CN109756521B - NSH message processing method, device and system - Google Patents

NSH message processing method, device and system Download PDF

Info

Publication number
CN109756521B
CN109756521B CN201910216901.7A CN201910216901A CN109756521B CN 109756521 B CN109756521 B CN 109756521B CN 201910216901 A CN201910216901 A CN 201910216901A CN 109756521 B CN109756521 B CN 109756521B
Authority
CN
China
Prior art keywords
message
nsi
node
nsh
nsp
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910216901.7A
Other languages
Chinese (zh)
Other versions
CN109756521A (en
Inventor
任秋峥
胡章丰
李彦君
路海龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur Cloud Information Technology Co Ltd
Original Assignee
Inspur Cloud Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Cloud Information Technology Co Ltd filed Critical Inspur Cloud Information Technology Co Ltd
Priority to CN201910216901.7A priority Critical patent/CN109756521B/en
Publication of CN109756521A publication Critical patent/CN109756521A/en
Application granted granted Critical
Publication of CN109756521B publication Critical patent/CN109756521B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention provides a method, a device and a system for processing NSH messages, wherein the method comprises the following steps: only one proxy node corresponding to an SF node is used for mapping a vlan tag number according to NSP and NSI in a message header and making mapping record when receiving an NSH message sent by an SFF, and forwarding the vlan message added with the vlan tag number to the SF node through the SFF, wherein the SF node can be pointed by combining the NSP and the NSI; when the SFF sends a vlan message, NSP and NSI are restored according to the mapping record, new NSI is obtained according to the NSI, and the new NSH message comprising the NSP and the new NSI is forwarded to the next SF node or the terminal point through the SFF, wherein the combination of the NSP and the NSI can point to the next SF node or the terminal point. Therefore, the scheme can solve the problem that the SF node cannot identify the NSH message.

