WO2022068389A1 - 一种基于用户组的报文转发方法、设备及系统 - Google Patents

一种基于用户组的报文转发方法、设备及系统 Download PDF

Info

Publication number
WO2022068389A1
WO2022068389A1 PCT/CN2021/110811 CN2021110811W WO2022068389A1 WO 2022068389 A1 WO2022068389 A1 WO 2022068389A1 CN 2021110811 W CN2021110811 W CN 2021110811W WO 2022068389 A1 WO2022068389 A1 WO 2022068389A1
Authority
WO
WIPO (PCT)
Prior art keywords
group
network device
user equipment
user
identifier
Prior art date
Application number
PCT/CN2021/110811
Other languages
English (en)
French (fr)
Inventor
贺行健
王海波
胡志波
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CN202011357010.2A external-priority patent/CN114363252A/zh
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to EP21874051.2A priority Critical patent/EP4207705A4/en
Priority to KR1020237013436A priority patent/KR20230070292A/ko
Priority to JP2023519604A priority patent/JP2023544713A/ja
Publication of WO2022068389A1 publication Critical patent/WO2022068389A1/zh
Priority to US18/190,114 priority patent/US11863446B2/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/74Address processing for routing
    • H04L45/741Routing in networks with a plurality of addressing schemes, e.g. with both IPv4 and IPv6
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/34Source routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/302Route determination based on requested QoS
    • H04L45/308Route determination based on user's profile, e.g. premium users
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/42Centralised routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/52Multiprotocol routers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/56Routing software
    • H04L45/566Routing instructions carried by the data packet, e.g. active networks

