CN116527294A - Method, device, equipment and medium for intercepting route prefix of border gateway protocol - Google Patents
Method, device, equipment and medium for intercepting route prefix of border gateway protocol Download PDFInfo
- Publication number
- CN116527294A CN116527294A CN202211536249.5A CN202211536249A CN116527294A CN 116527294 A CN116527294 A CN 116527294A CN 202211536249 A CN202211536249 A CN 202211536249A CN 116527294 A CN116527294 A CN 116527294A
- Authority
- CN
- China
- Prior art keywords
- message
- bgp
- sub
- interception
- illegal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 62
- 230000005540 biological transmission Effects 0.000 claims abstract description 16
- 238000004590 computer program Methods 0.000 claims description 16
- 238000012545 processing Methods 0.000 claims description 10
- 239000004973 liquid crystal related substance Substances 0.000 claims description 7
- 230000004044 response Effects 0.000 claims description 6
- 230000000694 effects Effects 0.000 abstract description 6
- 101000586272 Mus musculus Osteocalcin-2 Proteins 0.000 description 15
- 102100024533 Carcinoembryonic antigen-related cell adhesion molecule 1 Human genes 0.000 description 14
- 101000981093 Homo sapiens Carcinoembryonic antigen-related cell adhesion molecule 1 Proteins 0.000 description 14
- 238000010586 diagram Methods 0.000 description 12
- 238000004891 communication Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 239000003795 chemical substances by application Substances 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
Abstract
The embodiment of the invention provides a method, a device, equipment and a medium for intercepting a routing prefix of a border gateway protocol, wherein the method comprises the following steps: before Border Gateway Protocol (BGP) message transmission, at least one BGP sub-message is obtained according to an original BGP message to be transmitted; determining whether the BGP sub-message is an illegal message according to the BGP sub-message and in combination with a preset interception matching rule; and if the BGP sub-message is an illegal message, intercepting the BGP sub-message. Before BGP message transmission, the method disassembles the original BGP message into a plurality of BGP sub-messages, then matches the interception matching rules for each BGP sub-message, and determines the BGP sub-message as an illegal message and intercepts when the BGP sub-message is matched with the interception matching rules. By disassembling the original BGP message, the routing prefix is deeply positioned, so that the routing prefix is accurately intercepted, the original BGP session is prevented from being influenced, normal use of session connection is ensured, and a good effect is achieved.
Description
Technical Field
The present invention relates to the field of network technologies, and in particular, to a method, an apparatus, a device, and a medium for intercepting a routing prefix of a border gateway protocol.
Background
The border gateway protocol (BorderGatewayProtocol, BGP) is an inter-autonomous system (AutonomousSystem, AS) routing protocol. BGP route prefix interception is typically performed for cases of BGP route prefix counterfeiting or BGP route counterweight. The existing BGP route prefix interception scheme can only process and intercept BGP session flows, and cannot accurately intercept specific route prefixes, which can cause a large number of retransmission packets of BGP sessions and affect normal use of the network.
Disclosure of Invention
The embodiment of the invention provides a method, a device, equipment and a medium for intercepting a routing prefix of a border gateway protocol, which realize accurate interception of the routing prefix, avoid influencing the original BGP session, ensure normal use of session connection and have better effect.
In a first aspect, an embodiment of the present invention provides a method for intercepting a routing prefix of a border gateway protocol, where the method includes:
before Border Gateway Protocol (BGP) message transmission, at least one BGP sub-message is obtained according to an original BGP message to be transmitted;
determining whether the BGP sub-message is an illegal message according to the BGP sub-message and in combination with a preset interception matching rule;
and if the BGP sub-message is an illegal message, intercepting the BGP sub-message.
In a second aspect, an embodiment of the present invention provides a border gateway protocol routing prefix interception device, where the device includes:
the acquisition module is used for acquiring at least one BGP sub-message according to the original BGP message to be transmitted before the BGP message is transmitted;
the judging module is used for determining whether the BGP sub-message is an illegal message according to the BGP sub-message and combining a preset interception matching rule;
and the interception module is used for intercepting the BGP sub-message if the BGP sub-message is an illegal message.
In a third aspect, an embodiment of the present invention further provides an electronic device, including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein, the liquid crystal display device comprises a liquid crystal display device,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the border gateway protocol routing prefix interception method as provided by the embodiments of the first aspect.
In a fourth aspect, embodiments of the present invention also provide a storage medium containing computer executable instructions which, when executed by a computer processor, are adapted to carry out the border gateway protocol routing prefix interception method as described in the embodiments of the first aspect.
