WO2021082879A1 - Method for transmitting multicast message, and related apparatus - Google Patents

Method for transmitting multicast message, and related apparatus Download PDF

Info

Publication number
WO2021082879A1
WO2021082879A1 PCT/CN2020/119847 CN2020119847W WO2021082879A1 WO 2021082879 A1 WO2021082879 A1 WO 2021082879A1 CN 2020119847 W CN2020119847 W CN 2020119847W WO 2021082879 A1 WO2021082879 A1 WO 2021082879A1
Authority
WO
WIPO (PCT)
Prior art keywords
header
multicast message
icv
node
destination
Prior art date
Application number
PCT/CN2020/119847
Other languages
French (fr)
Chinese (zh)
Inventor
谢经荣
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2021082879A1 publication Critical patent/WO2021082879A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast

Definitions

  • This application relates to the field of communication technology, and more specifically, to a method and related devices for transmitting multicast packets.
  • the authentication header (Authentication Header, AH) can provide connectionless integrity, data source authentication and anti-replay protection services. AH can be used alone or in conjunction with Internet Protocol (IP) Encapsulating Security Payload (ESP).
  • IP Internet Protocol
  • ESP Encapsulating Security Payload
  • Integrity Check Value is an important field in AH.
  • the ICV field needs to include the IP header when calculating.
  • the message needs to pass through one or more intermediate nodes during the transmission process, and the destination IP address in the IP header of the message may change during the transmission process.
  • the intermediate node forwards the message, it needs to re-use the IP address of the next node to calculate ICV and update the ICV in AH. This will increase the burden on the intermediate node, and the intermediate node also needs to store the key information needed to calculate the ICV.
  • the present application provides a method and related device for transmitting multicast messages, which can reduce the burden of intermediate devices in the network.
  • an embodiment of the present application provides a method for transmitting a multicast packet, including: a network device receives a first multicast packet sent by a source device; the network device determines an authentication header according to the first Internet Protocol IP header The integrity check value ICV in part AH, where the first IP header is obtained by replacing the destination address field of the second IP header with a preset value, and the destination IP address in the second IP header is the same as The preset value is different; the network device encapsulates the first multicast message to obtain a second multicast message, where the second multicast message includes the second IP header, the AH, and the first multicast message. Multicast message; sending the second multicast message to the destination device.
  • the destination IP address of ICV in AH is replaced with a preset value during calculation.
  • the intermediate device in the network does not need to recalculate the ICV when forwarding the first multicast packet. In this way, the burden on intermediate equipment can be reduced.
  • the intermediate device does not need to store information such as the key used to calculate the ICV. In this way, the storage space of intermediate devices can be saved.
  • the method further includes: the network device acquiring instruction information, where the instruction information is used to instruct to replace the second IP header with the preset value The ICV is determined after the destination address field.
  • the network device can directly determine whether to replace the destination IP address with a preset value according to the instruction information.
  • the length of the preset value is the same as the length of the destination IP address in the second IP header.
  • the above technical solution has minor changes to the ICV calculation method, which is convenient for the implementation of existing network equipment.
  • the network device when calculating the ICV, the network device only needs to use the preset value with the same length as the destination IP address to replace the destination IP address to calculate the ICV, and there is no need to redesign a specific calculation method.
  • the preset value may consist of multiple 0s, and the number of 0s is the same as the length of the destination IP address. For example, if the destination IP address in the second IP header is an IPv4 address, the preset value may be 32 zeros. If the destination IP address in the second IP header is an IPv6 address, the preset value may be 128 zeros.
  • the network device encapsulates the first multicast message to obtain the second multicast message, including: the network device uses a bit index-based The Internet Protocol version 6 encapsulation of the display copy encapsulates the first multicast message to obtain the second multicast message; or the network device encapsulates the first multicast message based on IP headend replication to obtain The second multicast message.
  • an embodiment of the present application provides a method for transmitting a multicast packet.
  • the method includes: a first network device receives a second multicast packet sent by a second network device, and the second multicast packet includes the first network device. 2.
  • the destination IP address in the second IP header is different from the preset value; the first network device determines that the second ICV is Whether the first ICV is the same, where the second ICV is the ICV in the AH; when the second ICV is the same as the first ICV, the first network device sends the first multicast packet to the destination device.
  • the destination IP address of ICV in AH is replaced with a preset value during calculation.
  • the intermediate device in the network does not need to recalculate the ICV when forwarding the first multicast packet. In this way, the burden on intermediate equipment can be reduced.
  • the intermediate device does not need to store information such as the key used to calculate the ICV. In this way, the storage space of the intermediate device can be saved.
  • the method further includes: the first network device obtains instruction information, the instruction information is used to instruct to replace the second IP header with the preset value
  • the first ICV is determined after the destination address field.
  • the network device can directly determine whether to replace the destination IP address with a preset value according to the instruction information.
  • the length of the preset value is the same as the length of the destination IP address in the second IP header.
  • the above technical solution has minor changes to the ICV calculation method, which is convenient for the implementation of existing network equipment.
  • the network device when calculating the ICV, the network device only needs to use the preset value with the same length as the destination IP address to replace the destination IP address to calculate the ICV, and there is no need to redesign a specific calculation method.
  • the preset value may consist of multiple 0s, and the number of 0s is the same as the length of the destination IP address. For example, if the destination IP address in the second IP header is an IPv4 address, the preset value may be 32 zeros. If the destination IP address in the second IP header is an IPv6 address, the preset value may be 128 zeros.
  • the second multicast message is a multicast message encapsulated in Internet Protocol version 6 of the display replication based on a bit index; or the second multicast The message is a multicast message encapsulated based on IP head-end replication.
  • an embodiment of the present application provides a communication device, which may be a network device used to implement the method design in the second aspect described above, or a chip system set in the network device.
  • the communication device includes a processor, which is coupled to a memory, and can be used to execute instructions in the memory to implement the first aspect or the method in any one of the possible implementation manners of the first aspect.
  • the communication device further includes a memory.
  • the communication device further includes a communication interface, and the processor is coupled with the communication interface.
  • the communication interface may be a transceiver, or an input/output interface.
  • the communication interface may be an input/output interface.
  • the processor may be a logic circuit
  • the transceiver may be a transceiver circuit
  • the input/output interface may be an input/output circuit
  • an embodiment of the present application provides a communication device.
  • the communication device may be a network device used to implement the method design in the second aspect described above, or a chip system set in the network device.
  • the communication device includes a processor, which is coupled to a memory, and can be used to execute instructions in the memory to implement the second aspect or the method in any one of the possible implementation manners of the second aspect.
  • the communication device further includes a memory.
  • the communication device further includes a communication interface, and the processor is coupled with the communication interface.
  • the communication interface may be a transceiver, or an input/output interface.
  • the communication interface may be an input/output interface.
  • the processor may be a logic circuit
  • the transceiver may be a transceiver circuit
  • the input/output interface may be an input/output circuit
  • the transceiver may be a transceiver circuit.
  • the input/output interface may be an input/output circuit.
  • an embodiment of the present application provides a network device, including a transceiver and a processor.
  • the network device further includes a memory.
  • the processor is used to control the transceiver to send and receive signals
  • the memory is used to store a computer program
  • the processor is used to call and run the computer program from the memory, so that the network device executes any one of the above-mentioned method designs of the first aspect. The method in the implementation mode.
  • an embodiment of the present application provides a network device, including a transceiver and a processor.
  • the network device further includes a memory.
  • the processor is used to control the transceiver to send and receive signals
  • the memory is used to store a computer program
  • the processor is used to call and run the computer program from the memory, so that the network device executes any one of the above-mentioned method designs of the second aspect. The method in the implementation mode.
  • an embodiment of the present application provides a computer program product, the computer program product includes: computer program code, when the computer program code runs on a computer, the computer executes any of the method designs in the first aspect above One possible implementation method.
  • an embodiment of the present application provides a computer program product, the computer program product comprising: computer program code, when the computer program code runs on a computer, the computer executes any of the method designs in the second aspect above One possible implementation method.
  • an embodiment of the present application provides a computer-readable medium, the computer-readable medium stores program code, and when the computer program code runs on a computer, the computer executes the method design of the first aspect. Any one of the possible implementation methods.
  • an embodiment of the present application provides a computer-readable medium, the computer-readable medium stores program code, and when the computer program code runs on a computer, the computer executes the method design of the second aspect. Any one of the possible implementation methods.
  • Figure 1 is a schematic diagram of a network scenario.
  • Figure 2 is a schematic diagram of packet encapsulation using IP head-end duplication and using AH.
  • FIG. 3 is a schematic flowchart of a method for transmitting multicast packets according to an embodiment of the present application.
  • Figure 4 is a schematic diagram of BIERv6 multicast packet encapsulation using AH.
  • Fig. 5 is a method for transmitting multicast packets provided by an embodiment of the present application.
  • Fig. 6 is a method for transmitting multicast packets provided by an embodiment of the present application.
  • FIG. 7 is a schematic structural block diagram of a communication device provided by an embodiment of the present application.
  • FIG. 8 is a schematic structural block diagram of a communication device provided by an embodiment of the present application.
  • Fig. 9 is a structural block diagram of a network device provided by an embodiment of the present invention.
  • datagrams, data messages, messages, data packets, and packets can sometimes be used together. It should be noted that the meanings to be expressed are the same when the differences are not emphasized.
  • the network device and node may be a router or a network device with routing function.
  • the subscript sometimes as W 1 may form a clerical error at non-target as W1, while not emphasize the difference, to express their meaning is the same.
  • header for example, BIER header, IP header, etc.
  • header for example, BIER header, IP header, etc.
  • references described in this specification to "one embodiment” or “some embodiments”, etc. mean that one or more embodiments of the present application include a specific feature, structure, or characteristic described in conjunction with the embodiment. Therefore, the sentences “in one embodiment”, “in some embodiments”, “in some other embodiments”, “in some other embodiments”, etc. appearing in different places in this specification are not necessarily All refer to the same embodiment, but mean “one or more but not all embodiments” unless it is specifically emphasized otherwise.
  • the terms “including”, “including”, “having” and their variations all mean “including but not limited to”, unless otherwise specifically emphasized.
  • At least one refers to one or more, and “multiple” refers to two or more.
  • “And/or” describes the association relationship of the associated objects, indicating that there can be three relationships, for example, A and/or B, which can mean: A alone exists, A and B exist at the same time, and B exists alone, where A, B can be singular or plural.
  • the character “/” generally indicates that the associated objects before and after are in an “or” relationship.
  • the following at least one item (a)” or similar expressions refers to any combination of these items, including any combination of a single item (a) or a plurality of items (a).
  • at least one item (a) of a, b, or c can mean: a, b, c, ab, ac, bc, or abc, where a, b, and c can be single or multiple .
  • Bit Indexed Display Replication Bit Indexed Explicit Replication, BIER
  • BIER technology is a bit-based multicast replication technology.
  • Each edge node of the BIER technology-based network (hereinafter referred to as the BIER network) will be configured with a BIER Forwarding Router (BFR)-Identifier (ID).
  • BFR-ID can be a value greater than or equal to 1 and less than or equal to 256.
  • the configuration information of the edge node will be flooded in the network.
  • the interior gateway protocol Interior Gateway Protocol, IGP
  • the configuration information of the edge node may also be referred to as BIER information.
  • Each node in the BIER network can determine the corresponding node according to the BFR-ID.
  • the nodes in the BIER network establish a forwarding table through the flooded BIER information, and use the established forwarding table to forward the BIER-encapsulated multicast data message.
  • BIER Internet Protocol version 6 Internet Protocol version 6, IPv6 encapsulation is a BIER encapsulation method.
  • BIER IPv6 encapsulation can be referred to as BIERv6 encapsulation for short.
  • the basic principle of BIERv6 encapsulation is to use a multicast data message as an IPv6 payload.
  • the multicast data message may be an Internet Protocol version 4 (IPv4) message or an IPv6 message.
  • IPv4 Internet Protocol version 4
  • IPv6 IPv6 message
  • a BIERv6 multicast message can include an IPv6 header and a BIER header.
  • the BIER header includes a bit string (BitString) field.
  • the length of the bit string field can be 64, 128, 256, and so on.
  • Each bit in the bit string can be used to identify a BIER Forwarding Edge Router (BFER).
  • BFER BIER Forwarding Edge Router
  • Figure 1 is a schematic diagram of a network scenario.
  • the network 100 includes six nodes, namely node A, node B, node C, node D, node E, and node F.
  • node A, node D, node E, and node F are BFERs.
  • the messages mentioned in the description of Figure 1 are all BIERv6 multicast messages.
  • the BFR-ID of node A is 4, the BFR-ID of node D is 1, the BFR-ID of node E is 2, and the BFR-ID of node F is 3.
  • Nbr in Table 1 represents neighbors (Neirgbor, Nbr), and FBM represents forwarding bit mask (BFM).
  • BFM forwarding bit mask
  • the first entry shown in Table 1 indicates that when the bit string of the message received by node A from right to left, any one of the first, second, and third bits has a value of 1. , The message will be forwarded to Node B.
  • the second entry shown in Table 1 indicates that when the fourth bit value of the bit string of the message received by node A from right to left is 1, the message will be sent to node A. In this case, node A will remove the BIER header of the message and forward it according to the original multicast message of the message.
  • Node B can create forwarding entries as shown in Table 2.
  • each table item shown in Table 2 is similar to the meaning of each table item in Table 1.
  • the first entry shown in Table 2 indicates that when the bit string of the message received by node B is counted from right to left, any one of the first and second bits has a value of 1, The message will be forwarded to node C.
  • the second entry shown in Table 2 indicates that when the value of the third bit in the bit string of the message received by node B from right to left is 1, the message will be forwarded to node E.
  • the third entry shown in Table 2 indicates that when the value of the fourth bit in the bit string of the message received by node B from right to left is 1, the message will be forwarded to node A.
  • Node C can create forwarding entries as shown in Table 3.
  • each table item shown in Table 3 is similar to the meaning of each table item in Table 1.
  • the first entry shown in Table 3 indicates that when the bit string of the message received by node C is counted from right to left, the first bit value is 1, the message will be forwarded to node D .
  • the second entry shown in Table 2 indicates that when the second bit value of the bit string of the message received by node B from right to left is 1, the message will be forwarded to node F.
  • the third entry shown in Table 2 indicates that when the value of the third bit in the bit string of the message received by node B from right to left is 1, the message will be forwarded to node E.
  • the fourth entry shown in Table 2 indicates that when the value of the fourth bit in the bit string of the message received by node B from right to left is 1, the message will be forwarded to node B.
  • Node E can create forwarding entries as shown in Table 4.
  • the first entry shown in Table 4 indicates that when the bit string of the message received by node E is counted from right to left, any one of the first and second bits is 1. , The message will be forwarded to node C.
  • the second entry shown in Table 4 indicates that when the value of the third bit in the bit string of the message received by node B from right to left is 1, the message will be forwarded to node E. In this case, node E will remove the BIER header of the message and forward it according to the original multicast message of the message.
  • the third entry shown in Table 4 indicates that when the value of the fourth bit in the bit string of the message received by node B from right to left is 1, the message will be forwarded to node B.
  • Node D can create forwarding entries as shown in Table 5.
  • the first entry shown in Table 5 indicates that when the bit string of the message received by node D is counted from right to left, the first bit value is 1, the message will be forwarded to node D .
  • node D will remove the BIER header of the message and forward it according to the original multicast message of the message.
  • the second entry indicates that when the bit string of the message received by node D is counted from right to left, any one of the second, third, and fourth bits is 1. , The message will be forwarded to node C.
  • Node F can create forwarding entries as shown in Table 6.
  • the first entry shown in Table 6 indicates that when the bit string of the message received by node D is counted from right to left, any one of the first, third, and fourth bits is At 1, the message will be forwarded to node C.
  • the second entry shown in Table 6 indicates that when the second bit value of the bit string of the message received by node F from right to left is 1, the message will be forwarded to node F. In this case, node F will remove the BIER header of the message and forward it according to the original multicast message of the message.
  • Node A receives IPv4 multicast packets or IPv6 multicast packets (hereinafter referred to as IP multicast) from hosts or network devices (such as Customer Edge (CE) devices) Message).
  • IP multicast IPv4 multicast packets or IPv6 multicast packets
  • CE Customer Edge
  • Node A encapsulates the IP multicast message based on BIERv6 to obtain the BIERv6 multicast message.
  • node A determines that the bit string in the BIER header of the BIERv6 multicast message is 0101.
  • Node A forwards according to the forwarding table shown in Table 1. According to the forwarding table shown in Table 1, node A will send the encapsulated message to node B. Therefore, node A can determine that the destination IP address in the IPv6 header of the BIERv6 multicast message is the IPv6 address of node B, and the source IP address is the IPv6 address of node A.
  • the IPv6 header of the BIERv6 multicast message referred to in the embodiments of the present application refers to the IPv6 header obtained after BIERv6 encapsulation of the received IP multicast message, rather than the IPv6 multicast message header.
  • the IPv6 header of the BIERv6 multicast message may also be referred to as the outer IPv6 header or the outer IP header of the BIERv6 multicast message.
  • the destination address in the outer IP header can be called the outer IP destination address or the outer destination address, and the source address in the outer IP header can be called the outer source address or the outer source IP address.
  • the IP header of the IPv6 multicast message that needs to be encapsulated may also be referred to as an inner IP header, an inner IPv4 header, and an inner IPv6 header.
  • the destination address in the inner IP header can be called the inner IP destination address or the inner destination address
  • the source address in the inner IP header can be called the inner IP source address or the inner source address.
  • node B After node B receives the BIERv6 multicast message from node A, it can determine that the BIERv6 multicast message is sent to itself according to the destination IP address in the outer IP header of the BIERv6 multicast message. In this case, node B can determine the need to send the BIERv6 multicast from node A to node C and according to the bit string in the BIER header of the BIERv6 multicast message and the forwarding table shown in Table 2. Node E.
  • Node B replaces the bit string in the BIER header of the BIERv6 multicast message from node A with the result obtained after the sum operation (that is, 0001).
  • node B replaces the destination IP address in the outer IP header of the BIERv6 multicast message from node A with the IPv6 address of node C.
  • Node B sends the BIERv6 multicast message modified with the destination address in the outer IP header and the bit string in the BIER header to node C.
  • Node B replaces the bit string in the BIER header of the BIERv6 multicast message from node A with the result obtained after the sum operation (that is, 0100).
  • node B replaces the destination IP address in the outer IP header of the BIERv6 multicast message from node A with the IPv6 address of node E.
  • Node B sends the BIERv6 multicast packet modified with the destination address in the outer IP header and the bit string in the BIER header to node E.
  • node E After node E receives the message from node B, it can determine that the BIERv6 multicast message is sent to itself according to the destination IP address in the outer IP header of the BIERv6 multicast message. In this case, the node E can determine that the message needs to be sent to the node E according to the bit string in the BIER header of the message and the forwarding table shown in Table 4. In this case, the node E will decapsulate the received message and forward it according to the inner IP multicast message of the message. For example, the node E may send the inner layer IP multicast packet to the host or CE device corresponding to the destination address according to the source and destination addresses of the inner layer IP multicast packet.
  • node C receives the BIERv6 multicast message from node B is similar to the operation after node B receives the BIERv6 multicast message from node A. For brevity, it will not be repeated here.
  • Node C will send the BIERv6 multicast packet modified with the destination IP address in the outer IP header and the bit string in the BIER header to node D.
  • the operation after receiving D receives the BIERv6 multicast message from node C is similar to the operation of node E receiving the BIERv6 multicast message from node B. For the sake of introduction, I will not repeat it here.
  • FIG. 4 is a schematic diagram of BIERv6 multicast packet encapsulation using AH.
  • node B sends a BIERv6 multicast message to node E, it also needs to recalculate the ICV in AH. This is because the ICV in the AH header of the BIERv6 multicast packet is calculated by including the outer destination address of the BIERv6 multicast packet.
  • the outer destination address of the BIERv6 multicast packet sent by node A to node B is the IPv6 address of node B
  • the outer destination address of the BIERv6 multicast packet sent by node B to node E is the IPv6 address of node E. Therefore, when node B forwards the BIERv6 multicast message from node A to node E, in addition to the outer destination address in the BIERv6 multicast message and the bit string in the BIER header, it also needs to modify the ICV. Node B and Node C need to store the secret key and other information needed to calculate ICV.
  • IP headend replication (Internet Protocol Ingress Replication) is another way to send multicast packets. Also take the network structure shown in Figure 1 as an example. Assume that node A needs to send the received IP multicast message to node E and node D. In this case, node A needs to encapsulate the received IP multicast packet with an IP header with the IP address of node A as the source address and the address of node E as the destination address (it can be called the outer IP header) . Send the encapsulated message to node E. Similarly, node A can encapsulate an outer IP header with the IP address of node A as the source address and the IP address of node D as the destination address for the received IP multicast packet. Send the encapsulated message to node D.
  • FIG 2 is a schematic diagram of packet encapsulation using IP head-end duplication and using AH.
  • node A can encapsulate the received IP multicast packet into four forms: a, b, c, or d.
  • node A when node A encapsulates the received IP multicast message, it also adds AH.
  • node A may encapsulate the received IP multicast message into a message shown in form a.
  • the message of form a includes an outer IP header, AH, and an inner IP multicast message.
  • the inner IP multicast packet is the IP multicast packet received by node A from the source device (for example, the host or CE device). Assuming that the message is sent to node E, the source IP address in the outer IP header is the IPv4 address of node A, and the destination address in the outer IP header is the IPv4 address of node E.
  • node A may encapsulate the received IP multicast message into a message shown in form b.
  • the message of form b includes: outer IPv6 header, AH, and inner IP multicast message.
  • the inner IP multicast packet is the IP multicast packet received by node A from the source device. Assuming that the message is sent to node E, the source IP address in the outer IPv6 header is the IPv6 address of node A, and the destination address in the outer IP header is the IPv6 address of node E.
  • node A may encapsulate the received IP multicast message into a message shown in form c.
  • the message of form c includes: outer IPv6 header, AH, Generic Routing Encapsulation (GRE) header, and inner IP multicast message.
  • the inner IP multicast packet is the IP multicast packet received by node A from the source device.
  • node A after node A receives the IP multicast packet from the source device, it can perform GRE encapsulation on the IP multicast packet and add the outer IPv6 header and GRE header, which are from the source device. IP multicast packets are used as the payload of GRE packets.
  • node A also needs to encapsulate AH into GRE packets.
  • the source IP address in the outer IPv6 header is the source address of the GRE tunnel
  • the destination IP address is the destination address of the GRE tunnel.
  • node A may encapsulate the received IP multicast message into a message shown in form d.
  • the message of form d includes: outer IPv6 header, AH, user data packet (User Datagram Protocol, UDP) header, Virtual Extensible Location Area Network (VXLAN) header, inner IP multicast message .
  • the inner IP packet is the IP multicast packet received by node A from the source device.
  • node A after node A receives the IP multicast packet from the source device, it can perform VXLAN encapsulation on the IP multicast packet, adding the outer IPv6 header, UDP header, and VXLAN header.
  • the IP multicast packet from the source device is used as the payload of the VXLAN packet.
  • node A also needs to encapsulate AH into VXLAN packets.
  • the source IP address in the outer IPv6 header is the IPv6 address of the source VXLAN tunnel end point (VXLAN Tunnel End Point, VTEP), and the destination IP address is the IPv6 address of the destination VTEP. If node A encapsulates the message to be sent to node E, the source VTEP is node A, and the destination VTEP is node E.