Definitions

  • the present application relates to the field of communications technologies, and in particular, to a method, device, and system for forwarding packets based on user groups.
  • IPv4 Internet Protocol version 4
  • IPv4 technology is simple, easy to implement, and has good interoperability.
  • IPv4 technology is scalability.
  • IP Internet Protocol
  • IPv6 replaces IPv4 mainly to solve the problem of IPv4 address exhaustion, and IPv6 also has many improvements over IPv4 in other aspects.
  • IPv6 technology is the issue of compatibility. The idea at that time was relatively simple.
  • Segment Routing over Internet Protocol version 6 (SRv6) based on Internet Protocol version 6 is compatible with IPv6 routing and forwarding, and takes into account the advantages of Multiprotocol Label Switching (MPLS) forwarding. , which ensures that SRv6 can evolve smoothly from the IPv6 network.
  • MPLS Multiprotocol Label Switching
  • Segment routing (SR) technology is that the source node specifies the path for the application message, and converts the path into an ordered segment list and encapsulates it in the header. Forward.
  • a segment is any instruction instructing a device to process a packet, such as forwarding a packet to a destination according to the shortest path, forwarding a packet through a specified interface, and forwarding a packet to a specified application/service instance.
  • an SRv6 extension header namely Segment Routing header (SRH) is introduced into IPv6 packets, which is used to program and combine segments to form SRv6 paths.
  • the standardization work of SRv6 is mainly carried out in the SPRING (Source Packet Routing in Networking) working group of the Internet Engineering Task Force (IETF), and the standardization work such as the packet encapsulation format SRH is carried out in the 6MAN (IPv6 Maintenance) working group.
  • SPRING Source Packet Routing in Networking
  • IETF Internet Engineering Task Force
  • 6MAN IPv6 Maintenance
  • the present application provides a user group-based packet forwarding method, device, and system, thereby implementing a user group-based and group policy-based packet forwarding technology in an SRv6-based communication network scenario.
  • a first aspect provides a user group-based packet forwarding method, the method includes: a first network device receives a first service packet sent by a first user equipment, where the first service packet includes a first user equipment information, the destination of the first service packet is the second user equipment. Then, the first network device determines whether the first network device includes a first user group corresponding to the information of the first user equipment, where the first user group is a user to which the first user equipment belongs Group.
  • the first network device determines the value of the first group of information and generates a first Based on an SRv6 packet, the first SRv6 packet includes the first group of information and the first service packet, where the first group of information is used to indicate that the first network device is based on the first user group The determined interworking policy for the first user equipment and the second user equipment to transmit the first service packet. And, the first network device sends the first SRv6 packet to the second network device.
  • the SRv6 packet sent by the first network device to the second network device carries group information, so that the first network device as the sending end device can participate in the control of determining the forwarding policy for the user group.
  • the first group of information includes a first group identifier, where the first group identifier is used to indicate a user group to which the first user equipment belongs, and the Whether the first network device includes a determination result of the first user group corresponding to the information of the first user equipment, the first network device determining the value of the first group of information includes: responding to the first user equipment The network device determines that the first network device includes the first user group corresponding to the information of the first user equipment, and the first network device determines that the value of the first group identifier indicates the first user Group.
  • the first group of information includes a first group identifier, where the first group identifier is used to indicate a user group to which the first user equipment belongs, and the Whether the first network device includes a determination result of the first user group corresponding to the information of the first user equipment, the first network device determining the value of the first group of information includes: responding to the first user equipment. A network device determines that the first user group corresponding to the information of the first user equipment is not included in the first network device, and the first network device determines that the value of the first group identifier indicates invalid.
  • the first group of information includes a first group identifier and a first group policy identifier, where the first group identifier is used to indicate a user to which the first user equipment belongs group, where the first group policy identifier is used to indicate a specific interworking policy.
  • the first group policy identifier includes a first identifier
  • the first identifier is used to indicate that the first network device includes the first user group and the The second network device does not include a second user group
  • the second user group is a user group to which the second user equipment belongs
  • the information is based on whether the first network device includes information about the first user equipment
  • the first network device determining the value of the first group information includes: in response to the first network device determining that the first network device includes the same value as the first network device.
  • the information of the user equipment corresponds to the first user group, and the first network device determines that the value of the first group identifier indicates the first user group and determines the value of the first identifier.
  • the first group policy identifier includes a second identifier and a third identifier
  • the second identifier is used to indicate that the first network device does not include the first identifier.
  • the user group and the second network device include a second user group
  • the third identifier is used to indicate that the first network device does not include the first user group and the second network device does not include the second user group
  • the second user group is a user group to which the second user equipment belongs
  • the determination is based on whether the first network device includes the first user group corresponding to the information of the first user equipment
  • determining, by the first network device, the value of the first set of information includes: in response to the first network device determining that the first network device includes the first network device corresponding to the information of the first user equipment For a user group, the first network device determines that the value of the first group identifier indicates invalidity and determines the value of the second identifier and the value of the third identifier.
  • the first group policy identifier includes a fourth identifier
  • the fourth identifier is used to indicate that the second network device does not include a second user group
  • the first group policy identifier includes a fourth identifier.
  • the second user group is the user group to which the second user equipment belongs.
  • the The first network device determining the value of the first group of information includes: in response to the first network device determining that the first network device includes the first user group corresponding to the information of the first user equipment, The first network device determines that the value of the first group identifier indicates the first user group and determines the value of the fourth identifier.
  • the first group policy identifier includes a fifth identifier and a sixth identifier
  • the fifth identifier is used to indicate that the second network device includes a second user group
  • the sixth identifier is used to indicate that the second network device does not include a second user group
  • the second user group is a user group to which the second user equipment belongs.
  • the first network device determining the value of the first group of information includes: in response to the first network device determining the first group of information.
  • a network device includes the first user group corresponding to the information of the first user equipment, the first network device determines that the value of the first group identifier indicates invalid, and determines that the value of the fifth identifier and the value of the sixth identifier.
  • a method for forwarding a packet based on a user group includes: a second network device receives a first SRv6 packet sent by a first network device, where the first SRv6 packet includes a first group information and a first service packet, where the first group of information is used to indicate the interworking between the first user equipment and the second user equipment to transmit the first service packet determined by the first network device based on the first user group policy, the first service packet comes from the first user equipment, the destination of the first service packet is the second user equipment, and the first user group belongs to the first user equipment A user group, where the first service packet includes information of the second user equipment.
  • the second network device determines whether the second network device includes a second user group corresponding to the information of the second user equipment, where the second user group is a user to which the second user equipment belongs Group. And, according to whether the second network device includes the determination result of the second user group corresponding to the information of the second user equipment and the information of the first group, the second network device determines to send the information to the second user equipment.
  • a forwarding policy for the user equipment to forward the first service packet.
  • the second network device receives the first SRv6 sent by the first network device, and then, the second network device as the receiving end device can use the interworking policy determined by the sending end device and the data determined by the receiving end device.
  • the interworking policy controls the forwarding policy of the user group.
  • the first group of information includes a first group identifier, where the first group identifier is used to indicate a user group to which the first user equipment belongs, and the Whether the second network device includes the determination result of the second user group corresponding to the information of the second user equipment and the first group of information, the second network device determines to forward the second user equipment to the second user equipment
  • the forwarding policy of the first service packet includes: in response to the second network device determining that the second network device includes the second user group and the first user group corresponding to the information of the second user equipment
  • the value of the group identifier indicates the first user group, and the second network device sends the first service packet to the second user equipment.
  • the first group of information includes a first group identifier, where the first group identifier is used to indicate a user group to which the first user equipment belongs, and the first group identifier is used to indicate the user group to which the first user equipment belongs.
  • the second network device determines to forward the information to the second user equipment
  • the forwarding policy for the first service packet includes: in response to the second network device determining that the second network device does not include the second user group corresponding to the information of the second user equipment and the The value of the first group identifier indicates the first user group, and the second network device sends the first service packet to the second user equipment in a random discarding manner or a rate-limited forwarding manner.
  • the first group of information includes a first group identifier, where the first group identifier is used to indicate a user group to which the first user equipment belongs, and the Whether the second network device includes the determination result of the second user group corresponding to the information of the second user equipment and the first group information, the second network device determines to forward the information to the second user equipment
  • the forwarding policy for the first service packet includes: in response to the second network device determining that the second network device includes the second user group and the first user group corresponding to the information of the second user equipment.
  • the value of a set of identifiers indicates invalid, and the second network device sends the first service packet to the second user equipment in a random discarding manner or a rate-limited forwarding manner.
  • the first group of information includes a first group identifier and a first group policy identifier, where the first group identifier is used to indicate a user to which the first user equipment belongs group, where the first group policy identifier is used to indicate a specific interworking policy.
  • the first group is determined according to whether the second network device includes a second user group corresponding to the information of the second user equipment and the first group information
  • the second network device determining a forwarding policy for forwarding the first service packet to the second user equipment includes: the second network device determining a second group policy according to the determination result, and the first The second group policy is used to instruct the second network device based on the second user group to determine the interworking policy between the first user equipment and the second user equipment to transmit the first service packet; the first user equipment The second network device determines, according to the interworking policy indicated by the first group policy identifier and the second group policy, a forwarding policy for forwarding the first service packet to the second user equipment.
  • the second network device determines to forward the data to the second user equipment according to the interworking policy indicated by the first group policy identifier and the second group policy
  • the forwarding policy of the first service packet includes: the second network device determines that the first identifier in the first group policy identifier is valid, and the first identifier is used to indicate that the first network device includes all The first user group and the second network device do not include a second user group; the second network device determines a first sub-policy in the second group policy according to the first identifier, the first sub-policy
  • the policy indicates an interworking policy determined by the second user group in the case that the first network device includes the first user group and the second network device does not include the second user group; the second network device According to the interworking policy indicated by the value of the first identifier and the first sub-policy, a forwarding policy for forwarding the first service packet to the second user equipment is determined.
  • the second network device determines to forward the data to the second user equipment according to the interworking policy indicated by the first group policy identifier and the second group policy
  • the forwarding policy of the first service packet includes: the second network device determines that the second identifier and the third identifier in the first group policy identifier are valid, and the second identifier is used to indicate the first identifier.
  • the network device does not include the first user group and the second network device includes the second user group, and the third identifier is used to indicate that the first network device does not include the first user group and the second user group
  • the second network device does not include the second user group
  • the second network device determines a second sub-policy in the second group policy according to the second identifier and the third identifier, and the second sub-policy indicates an interworking policy determined by the second user group when the first network device does not include the first user group and the second network device includes the second user group
  • the second network device A forwarding policy for forwarding the first service packet to the second user equipment is determined according to the interworking policy and the second sub-policy indicated by the value of the second identifier.
  • the first group is determined according to whether the second network device includes a second user group corresponding to the information of the second user equipment and the first group information
  • the second network device determining a forwarding policy for forwarding the first service packet to the second user equipment includes: the second network device determining a second group policy according to the determination result, and the first The second group policy is used to instruct the second network device based on the second user group to determine the interworking policy between the first user equipment and the second user equipment to transmit the first service packet; the first user equipment The second network device determines, according to the first group identifier, the interworking policy indicated by the first group policy identifier, and the second group policy, a forwarding policy for forwarding the first service packet to the second user equipment .
  • the forwarding strategy is any one of the following forwarding strategies: forwarding, discarding, forwarding in a random discard manner, and forwarding in a rate-limited forwarding manner.
  • the first group of information is carried in any one of the following headers included in the first SRv6 packet: an IPv6 header, a hop-by-hop option header , Destination Options header, and Segment Routing header.
  • the first group identifier is carried in any one of the following headers included in the first SRv6 packet: an IPv6 header, a hop-by-hop option header , Destination Options header, and Segment Routing header.
  • the first group policy identifier is carried in any one of the following headers included in the first SRv6 packet: IPv6 header, hop-by-hop option header, Destination Options header, and Segment Routing header.
  • the first SRv6 packet is transmitted via an SRv6 tunnel between the first network device and the second network device.
  • the information of the second user equipment is the destination IP address included in the first service packet, or the information of the second user equipment is the first Destination MAC address included in a service packet.
  • the information of the first user equipment is the source IP address included in the first service packet, or the information of the first user equipment is the first The source MAC address included in a service packet.
  • a first network device in a third aspect, has a function of implementing the behavior of the first network device in the above method.
  • the functions can be implemented based on hardware, and can also be implemented based on hardware executing corresponding software.
  • the hardware or software includes one or more modules corresponding to the above functions.
  • the structure of the first network device includes a processor and an interface, and the processor is configured to support the first network device to perform corresponding functions in the above method.
  • the interface is used to support communication between the first network device and another network device, and receive information or instructions involved in the above method from the another network device.
  • the interface is also used to support communication between the first network device and the user equipment.
  • the first network device may also include a memory for coupling with the processor and storing necessary program instructions and data for the first network device.
  • the first network device includes: a processor, a transmitter, a receiver, a random access memory, a read only memory, and a bus.
  • the processor is respectively coupled to the transmitter, the receiver, the random access memory and the read only memory through the bus.
  • the basic input/output system solidified in the read-only memory or the bootloader in the embedded system is used to boot the system to start, and the first network device is guided to enter a normal operation state. After the first network device enters the normal operating state, the application program and the action system are run in the random access memory, so that the processor executes the method in the first aspect or any possible implementation manner of the first aspect.
  • a first network device in a fourth aspect, includes: a main control board and an interface board, and further includes a switching network board.
  • the first network device is configured to execute the method in the first aspect or any possible implementation manner of the first aspect.
  • the first network device includes a module for executing the method in the first aspect or any possible implementation manner of the first aspect.
  • a first network device in a fifth aspect, includes a controller and a first forwarding sub-device.
  • the first forwarding sub-device includes: an interface board, and further, may also include a switching network board.
  • the first forwarding sub-device is configured to perform the function of the interface board in the fourth aspect, and further, may also perform the function of the switching network board in the fourth aspect.
  • the controller includes a receiver, a processor, a transmitter, random access memory, read only memory, and a bus. Wherein, the processor is respectively coupled to the receiver, the transmitter, the random access memory and the read only memory through the bus.
  • the basic input/output system solidified in the read-only memory or the bootloader in the embedded system is used to boot the system to start, and the controller is guided to enter a normal operation state.
  • the application program and the action system are run in the random access memory, so that the processor performs the function of the main control board in the fourth aspect.
  • a computer storage medium for storing programs, codes or instructions used by the above-mentioned first network device, and when the processor or hardware device executes these programs, codes or instructions, the above-mentioned first aspect can be completed.
  • a function or step of the first network device is provided for storing programs, codes or instructions used by the above-mentioned first network device, and when the processor or hardware device executes these programs, codes or instructions, the above-mentioned first aspect can be completed.
  • a second network device has a function of implementing the behavior of the second network device in the above method.
  • the functions can be implemented based on hardware, and can also be implemented based on hardware executing corresponding software.
  • the hardware or software includes one or more modules corresponding to the above functions.
  • the structure of the second network device includes a processor and an interface, and the processor is configured to support the second network device to perform the corresponding functions in the above method.
  • the interface is used to support the communication between the second network device and the first network device, send the information or instructions involved in the above method to the first network device, or receive the information or instructions involved in the above method sent by the first network device. information or instructions.
  • the second network device may also include a memory for coupling with the processor that stores necessary program instructions and data for the second network device.
  • the second network device includes: a processor, a transmitter, a receiver, a random access memory, a read only memory, and a bus.
  • the processor is respectively coupled to the transmitter, the receiver, the random access memory and the read only memory through the bus.
  • the basic input/output system solidified in the read-only memory or the bootloader in the embedded system is used to boot the system to start, and the second network device is guided to enter a normal operation state. After the second network device enters the normal operation state, the application program and the action system are run in the random access memory, so that the processor executes the method in the second aspect or any possible implementation manner of the second aspect.
  • a second network device in an eighth aspect, includes: a main control board and an interface board, and further includes a switching network board.
  • the second network device is configured to perform the method in the second aspect or any possible implementation manner of the second aspect.
  • the second network device includes a module for performing the method in the second aspect or any possible implementation manner of the second aspect.
  • a second network device in a ninth aspect, includes a controller and a second forwarding sub-device.
  • the second forwarding sub-device includes: an interface board, and further, may also include a switching network board.
  • the second forwarding sub-device is configured to perform the function of the interface board in the eighth aspect, and further, may also perform the function of the switching network board in the eighth aspect.
  • the controller includes a receiver, a processor, a transmitter, random access memory, read only memory, and a bus. Wherein, the processor is respectively coupled to the receiver, the transmitter, the random access memory and the read only memory through the bus.
  • the basic input/output system solidified in the read-only memory or the bootloader in the embedded system is used to boot the system to start, and the controller is guided to enter a normal operation state.
  • the application program and the action system are run in the random access memory, so that the processor performs the function of the main control board in the eighth aspect.
  • a tenth aspect provides a computer storage medium for storing programs, codes or instructions used by the above-mentioned second network device, and when the processor or hardware device executes these programs, codes or instructions, the above-mentioned second aspect can be completed.
  • a function or step of the second network device is a computer storage medium for storing programs, codes or instructions used by the above-mentioned second network device, and when the processor or hardware device executes these programs, codes or instructions, the above-mentioned second aspect can be completed.
  • a network system in an eleventh aspect, includes a first network device and a second network device, and the first network device is the first network in the foregoing third aspect or the fourth aspect or the fifth aspect device, the second network device is the second network device in the seventh aspect or the eighth aspect or the ninth aspect.
  • the SRv6 packet transmitted between the first network device and the second network device carries group information, so that the second network device serving as the receiving end device can determine the interworking policy according to the interworking policy determined by the sending end device and the receiving end device.
  • the interworking policy of the user group controls the forwarding policy of the user group.
  • FIG. 1 is a schematic structural diagram of a communication network according to an embodiment of the application.
  • FIG. 2 is a flowchart of a message forwarding method according to an embodiment of the present application
  • FIG. 4 is a header format of an SRv6 message according to an embodiment of the application.
  • FIG. 5 is a schematic structural diagram of a first network device according to an embodiment of the present application.
  • FIG. 6 is a schematic diagram of a hardware structure of a first network device according to an embodiment of the present application.
  • FIG. 7 is a schematic diagram of a hardware structure of another first network device according to an embodiment of the application.
  • FIG. 8 is a schematic structural diagram of a second network device according to an embodiment of the present application.
  • FIG. 9 is a schematic diagram of a hardware structure of a second network device according to an embodiment of the present application.
  • FIG. 10 is a schematic diagram of a hardware structure of another second network device according to an embodiment of the present application.
  • FIG. 1 is a schematic structural diagram of a communication network according to an embodiment of the present application.
  • the communication network includes a plurality of network devices.
  • the communication network may be, for example, an IP network.
  • the communication network may be an SRv6-based communication network, that is, the communication network may transmit and process SRv6 packets.
  • the communication network includes a first network device and a second network device.
  • the first network device communicates with the second network device through a communication link.
  • the communication link between the first network device and the second network device is a physical communication link.
  • the physical communication link may be a cable or fiber optic or wireless link.
  • the port where the first network device is linked with the communication link may be a physical port, and the port where the second network device is linked with the communication link may be a physical port.
  • the communication link between the first network device and the second network device is a direct link.
  • the direct link means that two devices (for example, the first network device and the second network device) are directly linked through a link, and the link between the two devices does not include other forwarding devices or processing devices. , but may include pass-through devices.
  • the first network device may be a router or a Layer 3 switch.
  • the second network device may be a router or a Layer 3 switch.
  • the roles of the first network device and the second network device may be different.
  • the first network device and the second network device may be edge switches.
  • the first network device and the second network device may be provider edge (provider edge, PE) devices.
  • the first network device may be connected to at least one user equipment. As shown in FIG. 1 , the first network device is connected to the first user equipment and the third user equipment. Similarly, the second network device may be connected to at least one user equipment. As shown in FIG. 1 , the second network device is connected to the second user equipment and the fourth user equipment.
  • the description is given by taking the link relationship between the first network device and the first user equipment and the third user equipment as an example.
  • the communication link between the first network device and the first user equipment and the third user equipment is a physical communication link.
  • the physical communication link may be a cable or fiber optic or wireless link.
  • the ports where the first network device is linked with the communication link may be physical ports, and the ports where the first user equipment and the third user equipment are linked with the communication link may be physical ports.
  • the communication link between the first network device and the first user equipment and the third user equipment is a direct link.
  • the communication link between the first network device and the first user equipment may include other network devices, such as customer edge (customer edge, CE) devices.
  • the communication link between the first network device and the third user equipment may also include other network devices.
  • the specific form of the user equipment in FIG. 1 is not limited.
  • the user equipment in FIG. 1 may also be a computer or a server in an enterprise network.
  • the communication network may be an SRv6-based communication network.
  • the first network device may send an SRv6 packet to the second network device. Specifically, the first network device receives a service packet from the first user equipment or the third user equipment. And, the first network device encapsulates the service message into an SRv6 message. Then, the first network device sends an SRv6 packet to the second network device.
  • an SRv6 tunnel is included between the first network device and the second network device, and the first network device sends an SRv6 packet to the second network device through the SRv6 tunnel.
  • the second network device receives the SRv6 message, and decapsulates the SRv6 message to obtain the service message. Then, the second network device forwards the service packet to the second user equipment or the fourth user equipment.
  • the group policy identifier is carried in a virtual extensible local area network (VXLAN) message.
  • VXLAN virtual extensible local area network
  • VXLAN-GPE Generic Protocol Extension for VXLAN
  • GPE Generic Protocol Extension for Virtual eXtensible Local Area Network
  • the reserved field in the VXLAN header in the VXLAN-GPE message is set to indicate that the GPE header is included in the VXLAN-GPE message.
  • the sender device and the receiver device implement isolation between user devices by transmitting VXLAN-GPE packets.
  • the implementation of VXLAN-GPE is similar to the implementation of Access Control List (ACL). Compared with ACL, the implementation of VXLAN-GPE reduces the workload of rule configuration.
  • VXLAN-GPE can only be implemented in a VXLAN-based network scenario, and the existing VXLAN protocol needs to be transformed and the existing network equipment needs to be upgraded.
  • IETF Request For Comments (RFC) 7348 see, for example, Chapter 5 of RFC 7348: the remaining 7 bits (designated as "R") are reserved fields and must be set during transmission Zero, and ignored on reception. Therefore, in the VXLAN network scenario, in order to comply with the provisions of RFC 7348, the network device may discard the VXLAN-GPE packet because the reserved field in the VXLAN header of the VXLAN-GPE packet is set to non-zero, and the GPE header may not be able to Identified.
  • the above-mentioned draft only discloses how to implement the carrying of the group policy identifier in the existing VXLAN message, so as to realize the isolation of the user equipment.
  • the above-mentioned draft does not disclose the specific implementation method of the group policy, and it is even more impossible to realize the implementation scheme in which the sender and the receiver of the data traffic jointly determine the forwarding policy for the user group.
  • the first network device receives a service packet from the first user equipment.
  • the first network device determines the user group to which the first user equipment belongs according to the information of the source user equipment carried in the service packet.
  • the first network device determines group information corresponding to the service packet, where the group information is used to indicate that the first user equipment and the second user are determined by the first network device based on the user group. Interworking policy for the device to transmit the service message.
  • the second user equipment is the destination of the service packet.
  • the first network device encapsulates the service packet to obtain an SRv6 packet, and the SRv6 packet further includes the group information.
  • the first network device sends the SRv6 packet to the second network device according to the determined group information. Therefore, through the above implementation manner, the SRv6 packet carries the group information, so that the first network device as the sending end device can participate in the control of determining the forwarding policy for the user group.
  • the second network device After receiving the SRv6 message, the second network device decapsulates the SRv6 message.
  • the second network device determines a user group to which the second user equipment belongs according to the information of the user equipment of the destination of the service packet. Then, the second network device determines, according to the user group to which the second user equipment belongs, an interworking policy for the first user equipment and the second user equipment to transmit the service packet.
  • the second network device may know, according to the group information carried in the service packet, that the first network device determines the transmission between the first user equipment and the second user equipment based on the user group. The interworking policy of the service message.
  • the second network device determines to forward the service to the second user equipment according to the interworking policy determined by the first network device (sending end) and the interworking policy determined by the second network device (receiving end) Packet forwarding policy. Therefore, through the above implementation manner, the SRv6 packet carries group information, so that the second network device as the receiving end device can perform the forwarding strategy on the user group according to the interworking policy determined by the transmitting end device and the interworking policy determined by the receiving end device. control.
  • FIG. 2 is a flowchart of a packet forwarding method according to an embodiment of the present application.
  • the method shown in FIG. 2 can be applied to the network structure shown in FIG. 1 .
  • the interaction between the first network device and the second network device in FIG. 1 is described.
  • the communication link between the first network device and the second network device can include other network devices.
  • the method includes:
  • a first network device receives a first service packet sent by a first user equipment, where the first service packet includes information of the first user equipment.
  • the first network device communicates with the first user equipment.
  • the communication link between the first network device and the first user equipment includes other networks equipment.
  • the first user equipment generates a first service packet.
  • the embodiments of the present application do not limit the encapsulation format of the first service packet, for example, the first service packet may be a Layer 2 Ethernet frame, or, for example, the first service packet may be an IP packet.
  • the first service packet includes information of the first user equipment, where the information of the first user equipment is used to indicate the first user equipment.
  • the information of the first user equipment is address information, and specifically, the information of the first user equipment includes a media access control (Media Access Control, MAC) address or an IP address.
  • the first user equipment is a sending end device of the first service packet. Therefore, the MAC address included in the information of the first user equipment is the source MAC address of the first service packet, and the IP address included in the information of the first user equipment is the source IP address of the first service packet .
  • the first service packet may further include information of the second user equipment.
  • the first service packet sent by the first user equipment is sent to the second user equipment.
  • the information of the second user equipment is used to indicate the second user equipment.
  • the information of the second user equipment is address information, and specifically, the information of the second user equipment includes a MAC address or an IP address.
  • the second user equipment is a receiving end device of the first service message. Therefore, the MAC address included in the information of the second user equipment is the destination MAC address of the first service packet, and the IP address included in the information of the second user equipment is the destination IP address of the first service packet .
  • the first service packet includes a packet header and a payload, wherein the packet header in the first service packet is used to carry the information of the first user equipment and the information of the second user equipment.
  • the payload in the first service packet is service data that the first user equipment wishes to send to the second user equipment.
  • the first network device receives the first service packet sent by the first user equipment. In an actual service scenario, the first network device receives a service flow sent by the first user equipment, where the service flow includes multiple service packets.
  • the first service packet may be understood as any one service packet or any plurality of service packets in the service flow. Therefore, the implementation manner of the present application can be understood as an implementation manner of performing group policy forwarding on the data flow from the user equipment based on the user group.
  • the first network device determines whether the first network device includes a first user group corresponding to the information of the first user equipment, where the first user group is a user to which the first user equipment belongs Group;
  • the first network device determines the value of the first group of information and generates a first SRv6 packet, where the first SRv6 packet includes the first group of information and the first service packet, where the first group of information is used to instruct the first network device to determine based on the first user group an interworking policy for the first user equipment and the second user equipment to transmit the first service packet;
  • the first network device receives the first service packet sent by the first user equipment. After receiving the first service packet, the first network device parses the first service packet, and acquires the information of the first user equipment in the first service packet. The first network device determines whether the first network device includes a first user group corresponding to the information of the first user equipment.
  • the first user group is a user group to which the first user equipment belongs. That is to say, the user group is an implementation way to isolate the user equipment from each other.
  • the first network device is connected with user equipment 1 , user equipment 2 , user equipment 3 and user equipment 4 . Among them, user equipment 1 and user equipment 2 belong to user group 1 , user equipment 3 belongs to user group 2 , and user equipment 4 belongs to user group 3 .
  • a user group may include one or more user equipments.
  • the first network device may determine, according to the information in the service packet received from the user equipment, to which user group the user equipment sending the service packet belongs.
  • the first network device may store at least one entry, and each entry in the at least one entry includes the correspondence between the information of the user equipment and the user group, wherein the information of the user equipment is Information of the user equipment of the user equipment that sends the service packet, such as the source MAC address or source IP address.
  • the user equipment information in Table 1 is referred to as source user equipment information
  • the user equipment in Table 1 is referred to as source user equipment
  • the user group in Table 1 is referred to as a source user group.
  • the information of the first user equipment corresponds to the first user group, indicating that the first user equipment belongs to the first user group; the information of the third user equipment corresponds to the third user group, indicating that the third user equipment belongs to the first user group.
  • the entry stored in the first network device may not include the first column of information in Table 1 (source user device).
  • Source user device Source user device information source user group first user equipment Information of the first user equipment first user group third user equipment Information of the third user equipment third user group User Equipment 1 Information of user equipment 1 first user group User Equipment 4 Information of User Equipment 4 third user group ... ... ... ...
  • the first network device After acquiring the information of the first user equipment in the first service packet, the first network device queries the at least one entry stored in the first network device according to the information of the first user equipment (As shown in Table 1). The first network device determines, according to the correspondence between the information of the first user equipment and the first user group, that the user group corresponding to the information of the first user equipment is the first user group. Therefore, the first network device may determine that the first user equipment belongs to the first user group.
  • the source user groups in Table 1 may be represented in the form of group identifiers.
  • the first user group may be represented by a group identifier Group_ID_1
  • the third user group may be represented by a group identifier Group_ID_3.
  • the group identification may be represented using 16-bit (bit) length data.
  • the first network device may store the group identifier as the source user group. Therefore, the group identifier is used to indicate the user group, and it can also be understood that the group identifier is used to indicate the user group to which the user equipment belongs.
  • the first network device may generate a first SRv6 packet according to the received first service packet.
  • the first SRv6 packet is a packet obtained by encapsulating the first service packet.
  • the first service message may be encapsulated in the first SRv6 message as a payload.
  • the first SRv6 packet further includes a first group of information, where the first group of information is used to indicate that the first user equipment and the second user equipment are determined by the first network device based on the first user group.
  • the first group information indicates that the first network device determines an interworking policy between the first network device and the second network device for the first service packet belonging to the first user group.
  • the interworking policy determined by the first network device is a forwarding policy expected by the first network device. That is to say, the first network device expects that: after the second network device receives the first service packet, it sends the first service packet to the first service according to the rules of the interworking policy given by the first network device. The destination of the message is forwarded.
  • the first network device determines the value of the first group of information, so as to indicate that the first service packet can be forwarded by the second network device to the second user after reaching the second network device equipment.
  • the first network device determines the value of the first set of information, so as to indicate that the first service packet can be discarded by the second network device after reaching the second network device (not forwarded to the second user equipment). Therefore, the first group of information is determined by the first network device and affects whether the first service packet can be forwarded to the second user equipment.
  • the first group of information includes the first group of identifiers.
  • the first group of identifiers are used as the first group of information.
  • the first network device determines that the first user equipment that sends the first service packet belongs to the first user group according to the entries shown in Table 1, and the first user group is represented as the The first set of IDs. Therefore, the first group identifier indicates that the first user equipment belongs to the first user group.
  • the first network device determines the value of the first group of information as the first group identifier, and the first network device generates the first SRv6 packet including the first group of information. It can be understood that when the value of the first group information is the first group identifier, the specific interworking policy indicated is: the first network device forwards the first service packet, and expects the second network device to forward the first service packet. The second network device to which the network device can forward the first service packet.
  • the first network device may not be able to find the corresponding user according to the received service message. For example, according to the first service packet, the first network device cannot find the corresponding user group in the table entry shown in Table 1 above. This shows that the first user equipment does not belong to any user group. Based on this, the first network device determines the value of the first group identifier as an invalid value, for example, sets it as all 0s, and accordingly, the value of the first group of information indicates an invalid value, that is, all 0s. Then, the first network device generates the first SRv6 message including the first set of information (invalid value). It can be understood that when the value of the first group of information is invalid, the specific interworking policy indicated is: the first network device forwards the first service packet, and hopes that the second network device can The first service packet is discarded.
  • the first group of information includes the first group identifier and the first group policy identifier.
  • FIG. 3 shows a format of group information.
  • the group information in FIG. 3 includes a group ID and a group policy ID.
  • the total length of the group information is 16 bits, wherein the highest three bits are used to represent the group policy identifier, and the remaining 13 bits are used to represent the group identifier.
  • FIG. 3 shows an implementation manner in which the group ID and the group policy ID are in the same field. It should be understood that the group ID and the group policy ID may be set as implementations of different fields.
  • the first group identifier in the first group information is used to indicate the user group to which the first user equipment belongs; the first group policy identifier in the first group information is used to indicate the specific communication strategy. That is to say, the first group policy identifier is used to instruct the first network device to transmit the first service packet determined by the first user equipment and the second user equipment based on the first user group. specific communication strategies.
  • the first network device may determine that the first user equipment belongs to the first user group according to the information of the first user equipment in the first service packet according to the foregoing implementation manner , thereby determining the value of the first set of identifiers.
  • the first network device determines the value of the first group policy identifier according to the interworking policy and the first group identifier stored by the first network device. Therefore, the first network device can determine the value of the first set of information, whereby the first network device can determine the transmission of the first user equipment and the second user equipment based on the first user group The interworking policy of the first service message.
  • the first group information includes the first group identifier and the first group policy identifier, and the first group policy identifier includes the first identifier.
  • the first identifier is used to indicate that the first network device includes the first user group and the second network device does not include a second user group, and the second user group belongs to the second user device.
  • a user group where the second user equipment is a user equipment that receives the first service packet.
  • the first network device determines, according to the first service packet, that the first user equipment matches the first user group.
  • the first network device indicates the first group identifier in the first group information as the first user group, and the first network device can match the first user device according to the first user equipment.
  • the total length of the group information is 16 bits, wherein the highest three bits are used to represent the group policy identifier.
  • the first identifier is represented by the first bit (for example, the highest bit of the highest three bits).
  • the meaning of the first identifier is: "the source user equipment has a user group, and the destination user equipment has no user group”. Since the first network device determines that the first user equipment can match the first user group, the first network device enables the first identifier (the first bit) to be valid. Further, the first network device may set the value of the first identifier according to a locally stored interworking policy.
  • the value of the first identifier specifically indicates the forwarding policy that the first network device expects the second network device to use for the first service packet.
  • the value of the first identifier is 1, indicating that the first network device wishes the second network device to forward the first service packet to the second user equipment.
  • the value of the first identifier is 0, indicating that the first network device expects the second network device to discard the first service packet.
  • the first group information includes the first group identifier and the first group policy identifier
  • the first group policy identifier includes the second identifier and the third identifier.
  • the second identifier is used to indicate that the first network device does not include the first user group and the second network device includes the second user group.
  • the third identifier is used to indicate that the first network device does not include the first user group and the second network device does not include the second user group.
  • the first network device determines, according to the first service packet, that there is no user group that can match the first user equipment in the entry stored by the first network device.
  • the first network device indicates that the first group identifier in the first group information is invalid, and the first network device determines the specific communication strategy.
  • the total length of the group information is 16 bits, wherein the highest three bits are used to represent the group policy identifier.
  • the second bit (for example, the second highest bit of the highest three bits) is used to represent the second identifier
  • the third bit is used to represent the third identifier.
  • the meaning of the second identifier is: "the source user equipment has no user group, and the destination user equipment has a user group”
  • the meaning of the third identifier is: "the source user equipment has no user group, and the destination user equipment has no user group”.
  • the first network device determines that the first user equipment does not match the user group, and the first network device does not know whether the second network device can match the user after receiving the first service packet group, the first network device enables the second identifier (bit 2) and the third identifier (bit 3) to be valid. Further, the first network device may set the value of the second identifier and the value of the third identifier according to a locally stored interworking policy.
  • the value of the second identifier specifically indicates the forwarding policy that the first network device expects the second network device to use for the first service packet.
  • the value of the third identifier specifically indicates the forwarding policy that the first network device expects the second network device to use for the first service packet.
  • the value of the second identifier is 1, and the value of the third identifier is 0, indicating that the first network device expects the second network device to match the user group according to the first service packet.
  • the first service packet is forwarded to the second user equipment, and the first network device expects the second network device to not match a user group according to the first service packet
  • the first service packet is discarded.
  • the value of the second identifier is 0, and the value of the third identifier is 1, indicating that the first network device expects the second network device to match a user group according to the first service packet.
  • the first service packet is discarded, and the first network device expects the second network device to send the first service packet to the The second user equipment forwards the first service packet.
  • the first group policy identifier is used to instruct the first network device to match a user group according to the first service packet, and is also used to instruct the second network device to match the user group according to the first service packet.
  • Service packets match user groups.
  • the second network device can know the interworking policy configured by the first network device by parsing the first group policy identifier in the first group information . Therefore, the second network device does not need to parse the first group of identifiers in the first group of information. Therefore, the processing speed of the first service packet by the second network device is improved.
  • the first group of information includes a first group identifier and a first group policy identifier.
  • the first group policy identifier is used to instruct the second network device to match the user group according to the service packet, and is not used to instruct the first network device to match the user group according to the first service packet.
  • the first group policy identifier includes a fourth identifier.
  • the fourth identification reference may be made to the implementation manner of the foregoing first identification.
  • the difference from the first identifier is that the fourth identifier is used to indicate that the second network device does not include the second user group, and the fourth identifier is not used to indicate that the first network device A service packet matches a user group.
  • the meaning of the fourth identifier is: "the destination user equipment has no user group”. In this way, the meaning indicated by the first group identifier and the fourth identifier is: "the source user equipment has a user group, and the destination user equipment has no user group”.
  • the first group policy identifier includes a fifth identifier and a sixth identifier.
  • the fifth identification reference may be made to the implementation manner of the foregoing second identification.
  • the difference from the second identifier is that the fifth identifier is used to indicate that the second network device includes a second user group, and the fifth identifier is not used to indicate that the first network device Service packets match user groups.
  • the meaning of the fifth identifier is: "the destination user equipment has a user group”. In this way, the meaning indicated by the first group identifier and the fifth identifier is: "the source user equipment has no user group, and the destination user equipment has a user group”.
  • the sixth identification for the implementation manner of the sixth identification, reference may be made to the implementation manner of the foregoing third identification.
  • the difference from the third identifier is that the sixth identifier is used to indicate that the second network device does not include the second user group, and the sixth identifier is not used to indicate that the first network device A service packet matches a user group.
  • the meaning of the sixth identifier is: "the destination user equipment has no user group”. In this way, the meaning indicated by the first group identifier and the sixth identifier is: "the source user equipment has no user group, and the destination user equipment has no user group”.
  • the second network device can know the first group identifier and the first group policy identifier by parsing the first group identifier and the first group policy identifier in the first group information.
  • the interworking policy configured by the first network device.