The embodiment of the invention provides a method, a device, equipment and a medium for intercepting a routing prefix of a border gateway protocol, wherein the method comprises the following steps: before Border Gateway Protocol (BGP) message transmission, at least one BGP sub-message is obtained according to an original BGP message to be transmitted; determining whether the BGP sub-message is an illegal message according to the BGP sub-message and in combination with a preset interception matching rule; and if the BGP sub-message is an illegal message, intercepting the BGP sub-message. According to the technical scheme, before BGP message transmission, an original BGP message is disassembled into a plurality of BGP sub-messages, then each BGP sub-message is matched with the interception matching rule, and when the BGP sub-message is matched with the interception matching rule, the BGP sub-message is determined to be an illegal message and intercepted. In comparison with the prior art that whether the original BGP message is illegal or not is judged as a whole, the technical scheme is characterized in that the original BGP message is disassembled, a certain route prefix is deeply positioned, the route prefix is accurately intercepted, the original BGP session is prevented from being influenced, the normal use of session connection is ensured, and a good effect is achieved.
It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the invention or to delineate the scope of the invention. Other features of the present invention will become apparent from the description that follows.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of a method for intercepting a routing prefix of a border gateway protocol according to a first embodiment of the present invention;
fig. 2a is a flow chart of another method for intercepting a routing prefix of a border gateway protocol according to a second embodiment of the present invention;
fig. 2b is an exemplary diagram of original BGP message disassembly in a method for intercepting a routing prefix of a border gateway protocol according to a second embodiment of the present invention;
fig. 2c is an exemplary diagram of route prefix matching in a method for intercepting route prefixes of a border gateway protocol according to a second embodiment of the present invention;
fig. 2d is an exemplary diagram of accurately intercepting an illegal sub-packet in a method for intercepting a routing prefix of a border gateway protocol according to a second embodiment of the present invention;
fig. 2e is a flowchart illustrating a method for intercepting a routing prefix of a border gateway protocol according to a second embodiment of the present invention;
fig. 3 is a schematic structural diagram of a border gateway protocol routing prefix interception device according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device according to a fourth embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
It should be noted that the terms "original," "target," and the like in the description and claims of the present invention and the above-described drawings are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example 1
Fig. 1 is a schematic flow chart of a method for intercepting a border gateway protocol routing prefix according to a first embodiment of the present invention, where the method is applicable to a case of intercepting a border gateway protocol routing prefix, and the method may be performed by a border gateway protocol routing prefix intercepting device, and the device may be implemented in a hardware and/or software form and may be configured in an electronic device. As shown in fig. 1, the method for intercepting a routing prefix of a border gateway protocol according to the first embodiment may specifically include the following steps:
s110, before the border gateway protocol BGP message is transmitted, at least one BGP sub-message is obtained according to the original BGP message to be transmitted.
The border gateway protocol BGP is a core decentralized autonomous routing protocol on the internet. The reachability among autonomous systems AS is realized by maintaining an Internet protocol routing table or a prefix table, and belongs to a vector routing protocol. Considering that BGP messages may have a case of BGP route prefix counterfeiting during transmission or a case of configuration repetition when a user configures a route prefix, in this embodiment, route prefix interception needs to be performed in the above case to intercept illegal messages.
In the prior art, when the illegal message is intercepted, an integral BGP message is intercepted. One BGP message may contain one or more BGP sub-messages, each containing a routing prefix. In the prior art, if the BGP message contains the routing prefix to be intercepted according to the routing prefix to be intercepted, the entire BGP message is intercepted. It may be understood that one BGP message may include a plurality of routing prefixes, if a portion of the routing prefixes in the entire BGP message are incorrect, the entire BGP message may be intercepted, precise processing may not be performed, and a BGP session may not be continuously maintained, which may cause a large number of retransmission packets for the BGP session, and even session interruption occurs.
In this embodiment, a BGP message is disassembled and divided into a plurality of BGP sub-messages, where each BGP sub-message includes a routing prefix, and the routing prefix that needs to be intercepted is further matched for each BGP sub-message. In this embodiment, the BGP message to be transmitted is recorded as an original BGP message, and the original BGP message is disassembled to obtain a BGP sub-message. Specifically, the original BGP message to be transmitted is disassembled, so as to obtain at least one BGP sub-message. The original BGP message may be disassembled according to a minimum unit. After the whole original BGP message is disassembled into BGP sub-messages, accurate route prefix interception can be performed based on the BGP sub-messages. It should be noted that the header of the original BGP message is consistent with the header of the disassembled BGP sub-message, and the difference is that the application layer message is different.
