according to the flow specification rule ORF.

In this embodiment, the flow specification rule ORF record includes: a sequence number field of the flow specification rule ORF record, an action matching field, a filter type field, a filter specific operation, and a value field, and the flow specification rule ORF records The sequence number field is used to carry the priority of the flow specification rule ORF record, the action matching field is used to carry an action type that matches whether the flow specification rule is used, and the filter type field is used to carry a filter type, the filter specific The operation and value fields are used to carry the filter conditions corresponding to the filter type. Optionally, the flow specification rule ORF record further includes: a filter number field, where the filter number field is used to carry the number of filters.

In this embodiment, the determining module 21 is specifically configured to:

First, the second stream specification rule ORF capability parameter is obtained, and the second stream specification rule ORF can The force parameter indicates a flow specification rule ORF capability supported by the first network device, and the second flow specification rule ORF capability parameter includes: at least one group consists of an address family identifier, a sub-address family identifier, a flow specification rule ORF type, and a transceiving capability. And identifying, by the set of parameters, the transceiver capability identifier included in the second stream specification rule ORF capability parameter is used to indicate whether the first network device supports sending and/or receiving a flow specification rule ORF record.

Then, comparing the second flow specification rule ORF capability parameter with the first flow specification rule ORF capability parameter, the first flow specification rule ORF capability parameter indicating a flow specification rule ORF capability supported by the second network device, the first flow The specification rule ORF capability parameter includes: at least one set of parameters consisting of an address family identifier, a sub-address family identifier, a flow specification rule ORF type, and a transceiving capability identifier, and the first-flow specification rule ORF capability parameter includes a transceiving capability identifier. And indicating whether the second network device supports sending and/or receiving a flow specification rule ORF record. And if the first parameter set included in the first flow specification rule ORF capability parameter and the second parameter set included in the second flow specification rule ORF capability parameter include a flow specification rule ORF type, the first parameter set and the The second parameter set includes the same address family identifier and the sub-address family identifier, and the transceiver capability identifier of the first parameter set indicates that the second network device supports sending, the flow specification rule ORF records, and the second parameter set of the transceiver capability identifier Instructing the first network device to support receiving a flow specification rule ORF record, determining that the second network device is capable of transmitting a flow specification rule ORF record to the first network device.

The determining module 21 obtains the second flow specification rule ORF capability parameter, specifically: receiving the BGP openness sent by the first network device in the process of establishing a BGP connection between the second network device and the first network device The BGP open message sent by the first network device includes the second flow specification rule ORF capability parameter.

In this embodiment, the sending module 23 is specifically configured to: send a BGP route refresh message to the first network device, where the BGP route refresh message includes the flow specification rule ORF record.

The second network device provided in this embodiment may be used to perform the method in the second embodiment. The specific implementation manners and technical effects are similar, and details are not described herein again.

FIG. 9 is a schematic structural diagram of a first network device according to Embodiment 5 of the present invention. As shown in FIG. 9, the first network device 300 of this embodiment includes: a processor 31, a memory 32, a communication interface 33, and a communication bus 34. Memory 32 and communication interface 33 are coupled and in communication with processor 31 via communication bus 34 for storing computer instructions, communication interface 33 for communicating with other network devices, and processor 31 for executing computer instructions stored by memory 32. To perform as described below Methods:

Determining that the second network device is capable of transmitting a flow specification rule ORF record to the first network device;

Receiving, by the second network device, a flow specification rule ORF record, where the flow specification rule ORF records a flow specification rule to be sent by the first network device to the second network device;

And filtering, according to the flow specification rule ORF, a flow specification rule to be sent to the second network device;

Sending the filtered flow specification rule to the second network device.

The flow specification rule ORF record includes: a sequence number field of the flow specification rule ORF record, an action matching field, a filter type field, and a filter specific operation and value field, and the sequence number field of the flow specification rule ORF record a priority for carrying a flow specification rule ORF record, the action matching field is configured to carry an action type that matches a flow specification rule, the filter type field is used to carry a filter type, and the filter specific operation and fetch The value field is used to carry the filter condition corresponding to the filter type. Optionally, the flow specification rule ORF record further includes: a filter number field, where the filter number field is used to carry the number of filters.

