WO2018107475A1

WO2018107475A1 - Method and device for processing data packet

Info

Publication number: WO2018107475A1
Application number: PCT/CN2016/110425
Authority: WO
Inventors: 刘玉洁; 柳嘉强; 李勇; 王钺; 袁坚; 倪慧
Original assignee: 华为技术有限公司
Priority date: 2016-12-16
Filing date: 2016-12-16
Publication date: 2018-06-21

Abstract

Provided are a method and device for processing a data packet. The method is applied to a software defined network (SDN), the SDN comprising a controller, at least one switch and a plurality of network functions (NF). The method is executed by the controller, the method comprising: determining that a data flow needs to be migrated from a first NF in a plurality of NFs to a second NF in the plurality of NFs; sending a first instruction to the first NF; sending a second instruction to the second NF; sending a first forwarding rule to a first switch in at least one switch, the first forwarding rule being used for instructing the first switch to add a label to a data packet of the data flow, and to send the data packet carrying the label to the first NF and the second NF or a switch connected to the first NF and a switch connected to the second NF; and finally, migrating the state of the data flow of the first NF to the second NF. The method and device for processing a data packet in the present application can save on the overheads of a controller and shorten the time for state migration.

Description

处理数据包的方法和装置Method and apparatus for processing data packets

技术领域Technical field

本申请涉及信息技术领域，并且更具体地，涉及处理数据包的方法和装置。The present application relates to the field of information technology and, more particularly, to a method and apparatus for processing data packets.

背景技术Background technique

软件定义网络(Software-Defined Networking，SDN)是一种在学术和产业界都得到广泛关注的新型网络架构，目前已经在广域网(Wide Area Network，WAN)、骨干网等场景中部署应用。SDN通过控制平面与转发平面的分离，能够实现对网络控制的集中化和对流量的灵活调度。网络功能虚拟化(Network Function Virtualization，NFV)通过虚拟化技术能够在通用的x86服务器上实现特定的网络功能(Network Function，NF)，从而替代传统的专用网络功能设备，如防火墙、深度包检测(Deep Packet Inspection，DPI)等。Software-Defined Networking (SDN) is a new type of network architecture that has received extensive attention in both academic and industrial circles. It has been deployed in scenarios such as Wide Area Network (WAN) and backbone networks. By separating the control plane from the forwarding plane, the SDN can achieve centralized control of the network and flexible scheduling of traffic. Network Function Virtualization (NFV) can implement specific network functions (NF) on a common x86 server through virtualization technology, replacing traditional private network function devices such as firewall and deep packet inspection ( Deep Packet Inspection, DPI), etc.

在移动核心网中，为了在复杂多变的网络环境和业务需求下保证网络性能，需要经常进行动态的业务迁移及流量均衡，这要求经常对NF进行迁移等操作。例如，网络中一个DPI负责监测的数据流中某一条流的流量增大，为了避免降低其处理数据包的性能，需要进行负载均衡，将这条数据流迁移到另一个DPI处理。In the mobile core network, in order to ensure network performance in a complex and varied network environment and service requirements, dynamic service migration and traffic balancing are required frequently, which requires frequent operations such as NF migration. For example, the traffic of a certain flow in a data flow monitored by a DPI in the network is increased. In order to avoid reducing the performance of processing data packets, load balancing is required to migrate the data flow to another DPI processing.

目前，现有进行NF状态一致性更新的方法主要是：基于控制器转发的方案。在更新期间，控制器需要缓存旧NF发来的数据包，再依次发给新NF，给控制链路带来很大开销，并且新NF需要等待旧NF转发迁移状态期间到达的数据包，拖延了更新的进度。At present, the existing methods for performing NF state consistency update are mainly based on a scheme of controller forwarding. During the update, the controller needs to buffer the data packets sent by the old NF, and then send them to the new NF, which brings a lot of overhead to the control link, and the new NF needs to wait for the old NF to forward the data packets arriving during the migration state, delaying. The progress of the update.

发明内容Summary of the invention

本发明实施例提供了一种处理数据包的方法和装置，能够节省控制器的开销，缩短状态迁移的时间。The embodiment of the invention provides a method and a device for processing a data packet, which can save the overhead of the controller and shorten the time of state transition.

第一方面，提供了一种处理数据包的方法，所述方法应用于软件定义网络SDN中，所述SDN包括控制器、至少一个交换机和多个网络功能NF，所述方法由所述控制器执行，所述方法可以包括： In a first aspect, a method of processing a data packet is provided, the method being applied to a software defined network SDN, the SDN comprising a controller, at least one switch and a plurality of network functions NF, the method being performed by the controller Executing, the method may include:

确定需要将数据流从所述多个NF中的第一NF迁移至所述多个NF中的第二NF；Determining that a data stream needs to be migrated from a first one of the plurality of NFs to a second one of the plurality of NFs;

向所述第一NF发送第一指令，所述第一指令用于指示所述第一NF丢弃所述数据流中携带标签的数据包；Sending, to the first NF, a first instruction, where the first instruction is used to indicate that the first NF discards a data packet carrying a label in the data stream;

向所述第二NF发送第二指令，所述第二指令用于指示所述第二NF缓存所述数据包；Sending, to the second NF, a second instruction, where the second instruction is used to instruct the second NF to buffer the data packet;

向所述至少一个交换机中的第一交换机发送第一转发规则，所述第一转发规则用于指示所述第一交换机将所述数据流的数据包增加标签，并将所述携带标签的数据包发送给第一NF和第二NF，或与所述第一NF相连的交换机和与所述第二NF相连的交换机；Transmitting, to the first switch in the at least one switch, a first forwarding rule, where the first forwarding rule is used to instruct the first switch to add a label of the data packet of the data stream, and the data carrying the label Sending a packet to the first NF and the second NF, or a switch connected to the first NF and a switch connected to the second NF;

接收所述第一NF发送的响应消息，所述响应消息表示所述第一NF接收到所述携带标签的数据包；Receiving a response message sent by the first NF, where the response message indicates that the first NF receives the data packet carrying the label;

获取所述第一NF中的所述数据流的状态，并将所述数据流的状态复制到所述第二NF中；Obtaining a state of the data stream in the first NF, and copying a state of the data stream into the second NF;

向所述第一交换机发送第二转发规则，所述第二转发规则用于指示所述第一交换机将所述数据流的数据包仅发送给所述第二NF，或与所述第二NF相连的交换机。Sending, to the first switch, a second forwarding rule, where the second forwarding rule is used to instruct the first switch to send the data packet of the data stream only to the second NF, or to the second NF Connected switches.

本发明实施例的处理数据包的方法，控制器确定需要将数据流从所述多个NF中的第一NF迁移至所述多个NF中的第二NF；然后向所述第一NF发送第一指令，所述第一指令用于指示所述第一NF丢弃所述数据流中携带标签的数据包；向所述第二NF发送第二指令，所述第二指令用于指示所述第二NF缓存所述数据包；向至少一个交换机中的第一交换机发送第一转发规则，所述第一转发规则用于指示所述第一交换机将所述数据流的数据包增加标签，并将所述携带标签的数据包发送给第一NF和第二NF，或与所述第一NF相连的交换机和与所述第二NF相连的交换机，避免了控制器缓存数据包，能够节省控制器的开销，缩短状态迁移的时间。In the method for processing a data packet in the embodiment of the present invention, the controller determines that the data flow needs to be migrated from the first NF of the plurality of NFs to the second NF of the plurality of NFs; and then sends the data to the first NF a first instruction, the first instruction is used to indicate that the first NF discards a data packet carrying a label in the data stream, and sends a second instruction to the second NF, where the second instruction is used to indicate the The second NF caches the data packet; and sends a first forwarding rule to the first switch in the at least one switch, where the first forwarding rule is used to instruct the first switch to add a label to the data packet of the data stream, and Transmitting the data packet carrying the label to the first NF and the second NF, or the switch connected to the first NF and the switch connected to the second NF, avoiding the controller buffering the data packet, and saving control The overhead of the device, shortening the time of state migration.

在本发明实施例中，控制器可以是部署在移动核心网控制器中的一个模块也可以独立存在。它可以与SDN控制器和NFV控制器进行交互来获取网络状态信息。In the embodiment of the present invention, the controller may be a module deployed in the mobile core network controller or may exist independently. It can interact with the SDN controller and the NFV controller to obtain network status information.

这里，第一NF和第二NF分别表示迁移前后的NF，其中，第一NF可以表示旧NF，第二NF可以表示新NF。 Here, the first NF and the second NF respectively represent NFs before and after migration, wherein the first NF may represent the old NF and the second NF may represent the new NF.

可选地，第一交换机可以是与第一NF和第二NF直连的公共交换机，也可以不是与第一NF和第二NF直连的公共交换机，本发明对此不作限定。Optionally, the first switch may be a public switch directly connected to the first NF and the second NF, or may not be a public switch directly connected to the first NF and the second NF, which is not limited by the disclosure.

可选地，在本发明实施例中，数据包的标签可以利用一些未作为转发匹配域的比特位，比如虚拟局域网(Virtual Local Area Network，VLAN)或业务类型(Type of Service，ToS)域等。Optionally, in the embodiment of the present invention, the label of the data packet may use some bits that are not used as the forwarding matching domain, such as a virtual local area network (VLAN) or a type of service (ToS) domain. .

可选地，第一NF在收到与所述第一NF相连的交换机(比如第一交换机)发送的携带标签的数据包后，可以向控制器汇报，比如向控制器发送响应消息。控制器在收到该响应消息后，可以获知第一NF已收到携带标签的数据包，则控制器可以执行后续的操作。Optionally, after receiving the data packet carrying the label sent by the switch (such as the first switch) connected to the first NF, the first NF may report to the controller, for example, send a response message to the controller. After receiving the response message, the controller can learn that the first NF has received the data packet carrying the label, and the controller can perform subsequent operations.

可选地，控制器在获知第一NF已收到携带标签的数据包后，可以开始进行状态迁移操作，具体即：提取第一NF中数据流的状态，并将数据流的状态复制到第二NF中。其中，数据流的状态可以是所述数据流发送数据包的总数、NF连接时间等信息。Optionally, after the controller learns that the first NF has received the data packet carrying the label, the controller may start the state transition operation, that is, extract the state of the data stream in the first NF, and copy the state of the data stream to the first Two NF. The status of the data stream may be information such as the total number of data packets sent by the data stream, the NF connection time, and the like.

可选地，控制器在将第一NF的状态迁移完成后，可以对第一交换机的转发规则进行修改，比如向所述第一交换机发送第二转发规则，使得第一交换机将所述数据流的数据包仅发送给所述第二NF，或与所述第二NF相连的交换机。Optionally, after the state transition of the first NF is completed, the controller may modify the forwarding rule of the first switch, for example, send a second forwarding rule to the first switch, so that the first switch sends the data flow. The data packet is only sent to the second NF, or a switch connected to the second NF.

可选地，控制器可以删除第一NF上所述数据流的状态，并且向第二NF发送处理指令，让第二NF开始处理缓存中的数据包。对应地，第二NF可以根据处理指令开始按序处理数据包。至此，第一NF的状态迁移至该第二NF上，完成了NF状态的更新。Optionally, the controller may delete the state of the data stream on the first NF and send a processing instruction to the second NF to cause the second NF to start processing the data packet in the cache. Correspondingly, the second NF can start processing the data packets in order according to the processing instruction. So far, the state of the first NF migrates to the second NF, and the update of the NF state is completed.

在一些可能的实现方式中，所述第一交换机可以为所述第一NF和所述第二NF的公共交换机，其中，所述第一转发规则用于指示所述第一交换机将所述携带标签的数据包发送给所述第一NF和所述第二NF，所述第二转发规则用于指示所述第一交换机将所述数据流的数据包仅发送给所述第二NF。In some possible implementations, the first switch may be a public switch of the first NF and the second NF, where the first forwarding rule is used to indicate that the first switch is to carry the The data packet of the label is sent to the first NF and the second NF, and the second forwarding rule is used to instruct the first switch to send the data packet of the data stream only to the second NF.

本发明实施例的技术方案，控制器无需作为中继设备缓存并转发数据包。并且，由于不必等待数据包经过NF1发送给控制器再转发给NF2，NF2在状态迁移完成后可以立即开始处理数据包。这样，不仅节省了控制器的负载开销，而且缩短了更新状态所需的时间，大大提高了NF状态迁移的效率。In the technical solution of the embodiment of the present invention, the controller does not need to cache and forward the data packet as a relay device. Moreover, since it is not necessary to wait for the data packet to be sent to the controller through NF1 and then forwarded to NF2, NF2 can start processing the data packet immediately after the state transition is completed. In this way, not only the load overhead of the controller is saved, but also the time required for updating the state is shortened, and the efficiency of NF state migration is greatly improved.

可选地，NF1和NF2也可以具体为PCEF1和PCEF2，或者也可以替换为DPI1和DPI2，或者其他用于表征网络功能的单元，本发明实施例对此不作限定。Optionally, NF1 and NF2 may also be specifically PCEF1 and PCEF2, or may be replaced. The embodiment of the present invention does not limit the DPI1 and the DPI2, or other units for characterizing the network function.

在一些可能的实现方式中，所述第一交换机的下一跳交换机包括第二交换机和第三交换机，所述第二交换机与所述第一NF相连，所述第三交换机与所述第二NF相连，其中，所述第一转发规则用于指示所述第一交换机将所述携带标签的数据包发送至所述第二交换机和所述第三交换机，所述第二转发规则用于指示所述第一交换机将所述数据流的数据包仅发送给所述第三交换机。In some possible implementations, the next hop switch of the first switch includes a second switch and a third switch, the second switch is connected to the first NF, and the third switch is connected to the second The NF is connected, where the first forwarding rule is used to instruct the first switch to send the data packet carrying the label to the second switch and the third switch, where the second forwarding rule is used to indicate The first switch sends the data packet of the data stream only to the third switch.

可选地，在向所述至少一个交换机中的第一交换机发送第一转发规则前，所述方法还可以包括：Optionally, before the first forwarding rule is sent to the first switch in the at least one switch, the method may further include:

向所述第三交换机发送第三转发规则，所述第三转发规则用于指示所述第三交换机将所述携带标签的数据包发送至所述第二NF。And sending, by the third switch, a third forwarding rule, where the third forwarding rule is used to instruct the third switch to send the data packet carrying the label to the second NF.

因此，控制器在修改公共交换机(比如第一交换机)的转发规则之前，需要先对其后续路径上的交换机(比如第三交换机)的转发规则进行更新，以避免丢包或数据包的错误转发。Therefore, before modifying the forwarding rules of the public switch (such as the first switch), the controller needs to update the forwarding rules of the switch (such as the third switch) on the subsequent path to avoid packet forwarding or packet forwarding. .

可选地，公共交换机的下一跳交换机可以包括多个交换机，这里只是以两个下一跳交换机为例进行说明，对此不作限定。Optionally, the next hop switch of the public switch may include multiple switches, and the two next hop switches are used as an example for description.

可选地，公共交换机与NF之间也可以存在多跳交换机，上述只是以其中一跳为例进行说明，本发明对此不作限定。当然，若公共交换机与NF之间存在多跳交换机，其处理方法是类似的，也需要遵循“公共交换机的转发规则，需要等后面新路径的其他交换机的转发规则更新后再更新”。Optionally, a multi-hop switch may be used between the public switch and the NF. The foregoing description is only taken as an example of the hop, and the present invention does not limit this. Of course, if there is a multi-hop switch between the public switch and the NF, the processing method is similar. It also needs to follow the "Public Switch forwarding rules, and the forwarding rules of other switches that need to wait for the new path are updated and then updated."

第二方面，提供了一种处理数据包的方法，所述方法应用于软件定义网络SDN中，所述SDN包括控制器、至少一个交换机和多个网络功能NF，所述方法由所述至少一个交换机中的第一交换机执行，所述方法包括：In a second aspect, a method of processing a data packet is provided, the method being applied to a software defined network SDN, the SDN comprising a controller, at least one switch, and a plurality of network functions NF, the method being by the at least one The first switch in the switch performs, and the method includes:

获取所述控制器发送的第一转发规则；Obtaining a first forwarding rule sent by the controller;

根据所述第一转发规则对数据流的数据包增加标签，并将所述携带标签的数据包发送给所述多个NF中的第一NF和第二NF，或与所述第一NF相连的交换机和与所述第二NF相连的交换机，所述数据流是所述控制器确定的需要从所述第一NF迁移至所述第二NF的数据流；And adding a label to the data packet of the data flow according to the first forwarding rule, and sending the data packet carrying the label to the first NF and the second NF of the plurality of NFs, or connected to the first NF And a switch connected to the second NF, the data stream being a data stream determined by the controller to be migrated from the first NF to the second NF;

获取所述控制器发送的第二转发规则；Obtaining a second forwarding rule sent by the controller;

根据所述第二转发规则将所述数据流的数据包仅发送给所述第二NF，或与所述第二NF相连的交换机。And transmitting, according to the second forwarding rule, the data packet of the data stream to the second NF, Or a switch connected to the second NF.

本发明实施例的处理数据包的方法，第一交换机通过对待迁移数据流的数据包增加标签，并将所述携带标签的数据包发送给所述多个NF中的第一NF和第二NF，或与所述第一NF相连的交换机和与所述第二NF相连的交换机，能够节省控制器的开销，缩短状态迁移的时间。In the method for processing a data packet, the first switch adds a label to the data packet to be migrated, and sends the data packet carrying the label to the first NF and the second NF of the plurality of NFs. The switch connected to the first NF and the switch connected to the second NF can save controller overhead and shorten state transition time.