S120, according to the BGP sub-message, whether the BGP sub-message is an illegal message is determined by combining a preset interception matching rule.
In this embodiment, after the original BGP message is disassembled into a plurality of BGP sub-messages, for each BGP sub-message, it is determined whether each BGP sub-message is an illegal message. In this embodiment, an interception matching rule is preset to determine whether each BGP sub-packet is an illegal packet. The preset interception matching rule specifically comprises a keyword and a field which need interception, wherein the keyword mainly comprises an intercepted message type, and the field at least comprises an intercepted routing prefix. The BGP message types include five types, i.e., open (establishment), update (Update), notification (Notification), keep alive (keep alive), and Router-refresh (route refresh).
In this embodiment, before the BGP message is determined according to the preset interception matching rule, the BGP sub-message needs to be parsed. The method for parsing the BGP sub-messages may be that each BGP sub-message refers to a protocol format to parse a keyword and a field, and the keyword and the field are corresponding to a set data structure. The set data structure may be a tree-shaped nonlinear structure, wherein a keyword parsed by the BGP sub-message is used as a node of the tree-shaped nonlinear structure, and a field parsed by the BGP sub-message is used as content contained in the tree-shaped nonlinear structure. It can be understood that, for each BGP sub-message disassembled from the original BGP message, a corresponding data structure is constructed.
Continuing to describe above, after analyzing each BGP sub-message to obtain a corresponding data structure, it may be determined whether each BGP sub-message is an illegal message by combining a preset interception matching rule. The preset interception matching rule includes an interception matching rule as follows: the key word in the interception matching rule is BGP message type update, the multi-field is len, type, NLRI, it should be noted that the key word matching mainly determines which sub-message is involved, the field matching mainly includes routing prefix to be intercepted, for example, nlri= 172.16.2.12/30, and of course, other fields can be added to perform matching restriction, for example, len=48, type=2, and the multi-field interception matching can be properly shortened to perform accurate matching.
In this embodiment, the interception matching rule may set corresponding keywords and fields according to actual requirements during setting. One or more keywords can be set in the interception matching rule, and the keywords at least comprise BGP message types to be intercepted; one or more fields may be set, where at least the routing prefix to be intercepted is included in the fields.
S130, if the BGP sub-message is illegal, intercepting the BGP sub-message.
Specifically, according to step S120, it is determined whether each BGP sub-message obtained by disassembling the original BGP message is an illegal message, and if it is determined which BGP sub-message is an illegal message, the BGP sub-message is intercepted. It is understood that no interception operation is performed for legitimate BGP sub-messages. Since legal BGP sub-messages are not intercepted, the original BGP session can also remain connected. In the step, only the BGP sub-messages meeting the interception matching rule are intercepted, so that the function of accurately intercepting the BGP route prefix is realized. For example, assume that an original BGP message is obtained, and sub-messages BGP1, BGP2, BGP3, and BGP4 are obtained after the original BGP message is disassembled. Analyzing BGP1, BGP2, BGP3 and BGP4, and after matching with a preset interception matching rule, determining that the sub-message BGP3 is an illegal message, and intercepting the illegal message BGP3 if the sub-message BGP1, BGP2 and BGP4 are legal messages.
The embodiment of the invention provides a method for intercepting a routing prefix of a border gateway protocol, which comprises the following steps: before Border Gateway Protocol (BGP) message transmission, at least one BGP sub-message is obtained according to an original BGP message to be transmitted; determining whether the BGP sub-message is an illegal message according to the BGP sub-message and in combination with a preset interception matching rule; if the BGP sub-message is illegal, intercepting the BGP sub-message. Before BGP message transmission, the method disassembles the original BGP message into a plurality of BGP sub-messages, then matches each BGP sub-message with the interception matching rule, and determines that the BGP sub-message is an illegal message and intercepts when the BGP sub-message is matched with the interception matching rule. In the technical scheme, the original BGP message is disassembled to deeply locate a certain route prefix, so that the accurate interception of the route prefix is realized, the original BGP session is prevented from being influenced, the normal use of session connection is ensured, and a better effect is achieved.
As an optional embodiment of the embodiments of the present invention, on the basis of the foregoing embodiment, the method further includes: after the illegal BGP sub-message is intercepted, the legal BGP sub-message is processed, and the processed legal BGP sub-message is continuously transmitted.
