BOUNDARY FILTERING METHOD AND DEVICE FOR SRV6 TRUST DOMAIN

BOUNDARY FILTERING METHOD AND DEVICE FOR SRV6 TRUST DOMAIN

A packet forwarding method is disclosed. The method includes: After an edge node in a trusted domain receives an SRv6 packet whose destination address is a BSID, the edge node may verify the packet based on a BSID in the packet and a destination field in an SRH of the packet. If the packet passes th...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: FU, Jianzhong, LU, Dongjie, XIAO, Yaqun, WEN, Huizhi
Format: Patent
Sprache:eng ; fre ; ger
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A packet forwarding method is disclosed. The method includes: After an edge node in a trusted domain receives an SRv6 packet whose destination address is a BSID, the edge node may verify the packet based on a BSID in the packet and a destination field in an SRH of the packet. If the packet passes the verification, the edge node forwards the packet. If the packet fails the verification, the edge node discards the packet. Not only a node outside the trusted domain is required to access the trusted domain by using the BSID, but also the packet entering the trusted domain needs to be verified with reference to the target field in the segment routing header. Compared with a solution of performing SRv6 boundary filtering on a packet by using only a BSID, the foregoing method can effectively reduce network resources occupied by an attack packet, and therefore can reduce security risks that are caused by forwarding a packet by using an SRv6 technology.