  • the first group of information is carried in a first SRv6 packet, where the first SRv6 packet is a packet obtained by the first network device encapsulating the first service packet.
  • FIG. 4 shows a header format of an SRv6 packet according to an embodiment of the present application.
  • the SRv6 header includes an IPv6 header and a segment routing header.
  • the SRv6 header may also include a Hop-by-Hop Options Header and/or a Destination Options header (Destination Options Header).
  • the segment routing header may be represented as SRH
  • the hop-by-hop option header may be represented as HBH option header.
  • the first group of information may be carried in the IPv6 header; alternatively, the first group of information may be carried in the HBH option header; alternatively, the first group of information may be carried in the destination option header; or, The first set of information may be carried in the SRH.
  • the first group of information includes the first group of identifiers. Therefore, the first set of identifiers may be carried in the IPv6 header, or in the HBH options header, or in the destination options header, or in the SRH.
  • the first group of information includes the first group identifier and the first group policy identifier.
  • the first group identification and the first group policy identification may be carried in the IPv6 header, or in the HBH option header, or in the destination option header, or in the SRH.
  • the first group identifier and the first group policy identifier may be carried in the same field, as shown in FIG. 3 .
  • the first group identifier and the first group policy identifier may also be carried in different fields of the same header, or carried in different fields of different headers.
  • the first group identifier is carried in the IPv6 header, and the first group policy identifier is carried in the SRH.
  • the first group of information is taken as an example for specific description.
  • the IPv6 header (section 3 of RFC8200) includes next header (next header) information, which may also be referred to as the next header field. If the value of the next header information in the IPv6 header is 0, it indicates that the next header of the IPv6 header is the HBH option header. Wherein, that the HBH option header is the next header of the IPv6 header means that the HBH option header immediately follows the IPv6 header. Specifically, the HBH header is encapsulated between the IPv6 header and the payload, and is adjacent to the IPv6 header. According to the interpretation of Section 4.3 of RFC8200, the HBH Option header is processed by each hop network device along the path of delivering the SRv6 message.
  • the HBH option header includes option information, and the option information is processed by each hop network device on the path that transmits the SRv6 message.
  • the IPv6 header also includes version (version) information, traffic class (traffic class) information, flow label (flow label) information, payload length (payload length) information, hop limit (hop limit) information, source address (source address) ) information and destination address information.
  • the length of the flow label information is 20 bits.
  • the flow label information is used to carry the first group of information. Specifically, a partial length (for example, 16 bits) of the flow label information is used as the first group of information. The remaining length (4 bits) of the flow label information maintains the original flow label function.
  • a flag bit (with a length of 1 bit) may also be set in the traffic level information, and this flag bit is used to indicate that the flow label information includes the first group of information.
  • the HBH option header includes next header (next header) information, header extension length (hdr ext len) information and options (options).
  • a first option is defined in the options, and the first option is used to carry the first group of information.
  • the first option includes option type (option type) information, option data length (opt data len) information and option data, wherein the option data is used to carry the first group of information.
  • the second network device needs to enable the configuration of processing options.
  • the other network devices may not enable the configuration of option processing.
  • the flag bits mentioned above may also be used to indicate that the first group of information is included in the HBH option header.
  • the destination option header includes next header (next header) information, header extension length (hdr ext len) information and options (options).
  • a second option is defined in the options, and the second option is used to carry the first group of information.
  • the second option includes option type (option type) information, option data length (opt data len) information and option data, wherein the option data is used to carry the first group of information.
  • the flag bit mentioned above may also be used to indicate that the destination option header includes the first group of information.
  • the SRH includes next header (next header) information, header extension length (hdr ext len) information, routing type (routing Type) information, remaining segment (segments left) information, last entry information, flags (flags), tags (tag) and segment list (segment list) information.
  • the SRH may further include SRH TLV (wherein, TLV: type-length-value, type-length-value) information.
  • the first set of information may be carried in the tag. Further, a partial length (eg, 16 bits) of the tag may be used as the first group of information. The remaining part of the length of the label maintains the original label function.
  • a flag bit (with a length of 1 bit) may also be set in the flag, and this flag bit is used to indicate that the SRH includes the first group of information.
  • the first set of information may be carried in the SRH TLV.
  • the first group of information may be carried in the segment list information.
  • the first network device sends the first SRv6 packet to the second network device.
  • the second network device receives the first base SRv6 packet sent by the first network device.
  • the first network device generates the first SRv6 packet according to the implementation manner of S102 and S103, where the first SRv6 packet includes the first group of information and the first service packet.
  • the information of the first user equipment may be the source IP address included in the first service packet, or the information of the first user equipment may be the source MAC address included in the first service packet.
  • an SRv6 tunnel is included between the first network device and the second network device.
  • the first network device sends the first SRv6 packet to the second network device based on the SRv6 tunnel.
  • the second network device receives the first SRv6 packet.
  • the SRv6 tunnel between the first network device and the second network device may include other network devices.
  • the second network device determines whether the second network device includes a second user group corresponding to the information of the second user equipment, where the second user group is a user to which the second user equipment belongs Group.
  • the second network device determines to send the second user device to the second user device.
  • a forwarding policy for the user equipment to forward the first service packet.
  • the second network device After receiving the first SRv6 packet, the second network device decapsulates the first SRv6 packet to obtain the first group of information and the first service packet.
  • the destination of the first service packet is the second user equipment.
  • the second user equipment communicates with the second network device.
  • the first service packet includes information of the second user equipment, where the information of the second user equipment is used to indicate the second user equipment.
  • the information of the second user equipment is address information, and specifically, the information of the second user equipment includes a MAC address or an IP address.
  • the second user equipment is a receiving end device of the first service packet. Therefore, the MAC address included in the information of the second user equipment is the destination MAC address of the first service packet, and the IP address included in the information of the second user equipment is the destination IP address of the first service packet .
  • the second network device determines whether the second network device includes a second user group corresponding to the information of the second user equipment, where the second user group is a user group to which the second user equipment belongs.
  • the second network device may store at least one entry, and each entry in the at least one entry includes the correspondence between the information of the user equipment and the user group, wherein , the information of the user equipment is the information of the user equipment of the user equipment that receives the service packet, such as the destination MAC address or the destination IP address.
  • the information of the user equipment in Table 2 is referred to as information of the target user equipment
  • the user equipment in Table 2 is referred to as the target user equipment
  • the user group in Table 2 is referred to as the target user group.
  • the information of the second user equipment corresponds to the second user group, indicating that the second user equipment belongs to the second user group; the information of the fourth user equipment corresponds to the fourth user group, indicating that the fourth user equipment belongs to the first user group.
  • Table 2 the representation in Table 2 is to clearly display the attribution of the purpose user equipment.
  • the entry stored in the second network device may not include the first column of information in Table 2 (purpose user device).
  • the second network device After acquiring the information of the second user equipment in the first service packet, the second network device queries the at least one entry stored in the second network device according to the information of the second user equipment (As shown in table 2). The second network device determines, according to the correspondence between the information of the second user equipment and the second user group, that the user group corresponding to the information of the second user equipment is the second user group. Therefore, the second network device may determine that the second user equipment belongs to the second user group.
  • the target user group in Table 2 may be expressed in the form of a group identifier.
  • the second user group may be represented by the group identification header 2
  • the fourth user group may be represented by the group identifier Group_ID_4.
  • the group identification can be represented by data with a length of 16 bits.
  • the second network device may store the group identifier as the destination user group. Therefore, the group identifier is used to indicate the user group, and it can also be understood that the group identifier is used to indicate the user group to which the user equipment belongs.
  • the first service packet includes the first group of information.
  • the first group information is used to indicate the interworking policy of the first user equipment and the second user equipment for transmitting the first service packet determined by the first network device based on the first user group. That is, the second network device can learn, by parsing the first service packet, the first user equipment and the second user determined by the first network device based on the first user group. Interworking policy for the device to transmit the first service message.
  • the second network device determines the second user group based on the An interworking policy for the first user equipment and the second user equipment to transmit the first service packet. Then, the second network device determines a forwarding strategy for forwarding the first service packet to the second user equipment according to the interworking strategy determined by the first network device and the interworking strategy determined by the second network device .
  • the second network device in the process of determining the forwarding strategy for forwarding the first service packet to the second user equipment, the second network device also considers the interworking strategy determined by the first network device and all Describe the interworking policy determined by the second network device.
  • the interworking policy determined by the first network device indicates that the first network device expects the second network device to forward the first service packet according to the interworking policy determined by the first network device.
  • the interworking policy determined by the second network device indicates the interworking policy determined by the second network device based on the local policy according to the situation that the destination address in the first service packet matches the user group.
  • the second network device stores at least one entry, and the at least one entry indicates the relationship between the "source interworking policy", the "destination interworking policy” and the "forwarding policy” The corresponding relationship is shown in Table 3.
  • the "source-end interworking policy" indicates that the first user equipment and the second user equipment transmit the first service report determined by the first network device based on the first user group.
  • the interworking policy determined by the first network device may reflect whether the first network device expects the first service packet to be forwarded on the second network device.
  • the first group information includes the first group identifier
  • the first network device when the value of the first group identifier indicates the first user group, the first network device expects the first service to report The message is forwarded on the second network device, and the source-end interworking policy is "interoperable"; correspondingly, when the value of the first group identifier indicates an invalid value, the first network device does not want the first The service packet is forwarded on the second network device, and the source-end interworking policy is "non-interworking".
  • the first group information includes the first group identifier and the first policy identifier
  • the first group identifier when the value of the identifier included in the first policy identifier is 1, the first group identifier is 1.
  • a network device expects the first service packet to be forwarded on the second network device, and the source-end interworking policy is "interoperable"; correspondingly, when the value of the identifier included in the first policy identifier is the value 0, the first network device does not want the first service packet to be forwarded on the second network device, and the source-end interworking policy is "non-interworking".
  • the "destination end interworking policy" instructs the second network device to transmit the first service packet determined by the first user equipment and the second user equipment based on the second user group. communication strategy.
  • the interworking policy determined by the second network device may reflect whether the second network device expects the first service packet to be forwarded on the second network device.
  • the second network device determines an interworking policy according to the second user group based on a local policy.
  • the second network device determines an interworking policy according to the first user group and the second user group based on a local policy. It should be understood that the specific forwarding policies shown in Table 3 are exemplary.
  • the first group of information includes the first group of identifiers.
  • the second network device After receiving the first SRv6 packet, acquires the first group of information in the first SRv6 packet.
  • the second network device determines a source-end interworking policy according to the first group identifier included in the first group information. For example, the value of the first group identifier indicates the first user group, and the second network device may determine that the source-end interworking policy is "interoperable". For another example, the value of the first group identifier indicates an invalid value, and the second network device may determine that the source-end interworking policy is "non-interworking".
  • the second network device determines, according to the first service packet, whether the second network device includes a second user group corresponding to the information of the second user equipment. If the second network device determines that the second network device includes a second user group corresponding to the information of the second user equipment, the second network device may determine that the destination interworking policy is "interoperable". If the second network device determines that the second network device does not include the second user group corresponding to the information of the second user equipment, the second network device may determine that the destination interworking policy is "non-interworking" . After the second network device determines the source-end interworking policy and the destination-end interworking policy, the second network device may determine, according to the implementation manner of Table 3, the method of forwarding the first service packet to the second user equipment. Forwarding strategy.
  • the forwarding policy determined by the second network device is "forwarding", that is, the second network device sends the The second user equipment forwards the first service packet.
  • the forwarding policy determined by the second network device is "random discard", that is, the second network device The first service packet is forwarded to the second user equipment in a randomly discarded manner.
  • "in a random discarding manner” means that the second network device determines whether the first service packet is sent to the second user equipment according to a preset random parameter. Therefore, the first service packet has a certain probability to be sent to the second user equipment, and similarly, the first service packet also has a certain probability to be discarded by the second network device.
  • the first group information includes the first group identifier and the first group policy identifier
  • the first group policy identifier includes the first identifier.
  • the first identifier is used to indicate that the first network device includes the first user group and the second network device does not include the second user group.
  • the second network device determines that the second network device does not include a second user group corresponding to the information of the second user equipment.
  • the second network device may know that the first identifier conforms to the result determined by the second network device. If the value of the first identifier is 1, the second network device determines, according to the value of the first identifier, that the source-end interworking policy is "interoperable".
  • the second network device determines, according to the value of the first identifier, that the source-end interworking policy is "non-interworking".
  • the second network device may determine the destination interworking policy based on the local policy and the matching situation of the second user group. For example, the second network device determines that the information of the second user equipment can match the second user group, and the second network device determines that the destination interworking policy is "intercommunicable”. For another example, the second network device determines that the information of the second user equipment does not have a matching user group, and the second network device determines that the destination interworking policy is "non-interworking".
  • the second network device may, based on the local policy, determine the destination interworking policy according to the matching situation of the second user group and the matching situation of the first user group. For example, the first user group can match but the second user group cannot match, and the second network device determines that the destination interworking policy is "non-interworking". For another example, the first user group can match and the second user group can match, and the second network device determines that the destination interworking policy is "intercommunicable”. After the second network device determines the source-end interworking policy and the destination-end interworking policy, the second network device may determine, according to the implementation manner of Table 3, the method of forwarding the first service packet to the second user equipment. Forwarding strategy.
  • the forwarding policy determined by the second network device is "discard", that is, the second network device discards all Describe the first service message.
  • the forwarding policy determined by the second network device is "speed-limited forwarding", that is, the second network The device forwards the first service packet to the second user equipment in a rate-limited forwarding manner.
  • “forwarding in a rate-limited manner” means that the second network device forwards the first service packet to the second user equipment, and the forwarding rate is restricted to not exceed a set rate.
  • the first network device includes the first user group and the second network device includes the second user group.
  • the first network device and the second network device can determine the final forwarding policy based on the group identification.
  • the above identifier may also be configured to indicate that the first user group and the second network device include a second user group.
  • the first group information includes the first group identifier and the first group policy identifier
  • the first group policy identifier includes the second identifier and the third identifier.
  • the second identifier is used to indicate that the first network device does not include the first user group and the second network device includes the second user group.
  • the third identifier is used to indicate that the first network device does not include the first user group and the second network device does not include the second user group.
  • the second network device determines, according to the first service packet, whether the second network device includes a second user group corresponding to the information of the second user equipment.
  • the second network device determines a source-end interworking policy according to the second identifier. If the second network device determines that the second network device does not include the second user group corresponding to the information of the second user equipment, the second network device determines the source-end interworking policy according to the third identifier . Further, if the value of the second identifier or the third identifier is 1, the second network device determines, according to the value of the second identifier or the third identifier, that the source-end interworking policy is "interoperable".
  • the second network device determines, according to the value of the second identifier or the third identifier, that the source-end interworking policy is "non-interoperable".
  • the second network device may determine the destination interworking policy based on the local policy and the matching situation of the second user group. For a specific implementation, refer to the foregoing embodiments, which will not be repeated here.
  • the second network device may determine, according to the implementation manner of Table 3, the method of forwarding the first service packet to the second user equipment. Forwarding strategy.
  • the first group information includes the first group identifier and the first group policy identifier
  • the first group policy identifier includes a fourth identifier
  • the fourth identifier is used to indicate the second network
  • the device does not include the second user group.
  • the first group of information includes the first group identifier and the first group policy identifier
  • the first group policy identifier includes a fifth identifier and a sixth identifier
  • the fifth identifier is used to indicate the
  • the second network device includes a second user group
  • the sixth identifier is used to indicate that the second network device does not include the second user group.
  • the source end interworking policy is the first group policy, which can be identified by the first group policy identifier; correspondingly, the destination end interworking policy is the second group policy, and the second group policy identifier can be used to identify.
  • the specific group policy included in the second group policy may be a sub-policy, for example, the second group policy includes a first sub-policy, and the first sub-policy indicates that the second user group determines
  • the first network device includes the first user group and the second network device does not include the interworking policy in the case of the second user group.
  • the second group policy includes a second sub-policy, and the second sub-policy indicates that the first network device determined by the second user group does not include the first user group and the second user group.
  • the network device includes an interworking policy in the case of the second user group.
  • the SRv6 packet transmitted between the first network device and the second network device carries group information, so that the second network device serving as the receiving end device can communicate with the receiving end device according to the interworking policy determined by the sending end device.
  • the determined interworking policy controls the forwarding policy of the user group.
  • FIG. 5 is a schematic structural diagram of a first network device 1000 according to an embodiment of the present application.
  • the first network device 1000 shown in FIG. 5 may perform corresponding steps performed by the second network device in the methods of the foregoing embodiments.
  • the second network device 1000 is deployed in a communication network, and the communication network further includes a second network device.
  • the first network device 1000 includes a receiving unit 1002 , a processing unit 1004 and a sending unit 1006 .
  • the receiving unit 1002 is configured to receive a first service packet sent by a first user equipment, where the first service packet includes information of the first user equipment, and the destination of the first service packet is a second user equipment;
  • the processing unit 1004 is configured to determine whether the first network device includes a first user group corresponding to the information of the first user equipment, where the first user group is a user to which the first user equipment belongs Group;
  • the processing unit 1004 is further configured to determine the value of the first group of information and generate a first SRv6 packet, where the first SRv6 packet includes the first group of information and the first service packet, where the first group of information is used to instruct the first network device to determine based on the first user group an interworking policy for the first user equipment and the second user equipment to transmit the first service packet;
  • the sending unit 1006 is configured to send the first SRv6 packet to a second network device that communicates with the second user equipment.
  • the first group of information includes a first group identifier, where the first group identifier is used to indicate a user group to which the first user equipment belongs, and the information is based on whether the first network device includes a
  • the determination result of the first user group corresponding to the information of the first user equipment, the processing unit 1004 determining the value of the first group of information includes: in response to the processing unit 1004 determining that the first network equipment includes For the first user group corresponding to the information of the first user equipment, the processing unit 1004 is configured to determine that the value of the first group identifier indicates the first user group.
  • the first group of information includes a first group identifier, where the first group identifier is used to indicate a user group to which the first user equipment belongs, and the information is based on whether the first network device includes a
  • the determination result of the first user group corresponding to the information of the first user equipment, the processing unit 1004 determining the value of the first group of information includes: in response to the processing unit 1004 determining that the first network device does not The first user group corresponding to the information of the first user equipment is included, and the processing unit 1004 is configured to determine that the value of the first group identifier indicates invalid.
  • the first group information includes a first group identifier and a first group policy identifier
  • the first group identifier is used to indicate a user group to which the first user equipment belongs
  • the first group policy identifier is used to indicate specific interworking strategies.
  • the first group policy identifier includes a first identifier
  • the first identifier is used to indicate that the first network device includes the first user group and the second network device does not include the second user group
  • the second user group is a user group to which the second user equipment belongs
  • the determination is based on whether the first network device includes the first user group corresponding to the information of the first user equipment
  • the processing unit 1004 determining the value of the first group of information includes: in response to the processing unit 1004 determining that the first network device includes the first user group corresponding to the information of the first user equipment , the processing unit 1004 is configured to determine that the value of the first group identifier indicates the first user group and determine the value of the first identifier.
  • the first group policy identifier includes a second identifier and a third identifier
  • the second identifier is used to indicate that the first network device does not include the first user group and the second network device includes a second user group
  • the third identifier is used to indicate that the first network device does not include the first user group and the second network device does not include a second user group
  • the second user group is the The user group to which the second user equipment belongs
  • the processing unit 1004 determines the first user group according to the determination result of whether the first network device includes the first user group corresponding to the information of the first user equipment
  • the value of the group information includes: in response to the processing unit 1004 determining that the first network device includes the first user group corresponding to the information of the first user equipment, the processing unit 1004 is configured to determine the The value of the first set of flags indicates invalidation and the value of the second flag and the value of the third flag are determined.
  • the first group policy identifier includes a fourth identifier
  • the fourth identifier is used to indicate that the second network device does not include a second user group
  • the second user group is the second user equipment
  • the processing unit 1004 determines the value of the first group information according to the determination result of whether the first network device includes the first user group corresponding to the information of the first user equipment , including: in response to the processing unit 1004 determining that the first network device includes the first user group corresponding to the information of the first user equipment, the processing unit is configured to determine the first group identifier The value of indicates the first user group and determines the value of the fourth identifier.
  • the first group policy identifier includes a fifth identifier and a sixth identifier
  • the fifth identifier is used to indicate that the second network device includes a second user group
  • the sixth identifier is used to indicate the
  • the second network device does not include a second user group
  • the second user group is a user group to which the second user equipment belongs
  • the information is based on whether the first network device includes information about the first user equipment
  • the processing unit 1004 determining the value of the first group information includes: in response to the processing unit 1004 determining that the first network device includes the same value as the first user equipment
  • the processing unit 1004 is configured to determine that the value of the first group identifier indicates invalid, and determine the value of the fifth identifier and the value of the sixth identifier.
  • the first group identifier is carried in any one of the following headers included in the first SRv6 packet: an IPv6 header, a hop-by-hop option header, a destination option header, and a segment routing header.
  • the first group policy identifier is carried in any one of the following headers included in the first SRv6 packet: an IPv6 header, a hop-by-hop option header, a destination option header, and a segment routing header.
  • the first SRv6 packet is transmitted via an SRv6 tunnel between the first network device and the second network device.
  • the information of the first user equipment is the source IP address included in the first service packet, or the information of the first user equipment is the source MAC address included in the first service packet.
  • the first network device 1000 shown in FIG. 5 may perform the corresponding steps performed by the first network device in the methods of the foregoing embodiments.
  • the SRv6 packet sent by the first network device to the second network device carries group information, so that the first network device as the sending end device can participate in the control of determining the forwarding policy for the user group.
  • FIG. 6 is a schematic diagram of a hardware structure of a first network device 1100 according to an embodiment of the present application.
  • the first network device 1100 shown in FIG. 6 may perform the corresponding steps performed by the first network device in the methods of the foregoing embodiments.
  • the first network device 1100 includes a processor 1101 , a memory 1102 , an interface 1103 and a bus 1104 .
  • the interface 1103 may be implemented in a wireless or wired manner.
  • the above-mentioned processor 1101 , memory 1102 and interface 1103 are connected through a bus 1104 .
  • the interface 1103 may specifically include a transmitter and a receiver, which are used for sending and receiving information between the first network device and the second network device in the foregoing embodiment, and are used for sending and receiving information between the first network device and the first network device in the foregoing embodiment.
  • Send and receive information between a user equipment For example, the interface 1103 is configured to support receiving the first service packet sent by the first user equipment. And, the interface 1103 is configured to support sending the first SRv6 packet to the second network device.
  • the interface 1103 is used to support the processes S101 and S104 in FIG. 2 .
  • the processor 1101 is configured to execute the processing performed by the first network device in the foregoing embodiment.
  • the processor 1101 is configured to perform an action of determining the user group of the first user equipment, an action of determining an interworking policy according to a determination result, and an action of generating the first SRv6 packet; and/or using Other procedures for the techniques described herein.
  • the processor 1101 is used to support the processes S102 and S103 in FIG. 2 .
  • the memory 1102 is used to store programs, codes or instructions, for example, to store the action system 11021 and the application program 11022. When the processor or the hardware device executes these programs, codes or instructions, the processing involving the first network device in the method embodiment can be completed process.
  • the memory 1102 may include a read-only memory (Read-only Memory, ROM) and a random access memory (Random Access Memory, RAM).
  • the ROM includes a basic input/output system (Basic Input/Output System, BIOS) or an embedded system;
  • the RAM includes an application program and an action system.
  • BIOS Basic Input/Output System
  • the first network device 1100 needs to be run, the system is booted through the BIOS solidified in the ROM or the bootloader in the embedded system, and the first network device 1100 is guided into a normal operation state. After the first network device 1100 enters the normal operation state, the application program and the action system running in the RAM, thus, the processing process involving the first network device in the method embodiment is completed.
  • FIG. 6 only shows a simplified design of the first network device 1100 .
  • the first network device may contain any number of interfaces, processors or memories.
  • FIG. 7 is a schematic diagram of a hardware structure of another first network device 1200 according to an embodiment of the present application.
  • the first network device 1200 shown in FIG. 7 may perform the corresponding steps performed by the first network device in the methods of the foregoing embodiments.
  • the first network device 1200 includes: a main control board 1210 , an interface board 1230 , a switching network board 1220 and an interface board 1240 .
  • the main control board 1210, the interface boards 1230 and 1240, and the switching network board 1220 are connected to the system backplane through a system bus to achieve intercommunication.
  • the main control board 1210 is used to complete functions such as system management, equipment maintenance, and protocol processing.
  • the switch fabric board 1220 is used to complete data exchange between interface boards (interface boards are also called line cards or service boards).
  • the interface boards 1230 and 1240 are used to provide various service interfaces (eg, POS interface, GE interface, ATM interface, etc.), and realize data packet forwarding.
  • the interface board 1230 may include a central processing unit 1231 , a forwarding table entry memory 1234 , a physical interface card 1233 and a network processor 1232 .
  • the central processing unit 1231 is used to control and manage the interface board and communicate with the central processing unit on the main control board.
  • the forwarding table entry storage 1234 is used to store forwarding table entries.
  • the physical interface card 1233 is used to complete the reception and transmission of traffic.
  • the network storage 1232 is used to control the physical interface card 1233 to send and receive traffic according to the forwarding entry.
  • the physical interface card 1233 is configured to receive the first service packet sent by the first user equipment.
  • the physical interface card 1233 is further configured to send the first SRv6 packet to the second network device.
  • the physical interface card 1233 After receiving the first service packet, the physical interface card 1233 sends the first service packet to the central processing unit 1231, and the central processing unit The information determines that the first service packet needs to be processed by the central processing unit 1231, and correspondingly, the central processing unit 1231 processes the first service packet.
  • the physical interface card 1233 sends the first service packet to the central processing unit 1231, and the central processing unit 1231 sends the first service packet according to the The information in the header determines that the first service packet needs to be processed by the central processing unit 1211, and the central processing unit 1231 sends the first service packet to the central processing unit 1211, and the central processing unit 1211 processes it the first service message.
  • the central processing unit 1231 is further configured to control the network storage 1232 to obtain the forwarding entry in the forwarding entry storage 1234, and the central processing unit 1231 is further configured to control the network storage 1232 to send the data to the second network device via the physical interface card 1233. describe the first SRv6 packet.
  • the actions on the interface board 1240 in this embodiment of the present invention are consistent with the actions of the interface board 1230, and for brevity, details are not repeated here.
  • the first network device 1200 in this embodiment may correspond to the functions and/or various steps performed by the foregoing method embodiments, and details are not described herein again.
  • main control boards there may be one or more main control boards, and when there are multiple main control boards, they may include an active main control board and a backup main control board.
  • the first network device may not need to switch the network board, and the interface board undertakes the processing function of the service data of the entire system.
  • the first network device may have at least one switching network board, and the switching network board realizes data exchange between multiple interface boards, providing large-capacity data exchange and processing capabilities. Therefore, the data access and processing capabilities of the first network device in the distributed architecture are greater than those in the centralized architecture.
  • the specific architecture used depends on the specific networking deployment scenario, and there is no restriction here.
  • an embodiment of the present application provides a computer storage medium for storing computer software instructions used by the above-mentioned first network device, which includes a program designed to execute the above-mentioned method embodiments.
  • FIG. 8 is a schematic structural diagram of a second network device 2000 according to an embodiment of the present application.
  • the second network device 2000 shown in FIG. 8 may perform the corresponding steps performed by the second network device in the methods of the foregoing embodiments.
  • the second network device is deployed in a communication network that further includes the first network device.
  • the second network device 2000 includes a receiving unit 2002 and a processing unit 2004 .
  • the receiving unit 2002 is configured to receive a first SRv6 packet sent by a first network device, where the first SRv6 packet includes a first group of information and a first service packet, and the first group of information is used to indicate the The first network device is determined based on the interworking policy of the first user equipment and the second user equipment for transmitting the first service packet, determined by the first user group, the first service packet is from the first user equipment, and the The destination of the first service packet is the second user equipment, the first user group is a user group to which the first user equipment belongs, and the first service packet includes information of the second user equipment;
  • the processing unit 2004 is configured to determine whether the second network device includes a second user group corresponding to the information of the second user equipment, where the second user group is a user to which the second user equipment belongs Group;
  • the processing unit 2004 is further configured to determine whether to send the second user equipment to the second user equipment.
  • the second network device further includes a sending unit 2006
  • the first group information includes a first group identifier, where the first group identifier is used to indicate a user group to which the first user equipment belongs
  • the processing unit 2004 determines to forward the information to the second user equipment
  • the forwarding policy of the first service packet includes: in response to the processing unit 2004 determining that the second network device includes the second user group and the first user group corresponding to the information of the second user equipment.
  • the value of a group identifier indicates the first user group
  • the sending unit 2004 is configured to send the first service packet to the second user equipment.
  • the second network device further includes a sending unit 2006
  • the first group information includes a first group identifier, where the first group identifier is used to indicate a user group to which the first user equipment belongs, the According to whether the second network device includes the determination result of the second user group corresponding to the information of the second user equipment and the first group of information, the processing unit 2004 determines to forward the information to the second user equipment
  • the forwarding policy of the first service packet includes: in response to the processing unit 2004 determining that the second network device does not include the second user group corresponding to the information of the second user equipment and the The value of the first group identifier indicates the first user group, and the sending unit 2006 is configured to send the first service packet to the second user equipment in a random discarding manner or a rate-limited forwarding manner.
  • the second network device further includes a sending unit 2006
  • the first group information includes a first group identifier, where the first group identifier is used to indicate a user group to which the first user equipment belongs
  • the processing unit 2004 determines to forward the information to the second user equipment
  • the forwarding policy of the first service packet includes: in response to the processing unit 2004 determining that the second network device includes the second user group and the first user group corresponding to the information of the second user equipment.
  • the value of a set of identifiers indicates invalid, and the sending unit 2006 is configured to send the first service packet to the second user equipment in a random discarding manner or a speed-limited forwarding manner.
  • the first group information includes a first group identifier and a first group policy identifier
  • the first group identifier is used to indicate a user group to which the first user equipment belongs
  • the first group policy identifier is used to indicate specific interworking strategies.
  • the processing unit 2004 determines to The forwarding policy for the second user equipment to forward the first service packet includes: the processing unit 2004 is configured to determine a second group policy according to the determination result, where the second group policy is used to indicate the second group policy The network device determines the interworking policy for the first user equipment and the second user equipment to transmit the first service packet based on the second user group; the processing unit 2004 is further configured to The interworking policy indicated by the group policy identifier and the second group policy determine a forwarding policy for forwarding the first service packet to the second user equipment.
  • the processing unit 2004 determines, according to the interworking policy indicated by the first group policy identifier and the second group policy, a forwarding policy for forwarding the first service packet to the second user equipment, Including: the processing unit 2004 is configured to determine that the first identifier in the first group policy identifier is valid, and the first identifier is used to indicate that the first network device includes the first user group and the second The network device does not include the second user group; the processing unit 2004 is further configured to determine a first sub-policy in the second group policy according to the first identifier, where the first sub-policy indicates the second user group The determined interworking policy in the case where the first network device includes the first user group and the second network device does not include the second user group; the processing unit 2004 is further configured to determine the interworking policy according to the first identifier The interworking policy and the first sub-policy indicated by the value of , determine the forwarding policy for forwarding the first service packet to the second user equipment.
  • the processing unit 2004 determines, according to the interworking policy indicated by the first group policy identifier and the second group policy, a forwarding policy for forwarding the first service packet to the second user equipment, Including: the processing unit 2004 is configured to determine that the second identifier and the third identifier in the first group policy identifier are valid, and the second identifier is used to indicate that the first network device does not include the first user group and the second network device includes the second user group, and the third identifier is used to indicate that the first network device does not include the first user group and the second network device does not include the second user group ; the processing unit 2004 is further configured to determine a second sub-policy in the second group policy according to the second identification and the third identification, and the second sub-policy indicates the second sub-policy determined by the second user group , an interworking policy in the case that the first network device does not include the first user group and the second network device includes the second user group; the processing unit 2004 is further configured to identify the second identifier The interworking policy and the
  • the processing unit 2004 determines to The forwarding policy for the second user equipment to forward the first service packet includes: the processing unit 2004 is configured to determine a second group policy according to the determination result, where the second group policy is used to indicate the second group policy The network device determines the interworking policy for the first user equipment and the second user equipment to transmit the first service packet based on the second user group; the processing unit 2004 is further configured to The group identifier, the interworking policy indicated by the first group policy identifier, and the second group policy determine a forwarding policy for forwarding the first service packet to the second user equipment.
  • the forwarding strategy is any one of the following forwarding strategies: forwarding, discarding, forwarding in the manner of random discarding, and forwarding in the manner of speed-limited forwarding.
  • the first group of information is carried in any one of the following headers included in the first SRv6 packet: an IPv6 header, a hop-by-hop option header, a destination option header, and a segment routing header.
  • the first SRv6 packet is transmitted via an SRv6 tunnel between the first network device and the second network device.
  • the information of the second user equipment is the destination IP address included in the first service packet, or the information of the second user equipment is the destination MAC address included in the first service packet.
  • the second network device 2000 shown in FIG. 8 may perform the corresponding steps performed by the second network device in the methods of the foregoing embodiments.
  • the second network device receives the first SRv6 sent by the first network device, and then the second network device as the receiving end device can forward the user group according to the interworking policy determined by the transmitting end device and the interworking policy determined by the receiving end device. strategy to control.
  • FIG. 9 is a schematic diagram of a hardware structure of a second network device 2100 according to an embodiment of the present application.
  • the second network device 2100 shown in FIG. 9 may perform the corresponding steps performed by the second network device in the methods of the foregoing embodiments.
  • the second network device 2100 includes a processor 2101 , a memory 2102 , an interface 2103 and a bus 2104 .
  • the interface 2103 can be implemented in a wireless or wired manner.
  • the above-mentioned processor 2101 , memory 2102 and interface 2103 are connected through a bus 2104 .
  • the interface 2103 may specifically include a transmitter and a receiver, for sending and receiving information or data between the second network device and the first network device in the foregoing embodiment.
  • the interface 2103 is configured to support receiving the first SRv6 packet sent by the first network device.
  • the interface 2103 is used to support the process S105 in FIG. 2 .
  • the processor 2101 is configured to perform the processing performed by the second network device in the foregoing embodiment.
  • the processor 2101 is configured to receive the first SRv6 packet sent by the first network device, determine the second user group, and determine the interworking policy according to the interworking policy determined by the first network device and the second network device The policy determines a forwarding policy for forwarding the first service message; and/or other processes for the techniques described herein.
  • the processor 2101 is used to support the processes S106 and S107 in FIG. 2 .
  • the memory 2102 includes an action system 21021 and an application program 21022 for storing programs, codes or instructions. When the processor or hardware device executes these programs, codes or instructions, the processing process involving the second network device in the method embodiment can be completed.
  • the memory 2102 may include a read-only memory (Read-only Memory, ROM) and a random access memory (Random Access Memory, RAM).
  • the ROM includes a basic input/output system (Basic Input/Output System, BIOS) or an embedded system;
  • the RAM includes an application program and an action system.
  • BIOS Basic Input/Output System
  • the second network device 2100 needs to be run, the system is booted through the BIOS solidified in the ROM or the bootloader in the embedded system to boot the second network device 2100 into a normal operation state. After the second network device 2100 enters the normal running state, the application program and the action system running in the RAM, thus, the processing process involving the second network device in the method embodiment is completed.
  • FIG. 9 only shows a simplified design of the second network device 2100 .
  • the second network device may contain any number of interfaces, processors or memories.
  • FIG. 10 is a schematic diagram of a hardware structure of another second network device 2200 according to an embodiment of the present application.
  • the second network device 2200 shown in FIG. 10 may perform the corresponding steps performed by the second network device in the methods of the foregoing embodiments.
  • the second network device 2200 includes: a main control board 2210 , an interface board 2230 , a switching network board 2220 and an interface board 2240 .
  • the main control board 2210, the interface boards 2230 and 2240, and the switching network board 2220 are connected to the system backplane through the system bus to realize intercommunication.
  • the main control board 2210 is used to complete functions such as system management, equipment maintenance, and protocol processing.
  • the switch fabric board 2220 is used to complete data exchange between interface boards (interface boards are also called line cards or service boards).
  • the interface boards 2230 and 2240 are used to provide various service interfaces (eg, POS interface, GE interface, ATM interface, etc.), and realize data packet forwarding.
  • the second network device 2200 is a blade server.
  • the interface board 2230 may include a central processing unit 2231 , a forwarding table entry memory 2234 , a physical interface card 2233 and a network processor 2232 .
  • the central processing unit 2231 is used to control and manage the interface board and communicate with the central processing unit 2211 on the main control board 2210.
  • the forwarding table entry storage 2234 is used to store forwarding table entries.
  • the physical interface card 2233 is used to receive and transmit traffic.
  • the network storage 2232 is used to control the physical interface card 2233 to send and receive traffic according to the forwarding entry.
  • the physical interface card 2233 is configured to receive the first SRv6 packet sent by the first network device.
  • the physical interface card 2233 is also used for forwarding the first service message.
  • the physical interface card 2233 After receiving the first SRv6 packet, the physical interface card 2233 sends the first SRv6 packet to the central processing unit 2231.
  • the information determines that the first SRv6 packet needs to be processed by the central processing unit 2231, and correspondingly, the central processing unit 2231 processes the first SRv6 packet.
  • the physical interface card 2233 sends the first SRv6 packet to the central processing unit 2231, and the central processing unit 2231 reports the first SRv6 packet according to the The information in the header determines that the first SRv6 packet needs to be processed by the central processing unit 2211, and the central processing unit 2231 sends the first SRv6 packet to the central processing unit 2211, and the central processing unit 2211 processes it the first SRv6 packet.
  • the central processing unit 2231 is also used to control the network storage 2232 to obtain forwarding entries in the forwarding entry storage 2234 , and the central processing unit 2231 is also used to control the network storage 2232 to receive and send traffic via the physical interface card 2233 .
  • main control boards there may be one or more main control boards, and when there are multiple main control boards, they may include an active main control board and a backup main control board.
  • the second network device may not need a switching network board, and the interface board undertakes the processing function of the service data of the entire system.
  • the second network device may have at least one switching network board, and the switching network board realizes data exchange between multiple interface boards, providing large-capacity data exchange and processing capabilities. Therefore, the data access and processing capabilities of the second network device in the distributed architecture are greater than those in the centralized architecture.
  • the specific architecture used depends on the specific networking deployment scenario, and there is no restriction here.
  • an embodiment of the present application provides a computer storage medium for storing computer software instructions used by the above-mentioned second network device, which includes a program designed to execute the above-mentioned method embodiments.
  • Embodiments of the present application further include a network system, where the network system includes a first network device and a second network device, and the first network device is the first network device in FIG. 5 or FIG. 6 or FIG. 7 .
  • the second network device is the second network device in the aforementioned FIG. 8 or FIG. 9 or FIG. 10 .
  • the steps of the methods or algorithms described in conjunction with the disclosure of the present application may be implemented in a hardware manner, or may be implemented in a manner in which a processor executes software instructions.
  • the software instructions can be composed of corresponding software modules, and the software modules can be stored in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, removable hard disk, CD-ROM or any other form of storage well known in the art in the medium.
  • An exemplary storage medium is coupled to the processor, such that the processor can read information from, and write information to, the storage medium.
  • the storage medium can also be an integral part of the processor.
  • the processor and storage medium may reside in an ASIC.
  • the ASIC may be located in the user equipment.
  • the processor and the storage medium may also exist in the user equipment as discrete components.
  • the functions described in this application may be implemented in hardware or in a combination of hardware and software.
  • the software may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
  • Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another.
  • a storage medium can be any available medium that can be accessed by a general purpose or special purpose computer.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