  • node A needs to calculate the ICV in AH according to different destination IP addresses.
  • the specific calculation method of ICV is as follows: use the IP header before the AH header and the value of the immutable or predictable part in the extended field, the AH header (ICV is set to 0), and all the information after the AH header.
  • the value of the variable part is set to zero.
  • the immutable parts include: version number (Version), Internet header length (Internet Header Length), total length (Total Length), protocol (Protocol), source address, destination address (not loose) Or strict source routing (without loose or strict source routing).
  • the predictable part includes: Destination address (loose or strict source routing).
  • Variable parts Differentiated Services Code Point (DSCP), Explicit Congestion Notification (ECN), Flags, Fragment Offset, Time to Live (TTL) And Header Checksum.
  • DSCP Differentiated Services Code Point
  • ECN Explicit Congestion Notification
  • Flags Fragment Offset
  • TTL Time to Live
  • Header Checksum Header Checksum
  • the immutable parts include: version number (Version), payload length (Payload Length), next header (Next Header), source address, destination address (without Routing Extension) Header)).
  • the predictable part includes the destination address (Routing Extension Header).
  • Variable parts DSCP, ECN, Flow Label (Flow Labe), Hop Limit (Hot Limit).
  • the IPv6 extension header (Extension Header) includes option extension headers (such as Hop-by-Hop Options Header and Destination Options Header) in some fields (such as options).
  • the data field (“Option Data” field) is set to 0 when calculating the ICV, and other fields (for example, Option Type and Option Data Length (Opt Data Len)) are included in the ICV when calculating the ICV.
  • the completeness algorithm used to calculate the ICV can be based on a symmetric encryption algorithm (such as Advanced Encryption Standard (AES)) with a keyed message authentication code (Message Authentication Code, MACs) or one-way hash Functions (such as message digest algorithm 5 (Message-Digest Algorithm 5, MD5), secure hash algorithm 1 (Secure Hash Algorithm 1, SHA-1), secure hash algorithm 256 (Secure Hash Algorithm 256, SHA-256), etc.) .
  • AES Advanced Encryption Standard
  • MACs message Authentication Code
  • one-way hash Functions such as message digest algorithm 5 (Message-Digest Algorithm 5, MD5), secure hash algorithm 1 (Secure Hash Algorithm 1, SHA-1), secure hash algorithm 256 (Secure Hash Algorithm 256, SHA-256), etc.
  • FIG. 3 is a schematic flowchart of a method for transmitting multicast packets according to an embodiment of the present application.
  • FIG. 3 is a description of the technical solution of the present application in conjunction with the system 100 shown in FIG. 1.
  • Node A receives a first multicast packet sent by a source device.
  • the first multicast message may be an IPv4 multicast message or an IPv6 multicast message, which is not limited in the embodiment of the present application.
  • the source device can be a host or a network device (for example, a CE device).
  • Node A determines the ICV in AH according to the first IP header.
  • the first IP header is the second IP header whose destination address is replaced with a preset value.
  • the second IP header is the IP header used when encapsulating the first multicast message. It is assumed that the multicast message obtained by encapsulating the first multicast message is a second multicast message, and the second IP header is the outer IP header of the second multicast message.
  • the preset value is a preset fixed value.
  • the preset value is different from the destination IP address in the second IP header.
  • the length of the preset value is the same as the length of the destination IP address in the second IP header. For example, if the destination IP address in the second IP header is an IPv4 address, the length of the preset value is 32 bits. If the destination IP address in the second IP header is an IPv6 address, the length of the preset value is 128 bits.
  • the length of the preset value is a length of K
  • K is a positive integer greater than or equal to 1.
  • K can be equal to 8, 16, 32, or 64, etc.
  • the preset value may be all zeros.
  • the preset value may be 128 zeros.
  • the default value can be 32 zeros.
  • the preset value may be all ones.
  • the preset value may be 128 ones.
  • the preset value can be 32 ones.
  • the preset value may be other types of preset values.
  • the preset value may be repeated 01.
  • the first 1/2 of the preset value is 0, and the last 1/2 is 1.
  • the destination IP address is an IPv6 address
  • the first 64 bits of the AND setting are 0, and the last 64 bits are 1.
  • the method for node A to calculate ICV is the same as the above method for calculating ICV, except that the destination IP address in the second IP header is replaced with a preset value.
  • Node A encapsulates the first multicast message to obtain a second multicast message, where the second multicast message includes a second IP header, AH, and the first multicast message.
  • Node A encapsulates the outer IP header and AH on the first multicast message to obtain the second multicast message.
  • the outer IP header is the second IP header
  • the ICV in the AH is the ICV determined in step 302.
  • Node A sends the second multicast packet to node B.
  • the destination devices of the second multicast message are node D and node E.
  • Node B sends the received second multicast packet to node C and node E.
  • Node C sends the received second multicast packet to node D.
  • step 306 does not distinguish between the multicast message received by node C from node B and the multicast message sent to node D.
  • Node D calculates ICV according to the first IP header.
  • the ICV determined in step 307 is referred to as the first ICV
  • the ICV determined in step 302 is referred to as the second ICV.
  • Node D calculates ICV in the same way as node A calculates ICV.
  • the node D determines whether the first ICV is the same as the second ICV. If the first ICV is the same as the second ICV, it means that the second multicast packet passes the integrity check. In this case, node D may decapsulate the second multicast message to obtain the first multicast message. Node D determines which device to send the first multicast message to according to the destination address of the first multicast message. If the first ICV is different from the second ICV, it means that the second multicast packet fails the integrity check. In this case, node D can directly delete the second multicast message.
  • the manner in which the node E processes the received second multicast message is the same as the manner in which the node D processes the received multicast message. For the sake of brevity, details are not repeated here.
  • the method shown in Figure 3 can be applied to BIERv6.
  • the node A encapsulates the first multicast message to obtain the second multicast message, which may include: the node A uses BIERv6 to encapsulate the first multicast message to obtain The second multicast message.
  • the outer IP header of the second multicast packet (that is, the second IP header) is an IPv6 header.
  • the preset value may be 128 zeros or 128 ones or other types of preset values (for example, the first 64 bits are 0 and the last 64 bits are 1).
  • the node A encapsulates the first multicast message to obtain the second multicast message, which may include: the node A uses the IP headend to copy the first multicast message Encapsulate to obtain the second multicast message.
  • the second multicast message obtained by node A may be as shown in FIG. 2.
  • the preset value may be 32 0, 32 1 or 32 other types of preset values (for example, The first 16 bits are 0, and the last 16 bits are 1).
  • the preset value may be 128 zeros or 128 ones, or 128 other types of preset values.
  • the intermediate devices in the network may not need to modify the multicast packet after receiving the multicast packet.
  • the ICV in the AH of the multicast packet In this way, the intermediate device in the network does not need to store information such as the secret key required to calculate the ICV, nor does it need to calculate the ICV, thereby reducing the workload of the intermediate device.
  • the node A may obtain an indication information.
  • the indication information is used to indicate whether the preset value can be used to replace the destination IP address in the outer IP header to calculate the ICV.
  • the value of the indication information may be true or false. If the value of the indication information is positive, the node A can use the preset value to calculate the ICV; if the value of the indication information is negative, the node A can use the destination IP address in the outer IP header to calculate the ICV.
  • the intermediate device and the target device in the network can also obtain the indication information. In this case, the intermediate device may determine whether to recalculate the ICV according to the instruction information when forwarding the message. When verifying the ICV, the destination device can also determine whether to use a preset value to replace the destination IP address in the outer IP header when calculating the ICV according to the instruction information.
  • the node A may obtain a piece of configuration information (for example, it may be a security association (Security Association, SA) or a security policy (Security Policy, SP), etc.).
  • the configuration information may include indication information for indicating whether the preset value can be used to replace the destination IP address in the outer IP header to calculate the ICV.
  • the indication information may also be referred to as an indication, or a destination address silent indication, etc.
  • the node A can determine whether to use a preset value to replace the destination IP address in the outer IP header to calculate the ICV according to the destination address silent indication in the SA or SP.
  • the intermediate device and the destination device in the network can also obtain the SA or SP.
  • the intermediate device may determine whether to recalculate the ICV according to the silent indication of the destination address in the SA or SP when forwarding the message.
  • the destination device can also determine whether to use a preset value to replace the destination IP address in the outer IP header when calculating the ICV according to the destination address silent indication in the SA or SP.
  • the following uses the first solution to represent the solution of calculating the ICV using a preset value instead of the destination IP address in the outer IP header, and using the second solution to represent the solution to calculate the ICV using the destination IP address in the outer IP header.
  • the node A may determine the number of destination devices. In other words, the node A determines the number of devices that need to receive and decapsulate the second multicast packet. If the node A determines that the number of destination devices is greater than or equal to 2, the node A can use the first scheme to calculate ICV. If the node A determines that the number of destination devices is 1, the node A can use the second scheme to calculate ICV. The node A may use a field in the outer IP header or AH or other headers of the second multicast packet to indicate the ICV calculation method of the second multicast packet.
  • the header of the second multicast packet may include an indication information (which may be called ICV calculation indication information), and the indication information is used to indicate whether the ICV is What is determined by the first scheme is determined by the second scheme.
  • the intermediate device can determine whether ICV needs to be recalculated according to the instruction information.
  • the destination device may also determine whether to replace the destination IP address in the outer IP header with a preset value when calculating the ICV according to the instruction information.
  • the network devices in the network can be directly configured to only use the first scheme to calculate ICV.
  • the network devices in the network will not use the second scheme to calculate ICV.
  • the source device that is, the node A in the method shown in FIG. 3
  • the intermediate device, and the destination device do not need to determine the method for calculating the ICV based on the configuration information or the instruction information.
  • Fig. 5 is a method for transmitting multicast packets provided by an embodiment of the present application.
  • a network device receives a first multicast packet sent by a source device.
  • the source device can be a host or a CE device.
  • the network device determines the ICV in AH according to the first IP header, where the first IP header is obtained by replacing the destination address field of the second IP header with a preset value, and the second IP header The destination IP address in the section is different from the preset value.
  • the network device encapsulates the first multicast message to obtain a second multicast message, where the second multicast message includes the second IP header, the AH, and the first multicast message .
  • the network device encapsulates the outer IP header and AH on the first multicast message to obtain the second multicast message.
  • the outer IP header is the second IP header
  • the ICV in the AH is the ICV determined in step 502.
  • the destination device can be another network device.
  • the network device in the method shown in FIG. 5 may be the node A in the method shown in FIG. 3.
  • Fig. 6 is a method for transmitting multicast packets provided by an embodiment of the present application.
  • a first network device receives a second multicast packet sent by a second network device, where the second multicast packet includes a second Internet Protocol IP header, an authentication header AH, and a first multicast packet.
  • the first network device determines the first ICV according to the first IP header, where the first IP header is obtained after replacing the destination address field of the second IP header with a preset value. 2.
  • the destination IP address in the IP header is different from the preset value.
  • the first network device determines whether the second ICV is the same as the first ICV, where the second ICV is the ICV in the AH.
  • the first network device sends the first multicast packet to the destination device when the second ICV is the same as the first ICV.
  • the destination device can be a host or a network device (for example, a CE device).
  • the first network device in the method shown in FIG. 6 may be node D or node F in the method shown in FIG. 3. If the first network device is the node E in the method shown in FIG. 3, the second network device may be the node B in the method shown in FIG. 3. If the first network device is the node D in the method shown in FIG. 3, the second network device may be the node C in the method shown in FIG. 3.
  • the steps and beneficial effects of the method shown in FIG. 6 can be referred to the method shown in FIG. 3, which will not be repeated here.
  • FIG. 7 is a schematic structural block diagram of a communication device provided by an embodiment of the present application.
  • the communication device 700 shown in FIG. 7 may be the network device in the method shown in FIG. 5 or a component (such as a chip, a chip system, or a circuit, etc.) in the network device.
  • the communication device 700 shown in FIG. 7 may also be a node A or a component (such as a chip, a chip system, or a circuit, etc.) in the node A in the method shown in FIG. 3.
  • the communication device 700 includes a receiving unit 701, a processing unit 702, and a sending unit 703.
  • the receiving unit 701 is configured to receive the first multicast packet sent by the source device.
  • the processing unit 702 is configured to determine the integrity check value ICV in the authentication header AH according to the first Internet Protocol IP header, where the first IP header replaces the destination address field of the second IP header with a pre- After setting the value, the destination IP address in the second IP header is different from the preset value.
  • the processing unit 702 is further configured to encapsulate the first multicast message to obtain a second multicast message, where the second multicast message includes the second IP header, the AH, and the first multicast Message.
  • the sending unit 703 is configured to send the second multicast packet to the destination device.
  • processing unit 702 is further configured to obtain indication information, where the indication information is used to indicate to use the preset value to replace the destination address field of the second IP header to determine the ICV.
  • the length of the preset value is the same as the length of the destination IP address in the second IP header.
  • the processing unit 702 is specifically configured to encapsulate the first multicast packet based on BIERv6 to obtain the second multicast packet; or encapsulate the first multicast packet based on IP headend replication , To obtain the second multicast message.
  • the receiving unit 701 and the sending unit 703 may be implemented by a transceiver, and the processing unit 702 may be implemented by a processor.
  • the receiving unit 701 and the sending unit 703 can be implemented by an input/output interface or an input/output interface.
  • the processing unit 702 can be implemented by a logic circuit.
  • receiving unit 701, the processing unit 702, and the sending unit 703 can be referred to the embodiment shown in FIG. 3 or FIG. 5. For brevity, details are not repeated here.
  • FIG. 8 is a schematic structural block diagram of a communication device provided by an embodiment of the present application.
  • the communication apparatus 800 shown in FIG. 8 may be the first network device or a component (for example, a chip, a chip system, or a circuit, etc.) in the first network device in the method shown in FIG. 6.
  • the communication device 800 shown in FIG. 8 may also be a node D (or E) or a component (such as a chip, a chip system or a circuit, etc.) in the node D (or E) in the method shown in FIG. 3.
  • the communication device 800 includes a receiving unit 801, a processing unit 802, and a sending unit 803.
  • the receiving unit 801 is configured to receive a second multicast packet sent by a network device, where the second multicast packet includes a second Internet Protocol IP header, an authentication header AH, and a first multicast packet.
  • the processing unit 802 is configured to determine a first integrity check value ICV according to a first Internet Protocol IP header, where the first IP header is to replace the destination address field of the second IP header with a preset value Obtained later, the destination IP address in the second IP header is different from the preset value;
  • the processing unit 802 is further configured to determine whether the second ICV is the same as the first ICV, where the second ICV is the ICV in the AH.
  • the sending unit 803 is configured to send the first multicast packet to the destination device when the second ICV is the same as the first ICV.
  • the processing unit 802 is further configured to obtain indication information, where the indication information is used to instruct to determine the first ICV after replacing the destination address field of the second IP header with the preset value.
  • the length of the preset value is the same as the length of the destination IP address in the second IP header.
  • the second multicast message is a multicast message encapsulated based on BIERv6; or the second multicast message is a multicast message encapsulated based on IP headend replication.
  • the receiving unit 801 and the sending unit 803 may be implemented by a transceiver, and the processing unit 802 may Realized by the processor.
  • the communication device 800 is a component in the first network device in the method shown in FIG. 6 or a component in the node D (or E) in the method shown in FIG.
  • the output interface or input/output circuit is implemented, and the processing unit 802 may be implemented by a logic circuit.
  • the specific functions and beneficial effects of the receiving unit 801, the processing unit 802, and the sending unit 803 can be referred to the embodiment shown in FIG. 3 or FIG.
  • Fig. 9 is a structural block diagram of a network device provided by an embodiment of the present invention.
  • the network device 900 includes a processor 901 and a memory 902.
  • the processor 901 may be used to process communication protocols and communication data, control network devices, execute software programs, and process data of software programs, and so on.
  • the memory 902 is mainly used to store software programs and data.
  • FIG. 9 For ease of description, only one memory and processor are shown in FIG. 9. In actual network equipment products, there may be one or more processors and one or more memories.
  • the memory may also be referred to as a storage medium or storage device.
  • the memory may be set independently of the processor, or may be integrated with the processor, which is not limited in the embodiment of the present application.
  • the circuit with the transceiver function can be regarded as the transceiver 903 of the network device, and the processor with the processing function can be regarded as the processing unit of the network device.
  • the transceiver may also be referred to as a transceiver unit, transceiver, transceiver, and so on.
  • the processing unit may also be called a processor, a processing board, a processing module, a processing device, and so on.
  • the device for implementing the receiving function in the transceiver 903 can be regarded as the receiving unit, and the device for implementing the sending function in the transceiver 903 as the sending unit, that is, the transceiver 903 includes a receiving unit and a sending unit.
  • the receiving unit may sometimes be called a receiver, a receiver, or a receiving circuit.
  • the transmitting unit may sometimes be called a transmitter, a transmitter, or a transmitting circuit.
  • the processor 901, the memory 902, and the transceiver 903 communicate with each other through internal connection paths to transfer control and/or data signals
  • the method disclosed in the foregoing embodiment of the present invention may be applied to the processor 901 or implemented by the processor 901.
  • the processor 901 may be an integrated circuit chip with signal processing capabilities.
  • the steps of the foregoing method may be completed by an integrated logic circuit of hardware in the processor 901 or instructions in the form of software.
  • the memory 902 may store instructions for executing the method executed by the node A in the method shown in FIG. 3.
  • the processor 901 can execute the instructions stored in the memory 902 in combination with other hardware (such as the transceiver 903) to complete the steps executed by the node A in the method shown in FIG. 1.
  • other hardware such as the transceiver 903
  • the memory 902 may store instructions for executing the method executed by the node D in the method shown in FIG. 3.
  • the processor 901 can execute the instructions stored in the memory 902 in combination with other hardware (for example, the transceiver 903) to complete the steps executed by the node D in the method shown in FIG. description.
  • the memory 902 may store instructions for executing the method executed by the node E in the method shown in FIG. 3.
  • the processor 901 can execute the instructions stored in the memory 902 in combination with other hardware (for example, the transceiver 903) to complete the steps executed by the node E in the method shown in FIG. 3.
  • other hardware for example, the transceiver 903
  • the memory 902 may store instructions for executing the method executed by the network device in the method shown in FIG. 5.
  • the processor 901 can execute the instructions stored in the memory 902 in combination with other hardware (for example, the transceiver 903) to complete the steps executed by the network device in the method shown in FIG. description.
  • the memory 902 may store instructions for executing the method executed by the first network device in the method shown in FIG. 6.
  • the processor 901 can execute the instructions stored in the memory 902 in combination with other hardware (for example, the transceiver 903) to complete the steps executed by the first network device in the method shown in FIG. 6.
  • other hardware for example, the transceiver 903
  • each step of the above method can be completed by an integrated logic circuit of hardware in the processor or instructions in the form of software.
  • the steps of the method disclosed in the embodiments of the present application may be directly embodied as being executed and completed by a hardware processor, or executed and completed by a combination of hardware and software modules in the processor.
  • the software module can be located in a mature storage medium in the field, such as random access memory, flash memory, read-only memory, programmable read-only memory, or electrically erasable programmable memory, registers.
  • the storage medium is located in the memory, and the processor reads the information in the memory and completes the steps of the above method in combination with its hardware. To avoid repetition, it will not be described in detail here.
  • the processor in the embodiment of the present application may be an integrated circuit chip with signal processing capability.
  • the steps of the foregoing method embodiments can be completed by hardware integrated logic circuits in the processor or instructions in the form of software.
  • the general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like.
  • the steps of the method disclosed in the embodiments of the present application can be directly embodied as being executed and completed by a hardware decoding processor, or executed and completed by a combination of hardware and software modules in the decoding processor.
  • the software module can be located in a mature storage medium in the field, such as random access memory, flash memory, read-only memory, programmable read-only memory, or electrically erasable programmable memory, registers.
  • the storage medium is located in the memory, and the processor reads the information in the memory and completes the steps of the above method in combination with its hardware.
  • the chip in the embodiment of the present application may be a field programmable gate array (FPGA), an application specific integrated circuit (ASIC), a system on chip (SoC), or It is a central processor unit (CPU), a network processor (NP), a digital signal processing circuit (digital signal processor, DSP), or a microcontroller (microcontroller unit). , MCU), it may also be a programmable logic device (PLD), other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components, or other integrated chips.
  • FPGA field programmable gate array
  • ASIC application specific integrated circuit
  • SoC system on chip
  • CPU central processor unit
  • NP network processor
  • DSP digital signal processing circuit
  • microcontroller unit microcontroller unit
  • MCU programmable logic device
  • PLD programmable logic device
  • the memory in the embodiments of the present application may be volatile memory or non-volatile memory, or may include both volatile and non-volatile memory.
  • the non-volatile memory can be read-only memory (ROM), programmable read-only memory (programmable ROM, PROM), erasable programmable read-only memory (erasable PROM, EPROM), and electrically available Erase programmable read-only memory (electrically EPROM, EEPROM) or flash memory.
  • the volatile memory may be random access memory (RAM), which is used as an external cache.
  • RAM random access memory
  • static random access memory static random access memory
  • dynamic RAM dynamic RAM
  • DRAM dynamic random access memory
  • synchronous dynamic random access memory synchronous DRAM, SDRAM
  • double data rate synchronous dynamic random access memory double data rate SDRAM, DDR SDRAM
  • enhanced synchronous dynamic random access memory enhanced SDRAM, ESDRAM
  • synchronous connection dynamic random access memory serial DRAM, SLDRAM
  • direct rambus RAM direct rambus RAM
  • the present application also provides a computer program product.
  • the computer program product includes: computer program code, which when the computer program code runs on a computer, causes the computer to execute FIG. 3, FIG. 5 or The method of any one of the embodiments shown in FIG. 6.
  • the present application also provides a computer-readable medium that stores program code, and when the program code runs on a computer, the computer executes FIG. 3, FIG. 5 or The method of any one of the embodiments shown in FIG. 6.
  • the present application also provides a system, which includes the aforementioned one or more network devices.
  • the disclosed system, device, and method may be implemented in other ways.
  • the device embodiments described above are merely illustrative, for example, the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components may be combined or It can be integrated into another system, or some features can be ignored or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
  • the functional units in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the function is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium.
  • the technical solution of the present application essentially or the part that contributes to the existing technology or the part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including Several instructions are used to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods described in the various embodiments of the present application.
  • the aforementioned storage media include: U disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disk and other media that can store program code .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Provided are a method for transmitting a multicast message, and a related apparatus. The method comprises: when calculating an integrity check value in an authentication header, a network device using an IP header obtained after a destination address field is replaced with a preset value. In the technical solution, when an integrity check value is calculated, a destination IP address is replaced with a preset value. Thus, during a multicast message transmission process, when forwarding a multicast message, an intermediate device in a network does not need to recalculate an integrity check value. Thus, the burden on the intermediate device can be reduced. Accordingly, the intermediate device also does not need to save information for calculating the integrity check value, such as a key. Thus, the storage space of the intermediate device can be saved.