在一些可能的实现方式中，所述第一交换机为所述第一NF和所述第二NF的公共交换机；In some possible implementations, the first switch is a public switch of the first NF and the second NF;

其中，将所述携带标签的数据包发送给所述多个NF中的第一NF和第二NF，或与所述第一NF相连的交换机和与所述第二NF相连的交换机，包括：The transmitting the data packet carrying the label to the first NF and the second NF of the plurality of NFs, or the switch connected to the first NF and the switch connected to the second NF, include:

将所述携带标签的数据包发送给所述第一NF和所述第二NF；Transmitting the data packet carrying the label to the first NF and the second NF;

其中，根据所述第二转发规则将所述数据流的数据包仅发送给所述第二NF，或与所述第二NF相连的交换机，包括：The switch that sends the data packet of the data stream to the second NF or the switch connected to the second NF according to the second forwarding rule includes:

根据所述第二转发规则将所述数据流的数据包仅发送给所述第二NF。And transmitting the data packet of the data stream to the second NF according to the second forwarding rule.

在一些可能的实现方式中，所述第一交换机的下一跳交换机包括第二交换机和第三交换机，所述第二交换机与所述第一NF相连，所述第三交换机与所述第二NF相连；In some possible implementations, the next hop switch of the first switch includes a second switch and a third switch, the second switch is connected to the first NF, and the third switch is connected to the second NF connection;

将所述数据包发送给所述第二交换机和所述第三交换机；Sending the data packet to the second switch and the third switch;

根据所述第二转发规则将所述数据流的数据包仅发送给所述第三交换机。And transmitting, according to the second forwarding rule, the data packet of the data stream to the third switch.

因此，本发明实施例的处理数据包的方法，第一交换机通过对待迁移数据流的数据包增加标签，并将所述携带标签的数据包发送给所述多个NF中的第一NF和第二NF，或与所述第一NF相连的交换机和与所述第二NF相连的交换机，能够节省控制器的开销，缩短状态迁移的时间。进一步地，在第一交换机的下一跳交换机包括第二交换机和第三交换机，所述第二交换机与所述第一NF相连，所述第三交换机与所述第二NF相连时，可以避免丢包或错误转发。Therefore, in the method for processing a data packet in the embodiment of the present invention, the first switch adds a label to the data packet to be migrated, and sends the data packet carrying the label to the first NF and the first of the plurality of NFs. The two NFs, or the switch connected to the first NF and the switch connected to the second NF, can save the overhead of the controller and shorten the time of state transition. Further, the next hop switch of the first switch includes a second switch and a third switch, where the second switch is connected to the first NF, and when the third switch is connected to the second NF, throw Packet or error forwarding.

第三方面，提供了一种处理数据包的方法，其特征在于，所述方法应用于软件定义网络SDN中，所述SDN包括控制器、至少一个交换机和多个网络功能NF，所述方法由所述多个NF中的第一NF执行，所述方法包括：A third aspect provides a method for processing a data packet, wherein the method is applied to a software-defined network SDN, where the SDN includes a controller, at least one switch, and multiple network functions NF, where the method includes Executing a first NF of the plurality of NFs, the method comprising:

获取所述控制器发送的第一指令，所述第一指令用于所述控制器指示所述第一NF丢弃携带标签的数据包；Obtaining a first instruction sent by the controller, where the first instruction is used by the controller to instruct the first NF to discard a data packet carrying a label;

获取所述多个交换机中与所述第一NF相连的交换机发送的所述携带标签的数据包；Obtaining the data packet carrying the label sent by the switch connected to the first NF among the multiple switches;

向所述控制器发送响应消息，所述响应消息表示接收到所述携带标签的数据包，以使所述控制器获取所述第一NF中的所述数据流的状态，并将所述数据流的状态复制到所述第二NF中；Sending a response message to the controller, the response message indicating that the data packet carrying the tag is received, so that the controller acquires a state of the data flow in the first NF, and the data is The state of the stream is copied to the second NF;

根据所述第一指令丢弃所述携带标签的数据包。And dropping the data packet carrying the label according to the first instruction.

在本发明实施例中，第一NF可以接收控制器发送的第一指令，以及接收与第一NF相连的交换机发送的携带标签的数据包，然后向控制器发送响应消息，以告知控制器其收到携带标签的数据包，并根据所述第一指令丢弃所述携带标签的数据包，以便于控制器执行后续的迁移操作，能够节省控制器的开销，缩短状态迁移的时间。In the embodiment of the present invention, the first NF may receive the first instruction sent by the controller, and receive the data packet carrying the label sent by the switch connected to the first NF, and then send a response message to the controller to notify the controller. Receiving the data packet carrying the label, and discarding the data packet carrying the label according to the first instruction, so that the controller performs the subsequent migration operation, which can save the overhead of the controller and shorten the time of the state transition.

在一些可能的实现方式中，与所述第一NF相连的交换机为第一交换机，所述第一交换机为所述第一NF和所述第二NF的公共交换机；In some possible implementations, the switch connected to the first NF is a first switch, and the first switch is a public switch of the first NF and the second NF;

获取所述多个交换机中与所述第一NF相连的交换机发送的所述携带标签的数据包，包括：Obtaining the data packet carrying the label sent by the switch that is connected to the first NF in the multiple switches, including:

接收所述第一交换机发送的所述携带标签的数据包。Receiving the data packet carrying the label sent by the first switch.

在一些可能的实现方式中，与所述第一NF相连的交换机为第二交换机，与所述第二NF相连的交换机为第三交换机，所述第二交换机与所述第三交换机的上一跳交换机为第一交换机；In some possible implementations, the switch connected to the first NF is a second switch, the switch connected to the second NF is a third switch, and the second switch and the third switch are the previous one. The jump switch is the first switch;

获取所述多个交换机中与所述第一NF相连的交换机发送的所述数据包，包括：Obtaining the data packet sent by the switch that is connected to the first NF among the multiple switches, including:

接收所述第二交换机发送的所述携带标签的数据包，其中，所述携带标签的数据包是所述第一交换机转发给所述第二交换机的。And receiving the data packet carrying the label sent by the second switch, where the data packet carrying the label is forwarded by the first switch to the second switch.

第四方面，提供了一种处理数据包的方法，其特征在于，所述方法应用于软件定义网络SDN中，所述SDN包括控制器、至少一个交换机和多个网络功能NF，所述方法由所述多个NF中的第二NF执行，所述方法包括：A fourth aspect provides a method for processing a data packet, the method being applied to a software defined network SDN, the SDN comprising a controller, at least one switch, and multiple networks a function NF, the method being performed by a second NF of the plurality of NFs, the method comprising:

获取所述控制器发送的第二指令，所述第二指令用于所述控制器指示所述第二NF缓存携带标签的数据包；Obtaining a second instruction sent by the controller, where the second instruction is used by the controller to instruct the second NF cache to carry a data packet of the label;

获取所述多个交换机中与所述第二NF相连的交换机发送的所述携带标签的数据包；Obtaining the data packet carrying the label sent by the switch connected to the second NF among the multiple switches;

根据所述第二指令缓存所述携带标签的数据包。And buffering the data packet carrying the label according to the second instruction.

在一些可能的实现方式中，与所述第二NF相连的交换机为第一交换机，所述第一交换机为所述多个NF中的第一NF和所述第二NF的公共交换机；In some possible implementations, the switch connected to the second NF is a first switch, and the first switch is a public switch of a first NF and a second NF of the multiple NFs;

获取所述多个交换机中与所述第二NF相连的交换机发送的所述携带标签的数据包，包括：Obtaining the data packet carrying the label sent by the switch that is connected to the second NF in the multiple switches, including:

在一些可能的实现方式中，与所述第二NF相连的交换机为第三交换机，与所述第一NF相连的交换机为第二交换机，所述第二交换机与所述第三交换机的上一跳交换机为第一交换机；In some possible implementations, the switch connected to the second NF is a third switch, and the switch connected to the first NF is a second switch, and the second switch and the third switch are the previous one. The jump switch is the first switch;

获取所述多个交换机中与所述第二NF相连的交换机发送的所述数据包，包括：Obtaining the data packet sent by the switch that is connected to the second NF among the multiple switches, including:

接收所述第三交换机发送的所述携带标签的数据包，其中，所述携带标签的数据包是所述第一交换机转发给所述第三交换机的。And receiving the data packet carrying the label sent by the third switch, where the data packet carrying the label is forwarded by the first switch to the third switch.

第五方面，提供了一种控制器，用于执行上述第一方面或第一方面的任意可能的实现方式中的方法。具体地，该控制器包括用于执行上述第一方面或第一方面的任意可能的实现方式中的方法的单元。In a fifth aspect, a controller is provided for performing the method of any of the above first aspect or any of the possible implementations of the first aspect. In particular, the controller comprises means for performing the method of any of the above-described first aspect or any of the possible implementations of the first aspect.

第六方面，提供了一种交换机，用于执行上述第二方面或第二方面的任意可能的实现方式中的方法。具体地，该交换机包括用于执行上述第二方面或第二方面的任意可能的实现方式中的方法的单元。In a sixth aspect, a switch is provided for performing the method of any of the foregoing second aspect or any of the possible implementations of the second aspect. In particular, the switch comprises means for performing the method of any of the above-described second or second aspects of the second aspect.

第七方面，提供了一种网络功能实体，用于执行上述第三方面或第三方面的任意可能的实现方式中的方法。具体地，该网络功能实体包括用于执行上述第三方面或第三方面的任意可能的实现方式中的方法的单元。In a seventh aspect, a network function entity is provided for performing the method of any of the foregoing third aspect or any of the possible implementations of the third aspect. In particular, the network function entity comprises means for performing the method of any of the possible implementations of the third or third aspect above.

第八方面，提供了一种网络功能实体，用于执行上述第四方面或第四方面的任意可能的实现方式中的方法。具体地，该网络功能实体包括用于执行上述第四方面或第四方面的任意可能的实现方式中的方法的单元。In an eighth aspect, a network function entity is provided for performing the method of any of the foregoing fourth aspect or any of the possible implementations of the fourth aspect. In particular, the network function entity comprises means for performing the method of any of the above-described fourth or fourth aspects of the fourth aspect.

第九方面，提供了一种计算机可读存储介质，该计算机可读存储介质存储有程序，该程序使得控制器执行上述第一方面，及其各种实现方式中的任一种处理数据包的方法。In a ninth aspect, a computer readable storage medium is provided, the computer readable storage medium storing There is stored a program that causes the controller to perform the method of processing the data packet in any of the above first aspects, and various implementations thereof.

第十方面，提供了一种计算机可读存储介质，该计算机可读存储介质存储有程序，该程序使得交换机执行上述第二方面，及其各种实现方式中的任一种处理数据包的方法。According to a tenth aspect, a computer readable storage medium storing a program for causing a switch to perform the second aspect described above, and any of the various implementations thereof, for processing a data packet .

第十一方面，提供了一种计算机可读存储介质，该计算机可读存储介质存储有程序，该程序使得网络功能实体执行上述第三方面，及其各种实现方式中的任一种处理数据包的方法。In an eleventh aspect, a computer readable storage medium is provided, the computer readable storage medium storing a program causing a network function entity to perform the third aspect described above, and processing the data in any of the various implementations The method of the package.

第十二方面，提供了一种计算机可读存储介质，该计算机可读存储介质存储有程序，该程序使得网络功能实体执行上述第四方面，及其各种实现方式中的任一种处理数据包的方法。According to a twelfth aspect, there is provided a computer readable storage medium storing a program causing a network function entity to perform the fourth aspect described above, and processing data in any of the various implementations thereof The method of the package.

附图说明DRAWINGS

图1是根据本发明实施例的核心网架构的示意图。1 is a schematic diagram of a core network architecture in accordance with an embodiment of the present invention.

图2是根据本发明实施例的处理数据包的方法的示意性流程图。2 is a schematic flow chart of a method of processing a data packet according to an embodiment of the present invention.

图3是应用本发明实施例的一个例子的数据流的初始状态和最终状态的示意图。3 is a schematic diagram of an initial state and a final state of a data stream to which an example of an embodiment of the present invention is applied.

图4a至图4f是根据本发明实施例的一个例子的具体流程的示意图。4a through 4f are schematic diagrams showing a specific flow of an example according to an embodiment of the present invention.

图5是应用本发明实施例的另一个例子的数据流的初始状态和最终状态的示意图。Figure 5 is a schematic diagram of an initial state and a final state of a data stream to which another example of an embodiment of the present invention is applied.

图6a至图6h是根据本发明实施例的另一个例子的具体流程的示意图。6a to 6h are schematic diagrams showing a specific flow of another example according to an embodiment of the present invention.

图7是根据本发明另一实施例的处理数据包的方法的示意性流程图。FIG. 7 is a schematic flowchart of a method of processing a data packet according to another embodiment of the present invention.

图8是根据本发明再一实施例的处理数据包的方法的示意性流程图。FIG. 8 is a schematic flowchart of a method of processing a data packet according to still another embodiment of the present invention.

图9是根据本发明另一实施例的处理数据包的方法的示意性流程图。FIG. 9 is a schematic flowchart of a method of processing a data packet according to another embodiment of the present invention.

图10是根据本发明实施例的软件定义网络SDN中的控制器的示意性框图。Figure 10 is a schematic block diagram of a controller in a software defined network SDN in accordance with an embodiment of the present invention.

图11是根据本发明实施例的软件定义网络SDN中的交换机的示意性框图。11 is a schematic block diagram of a switch in a software defined network SDN in accordance with an embodiment of the present invention.

图12是根据本发明实施例的软件定义网络SDN中的一个网络功能实体的示意性框图。12 is a schematic block diagram of a network functional entity in a software-defined network SDN, in accordance with an embodiment of the present invention.

图13是根据本发明实施例的软件定义网络SDN中的另一网络功能实体的示意性框图。13 is another network functional entity in a software-defined network SDN according to an embodiment of the present invention. Schematic block diagram.

图14是本发明另一个实施例提供的软件定义网络SDN中的控制器的结构框图。FIG. 14 is a structural block diagram of a controller in a software-defined network SDN according to another embodiment of the present invention.

图15是本发明另一个实施例提供的软件定义网络SDN中的交换机的结构框图。FIG. 15 is a structural block diagram of a switch in a software-defined network SDN according to another embodiment of the present invention.

图16是本发明另一个实施例提供的软件定义网络SDN中的一个网络功能实体的结构框图。FIG. 16 is a structural block diagram of a network function entity in a software-defined network SDN according to another embodiment of the present invention.

图17是本发明另一个实施例提供的软件定义网络SDN中的另一网络功能实体的结构框图。FIG. 17 is a structural block diagram of another network function entity in a software-defined network SDN according to another embodiment of the present invention.

具体实施方式detailed description

下面将结合本发明实施例中的附图，对本发明实施例中的技术方案进行描述。The technical solutions in the embodiments of the present invention will be described below with reference to the accompanying drawings in the embodiments of the present invention.

本发明实施例的技术方案可以应用于移动核心网架构中。可选地，移动核心网架构可以将软件定义网络(Software-Defined Networking，SDN)与网络功能虚拟化(Network Function Virtualization，NFV)相结合，搭建控制平面与转发平面分离的移动核心网架构。下面将对一些概念或术语进行介绍。The technical solution of the embodiment of the present invention can be applied to a mobile core network architecture. Optionally, the mobile core network architecture may combine Software-Defined Networking (SDN) and Network Function Virtualization (NFV) to construct a mobile core network architecture in which the control plane and the forwarding plane are separated. Some concepts or terms are introduced below.

SDN是一种在学术和产业界都得到广泛关注的新型网络架构，目前已经在广域网(Wide Area Network，WAN)、骨干网等场景中部署应用。SDN通过控制平面与转发平面的分离，能够实现对网络控制的集中化和对流量的灵活调度。SDN is a new type of network architecture that has received extensive attention in both academic and industrial circles. It has been deployed in scenarios such as Wide Area Network (WAN) and backbone networks. By separating the control plane from the forwarding plane, the SDN can achieve centralized control of the network and flexible scheduling of traffic.

网络功能虚拟化(Network Function Virtualization，NFV)是一种虚拟机化技术，通过虚拟化技术能够在通用的x86服务器等通用硬件设备上实现特定的网络功能(Network Function，NF)，从而替代传统的专用网络功能设备，如防火墙、深度包检测(Deep Packet Inspection，DPI)等。Network Function Virtualization (NFV) is a virtual machine technology that can implement specific network functions (NF) on general-purpose hardware devices such as general-purpose x86 servers through virtualization technology, thus replacing traditional ones. Dedicated network function devices, such as firewalls, Deep Packet Inspection (DPI), etc.

为了保证网络性能，需要经常进行动态的业务迁移及流量均衡，这就需要对NF进行迁移等操作。另外，大多数NF会存储数据流的状态，并且根据输入的数据包对数据流的状态不断更新，这些状态决定了对后续数据包该执行怎样的操作。其中，NF的迁移不是简单的将整个NF的虚拟机复制到另一个NF上。比如，若需要将某个NF的数据流拆分到多个NF上实现负载均衡时，只需把要转移的数据流的状态迁移到对应的NF上，而不需要拷贝整个NF。In order to ensure network performance, dynamic service migration and traffic balancing are required frequently, which requires operations such as migration of NF. In addition, most NFs store the state of the data stream and continuously update the state of the data stream based on the incoming data packets. These states determine what to do with subsequent packets. Among them, the migration of NF is not simply copying the entire NF virtual machine to another NF. For example, if you need to split a NF data stream into multiple NFs to implement load balancing, you only need to migrate the state of the data stream to be transferred to the corresponding NF without copying. Bay whole NF.

