Disclosure of Invention
The invention provides a NSH message processing method, a device and a system, which can solve the problem that an SF node cannot identify an NSH message.
In order to achieve the purpose, the invention is realized by the following technical scheme:
in a first aspect, the present invention provides an NSH packet processing method, which is applied to a proxy node, where the proxy node only corresponds to an SF node, and the method includes:
when receiving an NSH packet sent by an SFF (Service Function Forwarder), acquiring an NSP (NSH Path ) and an NSI (NSH Index ) in a packet header of the NSH packet, where the NSP represents a first Service chain and the NSI represents a hop count of the SF node in the first Service chain;
combining the NSP and the NSI, mapping a Virtual Local Area Network (VLAN) tag number and making a mapping record;
obtaining a vlan message, wherein a message header of the vlan message comprises the vlan tag number, and a message body of the vlan message is a message body of the NSH message;
sending the vlan message to the SFF so that the SFF forwards the vlan message to the SF node;
when the vlan message sent by the SFF is received, restoring the NSP and the NSI according to the mapping record and the vlan tag number;
obtaining a new NSI according to the NSI, so that when a next SF node of the SF nodes exists in the first service chain, the new NSI represents the hop count of the next SF node in the first service chain;
acquiring a new NSH message, wherein the message header of the new NSH message comprises the NSP and the new NSI, and the message body of the new NSH message is the message body of the vlan message;
and sending the new NSH message to the SFF, so that the SFF forwards the new NSH message to the next SF node when the next SF node exists in the first service chain.
Further, said mapping a vlan tag number and recording the mapping in combination with said NSP and said NSI comprises: combining said NSP and said NSI to calculate a marker value; judging whether the mapping record stored locally comprises the mark value or not; if so, acquiring the vlan tag number mapped by the mark value from the mapping record; if not, taking the locally stored vlan tag number as the vlan tag number mapped by the mark value, recording the mark value and the vlan tag number mapped by the mark value in the mapping record, and controlling the locally stored vlan tag number to be added by 1;
said restoring said NSP and said NSI according to said mapping record and said vlan tag number, comprising: obtaining the mark value mapped by the vlan tag number from the mapping record; and calculating the NSP and the NSI according to the mark value.
Further, said combining said NSP and said NSI to calculate a marker value comprising: calculating a marker value according to a formula I by combining the NSP and the NSI;
said calculating said NSP and said NSI based on said marker value comprises: calculating the NSP according to a formula II and the mark value; calculating the NSI according to a formula III and the mark value;
the first formula comprises: NSP _ NSI ═ p < 8 | i;
the second formula includes: p ═ NSP _ NSI > 8;
the third formula includes: i — NSP _ NSI &0x000000 FF;
wherein p is the value of NSP, i is the value of NSI, and NSP _ NSI is the marker value.
Further, obtaining a new NSI according to the NSI includes: controlling the NSI by 1 to obtain a new NSI; the hop count of the first SF node in any service chain is 255.
In a second aspect, the present invention provides a proxy node, where the proxy node only corresponds to an SF node, and the proxy node includes:
an NSH packet processing unit, configured to, when an NSH packet sent by an SFF is received, obtain an NSP and an NSI in a packet header of the NSH packet, where the NSP represents a first service chain, and the NSI represents a hop count of the SF node in the first service chain; combining the NSP and the NSI, mapping a vlan tag number and recording the mapping;
a vlan message generating unit, configured to obtain a vlan message, where a message header of the vlan message includes the vlan tag number, and a message body of the vlan message is a message body of the NSH message; sending the vlan message to the SFF so that the SFF forwards the vlan message to the SF node;
a vlan message processing unit, configured to restore the NSP and the NSI according to the mapping record and the vlan tag number when receiving the vlan message sent by the SFF; obtaining a new NSI according to the NSI, so that when a next SF node of the SF nodes exists in the first service chain, the new NSI represents the hop count of the next SF node in the first service chain;
a new NSH packet generating unit, configured to obtain a new NSH packet, where a packet header of the new NSH packet includes the NSP and the new NSI, and a packet body of the new NSH packet is a packet body of the vlan packet; and sending the new NSH message to the SFF, so that the SFF forwards the new NSH message to the next SF node when the next SF node exists in the first service chain.
