On a common network such as a data center network or the Internet (Internet), a common network device can provide basic forwarding functions such as switching and routing, and can further provide a value-added service (VAS). A VAS may be a service function such as network address translation (NAT), a firewall, traffic balancing, or deep packet inspection (DPI).
One or more service function chains (SFC) may be deployed on a common network. An identifier (ID) of each SFC may be indicated by using a path identifier (path ID), and the SFC may sequentially include a first SF node and a second SF node. The first SF node and the second SF node may provide different VAS processing, for example, the first SF node provides a firewall function, and the second SF node provides a DPI function. The first SF node may communicate with a first SFE on the network, the first SFE communicates with both a service classifier (service classifier) and a second SFE, and the second SFE may communicate with the second SF node.
For example, the service classifier adds an SFC header to a received first packet, so as to obtain a second packet, the service classifier adds a path ID to an SFC header of the second packet according to a service to which the first packet belongs, and the service classifier sends the second packet to the first SFE. The first SFE sends the second packet to the first SF node according to the path ID in the SFC header of the second packet. The first SF node detects whether the second packet is from a trusted user, and if the second packet is from a trusted user, the first SF node sends the second packet to the first SFE. The first SFE may send, to the second SFE, the second packet sent by the first SF node, and the second SFE sends the second packet to the second SF node. Each packet that belongs to a same service flow as that to which the first packet belongs is from a trusted user, and when forwarded by using the SFC, each packet of the service flow is detected by the first SF node, thereby resulting in network resource waste.