一种基于用户组的报文转发方法、设备及系统。所述方法包括,第一网络设备接收第一用户设备发送的第一业务报文,所述第一业务报文包括第一用户设备的信息;所述第一网络设备确定所述第一网络设备中是否包括与所述第一用户设备的信息对应的第一用户组;所述第一网络设备根据确定结果确定第一组信息的值和生成第一SRv6报文和向第二网络设备发送所述第一SRv6报文,所述第一SRv6报文包括所述第一组信息和所述第一业务报文,所述第一组信息用于指示所述第一网络设备基于所述第一用户组确定的、所述第一用户设备和所述第二用户设备传输所述第一业务报文的互通策略,从而实现基于用户组和组策略的报文转发技术。

Description

一种基于用户组的报文转发方法、设备及系统
本申请要求于2020年9月30日提交国家知识产权局、申请号为CN 202011059313.6、发明名称为“一种实现业务分组的方法、设备及系统”的中国专利申请的优先权和于2020年11月26日提交的申请号为202011357010.2、发明名称为“一种基于用户组的报文转发方法、设备及系统”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
技术领域
本申请涉及通信技术领域,尤其涉及一种基于用户组的报文转发方法、设备及系统。
背景技术
第四版互联网协议(Internet Protocol version 4,IPv4)是目前广泛部署的互联网协议。IPv4技术简单、易于实现、互操作性好。但是,IPv4技术发展的一个重要教训是可扩展性问题,设计之初没有想到会有这么多的设备接入互联网协议(Internet Protocol,IP)网络,由此触发了第六版互联网协议(Internet Protocol version 6,IPv6)技术的发展。IPv6取代IPv4主要是为了解决IPv4地址枯竭问题,同时IPv6也在其他方面对于IPv4有许多改进。然而,IPv6技术发展的一个重要教训是可兼容性问题。当时的设想比较简单,32比特的地址空间不够,就把它扩展成128比特,但是128比特的IPv6地址跟32比特的IPV4地址是没有办法兼容的,这样就需要全网的升级支持IPv6,由此导致部署应用的困难。从这个角度看,基于第六版互联网协议的段路由(Segment Routing over Internet Protocol version 6,SRv6)是可以兼容IPv6路由转发的,并且兼顾了多协议标记交换(Multiprotocol Label Switching,MPLS)转发的优点,这就保证了SRv6可以从IPv6网络平滑地演进。
段路由(segment routing,SR)技术是由源节点来为应用报文指定路径,并将路径转换成一个有序的Segment列表封装到报头中,路径的中间节点只需要根据报头中指定的路径进行转发。Segment是指导设备处理报文的任何指令,如:根据最短路径转发报文到目的地、通过指定接口转发报文、将报文转发到指定的应用/业务实例等。为了在IPv6中实现SRv6转发,在IPv6报文中引入一个SRv6扩展报头,即段路由报头(Segment Routing header,SRH),用于进行Segment的编程组合形成SRv6路径。SRv6的标准化工作主要集中在互联网工程任务组(Internet Engineering Task Force,IETF)SPRING(Source Packet Routing in Networking)工作组进行,其报文封装格式SRH等标准化工作在6MAN(IPv6Maintenance)工作组进行。
然而,在基于SRv6的通信网络场景中,根据现有的SRv6相关的协议,无法实现基于用户组和组策略的报文转发技术。
发明内容
本申请提供了一种基于用户组的报文转发方法、设备及系统,从而,在基于SRv6的通信网络场景中,实现基于用户组和组策略的报文转发技术。
第一方面,提供了一种基于用户组的报文转发方法,所述方法包括,第一网络设备接收第一用户设备发送的第一业务报文,所述第一业务报文包括第一用户设备的信息,所述第一业务报文的目的地是第二用户设备。然后,所述第一网络设备确定所述第一网络设备中是否包括与所述第一用户设备的信息对应的第一用户组,所述第一用户组为所述第一用户设备所属的用户组。并且,根据所述第一网络设备中是否包括与所述第一用户设备的信 息对应的所述第一用户组的确定结果,所述第一网络设备确定第一组信息的值和生成第一基于SRv6报文,所述第一SRv6报文包括所述第一组信息和所述第一业务报文,所述第一组信息用于指示所述第一网络设备基于所述第一用户组确定的、所述第一用户设备和所述第二用户设备传输所述第一业务报文的互通策略。以及,所述第一网络设备向第二网络设备发送所述第一SRv6报文。
基于本申请提供的方案,第一网络设备向第二网络设备发送的SRv6报文中携带有组信息,从而作为发送端设备的第一网络设备可以参与确定针对用户组的转发策略的控制。
在第一方面的一种可能的实现方式中,所述第一组信息包括第一组标识,所述第一组标识用于指示所述第一用户设备所属的用户组,所述根据所述第一网络设备中是否包括与所述第一用户设备的信息对应的所述第一用户组的确定结果,所述第一网络设备确定第一组信息的值,包括:响应于所述第一网络设备确定所述第一网络设备中包括与所述第一用户设备的信息对应的所述第一用户组,所述第一网络设备确定所述第一组标识的值指示所述第一用户组。
在第一方面的又一种可能的实现方式中,所述第一组信息包括第一组标识,所述第一组标识用于指示所述第一用户设备所属的用户组,所述根据所述第一网络设备中是否包括与所述第一用户设备的信息对应的所述第一用户组的确定结果,所述第一网络设备确定第一组信息的值,包括:响应于所述第一网络设备确定所述第一网络设备中不包括与所述第一用户设备的信息对应的所述第一用户组,所述第一网络设备确定所述第一组标识的值指示无效。
在第一方面的再一种可能的实现方式中,所述第一组信息包括第一组标识和第一组策略标识,所述第一组标识用于指示所述第一用户设备所属的用户组,所述第一组策略标识用于指示具体的互通策略。
在第一方面的再一种可能的实现方式中,所述第一组策略标识包括第一标识,所述第一标识用于指示所述第一网络设备包括所述第一用户组和所述第二网络设备不包括第二用户组,所述第二用户组为所述第二用户设备所属的用户组,所述根据所述第一网络设备中是否包括与所述第一用户设备的信息对应的所述第一用户组的确定结果,所述第一网络设备确定第一组信息的值,包括:响应于所述第一网络设备确定所述第一网络设备中包括与所述第一用户设备的信息对应的所述第一用户组,所述第一网络设备确定所述第一组标识的值指示所述第一用户组和确定所述第一标识的值。
在第一方面的再一种可能的实现方式中,所述第一组策略标识包括第二标识和第三标识,所述第二标识用于指示所述第一网络设备不包括所述第一用户组和所述第二网络设备包括第二用户组,所述第三标识用于指示所述第一网络设备不包括所述第一用户组和所述第二网络设备不包括第二用户组,所述第二用户组为所述第二用户设备所属的用户组,所述根据所述第一网络设备中是否包括与所述第一用户设备的信息对应的所述第一用户组的确定结果,所述第一网络设备确定第一组信息的值,包括:响应于所述第一网络设备确定所述第一网络设备中包括与所述第一用户设备的信息对应的所述第一用户组,所述第一网络设备确定所述第一组标识的值指示无效和确定所述第二标识的值和所述第三标识的值。
在第一方面的再一种可能的实现方式中,所述第一组策略标识包括第四标识,所述第四标识用于指示所述第二网络设备不包括第二用户组,所述第二用户组为所述第二用户设 备所属的用户组,所述根据所述第一网络设备中是否包括与所述第一用户设备的信息对应的所述第一用户组的确定结果,所述第一网络设备确定第一组信息的值,包括:响应于所述第一网络设备确定所述第一网络设备中包括与所述第一用户设备的信息对应的所述第一用户组,所述第一网络设备确定所述第一组标识的值指示所述第一用户组和确定所述第四标识的值。
在第一方面的再一种可能的实现方式中,所述第一组策略标识包括第五标识和第六标识,所述第五标识用于指示所述第二网络设备包括第二用户组,所述第六标识用于指示所述第二网络设备不包括第二用户组,所述第二用户组为所述第二用户设备所属的用户组,所述根据所述第一网络设备中是否包括与所述第一用户设备的信息对应的所述第一用户组的确定结果,所述第一网络设备确定第一组信息的值,包括:响应于所述第一网络设备确定所述第一网络设备中包括与所述第一用户设备的信息对应的所述第一用户组,所述第一网络设备确定所述第一组标识的值指示无效和确定所述第五标识的值和所述第六标识的值。
第二方面,提供了一种基于用户组的报文转发方法,所述方法包括,第二网络设备接收第一网络设备发送的第一SRv6报文,所述第一SRv6报文包括第一组信息和第一业务报文,所述第一组信息用于指示所述第一网络设备基于第一用户组确定的、第一用户设备和第二用户设备传输所述第一业务报文的互通策略,所述第一业务报文来自所述第一用户设备,所述第一业务报文的目的地是所述第二用户设备,所述第一用户组为所述第一用户设备所属的用户组,所述第一业务报文包括第二用户设备的信息。然后,所述第二网络设备确定所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组,所述第二用户组为所述第二用户设备所属的用户组。并且,根据所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组的确定结果和所述第一组信息,所述第二网络设备确定向所述第二用户设备转发所述第一业务报文的转发策略。
基于本申请提供的方案,所述第二网络设备接收第一网络设备发送的第一SRv6,然后,作为接收端设备的第二网络设备可以根据发送端设备确定的互通策略和接收端设备确定的互通策略对用户组的转发策略进行控制。
在第二方面的一种可能的实现方式中,所述第一组信息包括第一组标识,所述第一组标识用于指示所述第一用户设备所属的用户组,所述根据所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组的确定结果和所述第一组信息,所述第二网络设备确定向所述第二用户设备转发所述第一业务报文的转发策略,包括:响应于所述第二网络设备确定所述第二网络设备中包括与所述第二用户设备的信息对应的所述第二用户组和所述第一组标识的值指示所述第一用户组,所述第二网络设备向所述第二用户设备发送所述第一业务报文。
在第二方面的又一种可能的实现方式中,所述第一组信息包括第一组标识,所述第一组标识用于指示所述第一用户设备所属的用户组,所述根据所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组的确定结果和所述第一组信息,所述第二网络设备确定向所述第二用户设备转发所述第一业务报文的转发策略,包括:响应于所述第二网络设备确定所述第二网络设备中不包括与所述第二用户设备的信息对应的所述第二用户组和所述第一组标识的值指示所述第一用户组,所述第二网络设备以随机丢弃的方式或以限速转发的方式向所述第二用户设备发送所述第一业务报文。
在第二方面的再一种可能的实现方式中,所述第一组信息包括第一组标识,所述第一组标识用于指示所述第一用户设备所属的用户组,所述根据所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组的确定结果和所述第一组信息,所述第二网络设备确定向所述第二用户设备转发所述第一业务报文的转发策略,包括:响应于所述第二网络设备确定所述第二网络设备中包括与所述第二用户设备的信息对应的所述第二用户组和所述第一组标识的值指示无效,所述第二网络设备以随机丢弃的方式或以限速转发的方式向所述第二用户设备发送所述第一业务报文。
在第二方面的再一种可能的实现方式中,所述第一组信息包括第一组标识和第一组策略标识,所述第一组标识用于指示所述第一用户设备所属的用户组,所述第一组策略标识用于指示具体的互通策略。
在第二方面的再一种可能的实现方式中,所述根据所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组的确定结果和所述第一组信息,所述第二网络设备确定向所述第二用户设备转发所述第一业务报文的转发策略,包括:所述第二网络设备根据所述确定结果确定第二组策略,所述第二组策略用于指示所述第二网络设备基于所述第二用户组确定的、所述第一用户设备和所述第二用户设备传输所述第一业务报文的互通策略;所述第二网络设备根据所述第一组策略标识所指示的互通策略和所述第二组策略,确定向所述第二用户设备转发所述第一业务报文的转发策略。
在第二方面的再一种可能的实现方式中,所述第二网络设备根据所述第一组策略标识所指示的互通策略和所述第二组策略,确定向所述第二用户设备转发所述第一业务报文的转发策略,包括:所述第二网络设备确定所述第一组策略标识中的第一标识有效,所述第一标识用于指示所述第一网络设备包括所述第一用户组和所述第二网络设备不包括第二用户组;所述第二网络设备根据所述第一标识确定所述第二组策略中的第一子策略,所述第一子策略指示所述第二用户组确定的、在所述第一网络设备包括所述第一用户组和所述第二网络设备不包括第二用户组情况下的互通策略;所述第二网络设备根据所述第一标识的值所指示的互通策略和所述第一子策略,确定向所述第二用户设备转发所述第一业务报文的转发策略。
在第二方面的再一种可能的实现方式中,所述第二网络设备根据所述第一组策略标识所指示的互通策略和所述第二组策略,确定向所述第二用户设备转发所述第一业务报文的转发策略,包括:所述第二网络设备确定所述第一组策略标识中的第二标识和第三标识有效,所述第二标识用于指示所述第一网络设备不包括所述第一用户组和所述第二网络设备包括所述第二用户组,所述第三标识用于指示所述第一网络设备不包括所述第一用户组和所述第二网络设备不包括第二用户组;所述第二网络设备根据所述第二标识和所述第三标识确定所述第二组策略中的第二子策略,所述第二子策略指示所述第二用户组确定的、在所述第一网络设备不包括所述第一用户组和所述第二网络设备包括所述第二用户组情况下的互通策略;所述第二网络设备根据所述第二标识的值所指示的互通策略和所述第二子策略,确定向所述第二用户设备转发所述第一业务报文的转发策略。
在第二方面的再一种可能的实现方式中,所述根据所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组的确定结果和所述第一组信息,所述第二网络设备确定向所述第二用户设备转发所述第一业务报文的转发策略,包括:所述第二网络设备根据所述确定结果确定第二组策略,所述第二组策略用于指示所述第二网络设备基于所述 第二用户组确定的、所述第一用户设备和所述第二用户设备传输所述第一业务报文的互通策略;所述第二网络设备根据所述第一组标识与所述第一组策略标识所指示的互通策略和所述第二组策略,确定向所述第二用户设备转发所述第一业务报文的转发策略。
在第二方面的再一种可能的实现方式中,所述转发策略为下列转发策略中的任一种:转发、丢弃、以随机丢弃的方式转发、和以限速转发的方式转发。
在上述第一方面或第二方面中,可选的,所述第一组信息被携带在所述第一SRv6报文包括的下列报头中的任意一种报头中:IPv6报头、逐跳选项报头、目的选项报头和段路由报头。
在上述第一方面或第二方面中,可选的,所述第一组标识被携带在所述第一SRv6报文包括的下列报头中的任意一种报头中:IPv6报头、逐跳选项报头、目的选项报头和段路由报头。
在上述第一方面或第二方面中,可选的,所述第一组策略标识被携带在所述第一SRv6报文包括的下列报头中的任意一种报头中:IPv6报头、逐跳选项报头、目的选项报头和段路由报头。
在上述第一方面或第二方面中,可选的,所述第一SRv6报文经由所述第一网络设备与所述第二网络设备之间的SRv6隧道传输。
在上述第一方面或第二方面中,可选的,所述第二用户设备的信息是所述第一业务报文包括的目的IP地址,或者所述第二用户设备的信息是所述第一业务报文包括的目的MAC地址。
在上述第一方面或第二方面中,可选的,所述第一用户设备的信息是所述第一业务报文包括的源IP地址,或者所述第一用户设备的信息是所述第一业务报文包括的源MAC地址。
第三方面,提供了一种第一网络设备,第一网络设备具有实现上述方法中第一网络设备行为的功能。所述功能可以基于硬件实现,也可以基于硬件执行相应的软件实现。所述硬件或软件包括一个或多个与上述功能相对应的模块。
在一个可能的设计中,第一网络设备的结构中包括处理器和接口,所述处理器被配置为支持第一网络设备执行上述方法中相应的功能。所述接口用于支持第一网络设备与另一网络设备之间的通信,从所述另一网络设备接收上述方法中所涉及的信息或者指令。所述接口还用于支持第一网络设备与用户设备之间的通信。所述第一网络设备还可以包括存储器,所述存储器用于与处理器耦合,其保存第一网络设备必要的程序指令和数据。
在另一个可能的设计中,所述第一网络设备包括:处理器、发送器、接收器、随机存取存储器、只读存储器以及总线。其中,处理器通过总线分别耦接发送器、接收器、随机存取存储器以及只读存储器。其中,当需要运行第一网络设备时,通过固化在只读存储器中的基本输入/输出系统或者嵌入式系统中的bootloader引导系统进行启动,引导第一网络设备进入正常运行状态。在第一网络设备进入正常运行状态后,在随机存取存储器中运行应用程序和动作系统,使得该处理器执行第一方面或第一方面的任意可能的实现方式中的方法。
第四方面,提供一种第一网络设备,所述第一网络设备包括:主控板和接口板,进一步,还可以包括交换网板。所述第一网络设备用于执行第一方面或第一方面的任意可能的实现方式中的方法。具体地,所述第一网络设备包括用于执行第一方面或第一方面的任意可能的实现方式中的方法的模块。
第五方面,提供一种第一网络设备,所述第一网络设备包括控制器和第一转发子设备。所述第一转发子设备包括:接口板,进一步,还可以包括交换网板。所述第一转发子设备用于执行第四方面中的接口板的功能,进一步,还可以执行第四方面中交换网板的功能。所述控制器包括接收器、处理器、发送器、随机存取存储器、只读存储器以及总线。其中,处理器通过总线分别耦接接收器、发送器、随机存取存储器以及只读存储器。其中,当需要运行控制器时,通过固化在只读存储器中的基本输入/输出系统或者嵌入式系统中的bootloader引导系统进行启动,引导控制器进入正常运行状态。在控制器进入正常运行状态后,在随机存取存储器中运行应用程序和动作系统,使得该处理器执行第四方面中主控板的功能。
第六方面,提供了一种计算机存储介质,用于储存为上述第一网络设备所用的程序、代码或指令,当处理器或硬件设备执行这些程序、代码或指令时可以完成上述第一方面中第一网络设备的功能或步骤。
第七方面,提供了一种第二网络设备,所述第二网络设备具有实现上述方法中第二网络设备行为的功能。所述功能可以基于硬件实现,也可以基于硬件执行相应的软件实现。所述硬件或软件包括一个或多个与上述功能相对应的模块。
在一个可能的设计中,第二网络设备的结构中包括处理器和接口,所述处理器被配置为支持第二网络设备执行上述方法中相应的功能。所述接口用于支持第二网络设备与第一网络设备之间的通信,向第一网络设备发送上述方法中所涉及的信息或者指令,或者接收第一网络设备发送的上述方法中所涉及的信息或者指令。所述第二网络设备还可以包括存储器,所述存储器用于与处理器耦合,其保存第二网络设备必要的程序指令和数据。
在另一个可能的设计中,所述第二网络设备包括:处理器、发送器、接收器、随机存取存储器、只读存储器以及总线。其中,处理器通过总线分别耦接发送器、接收器、随机存取存储器以及只读存储器。其中,当需要运行第二网络设备时,通过固化在只读存储器中的基本输入/输出系统或者嵌入式系统中的bootloader引导系统进行启动,引导第二网络设备进入正常运行状态。在第二网络设备进入正常运行状态后,在随机存取存储器中运行应用程序和动作系统,使得该处理器执行第二方面或第二方面的任意可能的实现方式中的方法。
第八方面,提供一种第二网络设备,所述第二网络设备包括:主控板和接口板,进一步,还可以包括交换网板。所述第二网络设备用于执行第二方面或第二方面的任意可能的实现方式中的方法。具体地,所述第二网络设备包括用于执行第二方面或第二方面的任意可能的实现方式中的方法的模块。
第九方面,提供一种第二网络设备,所述第二网络设备包括控制器和第二转发子设备。所述第二转发子设备包括:接口板,进一步,还可以包括交换网板。所述第二转发子设备用于执行第八方面中的接口板的功能,进一步,还可以执行第八方面中交换网板的功能。所述控制器包括接收器、处理器、发送器、随机存取存储器、只读存储器以及总线。其中,处理器通过总线分别耦接接收器、发送器、随机存取存储器以及只读存储器。其中,当需要运行控制器时,通过固化在只读存储器中的基本输入/输出系统或者嵌入式系统中的bootloader引导系统进行启动,引导控制器进入正常运行状态。在控制器进入正常运行状态后,在随机存取存储器中运行应用程序和动作系统,使得该处理器执行第八方面中主控板的功能。
第十方面,提供了一种计算机存储介质,用于储存为上述第二网络设备所用的程序、代码或指令,当处理器或硬件设备执行这些程序、代码或指令时可以完成上述第二方面中第二网络设备的功能或步骤。
第十一方面,提供一种网络系统,所述网络系统包括第一网络设备和第二网络设备,所述第一网络设备为前述第三方面或第四方面或第五方面中的第一网络设备,所述第二网络设备为前述第七方面或第八方面或第九方面中的第二网络设备。
通过上述方案,第一网络设备和第二网络设备之间传输的SRv6报文中携带有组信息,从而作为接收端设备的第二网络设备可以根据发送端设备确定的互通策略和接收端设备确定的互通策略对用户组的转发策略进行控制。
附图说明
图1为本申请实施例的一种通信网络结构示意图;
图2为本申请实施例的一种报文转发方法流程图;
图3为本申请实施例的一种组信息的格式;
图4为本申请实施例的一种SRv6报文的报头格式;
图5为本申请实施例的第一网络设备的结构示意图;
图6为本申请实施例的第一网络设备的硬件结构示意图;
图7为本申请实施例的另一种第一网络设备的硬件结构示意图;
图8为本申请实施例的第二网络设备的结构示意图;
图9为本申请实施例的第二网络设备的硬件结构示意图;
图10为本申请实施例的另一种第二网络设备的硬件结构示意图。
具体实施方式
下面通过具体实施例,详细说明本申请的技术方案。
图1为本申请实施例的一种通信网络结构示意图。所述通信网络包括多个网络设备。所述通信网络例如可以是IP网络。具体的,所述通信网络可以是基于SRv6的通信网络,也就是说,所述通信网络可以传输和处理SRv6报文。例如图1所示,所述通信网络包括第一网络设备和第二网络设备。所述第一网络设备通过通信链路与所述第二网络设备通信。在一种可能的实现方式中,所述第一网络设备和所述第二网络设备之间的通信链路是物理通信链路。所述物理通信链路可以是电缆或者光纤或者无线链路。所述第一网络设备与通信链路链接的端口可以是物理端口,所述第二网络设备与通信链路链接的端口可以是物理端口。在另一种可能的实现方式中,所述第一网络设备和所述第二网络设备之间的通信链路是直连链路。所述直连链路是指两台设备(例如所述第一网络设备和所述第二网络设备)直接通过链路链接,两台设备之间的链路上不包括其他转发设备或处理设备,但有可能包括透传设备。所述第一网络设备可以是路由器或三层交换机。所述第二网络设备可以是路由器或三层交换机。在不同类型的通信网络中,所述第一网络设备和所述第二网络设备的角色可能不同。例如,在园区网中,所述第一网络设备和所述第二网络设备可以是边缘交换机。又例如,在核心网中,所述第一网络设备和所述第二网络设备可以是运营商边缘(provider edge,PE)设备。
所述第一网络设备可以连接至少一个用户设备。如图1所示,所述第一网络设备连接第一用户设备和第三用户设备。类似的,所述第二网络设备可以连接至少一个用户设备。如图1所示,所述第二网络设备连接第二用户设备和第四用户设备。以所述第一网络设备 与所述第一用户设备和所述第三用户设备的链接关系为例进行说明。在一种可能的实现方式中,所述第一网络设备与所述第一用户设备和所述第三用户设备之间的通信链路是物理通信链路。所述物理通信链路可以是电缆或者光纤或者无线链路。所述第一网络设备与通信链路链接的端口可以是物理端口,所述第一用户设备和所述第三用户设备与通信链路链接的端口可以是物理端口。在另一种可能的实现方式中,所述第一网络设备和所述第一用户设备和所述第三用户设备之间的通信链路是直连链路。另外,所述第一网络设备与所述第一用户设备之间的通信链路上可以包括其他网络设备,例如用户边缘(customer edge,CE)设备。同样道理,所述第一网络设备与所述第三用户设备之间的通信链路上也可以包括其他网络设备。本申请实施方式中,对图1中的用户设备的具体形态不进行限制。例如,图1中的用户设备可以是家庭网络或公共网络中使用的网络设备,例如手机、个人电脑、PAD等终端设备。又例如,图1中的用户设备也可以是企业网络中的计算机或服务器。
如图1所示,所述通信网络可以是基于SRv6的通信网络。所述第一网络设备可以向所述第二网络设备发送SRv6报文。具体的,所述第一网络设备从所述第一用户设备或所述第三用户设备接收业务报文。并且,所述第一网络设备将所述业务报文封装为SRv6报文。然后,所述第一网络设备向所述第二网络设备发送SRv6报文。在一种可能的实现方式中,所述第一网络设备与所述第二网络设备之间包括SRv6隧道,所述第一网络设备通过SRv6隧道向所述第二网络设备发送SRv6报文。所述第二网络设备接收SRv6报文,并且对SRv6报文解封装,获得所述业务报文。然后,所述第二网络设备将所述业务报文转发到所述第二用户设备或所述第四用户设备。
然而,在现有基于SRv6的通信网络中,不支持对SRv6流量进行基于用户组和组策略的数据转发。进一步,在现有基于SRv6的通信网络中,也无法实现SRv6流量的发送端和接收端共同确定针对用户组的转发策略的实现方案。
在一种相关技术中,组策略标识被携带在虚拟扩展局域网(virtual extensible local area network,VXLAN)报文中。例如参考IETF的草案:Generic Protocol Extension for VXLAN(draft-ietf-nvo3-vxlan-gpe-10)和Group Policy Encoding with VXLAN-GPE and LISP-GPE(draft-lemon-vxlan-lisp-gpe-gbp-02)。上述草案的实现方式可以被称为虚拟扩展局域网的通用协议扩展(Generic Protocol Extension for Virtual eXtensible Local Area Network,VXLAN-GPE)。在VXLAN-GPE报文中携带有通用协议扩展(GPE)报头,所述GPE报头包括组策略标识信息。同时,VXLAN-GPE报文中的VXLAN报头中的保留字段置位,以便指示VXLAN-GPE报文中包括GPE报头。发送端设备和接收端设备通过传输VXLAN-GPE报文实现用户设备之间的隔离。VXLAN-GPE的实现方式类似访问控制列表(Access Control List,ACL)的实现方式。相比较ACL,VXLAN-GPE的实现方式减少了规则配置的工作量。
但是,VXLAN-GPE仅能在基于VXLAN的网络场景中实现,而且,需要对现有VXLAN协议进行改造和对现有的网络设备进行升级。然而,根据VXLAN的基础协议IETF请求注解(Request For Comments,RFC)7348的规定(例如参见RFC 7348的第5章):其余7位(指定为“R”)为保留字段,在传输时必须置零,并且在接收时被忽略。因此,在VXLAN的网络场景中,为了遵守RFC 7348的规定,网络设备可能因为VXLAN-GPE报文的VXLAN报头中的保留字段被置位为非零,丢弃VXLAN-GPE报文,GPE报头可能无法被识别。进一步,上述草案仅公开了在现有的VXLAN报文中如何实现组策略标识的携带,从而实现用户设备的隔离。但是,上述草案并没有公开具体组策略的实现方式,更加无法实现数据 流量的发送端和接收端共同确定针对用户组的转发策略的实现方案。
针对上述问题,本申请提出了相应解决方案。如图1所示,第一网络设备从第一用户设备接收业务报文。所述第一网络设备根据所述业务报文携带的源的用户设备的信息确定所述第一用户设备所属的用户组。并且,所述第一网络设备确定所述业务报文对应的组信息,所述组信息用于指示所述第一网络设备基于所述用户组确定的、所述第一用户设备和第二用户设备传输所述业务报文的互通策略。其中,所述第二用户设备是所述业务报文的目的地。所述第一网络设备封装所述业务报文得到SRv6报文,并且,所述SRv6报文中还包括所述组信息。所述第一网络设备根据确定的组信息向第二网络设备发送所述SRv6报文。因此,通过上述实现方式,SRv6报文中携带有组信息,从而作为发送端设备的第一网络设备可以参与确定针对用户组的转发策略的控制。
对于接收端设备,所述第二网络设备在接收到所述SRv6报文后,对所述SRv6报文进行解封装。所述第二网络设备根据所述业务报文的目的的用户设备的信息确定所述第二用户设备所属的用户组。然后,所述第二网络设备根据所述第二用户设备所属的用户组确定所述第一用户设备和第二用户设备传输所述业务报文的互通策略。相应的,所述第二网络设备可以根据所述业务报文中携带的所述组信息知道所述第一网络设备基于所述用户组确定的、所述第一用户设备和第二用户设备传输所述业务报文的互通策略。这样,所述第二网络设备根据所述第一网络设备(发送端)确定的互通策略和所述第二网络设备(接收端)确定的互通策略确定向所述第二用户设备转发所述业务报文的转发策略。因此,通过上述实现方式,SRv6报文中携带有组信息,从而作为接收端设备的第二网络设备可以根据发送端设备确定的互通策略和接收端设备确定的互通策略对用户组的转发策略进行控制。
图2为本申请实施例的一种报文转发方法流程图。图2所示的方法可以应用在图1所示的网络结构中。在本申请实施方式中,针对图1中的第一网络设备和第二网络设备之间的交互进行说明,应当理解,所述第一网络设备和所述第二网络设备之间的通信链路上可以包括其他的网络设备。具体地,所述方法包括:
S101、第一网络设备接收第一用户设备发送的第一业务报文,所述第一业务报文包括第一用户设备的信息。
参见图1,所述第一网络设备与所述第一用户设备通信,在一种可能的实现中,所述第一网络设备与所述第一用户设备之间的通信链路上包括其他网络设备。所述第一用户设备生成第一业务报文。本申请实施方式不限定所述第一业务报文的封装格式,例如所述第一业务报文可以是二层以太帧,又例如所述第一业务报文可以是IP报文。