Description

NSH message processing method, device and system
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method, an apparatus, and a system for processing an NSH packet.
Background
When a data packet is transmitted in a network, the data packet needs to sequentially pass through each SF (service function) node in a preset service chain, so that the network can be guaranteed to provide safe, fast and stable network service for a user according to design requirements. Wherein the service chains can be arranged in a defined order as required by the business logic. The number of hops for different SF nodes in the same service chain is different.
The SF node may be a firewall (firewall), a WAN device accelerator, a Deep Packet Inspection (DPI), a Network Address Translation (NAT), or the like. In general, the SF node is responsible for performing specific function processing on a received data packet.
However, the SF node cannot identify an NSH (network service head) packet, and thus cannot process the received NSH packet. NSH is a data plane transport protocol.
Disclosure of Invention
The invention provides a NSH message processing method, a device and a system, which can solve the problem that an SF node cannot identify an NSH message.
In order to achieve the purpose, the invention is realized by the following technical scheme:
in a first aspect, the present invention provides an NSH packet processing method, which is applied to a proxy node, where the proxy node only corresponds to an SF node, and the method includes:
when receiving an NSH packet sent by an SFF (Service Function Forwarder), acquiring an NSP (NSH Path ) and an NSI (NSH Index ) in a packet header of the NSH packet, where the NSP represents a first Service chain and the NSI represents a hop count of the SF node in the first Service chain;
combining the NSP and the NSI, mapping a Virtual Local Area Network (VLAN) tag number and making a mapping record;
obtaining a vlan message, wherein a message header of the vlan message comprises the vlan tag number, and a message body of the vlan message is a message body of the NSH message;
sending the vlan message to the SFF so that the SFF forwards the vlan message to the SF node;
when the vlan message sent by the SFF is received, restoring the NSP and the NSI according to the mapping record and the vlan tag number;
obtaining a new NSI according to the NSI, so that when a next SF node of the SF nodes exists in the first service chain, the new NSI represents the hop count of the next SF node in the first service chain;
acquiring a new NSH message, wherein the message header of the new NSH message comprises the NSP and the new NSI, and the message body of the new NSH message is the message body of the vlan message;
and sending the new NSH message to the SFF, so that the SFF forwards the new NSH message to the next SF node when the next SF node exists in the first service chain.
Further, said mapping a vlan tag number and recording the mapping in combination with said NSP and said NSI comprises: combining said NSP and said NSI to calculate a marker value; judging whether the mapping record stored locally comprises the mark value or not; if so, acquiring the vlan tag number mapped by the mark value from the mapping record; if not, taking the locally stored vlan tag number as the vlan tag number mapped by the mark value, recording the mark value and the vlan tag number mapped by the mark value in the mapping record, and controlling the locally stored vlan tag number to be added by 1;
said restoring said NSP and said NSI according to said mapping record and said vlan tag number, comprising: obtaining the mark value mapped by the vlan tag number from the mapping record; and calculating the NSP and the NSI according to the mark value.
Further, said combining said NSP and said NSI to calculate a marker value comprising: calculating a marker value according to a formula I by combining the NSP and the NSI;
said calculating said NSP and said NSI based on said marker value comprises: calculating the NSP according to a formula II and the mark value; calculating the NSI according to a formula III and the mark value;
the first formula comprises: NSP _ NSI ═ p < 8 | i;
the second formula includes: p ═ NSP _ NSI > 8;
the third formula includes: i — NSP _ NSI &0x000000 FF;
wherein p is the value of NSP, i is the value of NSI, and NSP _ NSI is the marker value.
Further, obtaining a new NSI according to the NSI includes: controlling the NSI by 1 to obtain a new NSI; the hop count of the first SF node in any service chain is 255.
In a second aspect, the present invention provides a proxy node, where the proxy node only corresponds to an SF node, and the proxy node includes:
an NSH packet processing unit, configured to, when an NSH packet sent by an SFF is received, obtain an NSP and an NSI in a packet header of the NSH packet, where the NSP represents a first service chain, and the NSI represents a hop count of the SF node in the first service chain; combining the NSP and the NSI, mapping a vlan tag number and recording the mapping;
a vlan message generating unit, configured to obtain a vlan message, where a message header of the vlan message includes the vlan tag number, and a message body of the vlan message is a message body of the NSH message; sending the vlan message to the SFF so that the SFF forwards the vlan message to the SF node;
a vlan message processing unit, configured to restore the NSP and the NSI according to the mapping record and the vlan tag number when receiving the vlan message sent by the SFF; obtaining a new NSI according to the NSI, so that when a next SF node of the SF nodes exists in the first service chain, the new NSI represents the hop count of the next SF node in the first service chain;
a new NSH packet generating unit, configured to obtain a new NSH packet, where a packet header of the new NSH packet includes the NSP and the new NSI, and a packet body of the new NSH packet is a packet body of the vlan packet; and sending the new NSH message to the SFF, so that the SFF forwards the new NSH message to the next SF node when the next SF node exists in the first service chain.
Further, the NSH packet processing unit is configured to calculate a tag value by combining the NSP and the NSI; judging whether the mapping record stored locally comprises the mark value or not; if so, acquiring the vlan tag number mapped by the mark value from the mapping record; if not, taking the locally stored vlan tag number as the vlan tag number mapped by the mark value, recording the mark value and the vlan tag number mapped by the mark value in the mapping record, and controlling the locally stored vlan tag number to be added by 1;
the vlan message processing unit is configured to obtain the tag value mapped by the vlan tag number from the mapping record; and calculating the NSP and the NSI according to the mark value.
Further, the NSH packet processing unit is configured to calculate a flag value according to a formula one by combining the NSP and the NSI;
the vlan message processing unit is configured to calculate the NSP according to a formula two and the flag value; calculating the NSI according to a formula III and the mark value;
the first formula comprises: NSP _ NSI ═ p < 8 | i;
the second formula includes: p ═ NSP _ NSI > 8;
the third formula includes: i — NSP _ NSI &0x000000 FF;
wherein p is the value of NSP, i is the value of NSI, and NSP _ NSI is the marker value.
