JP5916164B1 - Route control apparatus and program - Google Patents

Abstract

BGP is known as a protocol for controlling a route on the Internet, and a technique capable of appropriately controlling a route according to the situation under the control of BGP has been desired. A route information generation unit that generates BGP route information having a plurality of routes each including a destination address and a prefix length, a priority route determination unit that determines a priority route among the plurality of routes, and a priority There is provided a route control device including a route information update unit that updates route information so as to increase a prefix length of a destination address of a route to be performed. [Selection] Figure 1

Description

  The present invention relates to a path control device and a program.

BGP (Border Gateway Protocol) is known as a protocol for controlling routes on the Internet (see, for example, Patent Document 1).
[Prior art documents]
[Patent Literature]
[Patent Document 1] Japanese Patent Application Laid-Open No. 2000-209264

  A technique that can appropriately control the route according to the situation has been desired.

  According to the first aspect of the present invention, a route information generating unit that generates route information of BGP having a plurality of routes each including a destination address and a prefix length, and a preferred route among the plurality of routes is determined. A route control device is provided that includes a priority route determination unit and a route information update unit that updates route information to increase the prefix length of a destination address of a priority route.

  In the route control device, the priority route determination unit may determine a route that is preferred as a route that has priority over one route, and the route information update unit determines the prefix length of the destination address of the priority route as one route. The route information may be updated to be longer than the prefix length of the destination address. In the route control device, the priority route determination unit may determine a route that has been hijacked among the plurality of routes as a priority route. In the above route control device, the priority route determination unit may determine a priority route from a plurality of routes including the same destination among the plurality of routes, and the route information update unit may prefix the destination address of the priority route. The route information may be updated so that the length is longer than the prefix length of the destination address of another route among a plurality of routes including the same destination. The route control device may further include a route information transmission unit that transmits the route information generated by the route information generation unit to the BGP router, and the route information update unit is configured to increase the prefix length of the destination address of the priority route. The route information transmitted by the route information transmission unit may be updated.

  According to the second aspect of the present invention, there is provided a program for causing a computer to function as the path control device.

  It should be noted that the above summary of the invention does not enumerate all the necessary features of the present invention. In addition, a sub-combination of these feature groups can also be an invention.

1 schematically shows an example of a communication network. 3 schematically shows another example of a communication network. 3 schematically shows another example of a communication network. An example of a functional structure of a route server is shown roughly. An example of the flow of processing by a route server is shown roughly. 3 schematically shows another example of a communication network.

  Hereinafter, the present invention will be described through embodiments of the invention, but the following embodiments do not limit the invention according to the claims. In addition, not all the combinations of features described in the embodiments are essential for the solving means of the invention.

  FIG. 1 schematically shows an example of a communication network 10 according to the present embodiment. The communication network 10 includes an Internet 20, an AS (Autonomous System) 110, an AS 120, an AS 130, an AS 140, an AS 150, an IX (Internet eXchange) 160, and a route server 200. The route server 200 may be an example of a route control device.

  Here, an example will be described in which the AS number of the AS 110 is 1100, the AS number of the AS 120 is 1200, the AS number of the AS 130 is 1300, the AS number of the AS 140 is 1400, and the AS number of the AS 150 is 1500. The AS numbers of AS110, AS120, AS130, AS140, and AS150 are merely examples, and other AS numbers may be used.

  The AS 110 includes a router 112 and a router 114. The AS 120 has a router 122. The AS 130 has a router 132. The AS 140 includes a router 142 and a router 144. The AS 150 includes a router 152. Router 112, router 114, router 122, router 132, router 142, and router 152 may be BGP routers.

  AS 110 may be a transit AS. The router 112 is connected to the Internet 20. The router 114 is connected to the router 122, the router 132, and the route server 200 via the IX 160.

  AS 140 may be a transit AS. The router 142 is connected to the Internet 20. The router 144 is connected to the router 132 and the router 152.

  The AS 120 manages “172.16.0.0/13” and “172.24.0.0/13” networks. The AS 130 manages the networks of “10.2.0.0/16” and “10.3.0.0/16”. The AS 150 manages the “192.168.0.0/16” network. Note that these address spaces are examples, and the AS 120 and the AS 130 may manage networks in other address spaces. In particular, in the present embodiment, a private address is described as an example of the address space, but it goes without saying that it may be a global address.

