CN106878194B

CN106878194B - Message processing method and device

Info

Publication number: CN106878194B
Application number: CN201611260096.0A
Authority: CN
Inventors: 樊超; 王海
Original assignee: New H3C Technologies Co Ltd
Current assignee: New H3C Technologies Co Ltd
Priority date: 2016-12-30
Filing date: 2016-12-30
Publication date: 2020-01-03
Anticipated expiration: 2036-12-30
Also published as: CN106878194A

Abstract

The application provides a message processing method and a device, and the method comprises the following steps: issuing a control strategy to the load balancing equipment; receiving a first type of message sent by access equipment; determining the first type of message as a message processed by a service chain or a message not processed by the service chain according to the control strategy; if the message is a message processed by a service chain, generating a first flow table and a second flow table, and issuing the first flow table and the second flow table to the access equipment; the first flow table is used for enabling the access device to send the first type of message to the server, the second flow table is used for enabling the access device to perform tunnel encapsulation for a first response message corresponding to the first type of message and send the first response message to the load balancing device, and a tunnel head of the first response message comprises a service chain identifier. By the technical scheme, the address translation function and the service chain function can be simultaneously supported in the load balancing network, the application range of the load balancing network is widened, and the user experience is improved.

Description

Message processing method and device

Technical Field

The present application relates to the field of communications technologies, and in particular, to a method and an apparatus for processing a packet.

Background

As shown in fig. 1, a schematic networking diagram of load balancing, a load balancing network includes a load balancing device and a plurality of servers, where the servers have the same configuration and are used to implement the same Service function, and the servers provide a VSIP (Virtual Service IP) to the outside, and the Virtual Service IP can be used as an IP address of the load balancing device. After receiving the data packet with the destination IP address of the virtual service IP, the load balancing device may select one server (e.g., server 1) from the servers, modify the destination IP address of the data packet into the real IP address of the server 1, forward the modified data packet to the server 1, and perform service processing by the server 1 to implement load balancing.

In order to find out a failed server and a failed link in time, the load balancing device may periodically send a health monitoring packet to each server (taking the server 1 as an example), where a source IP address of the health monitoring packet is the virtual service IP, and a destination IP address is a real IP address of the server 1. After receiving the health monitoring message, the server 1 returns a response message, and the load balancing device analyzes whether a fault occurs according to the response message.

Service Chain (Service Chain) is widely used as a forwarding technology for guiding data packets to sequentially pass through Service nodes (Service nodes). In a conventional manner, in order to implement a service chain function, a correspondence relationship between a message characteristic (typically, a source IP address + a destination IP address, such as an IP address of a host + an IP address of a server) and a service chain identifier may be configured on a controller. Based on this, after receiving the response message sent by the access device, the controller may query the service chain identifier and issue the flow table including the service chain identifier to the access device, so that the access device performs encapsulation processing by using the service chain identifier, because the source IP address of the response message is the IP address of the server 1 and the destination IP address is the IP address of the host. In addition, for the response message of the health monitoring message, after receiving the response message sent by the access device, the controller does not query the service chain identifier because the source IP address of the response message is the IP address of the server 1 and the destination IP address is the IP address of the load balancing device, and issues the flow table without the service chain identifier to the access device, so that the access device performs the ordinary encapsulation processing.

However, in an application scenario, after receiving the data packet whose destination IP address is the virtual service IP, the load balancing device modifies the destination IP address of the data packet into the real IP address of the server 1, and also modifies the source IP address of the data packet into the virtual service IP. Based on the application scenario, if the controller configures a corresponding relationship between the IP address of the host, the IP address of the server, and the service chain identifier, since the destination IP of the response packet of the data packet is a virtual service IP, instead of the IP address of the host, the service chain identifier corresponding to the response packet cannot be queried, and then the service chain processing cannot be performed on the response packet.

Disclosure of Invention

The application provides a message processing method, which is applied to a controller and comprises the following steps:

issuing a control strategy to load balancing equipment, wherein the control strategy is used for enabling the load balancing equipment to perform specified processing on messages which are processed by a service chain and/or messages which are not processed by the service chain, and the load balancing equipment has an address translation function;

receiving a first type of message sent by access equipment, wherein the first type of message is a message processed by load balancing equipment according to a control strategy, and the source address of the first type of message is the address of the load balancing equipment and the destination address is the address of a server connected with the access equipment;

determining the first type of message as a message processed by a service chain or a message not processed by the service chain according to the control strategy;

if the first type of message is a message processed by a service chain, generating a first flow table and a second flow table, and issuing the first flow table and the second flow table to the access equipment;

the first flow table is used for enabling the access device to send a first type of message to the server, the second flow table is used for enabling the access device to perform tunnel encapsulation for a first response message corresponding to the first type of message and send the first response message to the load balancing device, and a tunnel header of the first response message comprises a service chain identifier.

The application provides a message processing device, is applied to the controller, the device includes:

the system comprises a sending module, a load balancing device and a processing module, wherein the sending module is used for sending a control strategy to the load balancing device, the control strategy is used for enabling the load balancing device to perform specified processing on a message which is processed by a service chain and/or a message which is not processed by the service chain, and the load balancing device has an address conversion function;

the receiving module is used for receiving a first type of message sent by access equipment, wherein the first type of message is a message processed by load balancing equipment according to a control strategy, the source address of the first type of message is the address of the load balancing equipment, and the destination address of the first type of message is the address of a server connected with the access equipment;

the determining module is used for determining the first type of message as a message processed by a service chain or a message not processed by the service chain according to the control strategy;

the generating module is used for generating a first flow table and a second flow table when the first type of message is a message which is processed by a service chain; the first flow table is used for enabling the access device to send a first type of message to the server, the second flow table is used for enabling the access device to perform tunnel encapsulation on a first response message corresponding to the first type of message and send the first response message to the load balancing device, and a tunnel head of the first response message comprises a service chain identifier;

the sending module is further configured to send the first flow table and the second flow table to the access device.