Further, the vlan message processing unit is configured to control the NSI to subtract 1 to obtain a new NSI; the hop count of the first SF node in any service chain is 255.
In a third aspect, the present invention provides an SF calculation unit, including:
SFF, at least one proxy node and each unique SF node corresponding to the proxy node;
wherein, the SFF is configured to execute the following processes:
a1: receiving a forwarding flow table sent by an external cloud platform upper-layer controller, wherein the forwarding flow table comprises at least one service chain and the hop count of each SF node in the service chain;
a2: when an NSH message is received, acquiring NSP and NSI in a message header of the NSH message, wherein the NSP represents a second service chain;
a3: judging whether the second service chain comprises a first SF node or not according to the forwarding flow table, so that the NSI represents the hop count of the first SF node in the second service chain, if so, executing A4, otherwise, executing A8;
a4: judging whether the SF computing unit comprises the first SF node, if so, executing A5, otherwise, executing A9;
a5: sending the NSH message to a first proxy node corresponding to the first SF node;
a6: when receiving a vlan message sent by the first proxy node, sending the vlan message to the first SF node;
a7: when receiving the vlan message sent by the first SF node, sending the vlan message to the first proxy node, and executing a 2;
a8: sending the NSH message to an external terminal computing unit, and ending the current process;
a9: sending the NSH message to an SFF in an SF computing unit where the first SF node is located;
each SF node is used for processing a vlan message when receiving the vlan message; and sending the vlan message to the SFF.
In a fourth aspect, the present invention provides an NSH packet processing system, including:
the system comprises a cloud platform and a cloud platform upper controller;
the cloud platform comprises a source end computing unit, a terminal computing unit and at least one SF computing unit;
wherein the source end computing unit comprises a client and a first SFF;
wherein, the terminal computing unit comprises a server and a second SFF;
the client is used for sending the generated NSH message to the first SFF;
the first SFF is used for receiving a forwarding flow table sent by the cloud platform upper controller, and the forwarding flow table comprises at least one service chain; acquiring an NSP in a message header of the NSH message when the NSH message is received, wherein the NSP represents a third service chain; sending the NSH message to an SFF in an SF computing unit where a second SF node is located according to the forwarding flow table, wherein the second SF node is a first SF node in the third service chain;
and the second SFF is used for sending the received NSH message to the server.
The invention provides a method, a device and a system for processing NSH messages, wherein the method comprises the following steps: only one proxy node corresponding to an SF node is used for mapping a vlan tag number according to NSP and NSI in a message header and making mapping record when receiving an NSH message sent by an SFF, and forwarding the vlan message added with the vlan tag number to the SF node through the SFF, wherein the SF node can be pointed by combining the NSP and the NSI; when the SFF sends a vlan message, NSP and NSI are restored according to the mapping record, new NSI is obtained according to the NSI, and the new NSH message comprising the NSP and the new NSI is forwarded to the next SF node or the terminal point through the SFF, wherein the combination of the NSP and the NSI can point to the next SF node or the terminal point. Therefore, the invention can solve the problem that the SF node can not identify the NSH message.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a flowchart of an NSH message processing method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a proxy node according to an embodiment of the present invention;
fig. 3 is a schematic diagram of an SF calculation unit according to an embodiment of the present invention;
fig. 4 is a schematic diagram of an NSH message processing system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer and more complete, the technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention, and based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without creative efforts belong to the scope of the present invention.
As shown in fig. 1, an embodiment of the present invention provides an NSH packet processing method, which is applied to a proxy node, where the proxy node only corresponds to an SF node, and the method may include the following steps:
step 101: when receiving an NSH message sent by an SFF, acquiring NSP and NSI in a message header of the NSH message, wherein the NSP represents a first service chain, and the NSI represents the hop count of the SF node in the first service chain.
Step 102: and combining the NSP and the NSI, mapping a vlan tag number and making a mapping record.
Step 103: and obtaining a vlan message, wherein a message header of the vlan message comprises the vlan tag number, and a message body of the vlan message is a message body of the NSH message.
Step 104: and sending the vlan message to the SFF so that the SFF forwards the vlan message to the SF node.
Step 105: and when the vlan message sent by the SFF is received, restoring the NSP and the NSI according to the mapping record and the vlan tag number.
Step 106: and obtaining a new NSI according to the NSI, so that when a next SF node of the SF nodes exists in the first service chain, the new NSI represents the hop count of the next SF node in the first service chain.
Step 107: and acquiring a new NSH message, wherein the message header of the new NSH message comprises the NSP and the new NSI, and the message body of the new NSH message is the message body of the vlan message.
Step 108: and sending the new NSH message to the SFF, so that the SFF forwards the new NSH message to the next SF node when the next SF node exists in the first service chain.
The embodiment of the invention provides an NSH message processing method, which comprises the following steps: only one proxy node corresponding to an SF node is used for mapping a vlan tag number according to NSP and NSI in a message header and making mapping record when receiving an NSH message sent by an SFF, and forwarding the vlan message added with the vlan tag number to the SF node through the SFF, wherein the SF node can be pointed by combining the NSP and the NSI; when the SFF sends a vlan message, NSP and NSI are restored according to the mapping record, new NSI is obtained according to the NSI, and the new NSH message comprising the NSP and the new NSI is forwarded to the next SF node or the terminal point through the SFF, wherein the combination of the NSP and the NSI can point to the next SF node or the terminal point. Therefore, the embodiment of the invention can solve the problem that the SF node can not identify the NSH message.
In detail, the SF node is generally responsible for performing function-specific processing on received packets. The SF node acts as a logical component, which may be a virtual element in terms of implementation or some function embedded in a specific network device. For example, common SF nodes may have: firewall, WAN device accelerator, DPI, NAT, etc.
In the embodiment of the invention, for the traditional SF node which can not identify the NSH message, a proxy node can be established to replace the traditional SF node to process the message header of the NSH message, and the NSH label is mapped to a vlan label which can be identified by the traditional SF node, so that the traditional SF node can indirectly identify the NSH message.
Typically, the cloud platform includes a client and a server, and also several SF nodes. The NSH message sent by the client as the source needs to sequentially pass through each SF node in the service chain, and finally reaches the server as the destination. Therefore, the NSH message sent by the client may be sent to the first SF node in the service chain, and then forwarded to the next SF node by each SF node, and sent to the server by the last SF node in the service chain.
In detail, the SFF is mainly responsible for traffic forwarding control over the service chain. Typically, it may be an OVS (OpenvSwitch) bridge. Wherein, the OVS is a high-quality and multi-layer virtual switching software. Thus, there may be one br-int bridge on each compute node as an SFF. The responsibility of the SFF is to direct the data message to the next SF node, the next SF compute node, or the server. The SFF may be programmed by an SDN (Network Defined Software) controller, such as an odl (optional) controller.
In the embodiment of the invention, the SF node can exist in a virtual machine form, and a virtual machine network port is hung on the OVS in a tap port form.
In detail, a service Function chain, or sfc (service Function chain), defines an abstract ordered set of SF nodes. The classified data packets need to traverse each SF node in the set in sequence. Such as: the user can configure the firewall → qos → dpi three services to construct an SFC.
In general, the organization sequence of the service chain is independent of the physical topology of the service nodes, and after the data packet enters the service chain, the data packet will pass through each SF node according to the sequence established by the service chain.
In the embodiment of the invention, the message forwarding operation can be realized through the SFF. Specifically, each SF calculation unit may include one SFF, several SF nodes and proxy nodes in one-to-one correspondence. Thus, the SFF of the computing unit where the client is located may forward the NSH message to the SFF of the SF computing unit where the first SF node is located. The SFF of the SF computing unit where the last SF node is located may finally send the NSH message to the SFF of the computing unit where the server is located.
Correspondingly, for the SFF in any SF computing unit, the received NSH message may be sent from the SFF of another computing unit, or from an SF node of the computing unit where the SFF is located; the NSH message to be sent may be sent to the SFF of another computing unit, or may be sent to a proxy node of the computing unit where the NSH message is located.
Specifically, the SFF in the SF calculation unit sends the NSH message to a proxy node corresponding to the SF node, and the proxy node converts the NSH message into a vlan message and then sends the vlan message to the SF node. And after receiving the vlan message and performing corresponding processing, the SF node returns the vlan message to the SFF again. Therefore, the SFF returns the vlan message returned by the SF node to the proxy node corresponding to the SF node, and the proxy node converts the vlan message into an NSH message, so that the NSH message can be sent to the next node.
In detail, when receiving a vlan message, the SF node may identify its header and process the relevant fields in the message.
In detail, the vlan message returned by the SF node may be an original vlan message, or may be a vlan message obtained by processing the original vlan message.
When the next node is the server, the NSH message may be sent to the SFF of the computing unit where the server is located.
The next node is an SF node, and when the next node is not in the same SF computing node as the SF node, the next node can send the NSH message to the SFF of the computing unit where the next node is located.
The next node is an SF node, and when the next node is in the same SF calculation node as the SF node, the next node can send the NSH message to the proxy node corresponding to the next node.
In short, the SFF achieves the purpose of forwarding the message, except for the client and the server, in order to send the NSH message from one SF node to the next SF node in the service chain.
Based on the above, in step 101, when a proxy node receives an NSH message, the NSP and NSI in the header of the message should be directed to its corresponding SF node. In step 108, for a new NSH packet sent by a proxy node, if there is a next SF node, the NSP and NSI in the header of the packet should be directed to the next SF node, otherwise, the packet should be directed to a server.
In detail, NSP may characterize a service chain, and NSI may characterize a number of hops. Because the hop counts of different SF nodes in the same service chain are different, the combination of the NSP and the NSI can know which SF node is the transmission object of the NSH message.
For example, assume that there are two service chains as follows:
service chain 1: SF node 1 → SF node 2 → SF node 3, the hop count is 255, 254, 253 in order;
service chain 2: SF node 2 → SF node 3 → SF node 4, the number of hops is 255, 254, 253 in that order.
Assume that the cloud platform includes only one SF computing unit, and that the SF computing unit includes one SFF1 and the above-mentioned 4 SF nodes.
Assuming that a client issues an NSH message 1 that needs to go through service chain 2, it should first be sent to SF node 2, and thus the NSP and NSI in its header may be 2 and 255, respectively.
When the SFF1 receives the NSH packet 1 sent by the SFF of the computing unit where the client is located, it first knows the NSP and the NSI in the header, i.e. obtains 2 and 255, and can locate the SF node 2, so that the NSH packet 1 can be sent to the proxy node 2 corresponding to the SF node 2.
In step 101, when the proxy node 2 receives the NSH packet 1, the obtained NSP and NSI are 2 and 255, respectively.
In step 102, proxy node 2 maps NSP and NSI to a vlan tag number 1, and makes a mapping record as needed.
In step 103, the proxy node 2 obtains a vlan message 1 according to the vlan tag number 1.
In step 104, the proxy node 2 sends the vlan message 1 to the SFF 1.
Since it is sent from proxy node 2, SFF1 may send vlan message 1 to SF node 2. After receiving and processing, the SF node 2 returns a vlan message 1 to the SFF 1. Further, SFF1 may send vlan message 1 to proxy node 2 again.
In step 105, the proxy node 2 receives the vlan message 1, reads out the vlan tag number 1 to restore the NSP and the NSI, that is, obtains 2 and 255.
In step 106, proxy node 2 decrements the NSI by 1 to obtain a new NSI of 254.
In step 107, the proxy node 2 obtains a new NSH packet according to the NSP and the new NSI.
As can be seen, NSP and new NSI can be localized to SF node 3.
In step 108, the proxy node 2 sends the new NSH message to the SFF 1.
Further, the SFF1 may send the new NSH message to the proxy node 3 corresponding to the SF node 3. Thus, the process that the NSH message needs to pass through the SF node 2 in the service chain 2 is completed, and the process that the NSH message needs to pass through the SF node 3 in the service chain 2 is started.
