CN114900458A

CN114900458A - Message forwarding method, device, medium and product

Info

Publication number: CN114900458A
Application number: CN202210289344.3A
Authority: CN
Inventors: 彭小新; 薛蹦蹦; 康达祥; 李嘉; 于兴兴
Original assignee: Alibaba Cloud Computing Ltd
Current assignee: Alibaba Cloud Computing Ltd
Priority date: 2022-03-22
Filing date: 2022-03-22
Publication date: 2022-08-12
Anticipated expiration: 2042-03-22
Also published as: CN114900458B

Abstract

The embodiment of the disclosure discloses a message forwarding method, a device, a medium and a product, wherein the method comprises the following steps: receiving a data message from a first user terminal interface, decapsulating the data message, and obtaining a service requirement of the data message, wherein the service requirement is used for indicating network service and a service sequence which need to be provided for the data message; arranging a service path according to service requirements to obtain service chain information, wherein the service chain information comprises an external interface address of a service node to be experienced by a data message; encapsulating the service link information in a data message; and sending the data message encapsulated with the service link information to the first service node according to the external interface address of the first service node in the service link information. The technical scheme can save a large amount of resources, and an external interface is configured for each service node, so that the addresses of the external interfaces are managed in a unified manner, and service paths are more conveniently arranged for the messages.

Description

Message forwarding method, device, medium and product

Technical Field

The disclosed embodiments relate to the field of communications technologies, and in particular, to a method, an apparatus, a medium, and a product for forwarding a packet.

Background

In the related art, when data packets are transmitted in a network, the data packets need to pass through various service nodes (service nodes) to ensure that the network can provide safe, fast and stable network services for users according to design requirements. These service nodes are typically firewalls, load balancing, intrusion detection, etc. The network traffic is passed through the service nodes in a defined order as required by the service logic, which is the so-called service chain. The existing service chain implementation method is to set a global arrangement layer in a service node, which is responsible for distribution management of SID (Segment ID), routing issue, traffic communication across VPCs, and the like, and the control plane scheme is complex, and service nodes are connected in series by XNI (cross network interfaces) when crossing VPCs, and the arrangement is complex.

Disclosure of Invention

The embodiment of the disclosure provides a message forwarding method, device, medium and product.

In a first aspect, an embodiment of the present disclosure provides a packet forwarding method.

Specifically, the packet forwarding method is applied to a scheduling node, and includes:

receiving a data message from a first user interface, decapsulating the data message, and obtaining a service requirement of the data message, where the service requirement is used to indicate a network service and a service sequence that need to be provided for the data message;

Arranging a service path according to the service requirement to obtain service chain information, wherein the service chain information comprises an external interface address of a service node to be experienced by the data message;

encapsulating the service link information in the data message;

and sending the data message encapsulated with the service link information to the first service node according to the external interface address of the first service node in the service link information.

With reference to the first aspect, the present disclosure is implemented in a first implementation manner of the first aspect, wherein the method further includes:

decapsulating the data message to obtain tenant information of the data message;

and when the service link information is encapsulated, encapsulating the tenant information in the data message.

In a second aspect, embodiments of the present disclosure provide a message forwarding method,

specifically, the packet forwarding method is applied to a service node, and includes:

receiving a data message from an external interface, decapsulating the data message to obtain service chain information, wherein the service chain information comprises an external interface address of a service node to which the data message is to go;

judging whether the service node is a tail service node or not based on the service chain information;

And responding to the service node as a tail service node, and forwarding the data message to the user side from a second user side interface corresponding to the tail service node.

With reference to the second aspect, the present disclosure is implemented in a first implementation manner of the second aspect, wherein the method further includes:

responding to the fact that the service node is not a tail service node, and judging whether the service node has a mounted service node or not;

responding to the absence of a mounted service node in the service node, processing the data message based on the service provided by the service node, and then packaging the service chain information in the processed data message;

and sending the data message packaged with the service chain information to a next hop service node according to the external interface address of the next hop service node of the service node in the service chain information.

With reference to the second aspect and the first implementation manner, the present disclosure is in a second implementation manner of the second aspect, wherein the method further includes:

responding to the existence of a mounting service node in the service node, caching the service chain information in the service node, and forwarding the data message to the mounting service node;

Receiving the message processed by the mounting service node, and encapsulating the service chain information in the message processed by the mounting service node;

and sending the message encapsulated with the service chain information to a next hop service node according to the external interface address of the next hop service node of the service node in the service chain information.

With reference to the second aspect and the foregoing various implementations, the present disclosure provides in a third implementation of the second aspect, wherein the method further includes: and when the service link information is encapsulated, encapsulating the tenant information of the data message in the data message.

With reference to the second aspect and the foregoing various implementation manners, in a fourth implementation manner of the second aspect, the sending the packet encapsulated with the packet header to the next-hop service node according to the external interface address of the next-hop service node of the service node in the service chain information includes:

determining whether the next hop service node and the service node are located in the same physical node;

when the next hop service node and the service node are located in the same physical node, sending the message encapsulated with the message header to the next hop service node in the same physical node according to the external interface address of the next hop service node of the service node in the service chain information;

And when the next-hop service node and the service node are positioned at different physical nodes, sending the message encapsulated with the message header to the next-hop service node among the different physical nodes according to the external interface address of the next-hop service node of the service node in the service chain information.

In a third aspect, an embodiment of the present disclosure provides a packet forwarding method.

Specifically, the packet forwarding method includes:

the orchestration node performs the steps in the method of the first aspect;

the service node performs the steps of the method according to the second aspect.

In a fourth aspect, an embodiment of the present disclosure provides a packet forwarding apparatus.

Specifically, the packet forwarding apparatus includes:

the first decapsulation module is configured to receive a data packet from a first user interface, decapsulate the data packet, and obtain a service requirement of the data packet, where the service requirement is used to indicate a network service and a service sequence that need to be provided for the data packet;

the path arranging module is configured to arrange a service path according to the service requirement to obtain service chain information, wherein the service chain information comprises an external interface address of a service node to be experienced by the data message;

A first encapsulation module configured to encapsulate the service link information in the data message;

and the first sending module is configured to send the data packet encapsulated with the service link information to the first service node according to the external interface address of the first service node in the service link information.

With reference to the fourth aspect, the present disclosure is in a first implementation manner of the fourth aspect, wherein the apparatus further includes:

the first decapsulation module is further configured to decapsulate the data packet to obtain tenant information of the data packet;

a first encapsulation module further configured to encapsulate the tenant information in the data message when encapsulating the service link information.

With reference to the fourth aspect and the first implementation manner of the fourth aspect, in a second implementation manner of the fourth aspect, the data packet in which the service link information is encapsulated includes a segment routing internet protocol version 6 Srv6 packet, and the service link information and the tenant information are encapsulated in a segment routing packet header SRH of the Srv6 packet.

In a fifth aspect, a message forwarding apparatus is provided in the embodiments of the present disclosure,

specifically, the packet forwarding apparatus includes:

A second decapsulation module, configured to receive a data packet from an external interface, decapsulate the data packet, and obtain service chain information, where the service chain information includes an external interface address of a service node that the data packet is to experience;

the first judging module is configured to judge whether the service node is a tail service node or not based on the service chain information;

and the second sending module is configured to respond that the service node is a tail service node, and forward the data packet to the user side from a second user side interface corresponding to the tail service node.

With reference to the fifth aspect, in a first implementation manner of the fifth aspect, the apparatus further includes:

the second judging module is configured to respond to the fact that the service node is not a tail service node and judge whether the service node has a mounting service node or not;

the second encapsulation module is configured to respond to the absence of a mounted service node of the service node, process the data message based on the service provided by the service node, and encapsulate the service chain information in the processed data message;

and the third sending module is configured to send the data packet encapsulated with the service chain information to the next-hop service node according to the external interface address of the next-hop service node of the service node in the service chain information.

With reference to the fifth aspect and the first implementation, the present disclosure is in a second implementation of the fifth aspect, wherein the apparatus further includes:

a fourth sending module, configured to respond to a mount service node existing in the local service node, cache the service chain information in the local service node, and forward the data packet to the mount service node;

the receiving module is configured to receive the message processed by the mounting service node and encapsulate the service chain information in the message processed by the mounting service node;

and the fifth sending module is configured to send the packet encapsulated with the service chain information to the next-hop service node according to the external interface address of the next-hop service node of the service node in the service chain information.

With reference to the fifth aspect and the foregoing various implementation manners, in a third implementation manner of the fifth aspect, the second encapsulating module is further configured to encapsulate tenant information of the data packet in the data packet when encapsulating the service link information.

With reference to the fifth aspect and the foregoing various implementations, the present disclosure is in a fourth implementation of the fifth aspect, wherein the third sending module is further configured to:

In a sixth aspect, an embodiment of the present disclosure provides a message forwarding system.

Specifically, the packet forwarding system includes: arranging nodes and service nodes;

the orchestration node configured to perform the steps of the method of the first aspect;

the service node is configured to perform the steps of the method of the second aspect.

In a seventh aspect, an embodiment of the present disclosure provides an electronic device, including a memory and a processor, where the memory is used to store one or more computer instructions that support the above apparatus to perform the above method, and the processor is configured to execute the computer instructions stored in the memory.

In an eighth aspect, the disclosed embodiments provide a computer-readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the method steps of any of the above aspects.

In a ninth aspect, the present disclosure provides a computer program product comprising computer programs/instructions, wherein the computer programs/instructions, when executed by a processor, implement the method steps of any one of the above aspects.

The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects:

the technical scheme can configure a unique external interface exposed to the outside for each service node, use an independent arrangement node, when the arranging node receives the data message from the first user terminal interface, the service path can be arranged for the data message according to the service requirement in the data message to obtain the service chain information, the service chain information includes an external interface address of a service node to be experienced by the data packet, and encapsulates the service chain information in a data message and sends the data message to the first service node in the service path, so that the subsequent service node only needs to forward according to the service chain information, an arrangement layer is not required to be arranged on each service node to carry out control management of forwarding for each server node, the control surface is weakened, SID management is avoided, complicated logic of SID management, distribution, routing release and the like is avoided, and a large amount of resources are saved; each service node only exposes one external interface to the outside, and when the service path arrangement is carried out, the service node of which the next hop is only required to arrange the corresponding external interface, so that the arrangement of the service path is more convenient compared with the existing method that XNI serial connection is adopted between any two service nodes.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of embodiments of the disclosure.

Drawings

Other features, objects, and advantages of embodiments of the disclosure will become more apparent from the following detailed description of non-limiting embodiments when taken in conjunction with the accompanying drawings. In the drawings:

fig. 1 shows a flow chart of a packet forwarding method applied to an orchestration node according to an embodiment of the present disclosure;

fig. 2 shows a flowchart of a packet forwarding method applied to a service node according to an embodiment of the present disclosure;

fig. 3 is a schematic overall flow chart of a packet forwarding method according to an embodiment of the present disclosure;

fig. 4 is a schematic diagram illustrating a system architecture scenario for packet forwarding according to an embodiment of the present disclosure;

fig. 5 is a block diagram illustrating a structure of a packet forwarding apparatus applied to an orchestration node according to an embodiment of the present disclosure;

fig. 6 is a block diagram illustrating a structure of a packet forwarding apparatus applied to a service node according to an embodiment of the present disclosure;

fig. 7 shows a block diagram of a packet forwarding system according to an embodiment of the present disclosure;

FIG. 8 shows a block diagram of an electronic device according to an embodiment of the present disclosure;

FIG. 9 is a block diagram of a computer system suitable for use in implementing the methods according to embodiments of the present disclosure.

Detailed Description

Hereinafter, exemplary embodiments of the disclosed embodiments will be described in detail with reference to the accompanying drawings so that they can be easily implemented by those skilled in the art. Also, for the sake of clarity, parts not relevant to the description of the exemplary embodiments are omitted in the drawings.

In the disclosed embodiments, it is to be understood that terms such as "including" or "having," etc., are intended to indicate the presence of the disclosed features, numbers, steps, behaviors, components, parts, or combinations thereof, and are not intended to preclude the possibility that one or more other features, numbers, steps, behaviors, components, parts, or combinations thereof may be present or added.

It should be further noted that the embodiments and features of the embodiments in the present disclosure may be combined with each other without conflict. The embodiments of the present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.

As mentioned above, in the related art, when the data packet is transmitted in the network, it needs to pass through various service nodes (service nodes) to ensure that the network can provide the user with a safe, fast and stable network service according to the design requirement. These service nodes are typically firewalls, load balancing, intrusion detection, etc. The network traffic is passed through the service nodes in a defined order as required by the service logic, which is the so-called service chain. The existing service chain implementation mode is to set a global arrangement layer, which is responsible for SID allocation management, route distribution, traffic communication across VPCs, and the like, where a control plane scheme is complex, service nodes are connected in series by XNI (cross network interface, internet interface) when spanning VPCs, and the arrangement is complex, for example, assuming that service node A, B, C, D is present, when XNI is used for series connection, XNI1 needs to be set between service nodes a and B, XNI2 between service nodes a and C, XNI3 between service nodes a and D, XNI4 between service nodes B and C, XNI5 between service nodes B and D, XNI6 between service nodes C and D, and 6 XNI needs to be set to connect each service node in series.

In view of the above problems, the present disclosure provides a packet forwarding method, which can configure a unique external interface exposed to the outside for each service node, use an independent orchestration node, when receiving a data packet from a first user interface, the orchestration node can orchestrate a service path for the data packet according to a service requirement in the data packet to obtain service chain information, where the service chain information includes an external interface address of a service node that the data packet needs to go through, and encapsulate the service chain information in the data packet to be sent to a first service node in the service path, so that subsequent service nodes only need to forward according to the service chain information, and do not need to set an orchestration layer to perform control management for forwarding for each server node, where a control plane is weakened and there is no SID management, thereby avoiding complex logics such as SID management, allocation, routing issue, and the like, a large amount of resources are saved; each service node only exposes one external interface to the outside, for example, only the external interfaces A, B, C and D need to be configured for the service node A, B, C, D, when the service path is arranged, only the corresponding external interface needs to be arranged for which service node is the next hop, which is more convenient for arranging the service path compared with the existing serial connection of XNI between two service nodes.

Fig. 1 shows a flowchart of a packet forwarding method applied to an orchestration node according to an embodiment of the present disclosure, and as shown in fig. 1, the packet forwarding method includes the following steps S101-S104:

in step S101, receiving a data packet from a first user interface, decapsulating the data packet, and obtaining a service requirement of the data packet, where the service requirement is used to indicate a network service and a service sequence that need to be provided for the data packet;

in step S102, arranging a service path according to the service requirement to obtain service chain information, where the service chain information includes an external interface address of a service node to be experienced by the data packet;

in step S103, encapsulating the service link information in the data packet;

in step S104, the data packet encapsulated with the service link information is sent to the first service node according to the external interface address of the first service node in the service link information.

In an embodiment of the present disclosure, the message forwarding method may be applicable to a Cloud Network, such as an NFV (Network Functions Virtualization) Network, and may be executed by an orchestration node in the Cloud Network, where the orchestration node belongs to an independent VPC (Virtual Private Cloud) in the Cloud Network. It should be noted that the node in the present disclosure may be a VPC.

In an embodiment of the present disclosure, the first user interface is a User Network Interface (UNI), which refers to a cross-VPC binding interface between a user-side VPC and a network-side VPC, and is configured to carry user traffic, the user-side VPC refers to a user-side node, the network-side VPC refers to a network-side node, the network-side VPC may be an orchestration node herein, and the user-side node may send a data packet to the orchestration node through the first user interface.

In an embodiment of the present disclosure, when the orchestration node receives a data packet from a first user interface, the orchestration node may decapsulate the data packet to obtain a service requirement in the data packet, where the service requirement is used to indicate a network service and a service sequence that need to be provided for the data packet, and the orchestration node may orchestrate a service path for the data packet based on the service requirement, where the service path refers to a service node and a sequence that the data packet needs to pass through, and assuming that the service requirement of the data packet needs to sequentially perform the network service, which may be a load balancing service and a firewall service, the orchestration node may orchestrate the service path for the data packet to sequentially pass through a load balancing service node and a firewall service node.

In an embodiment of the present disclosure, a unique external Interface exposed to the outside may be configured for each service node in the Network, for example, the external Interface may be an SYS (system) binding ENI (Elastic Network Interface) Interface, where the ENI refers to an Elastic Network Interface binding cloud service nodes in the cloud Network. The address of each service node may be deployed on an external interface corresponding to the service node as an external interface address, for example, an IPv6(Internet Protocol Version 6, Version 6 of the Internet Protocol) address of each service node may be deployed on the sysbonding ENI interface as an external interface address.

In an embodiment of the present disclosure, after the orchestration node orchestrates a service path for the data packet, the orchestration node may form service chain information based on an external interface address of a service node on the service path, where the service chain information is used to indicate a next hop address for the service node.

In an embodiment of the present disclosure, after obtaining the service chain information, the orchestration node may be configured to encapsulate the service chain information in the data packet and then send the data packet to a first service node in the service path.

In an embodiment of the present disclosure, the data packet generally includes a packet header and data to be transmitted, where decapsulating and encapsulating are decapsulating and encapsulating the packet header in the present disclosure, for example, the data packet received by the orchestration node from the first user interface is a Virtual Local Area Network (VLAN) -UNI packet header, and at this time, the orchestration node may decapsulate the VLAN-UNI packet header to obtain the service requirement. When the service link information is encapsulated, the packet needs to be encapsulated into an Srv6 packet, the service chain information may be encapsulated in an Srv6(Segment Routing IPv6) Header of an Srv6 packet, the Srv6 Header includes an IPv6 Header and an SRH (Segment Routing Header, SR Header), and the service chain information may be encapsulated in an SRH.

In an embodiment of the present disclosure, after encapsulating service chain information, an orchestration node may send the data packet encapsulated with the service chain information to a first service node in a service path, so that a subsequent service node only needs to perform next hop transmission according to the service chain information, and does not need to set an orchestration layer to perform control management of forwarding for each server node, where a control plane is weakened and there is no SID management, thereby avoiding complex logics such as SID management, distribution, routing issue, and saving a lot of resources; each service node only exposes one external interface to the outside, and only the external interfaces A, B, C and D need to be configured for the service node A, B, C, D, when the service path is arranged, the service node to which the next hop belongs only needs to arrange the corresponding external interface, and the service node is connected with the two existing service nodes in series by XNI, so that the arrangement of the service path is more convenient. In addition, in this embodiment, an independent external interface is configured for each service node, the service chain arrangement capability under a multi-cloud scenario is supported, and service chain information is carried in the forwarding process, so that forwarding of service chain information with a state is supported.

In a possible implementation manner, the message forwarding method may further include the following steps:

In this embodiment, the data packet also carries tenant information, and the scheduling node receives the data packet from the first user interface and obtains the tenant information of the data packet when decapsulating the data packet, and the scheduling node may encapsulate the tenant information in the data packet when encapsulating the service link information, thereby implementing a multi-tenant requirement and supporting multi-tenancy.

The data message encapsulated with the service link information includes a Srv6 message, and the service link information and the tenant information are encapsulated in a segment routing packet header SRH of the Srv6 message, for example, the tenant information may be encapsulated in the last 64bit metadata (metadata) of an SRH in a Srv6 packet header, and the last 64bit metadata information of the SRH is the tenant information.

Fig. 2 shows a flowchart of a packet forwarding method applied to a service node according to an embodiment of the present disclosure, and as shown in fig. 2, the packet forwarding method includes the following steps S201 to S203:

In step S201, receiving a data packet from an external interface, decapsulating the data packet, and obtaining the service chain information, where the service chain information includes an external interface address of a service node to which the data packet is to go;

in step S202, it is determined whether the service node is a tail service node based on the service chain information;

in step S203, in response to that the service node is a tail service node, the data packet is forwarded to the user side from the second user side interface corresponding to the tail service node.

In an embodiment of the present disclosure, the message forwarding method may be applied to a cloud Network, such as an NFV (Network function Virtualization) Network, and may be executed by a service node in the cloud Network, where the service node belongs to a VPC that can provide various services for a data message of a user in the cloud Network, and for example, in the NFV Network, the service node may be an ALB (Application Load Balancer) VPC, an NLB (Network Load Balancer) VPC, a GWLB (GateWay Load Balancer) VPC, a NAT (Network Address Translation) VPC, a FW (Firewall ) VPC, and other service nodes.

In an embodiment of the present disclosure, the orchestration node may send the data packet encapsulated with the service link information to a first service node based on an external interface address of the first service node in the service link information, and after the first service node services the data packet, the data packet encapsulated with the service link information may continue to be sent to a next service node of the first service node according to an external interface address of the next service node of the first service node in the service link information, so that the data packet may be sequentially transmitted to each service node according to an order in the service link information, and a corresponding network service is used.

In an embodiment of the present disclosure, the service node may receive a data packet from an external interface that is only exposed to the outside from the service node, decapsulate a packet header of the data packet, such as an Srv6 packet header, to obtain service chain information, where the service chain information includes an external interface address of a service node to be experienced by the data packet; the service node may determine whether the service node is a tail service node based on the service chain information, where the tail service node refers to a last service node in a service path. If not, the tail service node can provide corresponding service for the data packet, and then continuously encapsulates the service chain information in the data packet and forwards the data packet to the next service node of the service node. If the service node is a tail service node, the service node may search for a second user interface between an external interface of the service node and the second user, and then forward the data packet to the user through the second user interface, where the second user interface is a UNI interface, the first user interface is a source user interface, the second user interface is a destination user interface, and the second user interface and the first user interface may be the same user interface or different user interfaces, which is not limited herein.

For example, in the service chain information setting Srv6 message, the header of the Srv6 message is provided with two key pieces of information, first, a Segment List (Segment List) in the form of an external interface address, such as an IPv6 address, is ordered to form a service path of the service chain, and the other key field is Segment Left (SL) which is a pointer indicating the currently active Segment List. The minimum value of Segment Left is 0, the maximum value is the number of Segment List minus 1, and assuming that the service chain information includes IPv6 address 1, IPv6 address 2, and IPv6 address 3 arranged in sequence, the number of Segment List is 3, the maximum value of SL is 2, the minimum value is 0, and the Segment List includes Segment List [2 ]: IPv6 address 1; segment List [1 ]: IPv6 address 2; segment List [0 ]: IPv6 address 3; when the service node receives the data message and obtains SL ═ 2, the service node indicates that the external interface address of the service node is Segment List [2 ]: IPv6 address 1, after processing the data packet based on the service provided by the service node, may subtract 1 from the SL, and shift the pointer to the next hop address Segment List [1 ]: IPv6 address 2, and then forward the data packet to the next node, i.e. the service node corresponding to IPv6 address 2. Therefore, after the service node decapsulates the Srv6 packet header, it may determine whether the packet is a tail service node based on the SL in the Srv6 packet header, if the SL is not 0, it indicates that the service node is not a tail service node, and if the SL is 0, it indicates that the service node is a tail service node.

In a possible embodiment of the present disclosure, the message forwarding method further includes:

responding to the fact that no mounting service node exists in the service node, processing the data message based on the service provided by the service node, and then packaging the service chain information in the processed data message;

In this embodiment, if the service node is not a tail service node, it needs to determine whether the service node has a mount service node, where the mount service node refers to another service node accessed to the service node, and may add other services to the service node.

In this embodiment, if there is no mounted service node in the service node, the service node may process the data packet based on the service provided by the service node, and encapsulate a corresponding SRv6 packet header for the processed packet, where the SRv6 packet header carries service chain information; and then, the packet encapsulated with the packet header can be sent to the next-hop service node according to the external interface address of the next-hop service node of the service node in the service chain information.

In a possible embodiment of the present disclosure, the method for forwarding a packet further includes:

In this embodiment, if there is a mounted service node in the service node, the service node needs to cache the service chain information in the service node, process the data packet based on the service provided by the service node, and forward the data packet to the mounted service node for processing, and after processing, the mounted service node returns the packet processed by the mounted service node.

For example, the service node and the mount service node perform packet forwarding through a Network side Interface, such as an NNI (Network to Network Interface, Network node Interface), where the NNI Interface is a cross-VPC binding ENI Interface between Network side VPCs, and the service node is connected to the mount service node through the NNI, such as a GWLB service node may be connected to a firewall service node through the NNI. When the service node forwards the data packet to the mount service node, it may encapsulate a VLAN-UNI + IPv4+ UDP (User Datagram Protocol) + GENEVE (Network Virtualization foundation Protocol) header for the data packet, and then, the service node may send the data packet to the mount service node through an NNI interface between the service node and the mount service node, and the mount service node processes the data packet based on the service provided by the mount service node and returns the data packet to the service node, and then encapsulates the cached service chain information in an IPv 6(Segment Routing 6, Segment Routing IPv6) header, and sends the processed data packet to a next-hop service node of the service node.

The message forwarding method provided by the embodiment can realize transparent access of a third-party network element or other mounted service nodes, for example, a FW service node (a firewall of a third party or a firewall of the own party) can be mounted below an NAT service node, so that the firewall capability is increased, a data message sent by a user side can directly use the added firewall through the NAT service node, each service can be added in a user-insensitive state, seamless switching capabilities such as product combination, upgrading, configuration reduction, change and the like are realized, and the ecology of the third-party service network element can be perfected. When multi-service arrangement is carried out, services can be provided by connecting a service chain formed by a plurality of service nodes in series by using SR technology arrangement. The route drainage configuration is simplified, and only the arrangement nodes are required to arrange different services according to the external interfaces of the service nodes, so that the complex route configuration is avoided. The service node in the disclosure does not need to have a routing decision capability, can be a common service node or a traffic analysis service node, and only needs to forward according to a path arranged by the arranging node.

In a possible embodiment of the present disclosure, the packet forwarding method further includes the following steps:

and when the service link information is encapsulated, encapsulating the tenant information of the data message in the data message.

In this embodiment, the data packet also carries tenant information, and the service node receives the data packet from the external interface and obtains the tenant information of the data packet from the packet header when decapsulating the data packet.

The data message encapsulated with the service link information includes a Srv6 message, and the service link information and the tenant information are encapsulated in a segment routing message header SRH of the Srv6 message, for example, the tenant information may be encapsulated in the last 64bit metadata (metadata) of the SRH in the Srv6 message header, and the last 64bit metadata information in the Srv6 message header is the tenant information.

In a possible embodiment of the present disclosure, the sending, according to an external interface address of a next hop service node of the service node in the service chain information, the packet encapsulated with the packet header to the next hop service node includes:

In this embodiment, a physical node is a physical machine that operates independently and has its own computing, storage and network capabilities, a service node is a virtual node that operates on the physical node, and each physical node can operate one or more service nodes, and if a next-hop service node and the service node are located in the same physical node, a packet encapsulated with the packet header can be sent to the next-hop service node in the same physical node according to an external interface address of the next-hop service node of the service node in the service chain information; the data does not need to be sent out from the physical node and then returned to the physical node, so that the forwarding time is saved, and the forwarding efficiency is improved. And when the next-hop service node and the service node are located in different physical nodes, sending a message encapsulated with the message header to the next-hop service node from the physical node according to the external interface address of the next-hop service node of the service node in the service chain information after the next-hop service node reaches the physical node where the next-hop service node is located.

Fig. 3 is a schematic overall flow chart of a packet forwarding method according to an embodiment of the present disclosure. The method is applied to a system configured with an orchestration node and a service node, and as shown in fig. 3, the method may include the following steps:

in step S301, the orchestration node receives a data packet from a first user interface, decapsulates the data packet, obtains a service requirement of the data packet, orchestrates a service path according to the service requirement, obtains service chain information, and encapsulates the service link information in the data packet; and sending the data message encapsulated with the service link information to the first service node according to the external interface address of the first service node in the service link information.

In step S302, the service node receives a data packet sent by the orchestration node or another service node from an external interface, decapsulates the data packet, and obtains service chain information, where the service chain information includes an external interface address of a service node to which the data packet is to go through; judging whether the service node is a tail service node or not based on the service chain information; responding to that the service node is a tail service node, forwarding the data message to a user side from a second user side interface corresponding to the tail service node, responding to that the service node is not the tail service node, processing the data message based on the service provided by the service node, and then packaging the service chain information in the processed data message; and sending the data message packaged with the service chain information to a next hop service node according to the external interface address of the next hop service node of the service node in the service chain information.

In an embodiment of the present disclosure, the service requirement is used to indicate a network service and a service sequence that need to be provided for the data packet; the service chain information includes an external interface address of a service node to be experienced by the data packet.

In a possible implementation manner of the present disclosure, the message forwarding method further includes the following steps:

In one possible embodiment of the present disclosure, the method further includes:

In this embodiment, the message forwarding method corresponds to the above message forwarding method, and specific details may refer to the description of the above message forwarding method, which is not described herein again.

For example, fig. 4 is a schematic diagram illustrating a system architecture scenario of packet forwarding according to an embodiment of the present disclosure, as shown in fig. 4, the forwarding system includes a source user node, an orchestration node, a service node 1, a service node 2, a mount service node 3 mounted on the service node 2, a service node 4, and a destination user node, where the nodes are VPCs in an NFV network. Data forwarding is carried out between a user node and each node on a network side, such as an arranging node or a service node, through an interface 1, namely a UNI interface, each service node is provided with a unique external interface, namely a SYS binding ENI interface, message forwarding is carried out between the two service nodes through respective SYS binding ENI interfaces, and message forwarding is carried out between the service node and the service node connected with the service node through an interface 2 across VPC, namely an NNI interface.

As shown in fig. 4, the source user node sends a VLAN UNI datagram to the orchestration node over the UNI interface, the editing node de-encapsulates the VLAN-UNI header to obtain the service requirement and tenant information, the service requirement is used for indicating that the network service required to be provided for the data packet sequentially provides the service for the service node 1 and the service for the service node 2, the orchestration node may orchestrate a service path for the data packet based on the service requirement to be the service node 1 → the service node 2 → the service node 4 to obtain the SYS hosting ENI interface address IPv6 address 1 of the service node 1, the SYS hosting ENI interface address IPv6 address 2 of the service node 2, and the SYS hosting ENI interface address IPv6 address 3 of the service node 4, the orchestration node may encapsulate the service chain information in an SRH in a Srv6 packet header, where the encapsulated information is: segment List [2] when SL ═ 2: IPv6 address 1, Segment List [1 ]: IPv6 address 2, Segment List [0 ]: IPv6 address 3, i.e. pointer SL ═ 2 indicates that the SYS bonding ENI interface address of the next hop is Segment List [2 ]: IPv6 address 1. The orchestration node may send the Srv6 packet encapsulated with the Srv6 header to the service node 1 corresponding to the IPv6 address 1, and after receiving the Srv6 packet, the service node 1 decapsulates the Srv6 header to obtain SL of 2, which indicates that the service node 1 is not a tail service node, at this time, the service node 1 determines whether there is a mounted service node in the service node, and since there is no mounted service node in the service node, after the service node 1 processes the data packet based on the service provided by the service node, reduces SL by 1, encapsulates the SL and the segmentlist as service chain information in the Srv6 header, and sends the pointer SL 1 to indicate that the SYS binding ENI interface address of the next hop is segmentlist [1 ]: a service node 2 corresponding to the IPv6 address 2, the service node 2 decapsulates the Srv6 header after receiving the Srv6 packet, and obtains SL as 1, which indicates that the service node is not a tail service node, at this time, the service node 2 determines whether there is a mounted service node in the service node, because the mounted service node 3 is mounted on the service node, the service node 2 needs to cache the information of the service link information, i.e. the SRH header, in the service node, after processing the data packet based on the service provided by the service node, the data packet is encapsulated with a VLAN-UNI + IPv4+ UDP + GENEVE header and then forwarded to the mounted service node 3 through an NNI interface for processing, after processing by the mounted service node 3, the packet processed by the mounted service node 3 is returned through the NNI interface, and the service node 2 can encapsulate the cached service link information in the packet processed by the mounted service node 3, then, after subtracting 1 from SL, encapsulating the SL and Segment List as service chain information in a Srv6 header, and sending a pointer SL ═ 0 to indicate that the SYS binding ENI interface address of the next hop is Segment List [0 ]: after receiving the Srv6 packet, the service node 4 decapsulates the Srv6 packet header to obtain SL 4, which indicates that the service node 4 is a tail service node, and at this time, a UNI interface between the service node 4 and a destination user node may be searched, and then the data packet is forwarded to the destination user node through the UNI interface.

The following are embodiments of the disclosed apparatus that may be used to perform embodiments of the disclosed methods.

Fig. 5 shows a block diagram of a message forwarding apparatus applied to an orchestration node according to an embodiment of the present disclosure, and the apparatus may be implemented as part of or all of an electronic device through software, hardware, or a combination of the two. As shown in fig. 5, the packet forwarding apparatus includes:

a first decapsulation module 501, configured to receive a data packet from a first user interface, decapsulate the data packet, and obtain a service requirement of the data packet, where the service requirement is used to indicate a network service and a service sequence that need to be provided for the data packet;

a path arranging module 502 configured to arrange a service path according to the service requirement to obtain service chain information, where the service chain information includes an external interface address of a service node to be experienced by the data packet;

a first encapsulating module 503 configured to encapsulate the service link information in the data message;

a first sending module 504, configured to send the data packet encapsulated with the service link information to a first service node according to an external interface address of the first service node in the service link information.

In a possible implementation manner, the first decapsulating module 501 is further configured to decapsulate the data packet to obtain tenant information of the data packet;

a first encapsulating module 503, further configured to encapsulate the tenant information in the data message when encapsulating the service link information.

In a possible implementation manner, the data packet encapsulated with the service link information includes a segment routing internet protocol version 6 Srv6 packet, and the service link information and the tenant information are encapsulated in a segment routing header SRH of the Srv6 packet.

Fig. 6 shows a block diagram of a message forwarding apparatus applied to a service node according to an embodiment of the present disclosure, and the apparatus may be implemented as part of or all of an electronic device through software, hardware, or a combination of the two. As shown in fig. 6, the packet forwarding apparatus includes:

a second decapsulation module 601, configured to receive a data packet from an external interface, decapsulate the data packet, and obtain service chain information, where the service chain information includes an external interface address of a service node to which the data packet is to go;

a first determining module 602, configured to determine whether the service node is a tail service node based on the service chain information;

The second sending module 603 is configured to, in response to that the service node is a tail service node, forward the data packet to the user terminal from a second user terminal interface corresponding to the tail service node.

In one possible embodiment, the apparatus further comprises:

the fourth sending module is configured to respond to the presence of a mounted service node in the service node, cache the service chain information in the service node, and forward the data packet to the mounted service node;

In a possible implementation, the second encapsulating module is further configured to encapsulate tenant information of the data packet in the data packet when encapsulating the service link information.

In one possible implementation, the third sending module is further configured to:

In this embodiment, the message forwarding apparatus corresponds to and is consistent with the message forwarding method, and specific details may refer to the description of the message forwarding method, which is not described herein again.

Fig. 7 shows a block diagram of a message forwarding system according to an embodiment of the present disclosure, which may be implemented as part or all of an electronic device by software, hardware, or a combination of the two. As shown in fig. 7, the packet forwarding system 700 includes: orchestration node 701 and service node 702;

orchestration node 701 configured to: receiving a data message from a first user interface, decapsulating the data message, and obtaining a service requirement of the data message, where the service requirement is used to indicate a network service and a service sequence that need to be provided for the data message; arranging a service path according to the service requirement to obtain service chain information, wherein the service chain information comprises an external interface address of a service node to be experienced by the data message; encapsulating the service link information in the data message; and sending the data message encapsulated with the service link information to the first service node according to the external interface address of the first service node in the service link information.

A service node 702 configured to: receiving a data message sent by an arrangement node or other service nodes from an external interface, and decapsulating the data message to obtain service chain information, wherein the service chain information comprises an external interface address of a service node to be experienced by the data message; judging whether the service node is a tail service node or not based on the service chain information; and responding to the service node as a tail service node, and forwarding the data message to the user side from a second user side interface corresponding to the tail service node.

In one possible implementation, the service node 702 may be further configured to: responding to the fact that the service node is not a tail service node, and judging whether the service node has a mounted service node or not; responding to the absence of a mounted service node in the service node, processing the data message based on the service provided by the service node, and then packaging the service chain information in the processed data message; and sending the data message packaged with the service chain information to a next hop service node according to the external interface address of the next hop service node of the service node in the service chain information.

In one possible implementation, the service node 702 may be further configured to: responding to the existence of a mounting service node in the service node, caching the service chain information in the service node, and forwarding the data message to the mounting service node; receiving the message processed by the mounting service node, and encapsulating the service chain information in the message processed by the mounting service node; and sending the message encapsulated with the service chain information to a next hop service node according to the external interface address of the next hop service node of the service node in the service chain information.

In one possible implementation, the service node 702 may be further configured to: and when the service link information is encapsulated, encapsulating the tenant information of the data message in the data message.

In a possible implementation manner, the part of the service node 702 that sends the packet encapsulated with the packet header to the next-hop service node according to the external interface address of the next-hop service node of the service node in the service chain information is configured to:

The present disclosure also discloses an electronic device, fig. 8 shows a block diagram of the electronic device according to an embodiment of the present disclosure, as shown in fig. 8, the electronic device 800 includes a memory 801 and a processor 802; wherein the content of the first and second substances,

the memory 801 is used to store one or more computer instructions that are executed by the processor 802 to implement the above-described method steps.

As shown in fig. 9, the computer system 900 includes a processing unit 901 which can execute various processes in the above-described embodiments according to a program stored in a Read Only Memory (ROM)902 or a program loaded from a storage section 908 into a Random Access Memory (RAM) 903. In the RAM903, various programs and data necessary for the operation of the system 900 are also stored. The processing unit 901, the ROM902, and the RAM903 are connected to each other via a bus 904. An input/output (I/O) interface 905 is also connected to bus 904.

The following components are connected to the I/O interface 905: an input portion 906 including a keyboard, a mouse, and the like; an output section 907 including components such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage portion 908 including a hard disk and the like; and a communication section 909 including a network interface card such as a LAN card, a modem, or the like. The communication section 909 performs communication processing via a network such as the internet. The drive 910 is also connected to the I/O interface 905 as necessary. A removable medium 911 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 910 as necessary, so that a computer program read out therefrom is mounted into the storage section 908 as necessary. The processing unit 901 may be implemented as a CPU, a GPU, a TPU, an FPGA, an NPU, or other processing units.

In particular, the above described methods may be implemented as computer software programs, according to embodiments of the present disclosure. For example, embodiments of the present disclosure include a computer program product comprising a computer program tangibly embodied on a medium readable thereby, the computer program comprising program code for performing the method described above. In such an embodiment, the computer program may be downloaded and installed from a network via the communication section 909, and/or installed from the removable medium 911.

The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowcharts or block diagrams may represent a module, a program segment, or a portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The units or modules described in the embodiments of the present disclosure may be implemented by software or hardware. The units or modules described may also be provided in a processor, and the names of the units or modules do not in some cases constitute a limitation of the units or modules themselves.

As another aspect, the disclosed embodiment also provides a computer-readable storage medium, which may be the computer-readable storage medium included in the apparatus in the foregoing embodiment; or it may be a separate computer readable storage medium not incorporated into the device. The computer readable storage medium stores one or more programs for use by one or more processors in performing the methods described in the embodiments of the present disclosure.

The foregoing description is only exemplary of the preferred embodiments of the disclosure and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention in the embodiments of the present disclosure is not limited to the specific combination of the above-mentioned features, but also encompasses other embodiments in which any combination of the above-mentioned features or their equivalents is made without departing from the inventive concept. For example, the above features and (but not limited to) the features with similar functions disclosed in the embodiments of the present disclosure are mutually replaced to form the technical solution.

Claims

1. A message forwarding method is applied to an arranging node and comprises the following steps:

encapsulating the service link information in the data message;

2. The method of claim 1, wherein the method further comprises:

3. A message forwarding method is applied to a service node and comprises the following steps:

receiving a data message from an external interface, and decapsulating the data message to obtain service chain information, wherein the service chain information includes an external interface address of a service node to be experienced by the data message;

4. The method of claim 3, wherein the method further comprises:

5. The method of claim 4, wherein the method further comprises:

6. The method of any of claims 3 to 5, wherein the method further comprises:

7. The method according to claim 4 or 5, wherein the sending the packet encapsulated with the packet header to the next-hop service node according to the external interface address of the next-hop service node of the service node in the service chain information includes:

8. A message forwarding method, wherein, the system applying the system including the arranging node and the service node, comprises:

the method comprises the steps that a layout node receives a data message from a first user interface, decapsulates the data message, and obtains a service requirement of the data message, wherein the service requirement is used for indicating network service and a service sequence which need to be provided for the data message; arranging a service path according to the service requirement to obtain service chain information, wherein the service chain information comprises an external interface address of a service node to be experienced by the data message; encapsulating the service link information in the data message; sending the data message encapsulated with the service link information to a first service node according to an external interface address of the first service node in the service link information;

the service node receives the data message sent by the arrangement node or other service nodes from an external interface, decapsulates the data message, and obtains service chain information, wherein the service chain information comprises an external interface address of a service node to which the data message needs to go; judging whether the service node is a tail service node or not based on the service chain information; responding to that the service node is a tail service node, forwarding the data message to a user side from a second user side interface corresponding to the tail service node, responding to that the service node is not the tail service node, processing the data message based on the service provided by the service node, and then packaging the service chain information in the processed data message; and sending the data message packaged with the service chain information to a next hop service node according to the external interface address of the next hop service node of the service node in the service chain information.

9. The method of claim 8, wherein the method further comprises:

when the service link information is encapsulated, the tenant information is encapsulated in the data message by the arranging node or the service node;

the data message encapsulated with the service link information includes a segment routing internet protocol version 6 Srv6 message, and the service link information and the tenant information are encapsulated in a segment routing header SRH of the Srv6 message.

10. An electronic device comprising a memory and at least one processor; wherein the memory is to store one or more computer instructions, wherein the one or more computer instructions are to be executed by the at least one processor to implement the method steps of any one of claims 1-9.

11. A computer readable storage medium having stored thereon computer instructions which, when executed by a processor, carry out the method steps of any of claims 1-9.

12. A computer program product comprising computer programs/instructions, wherein the computer programs/instructions, when executed by a processor, implement the method steps of any of claims 1-9.