Based on the above technical solution, in this application embodiment, if the load balancing device receives a data packet whose destination IP address is a virtual service IP, the load balancing device modifies the destination IP address of the data packet to be the IP address of the server, and also modifies the source IP address of the data packet to be the virtual service IP, in such an application scenario, although the address information of the response packet of the data packet is the same as the address information of the response packet of the health monitoring packet, the load balancing device issues a control policy to perform specified processing on a packet (e.g., a data packet) that has been processed by the service chain and/or a packet (e.g., a health monitoring packet) that has not been processed by the service chain, so that the controller can distinguish that the first packet is a data packet that has been processed by the service chain after receiving the first packet sent by the access device, or a health monitoring message that is not processed by the service chain. For a data packet that has been processed by a service chain, a flow table (i.e., a second flow table) including a service chain identifier may be generated for a response packet of the data packet and sent to the access device, so that the access device performs tunnel encapsulation on the response packet, and a tunnel header after encapsulation includes the service chain identifier, thereby implementing service chain processing on the response packet. In summary, the load balancing network can simultaneously support an address translation function (for example, modifying a destination IP address to an IP address of a server and modifying a source IP address to a virtual service IP) and a service chain function, thereby improving the use range of the load balancing network and improving the use experience of a user.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments of the present application or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and other drawings can be obtained by those skilled in the art according to the drawings of the embodiments of the present application.

FIG. 1 is a schematic diagram of a load-balanced networking;

fig. 2 is a flowchart of a message processing method according to an embodiment of the present application;

FIG. 3 is a schematic diagram of an application scenario in an embodiment of the present application;

FIG. 4 is a hardware block diagram of a controller in one embodiment of the present application;

fig. 5 is a block diagram of a message processing apparatus according to an embodiment of the present application.

Detailed Description

The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this application and the claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein is meant to encompass any and all possible combinations of one or more of the associated listed items.

It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present application. Depending on the context, moreover, the word "if" as used may be interpreted as "at … …" or "when … …" or "in response to a determination".

The embodiment of the present application provides a message processing method, which may be applied to a Network (e.g., a load balancing Network) including a controller (e.g., an SDN (Software Defined Network) controller), a load balancing device, an access device, and at least two servers.

In one example, an access device (e.g., a switch, etc.) is connected to each server individually. In an application scenario, a plurality of servers and access devices may be deployed on one physical device, where a server is a virtual machine on the physical device, and an access device is an OVS (open vswitch) on the physical device. In another application scenario, multiple servers and access devices may be deployed on different physical devices, for example, each server is a physical device, and an access device is another physical device.

In the above application scenario, referring to fig. 2, a flowchart of a message processing method provided in the embodiment of the present application is shown, where the method may be applied to a controller, and the method may include the following steps:

step 201, a control policy is issued to the load balancing device, where the control policy is used to enable the load balancing device to perform specified processing on a message that has been processed by a service chain and/or a message that has not been processed by the service chain.

The load balancing device has an address translation function, for example, for a received data packet, a source IP address of the data packet is translated into a virtual service IP, a destination IP address of the data packet is translated into an IP address of a server, and the translation process will be described in detail in the following process.

Wherein, the message processed by the service chain means: the packet that has been processed by the service node, for example, for a data packet sent by the host to the server, the data packet may be processed by the service node before reaching the load balancing device, and when reaching the load balancing device, the data packet is the packet that has been processed by the service node, and may be referred to as a packet that has been processed by the service chain.

The message not processed by the service chain means: for example, for a health monitoring message generated by the load balancing device, the health monitoring message is not processed by the service node, and therefore, the health monitoring message may be referred to as a message that is not processed by the service chain.

In one example, the control policy is to add a first identifier to a packet that has been processed by a service chain, and the control policy includes specified address information. Or, the control policy is to add a second identifier to the packet that is not processed by the service chain, and the control policy does not include the specified address information. Or, the control policy is to add a second identifier to the packet that is not processed by the service chain, and the control policy includes the specified address information. Or, the control policy specifically includes adding a third identifier to a packet that has been processed by the service chain, and adding a fourth identifier to a packet that has not been processed by the service chain, and the control policy does not include the specified address information. Or, the control policy specifically includes adding a third identifier to a packet that has been processed by the service chain, and adding a fourth identifier to a packet that has not been processed by the service chain, and the control policy includes specified address information.

The specific address information may include a source IP address and a destination IP address, where the source IP address may be a virtual service IP (i.e., the VSIP described above), and the destination IP address may be an IP address of the server.

Step 202, receiving a first type of message sent by the access device, where the first type of message is a message processed by the load balancing device according to the control policy, and a source address of the first type of message is an address of the load balancing device, and a destination address of the first type of message is an address of a server connected to the access device.

In an example, the load balancing device may perform specified processing on the first type of packet by using a control policy (the specific processing process is described in subsequent steps), and send the processed first type of packet to the access device. After receiving the first type of message, if a flow table matched with the first type of message is not queried, the access device sends the first type of message to the controller, and the controller receives the first type of message.

Step 203, determining the first type of packet as a packet processed by the service chain or a packet not processed by the service chain according to the control policy. If the message is a message that has been processed by the service chain, step 204 is executed.

For the process of determining the first type of packet as a packet processed by the service chain or a packet not processed by the service chain according to the control policy, the following methods may be included, but are not limited to:

in a first mode, the control policy is specifically to add a first identifier to a packet that has been processed by a service chain, and the control policy includes specified address information. In this way, for a first type of packet whose source IP address is a virtual service IP and whose destination IP address is an IP address of a server, if the first type of packet is a packet (e.g., a health monitoring packet) generated by the load balancing device itself, the load balancing device does not add the first identifier to the first type of packet, and sends the first type of packet to the access device. If the first type of message is not a message generated by the load balancing device (e.g., a data message sent by the host to the server through the load balancing device), the load balancing device adds a first identifier to the first type of message and sends the first type of message to the access device.

In this way, after receiving the first type of packet, the controller first parses the address information from the first type of packet, and if the parsed address information is the same as the specified address information included in the control policy, the controller may determine, based on the control policy, that the first type of packet is a packet that has been processed by the service chain or a packet that has not been processed by the service chain. Otherwise, a flow table matched with the first type of message can be generated in a traditional mode.

For the process of determining that the first type of packet is a packet processed by a service chain or a packet not processed by the service chain based on the control policy, when the first type of packet carries the first identifier, it may be determined that the first type of packet is a packet processed by the service chain; when the first type of packet does not carry the first identifier, it may be determined that the first type of packet is a packet that is not processed by the service chain.

And the second mode is that the control strategy specifically adds a second identifier to the message which is not processed by the service chain, and the control strategy does not include the designated address information. In this way, for the first type of message generated by the load balancing device, the load balancing device adds a second identifier in the first type of message and sends the first type of message to the access device; and for the first type of message which is not generated by the load balancing equipment, the load balancing equipment does not add the second identifier in the first type of message, and sends the first type of message to the access equipment.

In this way, after receiving the first type of packet, when the first type of packet carries the second identifier, the controller may determine that the first type of packet is a packet that is not processed by the service chain; when the first type of packet does not carry the second identifier, it may be determined that the first type of packet is a packet that has been processed by the service chain.

And a third mode, adding a second identifier to the message which is not processed by the service chain by the control strategy, wherein the control strategy comprises the appointed address information. In this way, for a first type of packet whose source IP address is a virtual service IP and whose destination IP address is an IP address of a server, if the first type of packet is a packet generated by the load balancing device itself, the load balancing device adds a second identifier to the first type of packet, and sends the first type of packet to the access device. If the first type of message is not a message generated by the load balancing device, the load balancing device does not add the second identifier in the first type of message, and sends the first type of message to the access device.

For the process of determining that the first type of packet is a packet already processed by the service chain or a packet not processed by the service chain based on the control policy, when the first type of packet carries the second identifier, it may be determined that the first type of packet is a packet not processed by the service chain; when the first type of packet does not carry the second identifier, it may be determined that the first type of packet is a packet that has been processed by the service chain.

And the control strategy is specifically to add a third identifier to the message which is processed by the service chain and add a fourth identifier to the message which is not processed by the service chain, and the control strategy does not include the specified address information.

In this way, for the first type of packet generated by the load balancing device itself, the load balancing device may add the fourth identifier to the first type of packet, and send the first type of packet to the access device; for the first type of packet that is not generated by the load balancing device itself, the load balancing device may add the third identifier to the first type of packet, and send the first type of packet to the access device.

In this way, after receiving the first type of packet, when the first type of packet carries the fourth identifier, the controller may determine that the first type of packet is a packet that is not processed by the service chain; when the first type of packet carries the third identifier, it may be determined that the first type of packet is a packet that has been processed by the service chain.

And a fifth mode, wherein the control policy specifically adds a third identifier to the message which has been processed by the service chain, and adds a fourth identifier to the message which has not been processed by the service chain, and the control policy includes the designated address information.

In this way, for the first type of packet whose source IP address is a virtual service IP and whose destination IP address is an IP address of the server, if the first type of packet is a packet generated by the load balancing device itself, the load balancing device may add the fourth identifier to the first type of packet, and send the first type of packet to the access device. If the first type of packet is not a packet generated by the load balancing device itself, the load balancing device may add a third identifier to the first type of packet, and send the first type of packet to the access device.

For the process of determining, based on the control policy, that the first type of packet is a packet that has been processed by the service chain or a packet that has not been processed by the service chain, when the first type of packet carries the fourth identifier, it may be determined that the first type of packet is a packet that has not been processed by the service chain; when the first type of packet carries the third identifier, it may be determined that the first type of packet is a packet that has been processed by the service chain.

For the above manner, the control policy is specifically to add a first identifier to a TOS (Type of Service) field of the packet that has been processed by the Service chain, and based on this, the controller determines whether the first Type of packet carries the first identifier by analyzing the TOS field of the first Type of packet. Or, the control policy is specifically to add a second identifier to a TOS field of a packet that is not processed by the service chain, and based on this, the controller determines whether the first type of packet carries the second identifier by analyzing the TOS field of the first type of packet. Or, the control policy specifically includes adding a third identifier to a TOS field of a packet that has been processed by the service chain, and adding a fourth identifier to a TOS field of a packet that has not been processed by the service chain, based on which the controller determines whether the first type of packet carries the third identifier or the fourth identifier by analyzing the TOS field of the first type of packet.

Step 204, generating a first flow table and a second flow table, and issuing the first flow table and the second flow table to the access device. The first flow table is used for enabling the access device to send the first type of message to the server, the second flow table is used for enabling the access device to perform tunnel encapsulation for a first response message corresponding to the first type of message and send the first response message to the load balancing device, and a tunnel head of the first response message comprises a service chain identifier.

In an example, after step 203, if the first type of packet is a packet that is not processed by the service chain, a third flow table and a fourth flow table are generated, and the third flow table and the fourth flow table are issued to the access device; the third flow table is used for enabling the access device to send the first type of message to the server, the fourth flow table is used for enabling the access device to perform tunnel encapsulation on a second response message corresponding to the first type of message and send the second response message to the load balancing device, and a tunnel head of the second response message does not include a service chain identifier.

In an example, for a process of "generating a first flow table and a second flow table, and issuing the first flow table and the second flow table to an access device", the controller may generate the first flow table and the second flow table, and issue the first flow table and the second flow table to the access device when receiving the first type of packet. Or, the controller may generate only the first flow table when receiving the first type of packet, and issue the first flow table to the access device; and then, when the access device receives a response message of the first type of message, if no matched flow table exists, the response message is sent to the controller, the controller generates a flow table corresponding to the response message, the flow table is the second flow table, and the second flow table is issued to the access device.

The controller can also generate a fifth flow table according to the control strategy and send the fifth flow table to the access equipment; the fifth flow table is used for enabling the access device to send a message which is not processed by the service chain, and has a source address which is the address of the load balancing device and a destination address which is the address of the server connected with the access device to the controller.

After receiving the first type of message from the load balancing device, the access device may determine, in the first manner, that the first type of message that does not carry the first identifier is a message that is not processed by the service chain, and send the message to the controller. For the second and third modes, the access device may determine the first type of packet carrying the second identifier as a packet that is not processed by the service chain, and send the packet to the controller. For the above-mentioned fourth and fifth modes, the access device may determine the first type of packet carrying the fourth identifier as a packet that is not processed by the service chain, and send the packet to the controller.

In one example, the priority of the fifth flow table may be higher than the priority of the first flow table; and the priority of the fifth flow table may be lower than the priority of the third flow table. Based on this, the access device may first determine whether the packet matches the third flow table, if so, perform processing based on the third flow table, if not, determine whether the packet matches the fifth flow table, if so, perform processing based on the fifth flow table, if not, determine whether the packet matches the first flow table, and if so, perform processing based on the first flow table.

