BGP协议研究及应用

BGP协议是一种用于互联网自治域系统间的动态路由协议,其主要功能是在各自治域 系统之间交换网络可达性信息。BGP协议是一种路径向量协议,使用TCP作为传送协议,保证了数据 传输的可靠性。BGP协议支持无类型的区域间路由CIDR;支持丰富的策略配置包括路由聚合、路由过 滤;支持多播路由、VPN路由,BGP协议还支持QoS等参数扩展。主要介绍了BGP协议的原理、协议软 件的工作过程及在工程中的应用。     

IP骨干网BGP路由协议的扩展性

1制约BGP扩展性的几个问题BGP是目前应用在因特网上的IP网络互联协议,为运营商之间的互联提供了稳定而安全的路由协议,具有丰富的路由控制机制。为了更好地控制路由策略,当前大部分的运营商均将BGP部署到骨干路由器。随着网络的不断扩展、路由器数目的增多以及路由信息条目的激增,解决BGP的扩展性问题变得越来越重要。目前BGP的扩展性面临如下几个问题。(1)IBGP的Full-Mesh问题BGP路由协议分为IBGP和EBGP两个部分。IBGP用于自治域内的路由器之间,EBGP用于自治域间的路由器之间。为了防止产生环回路由,BGP要求一个路由器通…     

域间路由系统脆弱性及其应对措施

域间路由系统是互联网的关键基础设施,然而它却面临着严重的安全挑战.本文分析了域间路由协议BGP(边界网关协议)存在的脆弱性,构建了域间路由系统攻击模型,阐述了域间路由系统中基于链路和基于路由器节点的攻击模式,并指出这些攻击可能造成的危害,接着讨论了目前正在应用和研究的一些安全对策,并对路由过滤机制和协议扩展两种对策进行了性能比较.     

基于路径标识的多路径域间路由的开发与实现

针对现有网络架构中路由扩展性方面的问题日益严重,目前提出一种基于路径标识的多路径域间路由方案,可提高域间路由可扩展性和可靠性,但该研究只停留在理论阶段。现对基于路径标识的多路径路由协议进行了开发与实现,针对域间路由协议BGP的控制层和基于Linux内核的转发层进行了具体模块的结构分析和开发,并进行了功能性测试。结果显示,开发系统可以实现路径标识路由和多路径路由的功能。     

基于区块链的BGP前缀攻击防御研究

互联网在进行域间路由信息交互时域间路由器需要使用BGP协议完成路由交换,但是由于BGP设计上存在一些缺陷,导致出现前缀劫持、路由泄露以及TCP拒绝式服务连接等安全问题。为了解决BGP协议设计上的安全漏洞,利用区块链技术,设计了一种防御成本低、安全较高、无需变动BGP协议、安全机制容易部署、容易维护的、轻量级的BGP劫持防御机制。首先对原有的区块链数据结构进行改进,根据BGP协议特点设计出了交易索引表结构;其次利用区块链索引表进行IP前缀所有权的查询、更新,并有效防止了后续攻击;最后利用信用积分机制来赋予处理交易的队列优先级。     

基于SDN的互联网域间路由研究

互联网流量的爆发式增长,叠加互联网流量固有的突发性特点,使得网络流量不均衡现象日益加剧。传统BGP协议由于缺乏全网拓扑和全局流量观,只能遵循标准BGP选路原则,在解决流量调度和负载均衡方面存在不足。针对BGP协议存在的局限性,研发了基于RR+的互联网骨干网流量调度系统,并应用于ChinaNet骨干网的网内中继、网间互联出口、IDC出口等多个流量优化场景。更进一步地,提出了一种基于SDN的互联网域间路由架构,通过在域间控制器之间交换BGP路由,无需在域内和域间运行BGP协议,极大地简化了网络协议,并能够实现灵活的流量调度和负载均衡。     

对新型网络路由机制的思考

路由是网络的结构基石,新型网络路由机制是构建新型网络体系的必需。目前网际层的路由本质上是所谓的"单下一跳路由"机制,解决网络传输拥塞问题的一个根本措施在于改变当前网络单下一跳的选路模式,允许多条路径的并行传输。边界网关协议(BGP)是目前Internet唯一采用的域间路由协议,针对当前域间路由系统面临的规模可扩展性问题,文章提出了一个规模可扩展的新型分层域间路由架构(s-idra)。除了可扩展性以外,路由体系还面临其他挑战,比如安全性、服务质量(QoS)、组播、移动、动态网络拓扑等等。路由协议尤其是未来新型信息网络体系结构的路由协议的研究任重而道远。     

边界网关协议(BGP)有限状态机的探讨

BGP协议是目前因特网使用的网际协议,也是广电骨干数据平台与ISP运营商之间采用的路由协议,它在不同的自治域间起着网际路由选择,策略控制等重要作用.本文详细分析了BGP在各种状态下的转换机制,并对可能导致协议状态异常的情况做进一步的探讨.     

一种用于域间路由系统的监测模型

针对现有域间路由监测系统的不足，提出一种监测域间路由的系统模型。该模型基于BGP路由表监测或BGP报文更新监测两种技术之上，能利用Internet拓扑特性来检测异常路由，从而达到监测域间路由系统的目的。并对视图的完整性和监测网络的构造等模型相关问题进行了深入探讨。     

BGP在IPv6过渡阶段的应用

一、BGP及其扩展 边界网关协议(BGP)是目前IP网络中应用广泛且惟一的域间路由协议,目前协议版本号是4(即BGP4).BGP4最早由RF C1771描述(1995年),在2006年又发布了BGP的最新描述RFC4271.在此期间的十几年内,随着BGP的广泛应用,各种各样的扩展功能被加入到BGP中.对BGP的扩展分为两个大的方面:一是对性能的增强(比如反射器、自治系统联盟、路由过滤、平稳重启和聚合),另一个方面是对功能的增强(多协议支持).     

On Understanding Transient Interdomain Routing Failures

The convergence time of the interdomain routing protocol, BGP, can last as long as 30 minutes. Yet, routing behavior during BGP route convergence is poorly understood. During route convergence, an end-to-end Internet path can experience a transient loss of reachability. We refer to this loss of reachability as transient routing failure. Transient routing failures can lead to packet losses, and prolonged packet loss bursts can make the performance of applications such as Voice-over-IP and interactive games unacceptable. In this paper, we study how routing failures can occur in the Internet. With the aid of a formal model that captures transient failures of the interdomain routing protocol, we derive the sufficient conditions that transient routing failures could occur. We further study transient routing failures in typical BGP systems where commonly used routing policies are applied. Network administrators can apply our analysis to improve their network performance and stability.     

Study of BGP Peering Session Attacks and Their Impacts on Routing Performance

We present a detailed study of the potential impact of border gateway protocol peering session attacks and the resulting exploitation of route flap damping (RFD) that cause network-wide routing disruptions. We consider canonical grid as well as down-sampled realistic autonomous system (AS) topologies and address the impact of various typical service provider routing policies. Our modeling focuses on three dimensions of routing performance sensitivity: 1) protocol aware attacks (e.g., tuned to RFD); 2) route selection policy; and 3) attack-region topology. Analytical results provide insights into the nature of the problem and potential impact of the attacks. Detailed packet-level simulation results complement the analytical models and provide many additional insights into specific protocol interactions and timing issues. Finally, we quantify the potential effect of the BGP graceful restart mechanism as a partial mitigation of the BGP vulnerability to peering session attacks.     

利用BGP虚拟下一跳技术实现IP地址快速封堵

通过在BGP的路由反射器（RR）把需要封堵的IP地址通过BGP信息向全网发布并携带特定的BGP虚拟下一跳信息,而在IP骨干网的边缘路由器设置该特定虚拟下一跳IP地址的黑洞路由。以至于在IP骨干网的边缘路由器都会自动把访问该需要封堵IP地址的流量丢弃,达到快速封堵IP地址的目的。     

互联网BGP路由收敛问题研究现状的分析

文章重点分析了互联网边界网关协议(BGP)路由收敛问题,叙述了当前国际上对这个问题的几种解决方案,并指出了这几种解决方案所存在的问题.作者提出了自己的观点:BGP路由收敛问题与各路由器有不同的路由策略;各路由器BGP的数据更新时延不同;各链路连接失败和恢复的次序不同;路由更新消息的粒度与多方因素有关,应该找出一种综合的解决方法.     

BGP路由协议实际应用中的问题及解决方案

边界网关协议(BGP)在因特网上运行时存在路由不稳定(routing instability)、慢收敛(slow convergence)以及可扩展性(scalability)差等问题,随着因特网规模的不断扩大,这三个问题变得日趋严重.本文首先对这三个问题的成因做了深入的分析,然后把目前对这些问题的解决方案分为直接和间接两大类,分别对这两大类中有代表性的解决方案进行介绍并对其有效性做出了评估.     

Network-Wide Prediction of BGP Routes

This paper presents provably correct algorithms for computing the outcome of the BGP route-selection process for each router in a network, without simulating the complex details of BGP message passing. The algorithms require only static inputs that can be easily obtained from the routers: the BGP routes learned from neighboring domains, the import policies configured on the BGP sessions, and the internal topology. Solving the problem would be easy if the route-selection process were deterministic and every router received all candidate BGP routes. However, two important features of BGP-the Multiple Exit Discriminator (MED) attribute and route reflectors-violate these properties. After presenting a simple route-prediction algorithm for networks that do not use these features, we present algorithms that capture the effects of the MED attribute and route reflectors in isolation. Then, we explain why the interaction between these two features precludes efficient route prediction. These two features also create difficulties for the operation of BGP itself, leading us to suggest improvements to BGP that achieve the same goals as MED and route reflection without introducing the negative side effects     

互联网BGP路由可视及安全检测技术架构与实践

边界网关协议（border gateway protocol,BGP）是支撑互联网50年来快速发展的核心协议,因早期设计考虑不足一直存在路由劫持、路由泄露等路由安全威胁漏洞。随着互联网应用日益深入,BGP 路由安全问题逐渐引起业界重视,边界网络安全防护意义重大。提出了一种BGP路由安全检测架构,通过推理构建全球BGP路由知识库实现互联网全局路由可视性,并基于此实现路由劫持、路由泄露等路由安全事件的准实时检测。通过在杭州交换中心部署实践,证明本系统可构造较完整的互联网全局路由知识库、实现较准确和实时的BGP路由安全事件检测。     

BGP routing policies in ISP networks

The Internet has quickly evolved into a vast global network owned and operated by thousands of different administrative entities. During this time, it became apparent that vanilla shortest path routing would be insufficient to handle the myriad operational, economic, and political factors involved in routing. ISPs began to modify routing configurations to support routing policies - goals held by the router's owner that controlled which routes were chosen and which routes were propagated to neighbors. BGP, originally a simple path vector protocol, was incrementally modified over time with a number of mechanisms to support policies, adding substantially to the complexity. Much of the mystery in BGP comes not only from the protocol complexity, but also from a lack of understanding of the underlying policies and the problems ISPs face that are addressed by these policies. In this article we shed light on goals operators have and their resulting routing policies, why BGP evolved the way it did, and how common policies are implemented using BGP. We also discuss recent and current work in the field that aims to address problems that arise in applying and supporting routing policies.