Description

传输组播报文的方法和相关装置Method and related device for transmitting multicast message
本申请要求于2019年11月1日提交中国国家知识产权局、申请号为CN201911061134.3、发明名称为“用于传输组播数据报文的方法、设备及系统”的中国专利申请的优先权,以及要求于2019年12月31日提交中国国家知识产权局、申请号为CN201911416935.7、发明名称为“传输组播报文的方法和相关装置”,其全部内容通过引用结合在本申请中。This application claims the priority of a Chinese patent application filed with the State Intellectual Property Office of China, the application number is CN201911061134.3, and the invention title is "Methods, Equipment and System for Transmitting Multicast Data Messages" on November 1, 2019. , And required to be submitted to the State Intellectual Property Office of China on December 31, 2019, the application number is CN201911416935.7, and the title of the invention is "Method and Related Device for Multicast Message Transmission", the entire contents of which are incorporated into this application by reference .
技术领域Technical field
本申请涉及通信技术领域,更具体地,涉及传输组播报文的方法和相关装置。This application relates to the field of communication technology, and more specifically, to a method and related devices for transmitting multicast packets.
背景技术Background technique
认证头部(Authentication Header,AH)可以提供无连接的完整性、数据源认证和抗重放保护服务。AH可以单独使用,也可以和互联网协议(Internet Protocol,IP)封装安全载荷(Encapsulating Security Payload,ESP)联合使用。The authentication header (Authentication Header, AH) can provide connectionless integrity, data source authentication and anti-replay protection services. AH can be used alone or in conjunction with Internet Protocol (IP) Encapsulating Security Payload (ESP).
完整性校验值(Integrity Check Value,ICV)是AH中的一个重要字段。ICV字段在计算时需要包含IP头部。但是,在一些场景中,报文在传输过程中需要经过一个或多个中间节点,报文的IP头部中的目的IP地址在传输过程中会发生变化。在此情况下,中间节点在转发报文时,需要重新利用下一节点的IP地址计算ICV,并更新AH中的ICV。这样会增加中间节点的负担,并且中间节点还需要保存计算ICV所需的密钥信息。Integrity Check Value (ICV) is an important field in AH. The ICV field needs to include the IP header when calculating. However, in some scenarios, the message needs to pass through one or more intermediate nodes during the transmission process, and the destination IP address in the IP header of the message may change during the transmission process. In this case, when the intermediate node forwards the message, it needs to re-use the IP address of the next node to calculate ICV and update the ICV in AH. This will increase the burden on the intermediate node, and the intermediate node also needs to store the key information needed to calculate the ICV.
发明内容Summary of the invention
本申请提供一种传输组播报文的方法和相关装置,可以降低网络中的中间设备的负担。The present application provides a method and related device for transmitting multicast messages, which can reduce the burden of intermediate devices in the network.
第一方面,本申请实施例提供一种传输组播报文的方法,包括:网络设备接收源设备发送的第一组播报文;该网络设备根据第一互联网协议IP头部,确定认证头部AH中的完整性校验值ICV,其中该第一IP头部是对第二IP头部的目的地址字段替换为预设值后获得的,该第二IP头部中的目的IP地址与该预设值不同;该网络设备对该第一组播报文进行封装,得到第二组播报文,其中该第二组播报文包括该第二IP头部、该AH和该第一组播报文;向目的设备发送该第二组播报文。In a first aspect, an embodiment of the present application provides a method for transmitting a multicast packet, including: a network device receives a first multicast packet sent by a source device; the network device determines an authentication header according to the first Internet Protocol IP header The integrity check value ICV in part AH, where the first IP header is obtained by replacing the destination address field of the second IP header with a preset value, and the destination IP address in the second IP header is the same as The preset value is different; the network device encapsulates the first multicast message to obtain a second multicast message, where the second multicast message includes the second IP header, the AH, and the first multicast message. Multicast message; sending the second multicast message to the destination device.
上述技术方案中,AH中的ICV在计算时目的IP地址被替换为预设值。这样,在第一组播报文的传输过程中,网络中的中间设备在转发第一组播报文时不需要重新计算该ICV。这样,可以降低中间设备的负担。相应的,中间设备也不需要保存用于计算ICV的密钥等信息。这样,可以节省中间设备的存储空间。In the above technical solution, the destination IP address of ICV in AH is replaced with a preset value during calculation. In this way, during the transmission of the first multicast packet, the intermediate device in the network does not need to recalculate the ICV when forwarding the first multicast packet. In this way, the burden on intermediate equipment can be reduced. Correspondingly, the intermediate device does not need to store information such as the key used to calculate the ICV. In this way, the storage space of intermediate devices can be saved.
结合第一方面,在第一方面的一种可能的实现方式中,该方法还包括:该网络设备获取指示信息,其中该指示信息用于指示使用该预设值替换该第二IP头部的目的地址字段后确定该ICV。With reference to the first aspect, in a possible implementation of the first aspect, the method further includes: the network device acquiring instruction information, where the instruction information is used to instruct to replace the second IP header with the preset value The ICV is determined after the destination address field.
利用上述技术方案,该网络设备可以直接根据该指示信息确定是否使用预设值替换目的IP地址。Using the above technical solution, the network device can directly determine whether to replace the destination IP address with a preset value according to the instruction information.
结合第一方面,在第一方面的一种可能的实现方式中,该预设值的长度与该第二IP 头部中的目的IP地址的长度相同。With reference to the first aspect, in a possible implementation of the first aspect, the length of the preset value is the same as the length of the destination IP address in the second IP header.
上述技术方案对ICV的计算方式改动较小,便于现有网络设备的实现。换句话说,网络设备在计算ICV时只需要使用与目的IP地址长度相同的预设值替代目的IP地址来计算ICV,不需要重新进行设计具体的计算方法。The above technical solution has minor changes to the ICV calculation method, which is convenient for the implementation of existing network equipment. In other words, when calculating the ICV, the network device only needs to use the preset value with the same length as the destination IP address to replace the destination IP address to calculate the ICV, and there is no need to redesign a specific calculation method.
可选的,在一些实施例中,该预设值可以由多个0组成,该0的数目与目的IP地址的长度相同。例如,若该第二IP头部中的目的IP地址为IPv4地址,则该预设值可以为32个0。若该第二IP头部中的目的IP地址为IPv6地址,则该预设值可以是128个0。Optionally, in some embodiments, the preset value may consist of multiple 0s, and the number of 0s is the same as the length of the destination IP address. For example, if the destination IP address in the second IP header is an IPv4 address, the preset value may be 32 zeros. If the destination IP address in the second IP header is an IPv6 address, the preset value may be 128 zeros.
结合第一方面,在第一方面的一种可能的实现方式中,该网络设备对该第一组播报文进行封装,得到第二组播报文,包括:该网络设备使用基于位索引的显示复制的互联网协议第六版封装对该第一组播报文进行封装,得到该第二组播报文;或者该网络设备基于IP头端复制对该第一组播报文进行封装,得到该第二组播报文。With reference to the first aspect, in a possible implementation of the first aspect, the network device encapsulates the first multicast message to obtain the second multicast message, including: the network device uses a bit index-based The Internet Protocol version 6 encapsulation of the display copy encapsulates the first multicast message to obtain the second multicast message; or the network device encapsulates the first multicast message based on IP headend replication to obtain The second multicast message.
第二方面,本申请实施例提供一种传输组播报文的方法,该方法包括:第一网络设备接收第二网络设备发送的第二组播报文,该第二组播报文包括第二互联网协议IP头部、认证头部AH和第一组播报文;该第一网络设备根据第一互联网协议IP头部,确定的第一完整性校验值ICV,其中该第一IP头部是对该第二IP头部的目的地址字段替换为预设值后获得的,该第二IP头部中的目的IP地址与该预设值不同;该第一网络设备判断第二ICV与该第一ICV是否相同,其中该第二ICV是该AH中的ICV;该第一网络设备在该第二ICV与该第一ICV相同时,将该第一组播报文发送至目的设备。In a second aspect, an embodiment of the present application provides a method for transmitting a multicast packet. The method includes: a first network device receives a second multicast packet sent by a second network device, and the second multicast packet includes the first network device. 2. The Internet Protocol IP header, the authentication header AH and the first multicast message; the first integrity check value ICV determined by the first network device according to the first Internet Protocol IP header, wherein the first IP header The part is obtained after replacing the destination address field of the second IP header with a preset value. The destination IP address in the second IP header is different from the preset value; the first network device determines that the second ICV is Whether the first ICV is the same, where the second ICV is the ICV in the AH; when the second ICV is the same as the first ICV, the first network device sends the first multicast packet to the destination device.
上述技术方案中,AH中的ICV在计算时目的IP地址被替换为预设值。这样,在第一组播报文的传输过程中,网络中的中间设备在转发第一组播报文时不需要重新计算该ICV。这样,可以降低中间设备的负担。相应的,中间设备也不需要保存用于计算ICV的密钥等信息。这样,可以节省中间设备的存储空间。In the above technical solution, the destination IP address of ICV in AH is replaced with a preset value during calculation. In this way, during the transmission of the first multicast packet, the intermediate device in the network does not need to recalculate the ICV when forwarding the first multicast packet. In this way, the burden on intermediate equipment can be reduced. Correspondingly, the intermediate device does not need to store information such as the key used to calculate the ICV. In this way, the storage space of the intermediate device can be saved.
结合第二方面,在第二方面的一种可能的实现方式中,该方法还包括:该第一网络设备获取指示信息,该指示信息用于指示使用该预设值替换该第二IP头部的目的地址字段后确定该第一ICV。With reference to the second aspect, in a possible implementation of the second aspect, the method further includes: the first network device obtains instruction information, the instruction information is used to instruct to replace the second IP header with the preset value The first ICV is determined after the destination address field.
利用上述技术方案,该网络设备可以直接根据该指示信息确定是否使用预设值替换目的IP地址。Using the above technical solution, the network device can directly determine whether to replace the destination IP address with a preset value according to the instruction information.
结合第二方面,在第二方面的一种可能的实现方式中,该预设值的长度与该第二IP头部中的目的IP地址的长度相同。With reference to the second aspect, in a possible implementation of the second aspect, the length of the preset value is the same as the length of the destination IP address in the second IP header.
上述技术方案对ICV的计算方式改动较小,便于现有网络设备的实现。换句话说,网络设备在计算ICV时只需要使用与目的IP地址长度相同的预设值替代目的IP地址来计算ICV,不需要重新进行设计具体的计算方法。The above technical solution has minor changes to the ICV calculation method, which is convenient for the implementation of existing network equipment. In other words, when calculating the ICV, the network device only needs to use the preset value with the same length as the destination IP address to replace the destination IP address to calculate the ICV, and there is no need to redesign a specific calculation method.
可选的,在一些实施例中,该预设值可以由多个0组成,该0的数目与目的IP地址的长度相同。例如,若该第二IP头部中的目的IP地址为IPv4地址,则该预设值可以为32个0。若该第二IP头部中的目的IP地址为IPv6地址,则该预设值可以是128个0。Optionally, in some embodiments, the preset value may consist of multiple 0s, and the number of 0s is the same as the length of the destination IP address. For example, if the destination IP address in the second IP header is an IPv4 address, the preset value may be 32 zeros. If the destination IP address in the second IP header is an IPv6 address, the preset value may be 128 zeros.
结合第二方面,在第二方面的一种可能的实现方式中,该第二组播报文基于位索引的显示复制的互联网协议第六版封装的组播报文;或者该第二组播报文是基于IP头端复制封装的组播报文。With reference to the second aspect, in a possible implementation manner of the second aspect, the second multicast message is a multicast message encapsulated in Internet Protocol version 6 of the display replication based on a bit index; or the second multicast The message is a multicast message encapsulated based on IP head-end replication.
第三方面,本申请实施例提供一种通信装置,该通信装置可以为用于实现上述第二方面方法设计中的网络设备,或者为设置在网络设备中的芯片系统。该通信装置包括:处理 器,与存储器耦合,可用于执行存储器中的指令,以实现上述第一方面或第一方面的任意一种可能的实现方式中的方法。可选地,该通信装置还包括存储器。可选地,该通信装置还包括通信接口,处理器与通信接口耦合。In a third aspect, an embodiment of the present application provides a communication device, which may be a network device used to implement the method design in the second aspect described above, or a chip system set in the network device. The communication device includes a processor, which is coupled to a memory, and can be used to execute instructions in the memory to implement the first aspect or the method in any one of the possible implementation manners of the first aspect. Optionally, the communication device further includes a memory. Optionally, the communication device further includes a communication interface, and the processor is coupled with the communication interface.
当该通信装置为网络设备时,该通信接口可以是收发器,或,输入/输出接口。When the communication device is a network device, the communication interface may be a transceiver, or an input/output interface.
当该通信装置为配置于网络设备中的芯片系统时,该通信接口可以是输入/输出接口。When the communication device is a chip system configured in a network device, the communication interface may be an input/output interface.
可选地,该处理器可以为逻辑电路,该收发器可以为收发电路。可选地,该输入/输出接口可以为输入/输出电路。Optionally, the processor may be a logic circuit, and the transceiver may be a transceiver circuit. Optionally, the input/output interface may be an input/output circuit.
第四方面,本申请实施例提供一种通信装置,该通信装置可以为用于实现上述第二方面方法设计中的网络设备,或者为设置在网络设备中的芯片系统。该通信装置包括:处理器,与存储器耦合,可用于执行存储器中的指令,以实现上述第二方面或第二方面的任意一种可能的实现方式中的方法。可选地,该通信装置还包括存储器。可选地,该通信装置还包括通信接口,处理器与通信接口耦合。In a fourth aspect, an embodiment of the present application provides a communication device. The communication device may be a network device used to implement the method design in the second aspect described above, or a chip system set in the network device. The communication device includes a processor, which is coupled to a memory, and can be used to execute instructions in the memory to implement the second aspect or the method in any one of the possible implementation manners of the second aspect. Optionally, the communication device further includes a memory. Optionally, the communication device further includes a communication interface, and the processor is coupled with the communication interface.
当该通信装置为网络设备时,该通信接口可以是收发器,或,输入/输出接口。When the communication device is a network device, the communication interface may be a transceiver, or an input/output interface.
当该通信装置为配置于网络设备中的芯片系统时,该通信接口可以是输入/输出接口。When the communication device is a chip system configured in a network device, the communication interface may be an input/output interface.
可选地,该处理器可以为逻辑电路,该收发器可以为收发电路。可选地,该输入/输出接口可以为输入/输出电路。Optionally, the processor may be a logic circuit, and the transceiver may be a transceiver circuit. Optionally, the input/output interface may be an input/output circuit.
可选地,该收发器可以为收发电路。可选地,该输入/输出接口可以为输入/输出电路。Optionally, the transceiver may be a transceiver circuit. Optionally, the input/output interface may be an input/output circuit.
第五方面,本申请实施例提供一种网络设备,包括收发器和处理器。可选地,该网络设备还包括存储器。该处理器用于控制收发器收发信号,该存储器用于存储计算机程序,该处理器用于从存储器中调用并运行该计算机程序,使得该网络设备执行上述第一方面的方法设计中任意一种可能的实现方式中的方法。In a fifth aspect, an embodiment of the present application provides a network device, including a transceiver and a processor. Optionally, the network device further includes a memory. The processor is used to control the transceiver to send and receive signals, the memory is used to store a computer program, and the processor is used to call and run the computer program from the memory, so that the network device executes any one of the above-mentioned method designs of the first aspect. The method in the implementation mode.
第六方面,本申请实施例提供一种网络设备,包括收发器和处理器。可选地,该网络设备还包括存储器。该处理器用于控制收发器收发信号,该存储器用于存储计算机程序,该处理器用于从存储器中调用并运行该计算机程序,使得该网络设备执行上述第二方面的方法设计中任意一种可能的实现方式中的方法。In a sixth aspect, an embodiment of the present application provides a network device, including a transceiver and a processor. Optionally, the network device further includes a memory. The processor is used to control the transceiver to send and receive signals, the memory is used to store a computer program, and the processor is used to call and run the computer program from the memory, so that the network device executes any one of the above-mentioned method designs of the second aspect. The method in the implementation mode.
第七方面,本申请实施例提供一种计算机程序产品,所述计算机程序产品包括:计算机程序代码,当所述计算机程序代码在计算机上运行时,使得计算机执行上述第一方面的方法设计中任意一种可能的实现方式中的方法。In a seventh aspect, an embodiment of the present application provides a computer program product, the computer program product includes: computer program code, when the computer program code runs on a computer, the computer executes any of the method designs in the first aspect above One possible implementation method.
第八方面,本申请实施例提供一种计算机程序产品,所述计算机程序产品包括:计算机程序代码,当所述计算机程序代码在计算机上运行时,使得计算机执行上述第二方面的方法设计中任意一种可能的实现方式中的方法。In an eighth aspect, an embodiment of the present application provides a computer program product, the computer program product comprising: computer program code, when the computer program code runs on a computer, the computer executes any of the method designs in the second aspect above One possible implementation method.
第九方面,本申请实施例提供一种计算机可读介质,所述计算机可读介质存储有程序代码,当所述计算机程序代码在计算机上运行时,使得计算机执行上述第一方面的方法设计中任意一种可能的实现方式中的方法。In a ninth aspect, an embodiment of the present application provides a computer-readable medium, the computer-readable medium stores program code, and when the computer program code runs on a computer, the computer executes the method design of the first aspect. Any one of the possible implementation methods.
第十方面,本申请实施例提供一种计算机可读介质,所述计算机可读介质存储有程序代码,当所述计算机程序代码在计算机上运行时,使得计算机执行上述第二方面的方法设计中任意一种可能的实现方式中的方法。In a tenth aspect, an embodiment of the present application provides a computer-readable medium, the computer-readable medium stores program code, and when the computer program code runs on a computer, the computer executes the method design of the second aspect. Any one of the possible implementation methods.
附图说明Description of the drawings
图1是网络场景的示意图。Figure 1 is a schematic diagram of a network scenario.
图2是采用IP头端复制并使用AH的报文封装示意图。Figure 2 is a schematic diagram of packet encapsulation using IP head-end duplication and using AH.
图3是本申请实施例提供的一种传输组播报文的方法的示意性流程图。FIG. 3 is a schematic flowchart of a method for transmitting multicast packets according to an embodiment of the present application.
图4是使用AH的BIERv6组播报文封装示意图。Figure 4 is a schematic diagram of BIERv6 multicast packet encapsulation using AH.
图5是本申请实施例提供的一种传输组播报文的方法。Fig. 5 is a method for transmitting multicast packets provided by an embodiment of the present application.
图6是本申请实施例提供的一种传输组播报文的方法。Fig. 6 is a method for transmitting multicast packets provided by an embodiment of the present application.
图7是本申请实施例提供的一种通信装置的示意性结构框图。FIG. 7 is a schematic structural block diagram of a communication device provided by an embodiment of the present application.
图8是本申请实施例提供的一种通信装置的示意性结构框图。FIG. 8 is a schematic structural block diagram of a communication device provided by an embodiment of the present application.
图9是本发明实施例提供的网络设备的结构框图。Fig. 9 is a structural block diagram of a network device provided by an embodiment of the present invention.
具体实施方式Detailed ways
下面将结合附图,对本申请中的技术方案进行描述。The technical solution in this application will be described below in conjunction with the accompanying drawings.
本申请将围绕可包括多个设备、组件、模块等的系统来呈现各个方面、实施例或特征。应当理解和明白的是,各个系统可以包括另外的设备、组件、模块等,并且/或者可以并不包括结合附图讨论的所有设备、组件、模块等。此外,还可以使用这些方案的组合。This application will present various aspects, embodiments, or features around a system that may include multiple devices, components, modules, and the like. It should be understood and understood that each system may include additional devices, components, modules, etc., and/or may not include all the devices, components, modules, etc. discussed in conjunction with the accompanying drawings. In addition, a combination of these schemes can also be used.
另外,在本申请实施例中,“示例的”、“例如”等词用于表示作例子、例证或说明。本申请中被描述为“示例”的任何实施例或设计方案不应被解释为比其它实施例或设计方案更优选或更具优势。确切而言,使用示例的一词旨在以具体方式呈现概念。In addition, in the embodiments of the present application, words such as "exemplary" and "for example" are used as examples, illustrations, or illustrations. Any embodiment or design solution described as an "example" in this application should not be construed as being more preferable or advantageous than other embodiments or design solutions. To be precise, the term example is used to present the concept in a concrete way.
本申请实施例中,数据报(datagram)、数据报文、报文、数据包、包有时可以混用,应当指出的是,在不强调其区别时,其所要表达的含义是一致的。In the embodiments of the present application, datagrams, data messages, messages, data packets, and packets can sometimes be used together. It should be noted that the meanings to be expressed are the same when the differences are not emphasized.
本申请实施例中,网络设备、节点可以是路由器或者具有路由功能的网络设备。In the embodiments of the present application, the network device and node may be a router or a network device with routing function.
本申请实施例中,“相应的(corresponding,relevant)”和“对应的(corresponding)”有时可以混用,应当指出的是,在不强调其区别时,其所要表达的含义是一致的。In the examples of this application, "corresponding (relevant)" and "corresponding" can sometimes be used together. It should be noted that the meanings to be expressed are the same when the difference is not emphasized.
本申请实施例中,有时候下标如W 1可能会笔误为非下标的形式如W1,在不强调其区别时,其所要表达的含义是一致的。 Embodiment of the present application, the subscript sometimes as W 1 may form a clerical error at non-target as W1, while not emphasize the difference, to express their meaning is the same.
本申请实施例中,“头部(header)”(例如BIER头部、IP头部等)有时会简写成“头”(例如BIER头、IP头等)。In the embodiments of this application, "header" (for example, BIER header, IP header, etc.) is sometimes abbreviated as "header" (for example, BIER header, IP header, etc.).
本申请实施例描述的网络架构以及业务场景是为了更加清楚的说明本申请实施例的技术方案,并不构成对于本申请实施例提供的技术方案的限定,本领域普通技术人员可知,随着网络架构的演变和新业务场景的出现,本申请实施例提供的技术方案对于类似的技术问题,同样适用。The network architecture and business scenarios described in the embodiments of this application are intended to more clearly illustrate the technical solutions of the embodiments of this application, and do not constitute a limitation on the technical solutions provided in the embodiments of this application. Those of ordinary skill in the art will know that with the network With the evolution of the architecture and the emergence of new business scenarios, the technical solutions provided in the embodiments of the present application are equally applicable to similar technical problems.
在本说明书中描述的参考“一个实施例”或“一些实施例”等意味着在本申请的一个或多个实施例中包括结合该实施例描述的特定特征、结构或特点。由此,在本说明书中的不同之处出现的语句“在一个实施例中”、“在一些实施例中”、“在其他一些实施例中”、“在另外一些实施例中”等不是必然都参考相同的实施例,而是意味着“一个或多个但不是所有的实施例”,除非是以其他方式另外特别强调。术语“包括”、“包含”、“具有”及它们的变形都意味着“包括但不限于”,除非是以其他方式另外特别强调。References described in this specification to "one embodiment" or "some embodiments", etc. mean that one or more embodiments of the present application include a specific feature, structure, or characteristic described in conjunction with the embodiment. Therefore, the sentences "in one embodiment", "in some embodiments", "in some other embodiments", "in some other embodiments", etc. appearing in different places in this specification are not necessarily All refer to the same embodiment, but mean "one or more but not all embodiments" unless it is specifically emphasized otherwise. The terms "including", "including", "having" and their variations all mean "including but not limited to", unless otherwise specifically emphasized.
本申请中,“至少一个”是指一个或者多个,“多个”是指两个或两个以上。“和/或”,描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B的情况,其中A,B可以是单数或者复数。字符“/”一般表示前后关联对象是一种“或”的关系。“以下至少一项(个)”或其类似表达, 是指的这些项中的任意组合,包括单项(个)或复数项(个)的任意组合。例如,a,b,或c中的至少一项(个),可以表示:a,b,c,a-b,a-c,b-c,或a-b-c,其中a,b,c可以是单个,也可以是多个。In this application, "at least one" refers to one or more, and "multiple" refers to two or more. "And/or" describes the association relationship of the associated objects, indicating that there can be three relationships, for example, A and/or B, which can mean: A alone exists, A and B exist at the same time, and B exists alone, where A, B can be singular or plural. The character "/" generally indicates that the associated objects before and after are in an "or" relationship. "The following at least one item (a)" or similar expressions refers to any combination of these items, including any combination of a single item (a) or a plurality of items (a). For example, at least one item (a) of a, b, or c can mean: a, b, c, ab, ac, bc, or abc, where a, b, and c can be single or multiple .
