CN106713131A - Multi-BGP routing instance parallel execution device - Google Patents
Multi-BGP routing instance parallel execution device Download PDFInfo
- Publication number
- CN106713131A CN106713131A CN201611015791.0A CN201611015791A CN106713131A CN 106713131 A CN106713131 A CN 106713131A CN 201611015791 A CN201611015791 A CN 201611015791A CN 106713131 A CN106713131 A CN 106713131A
- Authority
- CN
- China
- Prior art keywords
- routing
- input
- routing instances
- output
- instances
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/02—Topology update or discovery
- H04L45/08—Learning-based routing, e.g. using neural networks or artificial intelligence
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/28—Routing or path finding of packets in data switching networks using route fault recovery
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/54—Organization of routing tables
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/40—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass for recovering from a failure of a protocol instance or entity, e.g. service redundancy protocols, protocol state redundancy or protocol service redirection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Artificial Intelligence (AREA)
- Evolutionary Computation (AREA)
- Medical Informatics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of network space security protection and particularly relates to a multi-BGP routing instance parallel execution device. The device comprises a management scheduler, an abnormity judger, a plurality of input/output proxies, a plurality of ports and a plurality of routing instances. The ports are connected with neighbor routers. One input/output proxy is arranged on each port. Each input/output proxy is connected with all routing instances. The input/output proxies are used for filtering or distributing output/input messages of all routing instances according to a certain strategy. The routing instances are routers or virtual machines in support of operation of a BGP protocol. The management scheduler is connected with each input/output proxy and each routing instance and is used for setting roles of the routing instances, generating a message filtering and distribution strategy and issuing the message filtering and distribution strategy to each input/output proxy. The abnormity judger is connected with each routing instance and is used for reading the routing table of each routing instance, thereby judging whether an abnormity exists in the routing table of the routing instance or not.
Description
Technical field
The present invention relates to cyberspace technical field of safety protection, more particularly to a kind of many BGP routing instances executed in parallel
Device.
Background technology
BGP is a kind of path vector routing protocol, for transmitting autonomous system between routing iinformation.BGP is it is determined that road
What is considered during footpath is not speed, but allows the Autonomous Domain can be according to various bgp attributes come the transmission of control data stream.BGP is face
It is that session is set up by TCP between a bgp peer to connection.BGP propagates whole route when starting
Table, the part of a communication network change, triggers to update connecting transmission information using TCP later, and port numbers are 179.
On Internet, BGP needs the number of routes of notice greatly, because TCP provides reliable transfer mechanism, while TCP
Use sliding window mechanism so that BGP can constantly send packet, and without stopping as OSPF or EIGRP
Send and wait and be to be confirmed.
BGP has 4 kinds of type of messages:Open、Keepalive、Update、Notification.Wherein Open messages
After for TCP session establishments, neighbor router mutually indicates oneself, and notices the BGP operational factors of oneself.
Keepalive messages are mainly used in backfence keep-alive.Update message is used for announcing the route of available route or revocation.
Notification messages are mainly used in noticing mistake, it will usually cause BGP to connect and terminate.
Realize the executed in parallel and the single Network active defensive body in referring now to structure isomery redundancy of multiple routing instances
It is significant.So-called executed in parallel is exactly the routing instances of multiple operation bgp protocols can be simultaneously independent in a device
Ground operation, can receive the route updating packet of neighbours, and each safeguard respective routing table.It is single presentation be exactly multiple simultaneously
The routing instances that row is performed externally are rendered as a single routing node, for their neighbor router, can only see
To a routing instances, and all of routing instances and its annexation between them cannot be seen.By executed in parallel and
Single presentation, it is possible to achieve the feature dynamic change of single routing node, so as to improve the anti-attack ability of itself.
The content of the invention
In consideration of it, the invention provides a kind of scheme for running multiple BGP routing instances simultaneously in single routing node,
Wherein each routing instances can learn routing table from neighbor router, but neighbor router can only find a routing instances simultaneously
Establish a connection, so as to conceal the characteristic of multirouting example of the invention.
