KR20170011323A - Source routing method based on id and apparatus using the same - Google Patents

Abstract

According to an embodiment of the present invention, a source routing method comprises: a step of receiving a path request message including target identifier information and an encrypted sharing key; a step of searching for a forwarding table corresponding to the target identifier; a step of generating the forwarding table through a path setting process if the forwarding table is not searched after search; and a step of transmitting the path request message to the next router according to the information of the forwarding table.

Description

[0001] The present invention relates to an identifier-based source routing method,

The present invention relates to a source routing method and an apparatus therefor, and more particularly, to an identifier-based source routing method and apparatus therefor in a network architecture having a recursive hierarchical structure.

In the current IP-based Internet environment, IP has both a host ID and a role as a locator. If IP plays such a redundant role, the routing efficiency may decrease or the size of the routing table may increase in services such as mobility or multi-homing. For example, in the case of site-multihoming, IP serves as both an identifier and a locator. Therefore, a prefix, which is not aggregated to an address managed by a service provider (SP) May need to be added.

To solve this problem, a solution for separating identifiers and locators has been proposed. The continuity of communication can be ensured even if the communication subject moves during communication by separating the permanent identifier assigned to the communication subject and the identifier indicating the current position at which the communication subject is located, i.e., the location location, and a new communication method such as multi- Effective response has become possible.

In the identifier-and-location-separation environment, the routing table and the forwarding table used by the router are separated as the identifier and the location are separated. In the routers of the existing IP environment, the routing table and the forwarding table were virtually identical, since IP also played the role of identifier and locator. Therefore, the router could use the routing table created as a result of the routing protocol even when forwarding it.

However, in an environment where the identifier and the location are separated, each communication application entity can recognize only the identifier. Therefore, in order to properly forward the identifier-based packet in the router, the current location of the communication subject having the identifier is found, The table should be searched to find information about the next hop (locator information). The router then has to create a new forwarding table by mapping the next hop information to the next hop in the identifier. In other words, routing table and forwarding table are separately managed in the identifier and location separation environment, and packet forwarding relies on the forwarding table. The forwarding table entry may include information such as a destination identifier, an external transport interface (e.g., eth0), a protocol type (e.g., IP) of the next hop domain gateway, and an address (e.g., IP address) of the next hop domain gateway.

As described above, there is a need for a system that manages the mapping of identifiers and locators in order to find out the location information, i.e., locator, in which the communication subject is located with the identifier value. This system is called ILMS (Id Locator Mapping System). It exists in a well-known location on the ILMS network. When the router queries the location corresponding to the identifier value, it informs the location mapped to the identifier value.

Source routing refers to a method in which a sender that sends a packet directly sends a list of addresses assigned to an interface of a router to which packets are to be transmitted through a header. This source routing guarantees that the packet goes through the router located at the address of the corresponding list, but it does not guarantee that the router at that location, that is, the router to which the address is assigned, . This is because the address assigned to the router only identifies the location of the router and does not guarantee that the object at that location is a specific entity.

The present invention provides an identifier-based source routing method rather than an address-based source routing in a network architecture having a recursive hierarchical structure.

The present invention provides a routing method and a device using the routing method, in which a user always passes through a desired router even in an environment where the configuration of the network changes through source routing based on an identifier.

A source routing method according to an embodiment of the present invention includes: receiving a route request message including destination identifier information and an encrypted shared key; searching a forwarding table corresponding to the destination identifier; Generating the forwarding table through a routing process, and transmitting the route request message to the next router according to the information of the forwarding table.

Wherein the generating the forwarding table comprises: decrypting the shared key with its own private key; Changing the destination identifier to a destination identifier of the next router; Acquiring location information for a destination identifier of a next router; Generating a new forwarding table including information of a next router based on the positional information; Encrypting a route request message including location information of the next router and the shared key with a public key of the next router; And transmitting the path request message including the encrypted shared key to the next router.