为了便于本领域技术人员更好地理解本申请的技术方案,首先对本申请涉及到的一些技术或概念进行简单介绍。In order to facilitate those skilled in the art to better understand the technical solutions of this application, some technologies or concepts involved in this application are first briefly introduced.
基于位索引的显示复制(Bit Indexed Explicit Replication,BIER)Bit Indexed Display Replication (Bit Indexed Explicit Replication, BIER)
BIER技术是基于位(bit)的组播复制技术。在基于BIER技术的网络(以下简称BIER网络)的每个边缘节点会配置一个BIER转发路由器(BIER Forwarding Router,BFR)-标识符(Identifier,ID)。BFR-ID可以是大于或等于1且小于或等于256的一个值。边缘节点的配置信息会在网络中泛洪。例如,可以利用内部网关协议(Interior Gateway Protocol,IGP)泛洪的方式将边缘节点的配置信息在网络中泛洪。边缘节点的配置信息也可以称为BIER信息。BIER网络中的每个节点可以根据BFR-ID确定相应的节点。BIER网络中的节点通过泛洪的BIER信息建立转发表,并利用建立的转发表来转发BIER封装的组播数据报文。BIER technology is a bit-based multicast replication technology. Each edge node of the BIER technology-based network (hereinafter referred to as the BIER network) will be configured with a BIER Forwarding Router (BFR)-Identifier (ID). The BFR-ID can be a value greater than or equal to 1 and less than or equal to 256. The configuration information of the edge node will be flooded in the network. For example, the interior gateway protocol (Interior Gateway Protocol, IGP) flooding method can be used to flood the configuration information of the edge node in the network. The configuration information of the edge node may also be referred to as BIER information. Each node in the BIER network can determine the corresponding node according to the BFR-ID. The nodes in the BIER network establish a forwarding table through the flooded BIER information, and use the established forwarding table to forward the BIER-encapsulated multicast data message.
BIER互联网协议第六版(Internet Protocol version 6,IPv6)封装是一种BIER封装方式。BIER IPv6封装可以简称为BIERv6封装。BIERv6封装的基本原理是将组播数据报文作为IPv6的载荷(payload),该组播数据报文可以是互联网协议第四版(Internet Protocol version 4,IPv4)报文或IPv6报文。为了便于描述,以下将基于BIERv6封装得到的组播报文简称为BIERv6组播报文。BIERv6组播报文可以包括IPv6头部和BIER头部。该BIER头部包括一个比特串(BitString)字段。该比特串字段的长度可以为64、128、256等。比特串中的每个bit可以用来标识一个BIER转发边缘节点路由器(BIER Forwarding Edge Router,BFER)。例如,比特串中的最低位(即最右)的bit用来标识下一跳节点是BFR-ID=1对应的节点,比特串中从右往左数第二个bit用来标识下一条节点是BFR-ID=2对应的节点,比特串中从右往左数第三个bit用来标识下一跳节点是BFR-ID=3对应的节点,以此类推。BIER Internet Protocol version 6 (Internet Protocol version 6, IPv6) encapsulation is a BIER encapsulation method. BIER IPv6 encapsulation can be referred to as BIERv6 encapsulation for short. The basic principle of BIERv6 encapsulation is to use a multicast data message as an IPv6 payload. The multicast data message may be an Internet Protocol version 4 (IPv4) message or an IPv6 message. For ease of description, the multicast message obtained based on BIERv6 encapsulation is referred to as a BIERv6 multicast message for short below. A BIERv6 multicast message can include an IPv6 header and a BIER header. The BIER header includes a bit string (BitString) field. The length of the bit string field can be 64, 128, 256, and so on. Each bit in the bit string can be used to identify a BIER Forwarding Edge Router (BFER). For example, the lowest bit (that is, the rightmost) bit in the bit string is used to identify the next hop node is the node corresponding to BFR-ID=1, and the second bit from right to left in the bit string is used to identify the next node It is the node corresponding to BFR-ID=2, the third bit from right to left in the bit string is used to identify the next hop node is the node corresponding to BFR-ID=3, and so on.
图1是网络场景的示意图。如图1所示,网络100包括六个节点,分别为节点A,节点B,节点C,节点D,节点E和节点F,其中,节点A、节点D、节点E和节点F为BFER。除非特殊说明,在对图1进行描述时提到的报文都是BIERv6组播报文。Figure 1 is a schematic diagram of a network scenario. As shown in FIG. 1, the network 100 includes six nodes, namely node A, node B, node C, node D, node E, and node F. Among them, node A, node D, node E, and node F are BFERs. Unless otherwise specified, the messages mentioned in the description of Figure 1 are all BIERv6 multicast messages.
假设节点A的BFR-ID=4,节点D的BFR-ID=1,节点E的BFR-ID=2,节点F的BFR-ID=3。Suppose that the BFR-ID of node A is 4, the BFR-ID of node D is 1, the BFR-ID of node E is 2, and the BFR-ID of node F is 3.
对于节点A,BFR-ID=1/2/3的BFER的下一跳均为节点B,BFR-ID=4的BFER为节点A。因此,节点A可以建立如表1所示的包括两个邻居表项的转发表。For node A, the next hop of the BFER with BFR-ID=1/2/3 is node B, and the BFER with BFR-ID=4 is node A. Therefore, node A can establish a forwarding table including two neighbor entries as shown in Table 1.
表1Table 1
NbrNbr FBMFBM
BB 01110111
*A**A* 10001000
表1中的Nbr表示邻居(Neirgbor,Nbr),FBM表示转发位掩码(Forwarding Bit Mask,BFM)。表1中使用*表示该Nbr为节点A自己。Nbr in Table 1 represents neighbors (Neirgbor, Nbr), and FBM represents forwarding bit mask (BFM). The use of * in Table 1 indicates that the Nbr is node A itself.
如表1所示的第一个表项表示,当节点A接收到的报文的比特串从右往左的第1、第2、第3个bit位中有任何一个bit位值为1时,该报文会被转发至节点B。The first entry shown in Table 1 indicates that when the bit string of the message received by node A from right to left, any one of the first, second, and third bits has a value of 1. , The message will be forwarded to Node B.
如表1所示的第二个表项表示,当节点A接收到的报文的比特串从右往左的第4个bit 位值为1时,该报文会向节点A发送。在此情况下,节点A会去掉该报文的BIER头部,按照该报文的原始组播报文进行转发。The second entry shown in Table 1 indicates that when the fourth bit value of the bit string of the message received by node A from right to left is 1, the message will be sent to node A. In this case, node A will remove the BIER header of the message and forward it according to the original multicast message of the message.
类似的,节点B可以建立如表2所示的转发表项。Similarly, Node B can create forwarding entries as shown in Table 2.
表2Table 2
NbrNbr FBMFBM
CC 00110011
EE 01000100
AA 10001000
表2所示的各个表项的含义与表1中的各个表项的含义类似。例如,如表2所示的第1个表项表示,当节点B接收到的报文的比特串从右往左数第1、第2个bit位中有任何一个bit位值为1时,该报文会被转发至节点C。如表2所示的第2个表项表示,当节点B接收到的报文的比特串从右往左数第3个bit位值为1时,该报文会被转发至节点E。如表2所示的第3个表项表示,当节点B接收到的报文的比特串从右往左数第4个bit位值为1时,该报文会被转发至节点A。The meaning of each table item shown in Table 2 is similar to the meaning of each table item in Table 1. For example, the first entry shown in Table 2 indicates that when the bit string of the message received by node B is counted from right to left, any one of the first and second bits has a value of 1, The message will be forwarded to node C. The second entry shown in Table 2 indicates that when the value of the third bit in the bit string of the message received by node B from right to left is 1, the message will be forwarded to node E. The third entry shown in Table 2 indicates that when the value of the fourth bit in the bit string of the message received by node B from right to left is 1, the message will be forwarded to node A.
节点C可以建立如表3所示的转发表项。Node C can create forwarding entries as shown in Table 3.
表3table 3
NbrNbr FBMFBM
DD 00010001
FF 00100010
EE 01000100
BB 10001000
表3所示的各个表项的含义与表1中的各个表项的含义类似。例如,如表3所示的第1个表项表示,当节点C接收到的报文的比特串从右往左数第1个bit位值为1时,该报文会被转发至节点D。如表2所示的第2个表项表示,当节点B接收到的报文的比特串从右往左数第2个bit位值为1时,该报文会被转发至节点F。如表2所示的第3个表项表示,当节点B接收到的报文的比特串从右往左数第3个bit位值为1时,该报文会被转发至节点E。如表2所示的第4个表项表示,当节点B接收到的报文的比特串从右往左数第4个bit位值为1时,该报文会被转发至节点B。The meaning of each table item shown in Table 3 is similar to the meaning of each table item in Table 1. For example, the first entry shown in Table 3 indicates that when the bit string of the message received by node C is counted from right to left, the first bit value is 1, the message will be forwarded to node D . The second entry shown in Table 2 indicates that when the second bit value of the bit string of the message received by node B from right to left is 1, the message will be forwarded to node F. The third entry shown in Table 2 indicates that when the value of the third bit in the bit string of the message received by node B from right to left is 1, the message will be forwarded to node E. The fourth entry shown in Table 2 indicates that when the value of the fourth bit in the bit string of the message received by node B from right to left is 1, the message will be forwarded to node B.
节点E可以建立如表4所示的转发表项。Node E can create forwarding entries as shown in Table 4.
表4Table 4
NbrNbr FBMFBM
CC 00110011
*E**E* 01000100
BB 10001000
表4所示的各个表项的含义与表1中的各个表项的含义类似。The meaning of each table item shown in Table 4 is similar to the meaning of each table item in Table 1.
例如,如表4所示的第1个表项表示,当节点E接收到的报文的比特串从右往左数第1、第2个bit位的中的任一个bit位值为1时,该报文会被转发至节点C。For example, the first entry shown in Table 4 indicates that when the bit string of the message received by node E is counted from right to left, any one of the first and second bits is 1. , The message will be forwarded to node C.
如表4所示的第2个表项表示,当节点B接收到的报文的比特串从右往左数第3个bit位值为1时,该报文会被转发至节点E。在此情况下,节点E会去掉该报文的BIER头部,按照该报文的原始组播报文进行转发。The second entry shown in Table 4 indicates that when the value of the third bit in the bit string of the message received by node B from right to left is 1, the message will be forwarded to node E. In this case, node E will remove the BIER header of the message and forward it according to the original multicast message of the message.
如表4所示的第3个表项表示,当节点B接收到的报文的比特串从右往左数第4个bit位值为1时,该报文会被转发至节点B。The third entry shown in Table 4 indicates that when the value of the fourth bit in the bit string of the message received by node B from right to left is 1, the message will be forwarded to node B.
节点D可以建立如表5所示的转发表项。Node D can create forwarding entries as shown in Table 5.
表3table 3
NbrNbr FBMFBM
*D**D* 00010001
CC 11101110
表5所示的各个表项的含义与表1中的各个表项的含义类似。The meaning of each table item shown in Table 5 is similar to the meaning of each table item in Table 1.
例如,如表5所示的第1个表项表示,当节点D接收到的报文的比特串从右往左数第1个bit位值为1时,该报文会被转发至节点D。在此情况下,节点D会去掉该报文的BIER头部,按照该报文的原始组播报文进行转发。For example, the first entry shown in Table 5 indicates that when the bit string of the message received by node D is counted from right to left, the first bit value is 1, the message will be forwarded to node D . In this case, node D will remove the BIER header of the message and forward it according to the original multicast message of the message.
如表5所示的第2个表项表示,当节点D接收到的报文的比特串从右往左数第2、第3、第4个bit位中的任何一个bit位值为1时,该报文会被转发至节点C。As shown in Table 5, the second entry indicates that when the bit string of the message received by node D is counted from right to left, any one of the second, third, and fourth bits is 1. , The message will be forwarded to node C.
节点F可以建立如表6所示的转发表项。Node F can create forwarding entries as shown in Table 6.
表6Table 6
NbrNbr FBMFBM
CC 11011101
*F**F* 00100010
表6所示的各个表项的含义与表1中的各个表项的含义类似。The meaning of each table item shown in Table 6 is similar to the meaning of each table item in Table 1.
例如,如表6所示的第1个表项表示,当节点D接收到的报文的比特串从右往左数第1、第3、第4个bit位中的任何一个bit位值为1时,该报文会被转发至节点C。For example, the first entry shown in Table 6 indicates that when the bit string of the message received by node D is counted from right to left, any one of the first, third, and fourth bits is At 1, the message will be forwarded to node C.
如表6所示的第2个表项表示,当节点F接收到的报文的比特串从右往左数第2个bit位值为1时,该报文会被转发至节点F。在此情况下,节点F会去掉该报文的BIER头部,按照该报文的原始组播报文进行转发。The second entry shown in Table 6 indicates that when the second bit value of the bit string of the message received by node F from right to left is 1, the message will be forwarded to node F. In this case, node F will remove the BIER header of the message and forward it according to the original multicast message of the message.
报文的转发具体过程如下:节点A接收来自于主机(host)或者网络设备(例如用户边缘(Customer Edge,CE)设备)的IPv4组播报文或IPv6组播报文(以下简称IP组播报文)。节点A基于BIERv6封装该IP组播报文,得到BIERv6组播报文。假设节点A确定需要将该IP组播报文发送至节点E和节点D,那么节点A可以确定BIERv6组播报文的BIER头中的比特串为0101。节点A按照如表1所示的转发表进行转发。根据如表1所示的转发表,节点A会将封装好的报文发送至节点B。因此,节点A可以确定该BIERv6组播报文的IPv6头部中的目的IP地址是节点B的IPv6地址,源IP地址是节点A的IPv6地址。The specific process of packet forwarding is as follows: Node A receives IPv4 multicast packets or IPv6 multicast packets (hereinafter referred to as IP multicast) from hosts or network devices (such as Customer Edge (CE) devices) Message). Node A encapsulates the IP multicast message based on BIERv6 to obtain the BIERv6 multicast message. Assuming that node A determines that the IP multicast message needs to be sent to node E and node D, node A can determine that the bit string in the BIER header of the BIERv6 multicast message is 0101. Node A forwards according to the forwarding table shown in Table 1. According to the forwarding table shown in Table 1, node A will send the encapsulated message to node B. Therefore, node A can determine that the destination IP address in the IPv6 header of the BIERv6 multicast message is the IPv6 address of node B, and the source IP address is the IPv6 address of node A.
本申请实施例中所称的BIERv6组播报文的IPv6头部是指对接收到的IP组播报文进行BIERv6封装后的到的IPv6头部,而不是IPv6组播报文的头部。BIERv6组播报文的IPv6头部也可以称为BIERv6组播报文的外层IPv6头部或者外层IP头部。外侧IP头部中的目的地址可以称为外层IP目的地址或者外层目的地址,外层IP头部中的源地址可以称为外层源地址或者外层源IP地址。相应的,需要封装的IPv6组播报文的IP头部也可以称为内层IP头部、内层IPv4头部、内层IPv6头部。内层IP头部中的目的地址可以称为内层IP目的地址或者内层目的地址,内层IP头部中的源地址可以称为内层IP源地址或者内层源地址。The IPv6 header of the BIERv6 multicast message referred to in the embodiments of the present application refers to the IPv6 header obtained after BIERv6 encapsulation of the received IP multicast message, rather than the IPv6 multicast message header. The IPv6 header of the BIERv6 multicast message may also be referred to as the outer IPv6 header or the outer IP header of the BIERv6 multicast message. The destination address in the outer IP header can be called the outer IP destination address or the outer destination address, and the source address in the outer IP header can be called the outer source address or the outer source IP address. Correspondingly, the IP header of the IPv6 multicast message that needs to be encapsulated may also be referred to as an inner IP header, an inner IPv4 header, and an inner IPv6 header. The destination address in the inner IP header can be called the inner IP destination address or the inner destination address, and the source address in the inner IP header can be called the inner IP source address or the inner source address.
节点B在接收到来自于节点A的BIERv6组播报文后,可以根据该BIERv6组播报文的外层IP头部中的目的IP地址确定该BIERv6组播报文是向自己发送的。在此情况下,节点B可以根据该BIERv6组播报文的BIER头部中的比特串和如表2所示的转发表,确定需要将该来自于节点A的BIERv6组播发送至节点C和节点E。After node B receives the BIERv6 multicast message from node A, it can determine that the BIERv6 multicast message is sent to itself according to the destination IP address in the outer IP header of the BIERv6 multicast message. In this case, node B can determine the need to send the BIERv6 multicast from node A to node C and according to the bit string in the BIER header of the BIERv6 multicast message and the forwarding table shown in Table 2. Node E.
节点B将来自于节点A的BIERv6组播报文的BIER头部中的比特串(即0101)与如表2所示的转发表中的Nbr=C的表项的FBM(即0011)进行和操作,得到的结果为0001。节点B在将来自于节点A的BIERv6组播报文的BIER头部中的比特串替换为进行和操作后得到的结果(即0001)。此外,节点B还将来自于节点A的BIERv6组播报文的外层IP头部中的目的IP地址替换为节点C的IPv6地址。节点B将修改了外层IP头部中的目的地址和BIER头部中的比特串的BIERv6组播报文发送至节点C。Node B sums the bit string in the BIER header of the BIERv6 multicast message from node A (ie 0101) with the FBM (ie 0011) of the Nbr=C entry in the forwarding table shown in Table 2. Operation, the result is 0001. Node B replaces the bit string in the BIER header of the BIERv6 multicast message from node A with the result obtained after the sum operation (that is, 0001). In addition, node B replaces the destination IP address in the outer IP header of the BIERv6 multicast message from node A with the IPv6 address of node C. Node B sends the BIERv6 multicast message modified with the destination address in the outer IP header and the bit string in the BIER header to node C.
类似的,节点B将来自于节点A的BIERv6组播报文的BIER头部中的比特串(即0101)和如表2所示的转发表中的Nbr=E的表项的FBM(即0100)进行和操作,得到的结果为0100。节点B在将来自于节点A的BIERv6组播报文的BIER头部中的比特串替换为进行和操作后得到的结果(即0100)。此外,节点B还将来自于节点A的BIERv6组播报文的外层IP头部中的目的IP地址替换为节点E的IPv6地址。节点B将修改了外层IP头部中的目的地址和BIER头部中的比特串的BIERv6组播报文发送至节点E。Similarly, node B combines the bit string in the BIER header of the BIERv6 multicast message from node A (ie 0101) and the FBM (ie 0100) of the Nbr=E entry in the forwarding table shown in Table 2. ) Perform the sum operation, and the result is 0100. Node B replaces the bit string in the BIER header of the BIERv6 multicast message from node A with the result obtained after the sum operation (that is, 0100). In addition, node B replaces the destination IP address in the outer IP header of the BIERv6 multicast message from node A with the IPv6 address of node E. Node B sends the BIERv6 multicast packet modified with the destination address in the outer IP header and the bit string in the BIER header to node E.
节点E在接收到来自于节点B的报文后,可以根据该BIERv6组播报文的外层IP头部中的目的IP地址确定该BIERv6组播报文是向自己发送的。在此情况下,节点E可以根据该报文的BIER头部中的比特串和如表4所示的转发表确定该报文需要发送至节点E。在此情况下,节点E会解封装接收到的报文,根据该报文的内层IP组播报文进行转发。例如,节点E可以根据内层IP组播报文的源和目的地址将该内层IP组播报文发送至目的地址对应的主机或者CE设备。After node E receives the message from node B, it can determine that the BIERv6 multicast message is sent to itself according to the destination IP address in the outer IP header of the BIERv6 multicast message. In this case, the node E can determine that the message needs to be sent to the node E according to the bit string in the BIER header of the message and the forwarding table shown in Table 4. In this case, the node E will decapsulate the received message and forward it according to the inner IP multicast message of the message. For example, the node E may send the inner layer IP multicast packet to the host or CE device corresponding to the destination address according to the source and destination addresses of the inner layer IP multicast packet.
节点C接收到来自于节点B的BIERv6组播报文后的操作与节点B接收到来自于节点A的BIERv6组播报文后的操作类似,为了简洁,在此就不在赘述。节点C会将修改了外层IP头部中的目的IP地址和BIER头部中的比特串的BIERv6组播报文发送至节点D。The operation after node C receives the BIERv6 multicast message from node B is similar to the operation after node B receives the BIERv6 multicast message from node A. For brevity, it will not be repeated here. Node C will send the BIERv6 multicast packet modified with the destination IP address in the outer IP header and the bit string in the BIER header to node D.
接的D接收到来自于节点C的BIERv6组播报文后的操作与节点E接收到来自于节点B后的BIERv6组播报文的操作类似,为了简介,在此就不在赘述。The operation after receiving D receives the BIERv6 multicast message from node C is similar to the operation of node E receiving the BIERv6 multicast message from node B. For the sake of introduction, I will not repeat it here.
可以看出,上述过程中,节点B和C都会修改接收到的BIERv6组播报文中的外层目的IP地址。因此,如果在BIERv6组播报文中增加AH。例如,图4是一个使用AH的BIERv6组播报文封装示意图。节点B在向节点E发送BIERv6组播报文时,还需要重新计算AH中的ICV。这是因为BIERv6组播报文的AH头部中的ICV在计算时会包含BIERv6组播报文的外层目的地址计算得到的。节点A向节点B发送的BIERv6组播报文的外层目的地址是节点B的IPv6地址,而节点B向节点E发送的BIERv6组播报文的外层目的地址是节点E的IPv6地址。因此,节点B在将来自于节点A的BIERv6组播报文转发至节点E时,除了需要修改BIERv6组播报文中的外层目的地址和BIER头部中的比特串以外,还需要修改AH中的ICV。节点B和节点C需要保存计算ICV需要的秘钥等信息。It can be seen that in the above process, both nodes B and C modify the outer destination IP address in the received BIERv6 multicast message. Therefore, if AH is added to the BIERv6 multicast message. For example, Figure 4 is a schematic diagram of BIERv6 multicast packet encapsulation using AH. When node B sends a BIERv6 multicast message to node E, it also needs to recalculate the ICV in AH. This is because the ICV in the AH header of the BIERv6 multicast packet is calculated by including the outer destination address of the BIERv6 multicast packet. The outer destination address of the BIERv6 multicast packet sent by node A to node B is the IPv6 address of node B, and the outer destination address of the BIERv6 multicast packet sent by node B to node E is the IPv6 address of node E. Therefore, when node B forwards the BIERv6 multicast message from node A to node E, in addition to the outer destination address in the BIERv6 multicast message and the bit string in the BIER header, it also needs to modify the ICV. Node B and Node C need to store the secret key and other information needed to calculate ICV.
IP头端复制(Internet Protocol Ingress Replication)是另一种发送组播报文的方式。还以图1所示的网络结构为例。假设节点A需要将接收到的IP组播报文发送至节点E和节点D。在此情况,节点A需要对接收到的IP组播报文封装一个以节点A的IP地址为源地址,以节点E的地址为目的地址的IP头部(可以称为外层IP头部)。将封装好的报文发 送至节点E。类似的,节点A可以对接收到的IP组播报文封装一个以节点A的IP地址为源地址,以节点D的IP地址为目的地址的外层IP头部。将封装好的报文发送至节点D。IP headend replication (Internet Protocol Ingress Replication) is another way to send multicast packets. Also take the network structure shown in Figure 1 as an example. Assume that node A needs to send the received IP multicast message to node E and node D. In this case, node A needs to encapsulate the received IP multicast packet with an IP header with the IP address of node A as the source address and the address of node E as the destination address (it can be called the outer IP header) . Send the encapsulated message to node E. Similarly, node A can encapsulate an outer IP header with the IP address of node A as the source address and the IP address of node D as the destination address for the received IP multicast packet. Send the encapsulated message to node D.
图2是采用IP头端复制并使用AH的报文封装示意图。如图2所示,节点A可以将接收到的IP组播报文封装为a、b、c或d四种形式。如图2所示,节点A在对接收到的IP组播报文进行封装时,还增加了AH。Figure 2 is a schematic diagram of packet encapsulation using IP head-end duplication and using AH. As shown in Figure 2, node A can encapsulate the received IP multicast packet into four forms: a, b, c, or d. As shown in Figure 2, when node A encapsulates the received IP multicast message, it also adds AH.
例如,节点A可以将接收到的IP组播报文封装为如形式a所示的报文。形式a的报文包括外层IP头部、AH、内层IP组播报文。该内层IP组播报文就是节点A接收到的来自于源设备(例如主机或者CE设备)的IP组播报文。假设该报文是向节点E发送的,那么该外层IP头部中的源IP地址是节点A的IPv4地址,该外层IP头部中的目的地址是节点E的IPv4地址。For example, node A may encapsulate the received IP multicast message into a message shown in form a. The message of form a includes an outer IP header, AH, and an inner IP multicast message. The inner IP multicast packet is the IP multicast packet received by node A from the source device (for example, the host or CE device). Assuming that the message is sent to node E, the source IP address in the outer IP header is the IPv4 address of node A, and the destination address in the outer IP header is the IPv4 address of node E.
又如,节点A可以将接收到的IP组播报文封装为如形式b所示的报文。形式b的报文包括:外层IPv6头部、AH、内层IP组播报文。该内层IP组播报文就是节点A接收到的来自于源设备的IP组播报文。假设该报文是向节点E发送的,那么该外层IPv6头部中的源IP地址是节点A的IPv6地址,该外层IP头部中的目的地址是节点E的IPv6地址。For another example, node A may encapsulate the received IP multicast message into a message shown in form b. The message of form b includes: outer IPv6 header, AH, and inner IP multicast message. The inner IP multicast packet is the IP multicast packet received by node A from the source device. Assuming that the message is sent to node E, the source IP address in the outer IPv6 header is the IPv6 address of node A, and the destination address in the outer IP header is the IPv6 address of node E.
又如,节点A可以将接收到的IP组播报文封装为如形式c所示的报文。形式c的报文包括:外层IPv6头部、AH、通用路由封装(Generic Routing Encapsulation,GRE)头部、内层IP组播报文。该内层IP组播报文就是节点A接收到的来自于源设备的IP组播报文。在此情况下,节点A在接收到了来自于源设备的IP组播报文后,可以对该IP组播报文进行GRE封装,添加外层IPv6头部和GRE头部,来自于源设备的IP组播报文作为GRE报文的载荷。此外,节点A还需要将AH封装进GRE报文中。外层IPv6头部中的源IP地址是GRE隧道的源地址,目的IP地址是GRE隧道的目的地址。For another example, node A may encapsulate the received IP multicast message into a message shown in form c. The message of form c includes: outer IPv6 header, AH, Generic Routing Encapsulation (GRE) header, and inner IP multicast message. The inner IP multicast packet is the IP multicast packet received by node A from the source device. In this case, after node A receives the IP multicast packet from the source device, it can perform GRE encapsulation on the IP multicast packet and add the outer IPv6 header and GRE header, which are from the source device. IP multicast packets are used as the payload of GRE packets. In addition, node A also needs to encapsulate AH into GRE packets. The source IP address in the outer IPv6 header is the source address of the GRE tunnel, and the destination IP address is the destination address of the GRE tunnel.