Specifically, after intercepting an illegal BGP sub-message, the legal BGP sub-message needs to be forwarded normally and BGP session connection is maintained. Before forwarding the legal BGP sub-message, the legal BGP sub-message needs to be processed in a related manner to satisfy the normal forwarding condition. Continuing to describe the above examples, sub-messages BGP1, BGP2, BGP3 and BGP4 are obtained after the original BGP message is disassembled, and it is determined that the sub-message BGP3 is an illegal message, and BGP1, BGP2 and BGP4 are legal messages, after the illegal message BGP3 is intercepted, the legal messages BGP1, BGP2 and BGP4 need to be processed, and the processed messages BGP1, BGP2 and BGP4 are forwarded normally and BGP session connection is maintained.
Further, processing legal BGP sub-messages includes: and modifying the attribute information of the legal BGP sub-message to meet the transmission requirement, wherein the attribute information at least comprises a serial number, a response serial number and a checksum.
Specifically, before normal forwarding is performed on the legal BGP sub-message, the legal BGP sub-message needs to be processed, so as to modify attribute information, such as a sequence number, a response sequence number, a checksum, and the like, of the legal BGP sub-message. And sending the modified legal BGP sub-message. Illustratively, the sub-messages BGP1, BGP2, BGP3 and BGP4 are obtained after the original BGP message is disassembled, and it is determined that the sub-message BGP3 is an illegal message, after the illegal message BGP3 is intercepted, the legal messages BGP1, BGP2 and BGP4 need to be processed, and since BGP3 is vacant between BGP2 and BGP4, the sequence number, the response sequence number and the checksum in BGP4 need to be modified, so that BGP1, BGP2 and BGP4 are continuous and have no vacant space.
In the alternative embodiment, legal BGP sub-messages are processed and then normally sent, and the connection of BGP is maintained by an intermediate agent, so that a specific route prefix can be accurately intercepted, and the original BGP session is not influenced.
Example two
Fig. 2a is a schematic flow chart of another method for intercepting a routing prefix of a border gateway protocol according to the second embodiment of the present invention, where the embodiment is further optimized according to the above embodiment, and in the present embodiment, the "obtaining at least one BGP sub-packet according to an original BGP packet to be transmitted before the transmission of a border gateway protocol BGP packet" is further limited and optimized to obtain the original BGP packet to be transmitted; and disassembling the original BGP message according to a minimum unit to obtain each BGP sub-message.
And the definition of whether the BGP sub-message is an illegal message or not is determined according to the BGP sub-message and a preset interception matching rule, and the definition of the BGP sub-message is optimized to analyze the BGP sub-message according to a set data structure and determine a target data structure corresponding to the BGP sub-message; and according to the target data structure and the interception matching rule, determining whether the BGP sub-message is an illegal message.
As shown in fig. 2a, the second embodiment provides a method for intercepting a routing prefix of a border gateway protocol, which specifically includes the following steps:
s210, acquiring an original BGP message to be transmitted.
Specifically, an original BGP message to be transmitted is obtained.
S220, the original BGP message is disassembled according to the minimum unit, and each BGP sub message is obtained.
Specifically, in order to achieve accurate positioning of BGP route prefixes, the original BGP message needs to be disassembled, and in this embodiment, the original BGP message is disassembled in a minimum unit manner to obtain each BGP sub-message. Fig. 2b is an exemplary diagram of original BGP message disassembly in a method for intercepting a routing prefix of a border gateway protocol according to a second embodiment of the present invention, where, as shown in fig. 2b, the original message is disassembled into sub-messages BGP1, BGP2, BGP3 and BGP4.
S230, analyzing the BGP sub-message according to the set data structure, and determining a target data structure corresponding to the BGP sub-message.
The set data structure adopts a tree-shaped nonlinear data structure, and the tree-shaped nonlinear data structure is adopted to analyze the BGP application layer message. Specifically, an application layer message in a BGP sub-message is parsed into a plurality of keywords and a plurality of fields according to a protocol format, and the keywords are used as nodes of a tree-shaped nonlinear structure, where the tree-shaped nonlinear structure includes fields. And analyzing the BGP sub-message according to the set data structure to obtain an analyzed target data structure. It can be appreciated that, each BGP sub-packet is parsed to obtain its corresponding target data structure.