Based on the same implementation principle, the proxy node 3 is used as an execution subject, and the above steps 101 to 108 are executed again, so that the process that the NSH message passes through the SF node 3 in the service chain 2 can be completed. By circulating the above steps, the NSH message can flow through the whole service chain 2 and finally reach the server.
In summary, in the embodiment of the present invention, since the SF node cannot identify the NSH packet, a proxy node may be established to execute: receiving an NSH message, deleting NSH encapsulation information, sending a vlan message to an SF node through a local logic component, receiving the vlan message returned by the SF node, adding NSH encapsulation information to the message again, and sending the message to an SFF for processing, which is equivalent to representing the SF node to identify the NSH message.
Based on the above, in an embodiment of the present invention, said mapping a vlan tag number and making a mapping record by combining said NSP and said NSI includes: combining said NSP and said NSI to calculate a marker value; judging whether the mapping record stored locally comprises the mark value or not; if so, acquiring the vlan tag number mapped by the mark value from the mapping record; if not, taking the locally stored vlan tag number as the vlan tag number mapped by the mark value, recording the mark value and the vlan tag number mapped by the mark value in the mapping record, and controlling the locally stored vlan tag number to be added by 1;
said restoring said NSP and said NSI according to said mapping record and said vlan tag number, comprising: obtaining the mark value mapped by the vlan tag number from the mapping record; and calculating the NSP and the NSI according to the mark value.
In the embodiment of the invention, the label value and the vlan tag number are in one-to-one mapping relationship.
When an NSH message is received and the calculated tag value has mapped the vlan tag number, the corresponding vlan tag number can be found according to the mapping record and recorded as the vlan tag number mapped by the tag value.
When an NSH message is received and the calculated mark value is not mapped with the vlan tag number, the corresponding vlan tag number can be mapped on site, and the mapping relation is recorded in the mapping record.
In detail, since the vlan tag number is mainly used to distinguish different tag values, the vlan tag numbers may be different from each other. When there is a mapping relationship between a locally currently stored vlan tag number and a tag value, it is necessary to perform an update process so that the locally newly stored vlan tag number is different from each existing vlan tag number. In the embodiment of the present invention, the locally stored vlan tag number may be updated from 0 locally with a step size of 1.
Based on the above, in one embodiment of the present invention, the calculating a label value by combining the NSP and the NSI includes: calculating a marker value according to a formula I by combining the NSP and the NSI;
said calculating said NSP and said NSI based on said marker value comprises: calculating the NSP according to a formula II and the mark value; calculating the NSI according to a formula III and the mark value;
the first formula comprises: NSP _ NSI ═ p < 8 | i;
the second formula includes: p ═ NSP _ NSI > 8;
the third formula includes: i — NSP _ NSI &0x000000 FF;
wherein p is the value of NSP, i is the value of NSI, and NSP _ NSI is the marker value.
Of course, since the vlan tag numbers are mainly used to distinguish different tag values, in other embodiments of the present invention, other vlan tag number updating methods may be used, as long as it is ensured that the latest vlan tag number is different from each existing vlan tag number. For example, the step size may be a value such as 2 or 10, or a new random number generated randomly may be used as the vlan tag number.
In an embodiment of the present invention, said obtaining a new NSI according to the NSI includes: controlling the NSI by 1 to obtain a new NSI; the hop count of the first SF node in any service chain is 255.
In detail, when an NSH message needs to go through an SF node, the NSP and NSI in the NSH message should be uniquely located to the SF node. Thus, after going through a SF node, the value of NSI needs to be updated. Of course, since NSH messages are transmitted in the same service chain, the value of NSP is not changed.
For example, for the service chain 1, if the NSP and the NSI of an NSH message are 1 and 255, respectively, it indicates that the NSH message needs to be sent to the SF node 1. After the SF node 1 receives and processes the message, since it needs to continuously send the message to the SF node 2, the NSP and NSI of the NSH message to be sent should be 1 and 254, respectively.
Until the new NSI is 252, it indicates that the NSH packet has passed through SF node 3, and there is no next SF node, so NSH packets whose NSP and NSI are 1 and 252, respectively, can be sent to server.
In an embodiment of the present invention, when the new NSI is 0, the corresponding NSH packet may be discarded, so as to avoid generating a loop.
Therefore, in other embodiments of the present invention, other NSI updating methods may also be used to obtain the new NSI, as long as it is ensured that the NSP and the new NSI can locate the next node to be sent, and the node may be an SF node or a server.
In an embodiment of the present invention, when sending a vlan message to an SFF, the vlan message may be hung on a tap port of an OVS through a proxy node to be sent out. Correspondingly, when the vlan message is transmitted between the SF node and the SFF, the vlan message can be hung on two tap ports of the OVS based on the SF node, so that the vlan message can enter and exit the SF node.
In summary, the embodiment of the present invention solves the problem that the traditional SF node cannot identify the NSH packet in the service chain, and adapts to the OVS-based cloud platform and the service chain established by the virtual machine between any tenants. Moreover, the mapping calculation of nsp _ nsi and vlan is a stateless connection, which can still work even if the proxy node restarts.
As shown in fig. 2, an embodiment of the present invention provides a proxy node, where the proxy node only corresponds to an SF node, and the proxy node includes:
an NSH packet processing unit 201, configured to, when an NSH packet sent by an SFF is received, obtain an NSP and an NSI in a packet header of the NSH packet, where the NSP represents a first service chain, and the NSI represents a hop count of the SF node in the first service chain; combining the NSP and the NSI, mapping a vlan tag number and recording the mapping;
a vlan message generating unit 202, configured to obtain a vlan message, where a message header of the vlan message includes the vlan tag number, and a message body of the vlan message is a message body of the NSH message; sending the vlan message to the SFF so that the SFF forwards the vlan message to the SF node;
a vlan message processing unit 203, configured to restore the NSP and the NSI according to the mapping record and the vlan tag number when receiving the vlan message sent by the SFF; obtaining a new NSI according to the NSI, so that when a next SF node of the SF nodes exists in the first service chain, the new NSI represents the hop count of the next SF node in the first service chain;