又如,节点A可以将接收到的IP组播报文封装为如形式d所示的报文。形式d的报文包括:外层IPv6头部、AH、用户数据包(User Datagram Protocol,UDP)头部、虚拟扩展局域网(Virtual Extensible Location Area Network,VXLAN)头部、内层IP组播报文。该内层IP报文就是节点A接收到的来自于源设备的IP组播报文。在此情况下,节点A在接收到了来自于源设备的IP组播报文后,可以对该IP组播报文进行VXLAN封装,添加外层IPv6头部、UDP头部和VXLAN头部,来自于源设备的IP组播报文作为VXLAN报文的载荷。此外,节点A还需要将AH封装进VXLAN报文中。外层IPv6头部中的源IP地址是源VXLAN隧道端点(VXLAN Tunnel End Point,VTEP)的IPv6地址,目的IP地址是目的VTEP的IPv6地址。若节点A封装到报文是向节点E发送的,则源VTEP为节点A,目的VTEP为节点E。For another example, node A may encapsulate the received IP multicast message into a message shown in form d. The message of form d includes: outer IPv6 header, AH, user data packet (User Datagram Protocol, UDP) header, Virtual Extensible Location Area Network (VXLAN) header, inner IP multicast message . The inner IP packet is the IP multicast packet received by node A from the source device. In this case, after node A receives the IP multicast packet from the source device, it can perform VXLAN encapsulation on the IP multicast packet, adding the outer IPv6 header, UDP header, and VXLAN header. The IP multicast packet from the source device is used as the payload of the VXLAN packet. In addition, node A also needs to encapsulate AH into VXLAN packets. The source IP address in the outer IPv6 header is the IPv6 address of the source VXLAN tunnel end point (VXLAN Tunnel End Point, VTEP), and the destination IP address is the IPv6 address of the destination VTEP. If node A encapsulates the message to be sent to node E, the source VTEP is node A, and the destination VTEP is node E.
利用IP头端复制发送组播报文时,如果需要将IP组播报文发送至不同的出口设备,那么需要封装不同的报文,且封装好的报文中的外层目的地址均不相同。因此,节点A需要根据不同的目的IP地址计算AH中的ICV。When using IP headend replication to send multicast packets, if you need to send IP multicast packets to different egress devices, you need to encapsulate different packets, and the outer destination addresses in the encapsulated packets are all different . Therefore, node A needs to calculate the ICV in AH according to different destination IP addresses.
ICV的具体计算方式如下:使用AH头部之前的IP头部以及扩展域中的不可变部分或者可预测部分的值,AH头部(ICV设置为0)以及AH头部之后的所有信息。在计算ICV时,可变部分的值被设置为0。The specific calculation method of ICV is as follows: use the IP header before the AH header and the value of the immutable or predictable part in the extended field, the AH header (ICV is set to 0), and all the information after the AH header. When calculating ICV, the value of the variable part is set to zero.
基于IPv4的ICV计算过程中,不可变的部分包括:版本号(Version)、互联网头部长度(Internet Header Length)、总长度(Total Length)、协议(Protocol)、源地址、目的地址(非松散或严格源路由(without loose or strict source routing))。可预测部分包括: 目的地址(松散或严格源路由(loose or strict source routing))。可变部分:差分服务代码点(Differentiated Services Code Point,DSCP)、显示拥塞通知(Explicit Congestion Notification,ECN)、标记(Flags)、片偏移(Fragment Offset)、生存时间(Time to Live,TTL)和头部校验(Header Checksum)。In the ICV calculation process based on IPv4, the immutable parts include: version number (Version), Internet header length (Internet Header Length), total length (Total Length), protocol (Protocol), source address, destination address (not loose) Or strict source routing (without loose or strict source routing). The predictable part includes: Destination address (loose or strict source routing). Variable parts: Differentiated Services Code Point (DSCP), Explicit Congestion Notification (ECN), Flags, Fragment Offset, Time to Live (TTL) And Header Checksum.
基于IPv6的ICV计算过程中,不可变的部分包括:版本号(Version)、载荷长度(Payload Length)、下一个头部(Next Header)、源地址、目的地址(非路由扩展头(without Routing Extension Header))。可预测部分包括:目的地址(路由扩展头(Routing Extension Header))。可变部分:DSCP、ECN、流标签(Flow Labe)、跳数限制(Hot Limit)。此外IPv6的扩展头部(Extension Header)中的包括选项的扩展头部(例如逐条选项头(Hop-by-Hop Options Header)和目的选项头(Destination Options Header))的中的部分字段(例如选项数据字段(“Option Data”field))在计算ICV时被设置为0,另一部分字段(例如选项类型(Option Type)和选项数据长度(Opt Data Len))在计算ICV时包括在ICV中。In the ICV calculation process based on IPv6, the immutable parts include: version number (Version), payload length (Payload Length), next header (Next Header), source address, destination address (without Routing Extension) Header)). The predictable part includes the destination address (Routing Extension Header). Variable parts: DSCP, ECN, Flow Label (Flow Labe), Hop Limit (Hot Limit). In addition, the IPv6 extension header (Extension Header) includes option extension headers (such as Hop-by-Hop Options Header and Destination Options Header) in some fields (such as options). The data field ("Option Data" field) is set to 0 when calculating the ICV, and other fields (for example, Option Type and Option Data Length (Opt Data Len)) are included in the ICV when calculating the ICV.
ICV计算时需要使用的字段和需要设置为0的字段的具体内容可以参考请求评论(Request For Comment,RFC)4302中的描述,在此就不在赘述。For the specific content of the fields that need to be used in the ICV calculation and the fields that need to be set to 0, please refer to the description in Request For Comment (RFC) 4302, which will not be repeated here.
用于计算ICV的完成性算法可以是基于对称加密算法(例如高级加密标准(Advanced Encryption Standard,AES))的含秘钥的(Keyed)消息认证码(Message Authentication Code,MACs)或者单向散列函数(例如信息摘要算法5(Message-Digest Algorithm 5,MD5),安全散列算法1(Secure Hash Algorithm 1,SHA-1),安全散列算法256(Secure Hash Algorithm 256,SHA-256)等)。The completeness algorithm used to calculate the ICV can be based on a symmetric encryption algorithm (such as Advanced Encryption Standard (AES)) with a keyed message authentication code (Message Authentication Code, MACs) or one-way hash Functions (such as message digest algorithm 5 (Message-Digest Algorithm 5, MD5), secure hash algorithm 1 (Secure Hash Algorithm 1, SHA-1), secure hash algorithm 256 (Secure Hash Algorithm 256, SHA-256), etc.) .
可以理解的是图2或图4所示的报文封装示意图中的AH都是单独使用的。本申请的技术方案也可以应用于AH与ESP联合使用的场景中。It can be understood that the AH in the packet encapsulation diagram shown in FIG. 2 or FIG. 4 is used alone. The technical solution of this application can also be applied to a scenario where AH and ESP are used in combination.
图3是本申请实施例提供的一种传输组播报文的方法的示意性流程图。图3是结合图1所示的系统100对本申请技术方案进行的描述。FIG. 3 is a schematic flowchart of a method for transmitting multicast packets according to an embodiment of the present application. FIG. 3 is a description of the technical solution of the present application in conjunction with the system 100 shown in FIG. 1.
301,节点A接收源设备发送的第一组播报文。301. Node A receives a first multicast packet sent by a source device.
该第一组播报文可以是IPv4组播报文,或者,IPv6组播报文,本申请实施例对此并不进行限定。The first multicast message may be an IPv4 multicast message or an IPv6 multicast message, which is not limited in the embodiment of the present application.
该源设备可以是主机,也可以是网络设备(例如CE设备)。The source device can be a host or a network device (for example, a CE device).
302,节点A根据第一IP头部,确定AH中的ICV。302. Node A determines the ICV in AH according to the first IP header.
该第一IP头部是目的地址被替换为预设值的第二IP头部。第二IP头部是要对该第一组播报文进行封装时使用的IP头部。假设对第一组播报文进行封装得到的组播报文是第二组播报文,该第二IP头部是第二组播报文的外层IP头部。The first IP header is the second IP header whose destination address is replaced with a preset value. The second IP header is the IP header used when encapsulating the first multicast message. It is assumed that the multicast message obtained by encapsulating the first multicast message is a second multicast message, and the second IP header is the outer IP header of the second multicast message.
该预设值是一个预设的固定值。该预设值与第二IP头部中的目的IP地址不同。The preset value is a preset fixed value. The preset value is different from the destination IP address in the second IP header.
可选的,在一些实施例中,该预设值的长度与第二IP头部中的目的IP地址的长度相同。例如,若该第二IP头部中的目的IP地址是IPv4地址,则该预设值的长度为32位。若第二IP头部中的目的IP地址是IPv6地址,则该预设值的长度为128位。Optionally, in some embodiments, the length of the preset value is the same as the length of the destination IP address in the second IP header. For example, if the destination IP address in the second IP header is an IPv4 address, the length of the preset value is 32 bits. If the destination IP address in the second IP header is an IPv6 address, the length of the preset value is 128 bits.
可选的,在另一些实施例中,该预设值的长度是长度为K,K为大于或等于1的正整数。例如,K可以等于8、16、32或64等。Optionally, in other embodiments, the length of the preset value is a length of K, and K is a positive integer greater than or equal to 1. For example, K can be equal to 8, 16, 32, or 64, etc.
可选的,在一些实施例中,该预设值可以是全0。例如,若目的IP地址是IPv6地址,则该预设值可以是128个0。又如,若目的IP地址是IPv4地址,则该预设值可以是32个0。Optionally, in some embodiments, the preset value may be all zeros. For example, if the destination IP address is an IPv6 address, the preset value may be 128 zeros. For another example, if the destination IP address is an IPv4 address, the default value can be 32 zeros.
可选的,在另一些实施例中,该预设值可以是全1。例如,若目的IP地址是IPv6地址,则该预设值可以是128个1。又如,若目的IP地址是IPv4地址,则该预设值可以是32个1。Optionally, in other embodiments, the preset value may be all ones. For example, if the destination IP address is an IPv6 address, the preset value may be 128 ones. For another example, if the destination IP address is an IPv4 address, the preset value can be 32 ones.
可选的,在另一些实施例中,该预设值可以是其他类型的预设值。例如,该预设值可以是重复的01。又如,该预设值的前1/2为0,后1/2为1。例如,若目的IP地址是IPv6地址,则该与设置的前64位为0,后64位为1。Optionally, in other embodiments, the preset value may be other types of preset values. For example, the preset value may be repeated 01. For another example, the first 1/2 of the preset value is 0, and the last 1/2 is 1. For example, if the destination IP address is an IPv6 address, the first 64 bits of the AND setting are 0, and the last 64 bits are 1.
节点A计算ICV的方式与上述计算ICV的方式相同,只是将第二IP头部中的目的IP地址替换为预设值。The method for node A to calculate ICV is the same as the above method for calculating ICV, except that the destination IP address in the second IP header is replaced with a preset value.
303,节点A对该第一组播报文进行封装,得到第二组播报文,其中该第二组播报文包括第二IP头部、AH和该第一组播报文。303. Node A encapsulates the first multicast message to obtain a second multicast message, where the second multicast message includes a second IP header, AH, and the first multicast message.
节点A对第一组播报文封装外层IP头部和AH,得到第二组播报文。其中该外层IP头部是该第二IP头部,该AH中的ICV是步骤302中确定的ICV。Node A encapsulates the outer IP header and AH on the first multicast message to obtain the second multicast message. The outer IP header is the second IP header, and the ICV in the AH is the ICV determined in step 302.
304,节点A向节点B发送该第二组播报文。304. Node A sends the second multicast packet to node B.
假设第二组播报文的目的设备为节点D和节点E。Assume that the destination devices of the second multicast message are node D and node E.
305,节点B将接收到第二组播报文发送至节点C和节点E。305. Node B sends the received second multicast packet to node C and node E.
可以理解,如果第二组播报文是基于BIERv6封装的,则节点B在转发第二组播报文的时候需要修改第一IP头中的目的IP地址和BIER头中的比特串,并将修改了外层目的IP地址和比特串的组播报文发送至节点C和节点E。但是为了便于描述,在图3所示的方法中没有区分节点B接收到的来自于节点A的组播报文和节点B向节点C和节点E发送的组播报文。It can be understood that if the second multicast message is encapsulated based on BIERv6, Node B needs to modify the destination IP address in the first IP header and the bit string in the BIER header when forwarding the second multicast message, and change The multicast message with modified outer destination IP address and bit string is sent to node C and node E. However, for ease of description, the method shown in FIG. 3 does not distinguish between the multicast message received by node B from node A and the multicast message sent by node B to node C and node E.
306,节点C将接收到的第二组播报文发送至节点D。306. Node C sends the received second multicast packet to node D.
与步骤305类似,步骤306也没有区分节点C接收到的来自于节点B的组播报文和向节点D发送的组播报文。Similar to step 305, step 306 does not distinguish between the multicast message received by node C from node B and the multicast message sent to node D.
307,节点D根据第一IP头部计算ICV。为了便于区分,以下将步骤307中确定的ICV称为第一ICV,将步骤302确定的ICV称为第二ICV。节点D计算ICV的方式与节点A计算ICV的方式相同。307. Node D calculates ICV according to the first IP header. In order to facilitate the distinction, the ICV determined in step 307 is referred to as the first ICV, and the ICV determined in step 302 is referred to as the second ICV. Node D calculates ICV in the same way as node A calculates ICV.
308,节点D确定第一ICV与第二ICV是否相同。如果第一ICV与第二ICV相同,则表示第二组播报文通过完整性校验。在此情况下,节点D可以对第二组播报文进行解封装,得到第一组播报文。节点D根据第一组播报文的目的地址,确定将该第一组播报文发送至哪些设备。如果第一ICV与第二ICV不相同,则表示第二组播报文未通过完整性校验。在此情况下,节点D可以直接删除第二组播报文。308. The node D determines whether the first ICV is the same as the second ICV. If the first ICV is the same as the second ICV, it means that the second multicast packet passes the integrity check. In this case, node D may decapsulate the second multicast message to obtain the first multicast message. Node D determines which device to send the first multicast message to according to the destination address of the first multicast message. If the first ICV is different from the second ICV, it means that the second multicast packet fails the integrity check. In this case, node D can directly delete the second multicast message.
节点E处理接收到的第二组播报文的方式与节点D处理接收到的组播报文的方式相同,为了简洁,在此就不在赘述。The manner in which the node E processes the received second multicast message is the same as the manner in which the node D processes the received multicast message. For the sake of brevity, details are not repeated here.
图3所示的方法可以应用于BIERv6。在此情况下,步骤303中,该节点A对该第一组播报文进行封装得到第二组播报文,可以包括:该节点A使用BIERv6对该第一组播报文进行封装,得到第二组播报文。在此情况下,该第二组播报文的外层IP头部(即该第二IP头部)是IPv6头部。在此情况下,该预设值可以是128个0或者128个1或者其他类型的预设值(例如前64位为0,后64位为1)。The method shown in Figure 3 can be applied to BIERv6. In this case, in step 303, the node A encapsulates the first multicast message to obtain the second multicast message, which may include: the node A uses BIERv6 to encapsulate the first multicast message to obtain The second multicast message. In this case, the outer IP header of the second multicast packet (that is, the second IP header) is an IPv6 header. In this case, the preset value may be 128 zeros or 128 ones or other types of preset values (for example, the first 64 bits are 0 and the last 64 bits are 1).
图3所示的方法可以应用于IP头端复制。在此情况下,步骤303中,该节点A对该第一组播报文进行封装,得到第二组播报文,可以包括:该节点A利用IP头端复制对该 第一组播报文进行封装,得到该第二组播报文。在此情况下,节点A得到的第二组播报文可以如图2所示。例如,若该第二组播报文是如图2中的a所示的组播报文,则该预设值可以是32个0、32个1或者32个其他类型的预设值(例如前16位为0,后16位为1)。又如,若第二组播报文是如图2中的b所示的组播报文,则该预设值可以是128个0或者128个1或者128个其他类型的预设值。The method shown in Figure 3 can be applied to IP head-end replication. In this case, in step 303, the node A encapsulates the first multicast message to obtain the second multicast message, which may include: the node A uses the IP headend to copy the first multicast message Encapsulate to obtain the second multicast message. In this case, the second multicast message obtained by node A may be as shown in FIG. 2. For example, if the second multicast message is a multicast message as shown in a in FIG. 2, the preset value may be 32 0, 32 1 or 32 other types of preset values (for example, The first 16 bits are 0, and the last 16 bits are 1). For another example, if the second multicast packet is a multicast packet as shown in b in FIG. 2, the preset value may be 128 zeros or 128 ones, or 128 other types of preset values.
若网络中传输的组播报文中的ICV是利用图3所示的方法确定的,则该网络中的中间设备(例如节点B和节点C)在接收到组播报文后,可以不需要修改该组播报文的AH中的ICV。这样,网络中的中间设备不需要保存计算ICV所需的秘钥等信息,也不需要计算ICV,从而可以降低中间设备的工作负担。If the ICV in the multicast packet transmitted in the network is determined using the method shown in Figure 3, the intermediate devices in the network (such as node B and node C) may not need to modify the multicast packet after receiving the multicast packet. The ICV in the AH of the multicast packet. In this way, the intermediate device in the network does not need to store information such as the secret key required to calculate the ICV, nor does it need to calculate the ICV, thereby reducing the workload of the intermediate device.
可选的,在一些实施例中,该节点A可获取一个指示信息。该指示信息用于指示是否可以使用预设值替代外层IP头中的目的IP地址计算ICV。例如,该指示信息的值可以是肯定(ture)或否定(false)。若该指示信息的值为肯定,则该节点A可以使用预设值计算ICV;若该指示信息的值为否定,则该节点A可以使用按照外层IP头中的目的IP地址计算ICV。网络中的中间设备和目的设备也可以获取该指示信息。在此情况下,中间设备在转发报文时可以根据该指示信息确定是否重新计算ICV。该目的设备在验证ICV的时候也可以根据该指示信息确定在计算ICV时是否使用预设值替代外层IP头中的目的IP地址。Optionally, in some embodiments, the node A may obtain an indication information. The indication information is used to indicate whether the preset value can be used to replace the destination IP address in the outer IP header to calculate the ICV. For example, the value of the indication information may be true or false. If the value of the indication information is positive, the node A can use the preset value to calculate the ICV; if the value of the indication information is negative, the node A can use the destination IP address in the outer IP header to calculate the ICV. The intermediate device and the target device in the network can also obtain the indication information. In this case, the intermediate device may determine whether to recalculate the ICV according to the instruction information when forwarding the message. When verifying the ICV, the destination device can also determine whether to use a preset value to replace the destination IP address in the outer IP header when calculating the ICV according to the instruction information.
可选的,在一些实施例中,该节点A可获取一个配置信息(例如可以是安全关联(Security Association,SA)或安全策略(Security Policy,SP)等)。该配置信息可以包括用于指示是否可以使用预设值替代外层IP头中的目的IP地址计算ICV的指示信息。该指示信息也可以称为指示,或者,目的地址静默指示等。该节点A可以根据SA或SP中的目的地址静默指示,确定是否使用预设值替代外层IP头中的目的IP地址计算ICV。网络中的中间设备和目的设备也可以获取SA或SP。在此情况下,中间设备在转发报文时可以根据SA或SP中的目的地址静默指示确定是否重新计算ICV。该目的设备在验证ICV的时候也可以根据SA或SP中的目的地址静默指示确定在计算ICV时是否使用预设值替代外层IP头中的目的IP地址。Optionally, in some embodiments, the node A may obtain a piece of configuration information (for example, it may be a security association (Security Association, SA) or a security policy (Security Policy, SP), etc.). The configuration information may include indication information for indicating whether the preset value can be used to replace the destination IP address in the outer IP header to calculate the ICV. The indication information may also be referred to as an indication, or a destination address silent indication, etc. The node A can determine whether to use a preset value to replace the destination IP address in the outer IP header to calculate the ICV according to the destination address silent indication in the SA or SP. The intermediate device and the destination device in the network can also obtain the SA or SP. In this case, the intermediate device may determine whether to recalculate the ICV according to the silent indication of the destination address in the SA or SP when forwarding the message. When verifying the ICV, the destination device can also determine whether to use a preset value to replace the destination IP address in the outer IP header when calculating the ICV according to the destination address silent indication in the SA or SP.
为了便于描述,以下使用第一方案表示利用预设值替代外层IP头中的目的IP地址计算ICV的方案,使用第二方案表示使用外层IP头中的目的IP地址计算ICV的方案。For ease of description, the following uses the first solution to represent the solution of calculating the ICV using a preset value instead of the destination IP address in the outer IP header, and using the second solution to represent the solution to calculate the ICV using the destination IP address in the outer IP header.
可选的,在另一些实施例中,该节点A可以确定目的设备的数目。换句话说,该节点A确定需要接收并解封装第二组播报文的设备的数目。如果节点A确定目的设备的数目大于或等于2,则该节点A可以采用第一方案计算ICV。如果该节点A确定目的设备的数目为1,则该节点A可以采用第二方案计算ICV。该节点A可以利用第二组播报文的外层IP头或AH或者其他头部中的一个字段来指示该第二组播报文的ICV的计算方法。换句话说,第二组播报文的头部(例如IP头、或AH或其他头部字段)中可以包括一个指示信息(可以称为ICV计算指示信息),该指示信息用于指示ICV是采用第一方案确定的还是采用第二方案确定的。这样,中间设备可以根据该指示信息来确定是否需要重新计算ICV。该目的设备也可以根据该指示信息确定在计算ICV时是否使用预设值替代外层IP头中的目的IP地址。Optionally, in other embodiments, the node A may determine the number of destination devices. In other words, the node A determines the number of devices that need to receive and decapsulate the second multicast packet. If the node A determines that the number of destination devices is greater than or equal to 2, the node A can use the first scheme to calculate ICV. If the node A determines that the number of destination devices is 1, the node A can use the second scheme to calculate ICV. The node A may use a field in the outer IP header or AH or other headers of the second multicast packet to indicate the ICV calculation method of the second multicast packet. In other words, the header of the second multicast packet (for example, the IP header, or AH or other header fields) may include an indication information (which may be called ICV calculation indication information), and the indication information is used to indicate whether the ICV is What is determined by the first scheme is determined by the second scheme. In this way, the intermediate device can determine whether ICV needs to be recalculated according to the instruction information. The destination device may also determine whether to replace the destination IP address in the outer IP header with a preset value when calculating the ICV according to the instruction information.
可选的,在另一些实施例中,可以直接配置网络中的网络设备只使用第一方案计算ICV。换句话说,在此情况下,网络中的网络设备不会利用第二方案计算ICV。源设备(即图3所示方法中的节点A)、中间设备和目的设备也无需根据配置信息或指示信息来确定 计算ICV的方法。Optionally, in other embodiments, the network devices in the network can be directly configured to only use the first scheme to calculate ICV. In other words, in this case, the network devices in the network will not use the second scheme to calculate ICV. The source device (that is, the node A in the method shown in FIG. 3), the intermediate device, and the destination device do not need to determine the method for calculating the ICV based on the configuration information or the instruction information.
图5是本申请实施例提供的一种传输组播报文的方法。Fig. 5 is a method for transmitting multicast packets provided by an embodiment of the present application.
501,网络设备接收源设备发送的第一组播报文。501: A network device receives a first multicast packet sent by a source device.
该源设备可以是主机或者CE设备。The source device can be a host or a CE device.
502,该网络设备根据第一IP头部,确定AH中的ICV,其中该第一IP头部是对第二IP头部的目的地址字段替换为预设值后获得的,该第二IP头部中的目的IP地址与该预设值不同。502. The network device determines the ICV in AH according to the first IP header, where the first IP header is obtained by replacing the destination address field of the second IP header with a preset value, and the second IP header The destination IP address in the section is different from the preset value.
503,该网络设备对该第一组播报文进行封装,得到第二组播报文,其中该第二组播报文包括该第二IP头部、该AH和该第一组播报文。503. The network device encapsulates the first multicast message to obtain a second multicast message, where the second multicast message includes the second IP header, the AH, and the first multicast message .
该网络设备对第一组播报文封装外层IP头部和AH,得到第二组播报文。其中该外层IP头部是该第二IP头部,该AH中的ICV是步骤502中确定的ICV。The network device encapsulates the outer IP header and AH on the first multicast message to obtain the second multicast message. The outer IP header is the second IP header, and the ICV in the AH is the ICV determined in step 502.
504,向目的设备发送该第二组播报文。504. Send the second multicast packet to the destination device.
该目的设备可以是另一个网络设备。The destination device can be another network device.
图5所示方法中的网络设备可以是如图3所示方法中的节点A。图5所示方法的各个步骤的具体实现和有益效果,可以参见图3所示的方法,在此就不再赘述。The network device in the method shown in FIG. 5 may be the node A in the method shown in FIG. 3. For the specific implementation and beneficial effects of each step of the method shown in FIG. 5, please refer to the method shown in FIG. 3, which will not be repeated here.
图6是本申请实施例提供的一种传输组播报文的方法。Fig. 6 is a method for transmitting multicast packets provided by an embodiment of the present application.
601,第一网络设备接收第二网络设备发送的第二组播报文,该第二组播报文包括第二互联网协议IP头部、认证头部AH和第一组播报文。601. A first network device receives a second multicast packet sent by a second network device, where the second multicast packet includes a second Internet Protocol IP header, an authentication header AH, and a first multicast packet.
602,该第一网络设备根据第一IP头部,确定的第一ICV,其中该第一IP头部是对该第二IP头部的目的地址字段替换为预设值后获得的,该第二IP头部中的目的IP地址与该预设值不同。602. The first network device determines the first ICV according to the first IP header, where the first IP header is obtained after replacing the destination address field of the second IP header with a preset value. 2. The destination IP address in the IP header is different from the preset value.
603,该第一网络设备判断第二ICV与该第一ICV是否相同,其中该第二ICV是该AH中的ICV。603. The first network device determines whether the second ICV is the same as the first ICV, where the second ICV is the ICV in the AH.