所述第一业务报文包括第一用户设备的信息,所述第一用户设备的信息用于指示所述第一用户设备。在一种可能的实现中,所述第一用户设备的信息是地址信息,具体的,所述第一用户设备的信息包括媒体接入控制(Media Access Control,MAC)地址或IP地址。所述第一用户设备是所述第一业务报文的发送端设备。因此所述第一用户设备的信息包括的MAC地址是所述第一业务报文的源MAC地址,所述第一用户设备的信息包括的IP地址是所述第一业务报文的源IP地址。
所述第一业务报文还可以包括第二用户设备的信息。如图1所示,所述第一用户设备发出的所述第一业务报文是发送给第二用户设备的。那么,所述第二用户设备的信息用于指示所述第二用户设备。在一种可能的实现中,所述第二用户设备的信息是地址信息,具体的,所述第二用户设备的信息包括MAC地址或IP地址。所述第二用户设备是所述第一业 务报文的接收端设备。因此所述第二用户设备的信息包括的MAC地址是所述第一业务报文的目的MAC地址,所述第二用户设备的信息包括的IP地址是所述第一业务报文的目的IP地址。
所述第一业务报文包括报文头和载荷,其中,所述第一业务报文中的报文头用于携带所述第一用户设备的信息和所述第二用户设备的信息。所述第一业务报文中的载荷是所述第一用户设备希望发送给所述第二用户设备的业务数据。所述第一网络设备接收所述第一用户设备发送的所述第一业务报文。在实际的业务场景中,所述第一网络设备接收所述第一用户设备发送的业务流,该业务流包括多个业务报文。所述第一业务报文可以被理解为所述业务流中的任意一个业务报文或任意的多个业务报文。因此,本申请实现方式可以被理解为,是一种基于用户组对来自用户设备的数据流进行组策略转发的实现方式。
S102、所述第一网络设备确定所述第一网络设备中是否包括与所述第一用户设备的信息对应的第一用户组,所述第一用户组为所述第一用户设备所属的用户组;
S103、根据所述第一网络设备中是否包括与所述第一用户设备的信息对应的所述第一用户组的确定结果,所述第一网络设备确定第一组信息的值和生成第一SRv6报文,所述第一SRv6报文包括所述第一组信息和所述第一业务报文,所述第一组信息用于指示所述第一网络设备基于所述第一用户组确定的、所述第一用户设备和所述第二用户设备传输所述第一业务报文的互通策略;
所述第一网络设备接收所述第一用户设备发送的所述第一业务报文。所述第一网络设备接收到所述第一业务报文之后,解析所述第一业务报文,并且获取所述第一业务报文中的所述第一用户设备的信息。所述第一网络设备确定所述第一网络设备中是否包括与所述第一用户设备的信息对应的第一用户组。其中,所述第一用户组为所述第一用户设备所属的用户组。也就是说,用户组是对用户设备的相互隔离是一种实现方式。例如,所述第一网络设备连接有用户设备1、用户设备2、用户设备3和用户设备4。其中,用户设备1和用户设备2属于用户组1,用户设备3属于用户组2,用户设备4属于用户组3。因此,一个用户组可以包括一个或多个用户设备。所述第一网络设备可以根据从用户设备接收的业务报文中的信息,确定发送该业务报文的用户设备归属于哪个用户组。
在具体的实现中,所述第一网络设备可以保存有至少一条表项,所述至少一条表项中每条表项包括用户设备的信息与用户组的对应关系,其中,用户设备的信息是发送业务报文的用户设备的用户设备的信息,例如源MAC地址或源IP地址。为了方便描述,表1中的用户设备的信息称为源用户设备的信息,表1中的用户设备称为源用户设备,表1中的用户组称为源用户组。如表1所示,第一用户设备的信息与第一用户组对应,表示第一用户设备归属第一用户组;第三用户设备的信息与第三用户组对应,表示第三用户设备归属第三用户组。需要说明的是,表1的表现方式是为了清楚的显示源用户设备的归属,在实现中,存储在所述第一网络设备中的表项可以不包括表1中的第一列信息(源用户设备)。
源用户设备 源用户设备的信息 源用户组
第一用户设备 第一用户设备的信息 第一用户组
第三用户设备 第三用户设备的信息 第三用户组
用户设备1 用户设备1的信息 第一用户组
用户设备4 用户设备4的信息 第三用户组
表1
所述第一网络设备获取所述第一业务报文中的所述第一用户设备的信息后,根据所述第一用户设备的信息查询所述第一网络设备存储的所述至少一条表项(如表1所示)。所述第一网络设备根据第一用户设备的信息与第一用户组的对应关系,确定与第一用户设备的信息对应的用户组是第一用户组。因此,所述第一网络设备可以确定所述第一用户设备归属第一用户组。
在一种可能的实现方式中,表1中的源用户组可以使用组标识的形式表示。例如,第一用户组可以使用组标识Group_ID_1表示,第三用户组可以使用组标识Group_ID_3表示。在一种可能的实现中,组标识可以使用16位(bit)长度的数据表示。相应的,所述第一网络设备存储的表1所示的表项时,可以存储组标识作为源用户组。因此,组标识用于指示用户组,也可以理解为,组标识用于指示用户设备归属的用户组。
所述第一网络设备可以根据接收到的所述第一业务报文,生成第一SRv6报文。所述第一SRv6报文是通过封装所述第一业务报文而获得的报文。所述第一业务报文可以作为载荷被封装在所述第一SRv6报文中。所述第一SRv6报文还包括第一组信息,所述第一组信息用于指示所述第一网络设备基于所述第一用户组确定的、所述第一用户设备和所述第二用户设备传输所述第一业务报文的互通策略。所述第一组信息表示所述第一网络设备针对属于所述第一用户组的所述第一业务报文,确定所述第一网络设备和第二网络设备的互通策略。其中,对于所述第一网络设备确定的互通策略,是所述第一网络设备期望的转发策略。也就是说,所述第一网络设备期望:所述第二网络设备在接收到所述第一业务报文后,根据所述第一网络设备给出的互通策略的规则向所述第一业务报文的目的地转发。例如,所述第一网络设备确定所述第一组信息的值,以便指示所述第一业务报文能够在到达所述第二网络设备后,由所述第二网络设备转发到第二用户设备。又例如,所述第一网络设备确定所述第一组信息的值,以便指示所述第一业务报文能够在到达所述第二网络设备后,由所述第二网络设备丢弃(不被转发到第二用户设备)。因此,所述第一组信息是所述第一网络设备确定的,影响所述第一业务报文是否能够被转发到第二用户设备。
在一种可能的实现方式中,所述第一组信息包括所述第一组标识。
举例说明,使用所述第一组标识作为所述第一组信息。所述第一网络设备根据上述表1所展示的表项,确定发送所述第一业务报文的所述第一用户设备属于所述第一用户组,所述第一用户组表示为所述第一组标识。因此,所述第一组标识指示所述第一用户设备归属于所述第一用户组。所述第一网络设备将所述第一组信息的值确定为所述第一组标识,并且所述第一网络设备生成包括所述第一组信息的所述第一SRv6报文。可以理解,所述第一组信息的值为所述第一组标识的情况下,指示的具体互通策略为:所述第一网络设备转发所述第一业务报文,并且希望所述第二网络设备能够将所述第一业务报文转发的所述第二网络设备。
举例说明,所述第一网络设备根据接收到的业务报文可能无法找到对应的用户。例如,所述第一网络设备根据所述第一业务报文无法在上述表1所展示的表项中找到对应的用户组。这说明,所述第一用户设备不属于任何一个用户组。基于此,所述第一网络设备将所述第一组标识的值确定为无效值,例如设置为全0,相应的,所述第一组信息的值指示为无效值,即全0。然后,所述第一网络设备生成包括所述第一组信息(无效值)的所述第一SRv6报文。可以理解,所述第一组信息的值为无效的情况下,指示的具体互通策略为: 所述第一网络设备转发所述第一业务报文,并且希望所述第二网络设备能够将所述第一业务报文丢弃。
在另一种可能的实现方式中,所述第一组信息包括所述第一组标识和第一组策略标识。图3示出了一种组信息的格式。图3中的组信息包括组标识和组策略标识。例如,所述组信息的总长度为16位,其中,最高三位用于表示组策略标识,其余13位用于表示组标识。图3示出了组标识和组策略标识在同一个字段的实现方式。应当理解,组标识和组策略标识可以被设置为不同的字段的实现方式。结合前述,所述第一组信息中的所述第一组标识用于指示所述第一用户设备所属的用户组;所述第一组信息中的所述第一组策略标识用于指示具体的互通策略。也就是说,所述第一组策略标识用于指示所述第一网络设备基于所述第一用户组确定的、所述第一用户设备和所述第二用户设备传输所述第一业务报文的具体的互通策略。在实际场景中,所述第一网络设备可以按照前述的实现方式,根据所述第一业务报文中的所述第一用户设备的信息确定所述第一用户设备属于所述第一用户组,从而确定所述第一组标识的值。然后,所述第一网络设备根据所述第一网络设备存储的互通策略和所述第一组标识确定所述第一组策略标识的值。因此,所述第一网络设备能够确定所述第一组信息的值,从而,所述第一网络设备能够基于所述第一用户组确定所述第一用户设备和所述第二用户设备传输所述第一业务报文的互通策略。
举例说明,所述第一组信息包括所述第一组标识和第一组策略标识,所述第一组策略标识包括第一标识。所述第一标识用于指示所述第一网络设备包括所述第一用户组和所述第二网络设备不包括第二用户组,所述第二用户组为所述第二用户设备所属的用户组,所述第二用户设备是接收所述第一业务报文的用户设备。结合前述,所述第一网络设备根据所述第一业务报文,确定所述第一用户设备匹配所述第一用户组。所述第一网络设备将所述第一组信息中的所述第一组标识指示为所述第一用户组,并且,所述第一网络设备根据所述第一用户设备能够匹配所述第一用户组的结果,确定具体的互通策略。根据前述,所述组信息的总长度为16位,其中,最高三位用于表示组策略标识。具体的,使用第1位(例如,最高三位中的最高位)表示所述第一标识。所述第一标识的含义是:“源用户设备有用户组,目的用户设备无用户组”。由于第一网络设备确定所述第一用户设备能够匹配所述第一用户组,所述第一网络设备使能所述第一标识(第1位)有效。进一步,所述第一网络设备可以根据本地存储的互通策略设置所述第一标识的值。所述第一标识的值具体指示了所述第一网络设备希望所述第二网络设备对所述第一业务报文的转发策略。例如,所述第一标识的值为1,表示所述第一网络设备希望所述第二网络设备向所述第二用户设备转发所述第一业务报文。又例如,所述第一标识的值为0,表示所述第一网络设备希望所述第二网络设备丢弃所述第一业务报文。
举例说明,所述第一组信息包括所述第一组标识和第一组策略标识,所述第一组策略标识包括第二标识和第三标识。所述第二标识用于指示所述第一网络设备不包括所述第一用户组和所述第二网络设备包括第二用户组。所述第三标识用于指示所述第一网络设备不包括所述第一用户组和所述第二网络设备不包括第二用户组。结合前述,所述第一网络设备根据所述第一业务报文,确定所述第一网络设备存储的表项中没有可以匹配所述第一用户设备的用户组。所述第一网络设备将所述第一组信息中的所述第一组标识指示为无效,并且,所述第一网络设备根据所述第一用户设备没有匹配到用户组的结果,确定具体的互通策略。根据前述,所述组信息的总长度为16位,其中,最高三位用于表示组策略标识。 具体的,使用第2位(例如,最高三位中的次高位)表示所述第二标识,使用第3位表示所述第三标识。所述第二标识的含义是:“源用户设备无用户组,目的用户设备有用户组”;所述第三标识的含义是:“源用户设备无用户组,目的用户设备无用户组”。由于第一网络设备确定所述第一用户设备没有匹配到用户组,并且所述第一网络设备并不知道所述第二网络设备在接收到所述第一业务报文后是否能够匹配到用户组,所述第一网络设备使能所述第二标识(第2位)和所述第三标识(第3位)有效。进一步,所述第一网络设备可以根据本地存储的互通策略设置所述第二标识的值和第三标识的值。所述第二标识的值具体指示了所述第一网络设备希望所述第二网络设备对所述第一业务报文的转发策略。所述第三标识的值具体指示了所述第一网络设备希望所述第二网络设备对所述第一业务报文的转发策略。例如,所述第二标识的值为1,所述第三标识的值为0,表示所述第一网络设备希望所述第二网络设备在根据所述第一业务报文匹配到用户组的情况下,向所述第二用户设备转发所述第一业务报文,以及,所述第一网络设备希望所述第二网络设备在根据所述第一业务报文没有匹配到用户组的情况下,丢弃所述第一业务报文。又例如,所述第二标识的值为0,所述第三标识的值为1,表示所述第一网络设备希望所述第二网络设备在根据所述第一业务报文匹配到用户组的情况下,丢弃所述第一业务报文,以及,所述第一网络设备希望所述第二网络设备在根据所述第一业务报文没有匹配到用户组的情况下,向所述第二用户设备转发所述第一业务报文。
在上述实现方式中,所述第一组策略标识用于指示所述第一网络设备根据所述第一业务报文匹配用户组的情况,同时还用于指示所述第二网络设备根据所述业务报文匹配用户组的情况。如此这样,所述第二网络设备在获取所述第一业务报文后,通过解析所述第一组信息中的所述第一组策略标识就可以知道所述第一网络设备配置的互通策略。因此,所述第二网络设备不需要对所述第一组信息中的所述第一组标识进行解析。从而,提高了所述第二网络设备对所述第一业务报文的处理速度。
在又一种可能的实现方式中,所述第一组信息包括第一组标识和第一组策略标识。所述第一组策略标识用于指示所述第二网络设备根据所述业务报文匹配用户组的情况,而不用于指示所述第一网络设备根据所述第一业务报文匹配用户组的情况。
举例说明,所述第一组策略标识包括第四标识。所述第四标识的实现方式可以参见前述第一标识的实现方式。与所述第一标识不同之处在于,所述第四标识用于指示所述第二网络设备不包括第二用户组,所述第四标识不用于指示所述第一网络设备根据所述第一业务报文匹配用户组的情况。所述第四标识的含义是:“目的用户设备无用户组”。如此这样,所述第一组标识和所述第四标识共同指示的含义是:“源用户设备有用户组,目的用户设备无用户组”。
举例说明,所述第一组策略标识包括第五标识和第六标识。所述第五标识的实现方式可以参见前述第二标识的实现方式。与所述第二标识不同之处在于,所述第五标识用于指示所述第二网络设备包括第二用户组,所述第五标识不用于指示所述第一网络设备根据所述第一业务报文匹配用户组的情况。所述第五标识的含义是:“目的用户设备有用户组”。如此这样,所述第一组标识和所述第五标识共同指示的含义是:“源用户设备无用户组,目的用户设备有用户组”。相应的,所述第六标识的实现方式可以参见前述第三标识的实现方式。与所述第三标识不同之处在于,所述第六标识用于指示所述第二网络设备不包括第二用户组,所述第六标识不用于指示所述第一网络设备根据所述第一业务报文匹配用户 组的情况。所述第六标识的含义是:“目的用户设备无用户组”。如此这样,所述第一组标识和所述第六标识共同指示的含义是:“源用户设备无用户组,目的用户设备无用户组”。
在上述实现方式中,所述第二网络设备在获取所述第一业务报文后,通过解析所述第一组信息中的所述第一组标识和所述第一组策略标识就可以知道所述第一网络设备配置的互通策略。
结合前述,所述第一组信息被携带在第一SRv6报文中,所述第一SRv6报文是所述第一网络设备封装所述第一业务报文得到的报文。图4示出了本申请实施例的一种SRv6报文的报头格式。如图4所示,SRv6报头包括IPv6报头和段路由报头,可选的,SRv6报头还可以包括逐跳选项报头(Hop-by-Hop Options Header)和/或目的选项报头(Destination Options Header)。其中,在本申请中,段路由报头可以表示为SRH,逐跳选项报头可以表示为HBH选项报头。所述第一组信息可以被携带在IPv6报头中;或者,所述第一组信息可以被携带在HBH选项报头中;或者,所述第一组信息可以被携带在目的选项报头中;或者,所述第一组信息可以被携带在SRH中。在一种可能的实现方式中,所述第一组信息包括所述第一组标识。因此,所述第一组标识可以被携带在IPv6报头中、或HBH选项报头中、或目的选项报头中、或SRH中。在另一种可能的实现方式中,所述第一组信息包括所述第一组标识和所述第一组策略标识。因此,所述第一组标识和所述第一组策略标识可以被携带在IPv6报头中、或HBH选项报头中、或目的选项报头中、或SRH中。另外,所述第一组标识和所述第一组策略标识可以被携带在同一个字段中,如图3所示。所述第一组标识和所述第一组策略标识也可以被携带在同一个报头的不同字段中,或者被携带在不同报头的不同字段中。例如,所述第一组标识被携带在IPv6报头中,所述第一组策略标识被携带在SRH中。下面,以第一组信息为例进行具体的说明。
举例说明,根据RFC8200的定义,IPv6报头(RFC8200的第3节)包括下一个报头(next header)信息,也可以称为下一个报头字段。如果所述IPv6报头中下一个报头信息的取值为0,指示所述IPv6报头的下一个报头是HBH选项报头。其中,所述HBH选项报头是所述IPv6报头的下一个报头是指,所述HBH选项报头紧跟着(immediately following)所述IPv6报头。具体地,所述HBH报头被封装在所述IPv6报头和载荷之间,并且与所述IPv6报头相邻。根据RFC8200的第4.3节的解释,所述HBH选项报头被传递SRv6报文的路径上的每一跳网络设备处理。进一步,所述HBH选项报头包括选项信息,所述选项信息被传递SRv6报文的路径上的每一跳网络设备处理。所述IPv6报头还包括版本(version)信息,流量等级(traffic class)信息,流标签(flow label)信息,载荷长度(payload length)信息,跳数限制(hop limit)信息,源地址(source address)信息和目的地址(destination address)信息。其中,所述流标签信息的长度是20bit。在一种可能的实现方式中,所述流标签信息用于携带所述第一组信息。具体的,使用所述流标签信息的部分长度(例如16bit)作为所述第一组信息。所述流标签信息中的其余部分长度(4bit)保持原有的流标签功能。另外,还可以在流量等级信息中设置一个标志位(长度为1bit),这个标志位用于指示所述流标签信息中包括所述第一组信息。
举例说明,可以参见RFC8200的第4.3节的解释,所述HBH选项报头包括下一个报头(next header)信息,报头扩展长度(hdr ext len)信息和选项(options)。在选项中定义第一选项,所述第一选项用于携带所述第一组信息。具体的,所述第一选项包括选项类型(option type)信息,选项数据长度(opt data len)信息和选项数据,其中,选项数据用于 携带所述第一组信息。在基于HBH选项报头携带所述第一组信息的实现中,所述第二网络设备需要使能对option的处理的配置。相应的,所述第一网络设备和所述第二网络设备之前包括其他网络设备时,其他网络设备可以不使能对option的处理的配置。另外,上述提及的标志位也可以用于指示所述HBH选项报头中包括所述第一组信息。
举例说明,可以参见RFC8200的第4.6节的解释,所述目的选项报头包括下一个报头(next header)信息,报头扩展长度(hdr ext len)信息和选项(options)。在选项中定义第二选项,所述第二选项用于携带所述第一组信息。具体的,所述第二选项包括选项类型(option type)信息,选项数据长度(opt data len)信息和选项数据,其中,选项数据用于携带所述第一组信息。另外,上述提及的标志位也可以用于指示所述所述目的选项报头中包括所述第一组信息。
举例说明,可以参见RFC8754的第2节的解释,所述SRH包括下一个报头(next header)信息,报头扩展长度(hdr ext len)信息,路由类型(routing type)信息,剩余段(segments left)信息,最后表项(last entry)信息,标志(flags),标签(tag)和段列表(segment list)信息。可选的,所述SRH还可以包括SRH TLV(其中,TLV:类型-长度-值,type-length-value)信息。在一种可能的实现中,所述第一组信息可以被携带在所述标签中。进一步,可以使用所述标签的部分长度(例如16bit)作为所述第一组信息。所述标签中的其余部分长度保持原有的标签功能。另外,还可以在所述标志中设置一个标志位(长度为1bit),这个标志位用于指示所述SRH中包括所述第一组信息。在另一种可能的实现中,所述第一组信息可以被携带在所述SRH TLV中。在又一种可能的实现中,所述第一组信息可以被携带在所述段列表信息中。
S104、所述第一网络设备向第二网络设备发送所述第一SRv6报文。
S105、第二网络设备接收所述第一网络设备发送的所述第一基SRv6报文。
所述第一网络设备根据上述S102和S103的实现方式生成所述第一SRv6报文,所述第一SRv6报文包括所述第一组信息和所述第一业务报文。所述第一用户设备的信息可以是所述第一业务报文包括的源IP地址,或者所述第一用户设备的信息可以是所述第一业务报文包括的源MAC地址。在一种可能的实现方式中,所述第一网络设备与所述第二网络设备之间包括SRv6隧道。所述第一网络设备基于所述SRv6隧道向所述第二网络设备发送所述第一SRv6报文。所述第二网络设备接收所述第一SRv6报文。其中,所述第一网络设备与所述第二网络设备之间的SRv6隧道上可以包括其他网络设备。
S106、所述第二网络设备确定所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组,所述第二用户组为所述第二用户设备所属的用户组。
S107、根据所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组的确定结果和所述第一组信息,所述第二网络设备确定向所述第二用户设备转发所述第一业务报文的转发策略。
所述第二网络设备接收到所述第一SRv6报文后,对所述第一SRv6报文解封装,得到所述第一组信息和所述第一业务报文。所述第一业务报文的目的地是所述第二用户设备,如图1所示,所述第二用户设备与所述第二网络设备通信。所述第一业务报文包括第二用户设备的信息,所述第二用户设备的信息用于指示第二用户设备。在一种可能的实现中,所述第二用户设备的信息是地址信息,具体的,所述第二用户设备的信息包括MAC地址或IP地址。所述第二用户设备是所述第一业务报文的接收端设备。因此所述第二用户设备的信 息包括的MAC地址是所述第一业务报文的目的MAC地址,所述第二用户设备的信息包括的IP地址是所述第一业务报文的目的IP地址。
所述第二网络设备确定所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组,所述第二用户组为所述第二用户设备所属的用户组。在具体的实现中,如表1所示,所述第二网络设备可以保存有至少一条表项,所述至少一条表项中每条表项包括用户设备的信息与用户组的对应关系,其中,用户设备的信息是接收业务报文的用户设备的用户设备的信息,例如目的MAC地址或目的IP地址。为了方便描述,表2中的用户设备的信息称为目的用户设备的信息,表2中的用户设备称为目的用户设备,表2中的用户组称为目的用户组。如表2所示,第二用户设备的信息与第二用户组对应,表示第二用户设备归属第二用户组;第四用户设备的信息与第四用户组对应,表示第四用户设备归属第四用户组。需要说明的是,表2的表现方式是为了清楚的显示目的用户设备的归属,在实现中,存储在所述第二网络设备中的表项可以不包括表2中的第一列信息(目的用户设备)。
目的用户设备 目的用户设备的信息 目的用户组
第二用户设备 第二用户设备的信息 第二用户组
第四用户设备 第四用户设备的信息 第四用户组
用户设备2 用户设备2的信息 第二用户组
用户设备3 用户设备3的信息 第四用户组
表2
所述第二网络设备获取所述第一业务报文中的所述第二用户设备的信息后,根据所述第二用户设备的信息查询所述第二网络设备存储的所述至少一条表项(如表2所示)。所述第二网络设备根据第二用户设备的信息与第二用户组的对应关系,确定与第二用户设备的信息对应的用户组是第二用户组。因此,所述第二网络设备可以确定所述第二用户设备归属第二用户组。
在一种可能的实现方式中,表2中的目的用户组可以使用组标识的形式表示。例如,第二用户组可以使用组标识报头2表示,第四用户组可以使用组标识Group_ID_4表示。在一种可能的实现中,组标识可以使用16bit长度的数据表示。相应的,所述第二网络设备存储的表2所示的表项时,可以存储组标识作为目的用户组。因此,组标识用于指示用户组,也可以理解为,组标识用于指示用户设备归属的用户组。
根据前述,所述第一业务报文包括所述第一组信息。所述第一组信息用于指示所述第一网络设备基于所述第一用户组确定的、所述第一用户设备和所述第二用户设备传输所述第一业务报文的互通策略。也就是说,所述第二网络设备通过解析所述第一业务报文就可以获知所述第一网络设备基于所述第一用户组确定的、所述第一用户设备和所述第二用户设备传输所述第一业务报文的互通策略。相应的,根据所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组的确定结果,所述第二网络设备基于所述第二用户组确定的、所述第一用户设备和所述第二用户设备传输所述第一业务报文的互通策略。然后,所述第二网络设备根据所述第一网络设备确定的互通策略和所述第二网络设备确定的互通策略,确定向所述第二用户设备转发所述第一业务报文的转发策略。
在上述实现方式中,所述第二网络设备在确定向所述第二用户设备转发所述第一业务报文的转发策略过程中,同时考虑了所述第一网络设备确定的互通策略和所述第二网络设 备确定的互通策略。其中,所述第一网络设备确定的互通策略指示了所述第一网络设备希望所述第二网络设备按照所述第一网路设备确定的互通策略转发所述第一业务报文。所述第二网络设备确定的互通策略指示了所述第二网络设备根据所述第一业务报文中的目的地址匹配用户组的情况,基于本地策略确定的互通策略。在一种可能的实现方式中,所述第二网络设备存储有至少一条表项,所述至少一条表项指示了“源端互通策略”和“目的端互通策略”与“转发策略”之间的对应关系,如表3所示。
源端互通策略 目的端互通策略 转发策略
可互通 可互通 转发
可互通 不可互通 随机丢弃
不可互通 可互通 限速转发
不可互通 不可互通 丢弃
表3
如表3所示,“源端互通策略”指示了所述第一网络设备基于所述第一用户组确定的、所述第一用户设备和所述第二用户设备传输所述第一业务报文的互通策略,具体实现可以参见前述实施方式。通过所述第一网络设备确定的互通策略,可以反映出了所述第一网络设备是否希望所述第一业务报文在所述第二网络设备上被转发。例如,在所述第一组信息包括所述第一组标识的实现中,当所述第一组标识的值指示所述第一用户组,所述第一网络设备希望所述第一业务报文在所述第二网络设备上被转发,源端互通策略为“可互通”;相应的,当所述第一组标识的值指示无效值,所述第一网络设备不希望所述第一业务报文在所述第二网络设备上被转发,源端互通策略为“不可互通”。又例如,例如,在所述第一组信息包括所述第一组标识和所述第一策略标识的实现中,当所述第一策略标识中包括的标识的取值为1,所述第一网络设备希望所述第一业务报文在所述第二网络设备上被转发,源端互通策略为“可互通”;相应的,当所述第一策略标识中包括的标识的取值为0,所述第一网络设备不希望所述第一业务报文在所述第二网络设备上被转发,源端互通策略为“不可互通”。
如表3所示,“目的端互通策略”指示了所述第二网络设备基于所述第二用户组确定的、所述第一用户设备和所述第二用户设备传输所述第一业务报文的互通策略。通过所述第二网络设备确定的互通策略,可以反映出了所述第二网络设备是否希望所述第一业务报文在所述第二网络设备上被转发。在一种可能的实现方式中,所述第二网络设备基于本地策略,根据所述第二用户组确定互通策略。在另一种可能的实现方式中,所述第二网络设备基于本地策略,根据所述第一用户组和所述第二用户组确定互通策略。应当理解,表3中示出的具体的转发策略是示例性的。
下面基于所述第一组信息不同的实现方式进行分别说明。
举例说明,所述第一组信息包括所述第一组标识。所述第二网络设备接收到所述第一SRv6报文后,获取所述第一SRv6报文中的所述第一组信息。所述第二网络设备根据所述第一组信息包括的所述第一组标识确定源端互通策略。例如,所述第一组标识的值指示所述第一用户组,所述第二网络设备可以确定源端互通策略是“可互通”。又例如,所述第一组标识的值指示无效值,所述第二网络设备可以确定源端互通策略是“不可互通”。所述第二网络设备根据所述第一业务报文确定所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组。如果所述第二网络设备确定所述第二网络设备中包括与所 述第二用户设备的信息对应的第二用户组,所述第二网络设备可以确定目的端互通策略是“可互通”。如果所述第二网络设备确定所述第二网络设备中不包括与所述第二用户设备的信息对应的第二用户组,所述第二网络设备可以确定目的端互通策略是“不可互通”。所述第二网络设备在确定源端互通策略和目的端互通策略后,所述第二网络设备可以根据表3的实现方式,确定向所述第二用户设备转发所述第一业务报文的转发策略。例如,源端互通策略是“可互通”,目的端互通策略是“可互通”,则所述第二网络设备确定的转发策略是“转发”,也就是说,所述第二网络设备向所述第二用户设备转发所述第一业务报文。又例如,源端互通策略是“可互通”,目的端互通策略是“不可互通”,则所述第二网络设备确定的转发策略是“随机丢弃”,也就是说,所述第二网络设备以随机丢弃的方式向所述第二用户设备转发所述第一业务报文。其中,“以随机丢弃的方式”是指所述第二网络设备按照预设的随机参数确定所述第一业务报文是否被发送到所述第二用户设备。因此,所述第一业务报文有一定概率被发送到所述第二用户设备,同样道理,所述第一业务报文也有一定概率被所述第二网络设备丢弃。