Further, the NSH packet processing unit is configured to calculate a tag value by combining the NSP and the NSI; judging whether the mapping record stored locally comprises the mark value or not; if so, acquiring the vlan tag number mapped by the mark value from the mapping record; if not, taking the locally stored vlan tag number as the vlan tag number mapped by the mark value, recording the mark value and the vlan tag number mapped by the mark value in the mapping record, and controlling the locally stored vlan tag number to be added by 1;
the vlan message processing unit is configured to obtain the tag value mapped by the vlan tag number from the mapping record; and calculating the NSP and the NSI according to the mark value.
Further, the NSH packet processing unit is configured to calculate a flag value according to a formula one by combining the NSP and the NSI;
the vlan message processing unit is configured to calculate the NSP according to a formula two and the flag value; calculating the NSI according to a formula III and the mark value;
the first formula comprises: NSP _ NSI ═ p < 8 | i;
the second formula includes: p ═ NSP _ NSI > 8;
the third formula includes: i — NSP _ NSI &0x000000 FF;
wherein p is the value of NSP, i is the value of NSI, and NSP _ NSI is the marker value.
Further, the vlan message processing unit is configured to control the NSI to subtract 1 to obtain a new NSI; the hop count of the first SF node in any service chain is 255.
In a third aspect, the present invention provides an SF calculation unit, including:
SFF, at least one proxy node and each unique SF node corresponding to the proxy node;
wherein, the SFF is configured to execute the following processes:
a1: receiving a forwarding flow table sent by an external cloud platform upper-layer controller, wherein the forwarding flow table comprises at least one service chain and the hop count of each SF node in the service chain;
a2: when an NSH message is received, acquiring NSP and NSI in a message header of the NSH message, wherein the NSP represents a second service chain;
a3: judging whether the second service chain comprises a first SF node or not according to the forwarding flow table, so that the NSI represents the hop count of the first SF node in the second service chain, if so, executing A4, otherwise, executing A8;
a4: judging whether the SF computing unit comprises the first SF node, if so, executing A5, otherwise, executing A9;
a5: sending the NSH message to a first proxy node corresponding to the first SF node;
a6: when receiving a vlan message sent by the first proxy node, sending the vlan message to the first SF node;
a7: when receiving the vlan message sent by the first SF node, sending the vlan message to the first proxy node, and executing a 2;
a8: sending the NSH message to an external terminal computing unit, and ending the current process;
a9: sending the NSH message to an SFF in an SF computing unit where the first SF node is located;
each SF node is used for processing a vlan message when receiving the vlan message; and sending the vlan message to the SFF.
In a fourth aspect, the present invention provides an NSH packet processing system, including:
the system comprises a cloud platform and a cloud platform upper controller;
the cloud platform comprises a source end computing unit, a terminal computing unit and at least one SF computing unit;
wherein the source end computing unit comprises a client and a first SFF;
wherein, the terminal computing unit comprises a server and a second SFF;
the client is used for sending the generated NSH message to the first SFF;
the first SFF is used for receiving a forwarding flow table sent by the cloud platform upper controller, and the forwarding flow table comprises at least one service chain; acquiring an NSP in a message header of the NSH message when the NSH message is received, wherein the NSP represents a third service chain; sending the NSH message to an SFF in an SF computing unit where a second SF node is located according to the forwarding flow table, wherein the second SF node is a first SF node in the third service chain;
and the second SFF is used for sending the received NSH message to the server.
The invention provides a method, a device and a system for processing NSH messages, wherein the method comprises the following steps: only one proxy node corresponding to an SF node is used for mapping a vlan tag number according to NSP and NSI in a message header and making mapping record when receiving an NSH message sent by an SFF, and forwarding the vlan message added with the vlan tag number to the SF node through the SFF, wherein the SF node can be pointed by combining the NSP and the NSI; when the SFF sends a vlan message, NSP and NSI are restored according to the mapping record, new NSI is obtained according to the NSI, and the new NSH message comprising the NSP and the new NSI is forwarded to the next SF node or the terminal point through the SFF, wherein the combination of the NSP and the NSI can point to the next SF node or the terminal point. Therefore, the invention can solve the problem that the SF node can not identify the NSH message.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer and more complete, the technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention, and based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without creative efforts belong to the scope of the present invention.
