WO2007121627A1 - A system for detecting the running information consistency of border gateway protocol nodes and a method thereof - Google Patents

A system for detecting the running information consistency of border gateway protocol nodes and a method thereof Download PDF

Info

Publication number
WO2007121627A1
WO2007121627A1 PCT/CN2006/003238 CN2006003238W WO2007121627A1 WO 2007121627 A1 WO2007121627 A1 WO 2007121627A1 CN 2006003238 W CN2006003238 W CN 2006003238W WO 2007121627 A1 WO2007121627 A1 WO 2007121627A1
Authority
WO
WIPO (PCT)
Prior art keywords
running information
consistency
information
bgp
expected
Prior art date
Application number
PCT/CN2006/003238
Other languages
French (fr)
Chinese (zh)
Other versions
WO2007121627A8 (en
Inventor
Ye Zhao
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2007121627A1 publication Critical patent/WO2007121627A1/en
Publication of WO2007121627A8 publication Critical patent/WO2007121627A8/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • H04L43/0817Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • H04L45/021Ensuring consistency of routing table updates, e.g. by using epoch numbers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • H04L45/033Topology update or discovery by updating distance vector protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • H04L45/04Interdomain routing, e.g. hierarchical routing

Definitions

  • the present invention relates to the field of Internet (Internet) technology, and in particular, to a system and method for detecting consistency of operation information of a Border Gateway Protocol (BGP) node in an autonomous system (AS) with expected operational information.
  • Internet Internet
  • BGP Border Gateway Protocol
  • BGP is the core routing protocol of the Internet
  • AS is the processing unit of BGP.
  • BGP includes two modes: External BGP (EBGP) and Internal BGP (IBGP).
  • EBGP is used to interconnect ASs.
  • IBGP Internal BGP
  • EBGP is used to exchange routing information within ASs.
  • the IBGP session does not form a logical network-wide interconnection. As a result, the routing information obtained by the BGP nodes in the domain is missing. As a result, the external routes are different.
  • each BGP node conflicts with the expected policy of the AS.
  • the routing information of the external advertisement is inconsistent with the expected one.
  • policy enrichment is a feature of BGP, each node can be configured with different policies, but a considerable part of the internal AS strategy should be consistent to ensure the consistency of AS external behavior.
  • the above problem is more likely to occur in large ASs that internally include a large number of BGP nodes.
  • the root cause of the above two problems is that the BGP nodes in the AS do not have a unified view, including policies and interconnections. This is because in the existing IBGP, the full mesh connection must be implemented by manual configuration, and automatic topology discovery cannot be realized; and the policy must be manually configured on each node, so there is no guarantee that each node has the same Expected operational information.
  • the industry generally uses the configuration detection scheme shown in Figure 1 to overcome the above problems.
  • the scheme is manually driven to input the current planned rules of the AS and the device configuration files in the current AS.
  • the two are judged. Whether they are consistent and output inconsistencies.
  • the present invention proposes a system for detecting the consistency of the running information of a BGP node, for automatically performing consistency detection, and reflecting the consistency problem in real time.
  • the present invention also proposes a method for detecting consistency of BGP node operation information by automatically performing consistency detection and reflecting consistency problems in real time.
  • a system for detecting a border gateway protocol BGP node running information consistency including at least one BGP node, further includes:
  • a management module configured to maintain expected running information and deliver the expected running information to the consistency detecting module
  • a consistency detection module configured to determine expected operation information delivered by the management module and from BGP Whether the actual running information obtained by the node is consistent.
  • a method for detecting consistency of running information of a BGP node includes the following steps: The consistency detection module obtains the running information from the management module and obtains the actual running information from the BGP node;
  • the consistency detecting module determines whether the expected running information and the actual running information are consistent.
  • the present invention sends the expected running information maintained by the management module to the consistency detecting module, and the consistency detecting module determines whether the expected running information is consistent with the running information of the actual running of each BGP node, and In the case of inconsistency, an alarm is sent to the management module, so that the present invention realizes the detection of the consistency of the running information in the AS domain without manual startup, thereby automatically ensuring the security of the BGP.
  • the invention uses the actual running information of the BGP node, so that the actual condition of the network can be truly prepared, so that the detection result can truly reflect whether the network has a problem.
  • the management module is located in the management device, and the consistency detection module may be located in the BGP node or in the management device, or may be located in an independently existing arbitration device, and provides various manners for implementing the present invention.
  • the detection of the running information consistency may be performed after the management module sends new expected running information, or after the running information of the BGP node actually changes, so the present invention can also perform consistency detection in real time, thereby ensuring real-time protection.
  • BGP security Moreover, in the present invention, the existing BGP or its extended attribute or its extended message may be used to transmit various information between the management device and the BGP node, between the management device and the arbitration device, and between the arbitration device and the BGP node.
  • Various other protocols may also be transmitted by other custom protocols or existing protocols (e.g., Simple Network Management Protocol SNMP), and thus the present invention has wide applicability.
  • SNMP Simple Network Management Protocol
  • Figure 1 is a schematic diagram of the prior art.
  • FIG. 2 is a schematic structural diagram of a system according to an embodiment of the present invention.
  • Figure 3 is a schematic diagram of a connection method in the AS domain.
  • FIG. 4 is a schematic structural diagram of another system in an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of still another system in the embodiment of the present invention. Mode for carrying out the invention
  • two embodiments are proposed based on whether the BGP node performs consistency determination.
  • the first is the active model, and the BGP node itself determines whether the actual running information is consistent with the expected running information. In this mode, the BGP node needs to know the expected running information, which mainly includes the expected topology information and/or policy information.
  • FIG. 2 is a schematic diagram of the structure of the active model.
  • the management device and one or more BGP nodes are included in the AS domain.
  • the management device includes a management module; each BGP node internally includes a consistency detection module.
  • a BGP node is connected to all or part of other BGP nodes in the same domain, and each BGP node is connected to the management device.
  • Each BGP node runs BGP in IBGP mode to deliver routing information within the AS.
  • Boundary BGP nodes can also serve as advertisers of external routes and route routes to other ASs through EBGP.
  • the consistency detection module on a BGP node can exchange information with other BGP nodes in the AS domain through the internal interface between the BGP nodes to obtain the actual operation information of the BGP node.
  • the consistency detection module further compares the expected operation information delivered by the management module. And the actual running information of the BGP node to determine whether the two are consistent, and notify the management module when they are inconsistent.
  • the alerting can be done by an alert sub-module within the mobility detection module.
  • the management module is responsible for maintaining the expected operational information of the AS and distributing this information to each BGP node.
  • the expected operational information mainly includes, but is not limited to, topology information and/or policy information expected within the AS.
  • the topology information in the AS mainly refers to the AS nodes planned by the management module and the logical and/or physical interconnection between the nodes. For example, the internal BGP nodes in the AS are required to form a full mesh interconnection.
  • the policy information is mainly the AS policy information that the management module is interested in, including but not limited to: the prefix filtering policy, the oscillation suppression policy, the attributes of the special prefix, and the prefix generated by the AS domain. In active mode, these operational information is propagated within the AS and is not sent to EBGP neighbors.
  • the operation information may also include prefix information generated by the local AS domain that is allowed to be advertised, and the like.
  • the above management device and each BGP node may use the existing BGP protocol or its standard extension (such as extending new attributes and extending new message types), or using existing transport protocols (such as SNMP), or custom Protocol to transmit a variety of information.
  • the process of running the information consistency detection includes the following steps: Step 11:
  • the management module sends the expected running information to the consistency detecting module, where the expected topology information and the expected policy information are taken as an example.
  • the management module delivers the expected intra-domain topology information and expected policy information to the consistency detection module in the BGP node in the AS according to the design plan of the AS domain. Since the consistency detection module in the active model is located in the BGP node, the management module described in the following embodiment delivers the expected operation information to the consistency detection module, that is, the management device delivers the expected operation information to the BGP node.
  • the way in which the running information is delivered can be in-band and out-of-band. That is, the management device can use the BGP protocol or its standard extensions, such as extending new attributes and extending new message types, and sending information to other BGP nodes. Other protocols, such as the Simple Network Management Protocol (SNMP), can also be used in the outband mode.
  • SNMP Simple Network Management Protocol
  • the delivery of the running information can be delivered by the management standby when the expected running information is changed in the domain, or when a new BGP node establishes a connection with the management device.
  • the management device delivers the configuration, and can also be delivered after the request is made by the consistency detection module of the BGP node in the domain.
  • the representation method of the topology information is not limited.
  • a logical connection can be used for description. Take the full mesh interconnection topology as an example. Assume that there are five BGP nodes in the AS domain: A, B, C, D, and E. You only need to deliver the ⁇ A, B, C, D, E ⁇ collection to represent the topology information; the non-full interconnection situation can be defined in a similar way. You can also use the way to describe the connection. Take the topology in Figure 3 as an example. You can use the following description to represent the topology information: "A, B, C are a cluster, where C is a reflector, C is a non-customer D. Adjacent, B is adjacent to E. "The BGP node can calculate the interconnection according to the topology information.
  • the embodiment of the present invention does not limit the content of the policy.
  • the possible policy is as follows:
  • the prefix filtering policy for example, the pre-processing of the private address space should be filtered, and the oscillation suppression policy, for example, Whether the oscillation suppression and the oscillation suppression strategy should be implemented; the attributes of the special prefix, for example, the specific route to the important resource should be kept valid; the prefix generated by the AS domain, that is, the AS is allowed to generate and advertise The prefix.
  • the strategy in the embodiments of the present invention includes any one of the above or any combination thereof.
  • the policies in the AS can be divided into: a common policy used by all BGP nodes in the AS; a local policy used by some BGP nodes in the AS, such as a policy used within the alliance; and a specific node in the AS. Node policy.
  • the policies referred to in the embodiments of the present invention may include any of the above types of policies.
  • the BGP nodes in the AS domain can be classified into two types: the advertising node and the internal node.
  • the advertised node In addition to running the IBGP protocol, the advertised node also advertises the route to the outside of the AS.
  • the BGP protocol in the IBGP mode and the EBGP mode has the global influence.
  • the internal node refers to the internal EBGP protocol. Node. Therefore, not all expected operational information needs to be delivered to all BGP nodes, and can be sent to different nodes. The corresponding running information is sent to the BGP node that uses the local policy, and the local policy is not sent to other BGP nodes.
  • Step 12 The BGP node obtains actual running information.
  • the formation of topology information includes: transmitting actual interconnection information between adjacent BGP nodes, and C notifying A to connect with customer B and non-client D, so that A knows It can communicate with A, B, and D.
  • each node knows its own logical interconnection.
  • Each BGP node combines the neighbor information sent by the neighbor node with its neighboring node information.
  • the calculation results in the topology information of the internal interconnections as shown in FIG. 3, that is: A, B, and C form a cluster, and thus are logically completely interconnected; the neighbor D is connected to the reflector C, so A, B, C, and D are all interconnected; and neighbor E is connected to client B of reflector C.
  • the process of obtaining topology information can be motivated by a variety of situations. For example, if a new BGP neighbor or neighbor is disconnected, the node needs to announce new connection information to other neighbors. In this way, each BGP node in the AS can know the topology information in the current domain in real time.