Upon receiving the route request message, it may further include determining whether the router is a router belonging to the router list of the source source routing.

And generating a new forwarding table corresponding to the destination identifier included in the route request message if it is not a router belonging to the router list of the source source routing.

Locator information for the destination identifier may be received from an IL Locator Mapping System (ILMS).

The path request message may be transmitted from the destination host to the source host via at least one router when the route request message is transmitted to the destination host.

Encrypting the data with the shared key when the path response message is received; And transmitting the encrypted data to the destination host.

The routing device for transmitting and receiving packets through source routing according to another embodiment of the present invention receives a route request message including destination identifier information and an encrypted shared key, and forwards the forwarding table corresponding to the destination identifier A routing unit configured to generate the forwarding table through a routing process when the forwarding table is not found as a result of the search; And a packet forwarder for transmitting the route request message to the next router according to the information of the forwarding table.

According to an embodiment of the present invention, there is provided a routing method and a device using the routing method that allow a user to specify a specific router (s) even if the configuration of the network changes.

According to an embodiment of the present invention, there is provided a routing method and a device using the same, wherein the security is maintained by allowing a user to always go through a desired router even in an environment where the configuration of the network changes through source routing based on an identifier.

Figure 1 is a diagram illustrating a hierarchical and recursively constructed domain structure.
2 is a diagram illustrating a routing procedure performed by the gateway.
3 is a diagram illustrating an example of identifier-based source routing.
4 is a control flowchart for explaining searching of a forwarding table according to an embodiment of the present invention.
5 is a control flowchart for explaining generation of a forwarding table entry according to an embodiment of the present invention.
6 is a control flowchart for explaining generation of a forwarding table entry according to another embodiment of the present invention.
7 is a control flowchart for explaining packet forwarding according to an embodiment of the present invention.
8 is a diagram for explaining the overall operation structure of the identifier source routing.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. In the following description of the embodiments of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present disclosure rather unclear.

It is to be understood that when an element is referred to as being "connected" or "connected" to another element, it may be directly connected or connected to the other element, . In addition, the description of "including" a specific configuration in the present invention does not exclude a configuration other than the configuration, and means that additional configurations can be included in the practice of the present invention or the technical scope of the present invention.

In addition, the components shown in the embodiments of the present invention are shown independently to represent different characteristic functions, which does not mean that each component is composed of separate hardware or software constituent units. That is, each constituent unit is included in each constituent unit for convenience of explanation, and at least two constituent units of the constituent units may be combined to form one constituent unit, or one constituent unit may be divided into a plurality of constituent units to perform a function. The integrated embodiments and separate embodiments of the components are also included within the scope of the present invention, unless they depart from the essence of the present invention.

In addition, some of the components are not essential components to perform essential functions in the present invention, but may be optional components only to improve performance. The present invention can be implemented only with components essential for realizing the essence of the present invention, except for the components used for the performance improvement, and can be implemented by only including the essential components except the optional components used for performance improvement Are also included in the scope of the present invention.

Figure 1 is a diagram illustrating a hierarchical and recursively constructed domain structure.

The environment in which the identifier and the location are separated according to an embodiment of the present invention may be basically composed of a hierarchical domain. Each domain can be defined as a collection of nodes with similar characteristics. One domain usually consists of nodes that are using the same physical transport protocol. [Node displayed in drawing]

A domain may also extend its meaning to a group of nodes that have local commonalities or similar communication purposes. Each domain may be assigned an identifier of the domain (e.g., D1, D2, D3, D4), and the identifier itself is a bitstream value meaningless. . Such location information can serve as a positioner of a node belonging to a specific domain. For example, a positioner corresponding to the domain D4 may be identified as < D1: D2: D4 >, and a domain D3 may be identified as < D1: D3 >.

The boundary routers of each domain can use the location information, that is, the location value, in the inter-domain routing protocol operation of the (domain gateway) domain in the identifier and location separator environments to which the present invention can be applied. When the inter-domain routing protocol is operated using this location value, each domain router has a routing table based on the location value that can be used when searching the inter-domain route.

2 is a diagram illustrating a routing procedure performed by the gateway.

The end hosts belonging to different domains in the identifier and locator separation environments communicate by performing the routing process between the respective domain gateways (domain routers). The routing process is enabled when a forwarding table for the destination identifier is created by each domain gateway.

For proper routing, each domain gateway must first perform location-based routing and have a location-based routing table. The gateway can obtain mapping information (ID: Locator Mapping) between the location and the identifier through the ILMS, and can generate an entry of a forwarding table having information on the next hop gateway.

The path establishment process is performed when traffic of a packet transmitted as a destination identifier is generated, and is repeated from the first domain gateway receiving the packet to the gateway of the domain to which the object having the final destination identifier belongs.

Meanwhile, as described above, in the case of source routing in which a sender of a packet directs a list of addresses assigned to an interface of a router to which a packet is to be transmitted directly in a header, the packet is transmitted through a router located at the address of the corresponding list But there is a problem that it can not be guaranteed that the router at the location, that is, the router to which the address is allocated, is the first router that the sender first knew.

An embodiment of the present invention proposes an identifier-based source routing method in which a packet is transmitted to a router identified by an identifier rather than a location indicated by the address so that packets are always transmitted to the corresponding routers regardless of the location of the router. In this way, when a sender specifies a trusted router and performs source routing with the identifiers of the routers, it can always be made to pass through the corresponding routers, and even if the topology of the network changes in the future, do.

Further, another embodiment of the present invention can encrypt the route between the routers specified in the router list of the source routing in order to increase the security level of the identifier-based source routing. For encryption, the sender and recipient, and the domain gateways between them, must share the key necessary for encryption. Such key generation and distribution can be accomplished in the aforementioned routing step.

3 is a diagram illustrating an example of identifier-based source routing.

An ID gateway that receives a packet from a source host performs three functions. The identifier gateway may be one of the routers included in the list of routers to be used for identifier source routing or may be a router not included in the list of routers. Routers included in the list of routers to be used for identifier source routing may be indicated as Intermediate GW #N.

The three functions may be [1] a lookup forwarding cache table, [2] a new forwarding cache entry, and [3] forward packet identifiers (Forward ID packets).

Identifier When a gateway sends a packet or receives a packet from another gateway, the identifier gateway first searches its forwarding table. The identifier gateway searches the forwarding table using the destination identifier as a key, and when a matched entry is found, the packet can be forwarded to the next hop according to the contents of the entry.

If a forwarding table entry corresponding to the destination identifier is not found in the forwarding table search, the identifier gateway generates a new forwarding table entry through the routing process. During this routing process, the keys to be used between the source, destination, and intermediate routers belonging to the source list can be distributed.

In this case, the identifier gateway obtains the location information of the identifier through the ILMS, that is, the mapping information between the location and the destination (Get locator for an ID), and uses the information to identify the entry of the forwarding table having information on the next hop gateway Can be generated.

Whether the forwarding table or the new forwarding table is created, when the forwarding table entry corresponding to the destination identifier is prepared, the identifier gateway uses the information stored in the corresponding entry to forward the packet to the next hop gateway or the intermediate GW #N.

FIGS. 4 to 7 are views for explaining the above function in the gateway in detail.

4 is a control flowchart for explaining searching of a forwarding table according to an embodiment of the present invention.

When an arbitrary domain router, that is, a domain gateway receives an ID packet, a forwarding table search process is performed by a forwarding table manager (ForwardingTableManager) managing a forwarding table of a domain gateway.

Upon receiving the ID packet (410), the forwarding table management unit searches the forwarding table using the destination identifier as a key (420).

As a result of the search, if there is a forwarding table having an entry matching or matching the destination ID, the domain gateway forwards the ID packet according to the forwarding information of the corresponding forwarding table entry (440).

On the other hand, if there is no forwarding table entry matching the destination identifier (430), that is, if a forwarding table entry that matches the destination identifier has not yet been generated, the domain gateway proceeds to the forwarding table entry through the path discovery procedure (450).

5 and 6 are control flowcharts for explaining generation of a forwarding table entry according to an embodiment of the present invention.

When the domain gateway receives the data packet, a routing procedure may be performed to create a forwarding table to transmit the data packet.

FIG. 5 is a diagram for explaining generation of a forwarding table entry when the received ID packet is a general data packet. FIG. 6 is a view for explaining the generation of a forwarding table entry when the received ID packet is a path request message Fig.

When the domain gateway belonging to the router list of the source routing of the identifier receives the packet, the forwarding table creation process of FIG. 5 is performed if the ID packet is a general data packet. If the ID packet is the route request message, do.

In order to generate the forwarding table, a path setting unit (PathSetup) for processing a path request message / path response message in addition to the forwarding table management unit of FIG. 4, a source, a destination, A shared key manager (SharedKeyManager) for generating a shared key to be used between intermediate GWs, or storing a received shared key, a routing table manager for managing a routing table created by locator-based routing demonstration, (RoutingTableManager) and a packet forwarder (PacketForwarder) for forwarding packets based on the forwarding table.

5, when a data packet is received, the routing unit changes the destination identifier of the header to the identifier of the first intermediate GW # 1 in the router list (510), and increments the index value indicating the current intermediate GW by 1 520).

The routing unit may obtain the location value for the destination identifier through the ILMS (530).

The routing table manager retrieves 540 the routing table entry that matches the location value, and the retrieved routing table entry may be passed to the routing unit.

The routing unit may generate a new forwarding table entry using the location value for the destination identifier (550).

The shared key management unit may generate a new shared key to be used for encryption (560) and forward it to the path setting unit.

The path setting unit 570 generates a path request message including the shared key and the location key, and may encrypt the shared key portion of the path request message with the public key of the first intermediate GW in the intermediate GW list (580).

The path setting unit may transmit the path request message in which the shared key is encrypted to the next intermediate GW # 1 (590).

Next, a procedure of generating a forwarding table when the received packet is a route request message is shown in FIG.

As shown in FIG. 6, when a route request message is received at the forwarding table management unit (610), it is determined whether a domain gateway belonging to the router list of the source routing of the source has received the packet (620).

If the domain gateway belonging to the router list of the identifier source routing receives the packet, the routing unit decrypts the route request message with the private key of the current gateway to extract the shared key (630). That is, the path setting unit decrypts the shared key encrypted with the private key.

The extracted shared key is stored in the shared key management unit (640). The stored shared key is used for communication between the source gateway and the intermediate GWs, the record method may be {source ID, shared key}, and the search key may be the source ID.

The route setting unit changes the destination identifier to the identifier of the next intermediate GW in the header of the route request message (650). The index value indicating the current intermediate GW is incremented by one (660).

The routing unit may obtain the location value for the destination identifier through the ILMS (670).

The routing unit that obtained the location value for the destination identifier from the ILMS may generate a new forwarding table entry using the location value for the destination identifier (680). The location request for the destination identifier may be included in the route request message so that the next hop gateway does not duplicate the query to the ILMS.

The routing unit 690 returns the shared key to the public key of the next intermediate GW in the router list.

On the other hand, if the domain gateway not belonging to the router list of the identifier source routing receives the packet, the routing unit can generate a new forwarding table entry using the location information included in the route request message (681).

The route setting unit may transmit an encrypted route request message or a route request message received by the domain gateway to the next hop domain gateway (695).

7 is a control flowchart for explaining packet forwarding according to an embodiment of the present invention.

When the domain gateway receives the packet, the forwarding table management unit first searches the forwarding table entry matching the destination identifier (710).

Then, the domain gateway determines whether the identifier of the currently received domain gateway matches the destination identifier of the packet header (720).

As a result of the determination, if the identifier of the currently received domain gateway matches the destination identifier of the packet header, that is, if the packet arrives at one of the router lists of the identifier source routing, the domain gateway uses the identifier source routing to send the packet. To increase confidentiality, you can send a list of routed routers encrypted.

When the router list is encrypted and sent (encryption flag == 1 in the header), the shared key management unit searches the shared key using the source identifier as a search key (730), and can forward the shared key to the packet forwarder.

The packet forwarder may decrypt the data, i.e., the router list, using the shared key (740).

The packet forwarder then sets the identifier of the next intermediate GW in the intermediate GW list as the destination identifier (750) and increments the index value indicating the current intermediate GW by 1 (760).

The packet forwarder then encrypts (770) the data containing the intermediate GW list with the shared key.

The encrypted intermediate GW list is sent to the next intermediate GW in the routing list (780).

On the other hand, if the domain gateway not belonging to the router list of the identifier source routing receives the packet, that is, if the identifier of the currently received domain gateway does not match the destination identifier of the packet header, the matching forwarding table entry And the packet is transmitted according to the forwarding table entry found (790).

8 is a diagram for explaining the overall operation structure of the identifier source routing.

The source host tries to send packets to the destination host, and the routers included in the list of routers to be used for source routing of identifiers can be represented as intermediate GW #N.

When a source host is to transmit a data packet, if there is no forwarding table for the identifier of the destination host, the source host pings the packet transmission (801).

According to an embodiment of the present invention, since the source host transmits the packet through the source routing based on the identifier rather than the location, an identifier-based forwarding table of the destination host is required.

The source host may obtain 802 information about the locator that is mapped to the identifier of the intermediate GW # 1 through the ILMS for packet transmission to the first intermediate GW # 1.

The source host acquiring the location information for intermediate GW # 1 uses the location information to create a new forwarding table entry (803) and use it between the source, destination, and intermediate GWs And generates a shared key (804).

A new forwarding table entry may be generated by the procedure described with reference to FIG. 5 or FIG.

Then, the source host encrypts the shared key using the public key of the intermediate GW # 1 (805) and transfers the destination identifier to the intermediate GW # 1 (806) in order to deliver the shared key to the intermediate GW # 1.

The source host generates a route request message including the encrypted shared key and the location of the intermediate GW # 1 and transmits it to the next hop gateway (807)

If the gateway receiving the route request message from the source host is a general domain gateway not included in the identifier source routing list, the gateway simply creates a forwarding table entry using the intermediate GW # 1 included in the route request message , And forwards the route request message to the next hop (808).

Step 808 may be repeated until the gateway included in the identifier source routing list receives the route request message.

When the gateway included in the identifier source routing list receives the route request message, that is, when the route request message arrives in Intermediate GW # 1 in FIG. 8, the route request message is forwarded to the next gateway included in the identifier source routing list The intermediate GW # 1 acquires information on the locator that is mapped to the identifier of the intermediate GW #N through the ILMS (809).

The intermediate GW # 1 generates a new forwarding table entry for the identifier of the intermediate GW #N using the information on the location mapped to the identifier of the intermediate GW #N (810).

The intermediate GW # 1 decrypts the shared key included in the received route request message using its own private key, and stores the shared key for subsequent use (811).

Then, the shared key is re-encrypted with the public key of the next intermediate GW #N (812), and the destination identifier is changed to the intermediate GW #N (813).

A route request message including the encrypted shared key and the location information of the intermediate GW #N is generated, and the route request message is transmitted to the next hop (814).

Steps 810 to 814 may be repeated serially until the route request message arrives at the destination host.

 When the route request message arrives at the destination host by repeating the above process, a path response message is transmitted to the source host via intermediate GW # 1 through intermediate GW #N (815).

When the path response message arrives at the source host, the pending packet is encrypted with the shared key and forwarded to the destination host (816). That is, the identifier source routing transmission of the packet proceeds.

As described above, according to the present invention, in a network architecture having a recursive hierarchically structured domain structure, an identifier-based source routing method other than address-based source routing and an apparatus using the same are provided.

The present invention provides a routing method in which security is maintained by allowing a user to always go through a desired router even in an environment where network configuration is changed through source routing based on an identifier, and an apparatus using the routing method.

In the above-described embodiments, the methods are described on the basis of a flowchart as a series of steps or blocks, but the present invention is not limited to the order of steps, and some steps may occur in different orders or in a different order than the steps described above have. It will also be understood by those skilled in the art that the steps depicted in the flowchart illustrations are not exclusive and that other steps may be included or that one or more steps in the flowchart may be deleted without affecting the scope of the invention You will understand.

The above-described embodiments include examples of various aspects. While it is not possible to describe every possible combination for expressing various aspects, one of ordinary skill in the art will recognize that other combinations are possible. Accordingly, it is intended that the invention include all alternatives, modifications and variations that fall within the scope of the following claims.

ILMS: Id Locator Mapping System
Forwarding management
The path setting unit
The shared key setting unit
Routing table manager
Packet forwarder

Claims (14)

In the source routing method,
Receiving a route request message including destination identifier information and an encrypted shared key;
Retrieving a forwarding table corresponding to the destination identifier;
If the forwarding table is not found, generating the forwarding table through a routing process;
And forwarding the route request message to the next router according to the information of the forwarding table. The method according to claim 1,
Wherein the step of generating the forwarding table comprises:
Decrypting the shared key with its own private key;
Changing the destination identifier to a destination identifier of the next router;
Acquiring location information for a destination identifier of a next router;
Generating a new forwarding table including information of a next router based on the positional information;
Encrypting a route request message including location information of the next router and the shared key with a public key of the next router;
And transmitting the path request message including the encrypted shared key to the next router. The method according to claim 1,
Further comprising the step of determining whether the router is a router belonging to a router list of an identifier source routing when receiving the route request message The method of claim 3,
And generating a new forwarding table corresponding to the destination identifier included in the route request message if it is determined that the router is not a router belonging to the router list of the source source routing. The method according to claim 1,
And location information for the destination identifier is received from an IL Locator Mapping System (ILMS). The method according to claim 1,
Further comprising the step of transmitting a route response message from the destination host to the source host via at least one router when the route request message is transmitted to the destination host. The method according to claim 6,
Encrypting the data with the shared key when the path response message is received;
And transmitting the encrypted data to the destination host. 1. A routing apparatus for transmitting and receiving packets through source routing,
A forwarding table management unit for receiving a route request message including destination identifier information and an encrypted shared key, and searching forwarding tables corresponding to the destination identifiers;
A routing unit configured to generate the forwarding table through routing if the forwarding table is not found;
And a packet forwarder for transmitting the route request message to a next router according to the information of the forwarding table. 9. The method of claim 8,
Wherein the path setting unit comprises:
Decodes the shared key with its own private key, changes the destination identifier to the destination identifier of the next router, acquires the location information of the destination identifier of the next router, and updates the information of the next router based on the location information And encrypts the route request message including the location information of the next router and the shared key with the public key of the next router. 9. The method of claim 8,
Wherein when the route request message is received, the route setting unit determines whether the router is a router belonging to the router list of the source source routing. 10. The method of claim 10,
Wherein the route setting unit generates a new forwarding table corresponding to the destination identifier included in the route request message if it is not a router belonging to the router list of the source source routing as a result of the determination. 9. The method of claim 8,
And location information for the destination identifier is received from an IL Locator Mapping System (ILMS). 9. The method of claim 8,
Wherein the route request message is transmitted from the destination host to the source host via at least one router when the route request message is transmitted to the destination host. 14. The method of claim 13,
Wherein when the path response message is received, data is encrypted with the shared key, and the encrypted data is transmitted to the destination host.

Images