As shown in fig. 1, an embodiment of the present invention provides an NSH packet processing method, which is applied to a proxy node, where the proxy node only corresponds to an SF node, and the method may include the following steps:
step 101: when receiving an NSH message sent by an SFF, acquiring NSP and NSI in a message header of the NSH message, wherein the NSP represents a first service chain, and the NSI represents the hop count of the SF node in the first service chain.
Step 102: and combining the NSP and the NSI, mapping a vlan tag number and making a mapping record.
Step 103: and obtaining a vlan message, wherein a message header of the vlan message comprises the vlan tag number, and a message body of the vlan message is a message body of the NSH message.
Step 104: and sending the vlan message to the SFF so that the SFF forwards the vlan message to the SF node.
Step 105: and when the vlan message sent by the SFF is received, restoring the NSP and the NSI according to the mapping record and the vlan tag number.
Step 106: and obtaining a new NSI according to the NSI, so that when a next SF node of the SF nodes exists in the first service chain, the new NSI represents the hop count of the next SF node in the first service chain.
Step 107: and acquiring a new NSH message, wherein the message header of the new NSH message comprises the NSP and the new NSI, and the message body of the new NSH message is the message body of the vlan message.
Step 108: and sending the new NSH message to the SFF, so that the SFF forwards the new NSH message to the next SF node when the next SF node exists in the first service chain.
The embodiment of the invention provides an NSH message processing method, which comprises the following steps: only one proxy node corresponding to an SF node is used for mapping a vlan tag number according to NSP and NSI in a message header and making mapping record when receiving an NSH message sent by an SFF, and forwarding the vlan message added with the vlan tag number to the SF node through the SFF, wherein the SF node can be pointed by combining the NSP and the NSI; when the SFF sends a vlan message, NSP and NSI are restored according to the mapping record, new NSI is obtained according to the NSI, and the new NSH message comprising the NSP and the new NSI is forwarded to the next SF node or the terminal point through the SFF, wherein the combination of the NSP and the NSI can point to the next SF node or the terminal point. Therefore, the embodiment of the invention can solve the problem that the SF node can not identify the NSH message.
In detail, the SF node is generally responsible for performing function-specific processing on received packets. The SF node acts as a logical component, which may be a virtual element in terms of implementation or some function embedded in a specific network device. For example, common SF nodes may have: firewall, WAN device accelerator, DPI, NAT, etc.
In the embodiment of the invention, for the traditional SF node which can not identify the NSH message, a proxy node can be established to replace the traditional SF node to process the message header of the NSH message, and the NSH label is mapped to a vlan label which can be identified by the traditional SF node, so that the traditional SF node can indirectly identify the NSH message.
Typically, the cloud platform includes a client and a server, and also several SF nodes. The NSH message sent by the client as the source needs to sequentially pass through each SF node in the service chain, and finally reaches the server as the destination. Therefore, the NSH message sent by the client may be sent to the first SF node in the service chain, and then forwarded to the next SF node by each SF node, and sent to the server by the last SF node in the service chain.
In detail, the SFF is mainly responsible for traffic forwarding control over the service chain. Typically, it may be an OVS (OpenvSwitch) bridge. Wherein, the OVS is a high-quality and multi-layer virtual switching software. Thus, there may be one br-int bridge on each compute node as an SFF. The responsibility of the SFF is to direct the data message to the next SF node, the next SF compute node, or the server. The SFF may be programmed by an SDN (Network Defined Software) controller, such as an odl (optional) controller.
In the embodiment of the invention, the SF node can exist in a virtual machine form, and a virtual machine network port is hung on the OVS in a tap port form.
In detail, a service Function chain, or sfc (service Function chain), defines an abstract ordered set of SF nodes. The classified data packets need to traverse each SF node in the set in sequence. Such as: the user can configure the firewall → qos → dpi three services to construct an SFC.
In general, the organization sequence of the service chain is independent of the physical topology of the service nodes, and after the data packet enters the service chain, the data packet will pass through each SF node according to the sequence established by the service chain.