举例说明,所述第一组信息包括所述第一组标识和所述第一组策略标识,所述第一组策略标识包括所述第一标识。所述第一标识用于指示所述第一网络设备包括所述第一用户组和所述第二网络设备不包括第二用户组。所述第二网络设备确定所述第二网络设备中不包括与所述第二用户设备的信息对应的第二用户组。从而,所述第二网络设备可以知道所述第一标识符合所述第二网络设备确定的结果。如果所述第一标识的值为1,所述第二网络设备根据所述第一标识的值确定源端互通策略是“可互通”。如果所述第一标识的值为0,所述第二网络设备根据所述第一标识的值确定源端互通策略是“不可互通”。相应的,所述第二网络设备可以基于本地策略,根据所述第二用户组的匹配情况,确定目的端互通策略。例如,所述第二网络设备确定所述第二用户设备的信息可以匹配所述第二用户组,所述第二网络设备确定目的端互通策略是“可互通”。又例如,所述第二网络设备确定所述第二用户设备的信息没有匹配的用户组,所述第二网络设备确定目的端互通策略是“不可互通”。所述第二网络设备可以基于本地策略,根据所述第二用户组的匹配情况和所述第一用户组的匹配情况,确定目的端互通策略。例如,所述第一用户组能够匹配和所述第二用户组不能匹配,所述第二网络设备确定目的端互通策略是“不可互通”。又例如,所述第一用户组能够匹配和所述第二用户组能够匹配,所述第二网络设备确定目的端互通策略是“可互通”。所述第二网络设备在确定源端互通策略和目的端互通策略后,所述第二网络设备可以根据表3的实现方式,确定向所述第二用户设备转发所述第一业务报文的转发策略。例如,源端互通策略是“不可互通”,目的端互通策略是“不可互通”,则所述第二网络设备确定的转发策略是“丢弃”,也就是说,所述第二网络设备丢弃所述第一业务报文。又例如,源端互通策略是“不可互通”,目的端互通策略是“可互通”,则所述第二网络设备确定的转发策略是“限速转发”,也就是说,所述第二网络设备以限速转发的方式向所述第二用户设备转发所述第一业务报文。其中,“以限速转发的方式”是指所述第二网络设备向所述第二用户设备转发所述第一业务报文,并且限制转发速率不超过设定的速率。
在前述实施方式中,没有说明对应所述第一网络设备包括所述第一用户组和所述第二网络设备包括第二用户组的指示标识。原因是,在这种情况下,所述第一网络设备和所述第二网络设备可以通过组标识的情况确定最终的转发策略。应当理解,再具体的实现场景 中,也可以配置上述标识,以便指示所述第一用户组和所述第二网络设备包括第二用户组。具体的互通策略和转发策略的确定可以参考前述实现方式,此处不进行赘述。
举例说明,所述第一组信息包括所述第一组标识和所述第一组策略标识,所述第一组策略标识包括所述第二标识和所述第三标识。所述第二标识用于指示所述第一网络设备不包括所述第一用户组和所述第二网络设备包括第二用户组。所述第三标识用于指示所述第一网络设备不包括所述第一用户组和所述第二网络设备不包括第二用户组。所述第二网络设备根据所述第一业务报文确定所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组。如果所述第二网络设备确定所述第二网络设备中包括与所述第二用户设备的信息对应的第二用户组,所述第二网络设备根据所述第二标识确定源端互通策略。如果所述第二网络设备确定所述第二网络设备中不包括与所述第二用户设备的信息对应的第二用户组,所述第二网络设备根据所述第三标识确定源端互通策略。进一步,如果所述第二标识或所述第三标识的值为1,所述第二网络设备根据所述第二标识或所述第三标识的值确定源端互通策略是“可互通”。如果所述第二标识或所述第三标识的值为0,所述第二网络设备根据所述第二标识或所述第三标识的值确定源端互通策略是“不可互通”。相应的,所述第二网络设备可以基于本地策略,根据所述第二用户组的匹配情况,确定目的端互通策略,具体实现方式可以参见前述实施方式,此处不进行赘述。所述第二网络设备在确定源端互通策略和目的端互通策略后,所述第二网络设备可以根据表3的实现方式,确定向所述第二用户设备转发所述第一业务报文的转发策略。
举例说明,所述第一组信息包括所述第一组标识和所述第一组策略标识,所述第一组策略标识包括第四标识,所述第四标识用于指示所述第二网络设备不包括第二用户组。所述第二网络设备确定转发策略的实现方式可以参见前述关于所述第一标识的实现方式,此处不进行赘述。
举例说明,所述第一组信息包括所述第一组标识和所述第一组策略标识,所述第一组策略标识包括第五标识和第六标识,所述第五标识用于指示所述第二网络设备包括第二用户组,所述第六标识用于指示所述第二网络设备不包括第二用户组。所述第二网络设备确定转发策略的实现方式可以参见前述关于所述第二标识和所述第三标识的实现方式,此处不进行赘述。
在上述实现方式中,所述源端互通策略是第一组策略,可以使用第一组策略标识进行标识;相应的,所述目的端互通策略是第二组策略,可以使用第二组策略标识进行标识。所述第二组策略包括的、具体的组策略可以是子策略,例如,所述第二组策略包括第一子策略,所述第一子策略指示所述第二用户组确定的、在所述第一网络设备包括所述第一用户组和所述第二网络设备不包括第二用户组情况下的互通策略。例如,所述第二组策略包括第二子策略,所述第二子策略指示所述第二用户组确定的、在所述第一网络设备不包括所述第一用户组和所述第二网络设备包括所述第二用户组情况下的互通策略。
通过上述实现方式,第一网络设备和第二网络设备之间传输的SRv6报文中携带有组信息,从而作为接收端设备的第二网络设备可以根据发送端设备确定的互通策略和接收端设备确定的互通策略对用户组的转发策略进行控制。
图5为本申请实施例的第一网络设备1000的结构示意图。图5所示的第一网络设备1000可以执行上述实施例的方法中第二网络设备执行的相应步骤。所述第二网络设备1000被部署在通信网络中,所述通信网络还包括第二网络设备。如图5所示,所述第一网络设备1000 包括接收单元1002、处理单元1004和发送单元1006。
所述接收单元1002,用于接收第一用户设备发送的第一业务报文,所述第一业务报文包括第一用户设备的信息,所述第一业务报文的目的地是第二用户设备;
所述处理单元1004,用于确定所述第一网络设备中是否包括与所述第一用户设备的信息对应的第一用户组,所述第一用户组为所述第一用户设备所属的用户组;
根据所述第一网络设备中是否包括与所述第一用户设备的信息对应的所述第一用户组的确定结果,所述处理单元1004还用于确定第一组信息的值和生成第一SRv6报文,所述第一SRv6报文包括所述第一组信息和所述第一业务报文,所述第一组信息用于指示所述第一网络设备基于所述第一用户组确定的、所述第一用户设备和所述第二用户设备传输所述第一业务报文的互通策略;
所述发送单元1006,用于向第二网络设备发送所述第一SRv6报文,所述第二网络设备与所述第二用户设备通信。
可选的,所述第一组信息包括第一组标识,所述第一组标识用于指示所述第一用户设备所属的用户组,所述根据所述第一网络设备中是否包括与所述第一用户设备的信息对应的所述第一用户组的确定结果,所述处理单元1004确定第一组信息的值,包括:响应于所述处理单元1004确定所述第一网络设备中包括与所述第一用户设备的信息对应的所述第一用户组,所述处理单元1004用于确定所述第一组标识的值指示所述第一用户组。
可选的,所述第一组信息包括第一组标识,所述第一组标识用于指示所述第一用户设备所属的用户组,所述根据所述第一网络设备中是否包括与所述第一用户设备的信息对应的所述第一用户组的确定结果,所述处理单元1004确定第一组信息的值,包括:响应于所述处理单元1004确定所述第一网络设备中不包括与所述第一用户设备的信息对应的所述第一用户组,所述处理单元1004用于确定所述第一组标识的值指示无效。
可选的,所述第一组信息包括第一组标识和第一组策略标识,所述第一组标识用于指示所述第一用户设备所属的用户组,所述第一组策略标识用于指示具体的互通策略。
可选的,所述第一组策略标识包括第一标识,所述第一标识用于指示所述第一网络设备包括所述第一用户组和所述第二网络设备不包括第二用户组,所述第二用户组为所述第二用户设备所属的用户组,所述根据所述第一网络设备中是否包括与所述第一用户设备的信息对应的所述第一用户组的确定结果,所述处理单元1004确定第一组信息的值,包括:响应于所述处理单元1004确定所述第一网络设备中包括与所述第一用户设备的信息对应的所述第一用户组,所述处理单元1004用于确定所述第一组标识的值指示所述第一用户组和确定所述第一标识的值。
可选的,所述第一组策略标识包括第二标识和第三标识,所述第二标识用于指示所述第一网络设备不包括所述第一用户组和所述第二网络设备包括第二用户组,所述第三标识用于指示所述第一网络设备不包括所述第一用户组和所述第二网络设备不包括第二用户组,所述第二用户组为所述第二用户设备所属的用户组,所述根据所述第一网络设备中是否包括与所述第一用户设备的信息对应的所述第一用户组的确定结果,所述处理单元1004确定第一组信息的值,包括:响应于所述处理单元1004确定所述第一网络设备中包括与所述第一用户设备的信息对应的所述第一用户组,所述处理单元1004用于确定所述第一组标识的值指示无效和确定所述第二标识的值和所述第三标识的值。
可选的,所述第一组策略标识包括第四标识,所述第四标识用于指示所述第二网络设 备不包括第二用户组,所述第二用户组为所述第二用户设备所属的用户组,所述根据所述第一网络设备中是否包括与所述第一用户设备的信息对应的所述第一用户组的确定结果,所述处理单元1004确定第一组信息的值,包括:响应于所述处理单元1004确定所述第一网络设备中包括与所述第一用户设备的信息对应的所述第一用户组,所述处理单元用于确定所述第一组标识的值指示所述第一用户组和确定所述第四标识的值。
可选的,所述第一组策略标识包括第五标识和第六标识,所述第五标识用于指示所述第二网络设备包括第二用户组,所述第六标识用于指示所述第二网络设备不包括第二用户组,所述第二用户组为所述第二用户设备所属的用户组,所述根据所述第一网络设备中是否包括与所述第一用户设备的信息对应的所述第一用户组的确定结果,所述处理单元1004确定第一组信息的值,包括:响应于所述处理单元1004确定所述第一网络设备中包括与所述第一用户设备的信息对应的所述第一用户组,所述处理单元1004用于确定所述第一组标识的值指示无效和确定所述第五标识的值和所述第六标识的值。
可选的,所述第一组标识被携带在所述第一SRv6报文包括的下列报头中的任意一种报头中:IPv6报头、逐跳选项报头、目的选项报头和段路由报头。
可选的,所述第一组策略标识被携带在所述第一SRv6报文包括的下列报头中的任意一种报头中:IPv6报头、逐跳选项报头、目的选项报头和段路由报头。
可选的,所述第一SRv6报文经由所述第一网络设备与所述第二网络设备之间的SRv6隧道传输。
可选的,所述第一用户设备的信息是所述第一业务报文包括的源IP地址,或者所述第一用户设备的信息是所述第一业务报文包括的源MAC地址。
图5所示的第一网络设备1000可以执行上述实施例的方法中第一网络设备执行的相应步骤。第一网络设备向第二网络设备发送的SRv6报文中携带有组信息,从而作为发送端设备的第一网络设备可以参与确定针对用户组的转发策略的控制。
图6为本申请实施例的第一网络设备1100的硬件结构示意图。图6所示的第一网络设备1100可以执行上述实施例的方法中第一网络设备执行的相应步骤。
如图6所示,所述第一网络设备1100包括处理器1101、存储器1102、接口1103和总线1104。其中接口1103可以通过无线或有线的方式实现。上述处理器1101、存储器1102和接口1103通过总线1104连接。
所述接口1103具体可以包括发送器和接收器,用于第一网络设备与上述实施例中的第二网络设备之间收发信息,以及用于所述第一网络设备与上述实施例中的第一用户设备之间收发信息。例如,所述接口1103用于支持接收所述第一用户设备发送的第一业务报文。以及,所述接口1103用于支持向所述第二网络设备发送第一SRv6报文。作为举例,所述接口1103用于支持图2中的过程S101和S104。所述处理器1101用于执行上述实施例中由第一网络设备进行的处理。例如,所述处理器1101用于执行确定所述第一用户设备所述的用户组的动作、根据确定结果确定互通策略的动作、以及生成所述第一SRv6报文的动作;和/或用于本文所描述的技术的其他过程。作为举例,所述处理器1101用于支持图2中的过程S102和S103。存储器1102,用于存储程序、代码或指令,例如,存储动作系统11021和应用程序11022,当处理器或硬件设备执行这些程序、代码或指令时可以完成方法实施例中涉及第一网络设备的处理过程。可选地,所述存储器1102可以包括只读存储器(Read-only Memory,ROM)和随机存取存储器(Random Access Memory,RAM)。其中,所述ROM 包括基本输入/输出系统(Basic Input/Output System,BIOS)或嵌入式系统;所述RAM包括应用程序和动作系统。当需要运行第一网络设备1100时,通过固化在ROM中的BIOS或者嵌入式系统中的bootloader引导系统进行启动,引导第一网络设备1100进入正常运行状态。在第一网络设备1100进入正常运行状态后,运行在RAM中的应用程序和动作系统,从而,完成方法实施例中涉及第一网络设备的处理过程。
可以理解的是,图6仅仅示出了第一网络设备1100的简化设计。在实际应用中,第一网络设备可以包含任意数量的接口,处理器或者存储器。
图7为本申请实施例的另一种第一网络设备1200的硬件结构示意图。图7所示的第一网络设备1200可以执行上述实施例的方法中第一网络设备执行的相应步骤。
如图7所述,第一网络设备1200包括:主控板1210、接口板1230、交换网板1220和接口板1240。主控板1210、接口板1230和1240,以及交换网板1220之间通过系统总线与系统背板相连实现互通。其中,主控板1210用于完成系统管理、设备维护、协议处理等功能。交换网板1220用于完成各接口板(接口板也称为线卡或业务板)之间的数据交换。接口板1230和1240用于提供各种业务接口(例如,POS接口、GE接口、ATM接口等),并实现数据包的转发。
接口板1230可以包括中央处理器1231、转发表项存储器1234、物理接口卡1233和网络处理器1232。其中,中央处理器1231用于对接口板进行控制管理并与主控板上的中央处理器进行通信。转发表项存储器1234用于保存转发表项。物理接口卡1233用于完成流量的接收和发送。网络存储器1232用于根据所述转发表项控制物理接口卡1233收发流量。
具体地,物理接口卡1233用于接收所述第一用户设备发送的第一业务报文。物理接口卡1233还用于向所述第二网络设备发送所述第一SRv6报文。
物理接口卡1233接收到所述第一业务报文后,将所述第一业务报文发送到中央处理器1231,所述中央处理器1231根据所述第一业务报文的报文头中的信息确定所述第一业务报文需要由所述中央处理器1231处理,相应的,中央处理器1231处理所述第一业务报文。
可选地,物理接口卡1233接收到所述第一业务报文后,将所述第一业务报文发送到中央处理器1231,所述中央处理器1231根据所述第一业务报文的报文头中的信息确定所述第一业务报文需要由中央处理器1211处理,所述中央处理器1231将所述第一业务报文上送到中央处理器1211,所述中央处理器1211处理所述第一业务报文。
中央处理器1231还用于控制网络存储器1232获取转发表项存储器1234中的转发表项,并且,中央处理器1231还用于控制网络存储器1232经由物理接口卡1233向所述第二网络设备发送所述第一SRv6报文。
应理解,本发明实施例中接口板1240上的动作与所述接口板1230的动作一致,为了简洁,不再赘述。应理解,本实施例的第一网络设备1200可对应于上述方法实施例所具有的功能和/或所实施的各种步骤,在此不再赘述。
此外,需要说明的是,主控板可能有一块或多块,有多块的时候可以包括主用主控板和备用主控板。接口板可能有一块或多块,第一网络设备的数据处理能力越强,提供的接口板越多。接口板上的物理接口卡也可以有一块或多块。交换网板可能没有,也可能有一块或多块,有多块的时候可以共同实现负荷分担冗余备份。在集中式转发架构下,第一网络设备可以不需要交换网板,接口板承担整个系统的业务数据的处理功能。在分布式转发架构下,第一网络设备可以有至少一块交换网板,通过交换网板实现多块接口板之间的数 据交换,提供大容量的数据交换和处理能力。所以,分布式架构的第一网络设备的数据接入和处理能力要大于集中式架构的设备。具体采用哪种架构,取决于具体地组网部署场景,此处不做任何限定。
另外,本申请实施例提供了一种计算机存储介质,用于储存为上述第一网络设备所用的计算机软件指令,其包含用于执行上述方法实施例所设计的程序。
图8为本申请实施例的第二网络设备2000的结构示意图。图8所示的第二网络设备2000可以执行上述实施例的方法中第二网络设备执行的相应步骤。所述第二网络设备被部署在通信网络中,所述通信网络还包括第一网络设备。如图8所示,所述第二网络设备2000包括接收单元2002和处理单元2004。
所述接收单元2002,用于接收第一网络设备发送的第一SRv6报文,所述第一SRv6报文包括第一组信息和第一业务报文,所述第一组信息用于指示所述第一网络设备基于第一用户组确定的、第一用户设备和第二用户设备传输所述第一业务报文的互通策略,所述第一业务报文来自所述第一用户设备,所述第一业务报文的目的地是所述第二用户设备,所述第一用户组为所述第一用户设备所属的用户组,所述第一业务报文包括第二用户设备的信息;
所述处理单元2004,用于确定所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组,所述第二用户组为所述第二用户设备所属的用户组;
根据所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组的确定结果和所述第一组信息,所述处理单元2004还用于确定向所述第二用户设备转发所述第一业务报文的转发策略。
可选的,所述第二网络设备还包括发送单元2006,所述第一组信息包括第一组标识,所述第一组标识用于指示所述第一用户设备所属的用户组,所述根据所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组的确定结果和所述第一组信息,所述处理单元2004确定向所述第二用户设备转发所述第一业务报文的转发策略,包括:响应于所述处理单元2004确定所述第二网络设备中包括与所述第二用户设备的信息对应的所述第二用户组和所述第一组标识的值指示所述第一用户组,所述发送单元2004用于向所述第二用户设备发送所述第一业务报文。
可选的,所述第二网络设备还包括发送单元2006,所述第一组信息包括第一组标识,所述第一组标识用于指示所述第一用户设备所属的用户组,所述根据所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组的确定结果和所述第一组信息,所述处理单元2004确定向所述第二用户设备转发所述第一业务报文的转发策略,包括:响应于所述处理单元2004确定所述第二网络设备中不包括与所述第二用户设备的信息对应的所述第二用户组和所述第一组标识的值指示所述第一用户组,所述发送单元2006用于以随机丢弃的方式或以限速转发的方式向所述第二用户设备发送所述第一业务报文。
可选的,所述第二网络设备还包括发送单元2006,所述第一组信息包括第一组标识,所述第一组标识用于指示所述第一用户设备所属的用户组,所述根据所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组的确定结果和所述第一组信息,所述处理单元2004确定向所述第二用户设备转发所述第一业务报文的转发策略,包括:响应于所述处理单元2004确定所述第二网络设备中包括与所述第二用户设备的信息对应的所述第二用户组和所述第一组标识的值指示无效,所述发送单元2006用于以随机丢弃的方式 或以限速转发的方式向所述第二用户设备发送所述第一业务报文。
可选的,所述第一组信息包括第一组标识和第一组策略标识,所述第一组标识用于指示所述第一用户设备所属的用户组,所述第一组策略标识用于指示具体的互通策略。
可选的,所述根据所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组的确定结果和所述第一组信息,所述处理单元2004确定向所述第二用户设备转发所述第一业务报文的转发策略,包括:所述处理单元2004用于根据所述确定结果确定第二组策略,所述第二组策略用于指示所述第二网络设备基于所述第二用户组确定的、所述第一用户设备和所述第二用户设备传输所述第一业务报文的互通策略;所述处理单元2004还用于根据所述第一组策略标识所指示的互通策略和所述第二组策略,确定向所述第二用户设备转发所述第一业务报文的转发策略。
可选的,所述处理单元2004根据所述第一组策略标识所指示的互通策略和所述第二组策略,确定向所述第二用户设备转发所述第一业务报文的转发策略,包括:所述处理单元2004用于确定所述第一组策略标识中的第一标识有效,所述第一标识用于指示所述第一网络设备包括所述第一用户组和所述第二网络设备不包括第二用户组;所述处理单元2004还用于根据所述第一标识确定所述第二组策略中的第一子策略,所述第一子策略指示所述第二用户组确定的、在所述第一网络设备包括所述第一用户组和所述第二网络设备不包括第二用户组情况下的互通策略;所述处理单元2004还用于根据所述第一标识的值所指示的互通策略和所述第一子策略,确定向所述第二用户设备转发所述第一业务报文的转发策略。
可选的,所述处理单元2004根据所述第一组策略标识所指示的互通策略和所述第二组策略,确定向所述第二用户设备转发所述第一业务报文的转发策略,包括:所述处理单元2004用于确定所述第一组策略标识中的第二标识和第三标识有效,所述第二标识用于指示所述第一网络设备不包括所述第一用户组和所述第二网络设备包括所述第二用户组,所述第三标识用于指示所述第一网络设备不包括所述第一用户组和所述第二网络设备不包括第二用户组;所述处理单元2004还用于根据所述第二标识和所述第三标识确定所述第二组策略中的第二子策略,所述第二子策略指示所述第二用户组确定的、在所述第一网络设备不包括所述第一用户组和所述第二网络设备包括所述第二用户组情况下的互通策略;所述处理单元2004还用于根据所述第二标识的值所指示的互通策略和所述第二子策略,确定向所述第二用户设备转发所述第一业务报文的转发策略。
可选的,所述根据所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组的确定结果和所述第一组信息,所述处理单元2004确定向所述第二用户设备转发所述第一业务报文的转发策略,包括:所述处理单元2004用于根据所述确定结果确定第二组策略,所述第二组策略用于指示所述第二网络设备基于所述第二用户组确定的、所述第一用户设备和所述第二用户设备传输所述第一业务报文的互通策略;所述处理单元2004还用于根据所述第一组标识与所述第一组策略标识所指示的互通策略和所述第二组策略,确定向所述第二用户设备转发所述第一业务报文的转发策略。
可选的,所述转发策略为下列转发策略中的任一种:转发、丢弃、以随机丢弃的方式转发、和以限速转发的方式转发。
可选的,所述第一组信息被携带在所述第一SRv6报文包括的下列报头中的任意一种报头中:IPv6报头、逐跳选项报头、目的选项报头和段路由报头。
可选的,所述第一SRv6报文经由所述第一网络设备与所述第二网络设备之间的SRv6 隧道传输。
可选的,所述第二用户设备的信息是所述第一业务报文包括的目的IP地址,或者所述第二用户设备的信息是所述第一业务报文包括的目的MAC地址。
图8所示的第二网络设备2000可以执行上述实施例的方法中第二网络设备执行的相应步骤。所述第二网络设备接收第一网络设备发送的第一SRv6,然后,作为接收端设备的第二网络设备可以根据发送端设备确定的互通策略和接收端设备确定的互通策略对用户组的转发策略进行控制。
图9为本申请实施例的第二网络设备2100的硬件结构示意图。图9所示的第二网络设备2100可以执行上述实施例的方法中第二网络设备执行的相应步骤。
如图9所示,所述第二网络设备2100包括处理器2101、存储器2102、接口2103和总线2104。其中接口2103可以通过无线或有线的方式实现。上述处理器2101、存储器2102和接口2103通过总线2104连接。
所述接口2103具体可以包括发送器和接收器,用于第二网络设备与上述实施例中的第一网络设备之间收发信息或数据。例如,所述接口2103用于支持接收所述第一网络设备发送的第一SRv6报文。作为举例,所述接口2103用于支持图2中的过程S105。所述处理器2101用于执行上述实施例中由第二网络设备进行的处理。例如,所述处理器2101用于接收第一网络设备发送的第一SRv6报文、确定第二用户组、以及根据所述第一网络设备确定的互通策略和所述第二网络设备确定的互通策略确定转发第一业务报文的转发策略;和/或用于本文所描述的技术的其他过程。作为举例,所述处理器2101用于支持图2中的过程S106和S107。存储器2102包括动作系统21021和应用程序21022,用于存储程序、代码或指令,当处理器或硬件设备执行这些程序、代码或指令时可以完成方法实施例中涉及第二网络设备的处理过程。可选地,所述存储器2102可以包括只读存储器(Read-only Memory,ROM)和随机存取存储器(Random Access Memory,RAM)。其中,所述ROM包括基本输入/输出系统(Basic Input/Output System,BIOS)或嵌入式系统;所述RAM包括应用程序和动作系统。当需要运行第二网络设备2100时,通过固化在ROM中的BIOS或者嵌入式系统中的bootloader引导系统进行启动,引导第二网络设备2100进入正常运行状态。在第二网络设备2100进入正常运行状态后,运行在RAM中的应用程序和动作系统,从而,完成方法实施例中涉及第二网络设备的处理过程。
可以理解的是,图9仅仅示出了第二网络设备2100的简化设计。在实际应用中,第二网络设备可以包含任意数量的接口,处理器或者存储器。
图10为本申请实施例的另一种第二网络设备2200的硬件结构示意图。图10所示的第二网络设备2200可以执行上述实施例的方法中第二网络设备执行的相应步骤。
如图10所述,第二网络设备2200包括:主控板2210、接口板2230、交换网板2220和接口板2240。主控板2210、接口板2230和2240,以及交换网板2220之间通过系统总线与系统背板相连实现互通。其中,主控板2210用于完成系统管理、设备维护、协议处理等功能。交换网板2220用于完成各接口板(接口板也称为线卡或业务板)之间的数据交换。接口板2230和2240用于提供各种业务接口(例如,POS接口、GE接口、ATM接口等),并实现数据包的转发。在一种可能的实现中,第二网络设备2200是刀片服务器。
接口板2230可以包括中央处理器2231、转发表项存储器2234、物理接口卡2233和网络处理器2232。其中,中央处理器2231用于对接口板进行控制管理并与主控板2210上的中央 处理器2211进行通信。转发表项存储器2234用于保存转发表项。物理接口卡2233用于完成流量的接收和发送。网络存储器2232用于根据所述转发表项控制物理接口卡2233收发流量。
具体地,物理接口卡2233用于接收所述第一网络设备发送的第一SRv6报文。物理接口卡2233还用于转发第一业务报文。
物理接口卡2233接收到所述第一SRv6报文后,将所述第一SRv6报文发送到中央处理器2231,所述中央处理器2231根据所述第一SRv6报文的报文头中的信息确定所述第一SRv6报文需要由所述中央处理器2231处理,相应的,中央处理器2231处理所述第一SRv6报文。
可选地,物理接口卡2233接收到所述第一SRv6报文后,将所述第一SRv6报文发送到中央处理器2231,所述中央处理器2231根据所述第一SRv6报文的报文头中的信息确定所述第一SRv6报文需要由中央处理器2211处理,所述中央处理器2231将所述第一SRv6报文上送到中央处理器2211,所述中央处理器2211处理所述第一SRv6报文。
中央处理器2231还用于控制网络存储器2232获取转发表项存储器2234中的转发表项,并且,中央处理器2231还用于控制网络存储器2232经由物理接口卡2233完成流量的接收和发送。
应理解,本发明实施例中接口板2240上的动作与所述接口板2230的动作一致,为了简洁,不再赘述。应理解,本实施例的第二网络设备2200可对应于上述方法实施例所具有的功能和/或所实施的各种步骤,在此不再赘述。
此外,需要说明的是,主控板可能有一块或多块,有多块的时候可以包括主用主控板和备用主控板。接口板可能有一块或多块,第二网络设备的数据处理能力越强,提供的接口板越多。接口板上的物理接口卡也可以有一块或多块。交换网板可能没有,也可能有一块或多块,有多块的时候可以共同实现负荷分担冗余备份。在集中式转发架构下,第二网络设备可以不需要交换网板,接口板承担整个系统的业务数据的处理功能。在分布式转发架构下,第二网络设备可以有至少一块交换网板,通过交换网板实现多块接口板之间的数据交换,提供大容量的数据交换和处理能力。所以,分布式架构的第二网络设备的数据接入和处理能力要大于集中式架构的设备。具体采用哪种架构,取决于具体地组网部署场景,此处不做任何限定。
另外,本申请实施例提供了一种计算机存储介质,用于储存为上述第二网络设备所用的计算机软件指令,其包含用于执行上述方法实施例所设计的程序。
本申请实施例还包括一种网络系统,所述网络系统包括第一网络设备和第二网络设备,所述第一网络设备为前述图5或图6或图7中的第一网络设备,所述第二网络设备为前述图8或图9或图10中的第二网络设备。
结合本申请公开内容所描述的方法或者算法的步骤可以硬件的方式来实现,也可以是由处理器执行软件指令的方式来实现。软件指令可以由相应的软件模块组成,软件模块可以被存放于RAM存储器、闪存、ROM存储器、EPROM存储器、EEPROM存储器、寄存器、硬盘、移动硬盘、CD-ROM或者本领域熟知的任何其它形式的存储介质中。一种示例性的存储介质耦合至处理器,从而使处理器能够从该存储介质读取信息,且可向该存储介质写入信息。当然,存储介质也可以是处理器的组成部分。处理器和存储介质可以位于ASIC中。另外,该ASIC可以位于用户设备中。当然,处理器和存储介质也可以作为分立组件存在于用户设备中。
本领域技术人员应该可以意识到,在上述一个或多个示例中,本申请所描述的功能可 以用硬件或者用硬件和软件的组合来实现。当使用硬件和软件的组合实现时,可以将这些软件存储在计算机可读介质中或者作为计算机可读介质上的一个或多个指令或代码进行传输。计算机可读介质包括计算机存储介质和通信介质,其中通信介质包括便于从一个地方向另一个地方传送计算机程序的任何介质。存储介质可以是通用或专用计算机能够存取的任何可用介质。
以上所述的具体实施方式,对本申请的目的、技术方案和有益效果进行了进一步详细说明。所应理解的是,以上所述仅为本申请的具体实施方式而已。

