A software-defined network (SDN for short) is an emerging network architecture in which control and forwarding are separated. Two major devices in the SDN technology are a central controller (which is also referred to as a controller) and a network device.
On a basis of the SDN technology, in an existing data stream security processing method, a data stream first passes through a software module inside the controller to undergo security detection, and then the controller delivers a forwarding path that only goes through a forwarding device, that is the controller delivers information indicating a forwarding path that only goes through a forwarding device.
In the foregoing existing data stream security processing method, security performance of the security detection performed by the software module is not high. In addition, the controller not only needs to determine a transmission path for the data stream, but also needs to perform security detection on the data stream. As a result, load of the controller is heavy.