  The route server 200 generates route information for each of the plurality of ASs connected to the IX 160. For example, first, the route server 200 becomes a BGP peer with each of the router 114, the router 122, and the router 132, and collects route data. The route data may include a destination address and prefix length, and an AS path attribute. The AS path attribute may be an AS number of the AS that passes through until reaching the destination AS.

  The route server 200 may generate a route table for the AS 110, a route table for the AS 120, and a route table for the AS 130 using the collected route data. The route table may be an example of route information. The route server 200 may use a tree structure instead of a table structure for the data structure of the route table. The route table generated by the route server 200 may be an example of route information regardless of whether the data structure is a table structure or a tree structure.

  Table 1 below is an example of a route table for the AS 110 generated by the route server 200. A row entry in the routing table may be called a route.

  The route server 200 transmits the generated route table for the AS 110 to the router 114. The route table received by the router 114 from the route server 200 is advertised to the Internet 20 by the router 112.

  The router 144 becomes a BGP peer with each of the router 132 and the router 152 and collects route data. Then, the router 144 generates a route table using the collected route data. Table 2 below is an example of a route table generated by the router 144. The route table generated by the router 144 is advertised to the Internet 20 by the router 142.

  For example, traffic destined for the network “10.2.0.10/16” or “10.3.0.0/16” from the Internet 20 is routed via AS 110 or AS 140 under the control of BGP. Delivered to the AS 130. Here, for example, when the processing load of the AS 140 is high, traffic destined for the network of “10.2.0.0/16” or “10.3.0.0/16” is not sent via the AS 140. There is a case where it is desired to distribute via the AS 110. That is, there is a case where it is desired to give priority to delivery via the AS 110 over delivery via the AS 140.

  The route server 200 according to the present embodiment updates the route table for the AS 110 transmitted to the router 114, thereby giving priority to the delivery via the AS 110 over the delivery via the AS 140. Specifically, first, the route server 200 includes a route including “10.2.0.0/16” and “10.3.0.0/16” among a plurality of routes included in the route table for the AS 110. ”Is determined as a priority route.

  Then, the route server 200 updates the route table for the AS 110 in order to increase the prefix length of the destination address of the priority route. For example, the route server 200 transmits change data for increasing the prefix length of “10.2.0.0/16” to the router 114, and sends to the router 114 “10.2.0.0” in the route table for the AS 110. The prefix length of “0.0 / 16” is increased. Further, the route server 200 transmits, for example, change data for increasing the prefix length of “10.3.0.0/16” to the router 114, and sends “10. 3. Increase the prefix length of “0.0 / 16”. Further, the route server 200 may transmit a route table in which the prefix lengths of “10.2.0.0/16” and “10.3.0.0/16” are increased to the router 114.

  Table 3 below is an example of a route table for the AS 110 updated by the route server 200.

  As shown in Table 3, in the route table for AS 110 updated by the route server 200, “10.2.0.0/16” is changed to “10.2.0.0/17” and “10.2. .128.0 / 17 ", and the prefix length is 16 to 17. In addition, “10.3.0.0/16” is “10.3.0.0/17” and “10.3.12.8.0 / 17”, and the prefix length is changed from 16 to 17. It has become. The route table for the AS 110 updated by the route server 200 is advertised again to the Internet 20 by the router 112.

  As a result, for the network of “10.2.0.0/16” and the network of “10.3.0.0/16”, the prefix length that AS 110 advertises to the Internet 20 and the AS 140 to Internet 20 On the other hand, it can be longer than the prefix length advertised. Since the longest matching rule is adopted in BGP, traffic destined for the network of “10.2.0.0/16” or “10.3.0.0/16” is more than the distribution via AS140. Distribution via the AS 110 can be prioritized.

  FIG. 2 schematically shows another example of the communication network 10. Here, differences from the communication network 10 described in FIG. 1 will be mainly described. FIG. 2 shows a case where “172.16.0.0/14” that is not actually managed by the AS 150 is erroneously registered as the route data of the AS 150, that is, the route to the network managed by the AS 120 is a route. The case where it is hijacked is illustrated. In this way, the route hijacking may mean that incorrect route information is registered and publicized on the network. When the route to the network managed by the AS 120 is hijacked in this way, traffic does not reach the network managed by the AS 120 and a communication failure occurs.

  When a route hijack occurs, the route server 200 according to the present embodiment updates the route table in order to increase the prefix length of the destination address of the hijacked route. The route server 200 detects that a route hijack has occurred, for example, based on data input by an operator of the route server 200 or the like. For example, when a route hijack for the “172.16.0.0/13” network managed by the AS 120 occurs, the operator of the route server 200 inputs the fact to the route server 200.

  For example, when data indicating that a route hijack has occurred for the “172.16.0.0/13” network is input, the route server 200 transmits the data to a plurality of ASs connected to the IX 160. Among the route tables, the route table having the route including “172.16.0.0/13” is updated. Specifically, the route server 200 increases the prefix length of “172.16.0.0/13” of the route table having a route including “172.16.0.0/13”. Update.

  For example, the route server 200 updates the route table for the AS 110 transmitted to the router 114 by the following procedure. First, the route server 200 determines a route including “172.16.0.0/13” as a priority route among a plurality of routes included in the route table for the AS 110.

  Then, the route server 200 updates the route table for the AS 110 in order to increase the prefix length of the destination address of the priority route. For example, the route server 200 transmits change data for increasing the prefix length of “172.16.0.0/13” to the router 114, and sends “172.16. Increase the prefix length of 0.0 / 13 ".

  In addition, the route server 200 may transmit a route table in which the prefix length of “172.16.0.0/13” is increased to the router 114. Table 4 below is an example of a route table for the AS 110 updated by the route server 200.

  As shown in Table 4, the route server 200 changes “172.16.0.0/13”, “172.16.0.0/14”, and “172.2.0.0.0 / 14” in the route table. ", The prefix length may be increased. In this example, the route server 200 increases the prefix length by one, but the route server 200 may increase the prefix length by two or more.

  The route server 200 uses the prefix length of “172.16.0.0/13” route-hijacked as “172.16.0.0/14” (may be referred to as a hijack route) registered in the AS 150. It is desirable that it can be longer than the prefix length. This is because the route hijacked route can be given priority by setting the prefix length of the route hijacked route longer than the prefix length of the hijacked route.

  Furthermore, if the prefix length of the route hijacked route is increased, the number of routes included in the route table increases, the processing load of the BGP router is improved, and the storage capacity of the BGP router is further consumed. Therefore, it is not desirable to make the prefix length too long. Therefore, it is desirable that the route server 200 can make the prefix length of the route hijacked route slightly longer than the prefix length of the hijack route, for example, by one.

  However, the route server 200 often cannot recognize the prefix length of the hijack route. Accordingly, the route server 200 may gradually increase the prefix length of the route that has been hijacked by the route while monitoring a change in traffic to the network of the route having the longer prefix length. For example, the route server 200 monitors the traffic with respect to the network of the route having a longer prefix length, and repeats the process of further increasing the prefix length when the traffic does not increase. Thereby, it is possible to control so as not to make the prefix length too long while eliminating the path hijacking.

  Here, an example has been described in which the route server 200 repeats the process of increasing the prefix length after increasing the prefix length until traffic to the network of the path hijacked path increases, but the present invention is not limited thereto. . For example, when the route server 200 receives from the router 122 or the like data indicating that the amount of traffic to the network of the route having a longer prefix length does not recover to the amount of traffic before the route hijacking occurs, The prefix length of the route may be further increased.

  FIG. 3 schematically shows another example of the communication network 10. Here, differences from the communication network 10 described in FIG. 2 will be mainly described. The communication network 10 illustrated in FIG. 3 further includes a monitoring device 280.

  The monitoring device 280 acquires route information transmitted by the router 144. Note that the monitoring device 280 may monitor other than the router 144. That is, the monitoring device 280 may further acquire route information transmitted by a router other than the router 144. The monitoring device 280 may transmit the acquired route information to the route server 200. As a result, the route server 200 can recognize “172.16.0.0/14”, which is the route data that caused the route hijacking.