604,该第一网络设备在该第二ICV与该第一ICV相同时,将该第一组播报文发送至目的设备。604. The first network device sends the first multicast packet to the destination device when the second ICV is the same as the first ICV.
该目的设备可以是主机或者网络设备(例如CE设备)。The destination device can be a host or a network device (for example, a CE device).
图6所示方法中的第一网络设备可以是如图3所示方法中的节点D或者节点F。若第一网络设备为图3所示方法中的节点E,则第二网络设备可以是如图3所示方法中的节点B。若第一网络设备为如图3所示方法中的节点D,则该第二网络设备可以是如图3所示方法中的节点C。图6所示方法的各个步骤和有益效果,可以参见图3所示的方法,在此就不再赘述。The first network device in the method shown in FIG. 6 may be node D or node F in the method shown in FIG. 3. If the first network device is the node E in the method shown in FIG. 3, the second network device may be the node B in the method shown in FIG. 3. If the first network device is the node D in the method shown in FIG. 3, the second network device may be the node C in the method shown in FIG. 3. The steps and beneficial effects of the method shown in FIG. 6 can be referred to the method shown in FIG. 3, which will not be repeated here.
图7是本申请实施例提供的一种通信装置的示意性结构框图。如图7所示的通信装置700可以是如图5所示方法中的网络设备或者该网络设备中的部件(例如芯片、芯片系统或者电路等)。如图7所示的通信装置700还可以是如图3所示方法中的节点A或者节点A中的部件(例如芯片、芯片系统或者电路等)。如图7所示,通信装置700包括接收单元701、处理单元702和发送单元703。FIG. 7 is a schematic structural block diagram of a communication device provided by an embodiment of the present application. The communication device 700 shown in FIG. 7 may be the network device in the method shown in FIG. 5 or a component (such as a chip, a chip system, or a circuit, etc.) in the network device. The communication device 700 shown in FIG. 7 may also be a node A or a component (such as a chip, a chip system, or a circuit, etc.) in the node A in the method shown in FIG. 3. As shown in FIG. 7, the communication device 700 includes a receiving unit 701, a processing unit 702, and a sending unit 703.
接收单元701,用于接收源设备发送的第一组播报文。The receiving unit 701 is configured to receive the first multicast packet sent by the source device.
处理单元702,用于根据第一互联网协议IP头部,确定认证头部AH中的完整性校验值ICV,其中该第一IP头部是对第二IP头部的目的地址字段替换为预设值后获得的,该第二IP头部中的目的IP地址与该预设值不同。The processing unit 702 is configured to determine the integrity check value ICV in the authentication header AH according to the first Internet Protocol IP header, where the first IP header replaces the destination address field of the second IP header with a pre- After setting the value, the destination IP address in the second IP header is different from the preset value.
处理单元702,还用于对该第一组播报文进行封装,得到第二组播报文,其中该第二组播报文包括该第二IP头部、该AH和该第一组播报文。The processing unit 702 is further configured to encapsulate the first multicast message to obtain a second multicast message, where the second multicast message includes the second IP header, the AH, and the first multicast Message.
发送单元703,用于向目的设备发送该第二组播报文。The sending unit 703 is configured to send the second multicast packet to the destination device.
可选的,处理单元702,还用于获取指示信息,其中该指示信息用于指示使用该预设值替换该第二IP头部的目的地址字段后确定该ICV。Optionally, the processing unit 702 is further configured to obtain indication information, where the indication information is used to indicate to use the preset value to replace the destination address field of the second IP header to determine the ICV.
可选的,该预设值的长度与该第二IP头部中的目的IP地址的长度相同。Optionally, the length of the preset value is the same as the length of the destination IP address in the second IP header.
可选的,处理单元702,具体用于使用基于BIERv6对该第一组播报文进行封装,得到该第二组播报文;或者基于IP头端复制对该第一组播报文进行封装,得到该第二组播报文。Optionally, the processing unit 702 is specifically configured to encapsulate the first multicast packet based on BIERv6 to obtain the second multicast packet; or encapsulate the first multicast packet based on IP headend replication , To obtain the second multicast message.
若通信装置700为如图5所示方法中网络设备或如图3所示方法中的节点A,则接收单元701和发送单元703可以由收发器实现,处理单元702可以由处理器实现。If the communication device 700 is the network device in the method shown in FIG. 5 or the node A in the method shown in FIG. 3, the receiving unit 701 and the sending unit 703 may be implemented by a transceiver, and the processing unit 702 may be implemented by a processor.
若通信装置700为如图5所示方法中网络设备中的部件或如图3所示方法中的节点A中的部件,则接收单元701和发送单元703可以由输入/输出接口或者输入/输出电路实现,处理单元702可以由逻辑电路实现。If the communication device 700 is a component in the network device in the method shown in FIG. 5 or a component in the node A in the method shown in FIG. 3, the receiving unit 701 and the sending unit 703 can be implemented by an input/output interface or an input/output interface. Circuit implementation, the processing unit 702 can be implemented by a logic circuit.
接收单元701、处理单元702和发送单元703的具体功能和有益效果可以参见图3或图5所示的实施例,为了简洁,在此就不再赘述。The specific functions and beneficial effects of the receiving unit 701, the processing unit 702, and the sending unit 703 can be referred to the embodiment shown in FIG. 3 or FIG. 5. For brevity, details are not repeated here.
图8是本申请实施例提供的一种通信装置的示意性结构框图。如图8所示的通信装置800可以是如图6所示方法中的第一网络设备或者第一网络设备中的部件(例如芯片、芯片系统或者电路等)。如图8所示的通信装置800还可以是如图3所示方法中的节点D(或者E)或者节点D(或者E)中的部件(例如芯片、芯片系统或者电路等)。如图8所示,通信装置800包括接收单元801、处理单元802和发送单元803。FIG. 8 is a schematic structural block diagram of a communication device provided by an embodiment of the present application. The communication apparatus 800 shown in FIG. 8 may be the first network device or a component (for example, a chip, a chip system, or a circuit, etc.) in the first network device in the method shown in FIG. 6. The communication device 800 shown in FIG. 8 may also be a node D (or E) or a component (such as a chip, a chip system or a circuit, etc.) in the node D (or E) in the method shown in FIG. 3. As shown in FIG. 8, the communication device 800 includes a receiving unit 801, a processing unit 802, and a sending unit 803.
接收单元801,用于接收网络设备发送的第二组播报文,该第二组播报文包括第二互联网协议IP头部、认证头部AH和第一组播报文。The receiving unit 801 is configured to receive a second multicast packet sent by a network device, where the second multicast packet includes a second Internet Protocol IP header, an authentication header AH, and a first multicast packet.
处理单元802,用于根据第一互联网协议IP头部,确定的第一完整性校验值ICV,其中该第一IP头部是对该第二IP头部的目的地址字段替换为预设值后获得的,该第二IP头部中的目的IP地址与该预设值不同;The processing unit 802 is configured to determine a first integrity check value ICV according to a first Internet Protocol IP header, where the first IP header is to replace the destination address field of the second IP header with a preset value Obtained later, the destination IP address in the second IP header is different from the preset value;
处理单元802,还用于判断第二ICV与该第一ICV是否相同,其中该第二ICV是该AH中的ICV。The processing unit 802 is further configured to determine whether the second ICV is the same as the first ICV, where the second ICV is the ICV in the AH.
发送单元803,用于在该第二ICV与该第一ICV相同时,将该第一组播报文发送至目的设备。The sending unit 803 is configured to send the first multicast packet to the destination device when the second ICV is the same as the first ICV.
可选的,处理单元802,还用于获取指示信息,该指示信息用于指示使用该预设值替换该第二IP头部的目的地址字段后确定该第一ICV。Optionally, the processing unit 802 is further configured to obtain indication information, where the indication information is used to instruct to determine the first ICV after replacing the destination address field of the second IP header with the preset value.
可选的,该预设值的长度与该第二IP头部中的目的IP地址的长度相同。Optionally, the length of the preset value is the same as the length of the destination IP address in the second IP header.
可选的,该第二组播报文基于BIERv6封装的组播报文;或者该第二组播报文是基于IP头端复制封装的组播报文。Optionally, the second multicast message is a multicast message encapsulated based on BIERv6; or the second multicast message is a multicast message encapsulated based on IP headend replication.
若通信装置800为如图6所示方法中第一网络设备或如图3所示方法中的节点D(或者E),则接收单元801和发送单元803可以由收发器实现,处理单元802可以由处理器实现。If the communication device 800 is the first network device in the method shown in FIG. 6 or the node D (or E) in the method shown in FIG. 3, the receiving unit 801 and the sending unit 803 may be implemented by a transceiver, and the processing unit 802 may Realized by the processor.
若通信装置800为如图6所示方法中第一网络设备中的部件或如图3所示方法中的节点D(或者E)中的部件,则接收单元801和发送单元803可以由输入/输出接口或者输入 /输出电路实现,处理单元802可以由逻辑电路实现。If the communication device 800 is a component in the first network device in the method shown in FIG. 6 or a component in the node D (or E) in the method shown in FIG. The output interface or input/output circuit is implemented, and the processing unit 802 may be implemented by a logic circuit.
接收单元801、处理单元802和发送单元803的具体功能和有益效果可以参见图3或图6所示的实施例,为了简洁,在此就不再赘述。The specific functions and beneficial effects of the receiving unit 801, the processing unit 802, and the sending unit 803 can be referred to the embodiment shown in FIG. 3 or FIG.
图9是本发明实施例提供的网络设备的结构框图。如图9所示,网络设备900包括处理器901、存储器902。处理器901可以用于对通信协议以及通信数据进行处理,以及对网络设备进行控制,执行软件程序,处理软件程序的数据等。存储器902主要用于存储软件程序和数据。Fig. 9 is a structural block diagram of a network device provided by an embodiment of the present invention. As shown in FIG. 9, the network device 900 includes a processor 901 and a memory 902. The processor 901 may be used to process communication protocols and communication data, control network devices, execute software programs, and process data of software programs, and so on. The memory 902 is mainly used to store software programs and data.
为便于说明,图9中仅示出了一个存储器和处理器。在实际的网络设备产品中,可以存在一个或多个处理器和一个或多个存储器。存储器也可以称为存储介质或者存储设备等。存储器可以是独立于处理器设置,也可以是与处理器集成在一起,本申请实施例对此不做限制。For ease of description, only one memory and processor are shown in FIG. 9. In actual network equipment products, there may be one or more processors and one or more memories. The memory may also be referred to as a storage medium or storage device. The memory may be set independently of the processor, or may be integrated with the processor, which is not limited in the embodiment of the present application.
在本申请实施例中,可以将具有收发功能的电路视为网络设备的收发器903,将具有处理功能的处理器视为网络设备的处理单元。收发器也可以称为收发单元、收发机、收发装置等。处理单元也可以称为处理器,处理单板,处理模块、处理装置等。可选的,可以将收发器903中用于实现接收功能的器件视为接收单元,将收发器903中用于实现发送功能的器件视为发送单元,即收发器903包括接收单元和发送单元。接收单元有时也可以称为接收机、接收器、或接收电路等。发送单元有时也可以称为发射机、发射器或者发射电路等。In the embodiment of the present application, the circuit with the transceiver function can be regarded as the transceiver 903 of the network device, and the processor with the processing function can be regarded as the processing unit of the network device. The transceiver may also be referred to as a transceiver unit, transceiver, transceiver, and so on. The processing unit may also be called a processor, a processing board, a processing module, a processing device, and so on. Optionally, the device for implementing the receiving function in the transceiver 903 can be regarded as the receiving unit, and the device for implementing the sending function in the transceiver 903 as the sending unit, that is, the transceiver 903 includes a receiving unit and a sending unit. The receiving unit may sometimes be called a receiver, a receiver, or a receiving circuit. The transmitting unit may sometimes be called a transmitter, a transmitter, or a transmitting circuit.
处理器901、存储器902和收发器903之间通过内部连接通路互相通信,传递控制和/或数据信号The processor 901, the memory 902, and the transceiver 903 communicate with each other through internal connection paths to transfer control and/or data signals
上述本发明实施例揭示的方法可以应用于处理器901中,或者由处理器901实现。处理器901可能是一种集成电路芯片,具有信号的处理能力。在实现过程中,上述方法的各步骤可以通过处理器901中的硬件的集成逻辑电路或者软件形式的指令完成。The method disclosed in the foregoing embodiment of the present invention may be applied to the processor 901 or implemented by the processor 901. The processor 901 may be an integrated circuit chip with signal processing capabilities. In the implementation process, the steps of the foregoing method may be completed by an integrated logic circuit of hardware in the processor 901 or instructions in the form of software.
可选的,在一些实施例中,存储器902可以存储用于执行如图3所示方法中节点A执行的方法的指令。处理器901可以执行存储器902中存储的指令结合其他硬件(例如收发器903)完成如图1所示方法中节点A执行的步骤,具体工作过程和有益效果可以参见图3所示实施例中的描述。Optionally, in some embodiments, the memory 902 may store instructions for executing the method executed by the node A in the method shown in FIG. 3. The processor 901 can execute the instructions stored in the memory 902 in combination with other hardware (such as the transceiver 903) to complete the steps executed by the node A in the method shown in FIG. 1. For the specific working process and beneficial effects, please refer to the steps in the embodiment shown in FIG. 3 description.
可选的,在一些实施例中,存储器902可以存储用于执行如图3所示方法中节点D执行的方法的指令。处理器901可以执行存储器902中存储的指令结合其他硬件(例如收发器903)完成如图1所示方法中节点D执行的步骤,具体工作过程和有益效果可以参见图3所示实施例中的描述。Optionally, in some embodiments, the memory 902 may store instructions for executing the method executed by the node D in the method shown in FIG. 3. The processor 901 can execute the instructions stored in the memory 902 in combination with other hardware (for example, the transceiver 903) to complete the steps executed by the node D in the method shown in FIG. description.
可选的,在一些实施例中,存储器902可以存储用于执行如图3所示方法中节点E执行的方法的指令。处理器901可以执行存储器902中存储的指令结合其他硬件(例如收发器903)完成如图3所示方法中节点E执行的步骤,具体工作过程和有益效果可以参见图3所示实施例中的描述。Optionally, in some embodiments, the memory 902 may store instructions for executing the method executed by the node E in the method shown in FIG. 3. The processor 901 can execute the instructions stored in the memory 902 in combination with other hardware (for example, the transceiver 903) to complete the steps executed by the node E in the method shown in FIG. 3. For the specific working process and beneficial effects, please refer to the steps in the embodiment shown in FIG. 3 description.
可选的,在一些实施例中,存储器902可以存储用于执行如图5所示方法中网络设备执行的方法的指令。处理器901可以执行存储器902中存储的指令结合其他硬件(例如收发器903)完成如图5所示方法中网络设备执行的步骤,具体工作过程和有益效果可以参见图5所示实施例中的描述。Optionally, in some embodiments, the memory 902 may store instructions for executing the method executed by the network device in the method shown in FIG. 5. The processor 901 can execute the instructions stored in the memory 902 in combination with other hardware (for example, the transceiver 903) to complete the steps executed by the network device in the method shown in FIG. description.
可选的,在一些实施例中,存储器902可以存储用于执行如图6所示方法中第一网络 设备执行的方法的指令。处理器901可以执行存储器902中存储的指令结合其他硬件(例如收发器903)完成如图6所示方法中第一网络设备执行的步骤,具体工作过程和有益效果可以参见图6所示实施例中的描述。Optionally, in some embodiments, the memory 902 may store instructions for executing the method executed by the first network device in the method shown in FIG. 6. The processor 901 can execute the instructions stored in the memory 902 in combination with other hardware (for example, the transceiver 903) to complete the steps executed by the first network device in the method shown in FIG. 6. For the specific working process and beneficial effects, please refer to the embodiment shown in FIG. 6. In the description.
在实现过程中,上述方法的各步骤可以通过处理器中的硬件的集成逻辑电路或者软件形式的指令完成。结合本申请实施例所公开的方法的步骤可以直接体现为硬件处理器执行完成,或者用处理器中的硬件及软件模块组合执行完成。软件模块可以位于随机存储器,闪存、只读存储器,可编程只读存储器或者电可擦写可编程存储器、寄存器等本领域成熟的存储介质中。该存储介质位于存储器,处理器读取存储器中的信息,结合其硬件完成上述方法的步骤。为避免重复,这里不再详细描述。In the implementation process, each step of the above method can be completed by an integrated logic circuit of hardware in the processor or instructions in the form of software. The steps of the method disclosed in the embodiments of the present application may be directly embodied as being executed and completed by a hardware processor, or executed and completed by a combination of hardware and software modules in the processor. The software module can be located in a mature storage medium in the field, such as random access memory, flash memory, read-only memory, programmable read-only memory, or electrically erasable programmable memory, registers. The storage medium is located in the memory, and the processor reads the information in the memory and completes the steps of the above method in combination with its hardware. To avoid repetition, it will not be described in detail here.
应注意,本申请实施例中的处理器可以是一种集成电路芯片,具有信号的处理能力。在实现过程中,上述方法实施例的各步骤可以通过处理器中的硬件的集成逻辑电路或者软件形式的指令完成。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。结合本申请实施例所公开的方法的步骤可以直接体现为硬件译码处理器执行完成,或者用译码处理器中的硬件及软件模块组合执行完成。软件模块可以位于随机存储器,闪存、只读存储器,可编程只读存储器或者电可擦写可编程存储器、寄存器等本领域成熟的存储介质中。该存储介质位于存储器,处理器读取存储器中的信息,结合其硬件完成上述方法的步骤。It should be noted that the processor in the embodiment of the present application may be an integrated circuit chip with signal processing capability. In the implementation process, the steps of the foregoing method embodiments can be completed by hardware integrated logic circuits in the processor or instructions in the form of software. The general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like. The steps of the method disclosed in the embodiments of the present application can be directly embodied as being executed and completed by a hardware decoding processor, or executed and completed by a combination of hardware and software modules in the decoding processor. The software module can be located in a mature storage medium in the field, such as random access memory, flash memory, read-only memory, programmable read-only memory, or electrically erasable programmable memory, registers. The storage medium is located in the memory, and the processor reads the information in the memory and completes the steps of the above method in combination with its hardware.
本申请实施例中的芯片可以是编程门阵列(field programmable gate array,FPGA),可以是专用集成芯片(application specific integrated circuit,ASIC),还可以是系统芯片(system on chip,SoC),还可以是中央处理器(central processor unit,CPU),还可以是网络处理器(network processor,NP),还可以是数字信号处理电路(digital signal processor,DSP),还可以是微控制器(micro controller unit,MCU),还可以是可编程控制器(programmable logic device,PLD)、其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件,或其他集成芯片。The chip in the embodiment of the present application may be a field programmable gate array (FPGA), an application specific integrated circuit (ASIC), a system on chip (SoC), or It is a central processor unit (CPU), a network processor (NP), a digital signal processing circuit (digital signal processor, DSP), or a microcontroller (microcontroller unit). , MCU), it may also be a programmable logic device (PLD), other programmable logic devices, discrete gates or transistor logic devices, discrete hardware components, or other integrated chips.
本申请实施例中的存储器可以是易失性存储器或非易失性存储器,或可包括易失性和非易失性存储器两者。其中,非易失性存储器可以是只读存储器(read-only memory,ROM)、可编程只读存储器(programmable ROM,PROM)、可擦除可编程只读存储器(erasable PROM,EPROM)、电可擦除可编程只读存储器(electrically EPROM,EEPROM)或闪存。易失性存储器可以是随机存取存储器(random access memory,RAM),其用作外部高速缓存。通过示例性但不是限制性说明,许多形式的RAM可用,例如静态随机存取存储器(static RAM,SRAM)、动态随机存取存储器(dynamic RAM,DRAM)、同步动态随机存取存储器(synchronous DRAM,SDRAM)、双倍数据速率同步动态随机存取存储器(double data rate SDRAM,DDR SDRAM)、增强型同步动态随机存取存储器(enhanced SDRAM,ESDRAM)、同步连接动态随机存取存储器(synchlink DRAM,SLDRAM)和直接内存总线随机存取存储器(direct rambus RAM,DR RAM)。应注意,本文描述的系统和方法的存储器旨在包括但不限于这些和任意其它适合类型的存储器。The memory in the embodiments of the present application may be volatile memory or non-volatile memory, or may include both volatile and non-volatile memory. Among them, the non-volatile memory can be read-only memory (ROM), programmable read-only memory (programmable ROM, PROM), erasable programmable read-only memory (erasable PROM, EPROM), and electrically available Erase programmable read-only memory (electrically EPROM, EEPROM) or flash memory. The volatile memory may be random access memory (RAM), which is used as an external cache. By way of exemplary but not restrictive description, many forms of RAM are available, such as static random access memory (static RAM, SRAM), dynamic random access memory (dynamic RAM, DRAM), and synchronous dynamic random access memory (synchronous DRAM, SDRAM), double data rate synchronous dynamic random access memory (double data rate SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (enhanced SDRAM, ESDRAM), synchronous connection dynamic random access memory (synchlink DRAM, SLDRAM) ) And direct memory bus random access memory (direct rambus RAM, DR RAM). It should be noted that the memories of the systems and methods described herein are intended to include, but are not limited to, these and any other suitable types of memories.
根据本申请实施例提供的方法,本申请还提供一种计算机程序产品,该计算机程序产品包括:计算机程序代码,当该计算机程序代码在计算机上运行时,使得该计算机执行图3、图5或图6所示实施例中任意一个实施例的方法。According to the method provided by the embodiments of the present application, the present application also provides a computer program product. The computer program product includes: computer program code, which when the computer program code runs on a computer, causes the computer to execute FIG. 3, FIG. 5 or The method of any one of the embodiments shown in FIG. 6.
根据本申请实施例提供的方法,本申请还提供一种计算机可读介质,该计算机可读介 质存储有程序代码,当该程序代码在计算机上运行时,使得该计算机执行图3、图5或图6所示实施例中任意一个实施例的方法。According to the method provided in the embodiments of the present application, the present application also provides a computer-readable medium that stores program code, and when the program code runs on a computer, the computer executes FIG. 3, FIG. 5 or The method of any one of the embodiments shown in FIG. 6.
根据本申请实施例提供的方法,本申请还提供一种系统,其包括前述的一个或多个网络设备。According to the method provided in the embodiments of the present application, the present application also provides a system, which includes the aforementioned one or more network devices.
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。A person of ordinary skill in the art may realize that the units and algorithm steps of the examples described in combination with the embodiments disclosed herein can be implemented by electronic hardware or a combination of computer software and electronic hardware. Whether these functions are performed by hardware or software depends on the specific application and design constraint conditions of the technical solution. Professionals and technicians can use different methods for each specific application to implement the described functions, but such implementation should not be considered beyond the scope of this application.
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统、装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that, for the convenience and conciseness of the description, the specific working process of the system, device and unit described above can refer to the corresponding process in the foregoing method embodiment, which is not repeated here.
在本申请所提供的几个实施例中,应该理解到,所揭露的系统、装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed system, device, and method may be implemented in other ways. For example, the device embodiments described above are merely illustrative, for example, the division of the units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components may be combined or It can be integrated into another system, or some features can be ignored or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。In addition, the functional units in the various embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
所述功能如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。If the function is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium. Based on this understanding, the technical solution of the present application essentially or the part that contributes to the existing technology or the part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including Several instructions are used to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods described in the various embodiments of the present application. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disk and other media that can store program code .
以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以所述权利要求的保护范围为准。The above are only specific implementations of this application, but the protection scope of this application is not limited to this. Any person skilled in the art can easily think of changes or substitutions within the technical scope disclosed in this application. Should be covered within the scope of protection of this application. Therefore, the protection scope of this application should be subject to the protection scope of the claims.