In the embodiment of the invention, the message forwarding operation can be realized through the SFF. Specifically, each SF calculation unit may include one SFF, several SF nodes and proxy nodes in one-to-one correspondence. Thus, the SFF of the computing unit where the client is located may forward the NSH message to the SFF of the SF computing unit where the first SF node is located. The SFF of the SF computing unit where the last SF node is located may finally send the NSH message to the SFF of the computing unit where the server is located.
Correspondingly, for the SFF in any SF computing unit, the received NSH message may be sent from the SFF of another computing unit, or from an SF node of the computing unit where the SFF is located; the NSH message to be sent may be sent to the SFF of another computing unit, or may be sent to a proxy node of the computing unit where the NSH message is located.
Specifically, the SFF in the SF calculation unit sends the NSH message to a proxy node corresponding to the SF node, and the proxy node converts the NSH message into a vlan message and then sends the vlan message to the SF node. And after receiving the vlan message and performing corresponding processing, the SF node returns the vlan message to the SFF again. Therefore, the SFF returns the vlan message returned by the SF node to the proxy node corresponding to the SF node, and the proxy node converts the vlan message into an NSH message, so that the NSH message can be sent to the next node.
In detail, when receiving a vlan message, the SF node may identify its header and process the relevant fields in the message.
In detail, the vlan message returned by the SF node may be an original vlan message, or may be a vlan message obtained by processing the original vlan message.
When the next node is the server, the NSH message may be sent to the SFF of the computing unit where the server is located.
The next node is an SF node, and when the next node is not in the same SF computing node as the SF node, the next node can send the NSH message to the SFF of the computing unit where the next node is located.
The next node is an SF node, and when the next node is in the same SF calculation node as the SF node, the next node can send the NSH message to the proxy node corresponding to the next node.
In short, the SFF achieves the purpose of forwarding the message, except for the client and the server, in order to send the NSH message from one SF node to the next SF node in the service chain.
Based on the above, in step 101, when a proxy node receives an NSH message, the NSP and NSI in the header of the message should be directed to its corresponding SF node. In step 108, for a new NSH packet sent by a proxy node, if there is a next SF node, the NSP and NSI in the header of the packet should be directed to the next SF node, otherwise, the packet should be directed to a server.
In detail, NSP may characterize a service chain, and NSI may characterize a number of hops. Because the hop counts of different SF nodes in the same service chain are different, the combination of the NSP and the NSI can know which SF node is the transmission object of the NSH message.
For example, assume that there are two service chains as follows:
service chain 1: SF node 1 → SF node 2 → SF node 3, the hop count is 255, 254, 253 in order;
service chain 2: SF node 2 → SF node 3 → SF node 4, the number of hops is 255, 254, 253 in that order.
Assume that the cloud platform includes only one SF computing unit, and that the SF computing unit includes one SFF1 and the above-mentioned 4 SF nodes.
Assuming that a client issues an NSH message 1 that needs to go through service chain 2, it should first be sent to SF node 2, and thus the NSP and NSI in its header may be 2 and 255, respectively.
When the SFF1 receives the NSH packet 1 sent by the SFF of the computing unit where the client is located, it first knows the NSP and the NSI in the header, i.e. obtains 2 and 255, and can locate the SF node 2, so that the NSH packet 1 can be sent to the proxy node 2 corresponding to the SF node 2.
In step 101, when the proxy node 2 receives the NSH packet 1, the obtained NSP and NSI are 2 and 255, respectively.
In step 102, proxy node 2 maps NSP and NSI to a vlan tag number 1, and makes a mapping record as needed.
In step 103, the proxy node 2 obtains a vlan message 1 according to the vlan tag number 1.
In step 104, the proxy node 2 sends the vlan message 1 to the SFF 1.
Since it is sent from proxy node 2, SFF1 may send vlan message 1 to SF node 2. After receiving and processing, the SF node 2 returns a vlan message 1 to the SFF 1. Further, SFF1 may send vlan message 1 to proxy node 2 again.
In step 105, the proxy node 2 receives the vlan message 1, reads out the vlan tag number 1 to restore the NSP and the NSI, that is, obtains 2 and 255.