And filtering, according to the flow specification rule ORF, a flow specification rule to be sent, specifically:

The flow specification rule ORF record includes: an action matching field, a filter type field, a filter specific operation, and a value field, respectively, and the flow specification rule to be sent includes: an action type field, a filter type field , filter specific operations and value fields are compared. If the action type set to be matched by the action matching field included in the flow specification rule ORF record is empty or the action type to be matched is included in the flow specification rule to be sent to the second network device In the action type included, the filter specification ORF record includes a filter set of each filter type that is empty or the value space of the filter specific operation and the value field includes the to-be-sent to the second network. The flow specification rule of the device includes a filter-specific operation and a value space of the value field, and then determining that the flow specification rule to be sent to the second network device matches the flow specification rule ORF record.

Alternatively, the flow specification rule ORF record includes: action matching field, filter type The field, the filter specific operation and the value field, and the route identifier field are respectively performed with the flow specification rule to be sent: an action type field, a filter type field, a filter specific operation, a value field, and a route identifier field. Comparison. If the action type set to be matched by the action matching field included in the flow specification rule ORF record is empty or the action type to be matched is included in the flow specification rule to be sent to the second network device In the action type included, the flow specification rule ORF record includes a filter set that is empty or a filter-specific operation of each filter type and a value space of the value field contain the to-be-sent to the second network The flow specification rule of the device includes a filter-specific operation of the filter type and a numerical space of the value field, the flow specification rule ORF record includes a route identifier set consisting of a route identifier or the route identifier set includes the And determining, by the flow specification rule included in the flow specification rule of the second network device, the flow specification rule to be sent to the second network device to match the flow specification rule ORF record.

The determining, by the second network device, the flow specification rule ORF record to the first network device, includes: acquiring a first flow specification rule ORF capability parameter, where the first flow specification rule ORF capability parameter indicates that the second network device supports The flow specification standard ORF capability, the first flow specification rule ORF capability parameter includes: at least one set of parameters consisting of an address family identifier, a sub-address family identifier, a flow specification rule ORF type, and a transceiving capability identifier, the first flow specification The transceiving capability identifier included in the regular ORF capability parameter is used to indicate whether the second network device supports sending and/or receiving a flow specification rule ORF record. Comparing the first flow specification rule ORF capability parameter with a second flow specification rule ORF capability parameter, the second flow specification rule ORF capability parameter indicating a flow specification rule ORF capability supported by the first network device, the second flow The specification rule ORF capability parameter includes: at least one set of parameters consisting of an address family identifier, a sub-address family identifier, a flow specification rule ORF type, and a transceiving capability identifier, and the transceiving capability identifier included in the second stream specification rule ORF capability parameter And used to indicate whether the first network device supports sending and/or receiving a flow specification rule ORF record.

Obtaining the first flow specification rule ORF capability parameter, including: at the first network device And receiving, by the second network device, a BGP open message sent by the second network device, where the BGP open message sent by the second network device includes the first flow norm rule ORF capability parameter.

And receiving the flow specification rule ORF record sent by the second network device, including: receiving a BGP route refresh message sent by the second network device, where the BGP route refresh message includes the flow specification rule ORF record.

After receiving the flow specification rule ORF record sent by the second network device, the processor 31 is further configured to: determine, according to the address family identifier and the sub-address family identifier included in the flow specification rule ORF record, the flow specification rule ORF The type of the record, and the stream specification rule ORF record is stored in an orderly manner in the stream specification rule ORF list of the corresponding type according to the sequence number of the flow specification rule ORF record.

10 is a schematic structural diagram of a second network device according to Embodiment 6 of the present invention. As shown in FIG. 10, the second network device 400 of this embodiment includes: a processor 41, a memory 42, a communication interface 43, and a communication bus 44. Memory 42 and communication interface 43 are coupled and in communication with processor 41 via communication bus 44 for storing computer instructions, communication interface 43 for communicating with other network devices, and processor 41 for executing computer instructions stored by memory 42. To perform the method described below:

Determining that the second network device first network device is capable of receiving the flow specification rule ORF record;

Generating a flow specification rule ORF record according to the flow specification rule policy saved by the second network device;

Transmitting the flow specification rule ORF record to the first network device;

And receiving, by the first network device, a flow specification rule, where the flow specification rule is that the first network device records the filtered flow specification rule according to the flow specification rule ORF.