  • the policy information on the BGP node may be configured or learned from an IBGP neighbor, and embodiments of the present invention do not limit its source.
  • Step 13 The consistency detection module in the BGP node determines whether the expected operation information delivered by the management module is consistent with the actual operation information, and alarms the management module when the information is inconsistent, and further limits the effectiveness of the actual operation information, for example, The restriction inconsistency notification is sent out. In the case of consistency, other operations or no operations may be performed.
  • the consistency detection module of each BGP node detects the topology information sent by the management module according to the topology information of the currently configured interconnection, and determines whether the two are consistent. If an inconsistency is found, that is, a connectivity problem is found, the management module is alerted. As shown in Figure 3, the actual connection situation is: A, B, C, D form a logical full mesh connection, E through the reflector C customer B is associated with the full connection, so E can not receive A, C The information of D does not form a full mesh connection on the global logic.
  • the consistency detection module in the BGP determines that the two are inconsistent, thereby issuing an alarm to the management module.
  • the possible topology information is inconsistent.
  • the connectivity required by the management module is not implemented.
  • the route advertisement may be missing.
  • the consistency detection module of each BGP node determines whether the policy information sent by the management module is consistent with the local policy. If an inconsistency is detected, an alarm is sent to the management module, and the actual operation information is further restricted, for example, Inconsistent notifications are sent out.
  • the second is a passive model, which is determined by the management device or the arbitration device.
  • a passive model which is determined by the management device or the arbitration device.
  • the passive model can avoid the problem that the BGP node in the active model has the expected operational information and may cause leakage.
  • Figure 4 is a schematic diagram of the structure of a system for consistency detection by a management device in a passive model.
  • the system structure diagram is similar to that of FIG. 2, except that the consistency detection module is located in the management device.
  • the management module is responsible for maintaining the expected operational information of the AS and sending the information to the consistency detection module through the internal interface.
  • the consistency detection module determines whether the two are consistent according to the expected running information and the actual running information obtained from the BGP node, and alarms the management module through the internal interface when the information is inconsistent.
  • the BGP node sends the actual running information to the consistency detecting module in the management device when the self-running information changes, the consistency detecting module sends a notification, or other conditions.
  • Step 21 The management module sends the expected running information to the consistency detecting module through the internal interface.
  • Step 22 The BGP node obtains the actual running information, and sends the obtained actual running information to the consistency detecting module in the management device.
  • the process in which the BGP node obtains the actual running information is the same as the active mode, and is not described here.
  • the BGP node may actively send the actual running information to the management device, for example, when the actual running information changes; or the management device sends a notification to the BGP node, and the BGP node sends the actual running information to the management device after receiving the notification. .
  • Step 23 The causality detecting module determines whether the expected running information is consistent with the actual running information obtained from the BGP node, and sends an alarm to the management module through the internal interface if the information is inconsistent. In the case of consistency, other operations or no operations may be performed. The specific judgment process is the same as the judgment process in the active mode, and will not be described here.
  • FIG. 5 is a schematic diagram of the structure of a system for consistency detection by an arbitration device in a passive model.
  • each BGP node, arbitration device, and management device are included in the AS domain.
  • a BGP node is connected to all or part of other BGP nodes in the same domain.
  • Each BGP node is connected to the quorum device, and the quorum device is connected to the management device.
  • the management device is responsible for maintaining the deployment information expected by the AS and delivering the information to the arbitration device.
  • the arbitrating device is an independent consistency detection module. It collects the current running information of the BGP node and compares it with the expected running information sent by the management device to determine whether the two devices are consistent and send alarms to the management device when they are inconsistent. .
  • the BGP node sends the actual running information to the arbitration device when the self-running information changes, the arbitration device sends a notification, or other conditions.
  • the existing BGP protocol or its extended attributes or a customized protocol may be used to transfer various information between the management device and the BGP node, between the management device and the arbitration device, and between the arbitration device and the BGP node.
  • the detection of the consistency condition using the system shown in Figure 5 includes the following steps:
  • Step 31 The management device sends the expected running information to the arbitration device.
  • Step 32 The BGP node obtains actual running information, and sends the obtained actual running information to the arbitration device.
  • the process in which the BGP node obtains the actual running information is the same as the active mode, and is not described here.
  • the BGP node may actively send the actual running information to the arbitrating device, for example, when the actual running information changes; or the arbitrating device sends a notification to the BGP node, and the BGP node sends the actual running information to the arbitrating device after receiving the notification. .
  • Step 33 The arbitrating device determines whether the expected running information delivered by the management device is consistent with the actual running information obtained from the BGP node, and reports the alarm to the management device if the information is inconsistent. In the case of consistency, other operations or no operations may be performed.
  • the specific judgment process is the same as the judgment process in the active mode, and will not be described here.
  • the following description of the passive model is mainly based on the case where the consistency detection module is independently present as an arbitration device, and the case where the consistency detection module is located in the management device is similar.
  • a similar public key infrastructure (PKI) system may be used within the AS.
  • the management module uses the private key to sign the expected operational information in the AS, and arbitrate.
  • the device or BGP node can verify the authenticity of the expected operational information using the public key of the management module.
  • the transmission channel between the AS internal node and the management module or the arbitration device can be used. Encrypted transmission, which guarantees the privacy of the transmission. At the same time, the integrity protection mode can also be adopted to ensure that the content is not modified during the information transmission.
  • the management module when the management module delivers the expected running information, the management module may carry a timestamp field in the expected running information, and the consistency detecting module determines, according to the timestamp field, whether the received expected running information is newer than the local expected running information, if , replace the local old expected running information with the expected running information received, and compare the new expected running information with the actual running information after replacement, otherwise it will not be replaced.
  • consistency detection can be performed when system operating conditions change or new planning information is sent.
  • the consistency detection module can choose to perform background detection in the central processing unit (CPU) idle time.
  • the BGP node or the arbitrating device may use an in-band or out-of-band measure to alert the management module or other network management station to notify the administrator to perform troubleshooting.
  • the actual operation information may be further restricted.
  • the notification information related to the inconsistent policy is restricted.
  • the alarm can be performed not only when the judgment is inconsistent, but also after the topology information and the policy information are restored, the consistency detection module reports the consistent notification information to the management module, or is periodically determined by the consistency detection module. Report consistent results on the ground in order to deal with the loss of information.
  • the authentication mechanism may be adopted for the information sent between the internal BGP node of the AS and the management device or the arbitration device.
  • the authentication device or the two-way authentication device may also be used between the management device and the arbitration device. System to avoid sending information to forged attackers.
  • the network may be forced to synchronize. That is, when the configuration is updated for the BGP node and the actual running information is changed, the new configuration must take effect after the consistency check is performed and the consistency is determined. If the consistency check is not performed, the configuration does not take effect. This is a good solution to the overall impact of current BGP misconfigurations.
  • a specific embodiment of the present invention is specifically described below for a policy that can be generated by the AS domain.
  • This embodiment mainly detects the validity of the prefix source.
  • a security problem faced by BGP today is the problem of prefix source authentication. That is, there is no way in the BGP protocol mechanism to detect whether the AS has the right to declare whether a specific prefix is generated by the AS itself. This problem may be caused by misconfiguration, or it may be caused by an attacker if the device is captured. However, most of the cases are caused by the former. Therefore, if each AS performs consistency detection within the domain by using the present invention, the problem can be well alleviated.
  • the methods of obtaining include but are not limited to the following methods:
  • the actual generated prefix source of the advertised BGP node may be configured using, for example, the network command, or may be an actually generated prefix learned by learning from an IBGP neighbor or by redistribution from an IGP and/or static route.
  • the management module sends the prefix generated by the AS to the BGP node.
  • Each of the advertised BGP nodes compares the prefix generated by the local AS with the prefix actually generated by the local device, and determines whether the two are consistent. If the two are inconsistent, the BGP node sends an alarm to the management module, that is, reports the inconsistency information, and further restricts the actual operation. The information is valid, for example, the restriction inconsistency notification is sent out.
  • the management module sends the prefix generated by the AS to the AS to the consistency detection module.
  • the consistency detection module collects the actual generated BGP nodes.
  • the prefix information is compared and compared to determine whether the two are consistent.
  • the management module is alerted.
  • the actual operation information can be further restricted. For example, the related inconsistency notification is restricted from being sent out.
  • the management module sends the prefix generated by the AS to the arbitrating device, and the arbitrating device collects the prefix information actually generated by each BGP node, and compares it to determine whether the two are Consistently, in the case of inconsistency, the management module is alerted, that is, the inconsistency information is reported, and the actual operation information can be further restricted. For example, the related inconsistency notification is restricted from being sent out.
  • the prefix generated by the BGP node can be validated, that is, in the active mode, after the BGP node is determined to be consistent, the actual generated prefix is validated.
  • External transmission In the passive mode, after the arbitration device determines that the agreement is consistent, it sends a permission to the advertising BGP node or does not intervene to notify the transmission of the BGP node related advertisement.
  • the management device and the quorum device can use the intranet IP address to perform the BGP node in the same domain. Communication, such that an external attacker is not easy to implement an attack behavior against the management device and the arbitration device. An attacker may perform attacks in various ways, such as attacking a BGP node or injecting false routing information into the routing table through IGP and BGP. At this point, these attacks can be dealt with by the above-mentioned consistency detection method and by means of detection.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Environmental & Geological Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A system for detecting the running information consistency of BGP nodes including more than one BGP node still comprises: a management module, for maintaining the anticipative running information and transferring the anticipative running information to a consistency detection module; the consistency detection module, for determining whether the anticipative running information transferred by the management module is consistent with the actual running information obtained from the BGP node. Also a method detecting the running information consistency of BGP nodes includes: the consistency detection module obtains the anticipative running information from the management module and the actual running information from the BGP node; the consistency detection module determines whether the anticipative running information is consistent with the actual running information. Using the technical solution according to the invention, the running information consistency detection in the AS domain is implemented without initiating manually and reflexes whether there is any problem in the network. Thereby the security of BGP is ensured in real time and automatically, and the solution has broad applicability.