另外，NF的状态迁移或更新应当具备一致性。一方面，从某时刻t开始，控制器提取了旧NF的状态向新NF迁移，这个过程需要一定的时间，在此期间到达的数据包应当由新NF处理，但新NF此时还无法正常工作。这些数据包不能被丢弃，例如，如果部分包丢失，策略与计费执行功能单元(Policy and Charging Enforcement Function，PCEF)的数据可能会发生错误。另一方面，应当保证新NF对数据包的处理顺序与它们到达交换机的顺序一致，避免产生错误输出，影响网络性能。例如，防火墙在收到服务器的同步SYN(synchronous)指令之前可能会忽略文件传输协议(File Transfer Protocol，FTP)的获取get指令。总之，保证NF状态更新的一致性要求做到无丢包和按序处理，即新NF输出的数据包及其顺序应当与没有进行迁移的情况下旧NF的输出一致。In addition, the state transition or update of the NF should be consistent. On the one hand, starting from a certain time t, the controller extracts the state of the old NF to the new NF. This process takes a certain amount of time. The data packets arriving during this period should be processed by the new NF, but the new NF cannot be normal at this time. jobs. These packets cannot be discarded. For example, if a partial packet is lost, the data of the Policy and Charging Enforcement Function (PCEF) may be incorrect. On the other hand, it should be ensured that the processing sequence of the new NF for the data packets is consistent with the order in which they arrive at the switch, avoiding the generation of erroneous output and affecting network performance. For example, the firewall may ignore the file transfer protocol (FTP) get get command before receiving the server's synchronous SYN (synchronous) command. In short, the consistency of the NF status update is required to achieve no packet loss and sequential processing, that is, the data packet of the new NF output and its order should be consistent with the output of the old NF without migration.

例如，图1示出了根据本发明实施例的基于SDN和NFV相结合的移动核心网架构。如图1所示，该移动核心网控制器(可简称为SDNFV控制器)包括SDN控制器和NFV控制器。网络中的SDN交换机(比如，交换机1、交换机2、交换机3和交换机4)按照一定的拓扑相互连接，SDNFV控制器可以通过OpenFlow等协议与SDN交换机进行交互。网络中有若干服务器(比如服务器1、服务器2)，每个服务器上可以部署多个NF。SDNFV控制器可以通过现有的分割Split/合并Merge或OpenNF等方案对NF进行管理和配置。For example, Figure 1 illustrates a mobile core network architecture based on a combination of SDN and NFV, in accordance with an embodiment of the present invention. As shown in FIG. 1, the mobile core network controller (which may be simply referred to as an SDNFV controller) includes an SDN controller and an NFV controller. The SDN switches in the network (for example, switch 1, switch 2, switch 3, and switch 4) are connected to each other according to a certain topology. The SDNFV controller can interact with the SDN switch through protocols such as OpenFlow. There are several servers in the network (such as Server 1, Server 2), and multiple NFs can be deployed on each server. The SDNFV controller can manage and configure the NF through existing split/merge merge or OpenNF schemes.

在现有关于迁移NF状态的方案中，若需要将NF状态迁移至新NF上时，则控制器需要缓存旧NF发来的数据包，并依次发送给新NF。这样会给控制器的负载带来很大的开销。进一步地，为了保证新NF能够按序处理数据包(即新旧NF的一致性)，控制器还需要等待旧NF发来的数据包赶上从交换机发来的最后一个数据包，这样大大拖延了更新的进度。基于此，本发明拟在图1的移动核心网控制器中部署一个新的模块(比如图1中的新控制器)，用以控制NF的状态迁移，能够降低控制器的开销，缩短更新时间。In the existing solution for migrating the NF state, if the NF state needs to be migrated to the new NF, the controller needs to buffer the data packets sent by the old NF and send them to the new NF in turn. This will bring a lot of overhead to the controller's load. Further, in order to ensure that the new NF can process the data packets in order (that is, the consistency of the old and new NFs), the controller also needs to wait for the data packets sent by the old NF to catch up with the last data packet sent from the switch, which greatly delays. The progress of the update. Based on this, the present invention intends to deploy a new module (such as the new controller in FIG. 1) in the mobile core network controller of FIG. 1 to control the state transition of the NF, which can reduce the overhead of the controller and shorten the update time. .

在本发明实施例中，NF可以实现其对应的专用网络功能设备对应的网络功能。比如，防火墙、深度包检测(Deep Packet Inspection，DPI)、PCEF等其他网络功能。In the embodiment of the present invention, the NF can implement the network function corresponding to the corresponding dedicated network function device. For example, firewalls, Deep Packet Inspection (DPI), PCEF and other network functions.

图2示出了根据发明实施例的处理数据包的方法200的示意性流程图。所述方法应用于软件定义网络SDN中，所述SDN包括控制器、至少一个交换机和多个网络功能NF，所述方法由所述控制器执行，如图2所示，所述方法200包括：FIG. 2 shows a schematic flow diagram of a method 200 of processing a data packet in accordance with an embodiment of the invention. The method is applied to a software-defined network SDN. The SDN includes a controller, at least one switch, and a plurality of network functions NF. The method is performed by the controller. As shown in FIG. 2, the method 200 includes:

S210，确定需要将数据流从所述多个NF中的第一NF迁移至所述多个NF中的第二NF；S210, determining that a data flow needs to be migrated from a first NF of the plurality of NFs to a second NF of the plurality of NFs;

这里，第一NF和第二NF分别表示迁移前后的NF，其中，第一NF可以表示旧NF，第二NF可以表示新NF。Here, the first NF and the second NF respectively represent NFs before and after migration, wherein the first NF may represent the old NF and the second NF may represent the new NF.

比如，若某一个NF上数据流的流量增大，控制器可以确定将该NF(比如第一NF)上的数据流迁移到另一个NF(比如第二NF)上处理，以提高数据包的处理性能。For example, if the traffic of the data stream on a certain NF increases, the controller may determine to migrate the data stream on the NF (such as the first NF) to another NF (such as the second NF) to improve the data packet. Processing performance.

S220，向所述第一NF发送第一指令，所述第一指令用于指示所述第一NF丢弃所述数据流中携带标签的数据包；S220, sending a first instruction to the first NF, where the first instruction is used to indicate that the first NF discards a data packet carrying a label in the data stream;

具体地，控制器可以预先向第一NF(比如PCEF1)发送第一指令(即丢弃指令)，用以第一NF在收到携带标签的数据包时丢弃(drop)该携带标签的数据包。Specifically, the controller may send a first instruction (ie, a discarding instruction) to the first NF (such as PCEF1) in advance, so that the first NF drops the data packet carrying the label when receiving the data packet carrying the label.

对应地，第一NF可以获取控制器发送的第一指令，如果后续收到携带标签的数据包后可以根据所述第一指令进行丢弃操作。Correspondingly, the first NF may obtain the first instruction sent by the controller, and if the data packet carrying the label is subsequently received, the discarding operation may be performed according to the first instruction.

S230，向所述第二NF发送第二指令，所述第二指令用于指示所述第二NF缓存所述数据包；S230. Send a second instruction to the second NF, where the second instruction is used to indicate that the second NF caches the data packet.

另外，控制器也可以预先向第二NF(比如PCEF2)发送第二指令(即缓存指令)，用以通知第二NF在收到携带标签的数据包时缓存(buffer)该携带标签的数据包。In addition, the controller may also send a second instruction (ie, a cache instruction) to the second NF (such as PCEF2) to notify the second NF to buffer the data packet carrying the label when receiving the data packet carrying the label. .

对应地，第二NF可以获取控制器发送的第二指令，如果后续收到携带标签的数据包后可以根据所述第二指令进行缓存操作。Correspondingly, the second NF may acquire the second instruction sent by the controller, and if the data packet carrying the label is subsequently received, the buffering operation may be performed according to the second instruction.

S240，向所述至少一个交换机中的第一交换机发送第一转发规则，所述第一转发规则用于指示所述第一交换机将所述数据流的数据包增加标签，并将所述携带标签的数据包发送给第一NF和第二NF，或与所述第一NF相连的交换机和与所述第二NF相连的交换机；S240. The first forwarding rule is sent to the first switch in the at least one switch, where the first forwarding rule is used to instruct the first switch to add a label to the data packet of the data flow, and the carrying label is The data packet is sent to the first NF and the second NF, or a switch connected to the first NF and a switch connected to the second NF;

具体而言，控制器可以修改第一交换机的第一转发规则，使得第一交换机将需要迁移的数据流的数据包添加标签。第一交换机在对数据包增加标签后，可以将携带标签的数据包同时发送给第一NF和第二NF，或者，也可以将携带标签的数据包同时发送给与所述第一NF相连的交换机和与所述第二NF相连的交换机。Specifically, the controller may modify the first forwarding rule of the first switch, so that the first switch adds a label to the data packet of the data stream that needs to be migrated. After the first switch adds a label to the data packet, the first switch can send the data packet carrying the label to the first NF and the second NF at the same time, or And transmitting the data packet carrying the label to the switch connected to the first NF and the switch connected to the second NF.

这里，可选地，第一交换机可以是与第一NF和第二NF直连的公共交换机，也可以不是与第一NF和第二NF直连的公共交换机，本发明对此不作限定。Here, the first switch may be a public switch directly connected to the first NF and the second NF, or may not be a public switch directly connected to the first NF and the second NF, which is not limited by the present invention.

在本发明实施例中，可选地，数据包的标签可以利用一些未作为转发匹配域的比特位表示，比如虚拟局域网(Virtual Local Area Network，VLAN)或业务类型(Type of Service，ToS)域等。In the embodiment of the present invention, the label of the data packet may be represented by a bit that is not used as a forwarding matching domain, such as a virtual local area network (VLAN) or a type of service (ToS) domain. Wait.

S250，接收所述第一NF发送的响应消息，所述响应消息表示所述第一NF接收到所述携带标签的数据包；S250: Receive a response message sent by the first NF, where the response message indicates that the first NF receives the data packet carrying the label.

这里，控制器可以接收所述第一NF发送的响应消息，从而得知第一NF已接收到携带标签的数据包。Here, the controller may receive the response message sent by the first NF, so that the first NF has received the data packet carrying the label.

对应地，第一NF在收到与所述第一NF相连的交换机(比如第一交换机)发送的携带标签的数据包后，可以向控制器汇报，比如向控制器发送响应消息。控制器在收到该响应消息后，可以获知第一NF已收到携带标签的数据包，则控制器可以执行后续的操作。Correspondingly, after receiving the data packet carrying the label sent by the switch (such as the first switch) connected to the first NF, the first NF may report to the controller, for example, send a response message to the controller. After receiving the response message, the controller can learn that the first NF has received the data packet carrying the label, and the controller can perform subsequent operations.

在本发明实施例中，响应消息可以是第一NF发送的整个携带标签的数据包，或者可以是一个指示信息，其目的在于告知控制器第一NF已收到携带标签的数据包。本发明实施例对响应消息的形式不作限定。In the embodiment of the present invention, the response message may be the entire data packet carrying the label sent by the first NF, or may be an indication information, and the purpose is to inform the controller that the first NF has received the data packet carrying the label. The embodiment of the present invention does not limit the form of the response message.

S260，获取所述第一NF中的所述数据流的状态，并将所述数据流的状态复制到所述第二NF中；S260. Acquire a state of the data stream in the first NF, and copy a state of the data stream into the second NF.

可选地，控制器在获知第一NF已收到携带标签的数据包后，可以开始进行状态迁移操作，具体即：提取第一NF中数据流的状态，并将数据流的状态复制到第二NF中。其中，数据流的状态可以是该数据流发送数据包的总数、NF连接时间等信息。Optionally, after the controller learns that the first NF has received the data packet carrying the label, the controller may start the state transition operation, that is, extract the state of the data stream in the first NF, and copy the state of the data stream to the first Two NF. The status of the data stream may be information such as the total number of data packets sent by the data stream, the NF connection time, and the like.

S270，向所述第一交换机发送第二转发规则，所述第二转发规则用于指示所述第一交换机将所述数据流的数据包仅发送给所述第二NF，或与所述第二NF相连的交换机。S270, sending a second forwarding rule to the first switch, where the second forwarding rule is used to instruct the first switch to send the data packet of the data stream only to the second NF, or Two NF connected switches.

可选地，控制器在将第一NF的状态迁移完成后，可以对第一交换机的转发规则进行修改，比如向所述第一交换机发送第二转发规则，使得第一交换机将所述数据流的数据包仅发送给所述第二NF，或与所述第二NF相连的交换机。Optionally, after the state transition of the first NF is completed, the controller may modify the forwarding rule of the first switch, for example, send a second forwarding rule to the first switch, so that the first switch sends the data flow. Data packet is only sent to the second NF or connected to the second NF Switch.

因此，本发明实施例的处理数据包的方法，控制器确定需要将数据流从所述多个NF中的第一NF迁移至所述多个NF中的第二NF；然后向所述第一NF发送第一指令，所述第一指令用于指示所述第一NF丢弃所述数据流中携带标签的数据包；向所述第二NF发送第二指令，所述第二指令用于指示所述第二NF缓存所述数据包；向至少一个交换机中的第一交换机发送第一转发规则，所述第一转发规则用于指示所述第一交换机将所述数据流的数据包增加标签，并将所述携带标签的数据包发送给第一NF和第二NF，或与所述第一NF相连的交换机和与所述第二NF相连的交换机，避免了控制器缓存数据包，能够节省控制器的开销，缩短状态迁移的时间。Therefore, in the method for processing a data packet of an embodiment of the present invention, the controller determines that the data stream needs to be migrated from the first NF of the plurality of NFs to the second NF of the plurality of NFs; and then to the first The NF sends a first instruction, where the first instruction is used to indicate that the first NF discards a data packet carrying a label in the data stream, and sends a second instruction to the second NF, where the second instruction is used to indicate The second NF caches the data packet; and sends a first forwarding rule to the first switch in the at least one switch, where the first forwarding rule is used to instruct the first switch to add a label of the data packet of the data stream And sending the data packet carrying the label to the first NF and the second NF, or the switch connected to the first NF and the switch connected to the second NF, to avoid the controller buffering the data packet, Save controller overhead and reduce state migration time.

在本发明实施例中，控制器可以是部署在移动核心网控制器中的一个模块(比如图1所示的新控制器)，也可以独立存在。它可以与SDN控制器和NFV控制器进行交互来获取网络状态信息。In the embodiment of the present invention, the controller may be a module (such as the new controller shown in FIG. 1) deployed in the mobile core network controller, or may exist independently. It can interact with the SDN controller and the NFV controller to obtain network status information.

可选地，所述第一交换机可以为所述第一NF和所述第二NF的公共交换机，其中，所述第一转发规则用于指示所述第一交换机将所述携带标签的数据包发送给所述第一NF和所述第二NF，所述第二转发规则用于指示所述第一交换机将所述数据流的数据包仅发送给所述第二NF。Optionally, the first switch may be a public switch of the first NF and the second NF, where the first forwarding rule is used to indicate that the first switch sends the data packet carrying the label Sending to the first NF and the second NF, the second forwarding rule is used to instruct the first switch to send the data packet of the data flow only to the second NF.

举例来说，图3示出了应用本发明实施例的一个例子的数据流的初始状态和最终状态的示意图。如图3所示，图3的左图为数据流的初始状态，图3的右图为数据流的最终状态。在图3的左图中，交换机将数据流P和数据流Q发送给NF1处理。为了保证负载均衡，控制器拟对数据流的路径进行重新规划，希望将数据流P迁移到NF2上，即得到图3中右边示出的数据流的最终状态。For example, FIG. 3 shows a schematic diagram of an initial state and a final state of a data stream to which an example of an embodiment of the present invention is applied. As shown in FIG. 3, the left diagram of FIG. 3 is the initial state of the data stream, and the right diagram of FIG. 3 is the final state of the data stream. In the left diagram of Figure 3, the switch sends data stream P and data stream Q to NF1 processing. In order to ensure load balancing, the controller intends to re-plan the path of the data stream, and hopes to migrate the data stream P to NF2, that is, the final state of the data stream shown on the right side of FIG.

为了更清楚地描述本发明实施例的具体方案，下面将结合图4a至图4f进行详细说明。应理解，这只是便于本领域的技术人员理解本发明实施例，并不对本发明构成限定。In order to more clearly describe a specific embodiment of the embodiment of the present invention, a detailed description will be made below in conjunction with FIGS. 4a to 4f. It should be understood that this is only an embodiment of the invention, and is not intended to limit the invention.

图4a至图4f示出了根据本发明实施例的一个例子的具体流程的示意图。在图4a至图4f中，交换机是与NF1和NF2直连的公共交换机，控制器可以对交换机、NF1、NF2进行控制。其中，流经交换机的数据流包括数据流P和数据流Q，数据流P与数据流Q可以采用现有方法区分。比如，数据流P与数据流Q可以根据目的地址(IP)、源IP、目的介质访问控制(Media Access Control，MAC)、源MAC等数据包中的匹配域进行区分。4a through 4f show schematic diagrams of a specific flow of an example in accordance with an embodiment of the present invention. In Figures 4a to 4f, the switch is a public switch directly connected to NF1 and NF2, and the controller can control the switch, NF1, NF2. The data stream flowing through the switch includes a data stream P and a data stream Q, and the data stream P and the data stream Q can be distinguished by using existing methods. For example, the data stream P and the data stream Q can be distinguished according to a matching field in a data packet such as a destination address (IP), a source IP, a destination medium access control (MAC), and a source MAC.