a new NSH packet generating unit 204, configured to obtain a new NSH packet, where a packet header of the new NSH packet includes the NSP and the new NSI, and a packet body of the new NSH packet is a packet body of the vlan packet; and sending the new NSH message to the SFF, so that the SFF forwards the new NSH message to the next SF node when the next SF node exists in the first service chain.
In an embodiment of the present invention, the NSH packet processing unit 201 is configured to calculate a flag value by combining the NSP and the NSI; judging whether the mapping record stored locally comprises the mark value or not; if so, acquiring the vlan tag number mapped by the mark value from the mapping record; if not, taking the locally stored vlan tag number as the vlan tag number mapped by the mark value, recording the mark value and the vlan tag number mapped by the mark value in the mapping record, and controlling the locally stored vlan tag number to be added by 1;
the vlan message processing unit 203 is configured to obtain the tag value mapped by the vlan tag number from the mapping record; and calculating the NSP and the NSI according to the mark value.
In an embodiment of the present invention, the NSH packet processing unit 201 is configured to calculate a flag value according to the formula one, in combination with the NSP and the NSI;
the vlan message processing unit 203 is configured to calculate the NSP according to the second formula and the flag value; and calculating the NSI according to the third formula and the mark value.
In an embodiment of the present invention, the vlan message processing unit 203 is configured to control the NSI to subtract 1 to obtain a new NSI; the hop count of the first SF node in any service chain is 255.
As shown in fig. 3, an embodiment of the present invention provides an SF calculation unit, including:
the SFF301, at least one proxy node 302, and each unique SF node 303 corresponding to the proxy node 302;
wherein, the SFF301 is configured to execute the following processes:
a1: receiving a forwarding flow table sent by an external cloud platform upper-layer controller, wherein the forwarding flow table comprises at least one service chain and the hop count of each SF node in the service chain;
a2: when an NSH message is received, acquiring NSP and NSI in a message header of the NSH message, wherein the NSP represents a second service chain;
a3: judging whether the second service chain comprises a first SF node or not according to the forwarding flow table, so that the NSI represents the hop count of the first SF node in the second service chain, if so, executing A4, otherwise, executing A8;
a4: judging whether the SF computing unit comprises the first SF node, if so, executing A5, otherwise, executing A9;
a5: sending the NSH message to a first proxy node corresponding to the first SF node;
a6: when receiving a vlan message sent by the first proxy node, sending the vlan message to the first SF node;
a7: when receiving the vlan message sent by the first SF node, sending the vlan message to the first proxy node, and executing a 2;
a8: sending the NSH message to an external terminal computing unit, and ending the current process;
a9: sending the NSH message to an SFF in an SF computing unit where the first SF node is located;
each SF node 303 is configured to process a vlan message when receiving the vlan message; and sending the vlan message to the SFF 301.
As shown in fig. 4, an embodiment of the present invention provides an NSH message processing system, including: a cloud platform 401 and a cloud platform upper controller 402;
the cloud platform 401 includes a source computing unit 4011, a terminal computing unit 4012, and at least one SF computing unit 4013;
wherein the source computing unit 4011 comprises a client40111 and a first SFF 40112;
wherein, the terminal computing unit 4012 comprises a server40121 and a second SFF 40122;
the client40111 is configured to send the generated NSH message to the first SFF 40112;
the first SFF40112 is configured to receive a forwarding flow table sent by the cloud platform upper controller 402, where the forwarding flow table includes at least one service chain; acquiring an NSP in a message header of the NSH message when the NSH message is received, wherein the NSP represents a third service chain; sending the NSH message to an SFF in an SF computing unit where a second SF node is located according to the forwarding flow table, wherein the second SF node is a first SF node in the third service chain;
and the second SFF40122 is configured to send the received NSH message to the server 40121.
Because the information interaction, execution process, and other contents between the units in the device are based on the same concept as the method embodiment of the present invention, specific contents may refer to the description in the method embodiment of the present invention, and are not described herein again.
In summary, the embodiments of the present invention have at least the following advantages:
1. in the embodiment of the invention, the proxy node which only corresponds to an SF node maps a vlan tag number according to NSP and NSI in a message header and makes a mapping record when receiving an NSH message sent by an SFF, and forwards the vlan message added with the vlan tag number to the SF node through the SFF, wherein the SF node can be pointed by combining the NSP and the NSI; when the SFF sends a vlan message, NSP and NSI are restored according to the mapping record, new NSI is obtained according to the NSI, and the new NSH message comprising the NSP and the new NSI is forwarded to the next SF node or the terminal point through the SFF, wherein the combination of the NSP and the NSI can point to the next SF node or the terminal point. Therefore, the embodiment of the invention can solve the problem that the SF node can not identify the NSH message.
2. In the embodiment of the invention, for the traditional SF node which can not identify the NSH message, a proxy node can be established to replace the traditional SF node to process the message header of the NSH message, and the NSH label is mapped to a vlan label which can be identified by the traditional SF node, so that the traditional SF node can indirectly identify the NSH message.
3. The embodiment of the invention solves the problem that the traditional SF node can not identify the NSH message of the service chain, and simultaneously adapts to the cloud platform based on the OVS and the service chain established by the virtual machine between any tenants. Moreover, the mapping calculation of nsp _ nsi and vlan is a stateless connection, which can still work even if the proxy node restarts.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a" does not exclude the presence of other similar elements in a process, method, article, or apparatus that comprises the element.
Those of ordinary skill in the art will understand that: all or part of the steps for realizing the method embodiments can be completed by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps comprising the method embodiments when executed; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it is to be noted that: the above description is only a preferred embodiment of the present invention, and is only used to illustrate the technical solutions of the present invention, and not to limit the protection scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.