Claims (19)

  1. 一种传输组播报文的方法,其特征在于,包括:A method for transmitting multicast messages, characterized in that it comprises:
    网络设备接收源设备发送的第一组播报文;The network device receives the first multicast packet sent by the source device;
    所述网络设备根据第一互联网协议IP头部,确定认证头部AH中的完整性校验值ICV,其中所述第一IP头部是对第二IP头部的目的地址字段替换为预设值后获得的,所述第二IP头部中的目的IP地址与所述预设值不同;The network device determines the integrity check value ICV in the authentication header AH according to the first Internet Protocol IP header, wherein the first IP header replaces the destination address field of the second IP header with a preset Obtained after the value, the destination IP address in the second IP header is different from the preset value;
    所述网络设备对所述第一组播报文进行封装,得到第二组播报文,其中所述第二组播报文包括所述第二IP头部、所述AH和所述第一组播报文;The network device encapsulates the first multicast message to obtain a second multicast message, where the second multicast message includes the second IP header, the AH, and the first multicast message. Multicast message;
    向目的设备发送所述第二组播报文。Sending the second multicast message to the destination device.
  2. 如权利要求1所述的方法,其特征在于,所述方法还包括:所述网络设备获取指示信息,其中所述指示信息用于指示使用所述预设值替换所述第二IP头部的目的地址字段后确定所述ICV。The method according to claim 1, wherein the method further comprises: the network device acquiring indication information, wherein the indication information is used to indicate that the preset value is used to replace the second IP header The ICV is determined after the destination address field.
  3. 如权利要求1或2所述的方法,其特征在于,所述预设值的长度与所述第二IP头部中的目的IP地址的长度相同。The method according to claim 1 or 2, wherein the length of the preset value is the same as the length of the destination IP address in the second IP header.
  4. 如权利要求1至3中任一项所述的方法,其特征在于,所述网络设备对所述第一组播报文进行封装,得到第二组播报文,包括:The method according to any one of claims 1 to 3, wherein the network device encapsulating the first multicast message to obtain the second multicast message comprises:
    所述网络设备使用基于位索引的显示复制的互联网协议第六版封装对所述第一组播报文进行封装,得到所述第二组播报文;或者The network device encapsulates the first multicast message by using the Internet Protocol version 6 encapsulation based on bit index to display duplication to obtain the second multicast message; or
    所述网络设备基于IP头端复制对所述第一组播报文进行封装,得到所述第二组播报文。The network device encapsulates the first multicast message based on IP headend replication to obtain the second multicast message.
  5. 一种传输组播报文的方法,其特征在于,所述方法包括:A method for transmitting multicast messages, characterized in that the method includes:
    第一网络设备接收第二网络设备发送的第二组播报文,所述第二组播报文包括第二互联网协议IP头部、认证头部AH和第一组播报文;The first network device receives a second multicast packet sent by the second network device, where the second multicast packet includes a second Internet Protocol IP header, an authentication header AH, and the first multicast packet;
    所述第一网络设备根据第一互联网协议IP头部,确定的第一完整性校验值ICV,其中所述第一IP头部是对所述第二IP头部的目的地址字段替换为预设值后获得的,所述第二IP头部中的目的IP地址与所述预设值不同;The first network device determines the first integrity check value ICV according to the first Internet Protocol IP header, where the first IP header replaces the destination address field of the second IP header with a pre- Obtained after setting, the destination IP address in the second IP header is different from the preset value;
    所述第一网络设备判断第二ICV与所述第一ICV是否相同,其中所述第二ICV是所述AH中的ICV;The first network device determines whether the second ICV is the same as the first ICV, where the second ICV is the ICV in the AH;
    所述第一网络设备在所述第二ICV与所述第一ICV相同时,将所述第一组播报文发送至目的设备。The first network device sends the first multicast packet to the destination device when the second ICV is the same as the first ICV.
  6. 如权利要求5所述的方法,其特征在于,所述方法还包括:所述第一网络设备获取指示信息,所述指示信息用于指示使用所述预设值替换所述第二IP头部的目的地址字段后确定所述第一ICV。The method according to claim 5, wherein the method further comprises: the first network device obtaining indication information, the indication information being used to instruct to replace the second IP header with the preset value The first ICV is determined after the destination address field.
  7. 如权利要求5或6所述的方法,其特征在于,所述预设值的长度与所述第二IP头部中的目的IP地址的长度相同。The method according to claim 5 or 6, wherein the length of the preset value is the same as the length of the destination IP address in the second IP header.
  8. 如权利要求5至7中任一项所述的方法,其特征在于,所述第二组播报文基于位索引的显示复制的互联网协议第六版封装的组播报文;或者所述第二组播报文是基于IP头端复制封装的组播报文。The method according to any one of claims 5 to 7, wherein the second multicast message is a multicast message encapsulated in the sixth version of the Internet Protocol based on a bit index display; or the second multicast message is The second multicast message is a multicast message encapsulated based on IP head-end replication.
  9. 一种通信装置,其特征在于,包括:A communication device, characterized in that it comprises:
    接收单元,用于接收源设备发送的第一组播报文;The receiving unit is configured to receive the first multicast packet sent by the source device;
    处理单元,用于根据第一互联网协议IP头部,确定认证头部AH中的完整性校验值ICV,其中所述第一IP头部是对第二IP头部的目的地址字段替换为预设值后获得的,所述第二IP头部中的目的IP地址与所述预设值不同;The processing unit is configured to determine the integrity check value ICV in the authentication header AH according to the first Internet Protocol IP header, wherein the first IP header replaces the destination address field of the second IP header with a pre- Obtained after setting, the destination IP address in the second IP header is different from the preset value;
    所述处理单元,还用于对所述第一组播报文进行封装,得到第二组播报文,其中所述第二组播报文包括所述第二IP头部、所述AH和所述第一组播报文;The processing unit is further configured to encapsulate the first multicast message to obtain a second multicast message, wherein the second multicast message includes the second IP header, the AH, and The first multicast message;
    发送单元,用于向目的设备发送所述第二组播报文。The sending unit is configured to send the second multicast message to the destination device.
  10. 如权利要求9所述的装置,其特征在于,所述处理单元,还用于获取指示信息,其中所述指示信息用于指示使用所述预设值替换所述第二IP头部的目的地址字段后确定所述ICV。The device according to claim 9, wherein the processing unit is further configured to obtain indication information, wherein the indication information is used to indicate to replace the destination address of the second IP header with the preset value The ICV is determined after the field.
  11. 如权利要求9或10所述的装置,其特征在于,所述预设值的长度与所述第二IP头部中的目的IP地址的长度相同。The device according to claim 9 or 10, wherein the length of the preset value is the same as the length of the destination IP address in the second IP header.
  12. 如权利要求9至11中任一项所述的装置,其特征在于,所述处理单元,具体用于使用基于位索引的显示复制的互联网协议第六版封装对所述第一组播报文进行封装,得到所述第二组播报文;或者The apparatus according to any one of claims 9 to 11, wherein the processing unit is specifically configured to use a bit index-based display duplication of Internet Protocol version 6 encapsulation for the first multicast packet Encapsulate to obtain the second multicast message; or
    基于IP头端复制对所述第一组播报文进行封装,得到所述第二组播报文。Encapsulate the first multicast message based on IP headend replication to obtain the second multicast message.
  13. 一种通信装置,其特征在于,包括:A communication device, characterized in that it comprises:
    接收单元,用于接收网络设备发送的第二组播报文,所述第二组播报文包括第二互联网协议IP头部、认证头部AH和第一组播报文;A receiving unit, configured to receive a second multicast message sent by a network device, where the second multicast message includes a second Internet Protocol IP header, an authentication header AH, and a first multicast message;
    处理单元,用于根据第一互联网协议IP头部,确定的第一完整性校验值ICV,其中所述第一IP头部是对所述第二IP头部的目的地址字段替换为预设值后获得的,所述第二IP头部中的目的IP地址与所述预设值不同;The processing unit is configured to determine the first integrity check value ICV according to the first Internet Protocol IP header, wherein the first IP header replaces the destination address field of the second IP header with a preset Obtained after the value, the destination IP address in the second IP header is different from the preset value;
    所述处理单元,还用于判断第二ICV与所述第一ICV是否相同,其中所述第二ICV是所述AH中的ICV;The processing unit is further configured to determine whether the second ICV is the same as the first ICV, wherein the second ICV is the ICV in the AH;
    发送单元,用于在所述第二ICV与所述第一ICV相同时,将所述第一组播报文发送至目的设备。The sending unit is configured to send the first multicast packet to the destination device when the second ICV is the same as the first ICV.
  14. 如权利要求13所述的装置,其特征在于,所述处理单元,还用于获取指示信息,所述指示信息用于指示使用所述预设值替换所述第二IP头部的目的地址字段后确定所述第一ICV。The device according to claim 13, wherein the processing unit is further configured to obtain indication information, the indication information being used to instruct to replace the destination address field of the second IP header with the preset value Then determine the first ICV.
  15. 如权利要求13或14所述的装置,其特征在于,所述预设值的长度与所述第二IP头部中的目的IP地址的长度相同。The device according to claim 13 or 14, wherein the length of the preset value is the same as the length of the destination IP address in the second IP header.
  16. 如权利要求13至15中任一项所述的装置,其特征在于,所述第二组播报文基于位索引的显示复制的互联网协议第六版封装的组播报文;或者所述第二组播报文是基于IP头端复制封装的组播报文。The apparatus according to any one of claims 13 to 15, wherein the second multicast message is a multicast message encapsulated in the sixth version of the Internet Protocol that is displayed and copied based on a bit index; or the second multicast message is The second multicast message is a multicast message encapsulated based on IP head-end replication.
  17. 一种计算机设备,其特征在于,包括:处理器,所述处理器用于与存储器耦合,读取并执行所述存储器中的指令和/或程序代码,以执行如权利要求1-4,或者,5至8中任一项所述的方法。A computer device, characterized by comprising: a processor, the processor is configured to be coupled with a memory, read and execute instructions and/or program codes in the memory, so as to execute claims 1-4, or, The method of any one of 5 to 8.
  18. 一种芯片系统,其特征在于,包括:逻辑电路,所述逻辑电路用于与输入/输出接口耦合,通过所述输入/输出接口传输数据,以执行如权利要求1-4,或者,5至8中任一项所述的方法。A chip system, characterized by comprising: a logic circuit for coupling with an input/output interface, and transmitting data through the input/output interface, so as to perform as claimed in claims 1-4, or 5 to 8. The method of any one of 8.
  19. 一种计算机可读介质,其特征在于,所述计算机可读介质存储有程序代码,当所 述计算机程序代码在计算机上运行时,使得计算机执行如权利要求1-4,或者,5至8中任一项所述的方法。A computer-readable medium, characterized in that the computer-readable medium stores program code, and when the computer program code is run on a computer, the computer can execute claims 1-4, or 5 to 8 Any of the methods.
PCT/CN2020/119847 2019-11-01 2020-10-07 Method for transmitting multicast message, and related apparatus WO2021082879A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN201911061134 2019-11-01
CN201911061134.3 2019-11-01
CN201911416935.7A CN112769745B (en) 2019-11-01 2019-12-31 Method and related device for transmitting multicast message
CN201911416935.7 2019-12-31