In order to achieve the above object, the present invention is achieved by the following technical solutions:
A kind of device of many BGP routing instances executed in parallel, it is characterised in that described device can run bgp protocol including multiple
Routing instances, input and output agency, management scheduler, abnormal decision device, wherein:
The routing instances can be a generic router, may also be a virtual machine that can run Routing Protocol, Suo Youlu
Must be supported to run bgp protocol by example;
The input and output agency, is deployed on each external interface of the present apparatus, and each agency is real with all of route
Example is connected, and its function is that the output of all routing instances and incoming message are filtered or distributed according to certain strategy;
The management scheduler is, according to certain scheduling strategy, to set the role of each routing instances, and generates packet filtering
And distribution policy, it is handed down to each input and output agency;
Abnormal decision device can read the routing table of each routing instances, and the specific comparison algorithm of utilization to the route of routing instances
Table is compared, so as to adjudicate the routing table of certain specific routing instances with the presence or absence of abnormal.
In the present apparatus, the executed in parallel of multiple routing instances and single presentation characteristic are the reports acted on behalf of by input and output
What text filtering and distribution mechanisms were realized.The executed in parallel characteristic requirements of routing instances each routing instances must route from neighbours
Device study route;And the single presentation mechanism requirement present apparatus is externally rendered as a single routing node, therefore can only be with one
Individual neighbours set up a connection, are connected rather than multiple.Therefore in the present apparatus, all routing instances not with neighbor router
Connection is directly set up, but is set up with neighbor router by input and output agency and is connected, each routing instances is defeated with input respectively
Go out agency and set up connection, for routing instances and neighbor router, input and output agency is transparent.
The role of routing instances is divided into two kinds, and one kind is that example is presented, and one kind is case of comparative examples.
Example is presented mainly to be responsible for carrying out routing iinformation interaction with neighbor router, and is responsible for the generation of forwarding strategy.
Can only simultaneously there is a presentation example in the present apparatus.The bgp routing information that the external issue of example is presented will be transfused to output
Agency is transmitted to neighbor router.If being provided with single headend in the present apparatus, that is presented the routing table in example
Headend will be handed down in the form of forwarding strategy;If being not provided with single headend in the present apparatus, that
The headend that example is presented will be responsible for carrying out routing forwarding to the data for flowing through device.
Case of comparative examples is used to carry out abnormal judgement to the routing table that example is presented, and can simultaneously there is multiple in the present apparatus
Case of comparative examples.Any message that case of comparative examples sends out can all be transfused to output agent interception, and input and output agency can be hair
Give and the BGP route updating packets of example are presented are replicated and be transmitted to case of comparative examples, make the case of comparative examples also can be from neighbours road
Routing iinformation is learnt by device.Abnormal decision device will read the routing table of each case of comparative examples, and the road of example is presented for checking
By table with the presence or absence of abnormal.The routing table of case of comparative examples will not be handed down to headend.
In the present apparatus, the forwarding strategy of input and output agency is:
Example is presented and sends Open messages for setting up during connection to neighbor router, the message will be transfused to output agent and turn
Neighbor router is issued, and the Open messages that case of comparative examples sends will all be dropped.The Open messages of neighbor router loopback
Output agent will be transfused to and be transmitted to all of route execution body for being sent out Open messages.
For the BGP messages of this 3 type of Keepalive, Update and Notification, input and output agency will
The all presentation examples of forwarding send message, and the message that all case of comparative examples send will all be dropped.Neighbor router sends
This 3 class message will be transfused to output agent and replicate and be transmitted to all routing instances.
If certain routing instances restart or be just added in the present apparatus, in order that the routing instances can and
When study to route, input and output agency is detecting the routing instances into after established states, is simulating routing instances
Slow reboot operation, retransmit all bgp routing informations to neighbor router request flush, neighbor router receive flush please
After asking, all BGP routes are packaged as BGP UPDATA messages and are sent, the message will be transfused to output agent and be transmitted to and newly open
Dynamic routing instances.