Description

检测边界网关协议节点运行信息一致性的系统及其方法 技术领域  System and method for detecting boundary information of node gateway protocol node operation
本发明涉及因特网 (Internet )技术领域, 特别是一种检测自治系统 ( Autonomous System, AS )中边界网关协议 ( Border Gateway Protocol, BGP )节点运行信息同预期运行信息的一致性的系统及方法。 发明背景  The present invention relates to the field of Internet (Internet) technology, and in particular, to a system and method for detecting consistency of operation information of a Border Gateway Protocol (BGP) node in an autonomous system (AS) with expected operational information. Background of the invention
当前, BGP是因特网的核心路由协议, AS是 BGP的处理单元。 各 AS之间及其内部都是通过 BGP进行互连。 BGP包括外部边界网关协议 ( External BGP, EBGP )和内部边界网关协议(Internal BGP, IBGP ) 两种运行模式, 其中 EBGP用于 AS之间的互连, EBGP用于 AS内部交 换路由信息。  Currently, BGP is the core routing protocol of the Internet, and AS is the processing unit of BGP. The ASs and their internals are interconnected by BGP. BGP includes two modes: External BGP (EBGP) and Internal BGP (IBGP). EBGP is used to interconnect ASs. EBGP is used to exchange routing information within ASs.
BGP安全是多年以来人们一直关注的热点, 但是人们普遍关注 AS 域间通信的安全, 而忽视 AS域内问题导致的运行错误。 AS内部的配置 运行不当 ,同样会引起域间 BGP的通告错误,所以域内的安全也很重要。 通常在 AS内部中可能出现如下两个问题:  BGP security has been a hot topic for many years, but people pay attention to the security of inter-AS communication and ignore the operational errors caused by problems in the AS domain. The internal configuration of the AS is not working properly, which also causes inter-domain BGP notification errors, so security within the domain is also important. Usually the following two problems may occur in the AS:
1. IBGP会话没有形成逻辑上的全网状互连, 这样导致域内各 BGP 节点获取的路由信息缺失, 从而导致对外通告的路由不同, 使得 AS对 外行为不一致, 最终会导致某些路由不可达等问题;  The IBGP session does not form a logical network-wide interconnection. As a result, the routing information obtained by the BGP nodes in the domain is missing. As a result, the external routes are different. Problem
2. 各 BGP节点配置的本地策略同 AS规划时的预期策略有冲突, 导致对外通告的路由信息同预期的不一致。虽然策略丰富是 BGP的一个 特点, 各节点可以配置不同策略, 但是 AS内部相当部分的策略应该是 一致的, 以保证 AS对外行为的一致性。  2. The local policy configured by each BGP node conflicts with the expected policy of the AS. The routing information of the external advertisement is inconsistent with the expected one. Although policy enrichment is a feature of BGP, each node can be configured with different policies, but a considerable part of the internal AS strategy should be consistent to ensure the consistency of AS external behavior.
上述问题在内部包括数量众多的 BGP节点的大型 AS中更易出现。 上述两个问题的根本原因是没有保证 AS域内运行信息在不同 BGP节点 间的一致性, 即各 AS内的 BGP节点没有形成统一的视图, 包括策略以 及互连情况等。 这是因为在现有的 IBGP中必须通过手工配置方式实现 全网状连接, 无法实现自动拓朴发现; 并且其策略必须通过手工方式在 各个节点进行配置, 因此无法保证每个节点都有相同的预期运行信息。 The above problem is more likely to occur in large ASs that internally include a large number of BGP nodes. The root cause of the above two problems is that the BGP nodes in the AS do not have a unified view, including policies and interconnections. This is because in the existing IBGP, the full mesh connection must be implemented by manual configuration, and automatic topology discovery cannot be realized; and the policy must be manually configured on each node, so there is no guarantee that each node has the same Expected operational information.
现在业界一般采用如图 1所示的配置检测方案来克服上述问题。 参 见图 1, 该方案在手工驱动下, 输入当前 AS 内部的预期规划的规则和 当前 AS内的设备配置文件, 根据当前 AS内部预期规划的规则和当前 AS 内的设备配置文件进行检测, 判断两者是否一致, 并输出两者不一 致的情况。  The industry generally uses the configuration detection scheme shown in Figure 1 to overcome the above problems. Referring to Figure 1, the scheme is manually driven to input the current planned rules of the AS and the device configuration files in the current AS. According to the current planned planning rules of the AS and the device configuration files in the current AS, the two are judged. Whether they are consistent and output inconsistencies.
但是, 在上述的现有技术中, 检测是手工驱动的, 因此无法自动、 动态实时地反映 AS网络中的问题, 对于配置改动后引入的差错不能及 时检查。 并且, 仅从设备配置文件也无法精确地了解当前网络的运行状 态, 因而该方式检测的结果也不能够准确地反映网络的实际问题。 发明内容  However, in the above prior art, the detection is manually driven, so that the problem in the AS network cannot be automatically and dynamically reflected in real time, and errors introduced after the configuration change cannot be checked in time. Moreover, the running status of the current network cannot be accurately understood only from the device configuration file, and thus the result of the detection of the method cannot accurately reflect the actual problem of the network. Summary of the invention
有鉴于此, 本发明提出了一种检测 BGP 节点运行信息一致性的系 统, 用以自动进行一致性检测, 并实时反映一致性问题。 本发明还提出 了一种能够自动进行一致性检测并实时反映一致性问题的检测 BGP节 点运行信息一致性的方法。  In view of this, the present invention proposes a system for detecting the consistency of the running information of a BGP node, for automatically performing consistency detection, and reflecting the consistency problem in real time. The present invention also proposes a method for detecting consistency of BGP node operation information by automatically performing consistency detection and reflecting consistency problems in real time.
一种检测边界网关协议 BGP节点运行信息一致性的系统,包括至少 一个 BGP节点, 还包括:  A system for detecting a border gateway protocol BGP node running information consistency, including at least one BGP node, further includes:
管理模块, 用于维护预期运行信息以及将预期运行信息下发给一致 性检测模块;  a management module, configured to maintain expected running information and deliver the expected running information to the consistency detecting module;
一致性检测模块, 用于判断管理模块下发的预期运行信息与从 BGP 节点获取的实际运行信息是否一致。 A consistency detection module, configured to determine expected operation information delivered by the management module and from BGP Whether the actual running information obtained by the node is consistent.
一种检测 BGP节点运行信息一致性的方法, 包括以下步驟: 一致性检测模块从管理模块获取顿期运行信息以及从 BGP 节点获 取实际运行信息;  A method for detecting consistency of running information of a BGP node includes the following steps: The consistency detection module obtains the running information from the management module and obtains the actual running information from the BGP node;
一致性检测模块判断所述预期运行信息和实际运行信息是否一致。 从上述方案中可以看出, 由于本发明通过将由管理模块维护的预期 运行信息下发给一致性检测模块, 而一致性检测模块判断预期运行信息 与各 BGP节点实际运行的运行信息是否一致,并在不一致的情况下向管 理模块发出告警, 这样本发明无需手动启动就实现了 AS域内运行信息 一致性的检测, 从而自动确保 BGP的安全。 本发明使用的是 BGP节点 实际运行信息, 因而可以真实准备地反映网络的实际状况, 从而检测结 果能够真实地反映网络是否存在问题。 所述管理模块位于管理设备内 , 所述一致性检测模块可以位于 BGP节点内或管理设备内 ,也可以是位于 独立存在的仲裁设备内, 为具体实施本发明提供了多种方式。 运行信息 一致性的检测可以是在管理模块下发新的预期运行信息之后, 或者是 BGP节点实际运行的运行信息发生变化后执行, 因此本发明还可以实时 地进行一致性检测, 从而实时地确保 BGP的安全。 并且, 在本发明中, 管理设备与 BGP 节点之间、 管理设备与仲裁设备之间以及仲裁设备与 BGP节点之间可以采用现有的 BGP或其扩展属性或其扩展消息来传输 各种信息, 也可以其它自定义的协议或现有协议(例如简单网管协议 SNMP )来传输各种信息, 因此本发明还具有广泛的适用性。 附图简要说明  The consistency detecting module determines whether the expected running information and the actual running information are consistent. As can be seen from the foregoing solution, the present invention sends the expected running information maintained by the management module to the consistency detecting module, and the consistency detecting module determines whether the expected running information is consistent with the running information of the actual running of each BGP node, and In the case of inconsistency, an alarm is sent to the management module, so that the present invention realizes the detection of the consistency of the running information in the AS domain without manual startup, thereby automatically ensuring the security of the BGP. The invention uses the actual running information of the BGP node, so that the actual condition of the network can be truly prepared, so that the detection result can truly reflect whether the network has a problem. The management module is located in the management device, and the consistency detection module may be located in the BGP node or in the management device, or may be located in an independently existing arbitration device, and provides various manners for implementing the present invention. The detection of the running information consistency may be performed after the management module sends new expected running information, or after the running information of the BGP node actually changes, so the present invention can also perform consistency detection in real time, thereby ensuring real-time protection. BGP security. Moreover, in the present invention, the existing BGP or its extended attribute or its extended message may be used to transmit various information between the management device and the BGP node, between the management device and the arbitration device, and between the arbitration device and the BGP node. Various other protocols may also be transmitted by other custom protocols or existing protocols (e.g., Simple Network Management Protocol SNMP), and thus the present invention has wide applicability. BRIEF DESCRIPTION OF THE DRAWINGS