Claims (49)

  1. 一种基于用户组的报文转发方法,其特征在于,所述方法包括:
    第一网络设备接收第一用户设备发送的第一业务报文,所述第一业务报文包括第一用户设备的信息,所述第一业务报文的目的地是第二用户设备;
    所述第一网络设备确定所述第一网络设备中是否包括与所述第一用户设备的信息对应的第一用户组,所述第一用户组为所述第一用户设备所属的用户组;
    根据所述第一网络设备中是否包括与所述第一用户设备的信息对应的所述第一用户组的确定结果,所述第一网络设备确定第一组信息的值和生成第一基于第六版互联网协议的段路由SRv6报文,所述第一SRv6报文包括所述第一组信息和所述第一业务报文,所述第一组信息用于指示所述第一网络设备基于所述第一用户组确定的、所述第一用户设备和所述第二用户设备传输所述第一业务报文的互通策略;
    所述第一网络设备向第二网络设备发送所述第一SRv6报文,所述第二网络设备与所述第二用户设备通信。
  2. 如权利要求1所述的方法,其特征在于,所述第一组信息包括第一组标识,所述第一组标识用于指示所述第一用户设备所属的用户组,所述根据所述第一网络设备中是否包括与所述第一用户设备的信息对应的所述第一用户组的确定结果,所述第一网络设备确定第一组信息的值,包括:
    响应于所述第一网络设备确定所述第一网络设备中包括与所述第一用户设备的信息对应的所述第一用户组,所述第一网络设备确定所述第一组标识的值指示所述第一用户组。
  3. 如权利要求1所述的方法,其特征在于,所述第一组信息包括第一组标识,所述第一组标识用于指示所述第一用户设备所属的用户组,所述根据所述第一网络设备中是否包括与所述第一用户设备的信息对应的所述第一用户组的确定结果,所述第一网络设备确定第一组信息的值,包括:
    响应于所述第一网络设备确定所述第一网络设备中不包括与所述第一用户设备的信息对应的所述第一用户组,所述第一网络设备确定所述第一组标识的值指示无效。
  4. 如权利要求1所述的方法,其特征在于,所述第一组信息包括第一组标识和第一组策略标识,所述第一组标识用于指示所述第一用户设备所属的用户组,所述第一组策略标识用于指示具体的互通策略。
  5. 如权利要求4所述的方法,其特征在于,所述第一组策略标识包括第一标识,所述第一标识用于指示所述第一网络设备包括所述第一用户组和所述第二网络设备不包括第二用户组,所述第二用户组为所述第二用户设备所属的用户组,所述根据所述第一网络设备中是否包括与所述第一用户设备的信息对应的所述第一用户组的确定结果,所述第一网络设备确定第一组信息的值,包括:
    响应于所述第一网络设备确定所述第一网络设备中包括与所述第一用户设备的信息对应的所述第一用户组,所述第一网络设备确定所述第一组标识的值指示所述第一用户组和确定所述第一标识的值。
  6. 如权利要求4所述的方法,其特征在于,所述第一组策略标识包括第二标识和第三标识,所述第二标识用于指示所述第一网络设备不包括所述第一用户组和所述第二网络设备包括第二用户组,所述第三标识用于指示所述第一网络设备不包括所述第一用户组和所述第二网络设备不包括第二用户组,所述第二用户组为所述第二用户设备所属的用户组, 所述根据所述第一网络设备中是否包括与所述第一用户设备的信息对应的所述第一用户组的确定结果,所述第一网络设备确定第一组信息的值,包括:
    响应于所述第一网络设备确定所述第一网络设备中包括与所述第一用户设备的信息对应的所述第一用户组,所述第一网络设备确定所述第一组标识的值指示无效和确定所述第二标识的值和所述第三标识的值。
  7. 如权利要求4所述的方法,其特征在于,所述第一组策略标识包括第四标识,所述第四标识用于指示所述第二网络设备不包括第二用户组,所述第二用户组为所述第二用户设备所属的用户组,所述根据所述第一网络设备中是否包括与所述第一用户设备的信息对应的所述第一用户组的确定结果,所述第一网络设备确定第一组信息的值,包括:
    响应于所述第一网络设备确定所述第一网络设备中包括与所述第一用户设备的信息对应的所述第一用户组,所述第一网络设备确定所述第一组标识的值指示所述第一用户组和确定所述第四标识的值。
  8. 如权利要求4所述的方法,其特征在于,所述第一组策略标识包括第五标识和第六标识,所述第五标识用于指示所述第二网络设备包括第二用户组,所述第六标识用于指示所述第二网络设备不包括第二用户组,所述第二用户组为所述第二用户设备所属的用户组,所述根据所述第一网络设备中是否包括与所述第一用户设备的信息对应的所述第一用户组的确定结果,所述第一网络设备确定第一组信息的值,包括:
    响应于所述第一网络设备确定所述第一网络设备中包括与所述第一用户设备的信息对应的所述第一用户组,所述第一网络设备确定所述第一组标识的值指示无效和确定所述第五标识的值和所述第六标识的值。
  9. 如权利要求2-8中任一项所述的方法,其特征在于,所述第一组标识被携带在所述第一SRv6报文包括的下列报头中的任意一种报头中:
    第六版互联网协议IPv6报头、逐跳选项报头、目的选项报头和段路由报头。
  10. 如权利要求4-8中任一项所述的方法,其特征在于,所述第一组策略标识被携带在所述第一SRv6报文包括的下列报头中的任意一种报头中:
    IPv6报头、逐跳选项报头、目的选项报头和段路由报头。
  11. 如权利要求1-10中任一项所述的方法,其特征在于,所述第一SRv6报文经由所述第一网络设备与所述第二网络设备之间的SRv6隧道传输。
  12. 如权利要求1-11中任一项所述的方法,其特征在于,所述第一用户设备的信息是所述第一业务报文包括的源互联网协议IP地址,或者所述第一用户设备的信息是所述第一业务报文包括的源媒体接入控制MAC地址。
  13. 一种基于用户组的报文转发方法,其特征在于,所述方法包括:
    第二网络设备接收第一网络设备发送的第一基于第六版互联网协议的段路由SRv6报文,所述第一SRv6报文包括第一组信息和第一业务报文,所述第一组信息用于指示所述第一网络设备基于第一用户组确定的、第一用户设备和第二用户设备传输所述第一业务报文的互通策略,所述第一业务报文来自所述第一用户设备,所述第一业务报文的目的地是所述第二用户设备,所述第一用户组为所述第一用户设备所属的用户组,所述第一业务报文包括第二用户设备的信息;
    所述第二网络设备确定所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组,所述第二用户组为所述第二用户设备所属的用户组;
    根据所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组的确定结果和所述第一组信息,所述第二网络设备确定向所述第二用户设备转发所述第一业务报文的转发策略。
  14. 如权利要求13所述的方法,其特征在于,所述第一组信息包括第一组标识,所述第一组标识用于指示所述第一用户设备所属的用户组,所述根据所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组的确定结果和所述第一组信息,所述第二网络设备确定向所述第二用户设备转发所述第一业务报文的转发策略,包括:
    响应于所述第二网络设备确定所述第二网络设备中包括与所述第二用户设备的信息对应的所述第二用户组和所述第一组标识的值指示所述第一用户组,所述第二网络设备向所述第二用户设备发送所述第一业务报文。
  15. 如权利要求13所述的方法,其特征在于,所述第一组信息包括第一组标识,所述第一组标识用于指示所述第一用户设备所属的用户组,所述根据所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组的确定结果和所述第一组信息,所述第二网络设备确定向所述第二用户设备转发所述第一业务报文的转发策略,包括:
    响应于所述第二网络设备确定所述第二网络设备中不包括与所述第二用户设备的信息对应的所述第二用户组和所述第一组标识的值指示所述第一用户组,所述第二网络设备以随机丢弃的方式或以限速转发的方式向所述第二用户设备发送所述第一业务报文。
  16. 如权利要求13所述的方法,其特征在于,所述第一组信息包括第一组标识,所述第一组标识用于指示所述第一用户设备所属的用户组,所述根据所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组的确定结果和所述第一组信息,所述第二网络设备确定向所述第二用户设备转发所述第一业务报文的转发策略,包括:
    响应于所述第二网络设备确定所述第二网络设备中包括与所述第二用户设备的信息对应的所述第二用户组和所述第一组标识的值指示无效,所述第二网络设备以随机丢弃的方式或以限速转发的方式向所述第二用户设备发送所述第一业务报文。
  17. 如权利要求13所述的方法,其特征在于,所述第一组信息包括第一组标识和第一组策略标识,所述第一组标识用于指示所述第一用户设备所属的用户组,所述第一组策略标识用于指示具体的互通策略。
  18. 如权利要求17所述的方法,其特征在于,所述根据所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组的确定结果和所述第一组信息,所述第二网络设备确定向所述第二用户设备转发所述第一业务报文的转发策略,包括:
    所述第二网络设备根据所述确定结果确定第二组策略,所述第二组策略用于指示所述第二网络设备基于所述第二用户组确定的、所述第一用户设备和所述第二用户设备传输所述第一业务报文的互通策略;
    所述第二网络设备根据所述第一组策略标识所指示的互通策略和所述第二组策略,确定向所述第二用户设备转发所述第一业务报文的转发策略。
  19. 如权利要求18所述的方法,其特征在于,所述第二网络设备根据所述第一组策略标识所指示的互通策略和所述第二组策略,确定向所述第二用户设备转发所述第一业务报文的转发策略,包括:
    所述第二网络设备确定所述第一组策略标识中的第一标识有效,所述第一标识用于指示所述第一网络设备包括所述第一用户组和所述第二网络设备不包括第二用户组;
    所述第二网络设备根据所述第一标识确定所述第二组策略中的第一子策略,所述第一子策略指示所述第二用户组确定的、在所述第一网络设备包括所述第一用户组和所述第二网络设备不包括第二用户组情况下的互通策略;
    所述第二网络设备根据所述第一标识的值所指示的互通策略和所述第一子策略,确定向所述第二用户设备转发所述第一业务报文的转发策略。
  20. 如权利要求18所述的方法,其特征在于,所述第二网络设备根据所述第一组策略标识所指示的互通策略和所述第二组策略,确定向所述第二用户设备转发所述第一业务报文的转发策略,包括:
    所述第二网络设备确定所述第一组策略标识中的第二标识和第三标识有效,所述第二标识用于指示所述第一网络设备不包括所述第一用户组和所述第二网络设备包括所述第二用户组,所述第三标识用于指示所述第一网络设备不包括所述第一用户组和所述第二网络设备不包括第二用户组;
    所述第二网络设备根据所述第二标识和所述第三标识确定所述第二组策略中的第二子策略,所述第二子策略指示所述第二用户组确定的、在所述第一网络设备不包括所述第一用户组和所述第二网络设备包括所述第二用户组情况下的互通策略;
    所述第二网络设备根据所述第二标识的值所指示的互通策略和所述第二子策略,确定向所述第二用户设备转发所述第一业务报文的转发策略。
  21. 如权利要求17所述的方法,其特征在于,所述根据所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组的确定结果和所述第一组信息,所述第二网络设备确定向所述第二用户设备转发所述第一业务报文的转发策略,包括:
    所述第二网络设备根据所述确定结果确定第二组策略,所述第二组策略用于指示所述第二网络设备基于所述第二用户组确定的、所述第一用户设备和所述第二用户设备传输所述第一业务报文的互通策略;
    所述第二网络设备根据所述第一组标识与所述第一组策略标识所指示的互通策略和所述第二组策略,确定向所述第二用户设备转发所述第一业务报文的转发策略。
  22. 如权利要求17-21中任一项所述的方法,其特征在于,所述转发策略为下列转发策略中的任一种:
    转发、丢弃、以随机丢弃的方式转发、和以限速转发的方式转发。
  23. 如权利要求13-22中任一项所述的方法,其特征在于,所述第一组信息被携带在所述第一SRv6报文包括的下列报头中的任意一种报头中:
    第六版互联网协议IPv6报头、逐跳选项报头、目的选项报头和段路由报头。
  24. 如权利要求13-23中任一项所述的方法,其特征在于,所述第一SRv6报文经由所述第一网络设备与所述第二网络设备之间的SRv6隧道传输。
  25. 如权利要求13-24中任一项所述的方法,其特征在于,所述第二用户设备的信息是所述第一业务报文包括的目的互联网协议IP地址,或者所述第二用户设备的信息是所述第一业务报文包括的目的媒体接入控制MAC地址。
  26. 一种第一网络设备,其特征在于,所述第一网络设备包括:
    接收单元,用于接收第一用户设备发送的第一业务报文,所述第一业务报文包括第一用户设备的信息,所述第一业务报文的目的地是第二用户设备;
    处理单元,用于确定所述第一网络设备中是否包括与所述第一用户设备的信息对应的 第一用户组,所述第一用户组为所述第一用户设备所属的用户组;
    根据所述第一网络设备中是否包括与所述第一用户设备的信息对应的所述第一用户组的确定结果,所述处理单元还用于确定第一组信息的值和生成第一基于第六版互联网协议的段路由SRv6报文,所述第一SRv6报文包括所述第一组信息和所述第一业务报文,所述第一组信息用于指示所述第一网络设备基于所述第一用户组确定的、所述第一用户设备和所述第二用户设备传输所述第一业务报文的互通策略;
    发送单元,用于向第二网络设备发送所述第一SRv6报文,所述第二网络设备与所述第二用户设备通信。
  27. 如权利要求26所述的第一网络设备,其特征在于,所述第一组信息包括第一组标识,所述第一组标识用于指示所述第一用户设备所属的用户组,所述根据所述第一网络设备中是否包括与所述第一用户设备的信息对应的所述第一用户组的确定结果,所述处理单元确定第一组信息的值,包括:
    响应于所述处理单元确定所述第一网络设备中包括与所述第一用户设备的信息对应的所述第一用户组,所述处理单元用于确定所述第一组标识的值指示所述第一用户组。
  28. 如权利要求26所述的第一网络设备,其特征在于,所述第一组信息包括第一组标识,所述第一组标识用于指示所述第一用户设备所属的用户组,所述根据所述第一网络设备中是否包括与所述第一用户设备的信息对应的所述第一用户组的确定结果,所述处理单元确定第一组信息的值,包括:
    响应于所述处理单元确定所述第一网络设备中不包括与所述第一用户设备的信息对应的所述第一用户组,所述处理单元用于确定所述第一组标识的值指示无效。
  29. 如权利要求26所述的第一网络设备,其特征在于,所述第一组信息包括第一组标识和第一组策略标识,所述第一组标识用于指示所述第一用户设备所属的用户组,所述第一组策略标识用于指示具体的互通策略。
  30. 如权利要求29所述的第一网络设备,其特征在于,所述第一组策略标识包括第一标识,所述第一标识用于指示所述第一网络设备包括所述第一用户组和所述第二网络设备不包括第二用户组,所述第二用户组为所述第二用户设备所属的用户组,所述根据所述第一网络设备中是否包括与所述第一用户设备的信息对应的所述第一用户组的确定结果,所述处理单元确定第一组信息的值,包括:
    响应于所述处理单元确定所述第一网络设备中包括与所述第一用户设备的信息对应的所述第一用户组,所述处理单元用于确定所述第一组标识的值指示所述第一用户组和确定所述第一标识的值。
  31. 如权利要求29所述的第一网络设备,其特征在于,所述第一组策略标识包括第二标识和第三标识,所述第二标识用于指示所述第一网络设备不包括所述第一用户组和所述第二网络设备包括第二用户组,所述第三标识用于指示所述第一网络设备不包括所述第一用户组和所述第二网络设备不包括第二用户组,所述第二用户组为所述第二用户设备所属的用户组,所述根据所述第一网络设备中是否包括与所述第一用户设备的信息对应的所述第一用户组的确定结果,所述处理单元确定第一组信息的值,包括:
    响应于所述处理单元确定所述第一网络设备中包括与所述第一用户设备的信息对应的所述第一用户组,所述处理单元用于确定所述第一组标识的值指示无效和确定所述第二标识的值和所述第三标识的值。
  32. 如权利要求29所述的第一网络设备,其特征在于,所述第一组策略标识包括第四标识,所述第四标识用于指示所述第二网络设备不包括第二用户组,所述第二用户组为所述第二用户设备所属的用户组,所述根据所述第一网络设备中是否包括与所述第一用户设备的信息对应的所述第一用户组的确定结果,所述处理单元确定第一组信息的值,包括:
    响应于所述处理单元确定所述第一网络设备中包括与所述第一用户设备的信息对应的所述第一用户组,所述处理单元用于确定所述第一组标识的值指示所述第一用户组和确定所述第四标识的值。
  33. 如权利要求29所述的第一网络设备,其特征在于,所述第一组策略标识包括第五标识和第六标识,所述第五标识用于指示所述第二网络设备包括第二用户组,所述第六标识用于指示所述第二网络设备不包括第二用户组,所述第二用户组为所述第二用户设备所属的用户组,所述根据所述第一网络设备中是否包括与所述第一用户设备的信息对应的所述第一用户组的确定结果,所述处理单元确定第一组信息的值,包括:
    响应于所述处理单元确定所述第一网络设备中包括与所述第一用户设备的信息对应的所述第一用户组,所述处理单元用于确定所述第一组标识的值指示无效和确定所述第五标识的值和所述第六标识的值。
  34. 如权利要求27-33中任一项所述的第一网络设备,其特征在于,所述第一组标识被携带在所述第一SRv6报文包括的下列报头中的任意一种报头中:
    第六版互联网协议IPv6报头、逐跳选项报头、目的选项报头和段路由报头。
  35. 如权利要求29-33中任一项所述的第一网络设备,其特征在于,所述第一组策略标识被携带在所述第一SRv6报文包括的下列报头中的任意一种报头中:
    IPv6报头、逐跳选项报头、目的选项报头和段路由报头。
  36. 如权利要求27-35中任一项所述的第一网络设备,其特征在于,所述第一SRv6报文经由所述第一网络设备与所述第二网络设备之间的SRv6隧道传输。
  37. 如权利要求26-36中任一项所述的第一网络设备,其特征在于,所述第一用户设备的信息是所述第一业务报文包括的源互联网协议IP地址,或者所述第一用户设备的信息是所述第一业务报文包括的源媒体接入控制MAC地址。
  38. 一种第二网络设备,其特征在于,所述第二网络设备包括:
    接收单元,用于接收第一网络设备发送的第一基于第六版互联网协议的段路由SRv6报文,所述第一SRv6报文包括第一组信息和第一业务报文,所述第一组信息用于指示所述第一网络设备基于第一用户组确定的、第一用户设备和第二用户设备传输所述第一业务报文的互通策略,所述第一业务报文来自所述第一用户设备,所述第一业务报文的目的地是所述第二用户设备,所述第一用户组为所述第一用户设备所属的用户组,所述第一业务报文包括第二用户设备的信息;
    处理单元,用于确定所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组,所述第二用户组为所述第二用户设备所属的用户组;
    根据所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组的确定结果和所述第一组信息,所述处理单元还用于确定向所述第二用户设备转发所述第一业务报文的转发策略。
  39. 如权利要求38所述的第二网络设备,其特征在于,所述第二网络设备还包括发送单元,所述第一组信息包括第一组标识,所述第一组标识用于指示所述第一用户设备所属 的用户组,所述根据所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组的确定结果和所述第一组信息,所述处理单元确定向所述第二用户设备转发所述第一业务报文的转发策略,包括:
    响应于所述处理单元确定所述第二网络设备中包括与所述第二用户设备的信息对应的所述第二用户组和所述第一组标识的值指示所述第一用户组,所述发送单元用于向所述第二用户设备发送所述第一业务报文。
  40. 如权利要求38所述的第二网络设备,其特征在于,所述第二网络设备还包括发送单元,所述第一组信息包括第一组标识,所述第一组标识用于指示所述第一用户设备所属的用户组,所述根据所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组的确定结果和所述第一组信息,所述处理单元确定向所述第二用户设备转发所述第一业务报文的转发策略,包括:
    响应于所述处理单元确定所述第二网络设备中不包括与所述第二用户设备的信息对应的所述第二用户组和所述第一组标识的值指示所述第一用户组,所述发送单元用于以随机丢弃的方式或以限速转发的方式向所述第二用户设备发送所述第一业务报文。
  41. 如权利要求38所述的第二网络设备,其特征在于,所述第二网络设备还包括发送单元,所述第一组信息包括第一组标识,所述第一组标识用于指示所述第一用户设备所属的用户组,所述根据所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组的确定结果和所述第一组信息,所述处理单元确定向所述第二用户设备转发所述第一业务报文的转发策略,包括:
    响应于所述处理单元确定所述第二网络设备中包括与所述第二用户设备的信息对应的所述第二用户组和所述第一组标识的值指示无效,所述发送单元用于以随机丢弃的方式或以限速转发的方式向所述第二用户设备发送所述第一业务报文。
  42. 如权利要求38所述的第二网络设备,其特征在于,所述第一组信息包括第一组标识和第一组策略标识,所述第一组标识用于指示所述第一用户设备所属的用户组,所述第一组策略标识用于指示具体的互通策略。
  43. 如权利要求42所述的第二网络设备,其特征在于,所述根据所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组的确定结果和所述第一组信息,所述处理单元确定向所述第二用户设备转发所述第一业务报文的转发策略,包括:
    所述处理单元用于根据所述确定结果确定第二组策略,所述第二组策略用于指示所述第二网络设备基于所述第二用户组确定的、所述第一用户设备和所述第二用户设备传输所述第一业务报文的互通策略;
    所述处理单元还用于根据所述第一组策略标识所指示的互通策略和所述第二组策略,确定向所述第二用户设备转发所述第一业务报文的转发策略。
  44. 如权利要求43所述的第二网络设备,其特征在于,所述处理单元根据所述第一组策略标识所指示的互通策略和所述第二组策略,确定向所述第二用户设备转发所述第一业务报文的转发策略,包括:
    所述处理单元用于确定所述第一组策略标识中的第一标识有效,所述第一标识用于指示所述第一网络设备包括所述第一用户组和所述第二网络设备不包括第二用户组;
    所述处理单元还用于根据所述第一标识确定所述第二组策略中的第一子策略,所述第一子策略指示所述第二用户组确定的、在所述第一网络设备包括所述第一用户组和所述第 二网络设备不包括第二用户组情况下的互通策略;
    所述处理单元还用于根据所述第一标识的值所指示的互通策略和所述第一子策略,确定向所述第二用户设备转发所述第一业务报文的转发策略。
  45. 如权利要求43所述的第二网络设备,其特征在于,所述处理单元根据所述第一组策略标识所指示的互通策略和所述第二组策略,确定向所述第二用户设备转发所述第一业务报文的转发策略,包括:
    所述处理单元用于确定所述第一组策略标识中的第二标识和第三标识有效,所述第二标识用于指示所述第一网络设备不包括所述第一用户组和所述第二网络设备包括所述第二用户组,所述第三标识用于指示所述第一网络设备不包括所述第一用户组和所述第二网络设备不包括第二用户组;
    所述处理单元还用于根据所述第二标识和所述第三标识确定所述第二组策略中的第二子策略,所述第二子策略指示所述第二用户组确定的、在所述第一网络设备不包括所述第一用户组和所述第二网络设备包括所述第二用户组情况下的互通策略;
    所述处理单元还用于根据所述第二标识的值所指示的互通策略和所述第二子策略,确定向所述第二用户设备转发所述第一业务报文的转发策略。
  46. 如权利要求42所述的第二网络设备,其特征在于,所述根据所述第二网络设备中是否包括与所述第二用户设备的信息对应的第二用户组的确定结果和所述第一组信息,所述处理单元确定向所述第二用户设备转发所述第一业务报文的转发策略,包括:
    所述处理单元用于根据所述确定结果确定第二组策略,所述第二组策略用于指示所述第二网络设备基于所述第二用户组确定的、所述第一用户设备和所述第二用户设备传输所述第一业务报文的互通策略;
    所述处理单元还用于根据所述第一组标识与所述第一组策略标识所指示的互通策略和所述第二组策略,确定向所述第二用户设备转发所述第一业务报文的转发策略。
  47. 如权利要求42-46中任一项所述的第二网络设备,其特征在于,所述转发策略为下列转发策略中的任一种:
    转发、丢弃、以随机丢弃的方式转发、和以限速转发的方式转发。
  48. 如权利要求38-47中任一项所述的方法,其特征在于,所述第二用户设备的信息是所述第一业务报文包括的目的互联网协议IP地址,或者所述第二用户设备的信息是所述第一业务报文包括的目的媒体接入控制MAC地址。
  49. 一种通信网络系统,所述通信网络系统包括第一网络设备和第二网络设备,所述第一网络设备为权利要求26-37中任一项所述的第一网络设备,所述第二网络设备为权利要求38-48中任一项所述的第二网络设备。
PCT/CN2021/110811 2020-09-30 2021-08-05 一种基于用户组的报文转发方法、设备及系统 WO2022068389A1 (zh)

