In a fixed or mobile broadband access field and data center application, there are many value-added service devices based on a transport layer to an application layer, for example, a device with a service function (SF) such as antivirus, a firewall, application caching and acceleration, web (web) optimization, network address translation (NAT), or home control. FIG. 1 is a schematic diagram of devices with service functions that are connected in series. A user access device may be a gateway general packet radio system (GPRS) support node (GGSN) or a packet data network gateway (PGW) of mobile broadband, or a broadband network gateway (BNG) of fixed broadband. As shown in FIG. 1, the user access device is connected to a Gi-LAN (local area network) by using a Gi interface. In actual application, a user only needs to use some of the service functions, for example, some users subscribe to a service function of antivirus, and some users need to use a service function of NAT. In a serial networking manner, all data flows need to pass through devices with service functions that are connected in series, and consequently, a requirement for a processing capacity of the device with the service function is increased, and unnecessary network device investments are increased. In addition, in the serial networking manner, a fault of one of the devices with the service functions causes interruption and faults of an entire data flow.
To resolve a problem that exists when the devices with the service functions are connected in series, a concept of a service function chain (which is also referred to as a service chain) is proposed. The service function chain is service functions through which a data flow needs to pass and an order of passing through the service functions. For example, antivirus, a firewall, and NAT may be a service function chain, or application caching and acceleration, a firewall, and NAT may be a service function chain, or a firewall and NAT may be a service function chain. Data flows corresponding to different service function chains need to pass through only corresponding service functions.
FIG. 2 is a schematic diagram of a network architecture based on a service function chain. As shown in FIG. 2, the network architecture includes a control plane device, a traffic classifier (TC), a service function forwarding (SFF) device, and service functions such as an SF 1, an SF 2, an SF 3, and an SF 4. A data flow may need to pass through only some service functions, for example, pass through only an SF 1, an SF 3, and an SF 4. The traffic classifier may also be referred to as a classifier. In consideration of load balance and security, multiple devices are usually deployed for a same service function. For example, three devices are deployed for each service function, and a device deployed for each service function is referred to as a service function instance, for example, an SF 1.1.
In the network architecture shown in FIG. 2, the control plane device allocates a service function chain identifier to a data flow, and informs the traffic classifier of the service function chain identifier. The service function chain identifier is used to identify a service function chain corresponding to the data flow. After adding the service function chain identifier to the data flow, the traffic classifier sends the data flow to the service function forwarding device in a Gi-LAN. The service function forwarding device routes the data flow according to the service function chain identifier in the data flow. In a process of routing the data flow, the service function forwarding device needs to select a service function instance from multiple service function instances corresponding to service functions that form a service function chain. Service function instances selected from the service functions form a service function instance sequence of the data flow. According to a data flow processing requirement, all data packets of a same data flow need to pass through a same service function instance sequence. In addition, when a service function chain of an uplink data flow and a service function chain of a corresponding downlink data flow include a same service function, a same service function instance needs to be selected when the uplink data flow and the downlink data flow pass through the same service function.
In the prior art, each time the service function forwarding device receives a data packet, the service function forwarding device needs to retrieve a service function instance sequence of the data packet according to a 5-tuple of the data packet. Consequently, data packet forwarding efficiency is greatly reduced.