In one example, the matching option of the first flow table may include: the source IP address is the source IP address of the first type of message, and the destination IP address is the destination IP address of the first type of message; the action options may include: and sending a message matched with the matching option of the first flow chart through an interface associated with the server. The matching options of the second flow table may include: the source IP address is the destination IP address of the first type of message, and the destination IP address is the source IP address of the first type of message; the action options may include: and encapsulating the service chain identifier in the message matched with the matching option of the second flow table, and sending the message encapsulated with the service chain identifier through an interface associated with the load balancing equipment. Wherein the fourth flow table has a higher priority than the second flow table. The matching option of the third flow table may include: the source IP address is the source IP address of the first type of message, and the destination IP address is the destination IP address of the first type of message; the action options may include: and sending a message matched with the matching option of the third flow table through an interface associated with the server. The matching option of the fourth flow table may include: the source IP address is a destination IP address of the first type of message, the destination IP address is a source IP address of the first type of message, the source port is a destination port of the first type of message, and the destination port is a source port of the first type of message; the action options may include: and sending the message matched with the matching option of the fourth flow table through an interface associated with the load balancing equipment.

In another example, the matching option of the third flow table may further include: the source port is a source port of the first type of message, and the destination port is a destination port of the first type of message.

Based on the above technical solution, in this application embodiment, if the load balancing device receives a data packet whose destination IP address is a virtual service IP, the destination IP address of the data packet is modified to be the IP address of the server, and the source IP address of the data packet is also modified to be the virtual service IP, in such an application scenario, the controller may configure the corresponding relationship between the virtual service IP, the IP address of the server, and the service chain identifier, so that since the destination IP address of the response packet of the data packet is the virtual service IP and the source IP address is the IP address of the server, the service chain identifier corresponding to the response packet may be queried, and then the response packet is subjected to service chain processing. Moreover, although the address information of the response packet of the data packet is the same as the address information of the response packet of the health monitoring packet, the load balancing device assigns a control policy to the load balancing device so that the load balancing device performs specified processing on a packet (such as a data packet) that has been processed by the service chain and/or a packet (such as a health monitoring packet) that has not been processed by the service chain, so that after receiving the first type of packet sent by the access device, the controller can distinguish whether the first type of packet is a data packet that has been processed by the service chain or a health monitoring packet that has not been processed by the service chain. For the data packet processed by the service chain, a flow table including the service chain identifier may be generated for the response packet of the data packet and sent to the access device, so that the access device encapsulates the service chain identifier for the response packet of the data packet, thereby implementing the service chain processing of the response packet. For the health monitoring message which is not processed by the service chain, a flow table which does not include the service chain identifier can be generated for the response message of the health monitoring message and issued to the access device, so that the access device does not encapsulate the service chain identifier for the response message of the health monitoring message, and the service chain processing of the response message is avoided. In summary, the load balancing network can simultaneously support an address translation function (for example, modifying a destination IP address to an IP address of a server and modifying a source IP address to a virtual service IP) and a service chain function, thereby improving the use range of the load balancing network and improving the use experience of a user.

In an example, a message that has not been processed by the service chain is taken as a health monitoring message, and a message that has been processed by the service chain is taken as a data message, which illustrates a message processing process in the embodiment of the present application.

In this embodiment, the above-mentioned method two is taken as an example to describe, that is, the control policy is specifically to add a second identifier to the health monitoring packet. And the source IP address of the health monitoring message is the same as the source IP address of the data message, and the destination IP address of the health monitoring message is the same as the destination IP address of the data message.

In the first case, the load balancing device sends the health monitoring message first and then sends the data message.

After the load balancing device generates the health monitoring message, for the health monitoring message generated by the load balancing device, a second identifier is added to the health monitoring message, and the health monitoring message is sent to the access device. After receiving the health monitoring message, the access device sends the health monitoring message to the controller because the health monitoring message can be matched with the fifth flow table. After receiving the health monitoring message, the controller determines that the health monitoring message is a message which is not processed by the service chain because the health monitoring message carries the second identifier, generates a third flow table and a fourth flow table, and issues the third flow table and the fourth flow table to the access device. The access device may forward the health monitoring packet sent by the load balancing device to the server based on the third flow table, and details of the forwarding process are not further described; the access device may forward the response packet of the health monitoring packet sent by the server to the load balancing device based on the fourth flow table, which is not described in detail again for this forwarding process.

After receiving the data packet, the load balancing device modifies the data packet, for example, modifies the source IP address of the data packet into a virtual service IP (the source IP address is the same as the source IP address of the health monitoring packet), and modifies the destination IP address of the data packet into the IP address of the server (the destination IP address is the same as the destination IP address of the health monitoring packet), and this modification process is explained in the following embodiments. And for the data message which is not generated by the load balancing equipment, the load balancing equipment does not add a second identifier in the data message and sends the data message to the access equipment.

After receiving the data packet, if the matching option of the third flow table only includes the source IP address and the destination IP address, the access device may send the data packet to the server based on the third flow table because the third flow table matching the data packet exists. After receiving a response packet (a response packet for the data packet) returned by the server, the access device sends the response packet to the controller because there is no flow table matching the response packet. And after receiving the response message, the controller generates a second flow table and sends the second flow table to the access equipment. In this case, the access device may forward the data packet sent by the load balancing device to the server based on the third flow table; the access device may forward a response packet of the data packet sent by the server to the load balancing device based on the second flow table.

After receiving the data packet, the access device sends the data packet to the controller if the matching option of the third flow table includes a source IP address, a destination IP address, a source port, and a destination port, because there is no flow table matching the data packet. After receiving the data message, the controller determines that the data message is a message processed by the service chain because the data message does not carry the second identifier, generates a first flow table and a second flow table, and issues the first flow table and the second flow table to the access device. Or, only the first flow list is generated and sent to the access device. The access device may forward the data packet sent by the load balancing device to the server based on the first flow table, and details of the forwarding process are not further described here. If the controller issues the second flow table to the access device, the access device may forward the response packet of the data packet sent by the server to the load balancing device based on the second flow table. And if the controller does not issue the second flow table to the access device, the access device sends a response message of the data message to the controller after receiving the response message sent by the server. And after receiving the response message, the controller generates a second flow table and sends the second flow table to the access equipment. The access device may forward the response message to the load balancing device based on the second flow table.

And in the second situation, the load balancing equipment firstly sends the data message and then sends the health monitoring message.

After receiving the data message, the load balancing device modifies the data message, for example, modifies the source IP address of the data message into a virtual service IP, and modifies the destination IP address of the data message into the IP address of the server, and the modification process is explained in the following embodiments. And for the data message which is not generated by the load balancing equipment, the load balancing equipment does not add a second identifier in the data message and sends the data message to the access equipment.