Priority Applications (4)

Application Number Priority Date Filing Date Title
EP21874051.2A EP4207705A4 (en) 2020-09-30 2021-08-05 METHOD, DEVICE AND SYSTEM FOR DELIVERING PACKETS BASED ON USER GROUP
KR1020237013436A KR20230070292A (ko) 2020-09-30 2021-08-05 사용자 그룹 기반 패킷 포워딩 방법, 디바이스, 및 시스템
JP2023519604A JP2023544713A (ja) 2020-09-30 2021-08-05 ユーザグループベースのパケット転送方法、デバイス及びシステム
US18/190,114 US11863446B2 (en) 2020-09-30 2023-03-26 User group-based packet forwarding method, device, and system

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN202011059313.6 2020-09-30
CN202011059313 2020-09-30
CN202011357010.2A CN114363252A (zh) 2020-09-30 2020-11-26 一种基于用户组的报文转发方法、设备及系统
CN202011357010.2 2020-11-26

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US18/190,114 Continuation US11863446B2 (en) 2020-09-30 2023-03-26 User group-based packet forwarding method, device, and system

Publications (1)

Publication Number Publication Date
WO2022068389A1 true WO2022068389A1 (zh) 2022-04-07

Family

ID=80949169

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/110811 WO2022068389A1 (zh) 2020-09-30 2021-08-05 一种基于用户组的报文转发方法、设备及系统

Country Status (5)

Country Link
US (1) US11863446B2 (zh)
EP (1) EP4207705A4 (zh)
JP (1) JP2023544713A (zh)
KR (1) KR20230070292A (zh)
WO (1) WO2022068389A1 (zh)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104349396A (zh) * 2013-08-09 2015-02-11 华为技术有限公司 一种数据包转发方法、装置及系统
WO2019005941A1 (en) * 2017-06-27 2019-01-03 Cisco Technology, Inc. EFFECTIVE CODING AND PROCESSING OF SEGMENT ROUTING PACKETS
CN111541613A (zh) * 2020-04-27 2020-08-14 鹏城实验室 一种基于SRv6的数据处理方法及相关设备

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10516610B2 (en) * 2018-03-15 2019-12-24 Cisco Technology, Inc. Segment routing packet policies and functions providing processing signaling and packet forwarding efficiencies in a network
US10594513B2 (en) * 2018-03-19 2020-03-17 Cisco Technology, Inc. Packet communications providing packet forwarding efficiencies in a network including using a segment routing and tunnel exchange
US10812377B2 (en) * 2018-10-12 2020-10-20 Cisco Technology, Inc. Methods and apparatus for use in providing transport and data center segmentation in a mobile network
US11418435B2 (en) * 2020-01-31 2022-08-16 Cisco Technology, Inc. Inband group-based network policy using SRV6
US11425056B1 (en) * 2020-02-19 2022-08-23 Juniper Networks, Inc. Dynamic computation of SR-TE policy for SR-enabled devices connected over non-SR-enabled devices

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104349396A (zh) * 2013-08-09 2015-02-11 华为技术有限公司 一种数据包转发方法、装置及系统
WO2019005941A1 (en) * 2017-06-27 2019-01-03 Cisco Technology, Inc. EFFECTIVE CODING AND PROCESSING OF SEGMENT ROUTING PACKETS
CN111541613A (zh) * 2020-04-27 2020-08-14 鹏城实验室 一种基于SRv6的数据处理方法及相关设备

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
BARAKAT OSAMAH L.; VENTRE PIER LUIGI; SALSANO STEFANO; FU XIAOMING: "Busoni: Policy Composition and Northbound Interface for IPv6 Segment Routing Networks", 2019 IEEE 27TH INTERNATIONAL CONFERENCE ON NETWORK PROTOCOLS (ICNP), IEEE, 8 October 2019 (2019-10-08), pages 1 - 4, XP033653902, DOI: 10.1109/ICNP.2019.8888104 *
MATSUSHIMA S, C. FILSFILS, M. KOHNO, P. CAMARILLO, D. VOYER, C. PERKINS: "Segment Routing IPv6 for Mobile User Plane draft-ietf-dmm-srv6-mobile-uplane-09", DMM WORKING GROUP, INTERNET-DRAFT, INTENDED STATUS: STANDARDS TRACK, 13 July 2020 (2020-07-13), XP055920285, Retrieved from the Internet <URL:https://datatracker.ietf.org/doc/pdf/draft-ietf-dmm-srv6-mobile-uplane-09> [retrieved on 20220511] *
See also references of EP4207705A4

Also Published As

Publication number Publication date
US11863446B2 (en) 2024-01-02
JP2023544713A (ja) 2023-10-25
US20230336479A1 (en) 2023-10-19
EP4207705A1 (en) 2023-07-05
KR20230070292A (ko) 2023-05-22
EP4207705A4 (en) 2024-02-28

Similar Documents

Publication Publication Date Title
CN108574616B (zh) 一种处理路由的方法、设备及系统
EP3273643B1 (en) Method for sending virtual extensible local area network packet, computer device, and readable medium
WO2011037105A1 (ja) コンテンツベーススイッチシステム、及びコンテンツベーススイッチ方法
US20230283554A1 (en) BIER Packet Forwarding Method, Device, and System
CN109768908B (zh) 一种vxlan的配置方法、设备及系统
US20200186389A1 (en) Virtual Extensible Local Area Network (VXLAN) Packet Encapsulation
US20220272028A1 (en) Packet Forwarding Method, First Network Device, and First Device Group
US11356372B2 (en) Data traffic processing method, device, and system
WO2023061061A1 (zh) 报文处理方法、线卡、设备及存储介质
CN108737183B (zh) 一种转发表项的监测方法及装置
US11929851B2 (en) Gateway selection method, device, and system
CN108075991B (zh) 报文转发方法及装置
CN113765865B (zh) 一种报文处理方法、设备及系统
US11855888B2 (en) Packet verification method, device, and system
WO2022068389A1 (zh) 一种基于用户组的报文转发方法、设备及系统
EP4246918A1 (en) Bier packet forwarding method, device, and system
CN108259292B (zh) 建立隧道的方法及装置
CN114363252A (zh) 一种基于用户组的报文转发方法、设备及系统
WO2023093786A1 (zh) 一种引流的方法、设备及系统
CN114079583A (zh) 发送组播报文的方法、获取转发表项的方法及装置
WO2014169439A1 (zh) 实现FCoE的方法、装置和系统
WO2022033449A1 (zh) 发送组播报文的方法、获取转发表项的方法及装置
WO2024001701A1 (zh) 数据处理方法、装置及系统
WO2022262564A1 (zh) 信息处理的方法、装置以及系统
WO2024002101A1 (zh) 报文传输方法、装置、相关设备及存储介质

Legal Events

Date Code Title Description
ENP Entry into the national phase

Ref document number: 2023519604

Country of ref document: JP

Kind code of ref document: A

ENP Entry into the national phase

Ref document number: 20237013436

Country of ref document: KR

Kind code of ref document: A

ENP Entry into the national phase

Ref document number: 2021874051

Country of ref document: EP

Effective date: 20230329

NENP Non-entry into the national phase

Ref country code: DE