Further, analyzing the BGP sub-message according to the set data structure to determine a target data structure corresponding to the BGP sub-message, including:
a1, analyzing the BGP sub-message to determine the keywords and fields contained in the BGP sub-message.
Specifically, the BGP sub-message is parsed with reference to a protocol format, and a plurality of keywords and a plurality of fields included in the BGP sub-message are determined.
b1, determining a target data structure corresponding to the BGP sub-message by taking the key words as nodes of the tree-shaped nonlinear structure and the fields as contents contained in the tree-shaped nonlinear structure.
Specifically, the key word is used as a node of the tree-shaped nonlinear structure, and the field is used as the content contained in the tree-shaped nonlinear structure, so that the target data structure corresponding to the BGP sub-message is determined.
S240, according to the target data structure and the interception matching rule, determining whether the BGP sub-message is an illegal message.
In this step, the target data structure corresponding to each BGP sub-message is matched with a set interception matching rule, if the matching is successful, the BGP sub-message is determined to be an illegal message, and if the matching is unsuccessful, the BGP sub-message is determined to be a legal message.
Further, according to the target data structure, in combination with the interception matching rule, determining whether the BGP sub-message is an illegal message includes:
a2, acquiring interception keywords and interception fields in the interception matching rule, wherein the interception keywords at least comprise interception message types, and the interception fields at least comprise interception route prefixes.
The interception matching rule is preset, and keywords and fields to be intercepted can be set according to the user requirements, wherein one or more interception rules can be contained. The interception key comprises at least an interception message type. The type of intercepted message is used to determine which sub-message may be an illegal message. The interception field contains at least an interception routing prefix, which is used to further determine whether a sub-message that may be an illegal message contains an interception routing prefix. Illustratively, the interception matching rule includes: bgp.update: len=48, type=2, nlri= 172.16.2.12/30, where intercept keywords are: bgp.update, intercept field is len=48, type=2, nlri= 172.16.2.12/30.
And b2, judging whether the keywords in the target data structure are matched with the interception keywords, and if not, determining that the BGP sub-message is legal.
Specifically, whether the keywords in the target data structure corresponding to each BGP sub-message are matched with the interception keywords is determined, and if not, the BGP sub-message can be determined to be a legal message.
And c2, if not, judging whether the fields in the target data structure are matched with the interception fields.
Specifically, if the keyword in the target data structure is matched with the interception keyword, it is determined that the BGP sub-message corresponding to the target data structure may be an illegal message, and it is required to further determine whether the field in the target data structure is matched with the interception field.
And d2, if so, determining the BGP sub-message as an illegal message.
Specifically, if the field in the target data structure is matched with the interception field, determining that the BGP sub-message in the target data structure is an illegal message.
And e2, if not, determining the BGP sub-message as a legal message.
Specifically, if the field in the target data structure is not matched with the interception field, determining that the BGP sub-message in the target data structure is a legal message.
Continuing with the above example, suppose that the intermediate agent disassembles the original message into sub-messages BGP1, BGP2, BGP3, and BGP4, and parses BGP1, BGP2, BGP3, and BGP4 application layer messages. Fig. 2c is an exemplary diagram of route prefix matching in a border gateway protocol route prefix interception method according to a second embodiment of the present invention, as shown in fig. 2c, in which the left side of the diagram shows a part of a target data structure of a sub-packet BGP3, and the right side shows an interception matching rule. The acquisition of the interception matching rule is as follows: bgp.update: len=48, type=2, nlri= 172.16.2.12/30, and supposing that BGP3 is matched from sub-messages BGP1, BGP2, BGP3 and BGP4 through a keyword "bgp.update", then accurately positioning BGP3 application layer messages, accurately matching route prefixes in BGP3 through multiple fields "len=48, type=2, nlri= 172.16.2.12/30", determining that BGP3 messages are illegal messages, and accurately intercepting route prefixes in BGP3 messages. Fig. 2d is an exemplary diagram of accurately intercepting an illegal sub-packet in a routing prefix intercepting method of a border gateway protocol according to a second embodiment of the present invention, which is described by continuing to connect the above examples, and as shown in fig. 2d, accurately positioning a routing prefix to a BGP3 packet as an illegal packet, and accurately intercepting the BGP3 packet.
S250, if the BGP sub-message is illegal, intercepting the BGP sub-message.
