CN112887208A

CN112887208A - Route leakage detection method, device and equipment

Info

Publication number: CN112887208A
Application number: CN202110108554.3A
Authority: CN
Inventors: 黄小红; 张沛; 李丹丹; 谢坤; 刘仰斌
Original assignee: Beijing University of Posts and Telecommunications
Current assignee: Beijing University of Posts and Telecommunications
Priority date: 2021-01-27
Filing date: 2021-01-27
Publication date: 2021-06-01
Anticipated expiration: 2041-01-27
Also published as: CN112887208B

Abstract

In the scheme, after the business relationship between each routing node and the routing node in the routing strategy to be detected is determined, if the business relationship between a leakage target and a leakage point in a triple is not a first preset relationship and the business relationship between the leakage point and a leakage source is not a second preset relationship, the routing strategy to be detected is judged to have the routing leakage. Compared with the method for matching the routing strategy with the routing strategy in the AS relation data set, the method has the advantages that the business relation between every two adjacent routing nodes is detected, the triple group of each routing node is determined, the business relation in the triple group is detected, and the accuracy of route leakage detection is improved through the multi-detection scheme.

Description

Route leakage detection method, device and equipment

Technical Field

The present invention relates to the field of communications technologies, and in particular, to a method, an apparatus, and a device for detecting route leakage.

Background

Communication between Autonomous systems (AS, Autonomous systems) needs to be routed and forwarded by a Border router according to a corresponding AS path in a BGP (Border Gateway Protocol) table. An AS path may be understood AS a set of codes consisting of ASN (Autonomous System Number) of different ASs, which may also be referred to AS a routing policy. If the border router does not perform route forwarding according to the corresponding AS path in the BGP table, route leakage may occur. Route leakage can destroy communication relation, and easily causes adverse conditions such as information leakage.

Currently, the main route leakage detection schemes include: firstly, acquiring a routing strategy, wherein the routing strategy can be understood AS an occurred real routing strategy, and matching the routing strategy with a routing strategy in an AS (Autonomous System Relationship) relational data set, wherein the routing strategy in the AS relational data set can be understood AS a pre-stored ideal routing strategy; if the matching is successful, the routing strategy has no route leakage condition; and if the matching is unsuccessful, judging that the routing strategy has a route leakage condition.

In the above scheme, the detection of the route leakage depends on the AS relationship data set, but in some cases, not all routing policies are stored in the AS relationship data set, for example, some routing policies that need to be kept secret are not stored in the AS relationship data set. Thus, if the leaked route is not stored in the AS relation dataset, the case of route leakage cannot be detected by the above scheme. Therefore, the accuracy of the route leakage detection is low.

Disclosure of Invention

The embodiment of the invention aims to provide a method, a device and equipment for detecting route leakage, so as to improve the accuracy of route leakage detection. The specific technical scheme is as follows:

in order to achieve the above object, an embodiment of the present invention provides a method for detecting route leakage, including:

acquiring a routing strategy to be detected, wherein the routing strategy to be detected comprises a plurality of routing nodes;

respectively determining the business relationship between each routing node in the routing strategy to be detected and the routing node before the routing node according to the sequence of each routing node in the routing strategy to be detected;

for each routing node, determining a triple corresponding to the routing node according to the sequence, wherein the triple comprises a leakage target, a leakage point and a leakage source, the leakage target is the routing node, the leakage point is a routing node before the routing node, and the leakage source is a routing node before the routing node;

judging whether the business relationship between the leakage target and the leakage point is a first preset relationship or not;

if not, judging whether the business relationship between the leakage point and the leakage source is a second preset relationship;

if not, judging that the routing strategy to be detected has route leakage.

Optionally, the determining, according to the sequence of each routing node in the routing policy to be detected, a business relationship between each routing node in the routing policy to be detected and a routing node before the routing node, respectively, includes:

for each routing node in the routing strategy to be detected, acquiring a client list of the routing node as a first client list;

determining a previous routing node of the routing node according to the sequence of the routing nodes in the routing strategy to be detected; acquiring a client list of the previous routing node as a second client list;

judging whether the previous routing node exists in the first client list or not; judging whether the routing node exists in the second client list or not;

if the two routing nodes exist, judging that the business relationship between the routing node and the previous routing node is a peer-to-peer relationship;

if the former routing node exists in the first customer list and the routing node does not exist in the second customer list, determining that the business relationship between the routing node and the former routing node is an operator-to-customer relationship;

and if the former routing node does not exist in the first customer list and the routing node exists in the second customer list, determining that the business relationship between the routing node and the former routing node is a customer-to-operator relationship.

Optionally, the method further includes:

if the previous routing node does not exist in the first client list and the routing node does not exist in the second client list, acquiring a client set of the routing node as a first client set;

judging whether the previous routing node exists in the first customer set; if yes, determining that the business relationship between the routing node and the previous routing node is the relationship from the client to the operator;

if not, acquiring the client set of the previous routing node as a second client set;

judging whether the routing node exists in the second customer set or not; if yes, determining that the business relationship between the routing node and the previous routing node is the operator-to-customer relationship.

Optionally, after determining whether the business relationship between the leakage point and the leakage source is a second preset relationship, the method further includes:

searching the occurrence frequency corresponding to the routing strategy matched with the routing strategy to be detected in a pre-stored stable routing library as a target occurrence frequency; the stable routing library comprises a plurality of routing strategies and corresponding occurrence times thereof;

judging whether the target occurrence frequency is greater than a preset number threshold value or not;

and if not, executing the step of judging that the routing strategy to be detected has route leakage.

Optionally, after determining that the routing policy to be detected has route leakage, the method further includes:

acquiring a filtering parameter of the routing strategy to be detected;

judging whether the filtering parameter is larger than a filtering threshold value;

and if so, carrying out route leakage early warning on the routing strategy to be detected.

Optionally, the filtering parameters include any one or more of the following: duration, influence range, message number and client scale;

the determining whether the filtering parameter is greater than a filtering threshold includes:

if the filtering parameter comprises the duration, calculating a duration filtering threshold according to the duration, and judging whether the duration is greater than the duration filtering threshold;

if the filtering parameter comprises the influence range, calculating a range filtering threshold according to the influence range, and judging whether the influence range is larger than the range filtering threshold;

if the filtering parameters comprise the number of the messages, calculating a number filtering threshold value according to the number of the messages, and judging whether the number of the messages is greater than the number filtering threshold value;

if the filtering parameter comprises the customer scale, calculating a scale filtering threshold according to the customer scale, and judging whether the customer scale is larger than the scale filtering threshold.

In order to achieve the above object, an embodiment of the present invention further provides a device for detecting route leakage, including:

the system comprises a first acquisition module, a second acquisition module and a routing module, wherein the first acquisition module is used for acquiring a to-be-detected routing strategy, and the to-be-detected routing strategy comprises a plurality of routing nodes;

the first determining module is used for respectively determining the business relationship between each routing node in the routing strategy to be detected and the previous routing node of the routing node according to the sequence of each routing node in the routing strategy to be detected;

a second determining module, configured to determine, according to the sequence, a triple corresponding to each routing node, where the triple includes a leakage target, a leakage point, and a leakage source, the leakage target is the routing node, the leakage point is a previous routing node of the routing node, and the leakage source is a previous routing node of the previous routing node;

the first judgment module is used for judging whether the business relationship between the leakage target and the leakage point is a first preset relationship or not; if not, triggering a second judgment module;

the second judgment module is used for judging whether the business relationship between the leakage point and the leakage source is a second preset relationship; if not, triggering a judging module;

and the judging module is used for judging that the routing strategy to be detected has route leakage.

In order to achieve the above object, an embodiment of the present invention further provides an electronic device, including a processor and a memory;

a memory for storing a computer program;

and the processor is used for realizing any one of the route leakage detection methods when executing the program stored in the memory.

By applying the embodiment of the invention, after the business relationship between each routing node in the routing strategy to be detected and the previous routing node of the routing node is determined, if the business relationship between the leakage target and the leakage point in the triple is not the first preset relationship and the business relationship between the leakage point and the leakage source is not the second preset relationship, the routing leakage of the routing strategy to be detected is judged. Compared with the method for matching the routing strategy with the routing strategy in the AS relation data set, the method has the advantages that the business relation between every two adjacent routing nodes is detected, the triple group of each routing node is determined, the business relation in the triple group is detected, and the accuracy of route leakage detection is improved through the multi-detection scheme.

Of course, not all of the advantages described above need to be achieved at the same time in the practice of any one product or method of the invention.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.

Fig. 1 is a first flowchart of a method for detecting route leakage according to an embodiment of the present invention;

fig. 2 is a schematic diagram of four basic forms of route leakage provided by the embodiment of the present invention;

fig. 3 is a schematic flow chart illustrating a process of determining a route leakage form by using triples according to an embodiment of the present invention;

fig. 4 is a schematic flowchart of a second method for detecting route leakage according to an embodiment of the present invention;

fig. 5 is a schematic structural diagram of a route leakage detection apparatus according to an embodiment of the present invention;

fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

In order to achieve the above object, embodiments of the present invention provide a method, an apparatus, and a device for detecting a route leakage, where the method and the apparatus may be applied to various electronic devices, and are not limited specifically, and the method for detecting a route leakage is first described in detail below.

Fig. 1 is a first flowchart of a method for detecting route leakage according to an embodiment of the present invention, where the method includes:

s101: and acquiring a routing strategy to be detected, wherein the routing strategy to be detected comprises a plurality of routing nodes.

For example, in one case, the manner of obtaining the routing policy to be detected may include: the method includes the steps of acquiring a BGP (Border Gateway Protocol) update message monitored by a monitoring point of a BGP routing data acquisition mechanism in real time, analyzing the BGP update message to obtain a routing strategy corresponding to the BGP update message, and taking the routing strategy obtained by analyzing the BGP update message as a routing strategy to be detected. The BGP update message typically includes a source address, a destination address, etc. of the message, from which routing policies may be generated. For example, the source address in the BGP update message is the address of the routing node a, the destination address is the address of the routing node b, and the address of the routing node c and the address of the routing node d appear in the middle of the BGP update message in sequence, so that the routing policy obtained by analyzing the update message is a → c → d → b. The BGP update message monitored by a global BGP monitoring point of an RIPE (resource IP networks coding center, world internet organization) is obtained in real time, and the BGP update message is analyzed to obtain a routing policy corresponding to the BGP update message, and the routing policy obtained by analyzing the BGP update message may be used as a routing policy to be detected.

Or, in another case, a BGP adjacency relation may be established with some websites that record BGP update messages, the BGP update messages are obtained in real time from the websites, the BGP update messages are analyzed to obtain routing policies corresponding to the BGP update messages, the routing policies obtained by analyzing the BGP update messages may be used as the routing policies to be detected, for example, the BGP adjacency relation may be established with an education network, the BGP update messages are obtained in real time from the education network, the BGP update messages are analyzed to obtain routing policies corresponding to the BGP update messages, the routing policies obtained by analyzing the BGP update messages may be used as the routing policies to be detected, and the manner of specifically obtaining the routing policies to be detected is not limited.

The routing policy to be detected includes a plurality of routing nodes, the plurality of routing nodes are sequentially arranged according to a forwarding sequence of the routing, for example, the routing policy to be detected is a, which includes four routing nodes a, b, c, and d, the forwarding sequence of the routing is that the routing node a forwards the routing node c, the routing node c forwards the routing node d, and the routing node d forwards the routing node b, so that the obtained routing policy to be detected a → c → d → b. The number of the routing nodes included in the routing policy to be detected may be 4, 10, and the like, and the number of the routing nodes included in the routing policy to be detected is not limited.

S102: and respectively determining the business relationship between each routing node in the routing strategy to be detected and the routing node before the routing node according to the sequence of each routing node in the routing strategy to be detected.

In one embodiment, S102 may include: aiming at each routing node in the routing strategy to be detected, acquiring a client list of the routing node as a first client list; determining a previous routing node of the routing node according to the sequence of the routing nodes in the routing strategy to be detected; acquiring a client list of a previous routing node as a second client list; judging whether a previous routing node exists in the first client list; judging whether the routing node exists in the second client list or not; if the two routing nodes exist, the business relationship between the routing node and the previous routing node is judged to be a peer-to-peer relationship; if the previous routing node exists in the first customer list and the routing node does not exist in the second customer list, determining that the business relationship between the routing node and the previous routing node is an operator-to-customer relationship; and if the previous routing node does not exist in the first client list and the routing node exists in the second client list, judging that the business relationship between the routing node and the previous routing node is the client-to-operator relationship.

The customer list of the routing node may be understood as a set of adjacent customers of the routing node, that is, the routing node is an adjacent operator of any routing node in its customer list, and the routing node may directly forward data to any routing node in its customer list without passing through other operators.

Wherein the business relationship between the routing nodes comprises: a client-to-operator relationship (C2P, Customer to Provider), an operator-to-client relationship (P2C, Provider to Customer), and a Peer-to-Peer relationship (P2P, Peer to Peer). For example, if the routing node a is the operator of the routing node b, and the routing node b is the client of the routing node a, the business relationship between the routing node a and the routing node b is P2C, and the business relationship between the routing node b and the routing node a is C2P. The business relationship between the routing node a and the routing node b is different from the business relationship between the routing node b and the routing node a; if routing node a is a client of routing node b, and routing node b is also a client of routing node a, then the business relationship between routing node a and routing node b is P2P; alternatively, if routing node a is the operator of routing node b, and routing node b is also the operator of routing node a, then the business relationship between routing node a and routing node b is also P2P.

For example, if the routing nodes and the sequence of the routing nodes included in the routing policy a to be detected are: a → b → c → d → e. Then, the business relationship between each routing node and its previous routing node may be determined sequentially from back to front, for example, for the routing node e in the routing policy a to be detected, the previous routing node of the routing node e may be determined as the routing node d. A client list of the routing node e can be obtained as a first client list; and acquiring a client list of the routing node d as a second client list. If the client list of the routing node e comprises: a routing node d, a routing node f and a routing node g; the client list of the routing node d comprises: a routing node e, a routing node h and a routing node g; then routing node d is present in the customer list of routing node e and routing node e is present in the customer list of routing node d, it can be determined that the business relationship between routing node e and routing node d is P2P. If the client list of the routing node e comprises: a routing node f and a routing node g; the client list of the routing node d comprises: a routing node e, a routing node h and a routing node g; then routing node d is not present in the customer list of routing node e and routing node e is present in the customer list of routing node d, it may be determined that the business relationship between routing node e and routing node d is C2P. If the client list of the routing node e comprises: a routing node d, a routing node f and a routing node g; the client list of the routing node d comprises: a routing node h and a routing node g; then routing node d is present in the customer list of routing node e and routing node e is not present in the customer list of routing node d, it can be determined that the business relationship between routing node e and routing node d is P2C.

In one case, if there is no previous routing node in the first customer list and no routing node in the second customer list, it may be determined that there is no business relationship between the routing node and the previous routing node.

For example, if the routing nodes and the sequence of the routing nodes included in the routing policy a to be detected are: a → b → c → d → e. Then, for the routing node e in the routing policy a to be detected, it may be determined that a previous routing node of the routing node e is the routing node d. A client list of the routing node e can be obtained as a first client list; and acquiring a client list of the routing node d as a second client list. If the client list of the routing node e comprises: a routing node f and a routing node g; the client list of the routing node d comprises: a routing node h and a routing node g; then routing node e is not present in the customer list of routing node e, and routing node e is not present in the customer list of routing node d, it can be determined that no business relationship exists between routing node e and routing node d.

Or, in another case, if it is determined that the previous routing node does not exist in the first client list and the routing node does not exist in the second client list, S102 may further include: acquiring a client set of the routing node as a first client set; judging whether a previous routing node exists in the first client set; if yes, determining that the business relationship between the routing node and the previous routing node is a customer-to-operator relationship; if not, acquiring a client set of the previous routing node as a second client set; judging whether the routing node exists in the second customer set or not; if yes, the business relationship between the routing node and the previous routing node is determined to be an operator-to-customer relationship. If not, the business relationship between the routing node and the previous routing node can be judged to be absent.

The routing node may be one of operators of any routing node in its customer set, and may directly forward the data to any routing node in its customer set, or may forward the data to any routing node in its customer set through multiple other operators.

For example, in the above one embodiment, if the routing nodes and the sequence of the routing nodes included in the routing policy a to be detected are: a → b → c → d → e; then, for the routing node e in the routing policy a to be detected, it may be determined that a previous routing node of the routing node e is a routing node d; the routing node d does not exist in the client list of the routing node e, and the routing node e does not exist in the client list of the routing node d. Then, the customer set of the routing node e may be obtained as the first customer set; if the routing node included in the client set of the routing node e is: routing node d and routing node x, then, routing node d exists in the customer set of routing node e, and it can be determined that the business relationship between routing node e and routing node d is operator-to-customer relationship; if the routing node included in the client set of the routing node e is: routing node x, then, routing node d does not exist in the client set of routing node e, and can obtain the client set of routing node d as the second client set; if the routing node included in the client set of the routing node d is: routing node e and routing node x, then routing node e exists in the customer set of routing node d, and the business relationship between routing node e and routing node d can be judged to be the customer-to-operator relationship; if the routing node included in the client set of the routing node d is: routing node x, then routing node e does not exist in the customer set of routing node d, and it can be determined that no business relationship exists between routing node e and routing node d.

If the business relations between the routing nodes are directly obtained from the AS relation data set, the secret business relations of the private AS providers are not stored in the AS relation data set, and the business relations cannot be obtained from the AS relation data set. In the embodiment, the business relationship between every two adjacent routing nodes in the routing strategy to be detected is deduced by using the client list and the client set, and the deduced business relationship is determined AS the business relationship between the two adjacent routing nodes, so that the condition that the business relationship cannot be acquired due to the confidentiality of a private AS (application server) provider is reduced, and the accuracy of route leakage detection is improved.

S103: and determining a triple corresponding to each routing node according to the sequence, wherein the triple comprises a leakage target, a leakage point and a leakage source, the leakage target is the routing node, the leakage point is a routing node before the routing node, and the leakage source is a routing node before the routing node.

For example, if the obtained routing node and the routing node order included in the routing policy a to be detected are: a → b → c → d → e; then, the triplet corresponding to each routing node may be sequentially determined from back to front, for example, for the routing node e, the triplet corresponding to the routing node e may be determined to be cde according to the sequence, where a leakage target in the triplet is the routing node e, a leakage point in the triplet is the routing node d, and a leakage source in the triplet is the routing node c.

S104: it is determined whether the business relationship between the leakage target and the leakage point is a first predetermined relationship. If not, S105 may be performed.

Wherein the first preset relationship may be a customer-to-operator relationship.

If the business relationship between the leakage target and the leakage point in the triple is the customer-to-operator relationship, it may be determined that the triple does not have a route leakage, and it may be continuously determined whether the business relationship between the leakage target and the leakage point in other triples is the first preset relationship.

In one embodiment, S105 may be directly performed in a case where the determination result of S104 is that the business relationship between the leakage target and the leakage point is not the first preset relationship.

Or, in another embodiment, in the case that the determination result of S104 is that the business relationship between the leakage target and the leakage point is not the first preset relationship, it may be determined whether the business relationship exists between the leakage target and the leakage point, and if not, it may be determined that the route leakage exists in the to-be-detected routing policy; if so, then S105 is performed.

S105: it is determined whether the business relationship between the leakage point and the leakage source is a second predetermined relationship. If not, S106 may be performed.

Wherein the second preset relationship may be an operator-to-customer relationship.

If the business relationship between the leakage point and the leakage source in the triple is the operator-to-customer relationship, it may be determined that the triple does not have a route leakage, and it may be continuously determined whether the business relationship between the leakage target and the leakage point in other triples is the first preset relationship. If the business relationship between the leak point and the leak source in the triplet is not a customer-to-operator relationship, then S106 may be performed.

Therefore, whether the business relationship between the leakage target and the leakage point in the triple is the first preset relationship or not is judged, and whether the business relationship between the leakage point and the leakage source is the second preset relationship or not is judged, so that the tracing process of the route leakage can be understood, when the existence of the route leakage is detected, the subsequent detection process can be stopped, and the detection efficiency of the route leakage is improved.

In one embodiment, after performing S104 and S105, a route leakage form in which the route policy to be detected violates the Valley-free rules at the leakage point may be determined, and in the route policy, the route nodes may be divided into a Provider (Provider), a Peer (Peer), and a client (Customer), and these three may be regarded as a top-down structure. The routing policy needs to satisfy the valley-free criterion, for example, the provider may be regarded as a peak, the peer may be regarded as a mountain foot, and the client may be regarded as a valley, so the valley-free criterion may be understood as that the valley does not forward the routing criterion, wherein the valley-free criterion is divided into three cases: the first condition is that the route is forwarded without passing through the valley bottom, the second condition is that the route is not forwarded after passing through the valley bottom, and the third condition is that the route is forwarded without continuously passing through three mountain feet. These three cases will be explained in turn.

In the first case: route forwarding does not go through the valley. For example, in the case of forwarding the route from the provider a to the provider B, the forwarding route does not pass through the customer, which corresponds to a process from peak to peak, and then from peak to peak, and in this process, does not pass through the valley.

In the second case: the route is not forwarded after passing through the valley. For example, provider a forwards the route to provider B, and provider B forwards the route to the customer, which is equivalent to a process from peak to peak and from peak to valley, and the route is forwarded to valley and then is not forwarded.

In the third case: route forwarding cannot pass through three legs in succession. For example, vendor a forwards a route to its peer vendor B, corresponding to a process from mountain leg to mountain leg, and then vendor B cannot forward a route to its peer vendor C, i.e. cannot go through three mountain legs.

Referring to fig. 2, fig. 2 is a schematic diagram illustrating four basic forms of route leakage according to an embodiment of the present invention. Wherein the solid lines represent forwarding routes and the dashed lines represent route leakage. Leak type 1: as shown in fig. 2(a), operator 1 forwards the route to the customer, who reveals the route to operator 2. Leak type 2: as shown in fig. 2(b), operator 1 forwards the route to its peer operator 2, and operator 2 reveals the route to its peer operator 3. Leak type 3: as shown in fig. 2(c), the operator forwards the route to client 1, which client 1 reveals the route to its peer client 2. Leak type 4: as shown in fig. 2(d), client 1 forwards the route to its peer client 2, which client 2 reveals the route to the operator. The leakage type 1, the leakage type 3 and the leakage type 4 are that the route is forwarded again after passing through the valley bottom, so that the valley-free rule is violated, and the route leakage is caused; the leakage type 2 is that route leakage is caused because route forwarding passes through three legs consecutively, and thus a valley-free criterion is violated.

Fig. 3 may be referred to for specifically determining a route leakage form of a route policy to be detected at a leakage point, where fig. 3 is a schematic flow chart of determining the route leakage form by using triples according to an embodiment of the present invention, and the method includes:

s301: a determination is made as to whether the relationship between the leakage target and the leakage point in the triplet is C2P. If not, go to step S302.

S302: a determination is made as to whether the business relationship between the leak point and the leak source in the triplet is P2C. If not, one of steps S303-S306 may be performed based on the business relationship between the leakage target and the leakage point and the business relationship between the leakage point and the leakage source.

If the commercial relationship between the leakage target and the leakage point is P2P and the commercial relationship between the leakage point and the leakage source is P2P (denoted as P2P-P2P in fig. 3), then S303 is performed; if the commercial relationship between the leakage target and the leakage point is P2P and the commercial relationship between the leakage point and the leakage source is C2P (denoted as P2P-C2P in fig. 3), S304 is performed; if the commercial relationship between the leakage target and the leakage point is P2C and the commercial relationship between the leakage point and the leakage source is P2P (denoted as P2C-P2P in fig. 3), S305 is performed; if the commercial relationship between the leakage target and the leakage point is P2C and the commercial relationship between the leakage point and the leakage source is C2P (denoted as P2C-C2P in fig. 3), S306 is performed.

S303: and determining the route leakage type to be leakage type 2.

If the commercial relationship between the leak target and the leak source is P2P and the commercial relationship between the leak source and the leak source is P2P, then the route leak type may be determined to be leak type 2.

S304: and determining the route leakage type as leakage type 3.

If the commercial relationship between the leak target and the leak source is P2P and the commercial relationship between the leak source and the leak source is C2P, then the route leak type may be determined to be leak type 3.

S305: and determining the route leakage type to be leakage type 4.

If the commercial relationship between the leak target and the leak source is P2C and the commercial relationship between the leak source and the leak source is P2P, then the route leak type may be determined to be leak type 4.

S306: and determining the route leakage type to be leakage type 1.

If the commercial relationship between the leak target and the leak source is P2C and the commercial relationship between the leak source and the leak source is C2P, then the route leak type may be determined to be leak type 1.

In one embodiment, S106 may be performed directly after determining in S105 that the commercial relationship between the leakage point and the leakage source is not the second predetermined relationship.

Alternatively, in another embodiment, after S105, the method may further include: searching the occurrence frequency corresponding to the routing strategy matched with the routing strategy to be detected in a pre-stored stable routing library as a target occurrence frequency; the stable routing library comprises a plurality of routing strategies and corresponding occurrence times; judging whether the occurrence frequency of the target is greater than a preset number threshold value or not; if not, go to step S106.

In one case, a BGP table recorded by monitoring points of a BGP routing data acquisition mechanism may be obtained, the BGP table is analyzed to obtain multiple routing policies and prefixes corresponding to the routing policies recorded in the BGP table, the routing policies obtained through the analysis are reordered, and prefixes of each routing policy are subjected to Cyclic Redundancy Check, for example, prefixes of each routing policy are subjected to CRC (Cyclic Redundancy Check) 16 hashing, so as to reduce errors that may occur after the routing policies are recorded. And recording the occurrence times of a plurality of routing strategies appearing in the BGP table and corresponding to each non-repeated routing strategy in a stable routing library. For example, a BGP table recorded by global BGP monitoring points of the RIPE may be obtained, the BGP table is analyzed, the routing policies obtained by the analysis are reordered, and the occurrence times of multiple routing policies appearing in the BGP table and corresponding to each non-duplicate routing policy are recorded in the stable routing library.

Or, in another case, a BGP adjacency may be established with some websites that record a BGP table, the BGP table recorded by the websites is obtained, the BGP table is analyzed, the routing policies obtained by the analysis are reordered, and cyclic redundancy check is performed on the prefixes of each routing policy, for example, CRC16 hashing is performed on the prefixes of each routing policy, so as to reduce errors that may occur after the routing policies are recorded. And recording the occurrence times of a plurality of routing strategies appearing in the BGP table and corresponding to each non-repeated routing strategy in a stable routing library. If a BGP adjacency relation with the education network can be established, a BGP table recorded by the education network is obtained, the BGP table is analyzed, the routing policies obtained by the analysis are reordered, the occurrence times of a plurality of routing policies appearing in the BGP table and corresponding to each nonrepeating routing policy are recorded in the stable routing library, and the like, the specific manner of establishing the stable routing library is not limited.

For example, if the number of occurrences of the routing policy a is 3, the number of occurrences of the routing policy B is 2, and the number of occurrences of the routing policy C is 4 in the stable routing library. If the routing strategy to be detected is successfully matched with the routing strategy C, the target occurrence frequency is 4. If the preset quantity threshold is 3 times, the occurrence frequency of the target is greater than the preset quantity threshold, the routing strategy to be detected can be determined to be a routing strategy which exists stably, and no routing leakage exists; if the preset number threshold is 5 times, the number of times of occurrence of the target is not greater than the preset number threshold, and S106 may be executed. The preset number threshold may be 3 times, 5 times, and the like, and the specific preset number threshold is not limited.

In the above embodiment, the business relationship between the routing nodes is inferred by using the client list and the client set, and the inference method may have an inference error to a certain extent, and the inference error may cause a deviation of the inferred business relationship, and the deviation may affect the accuracy of performing the route leakage detection on the routing policy to be detected by using the triplet. In this embodiment, the number of occurrences corresponding to the routing policy that matches the routing policy to be detected is searched in the stable routing library, and if the number of occurrences is greater than the preset number threshold, it means that the routing policy to be detected belongs to the routing policy that exists stably, and no route leakage occurs, and for the routing policy whose number of occurrences is not greater than the preset number threshold, it is determined that the routing policy has a route leakage.

S106: and judging that the routing strategy to be detected has route leakage.

In one embodiment, S106 may further include: acquiring a filtering parameter of a routing strategy to be detected; judging whether the filtering parameter is larger than a filtering threshold value; if yes, route leakage early warning can be conducted on the routing strategy to be detected.

Wherein, the filtering parameter may include any one or more of the following: duration, impact range, number of messages, and client size.

The duration may be understood as a time interval from the occurrence of the route leakage to the termination of the route leakage of a certain routing policy, and the manner of obtaining the duration may be: at least two BGP update messages corresponding to a route leakage event of a certain routing strategy are obtained, the duration is calculated through the BGP update messages, and the like, and the specific mode of obtaining the duration is not limited. The influence range can be understood as the number of monitoring points for detecting a route leakage event of a certain routing strategy, and the manner for acquiring the influence range can be as follows: determining the number of detection points for detecting a route leakage event of a certain routing policy, taking the number as an influence range of the route leakage event of the routing policy, and the like, wherein a specific manner for acquiring the influence range is not limited. The number of the messages may be understood as the number of BGP update messages corresponding to a route leakage event of a certain routing policy, the number of the messages may reflect a network fluctuation degree caused by the route leakage, and the manner of obtaining the number of the messages may be: and acquiring a BGP update message, counting BGP update messages corresponding to the route leakage, and so on, and the specific manner of acquiring the number of messages of the route leakage is not limited. The client size can be understood as the number of routing nodes in a client list of a certain leakage point in the routing strategy, and the manner of obtaining the client size can be as follows: determining the number of routing nodes in the client list corresponding to the leakage point as the client scale, and the like, wherein the specific manner for obtaining the client scale is not limited.

In one case, if the filtering parameter includes the duration, a duration filtering threshold is calculated according to the duration, and whether the duration is greater than the duration filtering threshold is determined.

For example, the duration filtering threshold may be calculated using the following equation: the duration filtering threshold is equal to the current threshold + (duration average value-current threshold on the day) x the number of events/10. The current threshold may be understood as a time length filtering threshold obtained by last calculation, the average value of the duration of the day may be understood as an average value of the duration of a plurality of route leakage events in the day, and the number of events may be understood as the number of times of the route leakage events. For example, if the current threshold is 15 minutes, the average value of the duration of the current day after the duration of the current day is calculated is 16 minutes, and if 10 route leakage events occur, the time filtering threshold is calculated to be 16 minutes. If the duration of the obtained routing strategy to be detected is 17 minutes, the duration is greater than the duration filtering threshold, and routing leakage early warning can be performed on the routing strategy to be detected.

Or, in another case, if the filtering parameter includes the influence range, calculating a range filtering threshold according to the influence range, and determining whether the influence range is greater than the range filtering threshold.

For example, the range filter threshold may be calculated using the following equation: the range filter threshold is current threshold + (average of the range of influence on the day-current threshold) x number of events/10. The current threshold may be understood as a range filtering threshold obtained by the last calculation, the average value of the influence ranges of the current day may be understood as an average value of the influence ranges of a plurality of route leakage events in a day, and the number of events may be understood as the number of times of the route leakage events. For example, if the current threshold is 20 monitoring points, the average value of the current day influence range after the current duration range is calculated is 19 monitoring points, and if 10 route leakage events occur, the range filtering threshold is calculated to be 19 monitoring points. If the influence range of the obtained routing strategy to be detected is 20 monitoring points, the influence range is larger than the range filtering threshold value, and routing leakage early warning can be carried out on the routing strategy to be detected.

Or, in another case, if the filtering parameter includes the number of the messages, calculating a number filtering threshold according to the number of the messages, and judging whether the number of the messages is greater than the number filtering threshold.

For example, the number filter threshold may be calculated using the following equation: the number filtering threshold is current threshold + (average value of number of messages on the same day-current threshold) x number of events/10. The current threshold may be understood as a number filtering threshold obtained by the last calculation, the average value of the number of messages on the current day may be understood as an average value of the number of update messages of a plurality of route leakage events in a day, and the number of events may be understood as the number of times of occurrence of the route leakage events. For example, if the current threshold is 200, the average value of the number of the messages on the same day after the number of the messages of the route leakage event of the route strategy to be detected is calculated is 210, and if 10 route leakage events occur, the number filtering threshold obtained by calculation is 210. If the number of the messages of the route leakage event of the to-be-detected route strategy is 220, the number of the messages is larger than the number filtering threshold value, and route leakage early warning can be carried out on the to-be-detected route strategy.

Or, in another case, if the filtering parameter includes the client size, the size filtering threshold is calculated according to the client size, and whether the client size is larger than the size filtering threshold is determined.

For example, the scale filtering threshold may be calculated using the following equation: the size filtering threshold is ═ current threshold + (average value of size on the day-current threshold) x number of events/10. The current threshold may be understood as a size filtering threshold calculated last time, the average value of the scale of the day may be understood as an average value of the client scales of a plurality of route leakage events in the day, and the number of events may be understood as the number of times of occurrence of the route leakage events. For example, if the current threshold is 200 clients, the average value of the current day scale after the current client scale is calculated is 202 clients, and if 10 route leakage events occur, the scale filtering threshold is 202 clients. If the scale of the clients acquiring the routing strategy to be detected is 210 clients, the client scale is larger than the scale filtering threshold, and routing leakage early warning can be performed on the routing strategy to be detected.

In one case, the route leakage warning may be performed on the routing policy to be detected, for example, an early warning mail may be sent to a related organization, an early warning short message may be sent to a related technician, and the like.

Or, in another case, in the above one implementation, the route leakage form of the routing policy to be detected is determined by using the triplet, then, an early warning mail containing the route leakage form may be sent to a relevant mechanism, an early warning short message containing the route leakage form may be sent to a relevant technician, and the like, and the specific way of performing the route leakage early warning on the routing policy to be detected is not limited.

In some related schemes, when a routing policy is detected to have a routing leakage, a routing leakage early warning is directly sent to related mechanisms or related technical personnel, and since some routing leakage events cannot cause large influence and can be automatically repaired, early warning of the routing leakage can cause the related technical personnel to spend too much time on processing the routing leakage, and some routing leakage events which easily cause large influence cannot be processed in time. In the embodiment, the routing strategy is filtered by using the filtering parameters, so that the leakage of the route with small influence is not pre-warned, the leakage of the route with large influence is pre-warned, and the workload of related technical personnel is reduced.

Fig. 4 is a second flowchart of the method for detecting route leakage according to the embodiment of the present invention, where the method includes:

s401: and acquiring a routing strategy to be detected, wherein the routing strategy to be detected comprises a plurality of routing nodes.

For example, in one case, the manner of obtaining the routing policy to be detected may include: the method comprises the steps of acquiring a BGP update message monitored by a monitoring point of a BGP routing data acquisition mechanism in real time, analyzing the BGP update message to obtain a routing strategy corresponding to the BGP update message, and taking the routing strategy obtained by analyzing the BGP update message as a routing strategy to be detected. The BGP update message typically includes a source address, a destination address, etc. of the message, from which routing policies may be generated. For example, the source address in the BGP update message is the address of the routing node a, the destination address is the address of the routing node b, and the address of the routing node c and the address of the routing node d appear in the middle of the BGP update message in sequence, so that the routing policy obtained by analyzing the update message is a → c → d → b. The BGP update message monitored by the global BGP monitoring point of the RIPE is obtained in real time, the BGP update message is analyzed to obtain a routing strategy corresponding to the BGP update message, and the routing strategy obtained by analyzing the BGP update message can be used as a routing strategy to be detected.

S402: aiming at each routing node in the routing strategy to be detected, acquiring a client list of the routing node as a first client list; determining a previous routing node of the routing node according to the sequence of the routing nodes in the routing strategy to be detected; and acquiring a client list of the previous routing node as a second client list.

For example, if the routing nodes and the sequence of the routing nodes included in the routing policy a to be detected are: a → b → c → d → e. Then, the business relationship between each routing node and its previous routing node may be determined sequentially from back to front, for example, for the routing node e in the routing policy a to be detected, the previous routing node of the routing node e may be determined as the routing node d. A client list of the routing node e can be obtained as a first client list; and acquiring a client list of the routing node d as a second client list.

S403: judging whether a previous routing node exists in the first client list; it is determined whether the routing node exists in the second customer list. If both exist, S404 may be executed; if only one exists, S405 may be performed.

For example, if the client list of routing node e includes: a routing node d, a routing node f and a routing node g; the client list of the routing node d comprises: a routing node e, a routing node h and a routing node g; then routing node d exists in the client list of routing node e and routing node e exists in the client list of routing node d, S404 may be performed. If the client list of the routing node e comprises: a routing node f and a routing node g; the client list of the routing node d comprises: a routing node e, a routing node h and a routing node g; then routing node d does not exist in the customer list of routing node e and routing node e exists in the customer list of routing node d, S405 may be performed. If the client list of the routing node e comprises: a routing node d, a routing node f and a routing node g; the client list of the routing node d comprises: a routing node h and a routing node g; then routing node d exists in the customer list of routing node e and routing node e does not exist in the customer list of routing node d, S405 may be performed.

S404: determining that the business relationship between the routing node and the previous routing node is a peer-to-peer relationship.

For example, if routing node d exists in the client list of routing node e, and routing node e exists in the client list of routing node d, it can be determined that the business relationship between routing node e and routing node d is P2P.

S405: if the previous routing node exists in the first customer list and the routing node does not exist in the second customer list, determining that the business relationship between the routing node and the previous routing node is an operator-to-customer relationship; and if the previous routing node does not exist in the first client list and the routing node exists in the second client list, judging that the business relationship between the routing node and the previous routing node is the client-to-operator relationship.

For example, if routing node d does not exist in the client list of routing node e and routing node e exists in the client list of routing node d, it can be determined that the business relationship between routing node e and routing node d is C2P. If the routing node d exists in the client list of the routing node e and the routing node e does not exist in the client list of the routing node d, it can be determined that the business relationship between the routing node e and the routing node d is P2C.

If the business relations between the routing nodes are directly obtained from the AS relation data set, the secret business relations of the private AS providers are not stored in the AS relation data set, and the business relations cannot be obtained from the AS relation data set. In the embodiment, the client list is used for deducing the business relationship between every two adjacent routing nodes in the routing strategy to be detected, and the deduced business relationship is determined AS the business relationship between the two adjacent routing nodes, so that the condition that the business relationship cannot be acquired due to the confidentiality of a private AS (application server) provider is reduced, and the accuracy of route leakage detection is improved.

S406: and determining a triple corresponding to each routing node according to the sequence, wherein the triple comprises a leakage target, a leakage point and a leakage source, the leakage target is the routing node, the leakage point is a routing node before the routing node, and the leakage source is a routing node before the routing node.

For example, if the obtained routing node and the routing node order included in the routing policy a to be detected are: a → b → c → d → e; then, the triple corresponding to each routing node may be sequentially determined from back to front, for example, for the routing node e, it may be determined according to the sequence that the triple corresponding to the routing node e is the triple corresponding to the routing node e, where a leakage target in the triple is the routing node e, a leakage point in the triple is the routing node d, and a leakage source in the triple is the routing node c.

S407: it is determined whether the business relationship between the leakage target and the leakage point is a first predetermined relationship. If not, S408 may be performed.

In one embodiment, S408 may be directly performed in a case where the determination result of S407 is that the business relationship between the leakage target and the leakage point is not the first preset relationship.

Or, in another embodiment, in the case that the determination result in S407 is that the business relationship between the leakage target and the leakage point is not the first preset relationship, it may be determined whether the business relationship exists between the leakage target and the leakage point, and if not, it may be determined that the route leakage exists in the to-be-detected routing policy; if so, then S408 is performed.

S408: it is determined whether the business relationship between the leakage point and the leakage source is a second predetermined relationship. If not, S409 may be performed.

If the business relationship between the leakage point and the leakage source in the triple is the operator-to-customer relationship, it may be determined that the triple does not have a route leakage, and it may be continuously determined whether the business relationship between the leakage target and the leakage point in other triples is the first preset relationship. If the business relationship between the leakage point and the leakage source in the triplet is not a customer-to-operator relationship, then S409 may be performed.

S409: searching the occurrence frequency corresponding to the routing strategy matched with the routing strategy to be detected in a pre-stored stable routing library as a target occurrence frequency; the stable routing library comprises a plurality of routing strategies and corresponding occurrence times.

The method comprises the steps of obtaining a BGP table recorded by monitoring points of a BGP routing data acquisition mechanism, analyzing the BGP table to obtain a plurality of routing strategies recorded in the BGP table and prefixes corresponding to the routing strategies, reordering the analyzed routing strategies, and performing cyclic redundancy check on the prefixes of each routing strategy, for example, performing CRC16 hash on the prefixes of each routing strategy to reduce errors possibly occurring after the routing strategies are recorded. And recording the occurrence times of a plurality of routing strategies appearing in the BGP table and corresponding to each non-repeated routing strategy in a stable routing library. For example, a BGP table recorded by global BGP monitoring points of the RIPE may be obtained, the BGP table is analyzed, the routing policies obtained by the analysis are reordered, and the occurrence times of multiple routing policies appearing in the BGP table and corresponding to each non-duplicate routing policy are recorded in the stable routing library. Or, a BGP adjacency may be established with some websites that record a BGP table, the BGP table recorded by the websites is obtained, the BGP table is analyzed, the routing policies obtained by the analysis are reordered, and a cyclic redundancy check is performed on the prefix of each routing policy, for example, CRC16 hashing is performed on the prefix of each routing policy, so as to reduce errors that may occur after the routing policies are recorded. And recording the occurrence times of a plurality of routing strategies appearing in the BGP table and corresponding to each non-repeated routing strategy in a stable routing library. If a BGP adjacency relation with the education network can be established, a BGP table recorded by the education network is obtained, the BGP table is analyzed, the routing policies obtained by the analysis are reordered, the occurrence times of a plurality of routing policies appearing in the BGP table and corresponding to each nonrepeating routing policy are recorded in the stable routing library, and the like, the specific manner of establishing the stable routing library is not limited.

For example, if the number of occurrences of the routing policy a is 3, the number of occurrences of the routing policy B is 2, and the number of occurrences of the routing policy C is 4 in the stable routing library. If the routing strategy to be detected is successfully matched with the routing strategy C, the target occurrence frequency is 4.

S410: and judging whether the target occurrence frequency is greater than a preset number threshold value or not. If not, S411 may be executed.

The preset number threshold may be 3 times, 5 times, and the like, and the specific preset number threshold is not limited.

For example, if the number of times of occurrence of the target in S409 is 4, and if the preset number threshold is 3, the number of times of occurrence of the target is greater than the preset number threshold, it may be determined that the routing policy to be detected is a routing policy that exists stably, and there is no route leakage; if the preset number threshold is 5 times, the number of times of occurrence of the target is not greater than the preset number threshold, S411 may be executed.

S411: and judging that the routing strategy to be detected has route leakage.

In the above embodiment, the customer list is used to infer the business relationship between the routing nodes, and this inference method may have an inference error to a certain extent, where this error may cause a deviation in the inferred business relationship, and this deviation may affect the accuracy of performing the route leakage detection on the routing policy to be detected by using the triplet. In this embodiment, the number of occurrences corresponding to the routing policy that matches the routing policy to be detected is searched in the stable routing library, and if the number of occurrences is greater than the preset number threshold, it means that the routing policy to be detected belongs to the routing policy that exists stably, and no route leakage occurs, and for the routing policy whose number of occurrences is not greater than the preset number threshold, it is determined that the routing policy has a route leakage.

Corresponding to the foregoing method embodiment, an embodiment of the present invention further provides a device for detecting route leakage, as shown in fig. 5, including:

a first obtaining module 501, configured to obtain a routing policy to be detected, where the routing policy to be detected includes a plurality of routing nodes;

a first determining module 502, configured to determine, according to a sequence of each routing node in the routing policy to be detected, a business relationship between each routing node in the routing policy to be detected and a routing node before the routing node;

a second determining module 503, configured to determine, according to the sequence, a triplet corresponding to each routing node, where the triplet includes a leakage target, a leakage point, and a leakage source, the leakage target is the routing node, the leakage point is a previous routing node of the routing node, and the leakage source is a previous routing node of the previous routing node;

a first determining module 504, configured to determine whether a business relationship between the leakage target and the leakage point is a first preset relationship; if not, triggering a second judgment module;

a second determining module 505, configured to determine whether a business relationship between the leakage point and the leakage source is a second preset relationship; if not, the decision module 506 is triggered;

and the determining module 506 is configured to determine that the routing policy to be detected has a route leakage.

In one embodiment, the first determining module 502 includes: a first obtaining sub-module, a determining sub-module, a second obtaining sub-module, and a first determining sub-module (not shown in the figure), wherein,

a first obtaining submodule, configured to obtain, for each routing node in the to-be-detected routing policy, a client list of the routing node as a first client list;

the determining submodule is used for determining a routing node before the routing node according to the sequence of the routing nodes in the routing strategy to be detected;

a second obtaining submodule, configured to obtain a client list of the previous routing node, where the client list is used as a second client list;

a first judging submodule, configured to judge whether the previous routing node exists in the first client list; judging whether the routing node exists in the second client list or not; if the two routing nodes exist, judging that the business relationship between the routing node and the previous routing node is a peer-to-peer relationship; if the former routing node exists in the first customer list and the routing node does not exist in the second customer list, determining that the business relationship between the routing node and the former routing node is an operator-to-customer relationship; and if the former routing node does not exist in the first customer list and the routing node exists in the second customer list, determining that the business relationship between the routing node and the former routing node is a customer-to-operator relationship.

In one embodiment, the first determining module 502 further comprises: a third obtaining sub-module, a second judging sub-module, a fourth obtaining sub-module, and a third judging sub-module (not shown in the figure), wherein,

the first determining submodule is further configured to trigger a third obtaining submodule if it is determined that the previous routing node does not exist in the first client list and the routing node does not exist in the second client list;

a third obtaining submodule, configured to obtain a client set of the routing node as a first client set;

a second judging submodule, configured to judge whether the previous routing node exists in the first customer set; if yes, determining that the business relationship between the routing node and the previous routing node is the relationship from the client to the operator; if not, triggering a fourth acquisition module;

a fourth obtaining submodule, configured to obtain a client set of the previous routing node as a second client set;

a third judging submodule, configured to judge whether the routing node exists in the second client set; if yes, determining that the business relationship between the routing node and the previous routing node is the operator-to-customer relationship.

In one embodiment, the apparatus further comprises: a searching module, a third judging module (not shown in the figure), wherein,

the searching module is used for searching the occurrence frequency corresponding to the routing strategy matched with the routing strategy to be detected in a pre-stored stable routing library as the target occurrence frequency; the stable routing library comprises a plurality of routing strategies and corresponding occurrence times thereof;

the third judging module is used for judging whether the target occurrence frequency is greater than a preset number threshold value or not; if not, the decision block 506 is triggered.

In one embodiment, the apparatus further comprises: a second obtaining module, a fourth judging module, and an early warning module (not shown in the figure), wherein,

the second acquisition module is used for acquiring the filtering parameters of the routing strategy to be detected;

the fourth judging module is used for judging whether the filtering parameter is larger than a filtering threshold value; if yes, triggering an early warning module;

and the early warning module is used for carrying out route leakage early warning on the to-be-detected route strategy.

In one embodiment, the filtering parameters include any one or more of: duration, influence range, message number and client scale; the fourth determining module is specifically configured to:

An embodiment of the present invention further provides an electronic device, as shown in fig. 6, including a processor 601 and a memory 602,

a memory 602 for storing a computer program;

the processor 601 is configured to implement any one of the above-described route leakage detection methods when executing the program stored in the memory 602.

The Memory mentioned in the above electronic device may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.

The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.

In still another embodiment of the present invention, a computer-readable storage medium is further provided, in which a computer program is stored, and the computer program, when executed by a processor, implements the steps of any of the above-mentioned route leakage detection methods.

In yet another embodiment, a computer program product containing instructions is provided, which when run on a computer, causes the computer to perform any of the route leakage detection methods of the above embodiments.

In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.

It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, apparatus embodiments, device embodiments, computer-readable storage medium embodiments, and computer program product embodiments are described for simplicity as they are substantially similar to method embodiments, where relevant, reference may be made to some descriptions of method embodiments.

The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.

Claims

1. A method for detecting a route leakage, comprising:

if not, judging that the routing strategy to be detected has route leakage.

2. The method according to claim 1, wherein the determining, according to the sequence of the routing nodes in the routing policy to be detected, the business relationship between each routing node in the routing policy to be detected and a routing node before the routing node, respectively, comprises:

3. The method of claim 2, further comprising:

4. The method of claim 1, wherein said determining if the business relationship between the leakage point and the leakage source is a second predetermined relationship further comprises:

5. The method according to claim 1, wherein after determining that there is a route leakage in the routing policy to be detected, the method further comprises:

acquiring a filtering parameter of the routing strategy to be detected;

6. The method of claim 5, wherein the filtering parameters include any one or more of: duration, influence range, message number and client scale;

7. A route leakage detection apparatus, comprising:

8. An electronic device comprising a processor and a memory;

a memory for storing a computer program;

a processor for implementing the method steps of any of claims 1-6 when executing a program stored in the memory.