For network functions virtualization (NFV), some network functions are implemented by establishing a virtualized network function (VNF) on a general hardware device such as a server, a switch, or a memory such that these network functions can run on the general hardware device, and a new dedicated network element device does not need to be configured. Therefore, flexibility of network deployment can be greatly enhanced, and investment costs are reduced.
In a process in which a network function is implemented using an NFV technology, a security risk exists in communication between VNFs inside a virtual network or communication between a VNF and an external network. Therefore, in other approaches, a connection in a network is established using a technology such as Internet Protocol security (IPSec) or transport layer security (TLS). In these security technologies, a certificate needs to be configured for both communication parties, and the certificate includes a key and an algorithm used for verification by both the communication parties.
In a virtualization scenario, a VNF is a set of software that can be instantiated and terminated when needed. VNF instantiation is a process in which resources are allocated to and software is installed for one VNF. Termination is a process in which the resources allocated to the VNF are released. During implementation of the foregoing function, the inventor finds that, after a VNF instance is terminated, the resources allocated to the VNF instance may be allocated to another VNF after being retrieved. In this case, storage resources in which certificate information of the original VNF instance is stored are allocated to the other VNF, and as a result a certificate of the original VNF instance may be obtained by the other VNF. Consequently, the certificate issued to the original VNF instance or a VNF component (VNFC) instance may be illegally obtained by an attacker, and communication security of a virtual network system is degraded.