The flow specification rule ORF record includes: a sequence number field of the flow specification rule ORF record, an action matching field, a filter number field, a filter type field, a filter specific operation, and a value field, and the flow specification rule The sequence number field of the ORF record is used to carry the priority of the flow specification rule ORF record, the action matching field is used to carry an action type that matches the flow specification rule, and the filter type field is used to carry a filter type, A filter specific operation and value field is used to carry the filter condition corresponding to the filter type. Optionally, the flow specification rule ORF record further includes: a filter number field, where the filter number field is used to carry the number of filters.

Determining that the first network device is capable of receiving the flow specification rule ORF record, including:

First, the second flow specification rule ORF capability parameter is obtained, where the second flow specification rule ORF capability parameter indicates a flow specification rule ORF capability supported by the first network device, and the second flow specification rule ORF capability parameter includes: at least A set of parameters consisting of an address family identifier and a sub-address family identifier, a flow specification rule ORF type, and a transceiving capability identifier, where the transceiving capability identifier included in the second-flow specification rule ORF capability parameter is used to indicate the first network device Whether to support sending and/or receiving flow specification rules ORF records.

Then, comparing the second flow specification rule ORF capability parameter with the first flow specification rule ORF capability parameter, the first flow specification rule ORF capability parameter indicating a flow specification rule ORF capability supported by the second network device, the first flow The specification rule ORF capability parameter includes: at least one set of parameters consisting of an address family identifier and a sub-address family identifier, a flow specification rule ORF type, and a transceiving capability identifier, where the transceiving capability identifier included in the first-flow specification rule ORF capability parameter is used for Indicates whether the second network device supports transmitting and/or receiving a flow specification rule ORF record.

The obtaining the second flow specification rule ORF capability parameter includes: receiving, in the process of establishing a BGP connection between the second network device and the first network device, receiving a BGP open message sent by the first network device, The BGP open message sent by the first network device includes the second flow specification rule ORF capability parameter.

The sending the flow specification rule ORF record to the first network device includes: sending a BGP route refresh message to the first network device, where the BGP route refresh message includes the flow specification rule ORF record.

The second network device provided in this embodiment may be used to implement the method in Embodiment 2, and the specific implementation is implemented. The method and technical effect are similar and will not be described here.

FIG. 11 is a schematic structural diagram of a network system according to Embodiment 7 of the present invention. As shown in FIG. 11, the network system of this embodiment includes: a first network device 51 and a second network device 52, where the first network device The method can be used to perform the method of the first embodiment, and the second network device 52 can be used to perform the method of the second embodiment. The specific implementation and the technical effects are similar. Please refer to the descriptions of the first embodiment and the second embodiment, and details are not described herein again.

One of ordinary skill in the art will appreciate that all or part of the steps to implement the various method embodiments described above may be accomplished by hardware associated with the program instructions. The aforementioned program can be stored in a computer readable storage medium. The program, when executed, performs the steps including the foregoing method embodiments; and the foregoing storage medium includes various media that can store program codes, such as a ROM, a RAM, a magnetic disk, or an optical disk.

Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, and are not intended to be limiting; although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art will understand that The technical solutions described in the foregoing embodiments may be modified, or some or all of the technical features may be equivalently replaced; and the modifications or substitutions do not deviate from the technical solutions of the embodiments of the present invention. range.

Claims

A method for transmitting a flow specification rule, comprising:

Determining, by the first network device, the second network device to send a flow specification rule outbound route filtering ORF record to the first network device;

Receiving, by the first network device, the flow specification rule ORF record sent by the second network device, where the flow specification rule ORF records a flow specification used by the first network device to be sent to the second network device Rules are filtered;

The first network device records, according to the flow specification rule ORF, a flow specification rule to be sent to the second network device;

The first network device sends the filtered flow specification rule to the second network device.
The method according to claim 1, wherein the flow specification rule ORF record comprises: a sequence number field of a flow specification rule ORF record, an action matching field, a filter type field, a filter specific operation, and a value field, The sequence number field of the flow specification rule ORF record is used to carry the priority of the flow specification rule ORF record, and the action matching field is used to carry an action type that matches the flow specification rule, and the filter type field is used to carry the filter. The filter type, the filter specific operation and the value field are used to carry the filter condition corresponding to the filter type.
The method according to claim 2, wherein the flow specification rule ORF record further comprises: a route identifier number field and a route identifier field, wherein the route identifier number field is used to carry the number of route identifiers, The route identifier field is used to carry a route identifier.
The method according to claim 2 or 3, wherein the flow specification rule ORF record further comprises: a filter number field, and the filter number field is used to carry the number of filters.
The method according to claim 2, wherein the first network device records, according to the flow specification rule ORF, a flow specification rule to be sent to the second network device, including:

The first network device records, by the flow specification rule ORF, an action matching field, a filter type field, a filter specific operation, and a value field, respectively, and the flow to be sent to the second network device The specification rules include: action type fields, filter type fields, filter specific operations, and value fields for comparison;

And if the action type set to be matched indicated by the action matching field included in the flow specification rule ORF record is empty or the action type to be matched is included in the second network to be sent to the second network In the action type included in the flow specification rule of the device, the filter specification included in the flow specification rule ORF record is empty or the value space of the filter specific operation and the value field of each filter type includes the to-be-sent to be sent to The flow specification rule of the second network device includes a filter-specific operation of the filter type and a numerical space of the value field, and the first network device determines the flow specification to be sent to the second network device The rules match the flow specification rule ORF record.
The method according to claim 3, wherein the first network device records, according to the flow specification rule ORF, a flow specification rule to be sent to the second network device, including:

The first network device includes, by the flow specification rule ORF record, an action matching field, a filter type field, a filter specific operation and a value field, and a route identifier field, respectively, to be sent to the second The flow specification rule of the network device includes: an action type field, a filter type field, a filter specific operation and a value field, and a route identifier field for comparison;

If the action type set to be matched by the action matching field included in the flow specification rule ORF record is empty or the action type to be matched is included in the flow specification rule to be sent to the second network device In the action type included, the flow specification rule ORF record includes a filter set that is empty or a filter-specific operation of each filter type and a value space of the value field contain the to-be-sent to the second network The flow specification rule of the device includes a filter-specific operation of the corresponding filter type and a numerical space of the value field, and the flow specification rule ORF record includes a route identifier set consisting of a route identifier that is empty or included in the route identifier set. And the first network device determines that the flow specification rule to be sent matches the flow specification rule ORF record, where the flow specification rule is to be sent to the second network device.
The method according to any one of claims 1-6, wherein the first network device determines that the second network device can send a flow specification rule ORF record to the first network device, including:

The first network device obtains a first flow specification rule ORF capability parameter, where the first flow specification rule ORF capability parameter indicates a flow specification rule ORF capability supported by the second network device, where the first flow specification rule ORF capability parameter includes: At least one set of parameters consisting of an address family identifier, a sub-address family identifier, a flow specification rule ORF type, and a transceiving capability identifier, where the transceiving capability identifier included in the first-flow specification rule ORF capability parameter is used to indicate the second network Whether the device supports sending and/or receiving flow specification rule ORF records;

The first network device compares the first flow specification rule ORF capability parameter with a second flow specification a regular ORF capability parameter, the second flow specification rule ORF capability parameter indicates a flow specification rule ORF capability supported by the first network device, and the second flow specification rule ORF capability parameter includes: at least one group is identified by an address family, a parameter set consisting of a sub-address family identifier, a flow specification rule ORF type, and a transceiving capability identifier, where the transceiving capability identifier included in the second-flow specification rule ORF capability parameter is used to indicate whether the first network device supports sending and/or Receive stream specification rule ORF record;

And if the first parameter set included in the first flow specification rule ORF capability parameter and the second parameter set included in the second flow specification rule ORF capability parameter include a flow specification rule ORF type, the first parameter set and the The second parameter set includes the same address family identifier and the sub-address family identifier, and the transceiver capability identifier of the first parameter set indicates that the second network device supports the sending flow specification rule ORF record, and the second parameter set is capable of transmitting and receiving. The identifier indicates that the first network device supports receiving a flow specification rule ORF record, and the first network device determines that the second network device can send a flow specification rule ORF record to the first network device.
The method according to claim 7, wherein the first network device acquires the first flow specification rule ORF capability parameter, including:

Receiving, by the first network device, a BGP open message sent by the second network device in a process of establishing a border gateway protocol BGP connection with the second network device, where the BGP open message sent by the second network device includes The first-flow specification rule ORF capability parameter.
The method according to any one of claims 1-6, wherein the first network device receives a flow specification rule ORF record sent by the second network device, including:

The first network device receives a BGP route refresh message sent by the second network device, where the BGP route refresh message includes the flow specification rule ORF record.
The method according to any one of claims 1-6, wherein after the first network device receives the flow specification rule ORF record sent by the second network device, the method further includes:

Determining, by the first network device, the type of the flow specification rule ORF record according to the address family identifier and the sub-address family identifier included in the flow specification rule ORF record, and according to the sequence number recorded by the flow specification rule ORF The stream specification rule ORF records are stored in an ordered manner into the stream specification rule ORF list of the corresponding type.
A method for receiving a flow specification rule, comprising:

The second network device determines that the first network device is capable of receiving the flow specification rule outbound route filtering ORF record;

The second network device generates a flow specification rule ORF record according to the flow specification rule policy saved by itself;

Transmitting, by the second network device, the flow specification rule ORF record to the first network device;

The second network device receives the flow specification rule sent by the first network device, where the flow specification rule is that the first network device records the filtered flow specification rule according to the flow specification rule ORF.
The method according to claim 11, wherein the flow specification rule ORF record comprises: a sequence number field of a flow specification rule ORF record, an action matching field, a filter type field, a filter specific operation, and a value field, The sequence number field of the flow specification rule ORF record is used to carry the priority of the flow specification rule ORF record, and the action matching field is used to carry an action type that matches the flow specification rule, and the filter type field is used to carry the filter. The filter type, the filter specific operation and the value field are used to carry the filter condition corresponding to the filter type.
The method according to claim 12, wherein the flow specification rule ORF record further comprises: a route identifier number field and a route identifier field, wherein the route identifier number field is used to carry the number of route identifiers, The route identifier field is used to carry a route identifier.
The method according to claim 12 or 13, wherein the flow specification rule ORF record further comprises: a filter number field, wherein the filter number field is used to carry the number of filters.
The method according to any one of claims 11 to 14, wherein the second network device determines that the first network device is capable of receiving the flow specification rule outbound route filtering ORF record, including:

The second network device obtains a second flow specification rule ORF capability parameter, where the second flow specification rule ORF capability parameter indicates a flow specification rule ORF capability supported by the first network device, and the second flow specification rule ORF capability The parameter includes: at least one set of parameters consisting of an address family identifier and a sub-address family identifier, a flow specification rule ORF type, and a transceiver capability identifier, where the transceiver capability identifier included in the second flow specification rule ORF capability parameter is used to indicate the Whether the first network device supports sending and/or receiving a flow specification rule ORF record;

The second network device compares the second flow specification rule ORF capability parameter with a first flow specification rule ORF capability parameter, where the first flow specification rule ORF capability parameter indicates a flow specification rule ORF capability supported by the second network device, The first flow specification rule ORF capability parameter includes: at least one group is identified by an address family identifier and a sub-address family, a flow specification rule ORF type, and a transceiving capability identifier. a set of parameters, the transceiver capability identifier included in the first stream specification rule ORF capability parameter is used to indicate whether the second network device supports sending and/or receiving a flow specification rule ORF record;

And if the first parameter set included in the first flow specification rule ORF capability parameter and the second parameter set included in the second flow specification rule ORF capability parameter include a flow specification rule ORF type, the first parameter set and the The second parameter set includes the same address family identifier and the sub-address family identifier, and the transceiver capability identifier of the first parameter set indicates that the second network device supports the sending flow specification rule ORF record, and the second parameter set is capable of transmitting and receiving. The identifier indicates that the first network device supports receiving the flow specification rule ORF record, and the second network device determines that the flow specification rule ORF record can be sent to the first network device.
The method according to claim 15, wherein the second network device acquires the second flow specification rule ORF capability parameter, including:

Receiving, by the second network device, the BGP open message sent by the first network device in the process of establishing a border gateway protocol BGP connection with the first network device, where the BGP open message sent by the first network device includes The second stream normalizes the regular ORF capability parameter.
The method according to any one of claims 11 to 16, wherein the second network device sends the flow specification rule ORF record to the first network device, including:

The second network device sends a BGP route refresh message to the first network device, where the BGP route refresh message includes the flow specification rule ORF record.
A first network device, comprising:

a determining module, configured to determine, by the second network device, a flow specification rule outbound route filtering ORF record to the first network device;

a receiving module, configured to receive the flow specification rule ORF record sent by the second network device, where the flow specification rule ORF records a flow specification rule to be sent by the first network device to the second network device Filtering;

a filtering module, configured to filter, according to the flow specification rule ORF, a flow specification rule to be sent;

And a sending module, configured to send the filtered flow specification rule to the second network device.
The apparatus according to claim 18, wherein said flow specification rule ORF record comprises: a sequence number field of a flow specification rule ORF record, an action matching field, a filter type field, a filter specific operation, and a value field, The sequence number field of the flow specification rule ORF record is used to carry the priority of the flow specification rule ORF record, and the action matching field is used to carry whether to match The action type of the flow specification rule, the filter type field is used to carry a filter type, and the filter specific operation and the value field are used to carry a filter condition corresponding to the filter type.
The device according to claim 19, wherein the flow specification rule ORF record further comprises: a route identifier number field and a route identifier field, wherein the route identifier number field is used to carry the number of route identifiers, The route identifier field is used to carry a route identifier.
The device according to claim 19 or 20, wherein the flow specification rule ORF record further comprises: a filter number field, wherein the filter number field is used to carry the number of filters.
The device according to claim 19, wherein the filtering module is specifically configured to:

And the flow specification rule ORF record includes: an action matching field, a filter type field, a filter specific operation, and a value field, respectively, and the flow specification rule to be sent to the second network device: Type field, filter type field, filter specific operation, and value field for comparison;

If the action type set to be matched by the action matching field included in the flow specification rule ORF record is empty or the action type to be matched is included in the flow specification rule to be sent to the second network device In the action type included, the flow specification rule ORF record includes a filter set that is empty or a filter-specific operation of each filter type and a value space of the value field contain the to-be-sent to the second network The flow specification rule of the device includes a filter-specific operation and a value space of the value field, and then determining that the flow specification rule to be sent to the second network device matches the flow specification rule ORF record.
The device according to claim 20, wherein the filtering module is specifically configured to:

And the flow specification rule ORF record includes: an action matching field, a filter type field, a filter specific operation and a value field, and a route identification field, respectively, and the flow specification rule to be sent to the second network device Included: action type field, filter type field, filter specific operation and value field and route identification field are compared;

If the action type set to be matched by the action matching field included in the flow specification rule ORF record is empty or the action type to be matched is included in the flow specification rule to be sent to the second network device In the action type included, the flow specification rule ORF record includes a filter set that is empty or a filter-specific operation of each filter type and a value space of the value field contain the to-be-sent to the second network The flow specification rule of the device includes a filter-specific operation of the filter type and a numerical space of the value field, and the flow specification rule ORF record includes the route identifier Determining the flow to be sent to the second network device, if the set of route identifiers is empty or the route identifier set includes the route identifier included in the flow specification rule to be sent to the second network device, The specification rules match the flow specification rules ORF record.
The device according to any one of claims 18 to 23, wherein the determining module is specifically configured to:

Obtaining a first flow specification rule ORF capability parameter, the first flow specification rule ORF capability parameter indicating a flow specification rule ORF capability supported by the second network device, the first flow specification rule ORF capability parameter comprising: at least one group of address families The parameter set consisting of the identifier, the sub-address family identifier, the flow specification rule ORF type, and the transceiver capability identifier, and the transceiver capability identifier included in the first-flow specification rule ORF capability parameter is used to indicate whether the second network device supports sending and/or Or receive a flow specification rule ORF record;

Comparing the first flow specification rule ORF capability parameter with a second flow specification rule ORF capability parameter, the second flow specification rule ORF capability parameter indicating a flow specification rule ORF capability supported by the first network device, the second flow The specification rule ORF capability parameter includes: at least one set of parameters consisting of an address family identifier, a sub-address family identifier, a flow specification rule ORF type, and a transceiving capability identifier, and the transceiving capability identifier included in the second stream specification rule ORF capability parameter Means to indicate whether the first network device supports sending and/or receiving a flow specification rule ORF record;

And if the first parameter set included in the first flow specification rule ORF capability parameter and the second parameter set included in the second flow specification rule ORF capability parameter include a flow specification rule ORF type, the first parameter set and the The second parameter set includes the same address family identifier and the sub-address family identifier, and the transceiver capability identifier of the first parameter set indicates that the second network device supports the sending flow specification rule ORF record, and the second parameter set is capable of transmitting and receiving. The identifier indicates that the first network device supports receiving the flow specification rule ORF record, and determining that the second network device is capable of sending a flow specification rule ORF record to the first network device.
The device according to claim 24, wherein the obtaining the first flow specification rule ORF capability parameter comprises:

Receiving a BGP open message sent by the second network device, where the first network device and the second network device establish a border gateway protocol BGP connection, where the BGP open message sent by the second network device includes The first-flow specification rule ORF capability parameter.
The device according to any one of claims 18 to 23, wherein the receiving module is specifically configured to:

Receiving a BGP route refresh message sent by the second network device, where the BGP route refresh message includes the flow specification rule ORF record.
The device according to any one of claims 18 to 23, wherein the device further comprises a storage processing module;

The storage processing module, configured to determine, after the receiving module receives the flow specification rule ORF record sent by the second network device, according to the address family identifier and the sub-address family identifier included in the flow specification rule ORF record The flow specification rules the type of ORF record, and stores the flow specification rule ORF record in an orderly manner according to the sequence number of the flow specification rule ORF record into the flow specification rule ORF list of the corresponding type.
A second network device, comprising:

a determining module, configured to determine that the first network device is capable of receiving a flow specification rule outbound route filtering ORF record;

a generating module, configured to generate a flow specification rule ORF record according to a flow specification rule policy saved by the second network device;

a sending module, configured to send, to the first network device, a flow specification rule ORF record generated by the generating module;

And a receiving module, configured to receive a flow specification rule sent by the first network device, where the flow specification rule is that the first network device records the filtered flow specification rule according to the flow specification rule ORF.
The apparatus according to claim 28, wherein said flow specification rule ORF record comprises: a sequence number field of a flow specification rule ORF record, an action matching field, a filter type field, a filter specific operation, and a value field, The sequence number field of the flow specification rule ORF record is used to carry the priority of the flow specification rule ORF record, and the action matching field is used to carry an action type that matches the flow specification rule, and the filter type field is used to carry the filter. The filter type, the filter specific operation and the value field are used to carry the filter condition corresponding to the filter type.
The device according to claim 29, wherein the flow specification rule ORF record further comprises: a route identifier number field and a route identifier field, wherein the route identifier number field is used to carry the number of route identifiers, The route identifier field is used to carry a route identifier.
The device according to claim 29 or 30, wherein the flow specification rule ORF record further comprises: a filter number field, wherein the filter number field is used to carry the number of filters.
Apparatus according to any of claims 28-31, wherein said determining The module is specifically used to:

Obtaining a second flow specification rule ORF capability parameter, where the second flow specification rule ORF capability parameter indicates a flow specification rule ORF capability supported by the first network device, and the second flow specification rule ORF capability parameter includes: at least one group a parameter set consisting of an address family identifier, a sub-address family identifier, a flow specification rule ORF type, and a transceiver capability identifier, where the transceiver capability identifier included in the second-flow specification rule ORF capability parameter is used to indicate whether the first network device is Support for sending and/or receiving flow specification rules ORF records;

Comparing the second flow specification rule ORF capability parameter with a first flow specification rule ORF capability parameter, the first flow specification rule ORF capability parameter indicating a flow specification rule ORF capability supported by the second network device, the first flow specification rule The ORF capability parameter includes: at least one set of parameters consisting of an address family identifier, a sub-address family identifier, a flow specification rule ORF type, and a transceiving capability identifier, where the transceiving capability identifier included in the first-flow specification rule ORF capability parameter is used to indicate Whether the second network device supports sending and/or receiving a flow specification rule ORF record;

And if the first parameter set included in the first flow specification rule ORF capability parameter and the second parameter set included in the second flow specification rule ORF capability parameter include a flow specification rule ORF type, the first parameter set and the The second parameter set includes the same address family identifier and the sub-address family identifier, and the transceiver capability identifier of the first parameter set indicates that the second network device supports sending, the flow specification rule ORF records, and the second parameter set of the transceiver capability identifier Instructing the first network device to support receiving a flow specification rule ORF record, determining that the second network device is capable of transmitting a flow specification rule ORF record to the first network device.
The device according to claim 32, wherein the obtaining the second flow specification rule ORF capability parameter comprises:

Receiving a BGP open message sent by the first network device, where the second network device establishes a border gateway protocol BGP connection with the first network device, where the BGP open message sent by the first network device includes The second stream normalizes the regular ORF capability parameter.
The device according to any one of claims 28 to 32, wherein the sending module is specifically configured to:

Sending a BGP route refresh message to the first network device, where the BGP route refresh message includes the flow specification rule ORF record.
A network system, the network system comprising: a first network device and a second network device;

The first network device is configured to perform the method according to any one of claims 1-10;

The second network device is configured to perform the method of any one of claims 11-17.