Claims (10)

1. An NSH message processing method is characterized in that the method is applied to a proxy node, the proxy node is only corresponding to a service function SF node, and the method comprises the following steps:
when receiving an NSH message sent by a Service Function Forwarder (SFF), acquiring an NSH path (NSP) and an NSH index (NSI) in a message header of the NSH message, wherein the NSP represents a first service chain, and the NSI represents the hop count of the SF node in the first service chain;
mapping a VLAN tag number by combining the NSP and the NSI and making a mapping record;
obtaining a vlan message, wherein a message header of the vlan message comprises the vlan tag number, and a message body of the vlan message is a message body of the NSH message;
sending the vlan message to the SFF so that the SFF forwards the vlan message to the SF node;
when the vlan message sent by the SFF is received, restoring the NSP and the NSI according to the mapping record and the vlan tag number;
obtaining a new NSI according to the NSI, so that when a next SF node of the SF nodes exists in the first service chain, the new NSI represents the hop count of the next SF node in the first service chain;
acquiring a new NSH message, wherein the message header of the new NSH message comprises the NSP and the new NSI, and the message body of the new NSH message is the message body of the vlan message;
and sending the new NSH message to the SFF, so that the SFF forwards the new NSH message to the next SF node when the next SF node exists in the first service chain.
2. The method of claim 1,
said mapping a vlan tag number and recording the mapping in combination with said NSP and said NSI, comprising: combining said NSP and said NSI to calculate a marker value; judging whether the mapping record stored locally comprises the mark value or not; if so, acquiring the vlan tag number mapped by the mark value from the mapping record; if not, taking the locally stored vlan tag number as the vlan tag number mapped by the mark value, recording the mark value and the vlan tag number mapped by the mark value in the mapping record, and controlling the locally stored vlan tag number to be added by 1;
said restoring said NSP and said NSI according to said mapping record and said vlan tag number, comprising: obtaining the mark value mapped by the vlan tag number from the mapping record; and calculating the NSP and the NSI according to the mark value.
3. The method of claim 2,
said combining said NSP and said NSI and calculating a marker value comprising: calculating a marker value according to a formula I by combining the NSP and the NSI;
said calculating said NSP and said NSI based on said marker value comprises: calculating the NSP according to a formula II and the mark value; calculating the NSI according to a formula III and the mark value;
the first formula comprises: NSP _ NSI ═ p < 8 | i;
the second formula includes: p ═ NSP _ NSI > 8;
the third formula includes: i — NSP _ NSI &0x000000 FF;
wherein p is the value of NSP, i is the value of NSI, and NSP _ NSI is the marker value.
4. The method according to any one of claims 1 to 3,
obtaining a new NSI according to the NSI, comprising: controlling the NSI by 1 to obtain a new NSI; the hop count of the first SF node in any service chain is 255.
5. A proxy node, wherein the proxy node has a service function SF node corresponding uniquely, comprising:
an NSH packet processing unit, configured to, when an NSH packet sent by a service function forwarder SFF is received, obtain an NSH path NSP and an NSH index NSI in a packet header of the NSH packet, where the NSP represents a first service chain, and the NSI represents a hop count of the SF node in the first service chain; mapping a VLAN tag number by combining the NSP and the NSI and making a mapping record;
a vlan message generating unit, configured to obtain a vlan message, where a message header of the vlan message includes the vlan tag number, and a message body of the vlan message is a message body of the NSH message; sending the vlan message to the SFF so that the SFF forwards the vlan message to the SF node;
a vlan message processing unit, configured to restore the NSP and the NSI according to the mapping record and the vlan tag number when receiving the vlan message sent by the SFF; obtaining a new NSI according to the NSI, so that when a next SF node of the SF nodes exists in the first service chain, the new NSI represents the hop count of the next SF node in the first service chain;
a new NSH packet generating unit, configured to obtain a new NSH packet, where a packet header of the new NSH packet includes the NSP and the new NSI, and a packet body of the new NSH packet is a packet body of the vlan packet; and sending the new NSH message to the SFF, so that the SFF forwards the new NSH message to the next SF node when the next SF node exists in the first service chain.
6. Proxy node according to claim 5,
the NSH message processing unit is used for calculating a marking value by combining the NSP and the NSI; judging whether the mapping record stored locally comprises the mark value or not; if so, acquiring the vlan tag number mapped by the mark value from the mapping record; if not, taking the locally stored vlan tag number as the vlan tag number mapped by the mark value, recording the mark value and the vlan tag number mapped by the mark value in the mapping record, and controlling the locally stored vlan tag number to be added by 1;
the vlan message processing unit is configured to obtain the tag value mapped by the vlan tag number from the mapping record; and calculating the NSP and the NSI according to the mark value.
7. Proxy node according to claim 6,
the NSH message processing unit is used for calculating a marking value according to a formula I by combining the NSP and the NSI;
the vlan message processing unit is configured to calculate the NSP according to a formula two and the flag value; calculating the NSI according to a formula III and the mark value;
the first formula comprises: NSP _ NSI ═ p < 8 | i;
the second formula includes: p ═ NSP _ NSI > 8;
the third formula includes: i — NSP _ NSI &0x000000 FF;
wherein p is the value of NSP, i is the value of NSI, and NSP _ NSI is the marker value.
8. Proxy node according to any of the claims 5 to 7,
the vlan message processing unit is configured to control the NSI to subtract 1 to obtain a new NSI; the hop count of the first SF node in any service chain is 255.
9. An SF computation unit, comprising:
-a service function forwarder, SFF, -at least one proxy node according to any of the claims 5 to 8, and-a service function, SF, node unique for each of said proxy nodes;
wherein, the SFF is configured to execute the following processes:
a1: receiving a forwarding flow table sent by an external cloud platform upper-layer controller, wherein the forwarding flow table comprises at least one service chain and the hop count of each SF node in the service chain;
a2: when an NSH message is received, acquiring an NSH path NSP and an NSH index NSI in a message header of the NSH message, wherein the NSP represents a second service chain;
a3: judging whether the second service chain comprises a first SF node or not according to the forwarding flow table, so that the NSI represents the hop count of the first SF node in the second service chain, if so, executing A4, otherwise, executing A8;
a4: judging whether the SF computing unit comprises the first SF node, if so, executing A5, otherwise, executing A9;
a5: sending the NSH message to a first proxy node corresponding to the first SF node;
a6: when receiving a vlan message sent by the first proxy node, sending the vlan message to the first SF node;
a7: when receiving the vlan message sent by the first SF node, sending the vlan message to the first proxy node, and executing a 2;
a8: sending the NSH message to an external terminal computing unit, and ending the current process;
a9: sending the NSH message to an SFF in an SF computing unit where the first SF node is located;
each SF node is used for processing a vlan message when receiving the vlan message; and sending the vlan message to the SFF.
10. An NSH message processing system, comprising:
the system comprises a cloud platform and a cloud platform upper controller;
wherein the cloud platform comprises a source computing unit, a terminal computing unit and at least one service function, SF, computing unit as claimed in claim 9;
the source end computing unit comprises a client and a first service function forwarder SFF;
the terminal computing unit comprises a server and a second SFF;
the client is used for sending the generated NSH message to the first SFF;
the first SFF is used for receiving a forwarding flow table sent by the cloud platform upper controller, and the forwarding flow table comprises at least one service chain; acquiring an NSH path NSP in a message header of the NSH message when the NSH message is received, wherein the NSP represents a third service chain; sending the NSH message to an SFF in an SF computing unit where a second SF node is located according to the forwarding flow table, wherein the second SF node is a first SF node in the third service chain;
and the second SFF is used for sending the received NSH message to the server.
CN201910216901.7A 2019-03-21 2019-03-21 NSH message processing method, device and system Active CN109756521B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910216901.7A CN109756521B (en) 2019-03-21 2019-03-21 NSH message processing method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910216901.7A CN109756521B (en) 2019-03-21 2019-03-21 NSH message processing method, device and system

Publications (2)

Publication Number Publication Date
CN109756521A CN109756521A (en) 2019-05-14
CN109756521B true CN109756521B (en) 2021-07-13

Family

ID=66409185

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910216901.7A Active CN109756521B (en) 2019-03-21 2019-03-21 NSH message processing method, device and system

Country Status (1)

Country Link
CN (1) CN109756521B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111988266B (en) * 2019-05-24 2022-05-17 华为技术有限公司 Method for processing message
CN112787931B (en) * 2019-11-06 2022-09-23 华为技术有限公司 Message transmission method, proxy node and storage medium
CN115134273A (en) * 2021-03-29 2022-09-30 北京华为数字技术有限公司 Message processing method and related equipment
CN114338498B (en) * 2021-12-28 2024-04-09 中国电信股份有限公司 SRv 6-based message processing method, SRv-based message processing system, electronic equipment and medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107809364A (en) * 2016-09-09 2018-03-16 新华三技术有限公司 Message forwarding method and device
CN108141743A (en) * 2015-09-25 2018-06-08 德国电信股份有限公司 The method of improved disposition, telecommunication network, user equipment, system, program and the computer program product exchanged at least one communication between telecommunication network and at least one user equipment
CN108306833A (en) * 2016-08-19 2018-07-20 中兴通讯股份有限公司 A kind of method for releasing resource and device
CN108574638A (en) * 2017-03-14 2018-09-25 华为技术有限公司 A kind of retransmission method and equipment of data message
CN109088821A (en) * 2017-06-14 2018-12-25 中兴通讯股份有限公司 Message transmitting method, business catenary system and computer readable storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10129186B2 (en) * 2016-12-07 2018-11-13 Nicira, Inc. Service function chain (SFC) data communications with SFC data in virtual local area network identifier (VLAN ID) data fields

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108141743A (en) * 2015-09-25 2018-06-08 德国电信股份有限公司 The method of improved disposition, telecommunication network, user equipment, system, program and the computer program product exchanged at least one communication between telecommunication network and at least one user equipment
CN108306833A (en) * 2016-08-19 2018-07-20 中兴通讯股份有限公司 A kind of method for releasing resource and device
CN107809364A (en) * 2016-09-09 2018-03-16 新华三技术有限公司 Message forwarding method and device
CN108574638A (en) * 2017-03-14 2018-09-25 华为技术有限公司 A kind of retransmission method and equipment of data message
CN109088821A (en) * 2017-06-14 2018-12-25 中兴通讯股份有限公司 Message transmitting method, business catenary system and computer readable storage medium

Also Published As

Publication number Publication date
CN109756521A (en) 2019-05-14

Similar Documents

Publication Publication Date Title
CN109756521B (en) NSH message processing method, device and system
US11831526B2 (en) Service chain fault detection method and apparatus
US11336580B2 (en) Methods, apparatuses and computer program products for transmitting data
CN105191215B (en) The method and apparatus that data plane for bi-directional service chain learns
US11032197B2 (en) Reroute detection in segment routing data plane
US9602415B2 (en) Flow based network service insertion
US9559954B2 (en) Indexed segment ID
US8817798B2 (en) Constraining topology size and recursively calculating routes in large networks
CN113904983A (en) Message processing method, network node and system
US10291512B2 (en) Interest message path steering and multi-path traceroute in information-centric networking
CN105227466B (en) Communication processing method and device
WO2021000848A1 (en) Packet forwarding method and packet processing method and apparatus
CN109729019A (en) The method for limiting speed and device of private line service in a kind of EVPN networking
CN114884873A (en) Method and device for determining forwarding path
CN106302837B (en) A kind of the mac address table management method and device of optical network unit
US20150381775A1 (en) Communication system, communication method, control apparatus, control apparatus control method, and program
CN103650453B (en) The method communicated in path computation element communication protocol and network equipment
US8855015B2 (en) Techniques for generic pruning in a trill network
CN111464440A (en) Communication method and device
CN111464441A (en) Communication method and device
WO2016183732A1 (en) Data packet forwarding method and network device
CN107241236A (en) Forwarding information storehouse list item detection method, detection device and the network equipment
EP3163812B1 (en) Method and apparatus for cross-layer path establishment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 250100 No. 1036 Tidal Road, Jinan High-tech Zone, Shandong Province, S01 Building, Tidal Science Park

Applicant after: Inspur cloud Information Technology Co.,Ltd.

Address before: 250100 No. 1036 Tidal Road, Jinan High-tech Zone, Shandong Province, S01 Building, Tidal Science Park

Applicant before: Tidal Cloud Information Technology Co.,Ltd.

Address after: 250100 No. 1036 Tidal Road, Jinan High-tech Zone, Shandong Province, S01 Building, Tidal Science Park

Applicant after: Tidal Cloud Information Technology Co.,Ltd.

Address before: 250100 S06 tower, 1036, Chao Lu Road, hi tech Zone, Ji'nan, Shandong.

Applicant before: SHANDONG INSPUR CLOUD INFORMATION TECHNOLOGY Co.,Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant