In the prior art, referring to FIG. 1, numerous value-added service devices are generally connected in series between an access device 110 and the Internet 160, including an antivirus device 120, an application cache and acceleration device 130, a firewall 140, a network address translation (NAT) device 150, and the like. Data generated after a user terminal accesses a network by using the access device 110 needs to pass through the antivirus device 120, the application cache and acceleration device 130, the firewall 140, and the network address translation device 150 in sequence. In actual use, some users may subscribe only to an antivirus service, and other users may require only network address translation. However, in prior-art conditions, all data needs to pass through the antivirus device 120, the application cache and acceleration device 130, the firewall 140, and the network address translation device 150 in sequence, causing unnecessary traffic burden to the devices.
To solve the foregoing problem, referring to FIG. 2, the prior art provides a system for service chain selection and control, where the system includes: a coordination device 210, a policy and charging rules function (PCRF,) unit 220, a controller 230, an access device 240, a flow classifier 250, forwarding devices 260, load balancing devices 270, and value-added service devices 280. The value-added service devices 280 include antivirus devices 281, firewall devices 283, and a cache device 285.
One end of the coordination device 210 is connected to a first end of the PCRF unit 220; a second end of the PCRF unit 220 is connected to one end of the access device 240; a third end of the PCRF unit 220 is connected to a first end of the flow classifier 250; another end of the access device 240 is connected to a second end of the flow classifier 250. Another end of the coordination device 210 is connected to the controller 230, and the controller 230 is further connected to the forwarding devices 260 managed by the controller 230. A third end of the flow classifier 250 is connected to at least one forwarding device 260 managed by the controller 230. The forwarding device 260 is connected to a load balancing device 270. Value-added service devices 280 of a same type are connected to a same load balancing device 270. For example, all anti-virus devices 281 are connected to a same load balancing device 270, and all firewall devices 283 are connected to a same load balancing device 270. The forwarding devices 260 are interconnected to constitute a topology network.
The coordination device 210 sends a logical service chain definition to the controller 230. The logical service chain definition is predefined according to an actual use requirement, and includes information about value-added service devices 280 that a service chain needs to pass through. The service chain includes forwarding devices 260 that a service flow may pass through and value-added service devices 280 that the service flow may pass through, and the service chain has a service chain identifier. For example, the logical service chain definition is: a service chain having a service chain identifier 1 needs to pass through antivirus devices 281 and firewall devices 283 in sequence.
After receiving the logical service chain definition, the controller 230 obtains the information about the value-added service devices 280 that the service chain needs to pass through. Then, the controller finds, according to a network topology diagram, which forwarding devices 260 the value-added service devices 280 that the service chain needs to pass through are connected to, and thereby determines the forwarding devices 260 that the service chain needs to pass through. Then, the controller plans an optimal path of each service flow according to the forwarding devices 260 that the service chain needs to pass through and a load status of each forwarding device 260. After planning the optimal path of each service chain, the controller generates a flow forwarding table for each forwarding device 260 in the service chain. The flow forwarding table includes matching information and operation information. The matching information includes the service chain identifier. The operation information is configured to instruct the forwarding device 260 to send, after receiving a packet having the service chain identifier, the packet to a load balancing device 270 that is in the service chain and is connected to the forwarding device 260, and to forward, after receiving a packet returned by the load balancing device 270, the packet to a next forwarding device 260 in the service chain.
On the other hand, the coordination device 210 sends a service chain selection policy to the PCRF unit 220, where the service chain selection policy is predefined according to an actual requirement and includes information about a relationship between policy context information, an application type, and the service chain. According to an actual use requirement, the policy context information includes at least one of the following: user subscription type information, user terminal access type information, user terminal location information, and cell congestion information. For example, a user subscription type may be a gold user, a silver user, or a common user. A user terminal access type includes at least one of the following: 2G network access, 3G network access, and WiFi (Wireless Fidelity) network access. The application type includes at least one of the following: a service flow of web browse, video browse, or access to a specific website, a service flow of a source IP address of a specific user, and a service flow of a specific application protocol.
For example, in an implementation manner, the service chain selection policy may be selecting the service chain having the service chain identifier 1 for a service flow whose application type is web browse, when a silver user accesses a 2G network.
The PCRF unit 220 receives the policy context information and the service chain selection policy sent by the coordination device 210, and obtains a service chain selection and control policy according to the policy context information and the service chain selection policy. For example, if the access type obtained by the PCRF unit 220 from the access device 240, of the accessed user is: accessing the 2G network, and the user subscription type information obtained from a user subscription type database 290 is a silver user, the service chain selection and control policy obtained by the PCRF unit 220 according to the service chain selection policy is: selecting the service chain having the service chain identifier 1 for the service flow whose application type is web browse. After obtaining the service chain selection and control policy, the PCRF unit 220 sends the service chain selection and control policy to the flow classifier 250.
After receiving the service chain selection and control policy sent by the PCRF unit 220, the flow classifier 250 detects the service flow of the application type, and adds the service chain identifier corresponding to the application type to a packet of the service flow. For example, after receiving the service chain selection and control policy that is to select the service chain having the service chain identifier 1 for the service flow whose application type is web browse, the flow classifier 250 detects the service flow of web browse, and adds the service chain identifier 1 to a packet of the service flow. Then, the packet of the service flow after the service chain identifier is added, is sent to the forwarding device 260.
The forwarding device 260 has received the flow forwarding table beforehand. Therefore, after receiving the packet after the service chain identifier is added, the forwarding device 260 matches the packet according to the service chain identifier in the matching information, then performs an operation according to the operation information, and sends the packet having the service chain identifier in the matching information, to the load balancing device 270 that is in the service chain and is directly connected to the forwarding device 260. The load balancing device 270 obtains a load status of each antivirus device 281 connected to the load balancing device 270, and then decides, according to the load status of each antivirus device 281, which antivirus device 28 to send the packet to. After the antivirus device 281 responsible for processing completes the processing, the antivirus device 281 returns the packet to the load balancing device 270. The load balancing device 270 then returns the packet to the forwarding device 260 that is directly connected to the load balancing device 270. After receiving the packet returned by the load balancing device 270, the forwarding device 260 that is directly connected to the load balancing device 270 forwards the packet to the next forwarding device 260 in the service chain.
It can be learned from the foregoing description that a load balancing device 270 needs to be disposed between each type of value-added service device 280 and a forwarding device 260. For example, in FIG. 2 a load balancing device 270 needs to be disposed between an antivirus device 281 and a forwarding device 260, and a load balancing device 270 also needs to be disposed between a firewall device 283 and a forwarding device 260. Therefore, multiple load balancing devices 270 need to be disposed in the system; in addition, the service chain needs to pass through, before passing through each type of value-added service device 280, a load balancing device 270 before this type of value-added service device 280, causing a waste of resources.