As the scale of the Internet rapidly expands, networks become indispensable in people's daily life, and network services become increasingly diverse and complex. As key nodes in network services, switching devices include a very limited quantity of open interfaces because of monopoly of existing device providers, and test and verification cannot be performed on many open ideas and protocols of networks.
In a common solution, a software defined networking (SDN) idea is introduced to an evolved packet core (EPC) architecture. FIG. 1 is a schematic diagram of separating and deploying a control plane and a forwarding plane of a mobile gateway. A control plane function and a forwarding plane function of a switching device (for example: a gateway) are separated, to obtain an architecture in which a control plane and a forwarding plane of the gateway are separated, as shown in FIG. 1. A mobility management entity (MME), a policy and charging rules function (PCRF), a home subscriber server (HSS), and a gateway-controller plane (GW-C) are all referred to as control plane network elements. The entire system architecture includes multiple control plane network elements. The multiple control plane network elements can determine a data processing policy related to user equipment, and send the policy to a gateway forwarding plane (GW-U) by using an interface between a control plane and a forwarding plane (for example, an OpenFlow interface). The gateway forwarding plane processes a data packet of the user equipment according to the policy.
After a control plane and a forwarding plane are separated in deployment as described above, multiple virtual network functions are presented as a control plane network element. Limited by factors such as a control range of a controller and network management and planning, a network architecture may include multiple such control plane network elements. That is, each controller in each control plane network element may operate a processing policy of a data packet of user equipment. Consequently, a service flow is maliciously controlled and cannot correctly reach a peer end.