If the forwarding capability of device is undertaken by the transponder of presentation example, that data for flowing through the present apparatus all will be by sending
To example is presented, the routing forwarding of data is carried out by presentation example, these data will not be sent to case of comparative examples.If the present apparatus
The independent transponder for adding, these data will be sent to the transponder.
Management scheduler will be switched over according to the random cycle to the role of each routing instances.During role switching, certain
Individual case of comparative examples will be chosen as that example is presented, and original presentation example will be set as case of comparative examples.Upon abnormal decision device
It was found that the routing table that example is presented has exception, then role switching is triggered immediately.Will be given birth to by management scheduler during switching every time
The packet filtering of Cheng Xin and distribution policy, and it is handed down to input and output agency.
The beneficial effects of the invention are as follows:
The invention provides a kind of scheme for running multiple BGP routing instances simultaneously in single routing node, wherein each road
By example can from neighbor router learn routing table, but neighbor router can only find a routing instances and with its company of foundation
Connect, so as to conceal the characteristic of the multirouting example of the present apparatus.Dispatched by the role of the present apparatus and abnormal decision function, will be different
Structure redundancy properties and the uncertainty for externally presenting are incorporated into routing node, are greatly reduced for the unknown leakage of routing node
The validity that hole, defect, trapdoor or back door are scouted or attacked, improves the Initiative Defense ability of routing node.
Brief description of the drawings:
Fig. 1 is a kind of device of many BGP routing instances executed in parallel provided in an embodiment of the present invention;
Fig. 2 is a kind of device of many BGP routing instances executed in parallel with independent transponder provided in an embodiment of the present invention;
Fig. 3 is that a kind of IP of the device of many BGP routing instances executed in parallel provided in an embodiment of the present invention sets schematic diagram;
Specific embodiment:
Described in detail on exemplary embodiment of the invention according to following accompanying drawing.
The embodiment of the present invention provides a kind of device of many BGP routing instances executed in parallel, how solves in single route
In node parallel running multiple BGP routing instances and realize it is single presentation characteristic problem.
In order that those skilled in the art more fully understand the technical scheme in the present invention, below in conjunction with of the invention real
The accompanying drawing in example is applied, the technical scheme in the embodiment of the present invention is clearly and completely described.
Embodiment one:As shown in figure 1, present embodiments providing a kind of device of many BGP routing instances executed in parallel.The dress
Putting can altogether include 3 routing instances and 3 ports, on each port in this example comprising multiple routing instances and port
1 input and output agency is set, additionally including 1 management scheduler and 1 abnormal decision device, independent data is not provided with
Transponder.
The port of device is with the port number of BGP routing instances consistent and corresponds, and input and output agency will receive
BGP messages are separately processed with other messages, and BGP messages are distributed to each routing instances, other data transfer to present example carry out
Routing forwarding.For output data, if the BGP messages that case of comparative examples sends, then input and output agency is abandoned, if
It is that the BGP messages that example sends are presented, then input and output agency is replicated BGP loads, then with itself and neighbor router
Between set up TCP socket send.For the non-BGP messages that example is exported are presented, then neighbours' route is directly forwarded to
Device.
IP methods to set up of the present invention are as shown in figure 3, the input and output agency in device of the present invention route with each BGP
Need especially to set the IP of each port between example.Input and output are acted on behalf of as neighbor router and BGP routing instances
Between TCP agent, be configured with two kinds of addresses:IP-router and IP-broker.IP-router be input and output agency towards
The address of neighbor router, is also IP address that whole device is externally presented to neighbor router, and input and output agency was based on should
Address maintenance is linked with the BGP of neighbor router.IP-broker is input and output agency towards the ground of each BGP routing instances
Location, input and output agency set up BGP and link based on the address with each routing instances, IP-broker be the present apparatus internally
Location, is not presented externally.
The BGP messages of routing instances are sent to neighbor router, input and output agency needs to replace the IP in the message
Address, IP-broker is replaced with by source IP by IP-neighbor, and purpose IP replaces with each routing instances by IP-router
IP, that is, IP-instance;IP heads and original BGP load new messages of composition are reconfigured, and is sent to each BGP routes
Example;The BGP messages of neighbor router are issued to example is presented, the source IP of the message is changed to IP- by input and output agency
Router, purpose IP is constant.
Embodiment two, as shown in Fig. 2 the present embodiment is essentially identical with embodiment one, difference is, many BGP
Also include transponder in the device of routing instances executed in parallel, transponder is real with each input and output agency and each route respectively
Example is connected.According to the thought of " forwarding is separated with control ", there is provided a kind of many BGP routing instances with independent transponder are parallel
Performs device.Independent transponder is only responsible for the forwarding of non-route message, not responsible generation route table items.The route of example is presented
Table will be converted into forwarding strategy, and be handed down to transponder.Input and output agency can classify to the message being input into, BGP
Message will be distributed to each routing instances, and other messages will be sent to transponder, and routing forwarding is carried out by transponder.
Schematical specific embodiment of the invention is the foregoing is only, the scope of the present invention is not limited to, it is any
The equivalent variations that those skilled in the art is made on the premise of present inventive concept and principle is not departed from and modification, all should belong to
In the scope of protection of the invention.
Claims (5)
1. a kind of device of many BGP routing instances executed in parallel, including management scheduler, abnormal decision device, multiple input and output
Agency, multiple ports and multiple routing instances, port are connected to neighbor router, it is characterised in that on described each port
One input and output agency is set, and each input and output agency be connected with all routing instances, and input and output are acted on behalf of for right
The output of all routing instances and incoming message are filtered or distributed according to certain strategy, and the routing instances are support
The router or virtual machine of bgp protocol are run, management scheduler is acted on behalf of with each input and output and each routing instances is connected, and uses
In the role of setting routing instances, while generate packet filtering and distribution policy and be handed down to each input and output agency, it is described
Abnormal decision device is connected with each routing instances, for reading the routing table of each routing instances, so as to adjudicate routing instances
Routing table is with the presence or absence of abnormal.
2. the device of many BGP routing instances executed in parallel according to claim 1, it is characterised in that the routing instances
Role be divided into two kinds, respectively present example and case of comparative examples, present example mainly be responsible for and neighbor router is route
Information exchange, and it is responsible for the generation of forwarding strategy, can only be deposited simultaneously in the device of described many BGP routing instances executed in parallel
Example is presented at one;Case of comparative examples is used to carry out abnormal judgement to the routing table that example is presented, and is route in described many BGP real
There are one or more case of comparative examples simultaneously in the device of example executed in parallel.
3. the device of many BGP routing instances executed in parallel according to claim 1, it is characterised in that the input and output
The quantity of agency, port and routing instances is consistent, and quantitative range is 2-5.
4. the device of many BGP routing instances executed in parallel according to claim 3, it is characterised in that the input and output
The quantity of agency, port and routing instances is 3.
5. the device of many BGP routing instances executed in parallel according to claim 2, it is characterised in that many BGP routes
Also include transponder in the device of example executed in parallel, transponder is acted on behalf of and each routing instances phase with each input and output respectively
Even.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611015791.0A CN106713131A (en) | 2016-11-18 | 2016-11-18 | Multi-BGP routing instance parallel execution device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611015791.0A CN106713131A (en) | 2016-11-18 | 2016-11-18 | Multi-BGP routing instance parallel execution device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106713131A true CN106713131A (en) | 2017-05-24 |
Family
ID=58940561
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611015791.0A Pending CN106713131A (en) | 2016-11-18 | 2016-11-18 | Multi-BGP routing instance parallel execution device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106713131A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109391561A (en) * | 2017-08-10 | 2019-02-26 | 中国电信股份有限公司 | Dynamic bidirectional support method and system |
| CN110149309A (en) * | 2019-04-04 | 2019-08-20 | 中国人民解放军战略支援部队信息工程大学 | A kind of router threatens cognitive method and system |
| CN111404818A (en) * | 2020-03-12 | 2020-07-10 | 深圳市风云实业有限公司 | Routing protocol optimization method for general multi-core network processor |
| CN115296839A (en) * | 2022-06-24 | 2022-11-04 | 网络通信与安全紫金山实验室 | Mimic routing method, device and storage medium based on BGP-LS arbitration |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8254272B1 (en) * | 2007-02-28 | 2012-08-28 | Cisco Technology, Inc. | Operations administration management for path computation element chains |
| CN105553863A (en) * | 2015-12-14 | 2016-05-04 | 大连梯耐德网络技术有限公司 | Multi-logic variant router control system and control method based on OpenFlow |
-
2016
- 2016-11-18 CN CN201611015791.0A patent/CN106713131A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8254272B1 (en) * | 2007-02-28 | 2012-08-28 | Cisco Technology, Inc. | Operations administration management for path computation element chains |
| CN105553863A (en) * | 2015-12-14 | 2016-05-04 | 大连梯耐德网络技术有限公司 | Multi-logic variant router control system and control method based on OpenFlow |
Non-Patent Citations (1)
| Title |
|---|
| ERIC KELLER等: "Virtually Eliminating Router Bugs", 《CONEXT’09-PROCEEDINGS OF THE 2009 ACM CONFERENCE ON EMERGING NETWORKING EXPERIMENTS AND TECHNOLOGIES》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109391561A (en) * | 2017-08-10 | 2019-02-26 | 中国电信股份有限公司 | Dynamic bidirectional support method and system |
| CN110149309A (en) * | 2019-04-04 | 2019-08-20 | 中国人民解放军战略支援部队信息工程大学 | A kind of router threatens cognitive method and system |
| CN111404818A (en) * | 2020-03-12 | 2020-07-10 | 深圳市风云实业有限公司 | Routing protocol optimization method for general multi-core network processor |
| CN111404818B (en) * | 2020-03-12 | 2022-04-15 | 深圳市风云实业有限公司 | Routing protocol optimization method for general multi-core network processor |
| CN115296839A (en) * | 2022-06-24 | 2022-11-04 | 网络通信与安全紫金山实验室 | Mimic routing method, device and storage medium based on BGP-LS arbitration |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9736278B1 (en) | Method and apparatus for connecting a gateway router to a set of scalable virtual IP network appliances in overlay networks | |
| Khosravi et al. | Requirements for separation of IP control and forwarding | |
| US10200278B2 (en) | Network management system control service for VXLAN on an MLAG domain | |
| EP3207667B1 (en) | System and method for distributed flow state p2p setup in virtual networks | |
| EP3235176B1 (en) | Method and system for load balancing in a software-defined networking (sdn) system upon server reconfiguration | |
| EP3879759A1 (en) | Optimized datapath troubleshooting with trace policy engine | |
| US9413659B2 (en) | Distributed network address and port translation for migrating flows between service chains in a network environment | |
| US9473404B2 (en) | Symmetric flow processing in a software-defined networking (SDN) system | |
| TWI461032B (en) | Computer system and communication method in the computer system | |
| US9736263B2 (en) | Temporal caching for ICN | |
| CN102726007B (en) | Method and apparatus for implementing and managing virtual switches | |
| US9853880B2 (en) | 2 level routing in CCN | |
| US9880829B2 (en) | Method and apparatus for performing hitless update of line cards of a network device | |
| EP3735760A1 (en) | Data center failure management in an sdn deployment using border gateway node control | |
| US9712649B2 (en) | CCN fragmentation gateway | |
| EP3738273A1 (en) | Data center failure management in an sdn deployment using switching node control | |
| US10003529B2 (en) | Method and system for memory allocation in a software-defined networking (SDN) system | |
| US20160316011A1 (en) | Sdn network element affinity based data partition and flexible migration schemes | |
| CN106713131A (en) | Multi-BGP routing instance parallel execution device | |
| EP4046351B1 (en) | Rtps discovery in kubernetes | |
| US9973578B2 (en) | Real time caching efficient check in a content centric networking (CCN) | |
| Shao et al. | Accessing Cloud with Disaggregated {Software-Defined} Router | |
| WO2014069502A1 (en) | Communication system, path information exchange device, communication node, transfer method for path information and program | |
| US10965596B2 (en) | Hybrid services insertion | |
| Stevens et al. | Global and local knowledge in SDN |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170524 |