WO2017133647A1

WO2017133647A1 - Packet processing method, traffic classifier, and service function instance

Info

Publication number: WO2017133647A1
Application number: PCT/CN2017/072783
Authority: WO
Inventors: 梁乾灯; 黄世碧; 徐小虎; 尤建洁
Original assignee: 华为技术有限公司
Priority date: 2016-02-06
Filing date: 2017-01-26
Publication date: 2017-08-10
Also published as: CN107046506A; CN107046506B

Abstract

Disclosed in embodiments of the present invention are a packet processing method, traffic classifier, and service function instance. The method comprises: receiving, by a traffic classifier, a flow table sent by a network control device and flow identifiers allocated by the network control device; acquiring a first packet; determining that the first packet matches the flow table; packaging the first packet as a second packet, wherein the second packet comprises a service header and a tunnel header, the service header comprises a service function path identifier, a flow identifier, and a first value, and the tunnel header comprises a network address of a first service function instance; and sending the second packet to the first service function instance. The technical solution disclosed in the embodiments of the present application processes packets according to the flow identifier allocated by a network control device, enabling more flexible processing.

Description

A packet processing method, a stream classifier, and a service function instance

This application claims the priority of the Chinese patent application filed on February 6, 2016, the Chinese Patent Office, the application number is CN 201610083925.6, and the invention name is “a message processing method, a stream classifier, and a business function example”. The content is incorporated herein by reference.

Technical field

The invention relates to the field of communication technology. More specifically, it relates to a message processing method, a stream classifier, and a service function instance.

Background technique

Service Function Chaining (SFC) is a mechanism for deploying value-added services.

In the prior art, one service function in a service function chain may correspond to multiple service function instances. The multiple service function instances are capable of load balancing traffic. For example, for the service function of the firewall, it may correspond to three service function instances of firewall 1, firewall 2 and firewall 3.

In the process of load balancing of multiple service function instances, the forwarding device uses only the fields in the packet (for example, a quintuple) to distinguish different sessions, thereby implementing load balancing on traffic.

In the prior art, the forwarding device only uses the fields in the packet to identify and process the packet, which is not flexible enough.

Summary of the invention

The embodiment of the present invention provides a packet processing method, a traffic classifier, and a service function instance, so as to solve the problem that the forwarding device does not process the packet flexibly in the prior art.

To solve the above problem, the embodiment of the present application provides the following technical solutions:

A first aspect of the embodiments of the present application discloses a packet processing method, where the method is performed by a flow classifier, and the method includes:

Receiving a flow table sent by the network control device, where the flow table includes rules of the flow, information of the service function chain to which the flow is bound, and an identifier of the flow allocated by the network control device, the service function The information of the chain includes a service index, a service function path identifier corresponding to the service function chain, a network address of multiple service function instances corresponding to the first service function of the service function chain, and a tunnel of the multiple service function instances. The information, or the information of the service function chain, includes a service index, a service function path identifier corresponding to the service function chain, and a network of multiple service function instances corresponding to the next service function of the first service function of the service function chain. An address, and the tunnel information of the multiple service function instances, where the service index is a lifetime value of the service function chain, where the lifetime time value is equal to the number of service functions included in the service function chain;

Obtain the first message;

Determining that the first packet matches the flow table;

The first packet is encapsulated into a second packet, where the second packet includes a service header and a tunnel header, and the service header includes the service function path identifier, the identifier of the stream, and a first value. The first value is equal to the service index minus 1. The tunnel header is generated based on the tunnel information, where the tunnel header includes a network address of a first service function instance, and the first service function instance is the An example of a service function of the plurality of service function instances, where a network address of the first service function instance is identified by the service function path, and the identifier of the flow and the first value are determined;

Sending the second packet to the first service function instance;

The flow classifier is a network device capable of communicating with one of the plurality of service function instances corresponding to the first service function in the service function chain, or the flow classifier is the service The first business function of the function chain.

In the first implementation manner of the first aspect of the embodiment, before the receiving the flow table sent by the network control device, the method further includes:

Sending, to the network control apparatus, a request for assigning an identifier of the flow to the flow, where the request includes information of the flow;

Receiving a response of the identifier of the flow that is allocated by the network control device to the flow, where the response includes an identifier of the flow, where the identifier of the flow is different from the information of the flow.

In a second implementation manner of the first aspect of the embodiment, the identifier of the flow and the first value determine a network address of the first service function instance, where:

The flow classifier searches for, in the flow distribution publication, an entry matching the service function path identifier and the first value in the flow distribution publication by using the service function path identifier and the first value as a search key, the flow score The entry in the publication that matches the service function path identifier and the first value includes the first service function and a network address of multiple service function instances corresponding to the first service function, or the flow distribution is published. The entry that matches the service function path identifier and the first value includes a network address of the next service function and multiple service function instances corresponding to the next service function;

Determining, by the service function path identifier and the identifier of the flow, a plurality of service function instances included in the entry that matches the service function path identifier and the first value in the flow distribution Determining a network address of the first service function instance in the network address;

or,

Determining, by the traffic classifier identifier and the first value, the first service function and a network address of multiple service function instances corresponding to the first service function, or the next service function And a network address of multiple service function instances corresponding to the next service function;

Determining, by the service function path identifier and the identifier of the flow, a hash key, and determining, by the first service function or a network address of multiple service function instances corresponding to the next service function, a first service function instance website address.

In a third implementation manner of the first aspect of the embodiment, the service header is an NSH network service header, and the location of the identifier of the flow in the service header includes:

When the value of the MD-type field in the service header is equal to 0x2, the service header includes a TLV-Class, and the TLV-Class includes a Type Code and an identifier of the stream, where the Type Code is used to indicate the The TLV-Class carries the identifier of the stream;

or,

When the value of the MD-type field in the service header is equal to 0x1, the Mandatory Context Header in the service header carries the identifier of the flow.

The second aspect of the embodiment of the present application discloses a flow classifier, which is a network device capable of communicating with one of a plurality of service function instances corresponding to the first service function in the service function chain, Or the flow classifier is the first service function of the service function chain, and the flow classifier includes:

a receiving unit, configured to receive a flow table sent by the network control device, and obtain a first packet, where the flow table includes a rule of the flow, information of the service function chain to which the flow is bound, and the network control device The assigned label of the stream The information of the service function chain includes a service index, a service function path identifier corresponding to the service function chain, a network address of multiple service function instances corresponding to the first service function of the service function chain, and the multiple The tunnel information of the service function instance, or the information of the service function chain, includes a service index, a service function path identifier corresponding to the service function chain, and a next service function corresponding to the first service function of the service function chain. The network address of the service function instance, and the tunnel information of the plurality of service function instances, where the service index is a lifetime time value of the service function chain, and the lifetime time value is equal to the service function included in the service function chain. Quantity

a processing unit, configured to determine that the first packet obtained by the receiving unit matches the flow table, and encapsulate the first packet into a second packet, where the second packet includes a service header and a tunnel header The service header includes the service function path identifier, the identifier of the flow, and a first value, where the first value is equal to the service index minus 1, and the tunnel header is generated based on the tunnel information. The network header includes a network address of the first service function instance, where the first service function instance is one of the multiple service function instances, and the network address of the first service function instance is used by the service a function path identifier, the identifier of the stream and the first value determination;

And a sending unit, configured to send the second packet to the first service function instance determined by the processing unit.

In a first implementation manner of the second aspect of the embodiment, the processing unit is further configured to:

Sending, to the network control device, a request to allocate an identifier of the flow to the flow, the request including information of the flow, and receiving an identifier of the flow allocated by the network control device for the flow In response, the response includes an identifier of the flow, and the identifier of the flow is different from the information of the flow.

In a second implementation manner of the second aspect of the embodiment, the network address of the first service function instance is identified by the service function path, and the identifier of the stream and the processing determined by the first value are Units, including:

The processing unit is configured to: in the flow distribution publication, look up an entry matching the service function path identifier and the first value by using the service function path identifier and the first value as a search key, The entry in the score publication that matches the service function path identifier and the first value includes the network address of the first service function and multiple service function instances corresponding to the first service function, or the flow The entry in the sub-publishing that matches the service function path identifier and the first value includes the network address of the next service function and the multiple service function instances corresponding to the next service function, and the service function The path identifier and the identifier of the flow are search keywords, and the network address of the plurality of service function instances included in the entry that matches the service function path identifier and the first value in the flow distribution is determined. Describe the network address of the first service function instance;

or,

The processing unit is configured to determine, by the service function path identifier and the first value, a network address of the first service function and multiple service function instances corresponding to the first service function, or the next one a service function and a network address of the plurality of service function instances corresponding to the next service function, where the service function path identifier and the identifier of the stream are hash keys, from the first service function or the next service function The network address of the first service function instance is determined in the network address of the corresponding multiple service function instances.