In this embodiment, the step of disassembling the original BGP message and the step of determining whether the BGP sub-message is an illegal message are specified. The original BGP data packet is disassembled, the tree-shaped nonlinear structure is adopted to analyze the BGP application layer message, the multi-keyword multi-field mode is adopted to accurately position the routing prefix of the BGP application layer message after analysis, and the routing prefix is intercepted, so that the accurate interception of the routing prefix is realized, the original BGP session is prevented from being influenced, the normal use of session connection is ensured, and the method has a good effect.
For the sake of clarity, the embodiment of the present invention will be described by taking a practical application scenario of interception of a routing prefix of a border gateway protocol as an example. Fig. 2e is a flowchart illustrating a method for intercepting a routing prefix of a border gateway protocol according to a second embodiment of the present invention, where, as shown in fig. 2e, the method for intercepting a routing prefix of a border gateway protocol may specifically include the following steps:
s1, the original BGP message is disassembled according to the minimum unit to obtain each BGP sub message.
S2, analyzing the BGP sub-message, and determining keywords and fields contained in the BGP sub-message.
S3, determining a target data structure corresponding to the BGP sub-message by taking the key words as nodes of the tree-shaped nonlinear structure and the fields as contents contained in the tree-shaped nonlinear structure.
S4, acquiring interception keywords and interception fields in the interception matching rules, wherein the interception keywords at least comprise interception message types, and the interception fields at least comprise interception route prefixes.
S5, judging whether the keywords in the target data structure are matched with the interception keywords, if not, executing the steps S9-S10, otherwise, executing the step S6.
S6, judging whether fields in the target data structure are matched with the interception fields, if so, executing the steps S7-S8, and if not, executing the steps S9-S10.
S7, determining the BGP sub-message as an illegal message.
S8, intercepting illegal BGP sub-messages.
S9, determining the BGP sub-message as a legal message.
S10, processing the legal BGP sub-message, and continuing to transmit the processed legal BGP sub-message, wherein the attribute information at least comprises a serial number, a response serial number and a checksum.
Example III
Fig. 3 is a schematic structural diagram of a border gateway protocol routing prefix interception device according to a third embodiment of the present invention, where the device is applicable to a situation of intercepting a border gateway protocol routing prefix, and the border gateway protocol routing prefix interception device is configurable in an electronic device, as shown in fig. 3, and the device includes: the device comprises an acquisition module 31, a judgment module 32 and an interception module 33; wherein, the liquid crystal display device comprises a liquid crystal display device,
an obtaining module 31, configured to obtain at least one BGP sub-packet according to an original BGP packet to be transmitted before the BGP packet is transmitted;
the judging module 32 is configured to determine whether the BGP sub-packet is an illegal packet according to the BGP sub-packet and in combination with a preset interception matching rule;
and the interception module 33 is configured to intercept the BGP sub-packet if the BGP sub-packet is an illegal packet.
The embodiment of the invention provides a border gateway protocol routing prefix interception device, which is used for firstly disassembling an original BGP message into a plurality of BGP sub-messages before BGP message transmission, then matching each BGP sub-message with an interception matching rule, and determining that the BGP sub-message is an illegal message and intercepting when the BGP sub-message is matched with the interception matching rule. In comparison with the prior art that whether the original BGP message is illegal or not is judged as a whole, the technical scheme is characterized in that the original BGP message is disassembled, a certain route prefix is deeply positioned, the route prefix is accurately intercepted, the original BGP session is prevented from being influenced, the normal use of session connection is ensured, and a good effect is achieved.
Optionally, the obtaining module 31 is specifically configured to:
acquiring an original BGP message to be transmitted;
and disassembling the original BGP message according to the minimum unit to obtain each BGP sub-message.
Optionally, the determining module 32 may include:
the structure determining unit is used for analyzing the BGP sub-message according to the set data structure and determining a target data structure corresponding to the BGP sub-message;
and the message judging unit is used for determining whether the BGP sub-message is an illegal message according to the target data structure and the interception matching rule.
Optionally, the structure determining unit is specifically configured to:
analyzing the BGP sub-message to determine the keywords and fields contained in the BGP sub-message;
and determining a target data structure corresponding to the BGP sub-message by taking the key words as nodes of the tree-shaped nonlinear structure and the fields as contents contained in the tree-shaped nonlinear structure.
Optionally, the message judging unit is specifically configured to:
acquiring an interception keyword and an interception field in an interception matching rule, wherein the interception keyword at least comprises an interception message type, and the interception field at least comprises an interception route prefix;
judging whether the keywords in the target data structure are matched with the interception keywords, if not, determining that the BGP sub-message is legal;
otherwise, judging whether the fields in the target data structure are matched with the interception fields;
if yes, determining the BGP sub-message as an illegal message;
if not, determining the BGP sub-message as legal message.