In step 106, proxy node 2 decrements the NSI by 1 to obtain a new NSI of 254.
In step 107, the proxy node 2 obtains a new NSH packet according to the NSP and the new NSI.
As can be seen, NSP and new NSI can be localized to SF node 3.
In step 108, the proxy node 2 sends the new NSH message to the SFF 1.
Further, the SFF1 may send the new NSH message to the proxy node 3 corresponding to the SF node 3. Thus, the process that the NSH message needs to pass through the SF node 2 in the service chain 2 is completed, and the process that the NSH message needs to pass through the SF node 3 in the service chain 2 is started.
Based on the same implementation principle, the proxy node 3 is used as an execution subject, and the above steps 101 to 108 are executed again, so that the process that the NSH message passes through the SF node 3 in the service chain 2 can be completed. By circulating the above steps, the NSH message can flow through the whole service chain 2 and finally reach the server.
In summary, in the embodiment of the present invention, since the SF node cannot identify the NSH packet, a proxy node may be established to execute: receiving an NSH message, deleting NSH encapsulation information, sending a vlan message to an SF node through a local logic component, receiving the vlan message returned by the SF node, adding NSH encapsulation information to the message again, and sending the message to an SFF for processing, which is equivalent to representing the SF node to identify the NSH message.
Based on the above, in an embodiment of the present invention, said mapping a vlan tag number and making a mapping record by combining said NSP and said NSI includes: combining said NSP and said NSI to calculate a marker value; judging whether the mapping record stored locally comprises the mark value or not; if so, acquiring the vlan tag number mapped by the mark value from the mapping record; if not, taking the locally stored vlan tag number as the vlan tag number mapped by the mark value, recording the mark value and the vlan tag number mapped by the mark value in the mapping record, and controlling the locally stored vlan tag number to be added by 1;
said restoring said NSP and said NSI according to said mapping record and said vlan tag number, comprising: obtaining the mark value mapped by the vlan tag number from the mapping record; and calculating the NSP and the NSI according to the mark value.
In the embodiment of the invention, the label value and the vlan tag number are in one-to-one mapping relationship.
When an NSH message is received and the calculated tag value has mapped the vlan tag number, the corresponding vlan tag number can be found according to the mapping record and recorded as the vlan tag number mapped by the tag value.
When an NSH message is received and the calculated mark value is not mapped with the vlan tag number, the corresponding vlan tag number can be mapped on site, and the mapping relation is recorded in the mapping record.
In detail, since the vlan tag number is mainly used to distinguish different tag values, the vlan tag numbers may be different from each other. When there is a mapping relationship between a locally currently stored vlan tag number and a tag value, it is necessary to perform an update process so that the locally newly stored vlan tag number is different from each existing vlan tag number. In the embodiment of the present invention, the locally stored vlan tag number may be updated from 0 locally with a step size of 1.
Based on the above, in one embodiment of the present invention, the calculating a label value by combining the NSP and the NSI includes: calculating a marker value according to a formula I by combining the NSP and the NSI;
said calculating said NSP and said NSI based on said marker value comprises: calculating the NSP according to a formula II and the mark value; calculating the NSI according to a formula III and the mark value;
the first formula comprises: NSP _ NSI ═ p < 8 | i;
the second formula includes: p ═ NSP _ NSI > 8;
the third formula includes: i — NSP _ NSI &0x000000 FF;
wherein p is the value of NSP, i is the value of NSI, and NSP _ NSI is the marker value.
Of course, since the vlan tag numbers are mainly used to distinguish different tag values, in other embodiments of the present invention, other vlan tag number updating methods may be used, as long as it is ensured that the latest vlan tag number is different from each existing vlan tag number. For example, the step size may be a value such as 2 or 10, or a new random number generated randomly may be used as the vlan tag number.
In an embodiment of the present invention, said obtaining a new NSI according to the NSI includes: controlling the NSI by 1 to obtain a new NSI; the hop count of the first SF node in any service chain is 255.
In detail, when an NSH message needs to go through an SF node, the NSP and NSI in the NSH message should be uniquely located to the SF node. Thus, after going through a SF node, the value of NSI needs to be updated. Of course, since NSH messages are transmitted in the same service chain, the value of NSP is not changed.
For example, for the service chain 1, if the NSP and the NSI of an NSH message are 1 and 255, respectively, it indicates that the NSH message needs to be sent to the SF node 1. After the SF node 1 receives and processes the message, since it needs to continuously send the message to the SF node 2, the NSP and NSI of the NSH message to be sent should be 1 and 254, respectively.
Until the new NSI is 252, it indicates that the NSH packet has passed through SF node 3, and there is no next SF node, so NSH packets whose NSP and NSI are 1 and 252, respectively, can be sent to server.
In an embodiment of the present invention, when the new NSI is 0, the corresponding NSH packet may be discarded, so as to avoid generating a loop.
Therefore, in other embodiments of the present invention, other NSI updating methods may also be used to obtain the new NSI, as long as it is ensured that the NSP and the new NSI can locate the next node to be sent, and the node may be an SF node or a server.
In an embodiment of the present invention, when sending a vlan message to an SFF, the vlan message may be hung on a tap port of an OVS through a proxy node to be sent out. Correspondingly, when the vlan message is transmitted between the SF node and the SFF, the vlan message can be hung on two tap ports of the OVS based on the SF node, so that the vlan message can enter and exit the SF node.
In summary, the embodiment of the present invention solves the problem that the traditional SF node cannot identify the NSH packet in the service chain, and adapts to the OVS-based cloud platform and the service chain established by the virtual machine between any tenants. Moreover, the mapping calculation of nsp _ nsi and vlan is a stateless connection, which can still work even if the proxy node restarts.
As shown in fig. 2, an embodiment of the present invention provides a proxy node, where the proxy node only corresponds to an SF node, and the proxy node includes:
an NSH packet processing unit 201, configured to, when an NSH packet sent by an SFF is received, obtain an NSP and an NSI in a packet header of the NSH packet, where the NSP represents a first service chain, and the NSI represents a hop count of the SF node in the first service chain; combining the NSP and the NSI, mapping a vlan tag number and recording the mapping;
a vlan message generating unit 202, configured to obtain a vlan message, where a message header of the vlan message includes the vlan tag number, and a message body of the vlan message is a message body of the NSH message; sending the vlan message to the SFF so that the SFF forwards the vlan message to the SF node;
a vlan message processing unit 203, configured to restore the NSP and the NSI according to the mapping record and the vlan tag number when receiving the vlan message sent by the SFF; obtaining a new NSI according to the NSI, so that when a next SF node of the SF nodes exists in the first service chain, the new NSI represents the hop count of the next SF node in the first service chain;
a new NSH packet generating unit 204, configured to obtain a new NSH packet, where a packet header of the new NSH packet includes the NSP and the new NSI, and a packet body of the new NSH packet is a packet body of the vlan packet; and sending the new NSH message to the SFF, so that the SFF forwards the new NSH message to the next SF node when the next SF node exists in the first service chain.
In an embodiment of the present invention, the NSH packet processing unit 201 is configured to calculate a flag value by combining the NSP and the NSI; judging whether the mapping record stored locally comprises the mark value or not; if so, acquiring the vlan tag number mapped by the mark value from the mapping record; if not, taking the locally stored vlan tag number as the vlan tag number mapped by the mark value, recording the mark value and the vlan tag number mapped by the mark value in the mapping record, and controlling the locally stored vlan tag number to be added by 1;
the vlan message processing unit 203 is configured to obtain the tag value mapped by the vlan tag number from the mapping record; and calculating the NSP and the NSI according to the mark value.
In an embodiment of the present invention, the NSH packet processing unit 201 is configured to calculate a flag value according to the formula one, in combination with the NSP and the NSI;
the vlan message processing unit 203 is configured to calculate the NSP according to the second formula and the flag value; and calculating the NSI according to the third formula and the mark value.
In an embodiment of the present invention, the vlan message processing unit 203 is configured to control the NSI to subtract 1 to obtain a new NSI; the hop count of the first SF node in any service chain is 255.
As shown in fig. 3, an embodiment of the present invention provides an SF calculation unit, including:
the SFF301, at least one proxy node 302, and each unique SF node 303 corresponding to the proxy node 302;
wherein, the SFF301 is configured to execute the following processes:
a1: receiving a forwarding flow table sent by an external cloud platform upper-layer controller, wherein the forwarding flow table comprises at least one service chain and the hop count of each SF node in the service chain;
a2: when an NSH message is received, acquiring NSP and NSI in a message header of the NSH message, wherein the NSP represents a second service chain;
a3: judging whether the second service chain comprises a first SF node or not according to the forwarding flow table, so that the NSI represents the hop count of the first SF node in the second service chain, if so, executing A4, otherwise, executing A8;
a4: judging whether the SF computing unit comprises the first SF node, if so, executing A5, otherwise, executing A9;
a5: sending the NSH message to a first proxy node corresponding to the first SF node;
a6: when receiving a vlan message sent by the first proxy node, sending the vlan message to the first SF node;
a7: when receiving the vlan message sent by the first SF node, sending the vlan message to the first proxy node, and executing a 2;
a8: sending the NSH message to an external terminal computing unit, and ending the current process;
a9: sending the NSH message to an SFF in an SF computing unit where the first SF node is located;
each SF node 303 is configured to process a vlan message when receiving the vlan message; and sending the vlan message to the SFF 301.
As shown in fig. 4, an embodiment of the present invention provides an NSH message processing system, including: a cloud platform 401 and a cloud platform upper controller 402;
the cloud platform 401 includes a source computing unit 4011, a terminal computing unit 4012, and at least one SF computing unit 4013;
wherein the source computing unit 4011 comprises a client40111 and a first SFF 40112;
wherein, the terminal computing unit 4012 comprises a server40121 and a second SFF 40122;
the client40111 is configured to send the generated NSH message to the first SFF 40112;
the first SFF40112 is configured to receive a forwarding flow table sent by the cloud platform upper controller 402, where the forwarding flow table includes at least one service chain; acquiring an NSP in a message header of the NSH message when the NSH message is received, wherein the NSP represents a third service chain; sending the NSH message to an SFF in an SF computing unit where a second SF node is located according to the forwarding flow table, wherein the second SF node is a first SF node in the third service chain;
and the second SFF40122 is configured to send the received NSH message to the server 40121.
Because the information interaction, execution process, and other contents between the units in the device are based on the same concept as the method embodiment of the present invention, specific contents may refer to the description in the method embodiment of the present invention, and are not described herein again.
In summary, the embodiments of the present invention have at least the following advantages:
1. in the embodiment of the invention, the proxy node which only corresponds to an SF node maps a vlan tag number according to NSP and NSI in a message header and makes a mapping record when receiving an NSH message sent by an SFF, and forwards the vlan message added with the vlan tag number to the SF node through the SFF, wherein the SF node can be pointed by combining the NSP and the NSI; when the SFF sends a vlan message, NSP and NSI are restored according to the mapping record, new NSI is obtained according to the NSI, and the new NSH message comprising the NSP and the new NSI is forwarded to the next SF node or the terminal point through the SFF, wherein the combination of the NSP and the NSI can point to the next SF node or the terminal point. Therefore, the embodiment of the invention can solve the problem that the SF node can not identify the NSH message.
2. In the embodiment of the invention, for the traditional SF node which can not identify the NSH message, a proxy node can be established to replace the traditional SF node to process the message header of the NSH message, and the NSH label is mapped to a vlan label which can be identified by the traditional SF node, so that the traditional SF node can indirectly identify the NSH message.
3. The embodiment of the invention solves the problem that the traditional SF node can not identify the NSH message of the service chain, and simultaneously adapts to the cloud platform based on the OVS and the service chain established by the virtual machine between any tenants. Moreover, the mapping calculation of nsp _ nsi and vlan is a stateless connection, which can still work even if the proxy node restarts.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a" does not exclude the presence of other similar elements in a process, method, article, or apparatus that comprises the element.
Those of ordinary skill in the art will understand that: all or part of the steps for realizing the method embodiments can be completed by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps comprising the method embodiments when executed; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it is to be noted that: the above description is only a preferred embodiment of the present invention, and is only used to illustrate the technical solutions of the present invention, and not to limit the protection scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.