  The route server 200 sets the prefix length of the destination address of the route hijacked route to be longer than the prefix length of “172.16.0.0/14” that is the route data that caused the route hijacking. The routing table may be updated. As a result, route hijacking can be eliminated without making the prefix length too long.

  FIG. 4 schematically shows an example of the functional configuration of the route server 200. The route server 200 includes a route data reception unit 212, a route table generation unit 214, a route table storage unit 216, a route table transmission unit 218, a display control unit 222, an input reception unit 224, a priority route determination unit 226, and a route hijack detection unit. 228 and a route table update unit 230. Note that the route server 200 is not necessarily required to have all of these configurations.

  The route data receiving unit 212 receives route data from a plurality of ASs connected via the IX 160. Further, when a change occurs in the route data managed by the AS connected via the IX 160, the route data receiving unit 212 may receive change data indicating the change from the AS.

  The route table generating unit 214 generates a route table using the route data received by the route data receiving unit 212. The route table generation unit 214 may be an example of a route information generation unit. The routing table storage unit 216 stores the routing table generated by the routing table generation unit 214. When the route data reception unit 212 receives the change data, the route table generation unit 214 may change the route table stored in the route table storage unit 216 according to the change data.

  The routing table transmission unit 218 transmits the routing table stored in the routing table storage unit 216 to each of a plurality of ASs connected via the IX 160. When the route data reception unit 212 receives change data, the route table transmission unit 218 may transmit the change data to each of a plurality of ASs connected via the IX 160. The route table transmission unit 218 may be an example of a route information transmission unit.

  The display control unit 222 controls to display the route table stored in the route table storage unit 216. For example, the display control unit 222 displays a route table on a display (not shown) included in the route server 200. Further, the display control unit 222 may display the route table stored in the route table storage unit 216 for any communication device that is connected for communication via a network.

  The input receiving unit 224 receives input. For example, the input receiving unit 224 receives an input via an input device (not shown) included in the route server 200. The input receiving unit 224 may receive an input from an arbitrary communication device that is connected for communication via a network. The display control unit 222 and the input reception unit 224 may provide a web service that enables browsing and operation of a route table on the web.

  The priority route determination unit 226 determines a priority route among a plurality of routes included in the route table stored in the route table storage unit 216. For example, the priority route determination unit 226 prioritizes a route selected by the operator of the route server 200 via the input reception unit 224 from a plurality of routes included in the route table displayed by the display control unit 222. Determine as.

  Also, the priority route determination unit 226 inputs from the plurality of routes included in the route table displayed on the arbitrary communication device by the display control unit 222 via the input reception unit 224 by the operator of the arbitrary communication device. The determined route may be determined as a preferred route. The operator of the route server 200 and the operator of an arbitrary communication device may select, for example, a route hijacked route or a route on which traffic is to be collected in order to balance the communication load.

  The route hijack detector 228 detects a route hijack. For example, the path hijack detection unit 228 monitors the traffic managed by each of the plurality of ASs connected to the IX 160, and detects that the continuous traffic has been interrupted. Detect that. The path hijack detection unit 228 may detect the path hijack using a known technique for detecting the path hijack. For example, the route hijack detection unit 228 detects a route hijack by each of route monitoring devices distributed in each of a plurality of ASs by comparing data in an IRR (Internet Routing Registry) database with route information. The path hijacking may be detected by using a technique.

  The route table update unit 230 updates the route table. The routing table updating unit 230 updates the routing table by, for example, transmitting change data for changing the routing table to the BGP router having the routing table and causing the BGP router to change the routing table. Further, the routing table updating unit 230 changes the routing table stored in the routing table storage unit 216 and transmits the changed routing table to the BGP router, thereby updating the routing table included in the BGP router. Good. The route table update unit 230 may be an example of a route information update unit.

  FIG. 5 schematically shows an example of the flow of processing by the route server 200. The process shown in FIG. 5 will be described with a state in which the route server 200 has received route data from a plurality of ASs connected via the IX 160 as a start state. Each process illustrated in FIG. 5 is executed mainly by a control unit included in the route server 200.

  In step 502 (step may be abbreviated as “S”), the routing table generation unit 214 generates each routing table of a plurality of ASs connected via the IX 160. In S504, the routing table transmission unit 218 transmits each of the plurality of routing tables generated in S502 to each of the plurality of ASs.

  In S506, it is determined whether or not the route hijack detection unit 228 has detected a route hijack. If it is determined that a path hijack has been detected, the process proceeds to S508. If it is not determined that a path hijack has been detected, the process proceeds to S510.

  In S508, the route table updating unit 230 updates the route table in order to increase the prefix length of the destination address of the route of the route table including the route hijacked route.

  In S510, it is determined whether or not the route data receiving unit 212 has received change data. When the route data receiving unit 212 determines that the change data has been received, the process proceeds to S512, and when it is not determined that the change data has been received, the process proceeds to S514. In S512, the routing table transmission unit 218 transmits the change data received in S510 to the corresponding AS among the plurality of ASs.

  In S514, it is determined whether an end instruction has been received. If it is not determined in S514 that an end instruction has been received, the process returns to S506, and if it is determined that an end instruction has been received, the process ends.

  FIG. 6 schematically shows another example of the communication network 10. Here, differences from the communication network 10 described in FIG. 1 will be mainly described. FIG. 6 illustrates a case where the route server 200 is applied to international roaming.

  The communication network 10 shown in FIG. 6 includes an AS 310, an AS 320, an AS 330, and an AS 340, an IX 180, a route server 200, a GRX (Global Roaming Exchange) provider 410, and a GRX provider 420, which are arranged in different countries. . AS310, AS320, AS330, and AS340 are arrange | positioned in Asian countries, for example.

  Here, a case where the AS number of the AS 310 is 1000, the AS number of the AS 320 is 2000, the AS number of the AS 330 is 3000, and the AS number of the AS 340 is 4000 will be described as an example. Note that the AS numbers of AS 310, AS 320, AS 330, and AS 340 are examples, and other AS numbers may be used.

  The AS 310 manages the network of “10.2.0.0/16”. The AS 320 manages a “172.16.0.0/12” network. The AS 330 manages the network of “10.4.0.0/16”. The AS 340 manages the “192.168.0.0/16” network. Note that these address spaces are examples, and the AS 310, AS 320, AS 330, and AS 340 may manage networks in other address spaces. In particular, in the present embodiment, a private address is described as an example of the address space, but it goes without saying that it may be a global address.

  IX 180 allows for direct exchange of traffic between AS 310, AS 320, AS 330 and AS 340 located in different countries. The AS 310, AS 320, AS 330, and AS 340 can efficiently perform communication across countries by transmitting traffic via the IX 180.

  Here, each of AS 310, AS 320, AS 330, and AS 340 may be connected to an old GRX provider. For example, in FIG. 6, AS 310 and AS 320 are connected to the GRX provider 410, and AS 330 and AS 340 are connected to the GRX provider 420.

  For example, when the GRX provider 410 is located in Amsterdam, the traffic transmitted by the AS 310 to the AS 320 is delivered to the AS 320 via the GRX provider 410, compared to the case where the traffic is delivered via the IX 180. As a result, a large time loss occurs. Therefore, it is desirable that the traffic transmitted by the AS 310 is distributed not via the GRX provider 410 but via the IX 180.

  The route server 200 according to the present embodiment may update the route table for the AS 310 so that the traffic transmitted by the AS 310 is distributed not via the GRX provider 410 but via the IX 180. For example, the route server 200 determines the route having the destination address “172.16.0.0/12” and the AS path “2000” included in the route table for the AS 310 as a preferred route.

  Then, the route server 200 updates the route table for the AS 310 in order to increase the prefix length of the destination address of the route. Specifically, the route of the destination address “172.16.0.0/12” and the AS path “2000” is changed to the route of the destination address “172.16.0.0/13” and the AS path “2000” and The destination address is “172.24.0.0/13” and the AS path is “2000”.

  Since the route of the destination address “172.16.0.0/12” and the AS path “2000” is advertised to the GRX provider 410 from the AS 320, the traffic transmitted by the AS 310 to the AS 320 is the longest matching rule. Accordingly, the data is distributed to the AS 320 via the IX 180. Thus, according to the route server 200 according to the present embodiment, the route via the IX 180 that directly connects a plurality of ASs arranged in different countries can be given priority over the route via the conventional GRX provider. . In the application example to international roaming shown in the present embodiment, AS 310, AS 320, AS 330, and AS 340 are connected to IX 180 in one hop, so that routing control by updating the prefix length is performed according to the longest match rule. It works more prominently.

  In the above description, each unit of the route server 200 may be realized by hardware or may be realized by software. Further, it may be realized by a combination of hardware and software. Further, the computer may function as the route server 200 by executing the program. The program may be installed in a computer constituting at least a part of the root server 200 from a computer-readable medium or a storage device connected to a network. A program that is installed in a computer and causes the computer to function as the route server 200 according to the present embodiment works on a CPU or the like to cause the computer to function as each unit of the route server 200. Information processing described in these programs functions as a specific means in which software and hardware resources of the route server 200 cooperate by being read by a computer.

  As mentioned above, although this invention was demonstrated using embodiment, the technical scope of this invention is not limited to the range as described in the said embodiment. It will be apparent to those skilled in the art that various modifications or improvements can be added to the above-described embodiment. It is apparent from the scope of the claims that the embodiments added with such changes or improvements can be included in the technical scope of the present invention.

  The order of execution of each process such as operations, procedures, steps, and stages in the apparatus, system, program, and method shown in the claims, the description, and the drawings is particularly “before” or “prior to”. It should be noted that it can be realized in any order unless the output of the previous process is used in the subsequent process. Regarding the operation flow in the claims, the description, and the drawings, even if it is described using “first,” “next,” etc. for convenience, it means that it is essential to carry out in this order. It is not a thing.

10 communication network, 20 Internet, 110 AS, 112 router, 114 router, 120 AS, 122 router, 130 AS, 132 router, 140 AS, 142 router, 144 router, 150 AS, 152 router, 160 IX, 180 IX, 200 Route server, 212 route data reception unit, 214 route table generation unit, 216 route table storage unit, 218 route table transmission unit, 222 display control unit, 224 input reception unit, 226 priority route determination unit, 228 route hijack detection unit, 230 routing table update unit, 280 monitoring device, 310 AS, 320 AS, 330 AS, 340 AS, 410 GRX provider, 420 GRX provider

Claims (5)

A route information generation unit for generating route information of BGP (Border Gateway Protocol) having a plurality of routes each including a destination address and a prefix length;
A priority route determination unit for determining a priority route among the plurality of routes;
A route information update unit that updates the route information to increase the prefix length of the destination address of the priority route ,
The route information update unit updates the route information to increase the prefix length of the destination address of the priority route, and then monitors traffic to the network of the route having the longer prefix length to increase traffic. If not, a route control device that executes processing for further increasing the prefix length . The priority route determination unit determines a route hijacked among the plurality of routes as the priority route,
The route information update unit executes a process of further increasing the prefix length when the amount of traffic to the network of the route having the longer prefix length does not recover to the amount of traffic before the route hijacking occurs. The path control device according to claim 1. The routing control device is connected to an IX (Internet eXchange) that enables direct exchange of traffic between a plurality of ASs (Autonomous Systems) located in different countries,
Each of the plurality of ASs is connected to a GRX (Global Roaming Exchange) provider,
The route information update unit is included in the route information for the at least one AS so that traffic transmitted by at least one AS of the plurality of ASs is distributed not via the GRX provider but via the IX. The route control device according to claim 1, wherein the route information is updated to increase a prefix length of a destination address of the route. A route information transmitting unit that transmits the route information generated by the route information generating unit to a BGP router;
The routing information update unit, in order to prolong the prefix length of the destination address of the priority path, updating the path information in which the route information transmitting unit transmits, to any one of claims 1 3 The described route control device. A program for causing a computer to function as the path control device according to any one of claims 1 to 4 .

Images