举例来说，一个互联网协议(Internet Protocol，IP)的第四版IPV4数据包中除了载荷(payload)之外，还有一些字段可以用来进行控制，这些字段中有一些字段可以作为数据流的匹配与区分，而其余字段(即一般不作为数据流的匹配域的字段)可以作为本发明实施例中增加的标签，该标签也可以理解为附加标识信息。For example, in the fourth edition of the Internet Protocol (IP) IPV4 packet, in addition to the payload, there are some fields that can be used for control. Some of these fields can be used as data streams. The matching and distinguishing, and the remaining fields (that is, the fields that are not generally used as the matching fields of the data stream) may be used as tags added in the embodiment of the present invention, and the tags may also be understood as additional identification information.

如图4a所示，交换机将数据流P(包括数据包P0、P1)和数据流Q(包括数据包Q0、Q1)发送给NF1。控制器向NF1发送丢弃指令，用于通知NF1在收到数据流P中携带标签的数据包时进行丢弃操作；向NF2发送缓存指令，用于通知NF2在收到数据流P中携带标签的数据包时进行缓存操作。As shown in Figure 4a, the switch sends data stream P (including data packets P0, P1) and data stream Q (including data packets Q0, Q1) to NF1. The controller sends a discarding instruction to the NF1 to notify the NF1 to perform a discard operation when receiving the data packet carrying the label in the data stream P, and send a cache instruction to the NF2 to notify the NF2 to carry the data of the label in the received data stream P. The cache operation is performed when the package is used.

如图4b所示，控制器可以向交换机发送转发规则，该转发规则用于指示交换机对数据流P的数据包(比如从P2开始的数据包)增加标签，并将携带标签的数据包同时发送给NF1和NF2。此时，数据流P包括数据包P0、P1、P2，数据流Q包括数据包Q0、Q1、Q2。该标签用于对数据流P中待迁移的数据包进行标识。相应地，交换机从数据包P2开始，对数据流P的数据包增加标签。其中，数据流Q正常转发(即仍在NF1处理，不进行迁移)，未做处理。As shown in FIG. 4b, the controller may send a forwarding rule to the switch, where the forwarding rule is used to instruct the switch to add a label to the data packet of the data stream P (such as a data packet starting from P2), and send the data packet carrying the label simultaneously. Give NF1 and NF2. At this time, the data stream P includes data packets P0, P1, and P2, and the data stream Q includes data packets Q0, Q1, and Q2. This tag is used to identify the data packets to be migrated in the data stream P. Accordingly, the switch starts with packet P2 and adds a label to the packet of data stream P. The data stream Q is normally forwarded (that is, still processed in NF1, and is not migrated), and is not processed.

如图4c所示，交换机将携带标签的数据包P3’继续发送给NF1和NF2。另外，NF1在收到携带标签的数据包P2’后，可以告知控制器，并将数据包P2’丢弃。同时，NF2将数据包P2’加入缓存。另外，交换机没有对数据流Q的数据包增加标签操作，数据流Q正常转发。因此后续图4d至图4f将省略数据流Q的描述。As shown in Figure 4c, the switch continues to send the tagged data packet P3' to NF1 and NF2. In addition, after receiving the packet carrying packet P2', NF1 can inform the controller and discard the packet P2'. At the same time, NF2 adds the packet P2' to the cache. In addition, the switch does not add a label operation to the data packet of the data stream Q, and the data stream Q is normally forwarded. Therefore, the description of the data stream Q will be omitted in subsequent FIGS. 4d to 4f.

如图4d所示，控制器可以从NF1中提取数据流P的状态，并将数据流P的状态复制到NF2中。随后，控制器还需要修改交换机的转发规则，即向交换机发送转发规则，该转发规则用于指示交换机将数据流P的数据包仅发送给NF2。此时，NF2中缓存的数据包包括P4’、P3’、P2’。 As shown in Figure 4d, the controller can extract the state of the data stream P from NF1 and copy the state of the data stream P into NF2. Then, the controller also needs to modify the forwarding rule of the switch, that is, send a forwarding rule to the switch, and the forwarding rule is used to instruct the switch to send the data packet of the data stream P only to the NF2. At this time, the data packet buffered in NF2 includes P4', P3', P2'.

如图4e所示，从数据包P6’开始，交换机将数据流P的数据包只发送给NF2。控制器可以删除NF1上关于数据流P的状态，并且向NF2发送处理指令，该处理指令用于指示NF2可以立即开始处理之前缓存的数据包(包括P5’、P4’、P3’、P2’)。As shown in Figure 4e, starting from packet P6', the switch sends the data packet of data stream P to NF2 only. The controller may delete the state of the data stream P on the NF1 and send a processing instruction to the NF2, the processing instruction is used to indicate that the NF2 can immediately start processing the previously buffered data packet (including P5', P4', P3', P2'). .

如图4f所示，数据流P已完成从NF1到NF2的迁移。NF2已经开始按序处理缓存的数据包(包括P5’、P4’、P3’、P2’)，并且输出了处理后的数据包P3、P2。As shown in Figure 4f, data stream P has completed migration from NF1 to NF2. NF2 has started processing the buffered packets (including P5', P4', P3', P2') in order, and outputs the processed packets P3, P2.

综上所述，图4a至图4f示出了处理数据包的一个例子的整个流程的示意图。本发明实施例的技术方案，控制器无需作为中继设备缓存并转发数据包。并且，由于不必等待数据包经过NF1发送给控制器再转发给NF2，NF2在状态迁移完成后可以立即开始处理数据包。这样，不仅节省了控制器的负载开销，而且缩短了更新状态所需的时间，大大提高了NF状态迁移的效率。In summary, Figures 4a through 4f show schematic diagrams of the entire flow of an example of processing a data packet. In the technical solution of the embodiment of the present invention, the controller does not need to cache and forward the data packet as a relay device. Moreover, since it is not necessary to wait for the data packet to be sent to the controller through NF1 and then forwarded to NF2, NF2 can start processing the data packet immediately after the state transition is completed. In this way, not only the load overhead of the controller is saved, but also the time required for updating the state is shortened, and the efficiency of NF state migration is greatly improved.

应理解，上述以NF1和NF2为例进行说明的，可选地，NF1和NF2也可以替换为PCEF1和PCEF2，或者也可以替换为DPI1和DPI2，或者其他用于表征网络功能的单元，本发明实施例对此不作限定。It should be understood that the above description takes NF1 and NF2 as an example. Alternatively, NF1 and NF2 may be replaced by PCEF1 and PCEF2, or may be replaced by DPI1 and DPI2, or other units for characterizing network functions. The embodiment does not limit this.

还应理解，在图4a至图4f中，用虚线表示控制器的相关操作或步骤，并不对本申请构成限定。It should also be understood that in Figures 4a through 4f, the associated operations or steps of the controller are indicated by dashed lines and are not intended to limit the application.

前面描述了第一交换机可以是与NF1和NF2直连的公共交换机的情形，可选地，第一交换机也可以不是与NF1和NF2直连的公共交换机，下面将进行描述。The foregoing describes a case where the first switch may be a public switch directly connected to NF1 and NF2. Alternatively, the first switch may not be a public switch directly connected to NF1 and NF2, which will be described below.

可选地，作为一个实施例，所述第一交换机的下一跳交换机可以包括第二交换机和第三交换机，所述第二交换机与所述第一NF相连，所述第三交换机与所述第二NF相连，其中，所述第一转发规则用于指示所述第一交换机将所述携带标签的数据包发送至所述第二交换机和所述第三交换机，所述第二转发规则用于指示所述第一交换机将所述数据流的数据包仅发送给所述第三交换机。Optionally, as an embodiment, the next hop switch of the first switch may include a second switch and a third switch, where the second switch is connected to the first NF, and the third switch is The second NF is connected, where the first forwarding rule is used to instruct the first switch to send the data packet carrying the label to the second switch and the third switch, where the second forwarding rule is used. And instructing the first switch to send the data packet of the data flow only to the third switch.

可选地，在向所述多个交换机中的第一交换机发送第一转发规则前，所述方法还包括：Optionally, before the first forwarding rule is sent to the first switch of the multiple switches, the method further includes:

具体而言，控制器在修改公共交换机(比如第一交换机)的转发规则之前，需要先对其后续路径上的交换机(比如第三交换机)的转发规则进行更新。否则，如果第一交换机的转发规则已更新，而第三交换机还未更新，容易造成丢包或错误转发。因此，这样做的目的是避免丢包或数据包的错误转发。Specifically, the controller is modifying the forwarding rules of the public switch (such as the first switch). Before, you need to update the forwarding rules of the switch (such as the third switch) on the subsequent path. Otherwise, if the forwarding rule of the first switch has been updated and the third switch has not been updated, it is easy to cause packet loss or error forwarding. Therefore, the purpose of doing this is to avoid packet forwarding or incorrect forwarding of packets.

举例来说，图5示出了应用本发明实施例一个例子的数据流的初始状态和最终状态的示意图。如图5所示，图5的左图为数据流的初始状态，图5的右图为数据流的最终状态。在图5的左图中，交换机1将数据流P经交换机2发送给NF1处理。为了保证负载均衡，控制器拟对数据流的路径进行重新规划，希望将数据流P迁移到NF2上，即得到图5中右边示出的数据流的最终状态。For example, FIG. 5 shows a schematic diagram of an initial state and a final state of a data stream to which an example of an embodiment of the present invention is applied. As shown in FIG. 5, the left diagram of FIG. 5 is the initial state of the data stream, and the right diagram of FIG. 5 is the final state of the data stream. In the left diagram of Figure 5, switch 1 sends data stream P to switch NF1 for processing via switch 2. In order to ensure load balancing, the controller intends to re-plan the path of the data stream, and hopes to migrate the data stream P to NF2, that is, the final state of the data stream shown on the right side of FIG.

为了更清楚地描述本发明实施例的具体方案，下面将结合图6a至图6h进行详细说明。应理解，这只是便于本领域的技术人员理解本发明实施例，并不对本发明构成限定。In order to more clearly describe a specific embodiment of the embodiment of the present invention, a detailed description will be made below with reference to FIGS. 6a to 6h. It should be understood that this is only an embodiment of the invention, and is not intended to limit the invention.

图6a至图6h示出了根据本发明实施例的另一个例子的具体流程的示意图。在图6a至图6h中，交换机1的下一跳交换机包括交换机2和交换机3，交换机2与NF1相连，交换机3与NF2相连，控制器可以对交换机1、交换机2、交换机3、NF1、NF2进行控制。6a to 6h are diagrams showing a specific flow of another example according to an embodiment of the present invention. In Figure 6a to Figure 6h, the next hop switch of switch 1 includes switch 2 and switch 3. Switch 2 is connected to NF1, switch 3 is connected to NF2, and controller can be connected to switch 1, switch 2, switch 3, NF1, NF2. Take control.

如图6a所示，交换机1将数据流P的数据包发送给交换机2。交换机2将数据流P(包括数据包P0、P1)发送给NF1。控制器向NF1发送丢弃指令，用于通知NF1在收到数据流P中携带标签的数据包时进行丢弃操作；向NF2发送缓存指令，用于通知NF2在收到数据流P中携带标签的数据包时进行缓存操作。As shown in FIG. 6a, the switch 1 transmits the data packet of the data stream P to the switch 2. Switch 2 sends data stream P (including data packets P0, P1) to NF1. The controller sends a discarding instruction to the NF1 to notify the NF1 to perform a discard operation when receiving the data packet carrying the label in the data stream P, and send a cache instruction to the NF2 to notify the NF2 to carry the data of the label in the received data stream P. The cache operation is performed when the package is used.

如图6b所示，控制器可以预先向交换机3发送转发规则，该转发规则用于指示交换机3将携带标签的数据包发送给NF2。这里，在公共交换机(即交换机1)的转发规则更新前，应保证其后续路径上的其他交换机的准发规则已更新，从而避免丢包或错误转发。As shown in FIG. 6b, the controller may send a forwarding rule to the switch 3 in advance, and the forwarding rule is used to instruct the switch 3 to send the data packet carrying the label to the NF2. Here, before the forwarding rule of the public switch (ie, switch 1) is updated, the quasi-issuing rules of other switches on the subsequent path should be updated to avoid packet loss or incorrect forwarding.

如图6c所示，控制器可以向交换机1发送转发规则，该转发规则用于指示交换机1对数据流P的数据包增加标签，并将携带标签的数据包同时发送给交换机2和交换机3。此时，数据流P包括数据包P1、P2、P3。As shown in FIG. 6c, the controller may send a forwarding rule to the switch 1, which is used to instruct the switch 1 to add a label to the data packet of the data stream P, and simultaneously send the data packet carrying the label to the switch 2 and the switch 3. At this time, the data stream P includes the data packets P1, P2, and P3.

如图6d所示，交换机1对数据包P4增加标签，得到P4’。然后，交换机1将携带标签的数据包P4’同时发送给交换机2和交换机3。接着，交换机2将数据包P4’发送给NF1；交换机3将数据包P4’发送给NF2。另外，NF1在收到携带标签的数据包P4’后，可以告知控制器(比如发送响应消息)，并将数据包P4’丢弃。同时，NF2将数据包P4’加入缓存。以此类推，后续数据包P5、P6…作类似地处理。As shown in Figure 6d, switch 1 adds a label to packet P4 to obtain P4'. Then, the switch 1 simultaneously transmits the packet P4' carrying the tag to the switch 2 and the switch 3. Then exchange Machine 2 transmits packet P4' to NF1; switch 3 transmits packet P4' to NF2. In addition, after receiving the packet carrying packet P4', NF1 can inform the controller (such as sending a response message) and discard the packet P4'. At the same time, NF2 adds the packet P4' to the cache. By analogy, the subsequent data packets P5, P6... are similarly processed.

如图6e所示，控制器可以从NF1中提取数据流P的状态，并将数据流P的状态复制到NF2中。随后，控制器还需要修改交换机1的转发规则，该转发规则用于指示交换机1将数据流P的数据包仅发送给交换机3。此时，NF2中缓存的数据包包括P4’、P5’。As shown in Figure 6e, the controller can extract the state of the data stream P from NF1 and copy the state of the data stream P into NF2. Subsequently, the controller also needs to modify the forwarding rule of the switch 1, which is used to instruct the switch 1 to send the data packet of the data stream P only to the switch 3. At this time, the data packet buffered in NF2 includes P4', P5'.

如图6f所示，从数据包P8’开始，交换机3将数据流P的数据包只发送给NF2。可选地，控制器可以删除NF1上关于数据流P的状态。As shown in Fig. 6f, starting from packet P8', switch 3 transmits the data packet of data stream P only to NF2. Alternatively, the controller may delete the state of the data stream P on NF1.

如图6g所示，在状态迁移完成后，控制器向NF2发送处理指令，该处理指令用于指示NF2可以立即开始处理之前缓存的数据包(包括之前缓存的数据包P7’、P6’、P5’、P4’)。As shown in FIG. 6g, after the state transition is completed, the controller sends a processing instruction to the NF2, which is used to indicate that the NF2 can immediately start processing the previously buffered data packet (including the previously cached data packets P7', P6', P5). ', P4').

如图6h所示，数据流P完成从NF1到NF2的迁移。NF2可以开始按序处理缓存的数据包(包括P8’、P7’、P6’、P5’、P4’)，并且输出了处理后的数据包P5、P4。As shown in Figure 6h, data stream P completes the migration from NF1 to NF2. NF2 can start processing the buffered packets (including P8', P7', P6', P5', P4') in order, and output the processed packets P5, P4.

综上所述，图6a至图6h示出了处理数据包的另一例子的整个流程的示意图。该例与前面图4a至图4f的流程的区别在于：NF1与NF2没有一个直接相连的公共交换机。因此，在该例中，控制器需要等其他交换机(比如交换机3)的规则修改好后，再修改公共交换机(比如交换机1)的转发规则。否则，若公共交换机的转发规则已更新，而其后续路径上的其他交换机的准发规则还未更新，很容易造成丢包或错误转发。In summary, Figures 6a through 6h show schematic diagrams of the entire flow of another example of processing a data packet. This example differs from the previous flow of Figures 4a to 4f in that NF1 and NF2 do not have a public switch directly connected. Therefore, in this example, the controller needs to modify the forwarding rules of the public switch (such as switch 1) after the rules of other switches (such as switch 3) are modified. Otherwise, if the forwarding rules of the public switch are updated, and the pre-issuing rules of other switches on the subsequent paths have not been updated, it is easy to cause packet loss or error forwarding.

应理解，公共交换机的下一跳交换机可以包括多个交换机，这里只是以两个下一跳交换机为例进行说明，对此不作限定。It should be understood that the next hop switch of the public switch may include multiple switches, and only two next hop switches are used as an example for description.

还应理解，公共交换机与NF之间也可以存在多跳交换机，上述只是以其中一跳为例进行说明，本发明对此不作限定。当然，若公共交换机与NF之间存在多跳交换机，其处理方法是类似的，也需要遵循“公共交换机的转发规则，需要等后面新路径的其他交换机的转发规则更新后再更新”。为了简洁，在此不作赘述。It should be understood that a multi-hop switch may also exist between the public switch and the NF. The above description is only taking one of the hops as an example, and the present invention does not limit this. Of course, if there is a multi-hop switch between the public switch and the NF, the processing method is similar. It also needs to follow the "Public Switch forwarding rules, and the forwarding rules of other switches that need to wait for the new path are updated and then updated." For the sake of brevity, no further details are given here.

还应理解，在本发明实施例中，编号“第一”、“第二”…仅仅为了区分不同的对象，比如为了区分不同的交换机，或为了区分不同的NF，或为了区分不同的转发规则，并不对本发明实施例的范围构成限制。It should also be understood that in the embodiments of the present invention, the numbers "first", "second" are only used to distinguish different objects, for example, to distinguish different switches, or to distinguish different NFs, or Differentiating the different forwarding rules does not limit the scope of the embodiments of the present invention.

因此，本发明实施例的技术方案，控制器无需作为中继设备缓存并转发数据包。并且，由于不必等待数据包经过NF1发送给控制器再转发给NF2，NF2在状态迁移完成后可以立即开始处理数据包。这样，不仅节省了控制器的负载开销，而且缩短了更新状态所需的时间，大大提高了NF状态迁移的效率。Therefore, in the technical solution of the embodiment of the present invention, the controller does not need to cache and forward the data packet as the relay device. Moreover, since it is not necessary to wait for the data packet to be sent to the controller through NF1 and then forwarded to NF2, NF2 can start processing the data packet immediately after the state transition is completed. In this way, not only the load overhead of the controller is saved, but also the time required for updating the state is shortened, and the efficiency of NF state migration is greatly improved.

下面将结合图7对本发明实施例的处理数据包的方法700进行描述，图7示出了根据本发明另一实施例的处理数据包的方法700的示意性流程图，所述方法700应用于软件定义网络SDN中，所述SDN包括控制器、至少一个交换机和多个网络功能NF，所述方法由所述至少一个交换机中的第一交换机执行。如图7所示，所述方法700包括：A method 700 for processing a data packet according to an embodiment of the present invention will be described below with reference to FIG. 7. FIG. 7 is a schematic flowchart of a method 700 for processing a data packet according to another embodiment of the present invention. In a software defined network SDN, the SDN comprises a controller, at least one switch and a plurality of network functions NF, the method being performed by a first one of the at least one switch. As shown in FIG. 7, the method 700 includes:

S710，获取所述控制器发送的第一转发规则；S710. Acquire a first forwarding rule sent by the controller.

S720，根据所述第一转发规则对数据流的数据包增加标签，并将所述携带标签的数据包发送给所述多个NF中的第一NF和第二NF，或与所述第一NF相连的交换机和与所述第二NF相连的交换机，所述数据流是所述控制器确定的需要从所述第一NF迁移至所述第二NF的数据流；S720. Add a label to the data packet of the data flow according to the first forwarding rule, and send the data packet carrying the label to the first NF and the second NF of the multiple NF, or with the first An NF-connected switch and a switch connected to the second NF, wherein the data stream is a data flow determined by the controller to be migrated from the first NF to the second NF;

S730，获取所述控制器发送的第二转发规则；S730. Acquire a second forwarding rule sent by the controller.

S740，根据所述第二转发规则将所述数据流的数据包仅发送给所述第二NF，或与所述第二NF相连的交换机。S740. Send, according to the second forwarding rule, the data packet of the data stream to the second NF, or a switch connected to the second NF.

具体而言，第一交换机通过获取控制器发送的第一转发规则，然后根据所述第一转发规则对需要迁移数据流的数据包增加标签，并将所述携带标签的数据包发送给所述多个NF中的第一NF和第二NF，或与所述第一NF相连的交换机和与所述第二NF相连的交换机，以便于第一NF和第二NF进行后续操作；进一步地，第一交换机还可以获取所述控制器发送的第二转发规则，然后根据所述第二转发规则将所述数据流的数据包仅发送给所述第二NF，或与所述第二NF相连的交换机，以便于完成第一NF到第二NF状态迁移的过程。Specifically, the first switch obtains a first forwarding rule sent by the controller, and then adds a label to the data packet that needs to migrate the data flow according to the first forwarding rule, and sends the data packet carrying the label to the a first NF and a second NF of the plurality of NFs, or a switch connected to the first NF and a switch connected to the second NF, to facilitate subsequent operations of the first NF and the second NF; further The first switch may also acquire a second forwarding rule sent by the controller, and then send the data packet of the data stream to the second NF according to the second forwarding rule, or be connected to the second NF. The switch facilitates the completion of the first NF to second NF state transition process.

应理解，为了简洁，对于与前文控制器的相关实施例中类似的概念或操作将不作赘述。It should be understood that for the sake of brevity, similar concepts or operations in the related embodiments of the foregoing controller will not be described.

因此，本发明实施例的处理数据包的方法，第一交换机通过对待迁移数据流的数据包增加标签，并将所述携带标签的数据包发送给所述多个NF中的第一NF和第二NF，或与所述第一NF相连的交换机和与所述第二NF相连的交换机，能够节省控制器的开销，缩短状态迁移的时间。Therefore, in the method for processing a data packet in the embodiment of the present invention, the first switch adds a label to the data packet to be migrated, and sends the data packet carrying the label to the multiple NFs. The first NF and the second NF, or the switch connected to the first NF and the switch connected to the second NF, can save controller overhead and shorten state transition time.

可选地，作为一个实施例，所述第一交换机为所述第一NF和所述第二NF的公共交换机；Optionally, as an embodiment, the first switch is a public switch of the first NF and the second NF;

其中，S720可以包括：Wherein, the S720 can include:

其中，S740可以包括：Wherein, the S740 can include:

可选地，作为一个实施例，所述第一交换机的下一跳交换机包括第二交换机和第三交换机，所述第二交换机与所述第一NF相连，所述第三交换机与所述第二NF相连；Optionally, as an embodiment, the next hop switch of the first switch includes a second switch and a third switch, where the second switch is connected to the first NF, and the third switch and the third switch Two NF connections;

其中，S720可以包括：Wherein, the S720 can include:

其中，S740可以包括：Wherein, the S740 can include:

因此，本发明实施例的处理数据包的方法，第一交换机通过对待迁移数据流的数据包增加标签，并将所述携带标签的数据包发送给所述多个NF中的第一NF和第二NF，或与所述第一NF相连的交换机和与所述第二NF相连的交换机，能够节省控制器的开销，缩短状态迁移的时间。进一步地，在第一交换机的下一跳交换机包括第二交换机和第三交换机，所述第二交换机与所述第一NF相连，所述第三交换机与所述第二NF相连时，可以避免丢包或错误转发。Therefore, in the method for processing a data packet in the embodiment of the present invention, the first switch adds a label to the data packet to be migrated, and sends the data packet carrying the label to the first NF and the first of the plurality of NFs. The two NFs, or the switch connected to the first NF and the switch connected to the second NF, can save the overhead of the controller and shorten the time of state transition. Further, the next hop switch of the first switch includes a second switch and a third switch, where the second switch is connected to the first NF, and when the third switch is connected to the second NF, Packet loss or error forwarding.

下面将结合图8对本发明实施例的处理数据包的方法800进行描述，图8示出了根据本发明再一实施例的处理数据包的方法800的示意性流程图，所述方法800应用于软件定义网络SDN中，所述SDN包括控制器、至少一个交换机和多个网络功能NF，所述方法由所述多个NF中的第一NF执行。如图8所示，所述方法800包括：A method 800 for processing a data packet according to an embodiment of the present invention will be described below with reference to FIG. 8. FIG. 8 is a schematic flowchart of a method 800 for processing a data packet according to still another embodiment of the present invention. In a software defined network SDN, the SDN includes a controller, at least one switch, and a plurality of network functions NF, the method being performed by a first one of the plurality of NFs. As shown in FIG. 8, the method 800 includes:

S810，获取所述控制器发送的第一指令，所述第一指令用于所述控制器指示所述第一NF丢弃携带标签的数据包；S810, acquiring a first instruction sent by the controller, where the first instruction is used by the controller to instruct the first NF to discard a data packet carrying a label;

S820，获取所述多个交换机中与所述第一NF相连的交换机发送的所述携带标签的数据包；S820. Acquire, by the switch that is connected to the first NF, in the multiple switches. a packet carrying a tag;

S830，向所述控制器发送响应消息，所述响应消息表示接收到所述携带标签的数据包，以使所述控制器获取所述第一NF中的所述数据流的状态，并将所述数据流的状态复制到所述第二NF中；S830, sending a response message to the controller, where the response message indicates that the data packet carrying the tag is received, so that the controller acquires a state of the data stream in the first NF, and Copying the state of the data stream to the second NF;

S840，根据所述第一指令丢弃所述携带标签的数据包。S840. The data packet carrying the label is discarded according to the first instruction.

具体而言，第一NF可以接收控制器发送的第一指令，以及接收与第一NF相连的交换机发送的携带标签的数据包，然后向控制器发送响应消息，以告知控制器其收到携带标签的数据包，并根据所述第一指令丢弃所述携带标签的数据包，以便于控制器执行后续的迁移操作，能够节省控制器的开销，缩短状态迁移的时间。Specifically, the first NF may receive the first instruction sent by the controller, and receive the data packet carrying the label sent by the switch connected to the first NF, and then send a response message to the controller to notify the controller that it is received. The data packet of the label is discarded, and the data packet carrying the label is discarded according to the first instruction, so that the controller performs subsequent migration operations, which can save the overhead of the controller and shorten the time of state transition.

可选地，与所述第一NF相连的交换机为第一交换机，所述第一交换机为所述第一NF和所述第二NF的公共交换机；Optionally, the switch connected to the first NF is a first switch, and the first switch is a public switch of the first NF and the second NF;

所述获取所述多个交换机中与所述第一NF相连的交换机发送的所述携带标签的数据包，包括：The acquiring the data packet of the label that is sent by the switch that is connected to the first NF in the multiple switches includes:

可选地，与所述第一NF相连的交换机为第二交换机，与所述第二NF相连的交换机为第三交换机，所述第二交换机与所述第三交换机的上一跳交换机为第一交换机；Optionally, the switch connected to the first NF is a second switch, the switch connected to the second NF is a third switch, and the second switch and the last hop switch of the third switch are a switch

所述获取所述多个交换机中与所述第一NF相连的交换机发送的所述数据包，包括：The acquiring the data packet sent by the switch that is connected to the first NF in the multiple switches includes:

因此，本发明实施例的处理数据包的方法，第一NF通过接收控制器发送的第一指令，以及接收与第一NF相连的交换机发送的携带标签的数据包，然后向控制器发送响应消息，以告知控制器其收到携带标签的数据包，并根据所述第一指令丢弃所述携带标签的数据包，以便于控制器执行后续的迁移操作，能够节省控制器的开销，缩短状态迁移的时间。Therefore, in the method for processing a data packet, the first NF receives the first instruction sent by the controller, and receives the data packet carrying the label sent by the switch connected to the first NF, and then sends a response message to the controller. In order to inform the controller that it receives the data packet carrying the label, and discards the data packet carrying the label according to the first instruction, so that the controller performs subsequent migration operations, which can save controller overhead and shorten state transition. time.

下面将结合图9对本发明实施例的处理数据包的方法900进行描述，图9示出了根据本发明另一实施例的处理数据包的方法900的示意性流程图，所述方法900应用于软件定义网络SDN中，所述SDN包括控制器、至少一个交换机和多个网络功能NF，所述方法由所述多个NF中的第二NF执行。如图9所示，所述方法900包括：A method 900 for processing a data packet according to an embodiment of the present invention will be described below with reference to FIG. 9. FIG. 9 is a schematic flowchart of a method 900 for processing a data packet according to another embodiment of the present invention. The method 900 is applied to a software defined network SDN comprising a controller, at least one switch and a plurality of network functions NF, the method being performed by a second NF of the plurality of NFs. As shown in FIG. 9, the method 900 includes:

S910，获取所述控制器发送的第二指令，所述第二指令用于所述控制器指示所述第二NF缓存携带标签的数据包；S910: Obtain a second instruction sent by the controller, where the second instruction is used by the controller to instruct the second NF cache to carry a data packet of the label;

S920，获取所述多个交换机中与所述第二NF相连的交换机发送的所述携带标签的数据包；S920: Obtain the data packet carrying the label sent by the switch that is connected to the second NF in the multiple switches.

S930，根据所述第二指令缓存所述携带标签的数据包。S930. Cache the data packet carrying the label according to the second instruction.

具体而言，第二NF可以接收控制器发送的第二指令，以及接收与第二NF相连的交换机发送的携带标签的数据包，然后根据所述第二指令缓存所述携带标签的数据包，避免了控制器缓存数据包，能够节省控制器的开销，缩短状态迁移的时间。Specifically, the second NF may receive the second instruction sent by the controller, and receive the data packet carrying the label sent by the switch connected to the second NF, and then cache the data packet carrying the label according to the second instruction, The controller is prevented from caching packets, which saves controller overhead and shortens state migration time.

可选地，与所述第二NF相连的交换机为第一交换机，所述第一交换机为所述多个NF中的第一NF和所述第二NF的公共交换机；Optionally, the switch connected to the second NF is a first switch, and the first switch is a public switch of a first NF and a second NF of the multiple NFs;

其中，S920可以包括：Wherein, S920 can include:

可选地，与所述第二NF相连的交换机为第三交换机，与所述第一NF相连的交换机为第二交换机，所述第二交换机与所述第三交换机的上一跳交换机为第一交换机；Optionally, the switch connected to the second NF is a third switch, and the switch connected to the first NF is a second switch, and the second switch and the last hop switch of the third switch are a switch

其中，S920可以包括：Wherein, S920 can include:

因此，本发明实施例的处理数据包的方法，第二NF通过接收控制器发送的第二指令，以及接收与第二NF相连的交换机发送的携带标签的数据包，然后根据所述第二指令缓存所述携带标签的数据包，避免了控制器缓存数据包，能够节省控制器的开销，缩短状态迁移的时间。Therefore, in the method for processing a data packet in the embodiment of the present invention, the second NF receives the second instruction sent by the controller, and receives the data packet carrying the label sent by the switch connected to the second NF, and then according to the second instruction. The data packet carrying the label is cached, and the controller caches the data packet, which saves the overhead of the controller and shortens the time of the state transition.

上文结合图1至图9详细描述了根据本发明实施例的处理数据包的方法，下面将结合图10至图13描述根据本发明实施例的处理数据包的装置。A method of processing a data packet according to an embodiment of the present invention is described in detail above with reference to FIGS. 1 through 9, and an apparatus for processing a data packet according to an embodiment of the present invention will be described below with reference to FIGS. 10 through 13.

图10示出了根据本发明实施例的软件定义网络SDN中的控制器1000 的示意性框图，所述SDN包括至少一个交换机和多个网络功能NF，如图10所示，所述控制器1000包括：FIG. 10 illustrates a controller 1000 in a software-defined network SDN in accordance with an embodiment of the present invention. A schematic block diagram of the SDN includes at least one switch and a plurality of network functions NF. As shown in FIG. 10, the controller 1000 includes:

确定模块1010，用于确定需要将数据流从所述多个NF中的第一NF迁移至所述多个NF中的第二NF；a determining module 1010, configured to determine that a data flow needs to be migrated from a first one of the plurality of NFs to a second one of the plurality of NFs;

发送模块1020，用于向所述第一NF发送第一指令，所述第一指令用于指示所述第一NF丢弃所述数据流中携带标签的数据包；The sending module 1020 is configured to send, to the first NF, a first instruction, where the first instruction is used to indicate that the first NF discards a data packet carrying a label in the data stream;

所述发送模块1020，还用于向所述第二NF发送第二指令，所述第二指令用于指示所述第二NF缓存所述数据包；The sending module 1020 is further configured to send a second instruction to the second NF, where the second instruction is used to instruct the second NF to cache the data packet;

所述发送模块1020，还用于向所述至少一个交换机中的第一交换机发送第一转发规则，所述第一转发规则用于指示所述第一交换机将所述数据流的数据包增加标签，并将所述携带标签的数据包发送给第一NF和第二NF，或与所述第一NF相连的交换机和与所述第二NF相连的交换机；The sending module 1020 is further configured to send a first forwarding rule to the first switch in the at least one switch, where the first forwarding rule is used to instruct the first switch to add a label of the data packet of the data stream. And transmitting the data packet carrying the label to the first NF and the second NF, or a switch connected to the first NF and a switch connected to the second NF;

接收模块1030，用于接收所述第一NF发送的响应消息，所述响应消息表示所述第一NF接收到所述携带标签的数据包；The receiving module 1030 is configured to receive a response message sent by the first NF, where the response message indicates that the first NF receives the data packet carrying the label;

获取模块1040，用于获取所述第一NF中的所述数据流的状态，并将所述数据流的状态复制到所述第二NF中；The obtaining module 1040 is configured to acquire a state of the data stream in the first NF, and copy a state of the data stream into the second NF.

所述发送模块1020，还用于向所述第一交换机发送第二转发规则，所述第二转发规则用于指示所述第一交换机将所述数据流的数据包仅发送给所述第二NF，或与所述第二NF相连的交换机。The sending module 1020 is further configured to send a second forwarding rule to the first switch, where the second forwarding rule is used to instruct the first switch to send the data packet of the data stream only to the second NF, or a switch connected to the second NF.

本发明实施例的SDN中的控制器1000，通过确定需要将数据流从所述多个NF中的第一NF迁移至所述多个NF中的第二NF；然后向所述第一NF发送第一指令，所述第一指令用于指示所述第一NF丢弃所述数据流中携带标签的数据包；向所述第二NF发送第二指令，所述第二指令用于指示所述第二NF缓存所述数据包；向至少一个交换机中的第一交换机发送第一转发规则，所述第一转发规则用于指示所述第一交换机将所述数据流的数据包增加标签，并将所述携带标签的数据包发送给第一NF和第二NF，或与所述第一NF相连的交换机和与所述第二NF相连的交换机，避免了控制器缓存数据包，能够节省控制器的开销，缩短状态迁移的时间。The controller 1000 in the SDN of the embodiment of the present invention determines that a data flow needs to be migrated from a first NF of the plurality of NFs to a second NF of the plurality of NFs; and then sends the first NF to the first NF. a first instruction, the first instruction is used to indicate that the first NF discards a data packet carrying a label in the data stream, and sends a second instruction to the second NF, where the second instruction is used to indicate the The second NF caches the data packet; and sends a first forwarding rule to the first switch in the at least one switch, where the first forwarding rule is used to instruct the first switch to add a label to the data packet of the data stream, and Transmitting the data packet carrying the label to the first NF and the second NF, or the switch connected to the first NF and the switch connected to the second NF, avoiding the controller buffering the data packet, and saving control The overhead of the device, shortening the time of state migration.

可选地，作为一个实施例，所述第一交换机为所述第一NF和所述第二NF的公共交换机，其中，所述第一转发规则用于指示所述第一交换机将所述携带标签的数据包发送给所述第一NF和所述第二NF，所述第二转发规则用于指示所述第一交换机将所述数据流的数据包仅发送给所述第二NF。Optionally, as an embodiment, the first switch is a public switch of the first NF and the second NF, where the first forwarding rule is used to indicate that the first switch is to carry the a data packet of the tag is sent to the first NF and the second NF, the second forwarding rule And the method is used to instruct the first switch to send the data packet of the data flow only to the second NF.

可选地，作为一个实施例，所述第一交换机的下一跳交换机包括第二交换机和第三交换机，所述第二交换机与所述第一NF相连，所述第三交换机与所述第二NF相连，其中，所述第一转发规则用于指示所述第一交换机将所述携带标签的数据包发送至所述第二交换机和所述第三交换机，所述第二转发规则用于指示所述第一交换机将所述数据流的数据包仅发送给所述第三交换机。Optionally, as an embodiment, the next hop switch of the first switch includes a second switch and a third switch, where the second switch is connected to the first NF, and the third switch and the third switch The second forwarding rule is configured to instruct the first switch to send the data packet carrying the label to the second switch and the third switch, where the second forwarding rule is used. Instructing the first switch to send data packets of the data stream only to the third switch.

可选地，作为一个实施例，所述发送模块1020还用于：Optionally, as an embodiment, the sending module 1020 is further configured to:

在向所述至少一个交换机中的第一交换机发送第一转发规则前，向所述第三交换机发送第三转发规则，所述第三转发规则用于指示所述第三交换机将所述携带标签的数据包发送至所述第二NF。Before sending the first forwarding rule to the first switch in the at least one switch, sending a third forwarding rule to the third switch, where the third forwarding rule is used to instruct the third switch to carry the label The data packet is sent to the second NF.

进一步地，控制器在修改公共交换机(比如第一交换机)的转发规则之前，需要先对其后续路径上的交换机(比如第三交换机)的转发规则进行更新，以避免丢包或数据包的错误转发。Further, before modifying the forwarding rule of the public switch (such as the first switch), the controller needs to update the forwarding rules of the switch (such as the third switch) on the subsequent path to avoid packet loss or packet error. Forward.

根据本发明实施例的控制器1000可对应于根据本发明实施例的方法200的执行主体，并且控制器1000中各个模块的上述和其他操作和/或功能分别为了实现前述各个方法的相应流程，为了简洁，在此不再赘述。The controller 1000 according to an embodiment of the present invention may correspond to an execution body of the method 200 according to an embodiment of the present invention, and the above-described and other operations and/or functions of the respective modules in the controller 1000 are respectively implemented in order to implement respective processes of the foregoing respective methods. For the sake of brevity, it will not be repeated here.

因此，本发明实施例的SDN中的控制器1000，通过确定需要将数据流从所述多个NF中的第一NF迁移至所述多个NF中的第二NF；然后向所述第一NF发送第一指令，所述第一指令用于指示所述第一NF丢弃所述数据流中携带标签的数据包；向所述第二NF发送第二指令，所述第二指令用于指示所述第二NF缓存所述数据包；向至少一个交换机中的第一交换机发送第一转发规则，所述第一转发规则用于指示所述第一交换机将所述数据流的数据包增加标签，并将所述携带标签的数据包发送给第一NF和第二NF，或与所述第一NF相连的交换机和与所述第二NF相连的交换机，避免了控制器缓存数据包，能够节省控制器的开销，缩短状态迁移的时间。Therefore, the controller 1000 in the SDN of the embodiment of the present invention determines that it is necessary to migrate a data stream from a first NF of the plurality of NFs to a second NF of the plurality of NFs; and then to the first The NF sends a first instruction, where the first instruction is used to indicate that the first NF discards a data packet carrying a label in the data stream, and sends a second instruction to the second NF, where the second instruction is used to indicate The second NF caches the data packet; and sends a first forwarding rule to the first switch in the at least one switch, where the first forwarding rule is used to instruct the first switch to add a label of the data packet of the data stream And sending the data packet carrying the label to the first NF and the second NF, or the switch connected to the first NF and the switch connected to the second NF, to avoid the controller buffering the data packet, Save controller overhead and reduce state migration time.

图11示出了根据本发明实施例的软件定义网络SDN中的交换机1100(可以是前文所述的第一交换机)的示意性框图，所述SDN包括控制器、至少一个交换机和多个网络功能NF，如图11所示，所述交换机1100可以包括：11 shows a schematic block diagram of a switch 1100 (which may be the first switch described above) in a software-defined network SDN, including a controller, at least one switch, and multiple network functions, in accordance with an embodiment of the present invention. NF, as shown in FIG. 11, the switch 1100 may include:

获取模块1110，用于获取所述控制器发送的第一转发规则； The obtaining module 1110 is configured to acquire a first forwarding rule sent by the controller.

处理模块1120，用于根据所述获取模块1110获取的所述第一转发规则对数据流的数据包增加标签，并将所述携带标签的数据包发送给所述多个NF中的第一NF和第二NF，或与所述第一NF相连的交换机和与所述第二NF相连的交换机，所述数据流是所述控制器确定的需要从所述第一NF迁移至所述第二NF的数据流；The processing module 1120 is configured to add a label to the data packet of the data stream according to the first forwarding rule acquired by the acquiring module 1110, and send the data packet carrying the label to the first NF of the multiple NFs. And a second NF, or a switch connected to the first NF and a switch connected to the second NF, where the data flow is determined by the controller to migrate from the first NF to the second NF data stream;

所述获取模块1110，还用于获取所述控制器发送的第二转发规则；The obtaining module 1110 is further configured to acquire a second forwarding rule sent by the controller.

所述处理模块1120，还用于根据所述获取模块获取的所述第二转发规则将所述数据流的数据包仅发送给所述第二NF，或与所述第二NF相连的交换机。The processing module 1120 is further configured to send, according to the second forwarding rule acquired by the acquiring module, the data packet of the data stream to the second NF or a switch connected to the second NF.

本发明实施例的软件定义网络SDN中的交换机1100，通过对待迁移数据流的数据包增加标签，并将所述携带标签的数据包发送给所述多个NF中的第一NF和第二NF，或与所述第一NF相连的交换机和与所述第二NF相连的交换机，能够节省控制器的开销，缩短状态迁移的时间。The switch 1100 in the software-defined network SDN of the embodiment of the present invention adds a label to a data packet to be migrated by the data stream, and sends the data packet carrying the label to the first NF and the second NF of the plurality of NFs. The switch connected to the first NF and the switch connected to the second NF can save controller overhead and shorten state transition time.

可选地，所述交换机1100为所述第一NF和所述第二NF的公共交换机；Optionally, the switch 1100 is a public switch of the first NF and the second NF;

其中，所述处理模块1120具体用于：The processing module 1120 is specifically configured to:

可选地，所述交换机1100的下一跳交换机包括第二交换机和第三交换机，所述第二交换机与所述第一NF相连，所述第三交换机与所述第二NF相连；Optionally, the next hop switch of the switch 1100 includes a second switch and a third switch, the second switch is connected to the first NF, and the third switch is connected to the second NF.

根据本发明实施例的SDN中的交换机1100可对应于根据本发明实施例的处理数据包的方法700的执行主体，并且交换机1100中各个模块的上述和其他操作和/或功能分别为了实现前述各个方法的相应流程，为了简洁，在此不再赘述。The switch 1100 in an SDN according to an embodiment of the present invention may correspond to an execution body of the method 700 of processing a data packet according to an embodiment of the present invention, and the above and other operations and/or functions of the respective modules in the switch 1100 are respectively implemented to implement the foregoing The corresponding process of the method is not repeated here for the sake of brevity.

因此，本发明实施例的SDN中的交换机1100，通过对待迁移数据流的数据包增加标签，并将所述携带标签的数据包发送给所述多个NF中的第一NF和第二NF，或与所述第一NF相连的交换机和与所述第二NF相连的交换机，能够节省控制器的开销，缩短状态迁移的时间。Therefore, the switch 1100 in the SDN of the embodiment of the present invention passes the data stream to be migrated. The data packet is tagged, and the data packet carrying the tag is sent to the first NF and the second NF of the plurality of NFs, or the switch connected to the first NF and the second NF The switch can save controller overhead and shorten the state migration time.

图12示出了根据本发明实施例的软件定义网络SDN中的网络功能实体1200(该网络功能实体1200可以是前文所述的第一NF)，所述SDN包括控制器、至少一个交换机和多个网络功能NF，如图12所示，所述网络功能实体1200可以包括：FIG. 12 illustrates a network function entity 1200 in a software-defined network SDN (which may be the first NF described above) in accordance with an embodiment of the present invention, the SDN including a controller, at least one switch, and multiple As shown in FIG. 12, the network function entity 1200 may include:

获取模块1210，用于获取所述控制器发送的第一指令，所述第一指令用于所述控制器指示所述NF丢弃携带标签的数据包；The obtaining module 1210 is configured to acquire a first instruction sent by the controller, where the first instruction is used by the controller to instruct the NF to discard a data packet carrying a label;

所述获取模块1210，还用于获取所述多个交换机中与所述第一NF相连的交换机发送的所述携带标签的数据包；The acquiring module 1210 is further configured to acquire the data packet carrying the label sent by the switch connected to the first NF among the multiple switches;

发送模块1220，用于向所述控制器发送响应消息，所述响应消息表示接收到所述携带标签的数据包，以使所述控制器获取所述NF中的所述数据流的状态，并将所述数据流的状态复制到所述多个NF中的第二NF；The sending module 1220 is configured to send a response message to the controller, where the response message indicates that the data packet carrying the label is received, so that the controller acquires a state of the data stream in the NF, and Copying the state of the data stream to a second NF of the plurality of NFs;

处理模块1230，用于根据所述获取模块获取的所述第一指令丢弃所述携带标签的数据包。The processing module 1230 is configured to discard the data packet carrying the label according to the first instruction acquired by the acquiring module.

本发明实施例的软件定义网络SDN中的网络功能实体1200，通过接收控制器发送的第一指令，以及接收与NF相连的交换机发送的携带标签的数据包，然后向控制器发送响应消息，以告知控制器其收到携带标签的数据包，并根据所述第一指令丢弃所述携带标签的数据包，以便于控制器执行后续的迁移操作，能够节省控制器的开销，缩短状态迁移的时间。The network function entity 1200 in the software-defined network SDN of the embodiment of the present invention receives the first instruction sent by the controller, and receives the data packet carrying the label sent by the switch connected to the NF, and then sends a response message to the controller. Informing the controller that it receives the data packet carrying the label, and discarding the data packet carrying the label according to the first instruction, so that the controller performs the subsequent migration operation, which can save the overhead of the controller and shorten the time of the state transition. .

可选地，与所述网络功能实体1200相连的交换机为第一交换机，所述第一交换机为所述网络功能实体1200和所述第二NF的公共交换机；Optionally, the switch connected to the network function entity 1200 is a first switch, and the first switch is a public switch of the network function entity 1200 and the second NF;

所述获取模块1210具体用于：The obtaining module 1210 is specifically configured to:

可选地，与所述网络功能实体1200相连的交换机为第二交换机，与所述第二NF相连的交换机为第三交换机，所述第二交换机与所述第三交换机的上一跳交换机为第一交换机；Optionally, the switch connected to the network function entity 1200 is a second switch, and the switch connected to the second NF is a third switch, and the second switch and the last switch of the third switch are First switch;

接收所述第二交换机发送的所述携带标签的数据包，其中，所述携带标签的数据包是所述第一交换机转发给所述第二交换机的。 And receiving the data packet carrying the label sent by the second switch, where the data packet carrying the label is forwarded by the first switch to the second switch.

根据本发明实施例的SDN中的网络功能实体1200可对应于根据本发明实施例的处理数据包的方法800的执行主体，并且网络功能实体1200中各个模块的上述和其他操作和/或功能分别为了实现前述各个方法的相应流程，为了简洁，在此不再赘述。The network function entity 1200 in the SDN according to an embodiment of the present invention may correspond to an execution body of the method 800 of processing a data packet according to an embodiment of the present invention, and the above and other operations and/or functions of the respective modules in the network function entity 1200 are respectively In order to implement the corresponding processes of the foregoing various methods, for brevity, no further details are provided herein.

因此，本发明实施例的软件定义网络SDN中的网络功能实体1200，通过接收控制器发送的第一指令，以及接收与NF相连的交换机发送的携带标签的数据包，然后向控制器发送响应消息，以告知控制器其收到携带标签的数据包，并根据所述第一指令丢弃所述携带标签的数据包，以便于控制器执行后续的迁移操作，能够节省控制器的开销，缩短状态迁移的时间。Therefore, the network function entity 1200 in the software-defined network SDN of the embodiment of the present invention receives the first instruction sent by the controller, and receives the data packet carrying the label sent by the switch connected to the NF, and then sends a response message to the controller. In order to inform the controller that it receives the data packet carrying the label, and discards the data packet carrying the label according to the first instruction, so that the controller performs subsequent migration operations, which can save controller overhead and shorten state transition. time.

图13示出了根据本发明实施例的软件定义网络SDN中的另一网络功能实体1300(该网络功能实体1300可以是前文所述的第二NF)，所述SDN包括控制器、至少一个交换机和多个网络功能NF，如图13所示，所述网络功能实体1300可以包括：FIG. 13 illustrates another network function entity 1300 in a software-defined network SDN (which may be the second NF described above), which includes a controller, at least one switch, in accordance with an embodiment of the present invention. And the plurality of network functions NF, as shown in FIG. 13, the network function entity 1300 may include:

获取模块1310，用于获取所述控制器发送的第二指令，所述第二指令用于所述控制器指示所述NF缓存携带标签的数据包；The obtaining module 1310 is configured to acquire a second instruction sent by the controller, where the second instruction is used by the controller to instruct the NF cache to carry a data packet of the label;

所述获取模块1310，还用于获取所述多个交换机中与所述第二NF相连的交换机发送的所述携带标签的数据包；The acquiring module 1310 is further configured to acquire the data packet carrying the label sent by the switch connected to the second NF among the multiple switches;

处理模块1320，用于根据所述获取模块获取的所述第二指令缓存所述携带标签的数据包。The processing module 1320 is configured to cache the data packet carrying the label according to the second instruction acquired by the acquiring module.

本发明实施例的软件定义网络SDN中的网络功能实体1300，通过接收控制器发送的第二指令，以及接收与网络功能实体1300相连的交换机发送的携带标签的数据包，然后根据所述第二指令缓存所述携带标签的数据包，避免了控制器缓存数据包，能够节省控制器的开销，缩短状态迁移的时间。The network function entity 1300 in the software-defined network SDN of the embodiment of the present invention receives the second instruction sent by the controller, and receives the data packet carrying the label sent by the switch connected to the network function entity 1300, and then according to the second The instruction caches the data packet carrying the label, thereby avoiding the controller buffering the data packet, which can save the overhead of the controller and shorten the time of state transition.

可选地，与所述网络功能实体1300相连的交换机为第一交换机，所述第一交换机为所述多个NF中的第一NF和所述网络功能实体1300的公共交换机；Optionally, the switch connected to the network function entity 1300 is a first switch, where the first switch is a first NF of the multiple NFs and a public switch of the network function entity 1300;

所述获取模块1310具体用于：The obtaining module 1310 is specifically configured to:

可选地，与所述NF 1300相连的交换机为第三交换机，与所述第一NF相连的交换机为第二交换机，所述第二交换机与所述第三交换机的上一跳交换机为第一交换机； Optionally, the switch connected to the NF 1300 is a third switch, and the switch connected to the first NF is a second switch, and the second switch and the last hop switch of the third switch are first. Switch

根据本发明实施例的SDN中的网络功能实体1300可对应于根据本发明实施例的处理数据包的方法900的执行主体，并且网络功能实体1300中各个模块的上述和其他操作和/或功能分别为了实现前述各个方法的相应流程，为了简洁，在此不再赘述。The network function entity 1300 in the SDN according to an embodiment of the present invention may correspond to an execution body of the method 900 of processing a data packet according to an embodiment of the present invention, and the above and other operations and/or functions of the respective modules in the network function entity 1300 are respectively In order to implement the corresponding processes of the foregoing various methods, for brevity, no further details are provided herein.

因此，本发明实施例的软件定义网络SDN中的网络功能实体1300，通过接收控制器发送的第二指令，以及接收与网络功能实体1300相连的交换机发送的携带标签的数据包，然后根据所述第二指令缓存所述携带标签的数据包，避免了控制器缓存数据包，能够节省控制器的开销，缩短状态迁移的时间。Therefore, the network function entity 1300 in the software-defined network SDN of the embodiment of the present invention receives the second instruction sent by the controller, and receives the data packet carrying the label sent by the switch connected to the network function entity 1300, and then according to the The second instruction caches the data packet carrying the label, thereby avoiding the controller buffering the data packet, which can save the overhead of the controller and shorten the time of the state transition.

图14示出了本发明另一个实施例提供的软件定义网络SDN中的控制器的结构，包括至少一个处理器1402(例如CPU)，至少一个网络接口1403或者其他通信接口，存储器1404。处理器1402用于执行存储器1404中存储的可执行模块，例如计算机程序。存储器1404可能包含高速随机存取存储器(RAM：Random Access Memory)，也可能还包括非不稳定的存储器(non-volatile memory)，例如至少一个磁盘存储器。通过至少一个网络接口1403(可以是有线或者无线)实现与至少一个其他网元之间的通信连接。FIG. 14 shows a structure of a controller in a software-defined network SDN according to another embodiment of the present invention, including at least one processor 1402 (for example, a CPU), at least one network interface 1403 or other communication interface, and a memory 1404. The processor 1402 is configured to execute executable modules, such as computer programs, stored in the memory 1404. The memory 1404 may include a high speed random access memory (RAM), and may also include a non-volatile memory such as at least one disk memory. A communication connection with at least one other network element is achieved by at least one network interface 1403 (which may be wired or wireless).

在一些实施方式中，存储器1404存储了程序14041，程序14041可以被处理器1402执行，用于执行前述本发明实施例的控制器侧的方法。In some embodiments, the memory 1404 stores a program 14041 that can be executed by the processor 1402 for performing the controller-side method of the aforementioned embodiments of the present invention.

图15示出了本发明另一个实施例提供的软件定义网络SDN中的交换机的结构，包括至少一个处理器1502(例如CPU)，至少一个网络接口1503或者其他通信接口，存储器1504。处理器1502用于执行存储器1506中存储的可执行模块，例如计算机程序。存储器1504可能包含高速随机存取存储器(RAM：Random Access Memory)，也可能还包括非不稳定的存储器(non-volatile memory)，例如至少一个磁盘存储器。通过至少一个网络接口1503(可以是有线或者无线)实现与至少一个其他网元之间的通信连接。FIG. 15 shows a structure of a switch in a software-defined network SDN according to another embodiment of the present invention, including at least one processor 1502 (for example, a CPU), at least one network interface 1503 or other communication interface, and a memory 1504. The processor 1502 is configured to execute executable modules, such as computer programs, stored in the memory 1506. The memory 1504 may include a high speed random access memory (RAM), and may also include a non-volatile memory such as at least one disk memory. A communication connection with at least one other network element is achieved by at least one network interface 1503, which may be wired or wireless.

在一些实施方式中，存储器1504存储了程序15041，程序15041可以被处理器1502执行，用于执行前述本发明实施例的第一交换机侧的方法。In some embodiments, the memory 1504 stores a program 15041 that can be executed by the processor 1502 for performing the method on the first switch side of the aforementioned embodiment of the present invention.

图16示出了本发明另一个实施例提供的软件定义网络SDN中的一个网络功能实体的结构，包括至少一个处理器1602(例如CPU)，至少一个网络接口1603或者其他通信接口，存储器1604。处理器1602用于执行存储器1604中存储的可执行模块，例如计算机程序。存储器1604可能包含高速随机存取存储器(RAM：Random Access Memory)，也可能还包括非不稳定的存储器(non-volatile memory)，例如至少一个磁盘存储器。通过至少一个网络接口1603(可以是有线或者无线)实现与至少一个其他网元之间的通信连接。FIG. 16 shows a network in a software-defined network SDN according to another embodiment of the present invention. The structure of the functional entity includes at least one processor 1602 (eg, a CPU), at least one network interface 1603, or other communication interface, memory 1604. The processor 1602 is configured to execute executable modules, such as computer programs, stored in the memory 1604. The memory 1604 may include a high speed random access memory (RAM), and may also include a non-volatile memory such as at least one disk memory. A communication connection with at least one other network element is achieved by at least one network interface 1603 (which may be wired or wireless).

在一些实施方式中，存储器1604存储了程序16041，程序16041可以被处理器1602执行，用于执行前述本发明实施例的第一NF侧的方法。In some embodiments, the memory 1604 stores a program 16041 that can be executed by the processor 1602 for performing the method of the first NF side of the aforementioned embodiment of the present invention.

图17示出了本发明另一个实施例提供的软件定义网络SDN中的网络功能实体的结构，包括至少一个处理器1702(例如CPU)，至少一个网络接口1703或者其他通信接口，存储器1704。处理器1702用于执行存储器1704中存储的可执行模块，例如计算机程序。存储器1704可能包含高速随机存取存储器(RAM：Random Access Memory)，也可能还包括非不稳定的存储器(non-volatile memory)，例如至少一个磁盘存储器。通过至少一个网络接口1703(可以是有线或者无线)实现与至少一个其他网元之间的通信连接。FIG. 17 shows a structure of a network function entity in a software-defined network SDN according to another embodiment of the present invention, including at least one processor 1702 (for example, a CPU), at least one network interface 1703 or other communication interface, and a memory 1704. The processor 1702 is configured to execute executable modules, such as computer programs, stored in the memory 1704. The memory 1704 may include a high speed random access memory (RAM), and may also include a non-volatile memory such as at least one disk memory. A communication connection with at least one other network element is achieved by at least one network interface 1703 (which may be wired or wireless).

在一些实施方式中，存储器1704存储了程序17041，程序17041可以被处理器1702执行，用于执行前述本发明实施例的第二NF侧的方法。In some embodiments, the memory 1704 stores a program 17041 that can be executed by the processor 1702 for performing the method of the second NF side of the aforementioned embodiment of the present invention.

应理解，在本申请的各种实施例中，上述各过程的序号的大小并不意味着执行顺序的先后，各过程的执行顺序应以其功能和内在逻辑确定，而不应对本申请实施例的实施过程构成任何限定。It should be understood that, in the various embodiments of the present application, the size of the sequence numbers of the foregoing processes does not mean the order of execution sequence, and the order of execution of each process should be determined by its function and internal logic, and should not be applied to the embodiment of the present application. The implementation process constitutes any limitation.

本领域普通技术人员可以意识到，结合本文中所公开的实施例描述的各示例的单元及算法步骤，能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行，取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能，但是这种实现不应认为超出本申请的范围。Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the various examples described in connection with the embodiments disclosed herein can be implemented in electronic hardware or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods to implement the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present application.

所属领域的技术人员可以清楚地了解到，为描述的方便和简洁，上述描述的***、装置和单元的具体工作过程，可以参考前述方法实施例中的对应过程，在此不再赘述。A person skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working process of the system, the device and the unit described above can refer to the corresponding process in the foregoing method embodiment, and details are not described herein again.

在本申请所提供的几个实施例中，应该理解到，所揭露的***、装置和方法，可以通过其它的方式实现。例如，以上所描述的装置实施例仅仅是示意性的，例如，该单元的划分，仅仅为一种逻辑功能划分，实际实现时可以有另外的划分方式，例如多个单元或组件可以结合或者可以集成到另一个***，或一些特征可以忽略，或不执行。另一点，所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口，装置或单元的间接耦合或通信连接，可以是电性，机械或其它的形式。In the several embodiments provided by the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the device embodiments described above are merely illustrative For example, the division of the unit is only a logical function division, and the actual implementation may have another division manner, for example, multiple units or components may be combined or may be integrated into another system, or some features may be ignored. Or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.

该作为分离部件说明的单元可以是或者也可以不是物理上分开的，作为单元显示的部件可以是或者也可以不是物理单元，即可以位于一个地方，或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.

另外，在本申请各个实施例中的各功能单元可以集成在一个处理单元中，也可以是各个单元单独物理存在，也可以两个或两个以上单元集成在一个单元中。In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.

所述功能如果以软件功能单元的形式实现并作为独立的产品销售或使用时，可以存储在一个计算机可读取存储介质中。基于这样的理解，本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来，该计算机软件产品存储在一个存储介质中，包括若干指令用以使得一台计算机设备(可以是个人计算机，服务器，或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括：U盘、移动硬盘、只读存储器(ROM，Read-Only Memory)、随机存取存储器(RAM，Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。The functions may be stored in a computer readable storage medium if implemented in the form of a software functional unit and sold or used as a standalone product. Based on such understanding, the technical solution of the present application, which is essential or contributes to the prior art, or a part of the technical solution, may be embodied in the form of a software product, which is stored in a storage medium, including The instructions are used to cause a computer device (which may be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present application. The foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .

以上所述，仅为本申请的具体实施方式，但本申请的保护范围并不局限于此，任何熟悉本技术领域的技术人员在本申请揭露的技术范围内，可轻易想到变化或替换，都应涵盖在本申请的保护范围之内。因此，本申请的保护范围应以所述权利要求的保护范围为准。 The foregoing is only a specific embodiment of the present application, but the scope of protection of the present application is not limited thereto, and any person skilled in the art can easily think of changes or substitutions within the technical scope disclosed in the present application. It should be covered by the scope of protection of this application. Therefore, the scope of protection of the present application should be determined by the scope of the claims.

Claims

一种处理数据包的方法，其特征在于，所述方法应用于软件定义网络SDN中，所述SDN包括控制器、至少一个交换机和多个网络功能NF，所述方法由所述控制器执行，所述方法包括：A method for processing a data packet, the method being applied to a software defined network SDN, the SDN comprising a controller, at least one switch and a plurality of network functions NF, the method being performed by the controller The method includes:

确定需要将数据流从所述多个NF中的第一NF迁移至所述多个NF中的第二NF；Determining that a data stream needs to be migrated from a first one of the plurality of NFs to a second one of the plurality of NFs;

向所述第一NF发送第一指令，所述第一指令用于指示所述第一NF丢弃所述数据流中携带标签的数据包；Sending, to the first NF, a first instruction, where the first instruction is used to indicate that the first NF discards a data packet carrying a label in the data stream;

向所述第二NF发送第二指令，所述第二指令用于指示所述第二NF缓存所述数据包；Sending, to the second NF, a second instruction, where the second instruction is used to instruct the second NF to buffer the data packet;

向所述至少一个交换机中的第一交换机发送第一转发规则，所述第一转发规则用于指示所述第一交换机将所述数据流的数据包增加标签，并将所述携带标签的数据包发送给第一NF和第二NF，或与所述第一NF相连的交换机和与所述第二NF相连的交换机；Transmitting, to the first switch in the at least one switch, a first forwarding rule, where the first forwarding rule is used to instruct the first switch to add a label of the data packet of the data stream, and the data carrying the label Sending a packet to the first NF and the second NF, or a switch connected to the first NF and a switch connected to the second NF;

接收所述第一NF发送的响应消息，所述响应消息表示所述第一NF接收到所述携带标签的数据包；Receiving a response message sent by the first NF, where the response message indicates that the first NF receives the data packet carrying the label;

获取所述第一NF中的所述数据流的状态，并将所述数据流的状态复制到所述第二NF中；Obtaining a state of the data stream in the first NF, and copying a state of the data stream into the second NF;

向所述第一交换机发送第二转发规则，所述第二转发规则用于指示所述第一交换机将所述数据流的数据包仅发送给所述第二NF，或与所述第二NF相连的交换机。Sending, to the first switch, a second forwarding rule, where the second forwarding rule is used to instruct the first switch to send the data packet of the data stream only to the second NF, or to the second NF Connected switches.
根据权利要求1所述的方法，其特征在于，所述第一交换机为所述第一NF和所述第二NF的公共交换机，其中，所述第一转发规则用于指示所述第一交换机将所述携带标签的数据包发送给所述第一NF和所述第二NF，所述第二转发规则用于指示所述第一交换机将所述数据流的数据包仅发送给所述第二NF。The method according to claim 1, wherein the first switch is a public switch of the first NF and the second NF, wherein the first forwarding rule is used to indicate the first switch Transmitting the data packet carrying the label to the first NF and the second NF, where the second forwarding rule is used to instruct the first switch to send the data packet of the data stream only to the first Two NF.
根据权利要求1所述的方法，其特征在于，所述第一交换机的下一跳交换机包括第二交换机和第三交换机，所述第二交换机与所述第一NF相连，所述第三交换机与所述第二NF相连，其中，所述第一转发规则用于指示所述第一交换机将所述携带标签的数据包发送至所述第二交换机和所述第三交换机，所述第二转发规则用于指示所述第一交换机将所述数据流的数据包仅发送给所述第三交换机。The method according to claim 1, wherein the next hop switch of the first switch comprises a second switch and a third switch, and the second switch is connected to the first NF, the third switch Connected to the second NF, where the first forwarding rule is used to instruct the first switch to send the data packet carrying the label to the second switch and the third switch, the second Forwarding rules are used to indicate that the first switch will count the number of data streams The packet is only sent to the third switch.
根据权利要求3所述的方法，其特征在于，在向所述至少一个交换机中的第一交换机发送第一转发规则前，所述方法还包括：The method according to claim 3, wherein before the sending the first forwarding rule to the first switch in the at least one switch, the method further comprises:

向所述第三交换机发送第三转发规则，所述第三转发规则用于指示所述第三交换机将所述携带标签的数据包发送至所述第二NF。And sending, by the third switch, a third forwarding rule, where the third forwarding rule is used to instruct the third switch to send the data packet carrying the label to the second NF.
一种处理数据包的方法，其特征在于，所述方法应用于软件定义网络SDN中，所述SDN包括控制器、至少一个交换机和多个网络功能NF，所述方法由所述至少一个交换机中的第一交换机执行，所述方法包括：A method for processing a data packet, the method being applied to a software-defined network SDN, the SDN comprising a controller, at least one switch, and a plurality of network functions NF, wherein the method is performed by the at least one switch The first switch performs, and the method includes:

获取所述控制器发送的第一转发规则；Obtaining a first forwarding rule sent by the controller;

根据所述第一转发规则对数据流的数据包增加标签，并将所述携带标签的数据包发送给所述多个NF中的第一NF和第二NF，或与所述第一NF相连的交换机和与所述第二NF相连的交换机，所述数据流是所述控制器确定的需要从所述第一NF迁移至所述第二NF的数据流；And adding a label to the data packet of the data flow according to the first forwarding rule, and sending the data packet carrying the label to the first NF and the second NF of the plurality of NFs, or connected to the first NF And a switch connected to the second NF, the data stream being a data stream determined by the controller to be migrated from the first NF to the second NF;

获取所述控制器发送的第二转发规则；Obtaining a second forwarding rule sent by the controller;

根据所述第二转发规则将所述数据流的数据包仅发送给所述第二NF，或与所述第二NF相连的交换机。And transmitting, according to the second forwarding rule, the data packet of the data stream to the second NF, or a switch connected to the second NF.
根据权利要求5所述的方法，其特征在于，所述第一交换机为所述第一NF和所述第二NF的公共交换机；The method according to claim 5, wherein the first switch is a public switch of the first NF and the second NF;

其中，所述将所述携带标签的数据包发送给所述多个NF中的第一NF和第二NF，或与所述第一NF相连的交换机和与所述第二NF相连的交换机，包括：The data packet carrying the label is sent to the first NF and the second NF of the plurality of NFs, or the switch connected to the first NF and the switch connected to the second NF, include:

将所述携带标签的数据包发送给所述第一NF和所述第二NF；Transmitting the data packet carrying the label to the first NF and the second NF;

其中，所述根据所述第二转发规则将所述数据流的数据包仅发送给所述第二NF，或与所述第二NF相连的交换机，包括：The switch that sends the data packet of the data stream to the second NF or the switch connected to the second NF according to the second forwarding rule includes:

根据所述第二转发规则将所述数据流的数据包仅发送给所述第二NF。And transmitting the data packet of the data stream to the second NF according to the second forwarding rule.
根据权利要求5所述的方法，其特征在于，所述第一交换机的下一跳交换机包括第二交换机和第三交换机，所述第二交换机与所述第一NF相连，所述第三交换机与所述第二NF相连；The method according to claim 5, wherein the next hop switch of the first switch comprises a second switch and a third switch, and the second switch is connected to the first NF, the third switch Connected to the second NF;

其中，所述将所述携带标签的数据包发送给所述多个NF中的第一NF和第二NF，或与所述第一NF相连的交换机和与所述第二NF相连的交换机，包括： The data packet carrying the label is sent to the first NF and the second NF of the plurality of NFs, or the switch connected to the first NF and the switch connected to the second NF, Includes:

将所述数据包发送给所述第二交换机和所述第三交换机；Sending the data packet to the second switch and the third switch;

其中，所述根据所述第二转发规则将所述数据流的数据包仅发送给所述第二NF，或与所述第二NF相连的交换机，包括：The switch that sends the data packet of the data stream to the second NF or the switch connected to the second NF according to the second forwarding rule includes:

根据所述第二转发规则将所述数据流的数据包仅发送给所述第三交换机。And transmitting, according to the second forwarding rule, the data packet of the data stream to the third switch.
一种处理数据包的方法，其特征在于，所述方法应用于软件定义网络SDN中，所述SDN包括控制器、至少一个交换机和多个网络功能NF，所述方法由所述多个NF中的第一NF执行，所述方法包括：A method for processing a data packet, the method being applied to a software-defined network SDN, the SDN comprising a controller, at least one switch, and a plurality of network functions NF, wherein the method is performed by the plurality of NFs The first NF is executed, and the method includes:

获取所述控制器发送的第一指令，所述第一指令用于所述控制器指示所述第一NF丢弃携带标签的数据包；Obtaining a first instruction sent by the controller, where the first instruction is used by the controller to instruct the first NF to discard a data packet carrying a label;

获取所述多个交换机中与所述第一NF相连的交换机发送的所述携带标签的数据包；Obtaining the data packet carrying the label sent by the switch connected to the first NF among the multiple switches;

向所述控制器发送响应消息，所述响应消息表示接收到所述携带标签的数据包，以使所述控制器获取所述第一NF中的所述数据流的状态，并将所述数据流的状态复制到所述第二NF中；Sending a response message to the controller, the response message indicating that the data packet carrying the tag is received, so that the controller acquires a state of the data flow in the first NF, and the data is The state of the stream is copied to the second NF;

根据所述第一指令丢弃所述携带标签的数据包。And dropping the data packet carrying the label according to the first instruction.
根据权利要求8所述的方法，其特征在于，与所述第一NF相连的交换机为第一交换机，所述第一交换机为所述第一NF和所述第二NF的公共交换机；The method according to claim 8, wherein the switch connected to the first NF is a first switch, and the first switch is a public switch of the first NF and the second NF;

所述获取所述多个交换机中与所述第一NF相连的交换机发送的所述携带标签的数据包，包括：The acquiring the data packet of the label that is sent by the switch that is connected to the first NF in the multiple switches includes:

接收所述第一交换机发送的所述携带标签的数据包。Receiving the data packet carrying the label sent by the first switch.
根据权利要求8所述的方法，其特征在于，与所述第一NF相连的交换机为第二交换机，与所述第二NF相连的交换机为第三交换机，所述第二交换机与所述第三交换机的上一跳交换机为第一交换机；The method according to claim 8, wherein the switch connected to the first NF is a second switch, the switch connected to the second NF is a third switch, and the second switch and the second switch The last hop switch of the three switches is the first switch;

所述获取所述多个交换机中与所述第一NF相连的交换机发送的所述数据包，包括：The acquiring the data packet sent by the switch that is connected to the first NF in the multiple switches includes:

接收所述第二交换机发送的所述携带标签的数据包，其中，所述携带标签的数据包是所述第一交换机转发给所述第二交换机的。And receiving the data packet carrying the label sent by the second switch, where the data packet carrying the label is forwarded by the first switch to the second switch.
一种处理数据包的方法，其特征在于，所述方法应用于软件定义网络SDN中，所述SDN包括控制器、至少一个交换机和多个网络功能NF，所述方法由所述多个NF中的第二NF执行，所述方法包括：A method for processing a data packet, the method being applied to a software defined network SDN, the SDN comprising a controller, at least one switch, and a plurality of network functions NF, The method is performed by a second NF of the plurality of NFs, the method comprising:

获取所述控制器发送的第二指令，所述第二指令用于所述控制器指示所述第二NF缓存携带标签的数据包；Obtaining a second instruction sent by the controller, where the second instruction is used by the controller to instruct the second NF cache to carry a data packet of the label;

获取所述多个交换机中与所述第二NF相连的交换机发送的所述携带标签的数据包；Obtaining the data packet carrying the label sent by the switch connected to the second NF among the multiple switches;

根据所述第二指令缓存所述携带标签的数据包。And buffering the data packet carrying the label according to the second instruction.
根据权利要求11所述的方法，其特征在于，与所述第二NF相连的交换机为第一交换机，所述第一交换机为所述多个NF中的第一NF和所述第二NF的公共交换机；The method according to claim 11, wherein the switch connected to the second NF is a first switch, and the first switch is the first NF and the second NF of the plurality of NFs Public switch

所述获取所述多个交换机中与所述第二NF相连的交换机发送的所述携带标签的数据包，包括：And acquiring the data packet carrying the label sent by the switch that is connected to the second NF in the multiple switches, including:

接收所述第一交换机发送的所述携带标签的数据包。Receiving the data packet carrying the label sent by the first switch.
根据权利要求11所述的方法，其特征在于，与所述第二NF相连的交换机为第三交换机，与所述第一NF相连的交换机为第二交换机，所述第二交换机与所述第三交换机的上一跳交换机为第一交换机；The method according to claim 11, wherein the switch connected to the second NF is a third switch, the switch connected to the first NF is a second switch, and the second switch and the second switch The last hop switch of the three switches is the first switch;

所述获取所述多个交换机中与所述第二NF相连的交换机发送的所述数据包，包括：And obtaining the data packet sent by the switch that is connected to the second NF in the multiple switches, including:

接收所述第三交换机发送的所述携带标签的数据包，其中，所述携带标签的数据包是所述第一交换机转发给所述第三交换机的。And receiving the data packet carrying the label sent by the third switch, where the data packet carrying the label is forwarded by the first switch to the third switch.
一种软件定义网络SDN中的控制器，其特征在于，所述SDN包括至少一个交换机和多个网络功能NF，所述控制器包括：A controller in a software-defined network SDN, characterized in that the SDN comprises at least one switch and a plurality of network functions NF, the controller comprising:

确定模块，用于确定需要将数据流从所述多个NF中的第一NF迁移至所述多个NF中的第二NF；a determining module, configured to determine that a data flow needs to be migrated from a first one of the plurality of NFs to a second one of the plurality of NFs;

发送模块，用于向所述第一NF发送第一指令，所述第一指令用于指示所述第一NF丢弃所述数据流中携带标签的数据包；a sending module, configured to send a first instruction to the first NF, where the first instruction is used to indicate that the first NF discards a data packet carrying a label in the data stream;

所述发送模块，还用于向所述第二NF发送第二指令，所述第二指令用于指示所述第二NF缓存所述数据包；The sending module is further configured to send a second instruction to the second NF, where the second instruction is used to instruct the second NF to cache the data packet;

所述发送模块，还用于向所述至少一个交换机中的第一交换机发送第一转发规则，所述第一转发规则用于指示所述第一交换机将所述数据流的数据包增加标签，并将所述携带标签的数据包发送给第一NF和第二NF，或与所述第一NF相连的交换机和与所述第二NF相连的交换机； The sending module is further configured to send a first forwarding rule to the first switch in the at least one switch, where the first forwarding rule is used to instruct the first switch to add a label to the data packet of the data stream, And sending the data packet carrying the label to the first NF and the second NF, or a switch connected to the first NF and a switch connected to the second NF;

接收模块，用于接收所述第一NF发送的响应消息，所述响应消息表示所述第一NF接收到所述携带标签的数据包；a receiving module, configured to receive a response message sent by the first NF, where the response message indicates that the first NF receives the data packet carrying the label;

获取模块，用于获取所述第一NF中的所述数据流的状态，并将所述数据流的状态复制到所述第二NF中；An acquiring module, configured to acquire a state of the data stream in the first NF, and copy a state of the data stream into the second NF;

所述发送模块，还用于向所述第一交换机发送第二转发规则，所述第二转发规则用于指示所述第一交换机将所述数据流的数据包仅发送给所述第二NF，或与所述第二NF相连的交换机。The sending module is further configured to send a second forwarding rule to the first switch, where the second forwarding rule is used to instruct the first switch to send the data packet of the data stream only to the second NF Or a switch connected to the second NF.
根据权利要求14所述的控制器，其特征在于，所述第一交换机为所述第一NF和所述第二NF的公共交换机，其中，所述第一转发规则用于指示所述第一交换机将所述携带标签的数据包发送给所述第一NF和所述第二NF，所述第二转发规则用于指示所述第一交换机将所述数据流的数据包仅发送给所述第二NF。The controller according to claim 14, wherein the first switch is a public switch of the first NF and the second NF, wherein the first forwarding rule is used to indicate the first The switch sends the data packet carrying the label to the first NF and the second NF, where the second forwarding rule is used to instruct the first switch to send the data packet of the data stream only to the Second NF.
根据权利要求14所述的控制器，其特征在于，所述第一交换机的下一跳交换机包括第二交换机和第三交换机，所述第二交换机与所述第一NF相连，所述第三交换机与所述第二NF相连，其中，所述第一转发规则用于指示所述第一交换机将所述携带标签的数据包发送至所述第二交换机和所述第三交换机，所述第二转发规则用于指示所述第一交换机将所述数据流的数据包仅发送给所述第三交换机。The controller according to claim 14, wherein the next hop switch of the first switch comprises a second switch and a third switch, and the second switch is connected to the first NF, the third The switch is connected to the second NF, where the first forwarding rule is used to instruct the first switch to send the data packet carrying the label to the second switch and the third switch, where The second forwarding rule is configured to instruct the first switch to send the data packet of the data flow only to the third switch.
根据权利要求16所述的控制器，其特征在于，所述发送模块还用于：The controller according to claim 16, wherein the sending module is further configured to:

在向所述至少一个交换机中的第一交换机发送第一转发规则前，向所述第三交换机发送第三转发规则，所述第三转发规则用于指示所述第三交换机将所述携带标签的数据包发送至所述第二NF。Before sending the first forwarding rule to the first switch in the at least one switch, sending a third forwarding rule to the third switch, where the third forwarding rule is used to instruct the third switch to carry the label The data packet is sent to the second NF.
一种软件定义网络SDN中的交换机，所述SDN包括控制器、至少一个交换机和多个网络功能NF，所述交换机包括：A switch in a software-defined network SDN, the SDN comprising a controller, at least one switch, and a plurality of network functions NF, the switch comprising:

获取模块，用于获取所述控制器发送的第一转发规则；An obtaining module, configured to acquire a first forwarding rule sent by the controller;

处理模块，用于根据所述获取模块获取的所述第一转发规则对数据流的数据包增加标签，并将所述携带标签的数据包发送给所述多个NF中的第一NF和第二NF，或与所述第一NF相连的交换机和与所述第二NF相连的交换机，所述数据流是所述控制器确定的需要从所述第一NF迁移至所述第二NF的数据流； a processing module, configured to add a label to the data packet of the data stream according to the first forwarding rule acquired by the acquiring module, and send the data packet carrying the label to the first NF and the first of the plurality of NFs a second NF, or a switch connected to the first NF and a switch connected to the second NF, the data stream being determined by the controller to be migrated from the first NF to the second NF data flow;

所述获取模块，还用于获取所述控制器发送的第二转发规则；The obtaining module is further configured to acquire a second forwarding rule sent by the controller;

所述处理模块，还用于根据所述获取模块获取的所述第二转发规则将所述数据流的数据包仅发送给所述第二NF，或与所述第二NF相连的交换机。The processing module is further configured to send, according to the second forwarding rule acquired by the acquiring module, the data packet of the data stream to the second NF or a switch connected to the second NF.
根据权利要求18所述的交换机，其特征在于，所述交换机为所述第一NF和所述第二NF的公共交换机；The switch according to claim 18, wherein said switch is a public switch of said first NF and said second NF;

其中，所述处理模块具体用于：The processing module is specifically configured to:

将所述携带标签的数据包发送给所述第一NF和所述第二NF；Transmitting the data packet carrying the label to the first NF and the second NF;

其中，所述处理模块具体用于：The processing module is specifically configured to:

根据所述第二转发规则将所述数据流的数据包仅发送给所述第二NF。And transmitting the data packet of the data stream to the second NF according to the second forwarding rule.
根据权利要求18所述的交换机，其特征在于，所述交换机的下一跳交换机包括第二交换机和第三交换机，所述第二交换机与所述第一NF相连，所述第三交换机与所述第二NF相连；The switch according to claim 18, wherein the next hop switch of the switch comprises a second switch and a third switch, the second switch is connected to the first NF, and the third switch is Said second NF connected;

其中，所述处理模块具体用于：The processing module is specifically configured to:

将所述数据包发送给所述第二交换机和所述第三交换机；Sending the data packet to the second switch and the third switch;

其中，所述处理模块具体用于：The processing module is specifically configured to:

根据所述第二转发规则将所述数据流的数据包仅发送给所述第三交换机。And transmitting, according to the second forwarding rule, the data packet of the data stream to the third switch.
一种软件定义网络SDN中的网络功能实体，其特征在于，所述SDN包括控制器、至少一个交换机和多个网络功能NF，所述网络功能实体包括：A network function entity in a software-defined network SDN, characterized in that the SDN comprises a controller, at least one switch and a plurality of network functions NF, the network function entity comprising:

获取模块，用于获取所述控制器发送的第一指令，所述第一指令用于所述控制器指示所述NF丢弃携带标签的数据包；An acquiring module, configured to acquire a first instruction sent by the controller, where the first instruction is used by the controller to instruct the NF to discard a data packet carrying a label;

所述获取模块，还用于获取所述多个交换机中与所述第一NF相连的交换机发送的所述携带标签的数据包；The acquiring module is further configured to acquire the data packet carrying the label sent by the switch connected to the first NF among the multiple switches;

发送模块，用于向所述控制器发送响应消息，所述响应消息表示接收到所述携带标签的数据包，以使所述控制器获取所述NF中的所述数据流的状态，并将所述数据流的状态复制到所述多个NF中的第二NF；a sending module, configured to send a response message to the controller, where the response message indicates that the data packet carrying the tag is received, so that the controller acquires a state of the data flow in the NF, and Copying a state of the data stream to a second NF of the plurality of NFs;

处理模块，用于根据所述获取模块获取的所述第一指令丢弃所述携带标签的数据包。And a processing module, configured to discard the data packet carrying the label according to the first instruction acquired by the acquiring module.
根据权利要求21所述的网络功能实体，其特征在于，与所述NF相连的交换机为第一交换机，所述第一交换机为所述NF和所述第二NF的公共交换机； The network function entity according to claim 21, wherein the switch connected to the NF is a first switch, and the first switch is a public switch of the NF and the second NF;

所述获取模块具体用于：The obtaining module is specifically configured to:

接收所述第一交换机发送的所述携带标签的数据包。Receiving the data packet carrying the label sent by the first switch.
根据权利要求21所述的网络功能实体，其特征在于，与所述NF相连的交换机为第二交换机，与所述第二NF相连的交换机为第三交换机，所述第二交换机与所述第三交换机的上一跳交换机为第一交换机；The network function entity according to claim 21, wherein the switch connected to the NF is a second switch, the switch connected to the second NF is a third switch, and the second switch and the second switch The last hop switch of the three switches is the first switch;

所述获取模块具体用于：The obtaining module is specifically configured to:

接收所述第二交换机发送的所述携带标签的数据包，其中，所述携带标签的数据包是所述第一交换机转发给所述第二交换机的。And receiving the data packet carrying the label sent by the second switch, where the data packet carrying the label is forwarded by the first switch to the second switch.
一种软件定义网络SDN中的网络功能实体，其特征在于，所述SDN包括控制器、至少一个交换机和多个网络功能NF，所述网络功能实体包括：A network function entity in a software-defined network SDN, characterized in that the SDN comprises a controller, at least one switch and a plurality of network functions NF, the network function entity comprising:

获取模块，用于获取所述控制器发送的第二指令，所述第二指令用于所述控制器指示所述NF缓存携带标签的数据包；An acquiring module, configured to acquire a second instruction sent by the controller, where the second instruction is used by the controller to instruct the NF cache to carry a data packet of the tag;

所述获取模块，还用于获取所述多个交换机中与所述第二NF相连的交换机发送的所述携带标签的数据包；The acquiring module is further configured to acquire the data packet carrying the label sent by the switch connected to the second NF among the multiple switches;

处理模块，用于根据所述获取模块获取的所述第二指令缓存所述携带标签的数据包。And a processing module, configured to cache the data packet carrying the label according to the second instruction acquired by the acquiring module.
根据权利要求24所述的网络功能实体，其特征在于，与所述NF相连的交换机为第一交换机，所述第一交换机为所述多个NF中的第一NF和所述NF的公共交换机；The network function entity according to claim 24, wherein the switch connected to the NF is a first switch, and the first switch is a first NF of the plurality of NFs and a public switch of the NF ;

所述获取模块具体用于：The obtaining module is specifically configured to:

接收所述第一交换机发送的所述携带标签的数据包。Receiving the data packet carrying the label sent by the first switch.
根据权利要求24所述的网络功能实体，其特征在于，与所述NF相连的交换机为第三交换机，与所述第一NF相连的交换机为第二交换机，所述第二交换机与所述第三交换机的上一跳交换机为第一交换机；The network function entity according to claim 24, wherein the switch connected to the NF is a third switch, the switch connected to the first NF is a second switch, and the second switch and the second switch The last hop switch of the three switches is the first switch;

所述获取模块具体用于：The obtaining module is specifically configured to:

接收所述第三交换机发送的所述携带标签的数据包，其中，所述携带标签的数据包是所述第一交换机转发给所述第三交换机的。 And receiving the data packet carrying the label sent by the third switch, where the data packet carrying the label is forwarded by the first switch to the third switch.