A telecommunications network includes many network devices such as a router, a gateway, a switch, and a firewall. Each network device includes a packet forwarding module and a protocol control module, where the packet forwarding module is configured to forward a packet, and the protocol control module is configured to process a packet according to a protocol, to implement transmission of a packet between different network devices, thereby implementing network interconnection. Because network devices are distributed in different places, this manner of integrating a control function and a forwarding function into a network device makes network management much complex. For example, when a network needs to be upgraded, all network devices in different places on the network need to be upgraded, which is much inconvenient and time-consuming.
To deal with complexity of network management, an SDN (software defined network) network is introduced. The SDN network decouples a control module and a forwarding module that are in a network device, and deploys the control module in a centralized manner, so that network maintenance and management can be implemented on the side of the control module, which is simple and convenient.
On the SDN network, a forwarding function is deployed in a forwarding plane device, and a control function is deployed in a control plane device. The control plane device determines, according to content of a user packet, a flow entry that is needed to process the user packet, and sends the flow entry to the forwarding plane device by using a flow entry installation message. The forwarding plane device installs the flow entry into a flow table of the forwarding plane device, and processes the user packet by using the flow entry. According to an SDN network protocol such as the Openflow protocol, one flow entry installation message carries only one flow entry. If the forwarding plane device processes a user packet by means of multiple flow entries matching, the control plane device needs to send, to the forwarding plane device by using multiple flow entry installation messages, flow entries needed to process the user packet, and the forwarding plane device separately writes the flow entries into corresponding flow tables.
The inventor of this application finds in long-term studies that writing a flow entry into a flow table by a forwarding plane device and processing a user packet by the forwarding plane device are two independent processes; due to a network delay, flow entry installation messages do not reach the forwarding plane device synchronously, and the forwarding plane device is triggered to perform a matching and processing procedure on a user packet. As a result, the forwarding plane device processes the user packet in a case in which a flow entry is missing, thereby causing that the user packet processed by the forwarding plane device becomes erroneous.