US 12,413,510 B2
Method and apparatus for packet forwarding, network node and storage medium
Xiangqing Chang, Beijing (CN); Zhaoyan Lei, Beijing (CN); Tao Lin, Beijing (CN); and Juan Qin, Beijing (CN)
Assigned to NEW H3C TECHNOLOGIES CO., LTD., Hangzhou (CN)
Appl. No. 18/001,943
Filed by New H3C Technologies Co., Ltd., Hangzhou (CN)
PCT Filed Jun. 29, 2021, PCT No. PCT/CN2021/103176
§ 371(c)(1), (2) Date Dec. 15, 2022,
PCT Pub. No. WO2023/272498, PCT Pub. Date Jan. 5, 2023.
Prior Publication US 2024/0106740 A1, Mar. 28, 2024
Int. Cl. H04L 45/00 (2022.01); H04L 9/40 (2022.01); H04L 69/22 (2022.01)
CPC H04L 45/34 (2013.01) [H04L 63/08 (2013.01); H04L 63/123 (2013.01); H04L 69/22 (2013.01)] 10 Claims
OG exemplary drawing
 
1. A method for packet forwarding, which is applied to a network node, comprising:
obtaining an SRv6 packet;
if a function field in a target segment identifier SID contains a security authentication instruction, obtaining a target argument based on an operation indicated by the security authentication instruction, and performing security authentication processing on the SRv6 packet based on the target argument; wherein, the target SID is an SID, corresponding to the network node, in a segment list carried by a header of the SRv6 packet, and the target argument is an argument for the security authentication instruction recorded in the header;
forwarding the processed SRv6 packet to a next-hop device;
wherein the obtained SRv6 packet is generated by an originating network node for the SRv6 packet through operations of:
receiving an initial packet;
if it is determined that an unsecured network node exists in an SRv6 forwarding path for forwarding the initial packet, obtaining the argument for the security authentication instruction, wherein, the security authentication instruction indicates that the unsecured network node performs the security authentication processing on the SRv6 packet;
determining whether a data amount of the argument for the security authentication instruction is greater than a maximum data amount of an arguments field in the SID;
if the data amount of the argument for the security authentication instruction is greater than the maximum data amount of the arguments field in the SID, generating the SID having the function field that contains the security authentication instruction and the arguments field that contains a first argument for the unsecured network node, and generating the SRv6 packet based on the initial packet, wherein, an extension field in the header of the SRv6 packet contains a second argument, the security authentication instruction further indicates that the argument for the security authentication instruction is stored in the arguments field and the extension field in the header, the first argument is a part of the argument for the security authentication instruction with a data amount smaller than or equal to the maximum data amount, and the second argument is the other part of the argument for the security authentication instruction except for the first argument; and
if the data amount of the argument for the security authentication instruction is not greater than the maximum data amount of the arguments field in the SID, generating the SID having the function field that contains the security authentication instruction and the arguments field that contains the argument for the security authentication instruction for the unsecured network node, and generating the SRv6 packet based on the initial packet, wherein, the security authentication instruction further indicates that the argument for the security authentication instruction is stored in the arguments field.