共查询到15条相似文献,搜索用时 281 毫秒
1.
2.
3.
4.
BGP路由表中环形路由现象分析 总被引:2,自引:0,他引:2
避免路由环是BGP系统的基本规则,违背该规则会给Internet连通性带来严重影响。文章研究了BGP表中的环形现象。通过对RouteViews数据进行分析,给出量化结果,并讨论该现象产生原因及相关问题。 相似文献
5.
基于边界网关协议(BGP)的域间路由系统已经成为Internet的核心路由设施,但由于BGP本身缺乏安全机制,很容易受到各种人为配置错误或者恶意攻击的影响。我们开发的域间路由监测系统可以从4个层次实现对域间路由的安全监测,分别是Internet、国家网络、特定ISP和特定路由。本文详细介绍了多层次域间路由安全监测系统的组成结构、软件结构、设计思想、实现技术和测试结果。 相似文献
6.
7.
8.
域间路由系统的安全威胁及其对策 总被引:1,自引:0,他引:1
BGP是用于在自治系统之间转发路由信息的协议,它是Internet路由系统中一个非常重要的组成部分.虽然它已被证明是一种非常稳定和有效的协议,但是随着Internet的快速发展与商业化,BGP的一个主要的局限性是它不能处理安全问题,因此经常遭到恶意攻击和人为错误的影响.加之BGP协议自身的脆弱性,使得域间路由系统正面临着非常严峻的安全问题.文中详述了域间路由系统所面临的安全威胁,全面地探讨了协议增强和安全防范机制,并对现有安全方案进行了分析. 相似文献
9.
10.
BGP是用于在自治系统之间转发路由信息的协议,它是Internet路由系统中一个非常重要的组成部分.虽然它已被证明是一种非常稳定和有效的协议,但是随着Internet的快速发展与商业化,BGP的一个主要的局限性是它不能处理安全问题,因此经常遭到恶意攻击和人为错误的影响.加之BGP协议自身的脆弱性,使得域间路由系统正面临着非常严峻的安全问题.文中详述了域间路由系统所面临的安全威胁,全面地探讨了协议增强和安全防范机制,并对现有安全方案进行了分析. 相似文献
11.
《Computer Networks》2008,52(15):2908-2923
The Internet’s interdomain routing protocol, BGP, supports a complex network of Autonomous Systems which is vulnerable to a number of potentially crippling attacks. Several promising cryptography-based solutions have been proposed, but their adoption has been hindered by the need for community consensus, cooperation in a public key infrastructure (PKI), and a common security protocol. Rather than force centralized control in a distributed network, this paper examines distributed security methods that are amenable to incremental deployment. Typically, such methods are less comprehensive and not provably secure. The paper describes a distributed anomaly detection and response system that provides comparable security to cryptographic methods and has a more plausible adoption path. Specifically, the paper makes the following contributions: (1) it describes pretty good BGP (PGBGP), whose security is comparable (but not identical) to secure origin BGP; (2) it gives theoretical proofs on the effectiveness of PGBGP; (3) it reports simulation experiments on a snapshot of the Internet topology annotated with the business relationships between neighboring networks; (4) it quantifies the impact that known exploits could have on the Internet; and (5) it determines the minimum number of ASes that would have to adopt a distributed security solution to provide global protection against these exploits. Taken together these results explore the boundary between what can be achieved with provably secure centralized security mechanisms for BGP and more distributed approaches that respect the autonomous nature of the Internet. 相似文献
12.
边界网关协议BGP4是目前Internet最主要的域问路由协议,其路由正确性和稳定性直接关系到Internet能否正常运行.作为一个域问路由协议,BGP协议必须支持策略路由,允许各个自治系统独立的制定他们的路由策略,而且允许这些策略优先于路径尺度.由于各个自治系统制定策略的角度不同,这些路由策略之间可能存在冲突,从而导致BGP协议发散及路由振荡.此外,BGP协议本身也存在一些内在机制的不完善,并可能导致在某些情况下路由不收敛或收敛速度缓慢.随着网络规模越来越大,拓扑越来越复杂,BGP路由收敛问题日趋严重,目前国内外对此展开了大量的研究,并提出了多种分析模型和解决方案.本文首先全面总结了BGP协议面临的主要的收敛问题,主要包括策略冲突和协议机制造成的不收敛问题和收敛缓慢问题,然后全面介绍了针对这些问题的现有的解决方案,分析比较了这些方案的优点和缺点,最后提出了进一步的研究设想. 相似文献
13.
The Border Gateway Protocol (BGP) is the core routing protocol in the Internet. It maintains reachability information towards IP networks, called prefixes. The adoption of BGP has come at a price: a steady growth in the routing table size (Meng et al., 2005) [1] as well as BGP updates (Cittadini et al., 2010) [2].In this work, we take a different look at BGP updates, by quantifying the amount of prefix correlation in the BGP updates received by different routers in the Internet. We design a method to classify sets of BGP updates, called spikes, into either correlated or non-correlated, by comparing streams of BGP updates from multiple vantage points.Based on publicly available data, we show that a significant fraction of all BGP updates are correlated. Most of these correlated spikes contain updates for a few BGP prefixes only. When studying the topological scope of the correlated spikes, we find that they are relatively global given the limited AS hop distance between most ASs in the Internet, i.e., they propagate at least 2 or 3 AS hops away. Most BGP updates visible from publicly available vantage points are therefore related to small events that propagate across multiple AS hops in the Internet, while a limited fraction of the BGP updates appear in large bursts that stay mostly localised.Our results shed light on a fundamental while often misunderstood aspect of BGP, namely the correlation between BGP updates and how it impacts our beliefs about the share of local and global BGP events in the Internet. Our work differs from the literature in that we try as much as possible to explicitly account in our methodology for the visibility of BGP vantage points, and its implication on the actual claims that can be made from the data. 相似文献
14.
边界网关协议BGP是当前因特网域间路由协议的事实标准,基于策略的路由选择过程使它不再是严格意义上的距离矢量协议,也不再具有距离矢量协议的收敛性。Varadhan指出,自治系统各自为政的策略配置方式会导致全局策略冲突,引起永久性的路由振荡。针对该问题,Griffin利用稳定路径问题SPP模型形式化地抽象出BGP协议行为,并以此为基础提出了一种分布式的策略冲突检测算法,尽管该算法完全避免了传统方法的缺陷,但仍然存在泄漏策略信息、对BGP协议改动太大以及浪费网络资源的问题。本文提出了一种基于安全多方计算的检测路由策略冲突的方法,用于在怀疑BGP路由发生振荡时,动态地检测系统中是否存在策略冲突。该方法采纳了Griffin的理论基础,同时由于巧妙地运用了安全多方计算协议,可以完全解决Griffin算法的问题,具有很好的实用性。 相似文献
15.