In fixed or mobile broadband access and data center applications, processing of multiple services based on layer 4 to layer 7 may exist. As shown in FIG. 1, in existing common networking, multiple service processing devices are usually connected in series after a fixed or mobile user access device. A service processing device may be a processing device used for anti-virus, a firewall, application caching and acceleration, web optimization, network address translation (NAT), home control, and the like. The user access device may be a mobile broadband gateway general packet radio service (GPRS) support node (GGSN) or packet data network gateway (P-GW), a fixed access broadband network gateway (BNG), the onion router (ToR) in a data center, or the like.
In an actual application, only a service flow of a user that has subscribed to anti-virus service may need to pass through an anti-virus service processing device, and only a video or web access service flow may need to pass through an application caching and acceleration service processing device. However, in the networking shown in FIG. 1, service flows of all users need to flow through all service processing devices that are connected in series regardless of whether corresponding service processing needs to be performed on these services flows. Consequently, a processing capacity demand of a service processing device increases, investment in unnecessary network devices increases, and fault points in the networking increase. Once a particular service processing device has a fault, interruption and a fault are caused to a whole service flow.
In order to resolve the foregoing problem brought by networking of multiple service processing devices connected in series, a concept of a service chain is proposed in the industry. A service chain is a sequence of services that a particular service flow needs to pass through. For example, a sequence, which is indicated by a service chain, of services that need to be passed through may be anti-virus service, a firewall service, and NAT service, and a sequence, which is indicated by another service chain, of services that need to be passed through may be application caching and acceleration, a firewall, and NAT. A service flow of a different service chain only needs to flow through a service processing device corresponding to a service indicated by the service chain.
As shown in FIG. 2, FIG. 2 is a network architecture diagram of a solution of a software defined network (SDN) GI, where GI is an interface between a GPRS and an external packet data network service chain in a network functions virtualization (NFV) architecture.
The SDN GI service chain in the NFV architecture includes the following logical function components. A traffic classifier (TC) configured to implement functions of service flow classification and identification and tagging (service chain ID), a value-added server (VAS) configured to provide a service in a service chain, such as web optimization, video optimization, and uniform resource locator (URL) filtering, a service switch (SSW) configured to provide a function of forwarding a service flow according to a flow table, and a basic layer 2 (L2) switching capability, and support network deployment across three layers by means of a channel such as a virtual extensible local area network (VxLAN), and a controller configured to provide maintenance and management of a service chain, collect a G-interface (Gi) local area network (LAN) network topology, and generate, according to the network topology and the service chain, a flow table (filter, action) used by the service chain and deliver the flow table to the SSW.
The foregoing TC, VAS, SSW, controller, and the like are all virtualized network function units (VNFs) or virtualized network sub-function units (sub-VNFs) in a virtual LAN, and may be virtual machines (VMs) instances and run on multiple physical machines in a distributed manner.
The SDN GI service chain in the NFV architecture may further include the following logical function component. A management and orchestration (MANO) node configured to deploy VNFs such as the foregoing TC, controller, SSW, and VAS on multiple physical machines or on a cloud according to definitions of a network service description (NSD) and a virtual network function description (VNFD).
In implementation of the SDN GI service chain in the NFV architecture, the TC first classifies a service flow and identifies a service chain label to which the service flow belongs. Then the SSW forwards, according to a sequence of services that is indicated in the service chain, a packet to a corresponding VAS for processing. After completing processing, the VAS returns the packet to the SSW. The SSW then sends the packet to a next VAS for processing until the packet is processed by all VASs.
It is found in practice that in implementation of the SDN GI service chain in the NFV architecture, multiple VASs and multiple SSWs are randomly distributed and run on multiple physical machines. The SSWs and the VASs may need perform communication across the physical machines or even communication across data centers, and pass through a very long forwarding path. As a result, requirements for a communication capability of a VAS are increased, and processing efficiency of a service chain is lowered.