After receiving the data message, the access device sends the data message to the controller if there is no flow table matching with the data message. After receiving the data message, the controller determines that the data message is a message processed by the service chain because the data message does not carry the second identifier, generates a first flow table and a second flow table, and issues the first flow table and the second flow table to the access device. Or, only the first flow list is generated and sent to the access device. The access device may forward the data packet sent by the load balancing device to the server based on the first flow table, and details of the forwarding process are not further described here. If the controller issues the second flow table to the access device, the access device may forward the response packet of the data packet sent by the server to the load balancing device based on the second flow table. And if the controller does not issue the second flow table to the access device, the access device sends a response message of the data message to the controller after receiving the response message sent by the server. And after receiving the response message, the controller generates a second flow table and sends the second flow table to the access equipment. The access device may forward the response message to the load balancing device based on the second flow table.

After the load balancing device generates a health monitoring message (the source IP address of the health monitoring message is the same as the source IP address of the data message, and the destination IP address of the health monitoring message is the same as the destination IP address of the data message), the load balancing device adds a second identifier to the health monitoring message generated by the load balancing device, and sends the health monitoring message to the access device. After receiving the health monitoring message, the access device does not send the health monitoring message to the server based on the first flow table, but sends the health monitoring message to the controller based on the fifth flow table, because the priority of the fifth flow table is higher than that of the first flow table. After receiving the health monitoring message, the controller determines that the health monitoring message is a message which is not processed by the service chain because the health monitoring message carries the second identifier, generates a third flow table and a fourth flow table, and issues the third flow table and the fourth flow table to the access device. The access device may forward the health monitoring packet sent by the load balancing device to the server based on the third flow table (since the priority of the third flow table is higher than that of the fifth flow table, after receiving the health monitoring packet again, the access device may send the health monitoring packet to the server based on the third flow table instead of sending the health monitoring packet to the controller based on the fifth flow table); the access device may forward a response packet of the health monitoring packet sent by the server to the load balancing device based on the fourth flow table.

The technical solution of the embodiment of the present application is described in detail below with reference to specific application scenarios.

As shown in fig. 3, which is an application scenario diagram of the embodiment of the present application, a server 1, a server 2, and a server 3 have the same configuration and are used to implement the same service function, and a virtual service IP used by a load balancing device is 100.100.100.100. Service chain processing is required for both a data packet (hereinafter referred to as data packet 1) sent by the host 1 to the server and a response packet (hereinafter referred to as data packet 2) of the data packet 1 returned by the server to the host 1. The Service Chain (Service Chain) is a forwarding technology for guiding data packets to pass through the Service nodes in sequence, and the processing procedure of the Service Chain is not limited.

In order to find out a fault server and a fault link in time, the load balancing equipment periodically sends a health monitoring message to each server, and after receiving the health monitoring message, the server returns a response message aiming at the health monitoring message to the load balancing equipment, and the response message is subsequently called as a health monitoring response message.

Since the data packet 1 and the data packet 2 need to be processed by the service chain, the data packet 1 and the data packet 2 may be referred to as packets that have been processed by the service chain. Since the health monitoring message and the health monitoring response message do not need to be processed by the service chain, the health monitoring message and the health monitoring response message can be referred to as messages which are not processed by the service chain. In the application scenario, taking the example that the load balancing device sends the health monitoring message first and then sends the data message, the message processing method may include the following steps:

and 11, the controller issues a control strategy to the load balancing equipment, so that the load balancing equipment adds an identifier to the health monitoring message, for example, the TOS field of the health monitoring message is set as an identifier A.

In one example, the controller issues a fifth flow table (abbreviated as flow table 5) to the access device, where the fifth flow table is used to enable the access device to send a health monitoring message carrying the identifier a to the controller.

Step 12, when the load balancing device needs to send a health monitoring packet to the server (taking the server 1 as an example for explanation), the TOS field of the health monitoring packet is set as the identifier a.

And step 13, the load balancing equipment sends the health monitoring message to the access equipment.

The source IP address of the health monitoring packet is a virtual service IP (100.100.100.100), the destination IP address may be a real IP address of the server 1 (200.200.200.200), the source port is a port a of the load balancing device, the destination port is a port B of the server 1, and the TOS field is an identifier a.

And step 14, after receiving the health monitoring message, the access device queries whether a third flow table matched with the health monitoring message exists locally. If not, go to step 15; if the health monitoring message exists, the health monitoring message is sent to the server 1 by using a third flow table matched with the health monitoring message, and the sending process is introduced subsequently.

In an example, when a tunnel (e.g., a VXLAN (Virtual eXtensible Local Area Network) tunnel) is further established between the load balancing device and the access device, the load balancing device may further encapsulate a tunnel header (e.g., a VXLAN tunnel header) for the health monitoring packet, and after receiving the health monitoring packet, the access device removes the tunnel header to obtain the health monitoring packet therein, without limiting the application scenario.

And step 15, the access device sends the health monitoring message to the controller based on the flow table 5.

Step 16, after receiving the health monitoring message, the controller determines that the health monitoring message is a message that has not been processed by the service chain because the TOS field is analyzed from the health monitoring message as the identifier a.

The access device can also encapsulate the health monitoring message in a packet-in message, then send the packet-in message to the controller, and the controller analyzes the health monitoring message from the packet-in message.

And step 17, the controller generates a flow table 1 (a third flow table) and a flow table 2 (a fourth flow table) corresponding to the health monitoring message. The flow table 1 is used for enabling the access device to send the health monitoring message to the server 1, and the flow table 2 is used for enabling the access device to send the health monitoring response message without the service chain identifier encapsulated to the load balancing device.

In one example, the matching options of the flow table 1 may include: the source IP address is the source IP address (100.100.100.100) of the health monitoring packet, the destination IP address is the destination IP address (200.200.200.200) of the health monitoring packet, the source port is the source port (port a) of the health monitoring packet, and the destination port is the destination port (port B) of the health monitoring packet. The action options of flow table 1 may include: the messages matching this flow table 1 are sent through the interface associated with the server 1, i.e. interface X.

In one example, the matching options of the flow table 2 may include: the source IP address is the destination IP address (200.200.200.200) of the health monitoring packet, the destination IP address is the source IP address (100.100.100.100) of the health monitoring packet, the source port is the destination port (port B) of the health monitoring packet, and the destination port is the source port (port a) of the health monitoring packet. The action options of flow table 2 may include: the packets matching this flow table 2 are sent through the interface associated with the load balancing device, i.e. interface Y.

And step 18, the controller issues the flow table 1 and the flow table 2 to the access device.

In addition, after receiving the health monitoring message, the controller may also send the health monitoring message to the server 1, which is not described again. After receiving the flow table 1 and the flow table 2, the access device locally maintains the flow table 1 and the flow table 2, and after receiving the health monitoring message again (i.e., step 14), because the flow table 1 matched with the health monitoring message locally exists, the health monitoring message is sent to the server 1 by using the flow table 1.

And step 19, after receiving the health monitoring message, the server 1 returns a health monitoring response message.

In one example, the source IP address of the health monitoring response message may be the real IP address of the server 1 (200.200.200.200), the destination IP address may be the virtual service IP (100.100.100.100), the source port may be port B of the server 1, and the destination port may be port a of the load balancing device.

Step 20, after receiving the health monitoring response message, the access device may send the health monitoring response message through the interface Y because the health monitoring response message may be matched to the flow table 2.

In this step, since the health monitoring response message may be matched to the flow table 2, the access device may not send the health monitoring response message to the controller, that is, the non-service chain type response message may not reach the controller.

And step 21, after receiving the health monitoring response message, the load balancing equipment determines a fault detection result.

Based on the above process, the transmission of the health monitoring message and the health monitoring response message can be completed, and the load balancing device can determine the fault detection result based on the health monitoring response message without limitation on the fault detection process. In addition, the transmission process for the data packet 1 and the data packet 2 may further include:

step 22, the host 1 sends the data packet 1, and the data packet 1 finally reaches the load balancing device after being processed by the service chain of each service node, without limitation to the processing process of the service chain.

Step 23, after receiving the data message 1, the load balancing device performs DNAT (Destination Network Address Translation) and SNAT (Source Network Address Translation) Translation on the data message 1 to obtain the translated data message 1.

In one example, the source IP address of datagram 1 is host 1 IP address (10.10.10.10) and the destination IP address is virtual service IP (100.100.100.100). The load balancing device performs DNAT and SNAT conversion on the data packet 1, which means that: assuming that server 1 is selected as the destination server for datagram 1, the source IP address of datagram 1 is modified to the virtual service IP (100.100.100.100) and the destination IP address of datagram 1 is modified to the real IP address of server 1 (200.200.200.200).

Step 24, the load balancing device maintains the session table entry of the data packet 1, where the session table entry may include quintuple information before conversion, quintuple information after conversion, and a service chain identifier. The five-tuple information may include a source IP address, a destination IP address, a source port, a destination port, and a protocol type.

In an example, the load balancing device may be a last hop device of a service chain, and thus, the data packet 1 received by the load balancing device is a packet encapsulated by a tunnel, and a tunnel header carries a service chain identifier (e.g., the service chain identifier 1), and the load balancing device may parse the service chain identifier from the tunnel header. Then, the load balancing device removes the tunnel header to obtain the data packet 1, and performs the steps 23 and 24 based on the data packet 1. Based on the above processing, the load balancing device may obtain the quintuple information before conversion, the quintuple information after conversion, the service chain identifier 1, and the like, and maintain the session table entry shown in table 1.

TABLE 1

And step 25, the load balancing equipment sends the converted data message 1 to the access equipment.

Step 26, after receiving the data packet 1, the access device queries whether a flow table matching the data packet 1 exists locally. If not, go to step 27; if the data message 1 exists, the data message 1 is sent to the server 1 by using the flow table matched with the data message 1, and the sending process is introduced in the subsequent process.

In an example, when a tunnel is established between the load balancing device and the access device, the load balancing device may further encapsulate a tunnel header for the data packet 1, and the access device removes the tunnel header after receiving the data packet 1 to obtain the data packet 1, which is not limited to this application scenario.

In one example, although the matching options of flow table 1 include: the source IP address is 100.100.100.100, the destination IP address is 200.200.200.200, the source port is port a, the destination port is port B, the source IP address of datagram 1 is virtual service IP (100.100.100.100), and the destination IP address is the real IP address of server 1 (200.200.200.200). However, because the data packet and the health monitoring packet use different port numbers as destination ports, the destination port of the data packet 1 is not the port B, and therefore, the data packet 1 is not matched with the flow table 1, and is not forwarded based on the flow table 1.

Step 27, the access device sends the data packet 1 to the controller.

Step 28, after receiving the data packet 1, the controller determines that the data packet 1 is a packet processed by the service chain because the TOS field analyzed from the data packet 1 is not the identifier a.

The access device can also encapsulate the data message 1 in a packet-in message, then send the packet-in message to the controller, and the controller analyzes the data message 1 from the packet-in message.

Step 29, the controller generates a flow table 3 (i.e., a first flow table) and a flow table 4 (i.e., a second flow table) that match the datagram 1. The flow table 3 is used to enable the access device to send the data packet 1 to the server 1, and the flow table 4 is used to enable the access device to encapsulate a service chain identifier for a response packet (i.e., the data packet 2) corresponding to the data packet 1, and send the data packet 2 encapsulated with the service chain identifier to the load balancing device.

In one example, the matching options of flow table 3 may include: the source IP address is the source IP address of datagram 1 (100.100.100.100) and the destination IP address is the destination IP address of datagram 1 (200.200.200.200). The action options of flow table 3 may include: the messages matching this flow table 3 are sent through the interface associated with the server 1, i.e. interface X. The matching options of the flow table 4 may include: the source IP address is the destination IP address of datagram 1 (200.200.200.200), and the destination IP address is the source IP address of datagram 1 (100.100.100.100). The action options of flow table 4 may include: the service chain identifier is encapsulated in the packet matching the flow table 4, and the modified packet matching the flow table 4 (i.e., the packet encapsulating the service chain identifier) is sent through the interface (i.e., interface Y) associated with the load balancing device.

In one example, when the data packet needs to be service-chain processed, a correspondence relationship between data packet characteristics and service-chain identifiers may be configured on the controller, where the data packet characteristics are usually a source IP address and a destination IP address of the data packet, for example, 100.100.100.100+200.200.200.200+ service-chain identifier a may be configured, and the service-chain identifier a is used to indicate that the packet needs to be service-chain processed.

When the controller generates flow table 4, the controller may query the corresponding relationship through 100.100.100.100+200.200.200.200, obtain the service chain identifier as service chain identifier a, and record in the action option of flow table 4: and encapsulating the service chain identifier A in the message matched with the flow table 4, and sending the modified message through the interface Y.

And step 30, the controller issues the flow table 3 and the flow table 4 to the access device.

In addition, after receiving the data packet 1, the controller may also send the data packet 1 to the server 1, which is not described again for this sending process. After receiving the flow table 3 and the flow table 4, the access device locally maintains the flow table 3 and the flow table 4, and after receiving the datagram 1 again (i.e. step 26), since the flow table 3 matching the datagram 1 locally exists, the datagram 1 is sent to the server 1 by using the flow table 3.

Step 31, after receiving the data message 1, the server 1 returns the data message 2.

In one example, the source IP address of datagram 2 may be the real IP address of server 1 (200.200.200.200), and the destination IP address may be the virtual service IP (100.100.100.100).

Step 32, after receiving the data packet 2, the access device encapsulates the service chain identifier a in the data packet 2, and sends the data packet 2 encapsulated with the service chain identifier a through the interface (i.e. interface Y) associated with the load balancing device, because the data packet 2 can be matched with the flow table 4.

In this step, the access device does not send datagram 2 to the controller, since datagram 2 may be matched to flow table 4. Moreover, when a tunnel is established between the load balancing device and the access device, the access device may encapsulate a tunnel header for the data packet 2, encapsulate the service chain identifier a into the tunnel header, and send the encapsulated data packet 2 through the interface Y.

Step 33, after receiving the data packet 2, the load balancing device parses the service chain identifier a from the data packet 2, and determines that the data packet 2 needs to be subjected to service chain processing based on the service chain identifier a.

For the process of "performing service chain processing on the data packet 2", the session table shown in table 1 is queried through the quintuple information (such as the source IP address 200.200.200.200, the destination IP address 100.100.100.100, the source port 12, the destination port 22, and the protocol type TCP) of the data packet 2 to obtain the quintuple information (such as the source IP address 10.10.10.10, the destination IP address 100.100.100.100, the source port 11, the destination port 21, and the protocol type TCP), and the service chain identifier 1, the quintuple information of the data packet 2 is converted into the currently obtained quintuple information, and the converted data packet 2 is subjected to tunnel encapsulation. Furthermore, instead of the service chain identity a, the service chain identity 1 is carried in the encapsulated tunnel header. In this way, for response messages of data messages of different hosts, the corresponding service chain identifiers may be different, so as to perform different service chain processing.

Step 34, the load balancing device sends the encapsulated data packet 2 to the service node corresponding to the service chain identifier 1, and the encapsulated data packet 2 finally reaches the host 1 after being processed by the service chain of the service node, which does not limit the processing of the service chain.

Based on the above process, the transmission process of the data message 1 and the data message 2 can be completed.

In this embodiment of the application, since the source IP address in the flow table 2 is the same as the source IP address in the flow table 4, and the destination IP address in the flow table 2 is the same as the destination IP address in the flow table 4, in order to enable the health monitoring response packet to be matched to the flow table 2, and the data packet 2 to be matched to the flow table 4, the priority of the flow table 2 is set to be higher than the priority of the flow table 4. After receiving the health monitoring response message, the access device firstly queries whether the health monitoring response message is matched with the flow table 2, and because the health monitoring response message can be matched with the flow table 2, the access device sends the health monitoring response message based on the flow table 2, and does not send the health monitoring response message based on the flow table 4. After receiving the data packet 2, the access device firstly queries whether the data packet 2 is matched with the flow table 2, although the source IP address and the destination IP address of the data packet 2 can be matched with the source IP address and the destination IP address of the flow table 2, the source port and the destination port of the data packet 2 cannot be matched with the source port and the destination port of the flow table 2, and therefore, the data packet 2 is not matched with the flow table 2, and queries whether the data packet 2 is matched with the flow table 4, and because the data packet 2 can be matched with the flow table 4, the data packet 2 is sent based on the flow table 4.

Based on the same application concept as the method, the embodiment of the application also provides a message processing device, and the message processing device can be applied to a controller. The message processing device can be implemented by software, or by hardware or a combination of hardware and software. A logical device, implemented in software for example, is formed by a processor of a controller in which the logical device is located reading corresponding computer program instructions in a non-volatile memory. From a hardware aspect, as shown in fig. 4, for a hardware structure diagram of a controller where the message processing apparatus provided by the present application is located, in addition to the processor and the nonvolatile memory shown in fig. 4, the controller may further include other hardware, such as a forwarding chip, a network interface, and a memory, which are responsible for processing a message; in terms of hardware architecture, the controller may also be a distributed device, possibly including multiple interface cards, to extend message processing at the hardware level.

As shown in fig. 5, a structure diagram of a message processing apparatus provided in the present application is a structure diagram of a message processing apparatus, where the apparatus specifically includes:

a sending module 11, configured to issue a control policy to a load balancing device, where the control policy is used to enable the load balancing device to perform specified processing on a packet that has been processed by a service chain and/or a packet that has not been processed by the service chain, and the load balancing device has an address translation function;

a receiving module 12, configured to receive a first type of message sent by an access device, where the first type of message is a message processed by a load balancing device according to a control policy, and a source address of the first type of message is an address of the load balancing device, and a destination address of the first type of message is an address of a server connected to the access device;

a determining module 13, configured to determine, according to the control policy, that the first type of packet is a packet that has been processed by a service chain or a packet that has not been processed by the service chain;

a generating module 14, configured to generate a first flow table and a second flow table when the first type of packet is a packet that has been processed by a service chain; the first flow table is used for enabling the access device to send a first type of message to the server, the second flow table is used for enabling the access device to perform tunnel encapsulation on a first response message corresponding to the first type of message and send the first response message to the load balancing device, and a tunnel head of the first response message comprises a service chain identifier;

the sending module 11 is further configured to issue the first flow table and the second flow table to the access device.

The generating module 14 is further configured to generate a third flow table and a fourth flow table when the first type of packet is a packet that is not processed by the service chain; the third flow table is used for enabling the access device to send a first type of message to the server, the fourth flow table is used for enabling the access device to perform tunnel encapsulation on a second response message corresponding to the first type of message and send the second response message to the load balancing device, and a tunnel head of the second response message does not include a service chain identifier;

the sending module 11 is further configured to issue the third flow table and the fourth flow table to the access device.

The determining module 13 is specifically configured to, in the process of determining, according to the control policy, that the first type of packet is a packet that has been processed by a service chain or a packet that has not been processed by the service chain:

if the control strategy is specifically to add a first identifier to a message which is processed by a service chain, and the control strategy comprises designated address information, analyzing the address information from the first type of message, and if the analyzed address information is the same as the designated address information in the control strategy, determining the first type of message as the message which is processed by the service chain when the first type of message carries the first identifier; otherwise, determining the first type of message as a message which is not processed by the service chain; or,

if the control strategy is specifically to add a second identifier to the message which is not processed by the service chain, when the first type of message carries the second identifier, determining that the first type of message is the message which is not processed by the service chain; otherwise, determining the first type of message as a message processed by a service chain; or,

if the control strategy is specifically to add a second identifier to a message which is not processed by a service chain, and the control strategy comprises designated address information, analyzing the address information from the first type of message, and if the analyzed address information is the same as the designated address information contained in the control strategy, determining that the first type of message is the message which is not processed by the service chain when the first type of message carries the second identifier; otherwise, determining the first type of message as a message processed by a service chain; or,

if the control strategy specifically includes adding a third identifier to a message which is processed by a service chain and adding a fourth identifier to a message which is not processed by the service chain, determining that the first type of message is the message processed by the service chain when the first type of message carries the third identifier; when the first type of message carries a fourth identifier, determining that the first type of message is a message which is not processed by a service chain; or,

if the control strategy specifically includes adding a third identifier to a message which is processed by a service chain and adding a fourth identifier to a message which is not processed by the service chain, and the control strategy includes designated address information, analyzing the address information from the first type of message, and if the analyzed address information is the same as the designated address information included in the control strategy, determining that the first type of message is the message processed by the service chain when the first type of message carries the third identifier; and when the first type of message carries a fourth identifier, determining that the first type of message is a message which is not processed by a service chain.

The generating module 14 is further configured to generate a fifth flow table according to the control policy; the fifth flow table is used for enabling the access device to send a message which is not processed by a service chain and has a source address of the load balancing device and a destination address of a server connected with the access device to the controller;

the sending module 11 is further configured to issue the fifth flow table to the access device;

wherein a priority of the fifth flow table is higher than a priority of the first flow table;

the priority of the fifth flow table is lower than the priority of the third flow table.

The matching options of the first flow table include: the source IP address is the source IP address of the first type of message, and the destination IP address is the destination IP address of the first type of message; the action options include: sending a message matched with the matching option of the first flow table through an interface associated with the server;

the matching options of the second flow table include: the source IP address is the destination IP address of the first type of message, and the destination IP address is the source IP address of the first type of message; the action options include: encapsulating a service chain identifier in a message matched with the matching option of the second flow table, and sending the message encapsulated with the service chain identifier through an interface associated with the load balancing equipment;

the matching options of the third flow table include: the source IP address is the source IP address of the first type of message, and the destination IP address is the destination IP address of the first type of message; the action options include: sending a message matched with the matching option of the third flow table through an interface associated with the server;

the matching options of the fourth flow table include: the source IP address is a destination IP address of the first type of message, the destination IP address is a source IP address of the first type of message, the source port is a destination port of the first type of message, and the destination port is a source port of the first type of message; the action options include: sending a message matched with the matching option of the fourth flow table through an interface associated with the load balancing device;

wherein a priority of the fourth flow table is higher than a priority of the second flow table.

The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.

For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the units may be implemented in one or more software and/or hardware when implementing the present application.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

Furthermore, these computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (which may include, but is not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims

1. A message processing method is applied to a controller, and is characterized by comprising the following steps:

issuing a control strategy to load balancing equipment, wherein the control strategy is used for enabling the load balancing equipment to perform specified processing on messages which are processed by a service chain and/or messages which are not processed by the service chain, and the load balancing equipment has an address translation function; the specified processing is used for enabling the controller to distinguish that the first type of message is a message processed by a service chain or a message not processed by the service chain after receiving the first type of message sent by the access equipment;

2. The method of claim 1,

after determining, according to the control policy, that the first type packet is a packet processed by a service chain or a packet not processed by the service chain, the method further includes:

if the first type of message is a message which is not processed by the service chain, generating a third flow table and a fourth flow table, and issuing the third flow table and the fourth flow table to the access equipment;

the third flow table is used for enabling the access device to send a first type of message to the server, the fourth flow table is used for enabling the access device to perform tunnel encapsulation on a second response message corresponding to the first type of message and send the second response message to the load balancing device, and a tunnel head of the second response message does not include a service chain identifier.

3. The method according to claim 1 or 2,

the determining, according to the control policy, that the first type of packet is a packet processed by a service chain or a packet not processed by the service chain specifically includes:

4. The method of claim 3,

the control strategy is specifically that a first identifier is added to a service type TOS field of a message which is processed by a service chain; or, the control policy is specifically to add a second identifier to a TOS field of the packet that is not processed by the service chain; or, the control policy specifically includes adding a third identifier to a TOS field of a packet that has been processed by a service chain, and adding a fourth identifier to a TOS field of a packet that has not been processed by the service chain.

5. The method of claim 2, further comprising:

generating a fifth flow table according to the control strategy, and issuing the fifth flow table to the access equipment;

the fifth flow table is used for enabling the access device to send a message which is not processed by a service chain and has a source address of the load balancing device and a destination address of a server connected with the access device to the controller;

6. The method according to claim 2 or 5,

7. A message processing device applied to a controller is characterized by comprising:

the system comprises a sending module, a load balancing device and a processing module, wherein the sending module is used for sending a control strategy to the load balancing device, the control strategy is used for enabling the load balancing device to perform specified processing on a message which is processed by a service chain and/or a message which is not processed by the service chain, and the load balancing device has an address conversion function; the specified processing is used for enabling the controller to distinguish that the first type of message is a message processed by a service chain or a message not processed by the service chain after receiving the first type of message sent by the access equipment;

8. The apparatus of claim 7,

the generating module is further configured to generate a third flow table and a fourth flow table when the first type of packet is a packet that is not processed by the service chain; the third flow table is used for enabling the access device to send a first type of message to the server, the fourth flow table is used for enabling the access device to perform tunnel encapsulation on a second response message corresponding to the first type of message and send the second response message to the load balancing device, and a tunnel head of the second response message does not include a service chain identifier;

the sending module is further configured to issue the third flow table and the fourth flow table to the access device.

9. The apparatus according to claim 7 or 8,

the determining module is specifically configured to, in a process of determining, according to the control policy, that the first type of packet is a packet that has been processed by a service chain or a packet that has not been processed by the service chain:

10. The apparatus of claim 8,

the generating module is further configured to generate a fifth flow table according to the control policy; the fifth flow table is used for enabling the access device to send a message which is not processed by a service chain and has a source address of the load balancing device and a destination address of a server connected with the access device to the controller;

the sending module is further configured to issue the fifth flow table to the access device;

11. The apparatus of claim 8 or 10,