Currently, communication networks tend to become more and more intelligent, and service diversity becomes an important characteristic of a communication network. However, service diversity is a huge challenge for a switch device or a routing device in a current network. In one aspect, service application procedures or service logic processing of a switch device and a routing device is complicated. In another aspect, it is difficult to take advantages of a switch device and a routing device because of a variety of service applications.
A Network Service Platform (NSP) board may be connected to an Access Router (AR) or a switch to dedicatedly process various service applications such as a security service, server integration, and an application acceleration service. At the same time, an NSP has an independent hardware system and software system and can conveniently process one or more service applications.
A router or a switch may be connected to one or more NSP boards. The router or the switch includes at least a main control board, a local area network (LAN) line card, or a wide area network (WAN) line card, and a backend board, and the router or the switch is connected to the NSP board through the backend board. The main control board includes a microprocessor unit (MPU) and a switching unit (also called switching fabric). The switching unit is responsible for data exchange between the router or the switch and the NSP board. Traffic processed by a service application on the NSP is forwarded from the LAN line card or the WAN line card on the router or the switch through a switching unit. Currently, three typical service flow forwarding modes mainly exist, that is, a host mode, a mirror mode, and a redirection mode.
In a host mode, a service application on an NSP directly provides a service (such as a local email server or a voice call controller) for a user, and a destination Internet Protocol (IP) or a Media Access Control (MAC) address of a service flow sent by a user terminal is an IP address or a MAC address of a virtual machine that is responsible for processing the service application of the service flow and is on an NSP board. The service flow is forwarded by a LAN or a WAN line card on a router or a switch to the NSP through a switching unit, and then service traffic of the user terminal is processed by the virtual machine on the NSP.
In a mirror mode, a service application that can be processed on an NSP, such as a traffic statistics application or a virus detection application, is invisible to a user terminal. That is, a destination IP or a MAC address of service traffic of the user terminal is not an IP or MAC address of a virtual machine that is responsible for processing a service application of the service flow and is on an NSP board. A service flow sent by the user terminal requires a LAN line card or a WAN line card on a router or a switch to make a copy of service traffic and send the copy to the NSP through a switching unit, and the virtual machine on the NSP processes the copied service traffic of the user terminal.
In a redirection mode, being similar to the mirror mode, a service application that can be processed on an NSP, such as a firewall, is also invisible to a user terminal. That is, a destination IP or a MAC address of service traffic of the user terminal is not an IP or MAC address of a virtual machine that is responsible for processing a service application of the service flow and is on an NSP board. A service flow sent by the user terminal is redirected and sent by a LAN line card or a WAN line card on a router or a switch through a switching unit to the NSP, and then the virtual machine on the NSP processes the service traffic and then sends the service traffic to an original destination address through the switching unit after the processing is completed.
In the mirror mode and the redirection mode of service flow forwarding, the destination IP or the MAC address sent by the user terminal is not the IP or MAC address of the virtual machine that is responsible for processing the service application of the service flow and is on the NSP board. Therefore, when the NSP needs to process a plurality of service applications, the virtual machine on the NSP needs to monitor all packets on a network adapter. That is, a virtual machine service application receives traffic of other services in addition to traffic of a service application processed by the virtual machine. Therefore, service flows among different service applications cannot be isolated.