Publications (1)

Publication Number Publication Date
WO2021082879A1 true WO2021082879A1 (en) 2021-05-06

Family

ID=75692916

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/119847 WO2021082879A1 (en) 2019-11-01 2020-10-07 Method for transmitting multicast message, and related apparatus

Country Status (2)

Country Link
CN (1) CN112769745B (en)
WO (1) WO2021082879A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114979090A (en) * 2022-05-27 2022-08-30 深圳市领创星通科技有限公司 IPv6 data packet processing method, device, computer equipment and storage medium
CN115052055A (en) * 2022-08-17 2022-09-13 北京左江科技股份有限公司 Network message checksum unloading method based on FPGA
CN115695565A (en) * 2021-07-13 2023-02-03 大唐移动通信设备有限公司 Data message processing method and device and computer readable storage medium
WO2023029627A1 (en) * 2021-09-02 2023-03-09 华为技术有限公司 Packet forwarding method, apparatus, device, and storage medium
WO2023174170A1 (en) * 2022-03-18 2023-09-21 华为技术有限公司 Packet processing method and apparatus, and packet checking method and apparatus
WO2024045537A1 (en) * 2022-08-31 2024-03-07 华为技术有限公司 Message transmission method and network device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1855924A (en) * 2005-04-27 2006-11-01 华为技术有限公司 Method for network layer safety text going through address changing device
CN101030935A (en) * 2007-04-05 2007-09-05 中山大学 Method for crossing NAT-PT by IPSec
CN102202108A (en) * 2011-06-15 2011-09-28 中兴通讯股份有限公司 Method, device and system for realizing NAT (network address translation) traverse of IPSEC (Internet protocol security) in AH (authentication header) mode
US20170237724A1 (en) * 2013-08-13 2017-08-17 vIPtela Inc. System and method for traversing a nat device with ipsec ah authentication

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070130364A1 (en) * 2005-12-02 2007-06-07 Intel Corporation Techniques to determine an integrity validation value
CN101599825A (en) * 2009-07-09 2009-12-09 交通银行股份有限公司 information checking system, server and method
CN106817308B (en) * 2016-12-30 2019-12-24 北京华为数字技术有限公司 System, method and device for forwarding multicast stream

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1855924A (en) * 2005-04-27 2006-11-01 华为技术有限公司 Method for network layer safety text going through address changing device
CN101030935A (en) * 2007-04-05 2007-09-05 中山大学 Method for crossing NAT-PT by IPSec
CN102202108A (en) * 2011-06-15 2011-09-28 中兴通讯股份有限公司 Method, device and system for realizing NAT (network address translation) traverse of IPSEC (Internet protocol security) in AH (authentication header) mode
US20170237724A1 (en) * 2013-08-13 2017-08-17 vIPtela Inc. System and method for traversing a nat device with ipsec ah authentication

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115695565A (en) * 2021-07-13 2023-02-03 大唐移动通信设备有限公司 Data message processing method and device and computer readable storage medium
CN115695565B (en) * 2021-07-13 2024-04-09 大唐移动通信设备有限公司 Data message processing method and device and computer readable storage medium
WO2023029627A1 (en) * 2021-09-02 2023-03-09 华为技术有限公司 Packet forwarding method, apparatus, device, and storage medium
WO2023174170A1 (en) * 2022-03-18 2023-09-21 华为技术有限公司 Packet processing method and apparatus, and packet checking method and apparatus
CN114979090A (en) * 2022-05-27 2022-08-30 深圳市领创星通科技有限公司 IPv6 data packet processing method, device, computer equipment and storage medium
CN115052055A (en) * 2022-08-17 2022-09-13 北京左江科技股份有限公司 Network message checksum unloading method based on FPGA
WO2024045537A1 (en) * 2022-08-31 2024-03-07 华为技术有限公司 Message transmission method and network device

Also Published As

Publication number Publication date
CN112769745A (en) 2021-05-07
CN112769745B (en) 2022-07-22

Similar Documents

Publication Publication Date Title
WO2021082879A1 (en) Method for transmitting multicast message, and related apparatus
US11902049B2 (en) BIER packet sending method and apparatus
US10749794B2 (en) Enhanced error signaling and error handling in a network environment with segment routing
KR102657811B1 (en) BIER packet transmission method and device
US10237130B2 (en) Method for processing VxLAN data units
WO2016192686A1 (en) Data packet forwarding
US10791051B2 (en) System and method to bypass the forwarding information base (FIB) for interest packet forwarding in an information-centric networking (ICN) environment
WO2018082592A1 (en) Message processing method and network device
WO2021232896A1 (en) Method and device for verifying srv6 packet
US11621853B1 (en) Protocol-independent multi-table packet routing using shared memory resource
US20210273915A1 (en) Multi-access interface for internet protocol security
WO2021147372A1 (en) Method, apparatus, and system for transmitting sr message
WO2020259420A1 (en) Method for generating multicast forwarding table entry, and access gateway
WO2021197141A1 (en) Service processing method and apparatus, and device and storage medium
WO2022001287A1 (en) Message processing method and device
US11855888B2 (en) Packet verification method, device, and system
WO2021088561A1 (en) Method, device, and equipment for load sharing in bit index explicit replication network
WO2022111666A1 (en) Route advertisement method, apparatus, and system
JP7322088B2 (en) Packet detection method and first network device
BR102021012443A2 (en) ROUTING INFORMATION SEND METHOD, PACKAGE SEND METHOD, AND RELATED DEVICE
JP2023530347A (en) BIER OAM detection method, device and system
US20240223496A1 (en) Packet transmission method, apparatus, and system, network device, and storage medium
CN114915589B (en) Message transmission method and device
US20240305494A1 (en) Efficient programming of multicast routes in forwarding hardware
WO2022027978A1 (en) Ipv6 message transmission method, device and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20882596

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20882596

Country of ref document: EP

Kind code of ref document: A1