Optionally, the apparatus further comprises a transmission module for:
after the illegal BGP sub-message is intercepted, the legal BGP sub-message is processed, and the processed legal BGP sub-message is continuously transmitted.
Optionally, the transmission module is specifically configured to:
and modifying the attribute information of the legal BGP sub-message to meet the transmission requirement, wherein the attribute information at least comprises a serial number, a response serial number and a checksum.
The device for intercepting the routing prefix of the border gateway protocol provided by the embodiment of the invention can execute the method for intercepting the routing prefix of the border gateway protocol provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
Example IV
Fig. 4 is a schematic structural diagram of an electronic device according to a fourth embodiment of the present invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. Electronic equipment may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 4, the electronic device 40 includes at least one processor 41, and a memory communicatively connected to the at least one processor 41, such as a Read Only Memory (ROM) 42, a Random Access Memory (RAM) 43, etc., in which the memory stores a computer program executable by the at least one processor, and the processor 41 may perform various suitable actions and processes according to the computer program stored in the Read Only Memory (ROM) 42 or the computer program loaded from the storage unit 48 into the Random Access Memory (RAM) 43. In the RAM 43, various programs and data required for the operation of the electronic device 40 may also be stored. The processor 41, the ROM 42 and the RAM 43 are connected to each other via a bus 44. An input/output (I/O) interface 45 is also connected to bus 44.
Various components in electronic device 40 are connected to I/O interface 45, including: an input unit 46 such as a keyboard, a mouse, etc.; an output unit 47 such as various types of displays, speakers, and the like; a storage unit 48 such as a magnetic disk, an optical disk, or the like; and a communication unit 49 such as a network card, modem, wireless communication transceiver, etc. The communication unit 49 allows the electronic device 40 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.
The processor 41 may be various general and/or special purpose processing components with processing and computing capabilities. Some examples of processor 41 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, digital Signal Processors (DSPs), and any suitable processor, controller, microcontroller, etc. Processor 41 performs the various methods and processes described above, such as the border gateway protocol route prefix interception method.
In some embodiments, the border gateway protocol routing prefix interception method may be implemented as a computer program tangibly embodied on a computer-readable storage medium, such as storage unit 48. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 40 via the ROM 42 and/or the communication unit 49. When the computer program is loaded into RAM 43 and executed by processor 41, one or more steps of the border gateway protocol routing prefix interception method described above may be performed. Alternatively, in other embodiments, processor 41 may be configured to perform the border gateway protocol routing prefix interception method in any other suitable manner (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for carrying out methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be implemented. The computer program may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. The computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) through which a user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), blockchain networks, and the internet.
The computing system may include clients and servers. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical hosts and VPS service are overcome.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps described in the present invention may be performed in parallel, sequentially, or in a different order, so long as the desired results of the technical solution of the present invention are achieved, and the present invention is not limited herein.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.
Claims (10)
1. A method for intercepting a routing prefix of a border gateway protocol, comprising:
before Border Gateway Protocol (BGP) message transmission, at least one BGP sub-message is obtained according to an original BGP message to be transmitted;
determining whether the BGP sub-message is an illegal message according to the BGP sub-message and in combination with a preset interception matching rule;
and if the BGP sub-message is an illegal message, intercepting the BGP sub-message.
2. The method of claim 1, wherein the obtaining at least one BGP sub-message according to the original BGP message to be transmitted comprises:
acquiring an original BGP message to be transmitted;
and disassembling the original BGP message according to a minimum unit to obtain each BGP sub-message.
3. The method of claim 1, wherein the determining whether the BGP sub-message is an illegal message according to the BGP sub-message and in combination with a preset interception matching rule includes:
analyzing the BGP sub-message according to a set data structure, and determining a target data structure corresponding to the BGP sub-message;
and according to the target data structure and the interception matching rule, determining whether the BGP sub-message is an illegal message.
4. The method of claim 3, wherein the parsing the BGP sub-message according to the set data structure to determine the target data structure corresponding to the BGP sub-message includes:
analyzing the BGP sub-message, and determining keywords and fields contained in the BGP sub-message;
and determining a target data structure corresponding to the BGP sub-message by taking the key word as a node of the tree-shaped nonlinear structure and the field as contents contained in the tree-shaped nonlinear structure.