图 1为现有技术的示意图。  Figure 1 is a schematic diagram of the prior art.
图 2为本发明实施例中的一种系统结构示意图。 图 3为 AS域内一种连接方式的示意图。 FIG. 2 is a schematic structural diagram of a system according to an embodiment of the present invention. Figure 3 is a schematic diagram of a connection method in the AS domain.
图 4为本发明实施例中的另一种系统结构示意图。  FIG. 4 is a schematic structural diagram of another system in an embodiment of the present invention.
图 5为本发明实施例中的再一种系统结构示意图。 实施本发明的方式  FIG. 5 is a schematic structural diagram of still another system in the embodiment of the present invention. Mode for carrying out the invention
为使本发明的目的、技术方案和优点更加清楚明白,以下举实施例, 并参照附图, 对本发明进一步详细说明。  The present invention will be further described in detail below with reference to the accompanying drawings.
本发明中才 据 BGP 节点是否进行一致性判定, 提出两种实施例模 型。  In the present invention, two embodiments are proposed based on whether the BGP node performs consistency determination.
第一种是主动模型,由 BGP节点自己判定实际运行信息与预期运行 信息是否一致。 在这种模式下, BGP节点需要了解预期运行信息, 这里 主要包括预期的拓朴信息和 /或策略信息。  The first is the active model, and the BGP node itself determines whether the actual running information is consistent with the expected running information. In this mode, the BGP node needs to know the expected running information, which mainly includes the expected topology information and/or policy information.
图 2是主动模型的结构示意图。参见图 2,在 AS域内包括管理设备 和一个或一个以上 BGP节点。 管理设备包括管理模块; 各 BGP节点内 部分别包括一致性检测模块。一个 BGP节点连接到同一域内的其他所有 或者部分 BGP节点, 每个 BGP节点都连接到管理设备。  Figure 2 is a schematic diagram of the structure of the active model. Referring to Figure 2, the management device and one or more BGP nodes are included in the AS domain. The management device includes a management module; each BGP node internally includes a consistency detection module. A BGP node is connected to all or part of other BGP nodes in the same domain, and each BGP node is connected to the management device.
其中,各 BGP节点通过 IBGP模式运行 BGP协议,在 AS内部传递 路由信息。边界 BGP节点还可以同时作为对外路由的通告者,通过 EBGP 模式同其他 AS进行路由传递。一个 BGP节点上的一致性检测模块可以 通过 BGP节点间的内部接口与本 AS域内的其他 BGP节点交互信息, 从而获取 BGP节点实际运行信息;一致性检测模块进一步比较管理模块 下发的预期运行信息和 BGP节点实际运行信息,判断两者是否一致,并 且在不一致的时候向管理模块告警。 所述告警工作可以由移动性检测模 块内部的告警子模块来完成。  Each BGP node runs BGP in IBGP mode to deliver routing information within the AS. Boundary BGP nodes can also serve as advertisers of external routes and route routes to other ASs through EBGP. The consistency detection module on a BGP node can exchange information with other BGP nodes in the AS domain through the internal interface between the BGP nodes to obtain the actual operation information of the BGP node. The consistency detection module further compares the expected operation information delivered by the management module. And the actual running information of the BGP node to determine whether the two are consistent, and notify the management module when they are inconsistent. The alerting can be done by an alert sub-module within the mobility detection module.
管理模块负责维护 AS 的预期运行信息, 并将这些信息下发给各 BGP节点。 所述预期运行信息主要包含但不限于 AS内部预期的拓朴信 息和 /或策略信息。 其中, AS 内部的拓朴信息主要是指管理模块规划的 AS节点以及节点之间的逻辑和 /或物理互连方式, 例如一般情况下要求 AS内部 BGP节点在逻辑上形成全网状互连的方式; 策略信息主要是管 理模块关心的 AS策略信息, 包括但不限于: 前缀过滤策略、 振荡抑制 策略、 特殊前缀的属性、 本 AS域产生的前缀等。 在主动模式下, 这些 运行信息在 AS内部传播, 不向 EBGP邻居发送。 运行信息还可以包括 对外允许通告的本 AS域产生的前缀信息等。 The management module is responsible for maintaining the expected operational information of the AS and distributing this information to each BGP node. The expected operational information mainly includes, but is not limited to, topology information and/or policy information expected within the AS. The topology information in the AS mainly refers to the AS nodes planned by the management module and the logical and/or physical interconnection between the nodes. For example, the internal BGP nodes in the AS are required to form a full mesh interconnection. The policy information is mainly the AS policy information that the management module is interested in, including but not limited to: the prefix filtering policy, the oscillation suppression policy, the attributes of the special prefix, and the prefix generated by the AS domain. In active mode, these operational information is propagated within the AS and is not sent to EBGP neighbors. The operation information may also include prefix information generated by the local AS domain that is allowed to be advertised, and the like.
上述管理设备与各 BGP节点之间可以采用现有的 BGP协议或其标 准扩展方式(例如扩展新的属性和扩展新的消息类型)、 或者使用现有 传输协议(例如 SNMP )、 或者自定义的协议来传输各种信息。  The above management device and each BGP node may use the existing BGP protocol or its standard extension (such as extending new attributes and extending new message types), or using existing transport protocols (such as SNMP), or custom Protocol to transmit a variety of information.
在主动模型下 , 运行信息一致性检测的过程包括以下步骤: 步骤 11 , 管理模块下发预期运行信息给一致性检测模块, 这里以预 期的拓朴信息和预期的策略信息为例。 管理模块根据 AS域的设计规划 将预期的域内拓朴信息和预期策略信息下发到 AS内部的 BGP节点中的 一致性检测模块。 由于主动模型中一致性检测模块位于 BGP节点内,所 以本实施例下面所述管理模块向一致性检测模块下发预期运行信息, 即 是指管理设备向 BGP节点下发预期运行信息。  In the active model, the process of running the information consistency detection includes the following steps: Step 11: The management module sends the expected running information to the consistency detecting module, where the expected topology information and the expected policy information are taken as an example. The management module delivers the expected intra-domain topology information and expected policy information to the consistency detection module in the BGP node in the AS according to the design plan of the AS domain. Since the consistency detection module in the active model is located in the BGP node, the management module described in the following embodiment delivers the expected operation information to the consistency detection module, that is, the management device delivers the expected operation information to the BGP node.
预期运行信息下发的方式可以采用带内以及带外的方式, 即管理设 备可以使用 BGP协议或其标准扩展方式,例如扩展新的属性和扩展新的 消息类型, 向其他 BGP节点下发信息, 也可以采用其它协议, 如简单网 管协议 ( SNMP )等带外方式下发。 本发明的实施例并不限制下发的方 式。  The way in which the running information is delivered can be in-band and out-of-band. That is, the management device can use the BGP protocol or its standard extensions, such as extending new attributes and extending new message types, and sending information to other BGP nodes. Other protocols, such as the Simple Network Management Protocol (SNMP), can also be used in the outband mode. Embodiments of the invention do not limit the manner in which the invention is issued.
运行信息的下发可以在域内预期运行信息发生改变的情况下由管理 备进行下发,也可以在新的 BGP节点同管理设备建立连接的时候触发 管理设备下发,也可以在域内 BGP节点的一致性检测模块请求后进行下 发。 The delivery of the running information can be delivered by the management standby when the expected running information is changed in the domain, or when a new BGP node establishes a connection with the management device. The management device delivers the configuration, and can also be delivered after the request is made by the consistency detection module of the BGP node in the domain.
在本发明的实施例中, 拓朴信息的表示方法不限。 例如可以采用逻 辑连接的方式进行描述, 以全网状互连拓朴为例, 假设 AS域内共有 5 个 BGP节点: A、 B、 C、 D、 E。 则仅仅需要下发 {A、 B、 C、 D、 E}集 合, 就可以表示拓朴信息; 非全互联情况可以按照类似方式定义。 还可 以采用对连接进行描述的方式, 以图 3中的拓朴为例, 可以用如下描述 表示拓朴信息: "A、 B、 C为一个簇, 其中 C为反射器, C同非客户 D 相邻, B同 E相邻。" BGP节点才艮据拓朴信息可以计算出互连情况。  In the embodiment of the present invention, the representation method of the topology information is not limited. For example, a logical connection can be used for description. Take the full mesh interconnection topology as an example. Assume that there are five BGP nodes in the AS domain: A, B, C, D, and E. You only need to deliver the {A, B, C, D, E} collection to represent the topology information; the non-full interconnection situation can be defined in a similar way. You can also use the way to describe the connection. Take the topology in Figure 3 as an example. You can use the following description to represent the topology information: "A, B, C are a cluster, where C is a reflector, C is a non-customer D. Adjacent, B is adjacent to E. "The BGP node can calculate the interconnection according to the topology information.
本发明的实施例也不限定策略的内容, 如前所述可能的策略举例如 下: 前缀过滤策略, 例如规划外发的时候应该过滤某些私有的地址空间 的前缀等;、振荡抑制策略, 例如是否应该实施振荡抑制以及采用何种振 荡抑制策略等; 特殊前缀的属性, 例如对于特定的到达重要资源的路由 应该保持其有效性等; 本 AS域产生的前缀, 即 AS允许产生并向外通 告的前缀。 本发明实施例中的策略包括上述任意一种或者它们的任意組 合。  The embodiment of the present invention does not limit the content of the policy. For example, the possible policy is as follows: The prefix filtering policy, for example, the pre-processing of the private address space should be filtered, and the oscillation suppression policy, for example, Whether the oscillation suppression and the oscillation suppression strategy should be implemented; the attributes of the special prefix, for example, the specific route to the important resource should be kept valid; the prefix generated by the AS domain, that is, the AS is allowed to generate and advertise The prefix. The strategy in the embodiments of the present invention includes any one of the above or any combination thereof.
另外, 按照策略的使用范围, AS中策略可以划分为: AS内部所有 BGP节点使用的共有策略; AS内部的部分 BGP节点使用的局部策略, 例如在联盟内部使用的策略; AS 内的特定节点使用的节点策略。 本发 明实施例所指的策略可能包含上述任何类型的策略。  In addition, according to the scope of the policy, the policies in the AS can be divided into: a common policy used by all BGP nodes in the AS; a local policy used by some BGP nodes in the AS, such as a policy used within the alliance; and a specific node in the AS. Node policy. The policies referred to in the embodiments of the present invention may include any of the above types of policies.
AS域内的 BGP节点可以分为通告节点和内部节点两类。 其中, 通 告节点除了运行 IBGP协议外,还要向 AS域外通告路由 ,同时运行 IBGP 模式和 EBGP模式的 BGP协议, 由于对外通告路由因此具有全局的影 响力; 内部节点是指 AS内部不运行 EBGP协议的节点。 因此, 并非所 有的预期运行信息都需要下发到所有的 BGP节点中,可以向不同节点下 发与其对应的预期运行信息,例如向使用局部策略的部分 BGP节点下发 局部策略, 而不向其它 BGP节点下发给局部策略。 The BGP nodes in the AS domain can be classified into two types: the advertising node and the internal node. In addition to running the IBGP protocol, the advertised node also advertises the route to the outside of the AS. The BGP protocol in the IBGP mode and the EBGP mode has the global influence. The internal node refers to the internal EBGP protocol. Node. Therefore, not all expected operational information needs to be delivered to all BGP nodes, and can be sent to different nodes. The corresponding running information is sent to the BGP node that uses the local policy, and the local policy is not sent to other BGP nodes.
步骤 12, BGP节点获取实际运行信息。  Step 12: The BGP node obtains actual running information.
其中, 以图 3中的连接关系为例, 拓朴信息的形成包括: 相邻 BGP 节点之间传递实际的互连信息, C向 A通告其同客户 B、非客户 D连接, 这样 A就知道自身同 A、 B、 D可连通, 依此类推最终每个节点都知道 自身的逻辑互连情况;各 BGP节点根据所收到的邻居节点发送的互连信 息结合与自身相邻的节点信息进行计算, 得出如图 3所示的与实际相同 的内部互连的拓朴信息, 即: A、 B、 C形成一个簇, 因此逻辑上全互连; 邻居 D连接到反射器 C上, 所以 A、 B、 C、 D全互连; 而邻居 E连接 到反射器 C的客户 B上。  For example, taking the connection relationship in FIG. 3 as an example, the formation of topology information includes: transmitting actual interconnection information between adjacent BGP nodes, and C notifying A to connect with customer B and non-client D, so that A knows It can communicate with A, B, and D. In the end, each node knows its own logical interconnection. Each BGP node combines the neighbor information sent by the neighbor node with its neighboring node information. The calculation results in the topology information of the internal interconnections as shown in FIG. 3, that is: A, B, and C form a cluster, and thus are logically completely interconnected; the neighbor D is connected to the reflector C, so A, B, C, and D are all interconnected; and neighbor E is connected to client B of reflector C.
可以由多种情况激发获取拓朴信息的过程。例如建立了新的 BGP邻 居或者邻居断开, 节点需要向其它相邻者通告新的连接信息。 这样在 AS内每个 BGP节点都可以实时了解当前域内的拓朴信息。  The process of obtaining topology information can be motivated by a variety of situations. For example, if a new BGP neighbor or neighbor is disconnected, the node needs to announce new connection information to other neighbors. In this way, each BGP node in the AS can know the topology information in the current domain in real time.
BGP节点上的策略信息, 可以是配置的, 也可以是从 IBGP邻居学 习的, 本发明的实施例并不限制其来源。  The policy information on the BGP node may be configured or learned from an IBGP neighbor, and embodiments of the present invention do not limit its source.
上述步骤 11和步骤 12的执行没有先后顺序关系, 之所以分成两个 步驟, 只是为了使对本发明的描述更加清楚。  The above steps 11 and 12 are performed in a non-sequential relationship, and are divided into two steps only to make the description of the present invention clearer.
步骤 13, BGP节点中的一致性检测模块, 判断管理模块下发的预期 运行信息与实际运行信息是否一致, 并在不一致的情况下向管理模块告 警, 还可以进一步限制实际运行信息的生效, 例如限制不一致通告向外 发送。 在一致的情况下, 可以进行其它搡作或不作操作。  Step 13: The consistency detection module in the BGP node determines whether the expected operation information delivered by the management module is consistent with the actual operation information, and alarms the management module when the information is inconsistent, and further limits the effectiveness of the actual operation information, for example, The restriction inconsistency notification is sent out. In the case of consistency, other operations or no operations may be performed.
对于拓朴信息,各 BGP节点的一致性检测模块根据当前实际配置的 互连情况的拓朴信息, 对照管理模块下发的拓朴信息进行检测, 判断两 者是否一致。如果发现不一致, 即发现连通性问题, 则向管理模块告警。 如图 3所示, 实际的连接情况为: A、 B、 C、 D形成逻辑上的全网状连 接, E通过反射器 C的客户 B与该全连接关联, 这样 E无法收到 A、 C、 D的信息, 没有形成全局逻辑上的全网状连接。 如果预期的拓朴信息为 A、 B、 C、 D、 E形成全局的全网状连接, 那么 BGP中的一致性检测模 块就判断出两者不一致, 从而向管理模块发出告警。 一般情况下, 可能 的拓朴信息不一致的情况如: 没有实现管理模块要求的连通性, 此时可 能造成路由通告缺失; 有额外的连通节点, 例如可能同非规划的邻居建 立了 BGP连接等, 可能导致信息泄漏等。 For the topology information, the consistency detection module of each BGP node detects the topology information sent by the management module according to the topology information of the currently configured interconnection, and determines whether the two are consistent. If an inconsistency is found, that is, a connectivity problem is found, the management module is alerted. As shown in Figure 3, the actual connection situation is: A, B, C, D form a logical full mesh connection, E through the reflector C customer B is associated with the full connection, so E can not receive A, C The information of D does not form a full mesh connection on the global logic. If the expected topology information is A, B, C, D, and E form a global full mesh connection, the consistency detection module in the BGP determines that the two are inconsistent, thereby issuing an alarm to the management module. In general, the possible topology information is inconsistent. For example, the connectivity required by the management module is not implemented. In this case, the route advertisement may be missing. There are additional connected nodes, for example, BGP connections may be established with non-planned neighbors. May cause information leakage, etc.
对于策略信息,各 BGP节点的一致性检测模块判断管理模块下发的 策略信息是否与本地策略一致, 如果检测到不一致, 则向管理模块发出 告警, 还可以进一步限制实际运行信息的生效, 例如限制不一致通告向 外发送。  For the policy information, the consistency detection module of each BGP node determines whether the policy information sent by the management module is consistent with the local policy. If an inconsistency is detected, an alarm is sent to the management module, and the actual operation information is further restricted, for example, Inconsistent notifications are sent out.
第二种是被动模型, 由管理设备或仲裁设备进行一致性的判定。 在 这种模型中, 普通 BGP节点并不具有整个 AS内的预期运行信息。 因此 被动模型可以避免主动模型中 BGP 节点拥有预期运行信息而可能造成 泄漏的问题。  The second is a passive model, which is determined by the management device or the arbitration device. In this model, a normal BGP node does not have expected operational information throughout the AS. Therefore, the passive model can avoid the problem that the BGP node in the active model has the expected operational information and may cause leakage.
图 4为被动模型中由管理设备进行一致性检测的系统结构示意图。 当由管理设备进行一致性检测时, 系统结构图与图 2类似,所不同的是, 一致性检测模块位于管理设备中。 在这种情况下, 管理模块负责维护 AS预期运行信息, 并将这些信息通过内部接口下发给一致性检测模块。 一致性检测模块根据该预期运行信息和从 BGP 节点获取的实际运行信 息, 判断两者是否一致, 并且在不一致的时候, 通过内部接口向管理模 块告警。 BGP节点在自身运行信息发生改变时、一致性检测模块发送通 知或其它情况下将实际运行信息发送给管理设备中的一致性检测模块。  Figure 4 is a schematic diagram of the structure of a system for consistency detection by a management device in a passive model. When the consistency check is performed by the management device, the system structure diagram is similar to that of FIG. 2, except that the consistency detection module is located in the management device. In this case, the management module is responsible for maintaining the expected operational information of the AS and sending the information to the consistency detection module through the internal interface. The consistency detection module determines whether the two are consistent according to the expected running information and the actual running information obtained from the BGP node, and alarms the management module through the internal interface when the information is inconsistent. The BGP node sends the actual running information to the consistency detecting module in the management device when the self-running information changes, the consistency detecting module sends a notification, or other conditions.
被动模式下, 采用图 4所示系统进行一致性检测的方法包括以下步 驟: In the passive mode, the method for performing consistency detection using the system shown in FIG. 4 includes the following steps. Step:
步骤 21, 管理模块通过内部接口将预期运行信息下发给一致性检测 模块。  Step 21: The management module sends the expected running information to the consistency detecting module through the internal interface.
步骤 22, BGP节点获取实际运行信息, 并将所获取的实际运行信息 发送给管理设备中的一致性检测模块。其中 BGP节点获取实际运行信息 的过程与主动模式相同, 这里不再赘述。  Step 22: The BGP node obtains the actual running information, and sends the obtained actual running information to the consistency detecting module in the management device. The process in which the BGP node obtains the actual running information is the same as the active mode, and is not described here.
这里, BGP节点可以是主动将实际运行信息发送给管理设备, 例如 实际运行信息发生变化时; 也可以是管理设备向 BGP 节点发送通知, BGP节点收到通知后再将实际运行信息发送给管理设备。  Here, the BGP node may actively send the actual running information to the management device, for example, when the actual running information changes; or the management device sends a notification to the BGP node, and the BGP node sends the actual running information to the management device after receiving the notification. .
上述步骤 21和步骤 22的执行没有先后顺序关系, 之所以分成两个 步骤, 只是为了描述清楚的目的。  The above steps 21 and 22 are not sequential, and are divided into two steps for the purpose of clarity.
步骤 23 , —致性检测模块判断预期运行信息与从 BGP节点获取的 实际运行信息是否一致, 并在不一致的情况下通过内部接口向管理模块 告警。 在一致的情况下, 可以进行其它操作或不作操作。 具体的判断过 程与主动模式中的判断过程相同, 这里不再赘述。  Step 23: The causality detecting module determines whether the expected running information is consistent with the actual running information obtained from the BGP node, and sends an alarm to the management module through the internal interface if the information is inconsistent. In the case of consistency, other operations or no operations may be performed. The specific judgment process is the same as the judgment process in the active mode, and will not be described here.
图 5 是被动模型中由仲裁设备进行一致性检测的系统的结构示意 图。 参见图 5, 在 AS域内包括各 BGP节点、 仲裁设备和管理设备。 一 个 BGP节点连接到同一域内的其他所有或者部分 BGP节点, 每个 BGP 节点都连接到仲裁设备, 而仲裁设备连接到管理设备。 其中, 管理设备 负责维护 AS预期的部署信息, 并将这些信息下发给仲裁设备。 仲裁设 备为独立存在的一致性检测模块,负责收集 BGP节点当前的实际运行信 息, 并同管理设备下发的预期运行信息进行比较, 判断两者是否一致, 并在不一致的时候向管理设备发出告警。 BGP节点在自身运行信息发生 改变时、 仲裁设备发送通知或其它情况下将实际运行信息发送给仲裁设 备。 在上述管理设备与 BGP节点之间、管理设备与仲裁设备之间以及仲 裁设备与 BGP节点之间可以采用现有的 BGP协议或其扩展属性或者自 定义的协议来传输各种信息, Figure 5 is a schematic diagram of the structure of a system for consistency detection by an arbitration device in a passive model. Referring to FIG. 5, each BGP node, arbitration device, and management device are included in the AS domain. A BGP node is connected to all or part of other BGP nodes in the same domain. Each BGP node is connected to the quorum device, and the quorum device is connected to the management device. The management device is responsible for maintaining the deployment information expected by the AS and delivering the information to the arbitration device. The arbitrating device is an independent consistency detection module. It collects the current running information of the BGP node and compares it with the expected running information sent by the management device to determine whether the two devices are consistent and send alarms to the management device when they are inconsistent. . The BGP node sends the actual running information to the arbitration device when the self-running information changes, the arbitration device sends a notification, or other conditions. The existing BGP protocol or its extended attributes or a customized protocol may be used to transfer various information between the management device and the BGP node, between the management device and the arbitration device, and between the arbitration device and the BGP node.
被动模式下, 采用图 5所示系统进行一致性情况的检测包括以下步 骤:  In the passive mode, the detection of the consistency condition using the system shown in Figure 5 includes the following steps:
步骤 31 , 管理设备将预期运行信息下发给仲裁设备。  Step 31: The management device sends the expected running information to the arbitration device.
步骤 32, BGP节点获取实际运行信息, 并将所获取的实际运行信息 发送给仲裁设备。其中 BGP节点获取实际运行信息的过程与主动模式相 同, 这里不再赘述。  Step 32: The BGP node obtains actual running information, and sends the obtained actual running information to the arbitration device. The process in which the BGP node obtains the actual running information is the same as the active mode, and is not described here.
这里, BGP节点可以是主动将实际运行信息发送给仲裁设备, 例如 实际运行信息发生变化时; 也可以是仲裁设备向 BGP 节点发送通知, BGP节点收到通知后再将实际运行信息发送给仲裁设备。  Here, the BGP node may actively send the actual running information to the arbitrating device, for example, when the actual running information changes; or the arbitrating device sends a notification to the BGP node, and the BGP node sends the actual running information to the arbitrating device after receiving the notification. .
上述步骤 31和步骤 32的执行没有先后顺序关系, 之所以分成两个 步骤, 只是为了描述清楚的目的。  The above steps 31 and 32 are performed in no order, and are divided into two steps for the purpose of clarity.
步骤 33, 仲裁设备判断管理设备下发的预期运行信息与从 BGP节 点获取的实际运行信息是否一致, 并在不一致的情况下向管理设备告 警。 在一致的情况下, 可以进行其它操作或不作操作。 具体的判断过程 与主动模式中的判断过程相同, 这里不再赘述。  Step 33: The arbitrating device determines whether the expected running information delivered by the management device is consistent with the actual running information obtained from the BGP node, and reports the alarm to the management device if the information is inconsistent. In the case of consistency, other operations or no operations may be performed. The specific judgment process is the same as the judgment process in the active mode, and will not be described here.
以下描述被动模型时主要以一致性检测模块独立存在为仲裁设备为 例说明, 一致性检测模块位于管理设备中的情况与此类似。  The following description of the passive model is mainly based on the case where the consistency detection module is independently present as an arbitration device, and the case where the consistency detection module is located in the management device is similar.
在上述实施例中, 为了保护预期运行信息的安全, 可以在 AS 内使 用类似公钥基础设施(PKI ) 系统, 具体来说, 管理模块使用私钥对于 AS内的预期的运行信息进行签名, 仲裁设备或 BGP节点可以使用管理 模块的公钥验证所述预期的运行信息的真实性。  In the above embodiment, in order to protect the security of the expected operational information, a similar public key infrastructure (PKI) system may be used within the AS. Specifically, the management module uses the private key to sign the expected operational information in the AS, and arbitrate. The device or BGP node can verify the authenticity of the expected operational information using the public key of the management module.
另夕卜, AS内部节点同管理模块或仲裁设备之间的传输通道可以使用 加密的方式进行传输, 这样可以保障传输的私密性。 同时也可以采用完 整性保护方式, 保证信息传输过程中内容未被修改。 In addition, the transmission channel between the AS internal node and the management module or the arbitration device can be used. Encrypted transmission, which guarantees the privacy of the transmission. At the same time, the integrity protection mode can also be adopted to ensure that the content is not modified during the information transmission.
另外, 管理模块在下发预期运行信息的时候, 可以在预期运行信息 中携带时间戳字段, 一致性检测模块根据时间戳字段判断所收到的预期 运行信息是否比本地的预期运行信息新, 如果是, 则用收到的预期运行 信息替换本地旧的预期运行信息, 并以替换后新的预期运行信息与实际 运行信息作比较, 否则不作替换。  In addition, when the management module delivers the expected running information, the management module may carry a timestamp field in the expected running information, and the consistency detecting module determines, according to the timestamp field, whether the received expected running information is newer than the local expected running information, if , replace the local old expected running information with the expected running information received, and compare the new expected running information with the actual running information after replacement, otherwise it will not be replaced.
在实际使用中, 一致性检测可以在系统运行情况变化或者新的规划 信息下发的时候进行。 为了不影响系统运行, 一致性检测模块可以选择 在中央处理单元(CPU ) 空闲时间进行后台检测。 在判断得出不一致的 情况下, BGP节点或仲裁设备可以使用带内或者带外措施向管理模块或 其它网管站进行告警, 以通告管理员进行问题排查; 还可以进一步限制 实际运行信息的生效, 例如对于不一致策略相关的通告信息进行限制发 送。 本发明实施例中不仅可以在判断不一致时进行告警, 而且可以在拓 朴信息以及策略信息恢复一致后, 由一致性检测模块向管理模块上报恢 复一致的通告信息, 或者由一致性检测模块周期性地上报一致的结果, 以便应对信息丟失的情况。  In actual use, consistency detection can be performed when system operating conditions change or new planning information is sent. In order not to affect the system operation, the consistency detection module can choose to perform background detection in the central processing unit (CPU) idle time. In the case where the judgment is inconsistent, the BGP node or the arbitrating device may use an in-band or out-of-band measure to alert the management module or other network management station to notify the administrator to perform troubleshooting. Further, the actual operation information may be further restricted. For example, the notification information related to the inconsistent policy is restricted. In the embodiment of the present invention, the alarm can be performed not only when the judgment is inconsistent, but also after the topology information and the policy information are restored, the consistency detection module reports the consistent notification information to the management module, or is periodically determined by the consistency detection module. Report consistent results on the ground in order to deal with the loss of information.
通过本发明的实施, 可以察觉外界对 BGP节点的攻击。 假设 BGP 节点被攻占,攻占者修改了运行环境,更改了 BGP节点的策略以及互连 情况等。 此时一致性检测模块就会检测出不一致, 并进行后续处理, 因 此攻击会被及时发现。 如果攻击者想要实现不被察觉的攻击, 必须同时 攻占 BGP节点以及仲裁设备或管理设备,而这一点在实际中通常是难以 达到的。  Through the implementation of the present invention, external attacks on BGP nodes can be detected. Assuming that the BGP node is compromised, the attacker modifies the operating environment, changes the policy of the BGP node, and interconnects. At this point, the consistency detection module will detect the inconsistency and perform subsequent processing, so the attack will be discovered in time. If an attacker wants to achieve an undetected attack, it must simultaneously capture the BGP node and arbitrate or manage the device, which is often difficult to achieve in practice.
AS内部 BGP节点同管理设备或仲裁设备之间发送信息可以采用认 证机制, 管理设备和仲裁设备之间也可以采用认证或者双向认证的机 制, 从而避免将信息发送到伪造的攻击者。 The authentication mechanism may be adopted for the information sent between the internal BGP node of the AS and the management device or the arbitration device. The authentication device or the two-way authentication device may also be used between the management device and the arbitration device. System to avoid sending information to forged attackers.
另夕卜,为了避免由 BGP通告节点的误配置导致的对外通告了错误路 由引起全网的路由问题, 可以考虑对于配置生效进行强制的同步。 也就 是, 当对于 BGP节点更新了配置, 实际运行信息发生改变时, 必须在进 行一致性检测并判断出一致后, 新的配置方能生效, 如果没有通过一致 性检测则配置不生效。这样做可以很好地应对由于当前 BGP的误配置所 带来的全局影响。  In addition, in order to avoid the routing problem caused by the wrong route caused by the misconfiguration of the BGP advertising node, the network may be forced to synchronize. That is, when the configuration is updated for the BGP node and the actual running information is changed, the new configuration must take effect after the consistency check is performed and the consistency is determined. If the consistency check is not performed, the configuration does not take effect. This is a good solution to the overall impact of current BGP misconfigurations.
下面针对可以由本 AS域产生的前缀这一策略, 再具体描述本发明 的一个具体实施例,本实施例主要检测前缀源的有效性。现今 BGP面临 的一个安全问题是前缀源验证的问题,即 BGP协议机制中没有办法检测 AS是否有权声明特定的前缀是否是 AS本身自身产生的。这个问题有可 能由于误配置造成的, 也有可能是设备被攻占而由攻击者造成的。 但是 绝大部分情况是由于前者引起的。 因此如果每个 AS通过使用本发明进 行域内的一致性检测, 可以很好地緩解该问题。  A specific embodiment of the present invention is specifically described below for a policy that can be generated by the AS domain. This embodiment mainly detects the validity of the prefix source. A security problem faced by BGP today is the problem of prefix source authentication. That is, there is no way in the BGP protocol mechanism to detect whether the AS has the right to declare whether a specific prefix is generated by the AS itself. This problem may be caused by misconfiguration, or it may be caused by an attacker if the device is captured. However, most of the cases are caused by the former. Therefore, if each AS performs consistency detection within the domain by using the present invention, the problem can be well alleviated.
首先说明 AS域预期产生的前缀的获取。 获取的方式包括但不局限 于以下几种方法:  First, the acquisition of the prefix expected to be generated by the AS domain will be explained. The methods of obtaining include but are not limited to the following methods:
1. 在管理模块手工进行配置。 由于对于每个 AS来说, 预期产生的 前缀范围在特定时刻是明确的, 因此可以在管理模块上进行手工配置。  1. Manually configure the management module. Since the expected prefix range is specific for each AS at a particular moment, it can be manually configured on the management module.
2. 从权威机构获取。 例如国际因特网地址分配委员会(IANA ) 以 及全球四个主要的地址分配机构未来可能会维护类似的数据库, 管理模 块可以从这些权威机构获取本 AS域预期产生的前缀。  2. Obtained from an authority. For example, the International Internet Assigned Numbers Authority (IANA) and the four major address allocation agencies around the world may maintain similar databases in the future, from which the management module can obtain the prefixes expected from the AS domain.
3. 通过信任的方式获取。如果负责维护前缀产生者同前缀关系的维 护者(例如 ISP ) 实施了 PKI等类似系统用于对这种分配情况进行授权 验证, 则维护者可以通过对于信息进行数字签名的形式保证信息的可靠 性。 通告 BGP节点的实际产生的前缀来源可以是使用例如 network命令 进行配置的,也可以是通过从 IBGP邻居学习或者通过从 IGP和 /或静态 路由中进行重分布获得的实际产生的前缀。 3. Get it by trust. If a maintainer (such as an ISP) responsible for maintaining the prefix relationship with the prefix is implemented by a PKI or the like for performing authorization verification on the allocation, the maintainer can ensure the reliability of the information by digitally signing the information. . The actual generated prefix source of the advertised BGP node may be configured using, for example, the network command, or may be an actually generated prefix learned by learning from an IBGP neighbor or by redistribution from an IGP and/or static route.
以下描述本 AS域产生的前缀的检测过程:  The following describes the detection process of the prefix generated by the AS domain:
在主动模式下,管理模块将 AS预期本 AS域产生的前缀下发到通告 BGP节点中。各通告 BGP节点将预期本 AS域产生的前缀同本地实际产 生的前缀相比较, 判断两者是否一致, 并在不一致的情况下, 向管理模 块告警, 即上报不一致信息, 还可以进一步限制实际运行信息的生效, 例如限制不一致通告向外发送。  In the active mode, the management module sends the prefix generated by the AS to the BGP node. Each of the advertised BGP nodes compares the prefix generated by the local AS with the prefix actually generated by the local device, and determines whether the two are consistent. If the two are inconsistent, the BGP node sends an alarm to the management module, that is, reports the inconsistency information, and further restricts the actual operation. The information is valid, for example, the restriction inconsistency notification is sent out.
在被动模式下,如果是管理设备进行一致性检测,则管理模块将 AS 预期本 AS域产生的前缀通过内部接口下发到一致性检测模块, 一致性 检测模块收集各通告 BGP节点的实际产生的前缀信息,并进行比较以判 断两者是否一致, 在不一致的情况下, 向管理模块告警, 还可以进一步 限制实际运行信息的生效, 例如限制相关不一致通告向外发送。  In the passive mode, if the management device performs the consistency check, the management module sends the prefix generated by the AS to the AS to the consistency detection module. The consistency detection module collects the actual generated BGP nodes. The prefix information is compared and compared to determine whether the two are consistent. In the case of inconsistency, the management module is alerted. The actual operation information can be further restricted. For example, the related inconsistency notification is restricted from being sent out.
如果是仲裁设备进行一致性检测,则管理模块将 AS预期本 AS域产 生的前缀下发到仲裁设备中,仲裁设备收集各通告 BGP节点的实际产生 的前缀信息, 并进行比较以判断两者是否一致, 在不一致的情况下, 向 管理模块告警, 即上报不一致信息, 还可以进一步限制实际运行信息的 生效, 例如限制相关不一致通告向外发送。  If the quorum device performs the consistency check, the management module sends the prefix generated by the AS to the arbitrating device, and the arbitrating device collects the prefix information actually generated by each BGP node, and compares it to determine whether the two are Consistently, in the case of inconsistency, the management module is alerted, that is, the inconsistency information is reported, and the actual operation information can be further restricted. For example, the related inconsistency notification is restricted from being sent out.
进一步,在通过了一致性检测之后,通告 BGP节点实际产生的前缀 方能生效, 亦即: 在主动模式下, 通告 BGP节点在判断得出一致的情况 后, 使实际产生的前缀生效, 并向外发送; 在被动模式下, 仲裁设备在 判断得出一致的情况后, 向通告 BGP节点发送许可或不干预通告 BGP 节点相关通告的发送。  Further, after the consistency check is performed, the prefix generated by the BGP node can be validated, that is, in the active mode, after the BGP node is determined to be consistent, the actual generated prefix is validated. External transmission; In the passive mode, after the arbitration device determines that the agreement is consistent, it sends a permission to the advertising BGP node or does not intervene to notify the transmission of the BGP node related advertisement.
管理设备和仲裁设备可以使用内网 IP地址同域内的 BGP节点进行 通信, 这样外部攻击者不易实施针对管理设备和仲裁设备的攻击行为。 攻击者可能通过各种方式进行攻击, 例如攻占 BGP节点或者通过 IGP、 BGP向路由表注人虚假的路由信息。此时通过上述提到的一致性检测方 式以及通过检测后方能生效方式可以应对这些攻击。 The management device and the quorum device can use the intranet IP address to perform the BGP node in the same domain. Communication, such that an external attacker is not easy to implement an attack behavior against the management device and the arbitration device. An attacker may perform attacks in various ways, such as attacking a BGP node or injecting false routing information into the routing table through IGP and BGP. At this point, these attacks can be dealt with by the above-mentioned consistency detection method and by means of detection.
总之, 以上所述仅为本发明的较佳实施例而已, 并非用于限定本发 明的保护范围。 凡在本发明的精神和原则之内, 所作的任何修改、 等同 替换、 改进等, 均应包含在本发明的保护范围之内。  In summary, the above description is only the preferred embodiment of the present invention and is not intended to limit the scope of the present invention. Any modifications, equivalents, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.

Claims

权利要求书 Claim
1、 一种检测边界网关协议 BGP节点运行信息一致性的系统, 包括 至少一个 BGP节点, 其特征在于, 该系统还包括:  A system for detecting a boundary gateway protocol BGP node running information consistency, comprising at least one BGP node, wherein the system further comprises:
管理模块, 用于维护预期运行信息以及将预期运行信息下发给一致 性检测模块;  a management module, configured to maintain expected running information and deliver the expected running information to the consistency detecting module;
一致性检测模块, 用于判断管理模块下发的预期运行信息与从 BGP 节点获取的实际运行信息是否一致。  The consistency detection module is configured to determine whether the expected running information delivered by the management module is consistent with the actual running information obtained from the BGP node.
2、根据权利要求 1所述的系统, 其特征在于, 所述管理模块位于管 理设备内,所述一致性检测模块位于各 BGP节点内或者位于所述管理设 备内。  The system according to claim 1, wherein the management module is located in the management device, and the consistency detection module is located in each BGP node or in the management device.
3、根据权利要求 2所述的系统,其特征在于,所述管理设备和 BGP 节点之间采用带内方式进行通信或采用带外方式进行通信。  The system according to claim 2, wherein the management device and the BGP node communicate in an in-band manner or in an out-of-band manner.
4、根据权利要求 1所述的系统, 其特征在于, 该系统进一步包括独 立存在的仲裁设备, 所述一致性检测模块位于仲裁设备内。  The system of claim 1 wherein the system further comprises an independently existing arbitration device, the consistency detection module being located within the arbitration device.
5、 根据权利要求 4所述的系统, 其特征在于, 所述 BGP节点和仲 裁设备之间采用带内方式进行通信或采用带外方式进行通信。  The system according to claim 4, wherein the BGP node and the arbitration device communicate in an in-band manner or in an out-of-band manner.
6、根据权利要求 3或 5所述的系统, 其特征在于, 其中所述带内方 式包括 BGP消息、 或扩展的 BGP消息、 或扩展的 BGP消息属性; 所述 带外方式包括简单网管协议 SNMP。  The system according to claim 3 or 5, wherein the in-band mode comprises a BGP message, or an extended BGP message, or an extended BGP message attribute; the out-of-band mode includes a simple network management protocol SNMP. .
7、根据权利要求 1所述的系统, 其特征在于, 所述一致性检测模块 进一步包括:  The system according to claim 1, wherein the consistency detecting module further comprises:
告警子模块, 用于在预期运行信息和实际运行信息不一致的情况下 向管理模块发出告警。  The alarm submodule is configured to send an alarm to the management module if the expected running information and the actual running information are inconsistent.
8、 一种检测 BGP节点运行信息一致性的方法, 其特征在于, 该方 法包括以下步骤: 8. A method for detecting consistency of running information of a BGP node, characterized in that the party The method includes the following steps:
一致性检测模块从管理模块获取预期运行信息以及从 BGP 节点获 取实际运行信息;  The consistency detection module obtains expected operation information from the management module and obtains actual operation information from the BGP node;
一致性检测模块判断所述预期运行信息和实际运行信息是否一致。 The consistency detecting module determines whether the expected running information and the actual running information are consistent.
9、 根据权利要求 8所述的方法, 其特征在于, 该方法进一步包括: 所述一致性检测模块在所述预期运行信息和实际运行信息不一致的 情况下向管理模块发出告警。 The method according to claim 8, wherein the method further comprises: the consistency detecting module issuing an alarm to the management module if the expected running information and the actual running information are inconsistent.
10、 根据权利要求 8所述的方法, 其特征在于, 一致性检测模块在 判断所述预期运行信息和实际运行信息是否一致之前进一步包括:  The method according to claim 8, wherein the consistency detecting module further comprises: before determining whether the expected running information and the actual running information are consistent:
一致性检测模块判断所获取的预期运行信息是否比本地已有的预期 运行信息新, 如果是, 则用获取的预期运行信息替换本地已有的预期运 行信息;  The consistency detecting module determines whether the obtained expected running information is newer than the existing expected running information, and if so, replaces the existing expected running information with the obtained expected running information;
步骤 B中所述预期运行信息为替换后的预期运行信息。  The expected running information in step B is the expected running information after the replacement.
11、根据权利要求 8所述的方法, 其特征在于, 该方法进一步包括: 一致性检测模块在预期运行信息和实际运行信息一致的情况下, 使 实际运行信息生效; 否则, 限制实际运行信息的生效。  The method according to claim 8, wherein the method further comprises: the consistency detecting module validating the actual running information if the expected running information and the actual running information are consistent; otherwise, limiting the actual running information. Effective.
12、 根据权利要求 8所述的方法, 其特征在于, 所述一致性检测模 块从管理模块获取预期运行信息的步驟为:  12. The method according to claim 8, wherein the step of obtaining, by the consistency detecting module, the expected running information from the management module is:
管理模块向一致性检测模块下发所述预期运行信息。  The management module delivers the expected operation information to the consistency detection module.
13、 根据权利要求 12所述的方法, 其特征在于, 管理模块在 AS域 内预期运行信息改变之后、或者在新的 BGP节点同管理模块建立连接的 时候、或者接收到一致性检测模块的请求时,向下发所述预期运行信息。  13. The method according to claim 12, wherein the management module, after the expected operational information change in the AS domain, or when the new BGP node establishes a connection with the management module, or receives the request of the consistency detection module , the expected running information is sent down.
14、根据权利要求 12所述的方法, 其特征在于, 所述管理模块向一 致性检测模块下发所述预期运行信息为:  The method according to claim 12, wherein the management module sends the expected operation information to the consistency detection module:
管理模块采用加密方式和 /或完整性保护方式向一致性检测模块下 发所述预期运行信息。 The management module adopts encryption and/or integrity protection to the consistency detection module. Send the expected operational information.
15、根据权利要求 12所述的方法, 其特征在于, 管理模块向一致性 检测模块下发所述预期运行信息之前进一步包括:  The method according to claim 12, wherein the management module further includes: before the delivering the expected running information to the consistency detecting module:
管理模块与一致性检测模块执行认证, 并在认证通过的情况下由管 理模块向一致性检测模块下发所述预期运行信息。  The management module and the consistency detection module perform authentication, and the management module delivers the expected operation information to the consistency detection module when the authentication is passed.
16、 根据权利要求 8所述的方法, 其特征在于, 所述管理模块位于 管理设备内, 所述一致性检测模块位于各 BGP节点内;  The method according to claim 8, wherein the management module is located in a management device, and the consistency detection module is located in each BGP node;
所述一致性检测模块在 BGP 节点的实际运行信息发生变化时或者 在 BGP节点接收到新的预期运行信息时, 执行步驟 B。  The consistency detecting module performs step B when the actual running information of the BGP node changes or when the BGP node receives the new expected running information.
17、 根据权利要求 8所述的方法, 其特征在于, 所述管理模块位于 管理设备内, 所述一致性检测模块位于独立存在的仲裁设备内或位于管 理设备内。  The method according to claim 8, wherein the management module is located in the management device, and the consistency detection module is located in the independent arbitration device or in the management device.
18、根据权利要求 17所述的方法, 其特征在于, 所述一致性检测模 块从 BGP节点获取实际运行信息的步骤为:  The method according to claim 17, wherein the step of obtaining, by the consistency detecting module, the actual running information from the BGP node is:
一致性检测模块通过分析 BGP节点通信流量获取实际运行信息。 The consistency detection module obtains actual operation information by analyzing the communication traffic of the BGP node.
19、根据权利要求 17所述的方法, 其特征在于, 所述一致性检测模 块从 BGP节点获取实际运行信息的步糠为: The method according to claim 17, wherein the step of obtaining the actual running information from the BGP node by the consistency detecting module is:
BGP节点向一致性检测模块上报实际运行信息。  The BGP node reports the actual running information to the consistency detection module.
20、 根据权利要求 19所述的方法, 其特征在于, 所述 BGP节点在 其实际运行信息发生变化时、 或者在其接收到新的预期运行信息时、 或 者在其接收到一致性检测模块的通知时, 向一致性检测模块上报实际运 行信息。  The method according to claim 19, wherein the BGP node, when its actual running information changes, or when it receives new expected running information, or when it receives the consistency detecting module When notified, the actual running information is reported to the consistency detection module.
PCT/CN2006/003238 2006-04-24 2006-11-30 A system for detecting the running information consistency of border gateway protocol nodes and a method thereof WO2007121627A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200610075895.0 2006-04-24
CNA2006100758950A CN101047565A (en) 2006-04-24 2006-04-24 System for detecting consistency of node running information of boundary gateway protocol and its method

Publications (2)

Publication Number Publication Date
WO2007121627A1 true WO2007121627A1 (en) 2007-11-01
WO2007121627A8 WO2007121627A8 (en) 2008-02-21

Family

ID=38624529

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2006/003238 WO2007121627A1 (en) 2006-04-24 2006-11-30 A system for detecting the running information consistency of border gateway protocol nodes and a method thereof

Country Status (2)

Country Link
CN (1) CN101047565A (en)
WO (1) WO2007121627A1 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105791244B (en) * 2014-12-26 2019-02-12 中国电信股份有限公司 For the method for routing change, border router and system between control domain
CN104601478A (en) * 2014-12-30 2015-05-06 北京华为朗新科技有限责任公司 Method and device for constructing message forwarding, sending, receiving and multicasting paths
CN106470154A (en) * 2015-08-17 2017-03-01 中兴通讯股份有限公司 Border Gateway Protocol (BGP) route source processing method and processing device
CN105959225B (en) * 2016-04-28 2019-05-07 新华三技术有限公司 Improve BGP routing convergence speed method and device
CN107454069B (en) * 2017-07-21 2020-04-21 河南工程学院 Inter-domain routing system mimicry protection method based on AS security alliance
EP4016941A4 (en) 2019-08-15 2022-11-23 Huawei Technologies Co., Ltd. Method for learning routing, method for forwarding report, device, and storage medium
CN114143807B (en) * 2021-10-27 2023-08-08 中盈优创资讯科技有限公司 Route registration integrity rate evaluation method and device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001111617A (en) * 1999-10-08 2001-04-20 Nippon Telegr & Teleph Corp <Ntt> Path comparison display method and system in internet and recording medium recording this method
CN1697407A (en) * 2005-06-30 2005-11-16 信息产业部电信传输研究所 Implementation method and system for testing consistency of border gateway protocol of supporting IPv6

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001111617A (en) * 1999-10-08 2001-04-20 Nippon Telegr & Teleph Corp <Ntt> Path comparison display method and system in internet and recording medium recording this method
CN1697407A (en) * 2005-06-30 2005-11-16 信息产业部电信传输研究所 Implementation method and system for testing consistency of border gateway protocol of supporting IPv6

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WANG HUANRAN ET AL.: "Policy-based BGP configuration management model", JOURNAL OF TSINGHUA UNIVERSITY (SCIENCE AND TECHNOLOGY), vol. 45, no. 4, 1 April 2005 (2005-04-01), pages 492 - 496 *

Also Published As

Publication number Publication date
WO2007121627A8 (en) 2008-02-21
CN101047565A (en) 2007-10-03

Similar Documents

Publication Publication Date Title
Oorschot et al. On interdomain routing security and pretty secure BGP (psBGP)
Wan et al. Pretty Secure BGP, psBGP.
Murphy et al. OSPF with digital signatures
JP3676989B2 (en) How to validate notification of newly defined customer network routes
CN101095321B (en) Method of operating a network
Karlin et al. Autonomous security for autonomous systems
WO2007121627A1 (en) A system for detecting the running information consistency of border gateway protocol nodes and a method thereof
US6931016B1 (en) Virtual private network management system
Zhao et al. Private and verifiable interdomain routing decisions
JP2020505839A (en) Computer-implemented system and method for updating a network&#39;s knowledge of a network&#39;s topology
CN101242324B (en) A remote secure access method and system based on SSL protocol
Wu et al. A source address validation architecture (SAVA) testbed and deployment experience
WO2016082275A1 (en) Bgp route authentication method based on hop-by-hop monitoring
Boldyreva et al. Provable security of S-BGP and other path vector protocols: model, analysis and extensions
Siddiqui et al. A survey on the recent efforts of the Internet Standardization Body for securing inter-domain routing
WO2021212851A1 (en) Packet full life cycle-oriented decentralized security guarantee method and device
Li et al. Enhancing the trust of internet routing with lightweight route attestation
CN109698791A (en) A kind of anonymous cut-in method based on dynamic route
WO2018235085A1 (en) Method of certifying ownership of internet protocol addresses and system thereof
Butler et al. A survey of BGP security
WO2021223097A1 (en) Authentication and authorization method for data content in network and computer readable storage medium
Qiu et al. Hi-BGP: A lightweight hijack-proof inter-domain routing protocol
Zhang et al. HC-BGP: A light-weight and flexible scheme for securing prefix ownership
Wang et al. Secure Inter-domain Routing and Forwarding via Verifiable Forwarding Commitments
Reynolds et al. Securing BGP using external security monitors

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 06828211

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06828211

Country of ref document: EP

Kind code of ref document: A1