In a third implementation manner of the second aspect of the embodiment, the processing unit is further configured to:

In the case that the service header is an NSH network service header, when the value of the MD-type field in the service header is equal to 0x2, the service header includes a TLV-Class, and the TLV-Class includes a Type Code and a An identifier of the flow, the Type Code is used to indicate that the TLV-Class carries an identifier of the flow;

or,

In the case that the service header is an NSH network service header, when the value of the MD-type field in the service header is equal to 0x1, the Mandatory Context Header in the service header carries the identifier of the flow.

The third aspect of the embodiment of the present application discloses a flow classifier, which includes: the flow classifier may be a communication function instance that can communicate with one of a plurality of service function instances corresponding to the first service function in the service function chain. The network device, or the flow classifier, may be the first service function of the service function chain, and the flow classifier includes:

a receiver, configured to receive a flow table sent by the network control device, and obtain a first packet, where the flow table includes a rule of the flow, information of the service function chain to which the flow is bound, and the network control device An identifier of the allocated service, where the information of the service function chain includes a service index, a service function path identifier corresponding to the service function chain, and a network address of multiple service function instances corresponding to the first service function of the service function chain, And the tunnel information of the multiple service function instances, or the information of the service function chain, including a service index, a service function path identifier corresponding to the service function chain, and a next service of the first service function of the service function chain a network address of the plurality of service function instances corresponding to the function, and tunnel information of the plurality of service function instances, where the service index is a lifetime time value of the service function chain, where the lifetime time value is equal to that included in the service function chain The number of business functions;

a processor, configured to determine that the first packet obtained by the receiver matches the flow table, and encapsulate the first packet into a second packet, where the second packet includes a service header and a tunnel header The service header includes the service function path identifier, the identifier of the flow, and a first value, where the first value is equal to the service index minus 1, and the tunnel header is generated based on the tunnel information. The network header includes a network address of the first service function instance, where the first service function instance is one of the multiple service function instances, and the first service function instance is an Internet protocol or multimedia access. The control address is identified by the service function path, and the identifier of the flow and the first value are determined;

And a transmitter, configured to send the second packet to the first service function instance determined by the processor.

A fourth aspect of the embodiments of the present disclosure discloses a storage device, where the storage device is applicable to a traffic classifier, where the traffic classifier may be in multiple service function instances corresponding to the first service function in the service function chain. a network function of a service function instance communication, or the flow classifier may be the first service function of the service function chain, the storage device comprising a memory and a processor connected to the memory through a bus;

The memory stores program code for performing message processing, the program code includes computer operation instructions, and the processor is configured to run the program code;

The program code for performing message processing includes: receiving a flow table sent by a network control device, the flow table includes a rule of a flow, information of a service function chain to which the flow is bound, and the network control An identifier of the flow of the service function, where the information of the service function chain includes a service index, a service function path identifier corresponding to the service function chain, and a network address of multiple service function instances corresponding to the first service function of the service function chain And the tunnel information of the multiple service function instances, or the information of the service function chain includes a service index, a service function path identifier corresponding to the service function chain, and a next service function of the service function chain a network address of the plurality of service function instances corresponding to the service function, and tunnel information of the plurality of service function instances, where the service index is a lifetime value of the service function chain, and the lifetime time value is equal to the service function The number of business functions contained in the chain;

Obtain the first message;

Determining that the first packet matches the flow table;

Sending the second packet to the first service function instance.

The fifth aspect of the embodiment of the present application discloses a packet processing method, where the packet processing method is performed by a first service function instance corresponding to a first service function of a service function chain, where the packet processing method includes:

Receive a second packet forwarded by the first service function instance corresponding to the previous service function of the first service function in the service classifier, where the service header in the second packet includes the service a service function path identifier corresponding to the function chain, an identifier of the stream allocated by the network control device, and a first value, where the first value is equal to the service index minus 1, and the tunnel header in the second packet includes the first service function And corresponding to the network address of the first service function instance, where the second packet includes a first packet, where the service index is a lifetime value of the service function chain, and the lifetime time value is equal to that included in the service function chain. The number of business functions;

Determining, according to the service function path identifier, the identifier of the flow and the first value, determining a network address of a second service function instance corresponding to a next service function of the first service function;

Performing service processing on the first packet according to the service header in the second packet;

The first packet is encapsulated into a third packet, and the service header in the third packet includes the service function path identifier, the identifier of the stream, and a second value, where the second value is equal to the The first value is decremented by 1. The tunnel header in the third packet includes a network address of the second service function instance corresponding to a next service function of the first service function, and a network of the second service function instance. The address is identified by the service function path, and the identifier of the flow and the second value are determined;

Sending the third packet to the second service function instance.

In the first implementation manner of the fifth aspect of the application, the method further includes:

Receiving, by the service function path identifier of the flow application, the service index, and tunnel information of multiple service function instances corresponding to a next service function of the first service function selected for the identifier of the flow Information Sheet.

In a second implementation manner of the fifth aspect of the present application, the identifier of the flow and the second value determine a network address of the second service function instance, where:

The entry that matches the service function path identifier and the second value in the flow distribution publication with the service function path identifier and the second value as a lookup key includes the next one of the first service function a service function, and a network address of multiple service function instances corresponding to the next service function;

Determining, by the service function path identifier and the identifier of the flow, the plurality of service functions included in the entry that matches the service function path identifier and the second value in the distribution publication Determining a network address of the second service function instance in the network address of the instance;

or,

Determining, by the service function path identifier and the second value, a next service function of the first service function, and a network address of multiple service function instances corresponding to the next service function;

The network function address of the second service function instance is determined from the network address of the multiple service function instances corresponding to the next service function by using the service function path identifier and the identifier of the flow as a hash key.

The sixth aspect of the embodiment of the present application discloses an example of a service function, where the service function instance is a first service function instance corresponding to the first service function of the service function chain, and includes:

a receiving unit, configured to receive a second packet forwarded by the first service function instance corresponding to the previous service function of the first service function in the service classifier, and the service in the second packet The header includes a service function path identifier corresponding to the service function chain, an identifier of the stream allocated by the network control device, and a first value, where the first value is equal to the service index minus 1, and the tunnel header in the second packet includes a network address of the first service function instance corresponding to the first service function, where the second packet includes a first packet, where the service index is a lifetime value of the service function chain, The lifetime value is equal to the number of business functions included in the business function chain;

a processing unit, configured to determine, according to the service function path identifier that is received by the receiving unit, the identifier of the stream and the second value determine a second service function instance corresponding to a next service function of the first service function The network address is processed according to the service header in the second packet received by the receiving unit, and the first packet is encapsulated into a third packet, where the first packet is encapsulated into a third packet. The traffic header in the third packet includes the service function path identifier, the identifier of the flow, and the second value, where the second value is equal to the first value minus 1, and the tunnel header in the third packet includes The network address of the second service function instance corresponding to the next service function of the first service function, the network address of the second service function instance is identified by the service function path, the identifier of the flow and the The second value is determined;

And a sending unit, configured to send the third packet to the second service function instance determined by the processing unit.

In a first implementation manner of the sixth aspect of the embodiments, the method further includes:

The receiving unit is further configured to receive, according to the service function path identifier of the flow application, the service index, and a next service function corresponding to the first service function selected for the identifier of the flow Information table of tunnel information for business function instances.

In a second implementation manner of the sixth aspect of the embodiment of the present application, the processing unit that is identified by the service function path, the identifier of the flow, and the second value determines a network address of the second service function instance, Also includes:

The processing unit is further configured to: use the service function path identifier and the second value as a search key to search for a table item that matches the service function path identifier and the second value in a stream distribution publication. a next service function of the first service function, and a network address of the plurality of service function instances corresponding to the next service function, where the service function path identifier and the identifier of the stream are search keywords, Determining, in the network address of the plurality of service function instances included in the entry that matches the service function path identifier and the second value, the network address of the second service function instance;

or,

The processing unit is further configured to determine, by the service function path identifier and the second value, a next service function of the first service function, and a network of multiple service function instances corresponding to the next service function. The address is determined by using the service function path identifier and the identifier of the flow as a hash key, and determining a network address of the second service function instance from the network addresses of the multiple service function instances corresponding to the next service function.

The seventh aspect of the embodiment of the present application discloses an example of a service function, where the service function instance is a first service function instance corresponding to the first service function of the service function chain, and includes:

a receiver, configured to receive a second packet forwarded by the first service function instance corresponding to the previous service function of the first service function in the service classifier, and the service in the second packet The header includes a service function path identifier corresponding to the service function chain, an identifier of the stream allocated by the network control device, and a first value, where the first value is equal to the service index minus 1, and the tunnel header in the second packet includes a network address of the first service function instance corresponding to the first service function, where the second packet includes a first packet, where the service index is a lifetime value of the service function chain, and the lifetime time value is equal to the service function chain. The number of business functions contained on;

a processor, configured to determine, according to the service function path identifier that is received by the receiver, the identifier of the stream and the second value determine a second service function instance corresponding to a next service function of the first service function The network address is processed according to the service header in the second packet received by the receiving unit, and the first packet is encapsulated into a third packet, where the first packet is encapsulated into a third packet. The traffic header in the third packet includes the service function path identifier, the identifier of the flow, and the second value, where the second value is equal to the first value minus 1, and the tunnel header in the third packet includes a network address of the second service function instance corresponding to a next service function of the first service function, the second service The network address of the function instance is identified by the service function path, and the identifier of the stream and the second value are determined;

And a transmitter, configured to send the third packet to the second service function instance determined by the processor.

The eighth aspect of the embodiment of the present application discloses a storage device, where the storage device is applicable to a first service function instance corresponding to a first service function of a service function chain, where the storage device includes a memory and is connected to the memory through a bus. Processor

The program code for performing message processing includes:

Sending the third packet to the second service function instance.

A ninth aspect of the embodiment of the present application discloses a message processing system, including a stream classifier, a service function instance, and a network control device;

The flow classifier includes the flow classifier disclosed in the second aspect of the embodiment of the present application or the third aspect of the embodiment of the present application, or the flow classifier includes the storage device disclosed in the fourth aspect of the embodiment of the present application;

The service function example includes the service function example disclosed in the sixth aspect of the embodiment of the present application or the seventh aspect of the embodiment of the present application, or the service function instance includes the storage device disclosed in the eighth aspect of the embodiment of the present application;

The network control device is a network controller or an AAA server, configured to receive a request sent by the flow classifier to allocate an identifier of the flow for a flow, where the request includes information about the flow, and is the flow A response to assign an identifier of the flow, the response including an identifier of the flow, the identifier of the flow being different from the information of the flow.

The packet processing method, the flow classifier, and the service function example provided by the embodiment of the present application are known from the technical solutions disclosed in the foregoing application. In the packet processing process, according to the identifier of the flow allocated by the network control device, the service function path identifier of the service function chain, and the service index determine a specific service function instance, and send the encapsulated to the determined specific service function instance. Message. The technical solution disclosed in the embodiment of the present application is more flexible than the method in the prior art for identifying and processing a packet by using a field in a packet.

DRAWINGS

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings to be used in the embodiments or the prior art description will be briefly described below. Obviously, the drawings in the following description are only It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any creative work.

1 is a schematic flowchart of a packet processing method according to Embodiment 1 of the present application;

2 is a schematic diagram of a format of a service header according to Embodiment 2 of the present application;

FIG. 3 is a schematic diagram of another format of a service header according to Embodiment 2 of the present application;

4 is a schematic flowchart of a packet processing method according to Embodiment 3 of the present application;

FIG. 5 is a schematic flowchart of a flow forwarding process of a clouded CPE solution according to Embodiment 3 of the present application;

FIG. 6 is a schematic structural diagram of a flow classifier according to Embodiment 1 and Embodiment 2 disclosed in Embodiment 5 of the present application;

FIG. 7 is a schematic structural diagram of a physical structure of a flow classifier according to Embodiment 5 of the present application;

FIG. 8 is a schematic structural diagram of a service function example according to Embodiment 3 disclosed in Embodiment 5 of the present application;

9 is a schematic diagram of an entity structure of a service function example according to Embodiment 5 of the present application;

FIG. 10 is a schematic structural diagram of a message processing system according to Embodiment 5 of the present application.

detailed description

The following is the full name and related explanation of the English abbreviation used in the embodiment of the present application:

IP: Internet Protocol, Internet Protocol;

MAC: Media Access Control, media access control;

NSH: Network Service Header, network service header;

SFC: Service Function Chaining, business function chain;

SF: Service Function, business function;

SFF: Service Function Forwarder, service function forwarder;

SFP: Service Function Path, service function path;

FC: Flow Classifier, stream classifier;

NAT: Network Address Translation, network address translation;

FW: Fire Wall, firewall;

TTL: Time To Live, the time to live value.

The technical solutions in the embodiments of the present application will be clearly described below with reference to the accompanying drawings in the embodiments of the present application. It is apparent that the described embodiments are only a part of the embodiments of the present application, and not all of them. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present application without departing from the inventive scope are the scope of the present application.

The forwarding device of the prior art uses only the fields in the message to identify and process the message, which is not flexible enough. The embodiment of the present application discloses a technical solution for packet processing, which is determined according to the identifier of the flow allocated by the network control device, the service function path identifier of the service function chain, and the service index in the process of processing the message. The service function instance sends the encapsulated packet to the specific service function instance. Compared with the field in the prior art, the message is identified and processed, and the packet is processed according to the identifier of the flow allocated by the network control device, and the processing manner is more flexible. The specific implementation process is described in detail by the following embodiments.

Embodiment 1

As shown in FIG. 1 , it is a schematic flowchart of a packet processing method disclosed in Embodiment 1 of the present application. The message processing method is performed by a stream classifier (FC). The FC may be a network device capable of communicating with one of the plurality of service function instances corresponding to the first service function (SF) in the service function chain (SF), or the SF may be the SFC The first SF. The message processing method includes the following steps:

S101. Receive a flow table sent by the network control device.

In S101, the flow table is used to indicate that the FC identifies a message of the flow. The flow table contains rules for the flow, the information of the SFC to which the flow is bound, and the identification of the flow (the ID of the flow) assigned by the network control device.

For example, the SFC to which the stream is bound means that the stream needs to be processed by the SFC. The ID of the stream is allocated by the network control device for the stream. The ID of the stream is used to identify the stream within the process that the stream is processed by the SFC. The ID of the stream can be a field, and the field can be a number. The network control device may assign an ID of the flow to the flow based on the application of the forwarding device. The network control device releases the ID of the flow when the flow is revoked or the flow session is terminated. Optionally, the network control device may allocate an ID of the multiple flows for multiple flows. The plurality of streams and the IDs of the plurality of streams are in one-to-one correspondence.

The information of the SFC includes a service index, a service function path identifier (SFP ID) corresponding to the SFC, a network address of multiple service function instances corresponding to the first SF of the SFC, and an instance of the multiple service function instances. Tunnel information;

Or the information of the SFC includes a service index, an SFP ID corresponding to the SFC, a network address of multiple service function instances corresponding to a next SF of the first SF of the SFC, and an instance of the multiple service function instances. Tunnel information.

The service index mentioned above is used to provide a location in the service path. The service index is a field in a service path header. The service path header may also include a service path ID field. Refer to section 3.3 on page 11 of the standard document draft-quinn-sfc-nsh-07 for service indexing, service path identification, and service path headers.

In the embodiment of the present application, the service index is a time-to-live value (TTL) of the service function chain. The TTL is equal to the number of service functions included in the service function chain. It should be noted that the service function chain includes at least N service functions, and N is a positive integer greater than 1.

The tunnel information mentioned above includes: a tunnel endpoint identifier (for example, an IP address), a tunnel type (for example, NSH OVER UDP), and a TTL (for example, a service index of the NSH).

It should be noted that one SF is composed of at least one data link layer or a service function instance of the same service type reachable by the network layer. The business function example is a combination of SF and SFF, for example: NSH aware VAS. The service function instance has forwarding information. The forwarding information includes routing information or interface information. When the service function instance performs forwarding, the routing table is searched based on the routing information, or the media access control (MAC) table is searched based on the interface information.

S102. Acquire a first packet.

S103. Determine that the first packet matches the flow table.

S104. Encapsulate the first packet as a second packet.

In S104, the second packet includes a service header and a tunnel header. The service header includes the SFP ID, an ID of the flow, and a first value. The first value is equal to the TTL minus one.

For the SFP ID (SFP-id), refer to the standard document "draft-ietf-sfc-control-plane-03" published by the IETF on January 21, 2016. The name of the standard document is "Service Function Chaining (SFC) Control Plane Components&Requirements". The embodiment of the application refers to the standard document Draft-ietf-sfc-control-plane-03, and the standard document draft-ietf-sfc-control-plane-03 is included as part of the disclosure of the present application;

The tunnel header is generated based on the tunnel information obtained in step S101. The tunnel header includes a network address of the first service function instance. The first service function instance is one of the plurality of service function instances. The network address of the first service function instance is determined by the SFP ID, the ID of the stream, and the first value;

The network address of the first service function instance includes an IP address or a MAC protocol address.

It should be noted that, when the service header is an NSH header, the NSH header may be generated based on a Payload (net load) of a UDP packet, or may be generated based on a Payload of a transit frame.

The NSH may include a Base Header, a Service Path Header, and a context header. For network heads, base headers, service path headers, and context headers, refer to section 3 on page 9-15 of the standard document draft-quinn-sfc-nsh-07.

The standard document "draft-quinn-sfc-nsh-07" is named "Network Service Header". The standard document was published on February 24, 2015. The publisher of the standard document is the IETF. The standard document "draft-quinn-sfc-nsh-07" is referred to in the embodiment of the present application, and the standard document "draft-quinn-sfc-nsh-07" is taken as an integral part of the content disclosed in the embodiment of the present application.

S105. Send the second packet to the first service function instance.

It should be noted that, when the FC performing the foregoing S101 to S105 is a network device capable of communicating with one of the plurality of service function instances corresponding to the first service function in the service function chain, the first The service function instance is one of multiple service function instances corresponding to the first SF of the SFC. When the FC of the foregoing S101 is the first SF of the SFC, the first service function instance is one of the plurality of service function instances corresponding to the next SF on the SFC.

It should be noted that S101-S105 describes the processing of a stream. When multiple flows exist in the network, you can process multiple flows by referring to the preceding steps and implement load balancing. The following describes how to implement the scenario of multiple streams in combination with S101-S105. The technical content not mentioned below can be referred to the description of S101-S105 above.

For S101, the flow table includes rules of the multiple flows, information of a service function chain to which the multiple flows are bound, and the multiple flows allocated by the network control device to the multiple flows Logo. The plurality of streams are bound to the same business function chain. The FC may identify the plurality of flows according to rules of the plurality of flows. For example, the FC may parse the message using the rules of the flow to determine the characteristics of the message. The identifiers of the plurality of streams are in one-to-one correspondence with the plurality of streams. A stream in this application refers to a collection of messages having the same characteristics. The feature can be a port for receiving a message or a field in a packet header. Alternatively, the feature may be a port for receiving a message, and a field in the header of the message. The field in the message header can be a field or multiple fields. For example, the set of packets received by the same inbound interface can be considered to belong to the same flow. It can also be considered that the set of packets with the same quintuple (source IP address, destination IP address, source port, destination port, and protocol number) belongs to the same stream. It can also be considered that the set of packets in which the binary group (source IP address and destination IP address) are the same belongs to the same stream.

For S102, the FC acquires multiple messages. For example, the FC acquires message 1 and message 2. Specifically, the FC can receive the message 1 and the message 2 through the ingress port. The FC can also generate message 1 and message 2. Message 1 and Message 2 belong to Stream 1 and Stream 2, respectively.

For S103, the FC determines that the plurality of packets match the flow table. For example, the FC determines that the message 1 matches the stream 1 according to the rules of the multiple flows. Determining, according to the rules of the multiple flows, the packet 2 and the stream 2 Match. Specifically, the rules of the multiple flows include a rule of flow 1 and a rule of flow 2. The FC determines that the packet 1 matches the rule of the stream 1 by using the quintuple of the packet 1 as a search key. The FC determines that the packet 2 matches the rule of the stream 2 by using the quintuple of the packet 2 as a search key. The matching field of the rule of stream 1 contains the quintuple of message 1. The matching field of the rule of stream 2 contains the quintuple of message 2.

For S104, the FC encapsulates multiple packets to obtain multiple encapsulated packets. The plurality of messages are aligned with the plurality of encapsulated messages. For example, the FC encapsulates the packet 1 into the packet 3 and the packet 2 into the packet 4. The tunnel header contained in packet 3 contains the IP address of service function instance 1. The tunnel header contained in packet 4 contains the IP address of service function instance 2. Specifically, the FC determines an IP address of the service function instance 1 according to the service function path identifier, the identifier of the stream 1 and the first value. The FC determines an IP address of the service function instance 2 according to the service function path identifier, the identifier of the stream 2, and the first value. The service function instance 1 and the service function instance 2 correspond to the same service function. Therefore, the service function instance 1 and the service function instance 2 can load balance traffic.

In this application, a business function instance can perform a corresponding business function. A business function instance can include a processor and a memory coupled to the processor. A computer program is included in the memory. The processor performs a business function by executing the computer program. For example, a business function instance can be a router, a network switch, or a hardware firewall.

The FC sends a message 1 to the service function instance 1 and a message 2 to the service function instance 2, respectively. That is to say, different flows are sent to different service function instances, and load sharing of traffic is realized.

As can be seen from the above description, the load sharing of traffic can be achieved by using the method shown in FIG. 1 in a scenario of multiple flows.

The technical solution disclosed in Embodiment 1 of the present application is to receive a flow table sent by a network control device, where the flow table includes a rule of a flow, information of an SFC to which the flow is bound, and a flow allocated by the network control device. ID. In the packet processing process, according to the identifier of the flow allocated by the network control device, the service function path identifier of the service function chain, and the service index determine a specific service function instance, and send the encapsulated to the determined specific service function instance. Message. In the technical solution disclosed in the embodiment of the present application, the packet is processed and processed according to the identifier of the flow allocated by the network control device, and the processing manner is more flexible.

It should be noted that, regarding the SFC, SF, SFF, and SFP involved in the embodiments of the present application, please refer to the standard document RFC7665 published by the IETF in October 2015. The name of the standard document is "Service Function Chaining (SFC) Architecture".

The embodiment of the present application refers to the standard document RFC7665, and the standard document RFC7665 is taken as an integral part of the content disclosed in the present application.

Embodiment 2

The method for processing a message according to the above-mentioned first embodiment of the present application, before performing the step S101 of receiving the flow table sent by the network control device, further includes:

The FC first sends a request to the network control apparatus to allocate an ID of the flow for the flow, where the request includes information of the flow;

And receiving a response of the ID of the flow that is allocated by the network control device to the flow, where the response includes an identifier of the flow, and the identifier of the flow is different from the information of the flow.

In the technical solution disclosed in the embodiment of the present application, the ID of the network control device to allocate the flow based on the FC request may be implemented, and the network control device may pre-save a mapping table of the ID of the flow and the information of the flow;

When the FC receives the packet belonging to the flow, the information of the flow may be acquired. The information of the stream can The port that the FC receives the packet belonging to the flow. The information of the flow may also be a field in the message belonging to the flow. For example, the destination IP address. It can also be a combination of the above information, such as port and destination IP address.

After the FC acquires the information of the flow, the request may be sent to the network control device. For example, the request includes a port and a destination IP address.

After the network control device receives the request, the port and the destination IP address are used as search keys, and the entry matching the port and the destination IP address is searched in the pre-stored mapping table to obtain the ID of the stream. ;

After the network control device obtains the identifier of the flow, a response including the ID of the flow is sent to the FC.

After the FC receives the response, the identifier of the flow is obtained from the response. Thus, the flow table is generated based on the ID of the flow.

In the embodiment of the present application, the behavior of sending the identifier of the flow to the network device (corresponding SF) of the FC or the FC is referred to as an identifier of the flow distribution flow.

The network control device may allocate the ID of the flow to the flow by statically assigning the ID of the flow, or may assign the ID of the flow to the flow by dynamically assigning the ID of the flow.

The process of statically assigning the ID of the stream is:

The network control device predetermines a mapping relationship between the user identifier and the ID of the stream, and saves;

After receiving the packet, the FC obtains the user information and sends the user information, and then the network control device searches for the mapping relationship and delivers a forwarding table containing the ID of the stream (the ID of the stream is assigned to the stream).

The process of dynamically assigning the ID of a stream is:

The network control device does not predetermine and save the mapping relationship between the user identifier and the ID of the stream;

After the FC receives the packet, the FC obtains the user information and sends the user information, and then the network control device searches for the mapping relationship from the resource pool, and delivers a forwarding table containing the ID of the stream (the ID of the stream is assigned to the stream) .

Embodiment 1 of the present application discloses a message processing method. The network address of the first service function instance included in the tunnel header of the second packet obtained in step S104, the network address of the first service function embodiment is the SFP ID, the ID of the stream, and The first value is determined. The process of determining specifically includes the following two methods:

In the first mode, the FC receives the distribution of the traffic sent by the network control device:

The FC searches for an entry matching the SFP ID and the first value in the score publication with the SFP ID and the first value as a search key. The entry in the flow distribution that matches the SFP ID and the first value includes a network address of the first SF and multiple service function instances corresponding to the first SF; or, the flow score The entry in the publication that matches the SFP ID and the first value includes a network address of multiple service function instances corresponding to the next SF and the next SF;

Determining, by using the SFP ID and the ID of the stream as a search key, from a network address of multiple service function instances included in the entry that matches the SFP ID and the first value in the distribution publication The network address of the first service function instance.

In the second mode, the FC does not receive the distribution of the distribution issued by the network control device:

The FC determines, by the SFP ID and the first value, a network address of the first SF and multiple service function instances corresponding to the first SF. Or, the FC determines, by using the SFP ID and the first value, a network address of multiple service function instances corresponding to the next SF and the next SF;

The network address of the first service function instance is determined from the network addresses of the plurality of service function instances corresponding to the first SF or the next SF by using the SFP ID and the ID of the stream as a hash key.

As can be seen from the above, the FC can determine the first SFC in different ways according to the content sent by the network control device. The network address of the service function instance of the SF or the next SF. That is, if the FC receives the distribution of the traffic sent by the network control device. The FC publishes, according to the flow distribution, a network address of the first service function instance in the network address of the multiple service function instances of the first or next SF of the SFC, and sends the encapsulated second packet to the first Business function instance;

If the FC does not receive the distribution of the traffic sent by the network control device. The FC may determine, by using the SFP ID and the ID of the stream as a hash key, from a network address of multiple service function instances corresponding to the first SF or the next SF. A network address of the service function instance, and the encapsulated second packet is sent to the first service function instance.

Based on the content disclosed in the foregoing embodiment of the present application, when the service header used by the SFC forwarding is an NSH, the NSH needs to be extended. Specifically, the location of the service flow ID in the service header includes:

A schematic diagram of the format of the service header shown in FIG. When the value of the MD-type field in the service header is equal to 0x2 (representing 2 in hexadecimal), the service header is extended. That is to extend a new TLV-Class. The TLV-Class includes a Type Code and an ID of the stream. The Type Code is used to indicate that the TLV-Class carries an ID of the stream. That is, carrying the ID of the stream in the TLV;

A schematic diagram of the format of the service header shown in FIG. When the value of the MD-type field in the service header is equal to 0x1 (representing 1 in hexadecimal), the Mandatory Context Header in the traffic header carries the ID of the stream.

Through the technical solution disclosed in the foregoing, the embodiment of the present application determines a specific service function instance according to the identifier of the flow allocated by the network control device, the service function path identifier of the service function chain, and the service index in the message processing process, and The determined specific service function instance sends the encapsulated message. In the technical solution disclosed in the embodiment of the present application, the packet is processed and processed according to the identifier of the flow allocated by the network control device, and the processing manner is more flexible.

Embodiment 3

For the packet processing method performed by the FC disclosed in the first embodiment and the second embodiment of the present application, FIG. 4 shows another packet processing method. The packet processing method is performed by the first service function instance corresponding to the first SF of the SFC. The first SF is the last SF on the non-SFC. As shown in Figure 4, the following steps are included:

S201. Receive a second packet forwarded by the first service function instance corresponding to the previous SF of the first SF in the FC or the SFC.

In S201, the service header in the second packet includes an SFP ID corresponding to the SFC, an ID of the stream allocated by the network control device, and a first value. The first value is equal to the service index minus one. The tunnel header in the second packet includes a network address of the first service function instance corresponding to the first SF. The second packet includes a first packet. For example, the second message involved in S201 may be the second message involved in S104. For example, the execution entity first service function instance of the method described in FIG. 4 may be the first service function instance involved in S105. The first packet involved in S201 may be the first packet involved in S101. Therefore, for the first packet, the second packet, and the first service function instance, reference may be made to the description of the method shown in FIG. 1 in the embodiment, and details are not described herein again.

In the embodiment of the present application, the service index is a time-to-live value (TTL) of the service function chain. The TTL is equal to the number of service functions included in the service function chain. It should be noted that the business function chain includes at least N Business function, N is a positive integer greater than 1.

S202. Determine, according to the SFP ID, the network address of the second service function instance corresponding to the next SF of the first SF, and the first value.

S203. Perform service processing on the first packet according to the service header in the second packet.

S204, the first packet is encapsulated into a third packet.

In S204, the service header in the third packet includes the SFP ID, an ID of the stream, and a second value. The second value is equal to the first value minus one. The tunnel header in the third packet includes a network address of the second service function instance corresponding to the next SF of the first SF. The network address of the second service function instance is determined by the SFP ID, the ID of the stream, and the second value.

S205. Send the third packet to the second service function instance.

A message processing method is disclosed based on the above-mentioned Embodiment 3 of the present application. The network address of the second service function instance included in the tunnel header of the third packet obtained in S204 is executed. The network address of the second service function embodiment is determined by the SFP ID, the ID of the stream, and the second value. The process of determining specifically includes the following three methods:

In a first mode, the first service function instance may receive the SFP ID including the flow application, the service index, and a next service function corresponding to the first service function selected for the ID of the flow. An information table of tunnel information for multiple business function instances.

In the technical solution disclosed in the embodiment of the present application, the first service instance may determine a service function instance to be forwarded to the next SF of the SFC based on the information included in the information table, and perform service processing and forwarding. After the third packet, the service header and the tunnel header of the third packet are updated.

In the second mode, the first service function instance receives the distribution of the traffic sent by the network control device:

And searching for the entry matching the SFP ID and the second value in the score publication with the SFP ID and the second value as a search key. The entry that matches the SFP ID and the second value includes a next SF of the first SF, and a network address of multiple service function instances corresponding to the next SF;

Determining, by the SFP ID and the ID of the stream, a network address of the multiple service function instances included in the entry that matches the SFP ID and the second value in the distribution of the distribution The network address of the second service function instance is determined.

In the third mode, the first service function instance does not receive the score distribution sent by the network control device:

Determining, by the SFP ID and the second value, a next SF of the first SF, and a network address of multiple service function instances corresponding to the next SF;

The network address of the second service function instance is determined from the network addresses of the plurality of service function instances corresponding to the next SF by using the SFP ID and the ID of the stream as a hash key.

The first service function instance that receives the second packet is a service function instance of the last SF on the SFC, in the process of performing the forwarding in the manner of receiving the distribution of the distribution or not receiving the distribution of the distribution. Time: The service header of the second packet is removed, and the forwarding is performed according to the L2/L3 routing mode.

The packet processing method disclosed in the foregoing embodiment of the present application is performed by the first service function instance of the non-last SF on the SFC of the streaming application. Similarly, the second message includes an identifier of the stream allocated by the network control device. In the packet processing process, according to the identifier of the flow allocated by the network control device, the service function path identifier of the service function chain, and the service index determine a specific service function instance, and send the encapsulated to the determined specific service function instance. Message. In the technical solution disclosed in the embodiment of the present application, the packet is processed and processed according to the identifier of the flow allocated by the network control device, and the processing manner is more flexible.

Embodiment 4

The FC execution message processing method disclosed in the first embodiment of the present application, the FC execution message processing method disclosed in the second embodiment, and the first service function instance of the non-last SF on the SFC are disclosed in the third embodiment. The packet processing method is described in the fourth embodiment of the present application.

A solution for cloud customer premises equipment (CPE). The cloud CPE only retains the basic layer 2 (L2) and device management functions, so that the NAT and FW functions of the traditional CPE form a service chain of CPE traffic. As shown in FIG. 5, it is a schematic block diagram of the structure of the clouded CPE solution. With the load balancing method disclosed in the embodiment of the present application, the process of performing flow forwarding in the solution includes:

First, you need to make two pre-sets:

STATION1: The network operation and maintenance personnel pull up a set of corresponding NAT and FW service instances on the remote end (for example, the server in the metropolitan area network DC) and pre-configure them to provide network connectivity.

STATION2: Add authentication and authorization information in the authentication, authorization and accounting data base (AAA DB). For example, configure authentication mode, domain information, fine binding circuit information, and authorized service chain ID. The AAA DB is equivalent to a network control device.

After the L2CPE is powered on, the following steps are performed:

S1: The broadband remote access server (BRAS) according to the circuit information of any uplink message from the L2CPE (access interface + QinQ, for example, the L2CPE and the OLT shown in FIG. 5 layer each layer of the message) VLAN tag) triggers authentication. The authentication request message carries the information such as the access domain, the user information, and the network access identifier to the authentication, authorization, and accounting server (AAA Server) authentication. BRAS can be used to implement FC. BRAS can also be the first service node on the service chain.

S2: After the AAA Server (equivalent to the network control device) passes the authentication, the authentication response message is sent to the BRAS, and the result of the authentication is passed, and the L2CPE (representing the home user or the enterprise user) is associated with the authorization information and the assigned flow. ID.

S3: After receiving the authentication and authorization result, the BRAS generates a corresponding user table. In the user table of the uplink traffic, the flow rule table information of the L2CPE upstream traffic identifier (access interface + QinQ) to the SFC ID and the ID mapping of the flow is reflected (the flow rule table here is used to implement the flow table in S101).

Optionally, the S4:vCPE control and management device (for example, the SFC controller, which is equivalent to the network control device) can load and preload the service function instances of the service function according to NAT, FW (NAT and FW are equivalent to service nodes of the service chain). The load balancing policy is used to generate a specific service function instance that is sent to the BRAS, the NAT, and the FW, and is used to guide the newly-introduced L2CPE traffic to each suitable service function instance in the service function chain, or to adjust the existing part of the migration. L2CPE traffic of the service function instance (in the case where there is a synchronization of the service session data between the old and new service function instances that require service traffic migration).

Among them, the SFC controller can be set to issue the default stream distribution. When the BRAS or NAT, FW service instance check score publication does not hit, it can be distributed according to the default stream distribution.

S5: The BRAS is the NSH (service header) of the L2CPE uplink traffic encapsulation service packet, and carries the corresponding SFC ID, service index, and flow ID, and is forwarded to the corresponding next service function according to the traffic distribution of the service function chain. Example of a business function (such as CGN 1, or CGN2, ..., or CGN N in Figure 5);

S6: According to the specific service function instance (CGN 1, or CGN2, ..., or CGN N), based on the received score The publication and service messages continue to execute specific business function instances that are forwarded to the next business function (eg, FW1, or FW2, ... or FW N in Figure 5).

As shown in Table 1 below, the flow rules table of the BRAS for the service chain BRAS→CGN→FW, and the flow table of the BRAS are published as shown in Table 2 below.

Table 1:

Table 2:

As shown in Table 3 below, the CGN distribution is published for the service chain BRAS→CGN→FW.

table 3:

It can be known from the above flow table and the flow distribution that the service flow of the L2CPE whose circuit information is (P+V+V:1/100/200) is accessed from the BRAS, and the ID (Flow ID) of the assigned flow is 1, specifying The application service chain business chain BRAS → CGN → FW, the corresponding SFC ID is 2. When performing the above process, the BRAS forwards the uplink traffic of the L2CPE to the CGN service instance CGN1 according to the flow distribution, and the CGN1 forwards the uplink traffic to the L2CPE to the FW service instance FW1 according to the flow distribution.

The packet processing method disclosed in the embodiment of the present application determines the specificity according to the identifier of the flow allocated by the network control device, the service function path identifier of the service function chain, and the service index in the packet processing process. The service function instance sends the encapsulated packet to the specific service function instance. In the technical solution disclosed in the embodiment of the present application, the packet is processed and processed according to the identifier of the flow allocated by the network control device, and the processing manner is more flexible.

Embodiment 5

Based on the packet processing method disclosed in the first embodiment and the second embodiment of the present application, the corresponding fifth embodiment of the present application further discloses an FC that executes the foregoing packet processing method. The FC may be a network device capable of communicating with one of a plurality of service function instances corresponding to the first SF in the SFC. Alternatively, the FC can be The first SF of the SFC. As shown in FIG. 6, the FC mainly includes a receiving unit 11, a processing unit 12, and a transmitting unit 13.

The receiving unit 11 is configured to receive a flow table sent by the network control device, and obtain the first packet;

The flow table includes rules of the flow, information of the SFC to which the flow is bound, and an ID of the flow allocated by the network control device. The information of the SFC includes a service index, an SFP ID corresponding to the SFC, a network address of multiple service function instances corresponding to the first SF of the SFC, and tunnel information of the multiple service function instances. Or the information of the SFC includes a service index, an SFP ID corresponding to the SFC, a network address of multiple service function instances corresponding to a next SF of the first SF of the SFC, and an instance of the multiple service function instances. Tunnel information.

The service index is a lifetime time value of the SFC. The time to live value is equal to the number of SFs included on the SFC;

The processing unit 12 is configured to determine that the first packet obtained by the receiving unit 11 matches the flow table, and encapsulate the first packet into a second packet.

The second packet includes a service header and a tunnel header. The service header includes the SFP ID, an ID of the flow, and a first value. The first value is equal to the service index minus one.

The tunnel header is generated based on the tunnel information. The tunnel header includes a network address of the first service function instance. The first service function instance is one of the plurality of service function instances. The network address of the first service function instance is determined by the SFP ID, the ID of the stream, and the first value.

The sending unit 13 is configured to send the second packet to the first service function instance determined by the processing unit 12.

In the technical solution disclosed in the embodiment of the present application, preferably, the processing unit is further configured to: send, to the network control apparatus, a request for allocating an identifier of the flow to the flow, where the request includes the flow And receiving, by the network control device, a response of the identifier of the flow that is allocated by the network control device, where the response includes an identifier of the flow, where the identifier of the flow is different from the information of the flow.

It should be noted that the network address of the first service function instance is identified by the service function path, and the identifier of the flow and the processing unit 12 determined by the first value are sent by the network control device. The flow distribution is published, and the determination of the network address of the first service function instance has two different execution modes:

The processing unit 12 is configured to search, in the score distribution, an entry matching the SFP ID and the first value by using the SFP ID and the first value as a search key. The entry in the distribution publication that matches the SFP ID and the first value includes a network address of the first SF and multiple service function instances corresponding to the first SF. Alternatively, the entry in the distribution publication that matches the SFP ID and the first value includes a network address of multiple service function instances corresponding to the next SF and the next SF. Determining, by using the SFP ID and the ID of the stream as a search key, from a network address of multiple service function instances included in the entry that matches the SFP ID and the first value in the distribution publication a network address of the first service function instance;

In the second mode, the FC does not receive the distribution of the traffic sent by the network control device:

The processing unit 12 is configured to determine, by using the SFP ID and the first value, a network address of the first SF and multiple service function instances corresponding to the first SF. Or determining, by using the SFP ID and the first value, a network address of multiple service function instances corresponding to the next SF and the next SF. The network address of the first service function instance is determined from the network addresses of the plurality of service function instances corresponding to the first SF or the next SF by using the SFP ID and the ID of the stream as a hash key.

In the technical solution disclosed in the embodiment of the present application, the processing header obtained when the foregoing encapsulation is performed, the processing order The element 12 is further configured to: when the service header is an NSH network service header, when the value of the MD-type field in the service header is equal to 0x2, the service header includes a TLV-Class. The TLV-Class includes a Type Code and an identifier of the stream. The Type Code is used to indicate that the TLV-Class carries an identifier of the flow;

or,

Based on an FC disclosed in the above embodiment of the present application, each unit in the FC disclosed above may be integrated into an entity in a practical application, as shown in FIG. 7, including a receiver 101, a processor 102, and a transmitter 103. Specifically, the receiving unit 11 may be the receiver 101, the sending unit 13 may be the transmitter 103, and the processing unit 12 may be the processor 102. The processor 101 and the transmitter 103 are controlled by the processor 102 to perform corresponding operations. The processor 2 may be a central processing unit CPU, or a specific integrated circuit ASIC, or one configured to implement the embodiments of the present application. Multiple integrated circuits.

Based on the above-mentioned FC disclosed in the embodiment of the present application, the embodiment of the present application further discloses a storage device, where the storage device is applicable to the FC, and the storage device includes a memory and a processor connected to the memory through a bus. ;

The program code for performing message processing includes:

Receive a flow table sent by the network control device. The flow table contains rules for the flow, information of the SFC to which the flow is bound, and the ID of the flow assigned by the network control device. The information of the SFC includes a service index, an SFP ID corresponding to the SFC, a network address of multiple service function instances corresponding to the first SF of the SFC, and tunnel information of the multiple service function instances. Or the information of the SFC includes a service index, an SFP ID corresponding to the SFC, a network address of multiple service function instances corresponding to a next SF of the first SF of the SFC, and an instance of the multiple service function instances. Tunnel information. The service index is a lifetime time value of the SFC. The lifetime time value is equal to the number of SFs included on the SFC;

Obtain the first message;

Determining that the first packet matches the flow table;

The first packet is encapsulated into a second packet. The second packet includes a service header and a tunnel header. The service header includes the SFP ID, an ID of the flow, and a first value. The first value is equal to the service index minus one. The tunnel header is generated based on the tunnel information. The tunnel header includes a network address of the first service function instance. The first service function instance is one of the plurality of service function instances. The network address of the first service function instance is determined by the SFP ID, the ID of the stream, and the first value.

Sending the second packet to the first service function instance.

The above mentioned memory may include a high speed RAM memory, and may also include a nonvolatile memory such as at least one disk memory;

The processor may be a central processing unit CPU, or a specific integrated circuit ASIC, or one or more integrated circuits configured to implement embodiments of the present application.

Based on the above-mentioned packet processing method disclosed in the third embodiment of the present application, the corresponding fifth embodiment of the present application further corresponding to the first service function instance corresponding to the first SF of the SFC that executes the packet processing method, the first The SF is not the last SF on the SFC. As shown in FIG. 8, the first service function instance 20 mainly includes: a receiving unit 21, a processing unit 22, and a sending unit 23.

The receiving unit 21 is configured to receive a second packet forwarded by the first service function instance corresponding to the previous service function of the first service function in the FC or the SFC. The service header in the second packet includes an SFP ID corresponding to the SFC, an ID of a stream allocated by the network control device, and a first value. The first value is equal to the service index minus one. The tunnel header in the second packet includes a network address of the first service function instance corresponding to the first service function. The second packet includes a first packet. The service index is a lifetime time value of the SFC. The time to live value is equal to the number of service functions included on the SFC;

The processing unit 22 is configured to determine, according to the SFP ID received by the receiving unit 21, the ID of the stream and the second value, a network of a second service function instance corresponding to a next SF of the first SF. address. And performing service processing on the first packet according to the service header in the second packet received by the receiving unit, and encapsulating the first packet into a third packet. The service header in the third packet includes the SFP ID, an ID of the stream, and a second value. The second value is equal to the first value minus one. The tunnel header in the third packet includes a network address of the second service function instance corresponding to the next SF of the first SF. The network address of the second service function instance is determined by the SFP ID, the ID of the stream, and the second value.

The sending unit 23 is configured to send the third packet to the second service function instance determined by the processing unit 22.

In the technical solution disclosed in the embodiment of the present application, preferably, the receiving unit 21 is further configured to receive the SFP ID including the flow application, the service index, and the selected for the ID of the flow. An information table of tunnel information of a plurality of service function instances corresponding to the next SF of the first SF.

In the technical solution disclosed in the embodiment of the present application, the processing unit 22 that determines the network address of the second service function instance by using the SFP ID, the ID of the stream, and the second value, further includes:

The processing unit 22 is further configured to search, in the score distribution, an entry matching the SFP ID and the second value by using the SFP ID and the second value as a search key. The entry matching the SFP ID and the second value in the flow distribution includes the next SF of the first SF and the network address of the multiple service function instances corresponding to the next SF. Determining, by using the SFP ID and the ID of the stream as a search key, a network address of multiple service function instances included in the entry that matches the SFP ID and the second value in the distribution publication The network address of the second service function instance;

or,

The processing unit 22 is further configured to determine, by the SFP ID and the second value, a next SF of the first SF, and a network address of multiple service function instances corresponding to the next SF. The network address of the second service function instance is determined from the network addresses of the plurality of service function instances corresponding to the next SF by using the SFP ID and the ID of the stream as a hash key.

Based on the foregoing business function example disclosed in the embodiment of the present application, in the actual application, each module in the foregoing disclosed service function instance may be integrated into an entity, as shown in FIG. 9, including the receiver 201, the processor 202, and Transmitter 203. Specifically, the receiving unit 21 may be the receiver 201, the processing unit 22 may be the processor 202, and the sending unit 23 may be the transmitter 203. The receiver 201 and the transmitter 203 are controlled by the processor 202 to perform corresponding operations. The processor 202 may be a central processing unit CPU, or a specific integrated circuit ASIC, or one configured to implement the embodiments of the present application. Multiple integrated circuits.

Based on the foregoing service function example disclosed in the embodiment of the present application, the embodiment of the present application further discloses a storage device, where the storage device is applicable to the service function instance, where the storage device includes a memory and a bus and the memory. Connected processor

The program code for performing message processing includes:

Receiving a second packet forwarded by the first service function instance corresponding to the previous service function of the first service function in the traffic classifier or the service function chain. The service header in the second packet includes a service function path identifier corresponding to the service function chain, an identifier of the stream allocated by the network control device, and a first value. The first value is equal to the service index minus one. The tunnel header in the second packet includes a network address of the first service function instance corresponding to the first service function. The second packet includes a first packet. The service index is a lifetime time value of the service function chain. The lifetime time value is equal to the number of service functions included in the service function chain;

The first packet is encapsulated into a third packet. The service header in the third packet includes the service function path identifier, the identifier of the stream, and a second value. The second value is equal to the first value minus one. The tunnel header in the third packet includes a network address of the second service function instance corresponding to the next service function of the first service function. The network address of the second service function instance is identified by the service function path, and the identifier of the flow and the second value are determined;

Sending the third packet to the second service function instance.

In addition, the embodiment of the present application further discloses a message processing system 40, as shown in FIG. 10, including the FC disclosed in FIG. 6 or FIG. 7 or the FC applicable to the storage device disclosed in the embodiment of the present application. The service function example 20 disclosed in FIG. 8 or FIG. 9 or the service function example 20 applicable to the storage device disclosed in the embodiment of the present application, and the network control device 30 for transmitting the flow table;

The network control device 30 is a network controller or an AAA server, and the ID control unit 31 of the flow is provided in the network control device 30.

In summary, a packet processing system disclosed in the embodiment of the present application determines the specificity according to the identifier of the flow allocated by the network control device, the service function path identifier of the service function chain, and the service index in the packet processing process. The service function instance sends the encapsulated packet to the determined specific service function instance. The technical solution disclosed in the embodiment of the present application is used to identify and process a packet according to a field in a packet, and the packet is processed according to the identifier of the stream allocated by the network control device. The way is more flexible.

The various embodiments in the specification of the present application are described in a progressive manner, and each embodiment focuses on differences from other embodiments, and the same similar parts between the various embodiments may be referred to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant parts can be referred to the method part. The steps of a method or algorithm described in connection with the embodiments disclosed herein can be implemented directly in hardware, a software module executed by a processor, or a combination of both. The software module can be placed in random access memory (RAM), memory, read only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, CD-ROM, or technical field. Any other form of storage medium known.

The above description of the disclosed embodiments enables those skilled in the art to make or use the invention. Various modifications to these embodiments will be apparent to those skilled in the art.

Claims

A packet processing method, characterized in that the method is performed by a stream classifier, the method comprising:

Receiving a flow table sent by the network control device, where the flow table includes rules of the flow, information of the service function chain to which the flow is bound, and an identifier of the flow allocated by the network control device, the service function The information of the chain includes a service index, a service function path identifier corresponding to the service function chain, a network address of multiple service function instances corresponding to the first service function of the service function chain, and a tunnel of the multiple service function instances. The information, or the information of the service function chain, includes a service index, a service function path identifier corresponding to the service function chain, and a network of multiple service function instances corresponding to the next service function of the first service function of the service function chain. An address, and the tunnel information of the multiple service function instances, where the service index is a lifetime value of the service function chain, where the lifetime time value is equal to the number of service functions included in the service function chain;

Obtain the first message;

Determining that the first packet matches the flow table;

The first packet is encapsulated into a second packet, where the second packet includes a service header and a tunnel header, and the service header includes the service function path identifier, the identifier of the stream, and a first value. The first value is equal to the service index minus 1. The tunnel header is generated based on the tunnel information, where the tunnel header includes a network address of a first service function instance, and the first service function instance is the An example of a service function of the plurality of service function instances, where a network address of the first service function instance is identified by the service function path, and the identifier of the flow and the first value are determined;

Sending the second packet to the first service function instance;

The flow classifier is a network device capable of communicating with one of the plurality of service function instances corresponding to the first service function in the service function chain, or the flow classifier is the service The first business function of the function chain.
The method according to claim 1, wherein before the receiving the flow table sent by the network control device, the method further comprises:

Sending, to the network control apparatus, a request for assigning an identifier of the flow to the flow, where the request includes information of the flow;

Receiving a response of the identifier of the flow that is allocated by the network control device to the flow, where the response includes an identifier of the flow, where the identifier of the flow is different from the information of the flow.
The method according to claim 1, wherein the identifier of the flow and the first value determine a network address of the first service function instance, and the method includes:

The flow classifier searches for, in the flow distribution publication, an entry matching the service function path identifier and the first value in the flow distribution publication by using the service function path identifier and the first value as a search key, the flow score The entry in the publication that matches the service function path identifier and the first value includes the first service function and a network address of multiple service function instances corresponding to the first service function, or the flow distribution is published. The entry that matches the service function path identifier and the first value includes a network address of the next service function and multiple service function instances corresponding to the next service function;

Determining, by the service function path identifier and the identifier of the flow, a plurality of service function instances included in the entry that matches the service function path identifier and the first value in the flow distribution Determining a network address of the first service function instance in the network address;

or,

Determining, by the traffic classifier, the first service function and the location by using the service function path identifier and the first value a network address of the plurality of service function instances corresponding to the first service function, or a network address of the next service function and multiple service function instances corresponding to the next service function;

Determining, by the service function path identifier and the identifier of the flow, a hash key, and determining, by the first service function or a network address of multiple service function instances corresponding to the next service function, a first service function instance website address.
The method according to claim 1, wherein the service header is an NSH network service header, and the location of the identifier of the flow in the service header includes:

When the value of the MD-type field in the service header is equal to 0x2, the service header includes a TLV-Class, and the TLV-Class includes a Type Code and an identifier of the stream, where the Type Code is used to indicate the The TLV-Class carries the identifier of the stream;

or,

When the value of the MD-type field in the service header is equal to 0x1, the Mandatory Context Header in the service header carries the identifier of the flow.
A flow classifier, wherein the flow classifier is a network device capable of communicating with one of a plurality of service function instances corresponding to a first service function in a service function chain, or the flow classification The first business function of the service function chain, the flow classifier includes:

a receiving unit, configured to receive a flow table sent by the network control device, and obtain a first packet, where the flow table includes a rule of the flow, information of the service function chain to which the flow is bound, and the network control device And the identifier of the service function chain, where the information of the service function chain includes a service index, a service function path identifier corresponding to the service function chain, and a network of multiple service function instances corresponding to the first service function of the service function chain. The address, and the tunnel information of the multiple service function instances, or the information of the service function chain includes a service index, a service function path identifier corresponding to the service function chain, and a first service function of the service function chain a network address of a plurality of service function instances corresponding to a service function, and tunnel information of the plurality of service function instances, where the service index is a lifetime value of the service function chain, and the lifetime time value is equal to the service function chain The number of business functions included;

a processing unit, configured to determine that the first packet obtained by the receiving unit matches the flow table, and encapsulate the first packet into a second packet, where the second packet includes a service header and a tunnel header The service header includes the service function path identifier, the identifier of the flow, and a first value, where the first value is equal to the service index minus 1, and the tunnel header is generated based on the tunnel information. The network header includes a network address of the first service function instance, where the first service function instance is one of the multiple service function instances, and the first service function instance is an Internet protocol or multimedia access. The control address is identified by the service function path, and the identifier of the flow and the first value are determined;

And a sending unit, configured to send the second packet to the first service function instance determined by the processing unit.
The stream classifier according to claim 5, wherein the processing unit is further configured to:

Sending, to the network control apparatus, a request for assigning an identifier of the flow to the flow, where the request includes information of the flow;

Receiving a response of the identifier of the flow that is allocated by the network control device to the flow, where the response includes an identifier of the flow, where the identifier of the flow is different from the information of the flow.
The stream classifier according to claim 5, wherein the network address of the first service function instance is identified by the service function path, the identifier of the stream and the processing unit determined by the first value ,include:

The processing unit is configured to: in the flow distribution publication, look up an entry matching the service function path identifier and the first value by using the service function path identifier and the first value as a search key, The flow of the publication and the business The entry with the energy path identifier and the first value matching includes the first service function and a network address of multiple service function instances corresponding to the first service function, or the traffic distribution and the service The function path identifier and the entry matching the first value include a network address of the next service function and multiple service function instances corresponding to the next service function, and the service function path identifier and the flow Determining, as a lookup key, determining, by the network address of the plurality of service function instances included in the entry that matches the service function path identifier and the first value in the flow distribution, determining the first service function instance website address;

or,

The processing unit is configured to determine, by the service function path identifier and the first value, a network address of the first service function and multiple service function instances corresponding to the first service function, or the next one a service function and a network address of the plurality of service function instances corresponding to the next service function, where the service function path identifier and the identifier of the stream are hash keys, from the first service function or the next service function The network address of the first service function instance is determined in the network address of the corresponding multiple service function instances.
The stream classifier according to claim 5, wherein the processing unit is further configured to:

In the case that the service header is an NSH network service header, when the value of the MD-type field in the service header is equal to 0x2, the service header includes a TLV-Class, and the TLV-Class includes a Type Code and a An identifier of the flow, the Type Code is used to indicate that the TLV-Class carries an identifier of the flow;

or,

In the case that the service header is an NSH network service header, when the value of the MD-type field in the service header is equal to 0x1, the Mandatory Context Header in the service header carries the identifier of the flow.
A packet processing method, where the method is performed by a first service function instance corresponding to a first service function of a service function chain, where the method includes:

Receive a second packet forwarded by the first service function instance corresponding to the previous service function of the first service function in the service classifier, where the service header in the second packet includes the service a service function path identifier corresponding to the function chain, an identifier of the stream allocated by the network control device, and a first value, where the first value is equal to the service index minus 1, and the tunnel header in the second packet includes the first service function And corresponding to the network address of the first service function instance, where the second packet includes a first packet, where the service index is a lifetime value of the service function chain, and the lifetime time value is equal to that included in the service function chain. The number of business functions;

Determining, according to the service function path identifier, the identifier of the flow and the first value, determining a network address of a second service function instance corresponding to a next service function of the first service function;

Performing service processing on the first packet according to the service header in the second packet;

The first packet is encapsulated into a third packet, and the service header in the third packet includes the service function path identifier, the identifier of the stream, and a second value, where the second value is equal to the The first value is decremented by 1. The tunnel header in the third packet includes a network address of the second service function instance corresponding to a next service function of the first service function, and a network of the second service function instance. The address is identified by the service function path, and the identifier of the flow and the second value are determined;

Sending the third packet to the second service function instance.
The method of claim 9 further comprising:

Receiving, by the service function path identifier of the flow application, the service index, and tunnel information of multiple service function instances corresponding to a next service function of the first service function selected for the identifier of the flow Information Sheet.
The method of claim 9 wherein said traffic function path identifies said stream The identifier and the second value determine a network address of the second service function instance, including:

The entry that matches the service function path identifier and the second value in the flow distribution publication with the service function path identifier and the second value as a lookup key includes the next one of the first service function a service function, and a network address of multiple service function instances corresponding to the next service function;

Determining, by the service function path identifier and the identifier of the flow, the plurality of service functions included in the entry that matches the service function path identifier and the second value in the distribution publication Determining a network address of the second service function instance in the network address of the instance;

or,

Determining, by the service function path identifier and the second value, a next service function of the first service function, and a network address of multiple service function instances corresponding to the next service function;

The network function address of the second service function instance is determined from the network address of the multiple service function instances corresponding to the next service function by using the service function path identifier and the identifier of the flow as a hash key.
An example of a service function, where the service function instance is a first service function instance corresponding to a first service function of a service function chain, and includes:

a receiving unit, configured to receive a second packet forwarded by the first service function instance corresponding to the previous service function of the first service function in the service classifier, and the service in the second packet The header includes a service function path identifier corresponding to the service function chain, an identifier of the stream allocated by the network control device, and a first value, where the first value is equal to the service index minus 1, and the tunnel header in the second packet includes a network address of the first service function instance corresponding to the first service function, where the second packet includes a first packet, where the service index is a lifetime value of the service function chain, and the lifetime time value is equal to the service function chain. The number of business functions contained on;

a processing unit, configured to determine, according to the service function path identifier that is received by the receiving unit, the identifier of the stream and the first value determine a second service function instance corresponding to a next service function of the first service function The network address is processed according to the service header in the second packet received by the receiving unit, and the first packet is encapsulated into a third packet, where the first packet is encapsulated into a third packet. The traffic header in the third packet includes the service function path identifier, the identifier of the flow, and the second value, where the second value is equal to the first value minus 1, and the tunnel header in the third packet includes The network address of the second service function instance corresponding to the next service function of the first service function, the network address of the second service function instance is identified by the service function path, the identifier of the flow and the The second value is determined;

And a sending unit, configured to send the third packet to the second service function instance determined by the processing unit.
The service function instance according to claim 12, further comprising:

The receiving unit is further configured to receive, according to the service function path identifier of the flow application, the service index, and a next service function corresponding to the first service function selected for the identifier of the flow Information table of tunnel information for business function instances.
The service function instance according to claim 12, wherein the identifier of the flow and the second value determine a processing unit of a network address of the second service function instance, include:

The processing unit is further configured to: use the service function path identifier and the second value as a search key to search for a table item that matches the service function path identifier and the second value in a stream distribution publication. a next service function of the first service function, and a network address of the plurality of service function instances corresponding to the next service function, where the service function path identifier and the identifier of the stream are search keywords, Determining, in the network address of the plurality of service function instances included in the entry that matches the service function path identifier and the second value, the network address of the second service function instance;

or,

The processing unit is further configured to determine, by the service function path identifier and the second value, a next service function of the first service function, and a network of multiple service function instances corresponding to the next service function. The address is determined by using the service function path identifier and the identifier of the flow as a hash key, and determining a network address of the second service function instance from the network addresses of the multiple service function instances corresponding to the next service function.