5. The method of claim 3, wherein the determining whether the BGP sub-message is an illegal message according to the target data structure in combination with the intercept matching rule comprises:
acquiring an interception keyword and an interception field in the interception matching rule, wherein the interception keyword at least comprises an interception message type, and the interception field at least comprises an interception route prefix;
judging whether the keywords in the target data structure are matched with the interception keywords, if not, determining that the BGP sub-message is legal;
otherwise, judging whether the fields in the target data structure are matched with the interception fields;
if yes, determining the BGP sub-message as an illegal message;
if not, determining the BGP sub-message as legal message.
6. The method as recited in claim 1, further comprising:
after the illegal BGP sub-message is intercepted, the legal BGP sub-message is processed, and the processed legal BGP sub-message is continuously transmitted.
7. The method of claim 6, wherein the processing legal BGP sub-messages comprises:
and modifying the attribute information of the legal BGP sub-message to meet the transmission requirement, wherein the attribute information at least comprises a serial number, a response serial number and a checksum.
8. A border gateway protocol routing prefix interception device, comprising:
the acquisition module is used for acquiring at least one BGP sub-message according to the original BGP message to be transmitted before the BGP message is transmitted;
the judging module is used for determining whether the BGP sub-message is an illegal message according to the BGP sub-message and combining a preset interception matching rule;
and the interception module is used for intercepting the BGP sub-message if the BGP sub-message is an illegal message.
9. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein, the liquid crystal display device comprises a liquid crystal display device,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the border gateway protocol routing prefix interception method of any one of claims 1-7.
10. A storage medium containing computer executable instructions which, when executed by a computer processor, are for performing the border gateway protocol route prefix interception method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211536249.5A CN116527294A (en) | 2022-12-01 | 2022-12-01 | Method, device, equipment and medium for intercepting route prefix of border gateway protocol |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211536249.5A CN116527294A (en) | 2022-12-01 | 2022-12-01 | Method, device, equipment and medium for intercepting route prefix of border gateway protocol |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116527294A true CN116527294A (en) | 2023-08-01 |
Family
ID=87389164
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211536249.5A Pending CN116527294A (en) | 2022-12-01 | 2022-12-01 | Method, device, equipment and medium for intercepting route prefix of border gateway protocol |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116527294A (en) |
-
2022
- 2022-12-01 CN CN202211536249.5A patent/CN116527294A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9736263B2 (en) | Temporal caching for ICN | |
| US9742667B2 (en) | Packet processing method, device and system | |
| US9602428B2 (en) | Method and apparatus for locality sensitive hash-based load balancing | |
| CN113395210A (en) | Method for calculating forwarding path and network equipment | |
| US10795744B2 (en) | Identifying failed customer experience in distributed computer systems | |
| US11646976B2 (en) | Establishment of fast forwarding table | |
| US20220207383A1 (en) | Fault propagation condition extraction method and apparatus and storage medium | |
| Vargaftik et al. | LSQ: Load balancing in large-scale heterogeneous systems with multiple dispatchers | |
| CN114500633B (en) | Data forwarding method, related device, program product and data transmission system | |
| US9832069B1 (en) | Persistence based on server response in an IP multimedia subsystem (IMS) | |
| CN110768911A (en) | Efficient flow guiding method, device, equipment, system and storage medium | |
| CN116015796A (en) | Flow table updating method and device, firewall equipment and storage medium | |
| CN116527294A (en) | Method, device, equipment and medium for intercepting route prefix of border gateway protocol | |
| US10129147B2 (en) | Network-on-chip flit transmission method and apparatus | |
| CN109995603B (en) | Method and device for measuring packet loss under Tag model and electronic equipment | |
| CN115412512A (en) | IPv 6-based multi-cloud cross-network intercommunication method and device | |
| CN112367261B (en) | Message forwarding method and device and distributed equipment | |
| US11362928B2 (en) | Method, electronic device and computer program product for generating network topology | |
| WO2015131617A1 (en) | Flow table processing method, device, openflow controller and openflow switch | |
| CN116530067A (en) | Edge computing data and service discovery using interior gateway protocol (interior gateway protocol, IGP) | |
| CN114567687B (en) | Message forwarding method, device, equipment, medium and program product | |
| CN116260855B (en) | Communication method, communication device, electronic equipment and storage medium | |
| CN116074320A (en) | Co-proxy cluster communication method and device, electronic equipment and storage medium | |
| CN116866286A (en) | Processing method and equipment for bidirectional forwarding detection message | |
| CN116567109A (en) | Message transmission method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |