WO2023092951A1 - Remote attestation application method, apparatus, device, and system, and storage medium - Google Patents

Remote attestation application method, apparatus, device, and system, and storage medium Download PDF

Info

Publication number
WO2023092951A1
WO2023092951A1 PCT/CN2022/091015 CN2022091015W WO2023092951A1 WO 2023092951 A1 WO2023092951 A1 WO 2023092951A1 CN 2022091015 W CN2022091015 W CN 2022091015W WO 2023092951 A1 WO2023092951 A1 WO 2023092951A1
Authority
WO
WIPO (PCT)
Prior art keywords
network element
element device
routing information
priority
trusted
Prior art date
Application number
PCT/CN2022/091015
Other languages
French (fr)
Chinese (zh)
Inventor
吴迪
张轶炯
曹斌
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2023092951A1 publication Critical patent/WO2023092951A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0823Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
    • H04L41/0836Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability to enhance reliability, e.g. reduce downtime
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0823Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0894Policy-based network configuration management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/38Flow based routing

Definitions

  • the present application relates to the technical field of communication, and in particular to an application method, device, equipment, system and storage medium of remote certification.
  • the remote attestation (remote attestation, RA) process is a process of performing credible measurement on the network element device based on the measurement information corresponding to the network element device.
  • the RA result can be obtained through the RA process, and the RA result is used to indicate the trusted state of the network element device. Therefore, the RA result can be applied to the management of network element devices, thereby improving the reliability of management.
  • This application provides an application method, device, equipment, system and storage medium for remote attestation, so as to apply RA results to the management of network element equipment, thereby improving the reliability of management.
  • the technical solution is as follows.
  • a remote attestation application method includes:
  • the first network element device first obtains the remote attestation result corresponding to the second network element device.
  • the remote attestation result is used to indicate the trusted status of the second network element device, and the trusted status of the second network element device includes trusted, untrusted or unknown status.
  • the first network element device performs routing management on the second network element device based on the trusted status of the second network element device indicated by the remote attestation result.
  • the remote attestation result is applied to the management process of the second network element device, so that the remote attestation result can be reflected in the routing function of the second network element device. Since the remote attestation result is used to indicate the trusted state of the second network element device, the application of the remote attestation result to manage the second network element device improves the reliability of management, thereby ensuring that the The security of the network architecture, and the security of communication based on the second network element device.
  • the first network element device performs routing management on the second network element device based on the trusted state of the second network element device indicated by the remote attestation result, including: the first network element device obtains the second network element device The routing information corresponding to the second network element device; the first network element device manages the routing information corresponding to the second network element device according to the configured rules based on the trusted state of the second network element device.
  • the routing information corresponding to the second network element device is managed according to the configured rules, so that the first network element device can automatically realize the routing management of the second network element device, and the reliability is high.
  • the configured rules include routing management policies
  • the first network element device performs routing information corresponding to the second network element device according to the configured rules based on the trusted status of the second network element device.
  • Management including: the first network element device determines a target policy that matches the trusted state of the second network element device from the routing management policy; the first network element device performs routing information corresponding to the second network element device according to the target policy manage.
  • routing management policies are configured as rules, and management based on such rules is more flexible.
  • the routing information corresponding to the second network element device includes at least one of the first routing information, the second routing information, the third routing information, and the fourth routing information, where the first routing The information is the routing information that the second network element device needs to publish, the second routing information is the routing information that the second network element device has released, the third routing information is the routing information that the second network element device needs to receive, and the fourth routing information is The routing information received by the second network element device; the target strategy includes at least one of a strategy corresponding to the first routing information, a strategy corresponding to the second routing information, a strategy corresponding to the third routing information, and a strategy corresponding to the fourth routing information Strategy.
  • routing management strategy Based on the routing management strategy, it can manage a variety of routing information, and each routing information corresponds to a different strategy, which is more detailed and flexible.
  • the trusted state of the second network element device is that the second network element device is trusted; the policy corresponding to the first routing information is used to indicate the release of the first routing information; the policy corresponding to the second routing information The policy corresponding to the third routing information is used to indicate to release the third routing information to the second network element device; the policy corresponding to the fourth routing information is used to indicate maintaining the fourth routing information.
  • the second network element device can normally send and receive routing information, so that the probability of traffic passing through the trusted second network element device is the highest.
  • the trusted state of the second network element device is that the second network element device is untrustworthy; the policy corresponding to the first routing information is used to indicate that the first routing information is not to be published; the policy corresponding to the second routing information The policy is used to indicate the withdrawal of the second routing information; the policy corresponding to the third routing information is used to indicate not to publish the third routing information to the second network element device; the policy corresponding to the fourth routing information is used to indicate the withdrawal of the fourth routing information.
  • the second network element device When the second network element device is untrustworthy, the second network element device cannot send and receive routing information normally, so that the probability of traffic passing through the untrusted second network element device is the lowest.
  • the trusted state of the second network element device is that the state of the second network element device is unknown; the policy corresponding to the first routing information is used to indicate the release of the first routing information and the first priority indicator, and the first A priority indicator is used to indicate the priority of the first routing information, the priority of the first routing information is lower than the default priority; the strategy corresponding to the second routing information is used to indicate the release of the second routing information and the second priority indicator , the second priority indicator is used to indicate the priority of the second routing information released this time. The priority of the second routing information released this time is lower than the default priority and lower than that of the second routing information released last time. Priority; the strategy corresponding to the third routing information is used to instruct to release the third routing information to the second network element device; the strategy corresponding to the fourth routing information is used to instruct to maintain the fourth routing information.
  • the second network element device When the state of the second network element device is unknown, although the second network element device can send and receive routing information, it needs to lower the priority of the routing information, so that the probability of traffic passing through the second network element device with an unknown state is the highest probability mentioned above and the lowest probability.
  • the trustworthiness of the three trustworthy states of the second network element device trusted, the second network element device status unknown, and the second network element device untrusted decrease in turn.
  • the probability of the second network element device in the trusted state also decreases in turn. Therefore, the present application can realize that the lower the trustworthiness of the second network element device is, the lower the probability of traffic passing through the second network element device is.
  • the configured rule includes executable code
  • the executable code is used to configure the routing information corresponding to the second network element device with a priority indicator that matches the trusted status of the second network element device
  • the first network element device manages the routing information corresponding to the second network element device according to the configured rules based on the trusted state of the second network element device, including: the first network element device executes the executable code for the second network element device
  • the routing information corresponding to the second network element device is configured with a third priority indicator, where the third priority indicator is a priority indicator that matches the trusted status of the second network element device, and the third priority indicator is used to indicate that the second The priority of the routing information corresponding to the network element device; the first network element device publishes the routing information corresponding to the second network element device and the third priority index.
  • configuring the executable code as a rule requires less work in the configuration process.
  • the routing information corresponding to the second network element device includes at least one of the first routing information and the second routing information, where the first routing information is what the second network element device needs to publish Routing information, the second routing information is the routing information published by the second network element device, and the third priority index includes at least one of the priority index corresponding to the first routing information and the priority index corresponding to the second routing information , the priority indicator corresponding to the first routing information is used to indicate the priority of the first routing information, and the priority indicator corresponding to the second routing information is used to indicate the priority of the second routing information.
  • routing information can be managed, and each routing information corresponds to a different priority.
  • the trusted state of the second network element device is that the second network element device is trusted; the priority of the first routing information and the priority of the second routing information are not lower than the default priority .
  • the trusted state of the second network element device is that the second network element device is not trusted; the priority of the first routing information and the priority of the second routing information are both lower than the default priority.
  • the trusted state of the second network element device is that the state of the second network element device is unknown; the priority of the first routing information and the priority of the second routing information are both lower than the default priority and It is higher than the priority when the second network element device is untrusted.
  • the trustworthiness of the three trusted states of the second network element device being trusted, the second network element device being in an unknown state, and the second network element device being untrusted decreases successively. It can be seen that, when the second network element device with the highest degree of trust is trusted, the routing information corresponding to the second network element device has the highest priority. For the case where the status of the second network element device with the second highest degree of reliability is unknown, the routing information corresponding to the second network element device has the second highest priority. For the case where the second network element device with the lowest degree of trust is not trustworthy, the routing information corresponding to the second network element device has the lowest priority.
  • the trusted second network element device is selected first, the second network element device with unknown status is selected next, and the untrusted second network element device is selected again.
  • the selection probability decreases in turn, and the second network element device is selected.
  • the probability of affects the probability that traffic passes through the second network element device.
  • the priority indicator is a BGP attribute
  • the priority indicator includes a local priority or a multi-exit discriminator, wherein the larger the value of the local priority, the higher the priority indicated by the local priority , the smaller the value of the multi-exit discriminator, the higher the priority indicated by the multi-exit discriminator.
  • the first network element device acquires the remote certification result corresponding to the second network element device, including: the first network element device reads the remote certification result acquisition command, and the remote certification result acquisition command is used to instruct the remote An acquisition path of the certification result: the first network element device acquires the remote certification result according to the acquisition path indicated by the remote certification result acquisition command.
  • the first network element device has a route reflection function, and a BGP connection for performing route reflection is established between the first network element device and the second network element device.
  • Multiplexing the first network element device with the route reflection function to execute the above method does not require additional deployment of other network element devices between the first network element device and the second network element device, and does not require additional establishment of the first network element device and the second network element device.
  • the connection between the two network element devices can be directly connected through BGP. Therefore, the cost of the application process of the remote certification is saved, and the efficiency of the application process of the remote certification is improved.
  • a remote certification application device which includes:
  • An acquisition module configured to acquire a remote attestation result corresponding to the second network element device, the remote attestation result is used to indicate the trusted state of the second network element device, and the trusted status of the second network element device includes trusted, untrusted, or state unknown;
  • the management module is configured to perform routing management on the second network element device based on the trusted state of the second network element device indicated by the remote attestation result.
  • the management module is configured to obtain routing information corresponding to the second network element device; based on the trusted status of the second network element device, the routing information corresponding to the second network element device is configured according to the configured rules. information is managed.
  • the configured rules include routing management policies
  • the management module is configured to determine from the routing management policies a target policy that matches the trusted status of the second network element device; Manage the routing information corresponding to the two network element devices.
  • the routing information corresponding to the second network element device includes at least one of the first routing information, the second routing information, the third routing information, and the fourth routing information, where the first routing The information is the routing information that the second network element device needs to publish, the second routing information is the routing information that the second network element device has released, the third routing information is the routing information that the second network element device needs to receive, and the fourth routing information is The routing information received by the second network element device; the target strategy includes at least one of a strategy corresponding to the first routing information, a strategy corresponding to the second routing information, a strategy corresponding to the third routing information, and a strategy corresponding to the fourth routing information Strategy.
  • the trusted state of the second network element device is that the second network element device is trusted; the policy corresponding to the first routing information is used to indicate the release of the first routing information; the policy corresponding to the second routing information The policy corresponding to the third routing information is used to indicate to release the third routing information to the second network element device; the policy corresponding to the fourth routing information is used to indicate maintaining the fourth routing information.
  • the trusted state of the second network element device is that the second network element device is untrustworthy; the policy corresponding to the first routing information is used to indicate that the first routing information is not to be published; the policy corresponding to the second routing information The policy is used to indicate the withdrawal of the second routing information; the policy corresponding to the third routing information is used to indicate not to publish the third routing information to the second network element device; the policy corresponding to the fourth routing information is used to indicate the withdrawal of the fourth routing information.
  • the trusted state of the second network element device is that the state of the second network element device is unknown; the policy corresponding to the first routing information is used to indicate the release of the first routing information and the first priority indicator, and the first A priority indicator is used to indicate the priority of the first routing information, the priority of the first routing information is lower than the default priority; the strategy corresponding to the second routing information is used to indicate the release of the second routing information and the second priority indicator , the second priority indicator is used to indicate the priority of the second routing information released this time. The priority of the second routing information released this time is lower than the default priority and lower than that of the second routing information released last time. Priority; the strategy corresponding to the third routing information is used to instruct to release the third routing information to the second network element device; the strategy corresponding to the fourth routing information is used to instruct to maintain the fourth routing information.
  • the configured rule includes executable code, and the executable code is used to configure the routing information corresponding to the second network element device with a priority indicator that matches the trusted status of the second network element device , a management module, configured for the first network element device to configure a third priority index for the routing information corresponding to the second network element device by running executable code, wherein the third priority index is the same as the second network element device.
  • the priority indicator that matches the communication status, the third priority indicator is used to indicate the priority of the routing information corresponding to the second network element device; the first network element device publishes the routing information corresponding to the second network element device and the third priority index.
  • the routing information corresponding to the second network element device includes at least one of the first routing information and the second routing information, where the first routing information is what the second network element device needs to publish Routing information, the second routing information is the routing information published by the second network element device, and the third priority index includes at least one of the priority index corresponding to the first routing information and the priority index corresponding to the second routing information , the priority indicator corresponding to the first routing information is used to indicate the priority of the first routing information, and the priority indicator corresponding to the second routing information is used to indicate the priority of the second routing information.
  • the trusted state of the second network element device is that the second network element device is trusted; the priority of the first routing information and the priority of the second routing information are not lower than the default priority .
  • the trusted state of the second network element device is that the second network element device is not trusted; the priority of the first routing information and the priority of the second routing information are both lower than the default priority.
  • the trusted state of the second network element device is that the state of the second network element device is unknown; the priority of the first routing information and the priority of the second routing information are both lower than the default priority and It is higher than the priority when the second network element device is untrusted.
  • the priority indicator is a Border Gateway Protocol BGP attribute
  • the priority indicator includes a local priority or a multi-exit discriminator, wherein the larger the value of the local priority, the priority indicated by the local priority The higher the level, the smaller the value of the multi-exit discriminator, and the higher the priority indicated by the multi-exit discriminator.
  • the obtaining module is used to read the command for obtaining the remote proof result, and the command for obtaining the remote proof result is used to indicate the path for obtaining the remote proof result; to obtain the remote Prove results.
  • the remote attestation application device is applied to the first network element device, the first network element device has a route reflection function, and a routing link is established between the first network element device and the second network element device. Reflected BGP connections.
  • a remote attestation application device in a third aspect, includes a memory and a processor; at least one instruction is stored in the memory, at least one instruction is loaded and executed by the processor, so that the remote attestation application device realizes the first Aspect or a method in any possible implementation of the first aspect.
  • a remote attestation application device in a fourth aspect, includes: a network interface, a memory, and a processor. Wherein, the network interface, the memory and the processor communicate with each other through an internal connection path. The network interface is used to send or receive messages according to the control of the processor. The memory is used to store an instruction, and when the instruction is executed by the processor, the device executes the method in the first aspect or any possible implementation manner of the first aspect.
  • processors there are one or more processors, and one or more memories.
  • the memory may be integrated with the processor, or the memory may be separated from the processor.
  • the memory can be a non-transitory (non-transitory) memory, such as a read-only memory (read only memory, ROM), which can be integrated with the processor on the same chip, or can be set in different On the chip, the application does not limit the type of the memory and the arrangement of the memory and the processor.
  • a non-transitory memory such as a read-only memory (read only memory, ROM)
  • ROM read only memory
  • a remote attestation application system includes a first network element device and at least one second network element device, the first network element device is communicatively connected to the at least one second network element device, and the first network element device
  • the meta-device is used to execute the first aspect or the method in any possible implementation manner of the first aspect.
  • a computer program includes: computer program code, when the computer program code is run by a computer, it causes the computer to execute the methods in the above aspects.
  • a computer-readable storage medium stores programs or instructions. When the programs or instructions are run on a computer, the methods in the above aspects are executed.
  • a chip including a processor, configured to call and execute instructions stored in the memory from the memory, so that the communication device installed with the chip executes the method in the above aspects.
  • another chip including: an input interface, an output interface, a processor, and a memory, the input interface, the output interface, the processor, and the memory are connected through an internal connection path, and the processor is used to execute codes in the memory, When the code is executed, the processor is used to perform the methods in the above aspects.
  • FIG. 1 is a schematic diagram of an implementation environment provided by an embodiment of the present application.
  • FIG. 2 is a schematic structural diagram of a second network element device provided in an embodiment of the present application.
  • FIG. 3 is a schematic flowchart of a remote attestation application method provided in an embodiment of the present application
  • FIG. 4 is a schematic flow chart of applying RA results in a related art provided in an embodiment of the present application.
  • FIG. 5 is a schematic flow diagram of routing information management provided by an embodiment of the present application.
  • FIG. 6 is a schematic structural diagram of a BGP message for routing advertisement provided by an embodiment of the present application.
  • FIG. 7 is a schematic structural diagram of a BGP message for routing withdrawal provided by an embodiment of the present application.
  • FIG. 8 is a schematic flowchart of a selection sequence of routing information provided by an embodiment of the present application.
  • FIG. 11 is a schematic structural diagram of an update-type BGP message provided by an embodiment of the present application.
  • a network element device serving as an RA client generates measurement information and sends the measurement information to a network element device serving as an RA server.
  • the network element device serving as the RA server verifies whether the network element device serving as the RA client is in a trusted state according to the received metric information, thereby obtaining an RA result, and the RA result is used to indicate the trusted state of the network element device serving as the RA client.
  • the first network element device 11 has a route reflection (route reflection, RR) function, and the first network element device 11 and other network element devices including the second network element device 12 are respectively established for A border gateway protocol (BGP) connection for route reflection.
  • a manner in which the first network element device 11 performs route management on the second network element device 12 includes but is not limited to: the first network element device 11 sends a BGP packet.
  • the first network element device 11 having the RR function is a route reflector.
  • the second network element device 12 sends the route to be released to the first network element device 11 with the RR function through the BGP connection, and other network element devices also send the route to be released to the first network element device through the BGP connection.
  • the above-mentioned security hardware includes a security chip, for example, the security chip is a trusted platform module (trusted platform module, TPM) chip, and the TPM chip is security hardware that meets the requirements of the TPM.
  • TPM is an international standard for secure crypto processors.
  • TPM requirements include but are not limited to: use secure hardware to perform key-related functions, and key-related functions include the above-mentioned RA.
  • functions related to keys may also include key generation, random number generation, key storage, etc., which are not limited here.
  • the TPM chip includes a (platform configuration register, PCR), and the TPM chip stores the metric information of the second network element device in the PCR, and the metric information of the second network element device stored in the PCR is also called a PCR value.
  • PCR platform configuration register
  • the second network element device 12 does not include the RA client and the security hardware shown in FIG. 2 , which will not be repeated here.
  • the embodiment of the present application provides a remote attestation application method, which is applied to the first network element device in the above description. As shown in FIG. 3 , the method includes the following steps 301 and 302 .
  • the first network element device obtains a remote attestation result corresponding to the second network element device.
  • the remote attestation result is used to indicate the trusted state of the second network element device.
  • the trusted state of the second network element device includes trusted and untrusted Or the status is unknown.
  • the remote attestation result corresponding to the second network element device acquired by the first network element device is obtained by the second network element device participating in the remote attestation process.
  • the trusted state of the second network element device indicated by the remote attestation result includes: the second network element device is trusted (also known as the remote attestation result is correct), the second network element device is not trusted (also known as the remote attestation result is wrong), or The device status of the second network element is unknown (also known as the remote attestation result is empty).
  • the trust levels of the three trusted states are, from high to low, as follows: the second network element device is trusted, the state of the second network element device is unknown, and the second network element device is untrusted.
  • the acquisition of the remote certification result corresponding to the second network element device by the first network element device includes: the first network element device reads the remote certification result acquisition command, and the remote certification result acquisition command is used to indicate the remote certification result The acquisition path.
  • the first network element device acquires the remote attestation result according to the acquisition path indicated by the remote attestation result acquisition command. It should be noted that no matter whether the first network element device acquires the remote certification result locally or from a network element device other than the local network element device, the first network element device needs to read the remote certification result acquisition command .
  • the remote certification result acquisition path indicated by the remote certification result acquisition command includes, but is not limited to: files, configuration items, etc. in the local or other network element devices. The path to obtain the result is restricted.
  • the first network element device performs routing management on the second network element device based on the trusted state of the second network element device indicated by the remote attestation result.
  • the remote attestation result is applied to the management process of the second network element device, so that the remote attestation result can be reflected in the network function (for example, routing function) of the second network element device. )superior.
  • the remote attestation result is used to indicate the trusted state of the second network element device, the remote attestation result is used to manage the second network element device, which improves the reliability of management, thereby ensuring that the second network element device includes The security of the network architecture of the element device, and the security of communication based on the second network element device.
  • FIG. 4 shows a schematic diagram of the result of applying remote attestation in the related art.
  • the RA server obtains the RA result, it sends the RA result to the network management device (referred to as the network management device), and the user at the network management device can browse the RA result.
  • the user at the network management office manually interferes with the RA client according to the browsed RA results.
  • the related technology requires human intervention, it does not make full use of the trusted state indicated by the remote attestation result, and the reliability is not high.
  • the process of applying the remote attestation result in the related art cannot be reflected in the network function of the second network element device in time. Based on the above description of the embodiments of the present application, it can be seen that the embodiments of the present application can improve the problems existing in the related technologies.
  • the first network element device performs route management on the second network element device based on the trusted state of the second network element device indicated by the remote attestation result, including: the first network element device obtains the second network element device Routing information corresponding to the meta-device. Based on the trusted state of the second network element device, the first network element device manages the routing information corresponding to the second network element device according to configured rules.
  • the first network element device manages the routing information corresponding to the second network element device according to configured rules, so as to implement routing management for the second network element device.
  • the configured rules are rules under BGP global or rules under BGP address family.
  • the rules under BGP global are effective for all BGP address families, and the rules under BGP address families are only effective for some specified BGP address families. This embodiment of this application does not limit the effective scope of the configured rules.
  • the configured rules include routing management policies.
  • the first network element device manages the routing information corresponding to the second network element device according to the configured rules, including: the first network element device determines from the routing management policy The target policy that matches the trusted state of the network element device.
  • the first network element device manages the routing information corresponding to the second network element device according to the target policy.
  • the routing management policy includes policies respectively corresponding to the trusted states of the second network element device. Since the trusted state of the second network element device includes trusted, untrusted, or unknown status, the routing management policy includes the policy corresponding to the trusted second network element device, the policy corresponding to the untrusted second network element device, and the second network element device. Metadevice state unknown corresponding policy. Based on the trusted state of the second network element device, the first network element device can determine the target policy that matches the trusted state of the second network element device from the routing management policy, so as to manage the second network element device according to the target policy routing information.
  • the third routing information is the route that other network element devices have not released to the second network element device, and need to be released to the second network element device at present or in the future. information.
  • the fourth routing information is routing information that has been received by the second network element device, that is, other network element devices have released the fourth routing information to the second network element device before.
  • the first network element device has the RR function, and the first network element device obtains the routing information corresponding to the second network element device, including: the first network element device receives the second network element device and other network element devices The sent routing information is used to obtain the routing information corresponding to the second network element device from the received routing information.
  • the second network element device does not have the RR function
  • the first network element device obtains the routing information corresponding to the second network element device, including: the first network element device obtains from the network element device with the RR function
  • the routing information corresponding to the second network element device, or the first network element device obtains the routing information from the second network element device and other network element devices respectively, and obtains the routing information corresponding to the second network element device from the obtained routing information.
  • the embodiment of the present application does not limit the manner of obtaining the routing information corresponding to the second network element device.
  • the target policy includes at least one of a policy corresponding to the first routing information, a policy corresponding to the second routing information, a policy corresponding to the third routing information, and a policy corresponding to the fourth routing information. strategy.
  • the target policy is also different. Through cases A1-A3, the target policies corresponding to the three trusted states are illustrated respectively.
  • the trusted status of the second network element device is that the second network element device is trusted.
  • each policy included in the target policy refers to the following cases A11-A14.
  • the policy corresponding to the first routing information is used to instruct publishing the first routing information.
  • the first network element device Since the second network element device is trusted, the first routing information that needs to be published by the second network element device can be published to other network element devices.
  • the first network element device has an RR function, and the second network element device sends the first routing information to the first network element device.
  • the first network element device manages the routing information corresponding to the second network element device according to the target policy, including: the first network element device receives the first routing information, and sends other network element devices according to the policy corresponding to the first routing information The device sends a BGP message carrying the first routing information to advertise the first routing information.
  • the first network element device does not have the RR function, and the first network element device sends an instruction to the network element device with the RR function, so that the network element device with the RR function sends the above-mentioned A BGP message carrying the first routing information.
  • FIG. 6 shows a BGP message for routing advertisement
  • the message type of the BGP message is an update type
  • the BGP message includes a BGP message header and message content.
  • the BGP message header includes a marker field, a length field, and a type value field.
  • the marker field is used for BGP authentication
  • the length field is used to indicate the total length of the BGP message, that is, the length of the BGP message header is the same as that of the message.
  • the sum of the length of the message content, and the type value field is used to distinguish different message types.
  • the value of the type value field is 2, which is used to indicate that the message type is an update type.
  • the message content includes a total path attribute length (total path attribute length) field, a path attributes (path attributes) field, and a network layer reachability information (network layer reachability information, NLRI) field.
  • the total path attribute length field is used to indicate the sum of the length of the path attribute field and the length of the NLRI field.
  • the NLRI field is used to carry the routing information to be advertised.
  • the path attribute field is used to carry the BGP attribute of the routing information carried by the NLRI field.
  • the BGP attribute It can be set according to the actual situation.
  • the policy corresponding to the second routing information is used to indicate to maintain the second routing information.
  • the policy corresponding to the third routing information is used to instruct publishing the third routing information to the second network element device.
  • the third routing information that other network element devices need to publish can be published to the second network element device.
  • the first network element device has an RR function, and then other network element devices will send the third routing information to the first network element device.
  • the first network element device manages the routing information corresponding to the second network element device according to the target policy, including: the first network element device receives the third routing information, sends the second network element device The meta-device sends a BGP message carrying the third routing information to advertise the third routing information.
  • the policy corresponding to the fourth routing information is used to indicate to maintain the fourth routing information.
  • the policy corresponding to the first routing information is used to indicate not to publish the first routing information.
  • the first network element device Since the second network element device is untrustworthy, the first routing information that needs to be published by the second network element device cannot be published to other network element devices.
  • the first network element device has an RR function, and the second network element device sends the first routing information to the first network element device.
  • the first network element device manages the routing information corresponding to the second network element device according to the target policy, including: the first network element device does not receive the first routing information, or the first network element device receives the first network element device The first routing information is discarded, or the first network element device receives and stores the first routing information, but does not publish the first routing information. In a word, the first network element device will not publish the first routing information to other network element devices.
  • the policy corresponding to the second routing information is used to indicate to revoke the second routing information.
  • the first network element device Since the second network element device is untrustworthy, other network element devices cannot continue to use the second routing information published by the second network element device.
  • the first network element device has an RR function, so the second routing information is received by the first network element device from the second network element device and released to other network element devices.
  • the first network element device manages the routing information corresponding to the second network element device according to the target policy, including: the first network element device sends the second routing information to other network element devices according to the policy corresponding to the second routing information The BGP message of the information is used to revoke the second routing information.
  • the first network element device does not have the RR function, then the first network element device sends an instruction to the network element device with the RR function, so that the network element device with the RR function sends the carrying A BGP packet of the second routing information.
  • Fig. 7 shows a kind of BGP message that is used to carry out routing withdrawal
  • the message type of this BGP message is update type
  • this BGP message includes BGP message head and message content, BGP message
  • BGP message For details, refer to the description corresponding to Figure 6 in the above case A11, and details will not be repeated here.
  • the message content include withdrawn routes length (withdrawn routes length) field and withdrawn routes (withdrawn routes) field, the withdrawn route length field is used to indicate the length of the withdrawn route field, and the withdrawn route field is used to carry the routing information that needs to be withdrawn.
  • the policy corresponding to the third routing information is used to indicate not to publish the third routing information to the second network element device.
  • the first network element device Since the second network element device is untrustworthy, the third routing information that needs to be published by other network element devices cannot be published to the second network element device.
  • the first network element device has an RR function, and then other network element devices will send the third routing information to the first network element device.
  • the first network element device manages the routing information corresponding to the second network element device according to the target policy, including: the first network element device does not receive the third routing information, or the first network element device receives the third routing information The third routing information is discarded, or, the first network element device receives the third routing information, and the first network element device publishes the third routing information to network element devices other than the second network element device.
  • the first network element device will not publish the third routing information to the second network element device.
  • the first network element device does not have the RR function, then the first network element device sends an instruction to the network element device with the RR function, so that the network element device with the RR function does not issue an instruction to the second network element device Third routing information.
  • the policy corresponding to the fourth routing information is used to indicate to revoke the fourth routing information.
  • the first network element device Since the second network element device is untrustworthy, the second network element device cannot continue to use the fourth routing information published by other network element devices.
  • the first network element device has an RR function, so the fourth routing information is received by the first network element device from other network element devices and published to the second network element device.
  • the first network element device manages the routing information corresponding to the second network element device according to the target policy, including: the first network element device sends to the second network element device carrying the fourth A BGP packet of routing information, so as to revoke the fourth routing information.
  • the first network element device does not have the RR function, then the first network element device sends an instruction to the network element device with the RR function, so that the network element device with the RR function sends an instruction to the second network element device A BGP packet carrying fourth routing information.
  • the trusted state of the second network element device is that the state of the second network element device is unknown.
  • each policy included in the target policy refers to the following cases A31-A34.
  • the policy corresponding to the first routing information is used to instruct the release of the first routing information and the first priority indicator
  • the first priority indicator is used to indicate the priority of the first routing information
  • the priority of the first routing information is lower than Default priority.
  • the first routing information that the second network element device needs to publish can be published to other network element devices, but the priority of the first routing information needs to be lower than the default priority to avoid Other network element devices preferentially select the first routing information. Therefore, the first priority index used to indicate the priority of the first routing information needs to be published together with the first routing information. Wherein, if no priority index is set for the routing information, the routing information corresponds to a default priority index, and the priority indicated by the default priority index is the default priority, and the embodiment of the present application does not set the default priority level is limited.
  • the first network element device has an RR function
  • the second network element device sends the first routing information to the first network element device.
  • the first network element device manages the routing information corresponding to the second network element device according to the target policy, including: the first network element device receives the first routing information, and sends other network element devices according to the policy corresponding to the first routing information The device sends a BGP packet carrying the first routing information and the first priority index.
  • the first network element device does not have the RR function, and the first network element device sends an instruction to the network element device with the RR function, so that the network element device with the RR function sends the above-mentioned A BGP message carrying the first routing information and the first priority index.
  • the first priority indicator is a BGP attribute.
  • the NLRI field in Figure 6 is used to carry the routing information to be advertised
  • the path attribute field is used to carry the BGP attribute of the routing information carried in the NLRI field. Therefore, in the embodiment of the present application, the path attribute field carries the first priority index, and the NLRI field carries the first routing information, thereby obtaining a BGP message carrying the first routing information and the first priority index.
  • there are multiple BGP attributes, and the attribute identifier, attribute name, attribute meaning and attribute type of each BGP attribute are shown in Table 1 below.
  • BGP attributes related to priority include local_pref and MED, so local_pref or MED is used as the first priority index in this embodiment of the application. Therefore, it is necessary to carry local_pref or MED through the path attribute field shown in FIG. 6 above.
  • the path attribute field includes attribute type (attribute type) field, attribute length (attribute type) field and attribute value (attribute value) field in type length value (TLV) format.
  • the attribute type field includes attribute flags (attribute flags) field and attribute type code (attribute type code) field, and the attribute flag field is used to indicate whether the optionality, transitivity, locality and attribute length fields of BGP attributes need to be extended , the attribute tag field can be set based on the attribute type in Table 1 above, and the attribute type number field is used to carry the attribute identifier in Table 1 above.
  • the attribute length field is used to indicate the length of the attribute value field.
  • the attribute value field is used to carry the content corresponding to the attribute identifier carried in the attribute type number field.
  • the attribute value field carries the value of local_pref.
  • the attribute value field carries the value of MED.
  • the value of the first priority indicator needs to be smaller than the default value of local_pref value, which is the default value used to indicate the default priority. For example, if the default value of local_pref is 100, then the value of the first priority index is 30, 50, 70, etc. which are less than 100, and the embodiment of the present application does not limit the value of the first priority index.
  • the smaller the numerical value of the MED the higher the priority indicated by the MED.
  • the value of the first priority index needs to be greater than the default value of MED. value, which is the default value used to indicate the default priority.
  • the default value of the MED is 0, and the value of the first priority index is 20, 50, 100, etc. that are greater than 0.
  • the embodiment of the present application does not limit the value of the MED.
  • the above local_pref and MED are also examples, and do not constitute a limitation on the first priority index, and this embodiment of the present application may also adopt other first priority indexes according to actual needs.
  • FIG. 8 shows a schematic flowchart of a selection sequence of routing information. If there are multiple routing information to the same destination address, and the next hop is reachable, start routing according to the routing criteria shown in FIG. 8 . During the route selection process, among multiple routing information, the routing information with a larger protocol preferred value is preferentially selected. If the protocol preference values of multiple routing information are the same, the routing information with a larger local_pref value is preferred among the multiple routing information, that is, the routing information with a smaller local_pref value will not be preferentially selected.
  • the value of local_pref of multiple routing information is also the same, and the route selection basis (omitted in Figure 8) between local_pref and MED of multiple routing information is the same, then the value of MED is preferentially selected among multiple routing information Small routing information, that is, routing information with a large MED value will not be preferentially selected. If the MED values of multiple routing information are also the same, then continue to use the various routing criteria after the MED for routing (omitted in Figure 8), until the routing criteria of the peer address is used, and the routing is ended process.
  • local_pref or MED is used as the first priority indicator
  • the priority of the first routing information is set by setting the value of the first priority indicator. If the priority is lower than the default, the first routing information can be prevented from being preferentially selected, thereby preventing traffic from preferentially passing through the second network element device whose status is unknown.
  • the strategy corresponding to the second routing information is used to indicate the release of the second routing information and the second priority indicator
  • the second priority indicator is used to indicate the priority of the second routing information released this time
  • the second routing information released this time The priority of the second routing information is lower than the default priority and lower than the priority of the second routing information released last time.
  • the embodiment of the present application releases the second routing information and the second priority index, that is, re-publishing the second routing information, so that the priority of the second routing information released last time is reduced to that indicated by the second priority index priority.
  • the priority of the second routing information released this time is lower than the default priority, and the embodiment of the application does not limit the default priority.
  • the trusted state of the second network element device when the second routing information is released last time does not include that the second network element device is untrustworthy, but only includes that the second network element device is trusted or the state of the second network element device is unknown. If the second network element device is credible when the second routing information was released last time, it means that the second The priority of routing information.
  • the status of the second network element device was unknown when the second routing information was released last time, the status of the second network element device is unknown even though the reliability of the second network element device at the time of this release is the same as that at the time of the last release It has occurred at least twice, so the priority of the second network element device also needs to be lowered this time.
  • the first network element device has an RR function, so the second routing information is received by the first network element device from the second network element device and released to other network element devices.
  • the first network element device manages the routing information corresponding to the second network element device according to the target policy, including: the first network element device receives the second routing information, and sends other network element devices according to the policy corresponding to the second routing information The device sends a BGP packet carrying the second routing information and the second priority indicator.
  • the first network element device does not have the RR function, and the first network element device sends an instruction to the network element device with the RR function, so that the network element device with the RR function sends the above-mentioned A BGP message carrying the second routing information and the second priority index.
  • the second priority indicator is a BGP attribute, and the second priority indicator includes local_pref or MED.
  • the priority indicated by the second priority index is the lowest priority, then when the second priority index includes local_pref, the value of the second priority index is the minimum value of local_pref, and in the second priority
  • the value of the second priority index is the maximum value of MED.
  • the embodiment of this application does not limit the minimum value of local_pref and the maximum value of MED.
  • the NLRI field is used to carry the second routing information, thereby obtaining a BGP message carrying the second routing information and the second priority index.
  • the BGP message carrying the second routing information and the second priority index refer to the description of the BGP message carrying the first routing information and the first priority index in the above case A31, which will not be repeated here.
  • the policy corresponding to the third routing information is used to instruct publishing the third routing information to the second network element device.
  • the policy corresponding to the fourth routing information is used to indicate to maintain the fourth routing information.
  • the first management manner can make the lower the trustworthiness of the second network element device, the lower the probability of traffic passing through the second network element device.
  • the second network element device is trusted (i.e. case A1)
  • the state of the second network element device is unknown (i.e. case A3)
  • the second network element device is untrustworthy (i.e. case A2).
  • the degree of credibility decreases in turn.
  • A1 with the highest degree of credibility can send and receive routing information normally
  • A3 with the second highest degree of credibility can send and receive routing information and lower the priority of routing information
  • A2 with the lowest degree of credibility does not send and receive routing information .
  • the probability of selecting a trusted second network element device is the largest, the probability of selecting a second network element device with an unknown state is the second, and the probability of selecting an untrusted second network element device is the smallest.
  • the lower the degree of trustworthiness of the second network element device is, the lower the probability of traffic passing through the second network element device is.
  • the first management mode has been described above, and the first management mode corresponds to the case where the configured rules include routing management policies.
  • the second management mode will be described, and the second management mode corresponds to the case where the configured rules include executable codes.
  • configured rules include executable code.
  • the executable code is used to configure the routing information corresponding to the second network element device with a priority indicator that matches the trusted status of the second network element device.
  • the first network element device manages the routing information corresponding to the second network element device according to the configured rules, including:
  • the routing information corresponding to the network element device is configured with a third priority index, where the third priority index is a priority index that matches the trusted status of the second network element device, and the third priority index is used to indicate that the second network The priority of the routing information corresponding to the meta-device.
  • the first network element device publishes the routing information and the third priority index corresponding to the second network element device.
  • the first network element device determines that a priority indicator that matches the trusted state of the second network element device needs to be configured for the routing information corresponding to the second network element device, that is, the third priority indicator,
  • the third priority index is used to indicate the priority of the routing information corresponding to the second network element device.
  • the first network element device has an RR function, and thus the second network element device sends routing information corresponding to the second network element device to the first network element device.
  • the first network element device publishes the routing information corresponding to the second network element device and the third priority indicator, including: the first network element device receives the routing information corresponding to the second network element device, and sends the routing information to other network element devices A BGP message carrying routing information corresponding to the second network element device and a third priority index.
  • the first network element device does not have the RR function, then the first network element device sends an instruction to the network element device with the RR function, so that the network element device with the RR function sends the carrying The routing information corresponding to the second network element device and the BGP packet of the third priority indicator.
  • the third priority index is a BGP attribute
  • the third priority index includes local_pref or MED.
  • the path attribute field shown in FIG. 6 is used to carry the third priority index
  • the NLRI field is used to carry the routing information corresponding to the second network element device, so as to obtain the routing information corresponding to the second network element device and the third priority index.
  • the BGP message carrying the routing information corresponding to the second network element device and the third priority indicator please refer to the description of the BGP message carrying the first routing information and the first priority indicator in the above situation A31, which is not mentioned here. Let me repeat.
  • the routing information corresponding to the second network element device includes at least one of the first routing information and the second routing information, where the first routing information is the routing information that the second network element device needs to publish , the second routing information is routing information published by the second network element device.
  • the third priority index includes at least one of the priority index corresponding to the first routing information and the priority index corresponding to the second routing information, and the priority index corresponding to the first routing information is used to indicate the A priority of the routing information, the priority indicator corresponding to the second routing information is used to indicate the priority of the second routing information.
  • the BGP message carrying the routing information corresponding to the second network element device and the third priority indicator includes: a BGP message carrying the first routing information and a priority indicator corresponding to the first routing information, and a BGP message carrying the second routing information and the priority indicator corresponding to the second route.
  • the priority of the first routing information and the priority of the second routing information are also different.
  • the priorities of the first routing information and the priorities of the second routing information corresponding to the three trustworthy states are illustrated respectively through cases B1-B3.
  • the trusted state of the second network element device is that the second network element device is trusted. Neither the priority of the first routing information nor the priority of the second routing information is lower than the default priority.
  • both the priority indicator of the first routing information and the priority indicator of the second routing information are local_pref. Since the value of local_pref is larger, the priority indicated by local_pref is higher, so the value of local_pref of the first routing information and the value of local_pref of the second routing information are not less than the default value of local_pref, which is used to indicate The default priority can make the priority of the first routing information and the priority of the second routing information not lower than the default priority. For example, the default value of local_pref is 100, and the value of local_pref of the first routing information and the value of local_pref of the second routing information are both 200.
  • both the priority indicator of the first routing information and the priority indicator of the second routing information are MED. Since the smaller the value of the MED, the higher the priority indicated by the MED, the value of the MED of the first routing information and the value of the MED of the second routing information are not greater than the default value of MED, which is used to indicate The default priority can make the priority of the first routing information and the priority of the second routing information not lower than the default priority. For example, the default value of MED is 0, and the value of MED in the first routing information and the value of MED in the second routing information are both 0.
  • the trusted state of the second network element device is that the second network element device is not trusted. Both the priority of the first routing information and the priority of the second routing information are lower than the default priority.
  • the value of local_pref of the first routing information and the value of local_pref of the second routing information are both smaller than the default value of local_pref, so that the priority of the first routing information and the priority of the second routing information are lower than those of the default Principal priority. For example, if the default value of local_pref is 100, the value of local_pref of the first routing information and the value of local_pref of the second routing information are both 0.
  • the value of the MED of the first routing information and the value of the MED of the second routing information are both greater than the default value of MED, so that the priority of the first routing information and the priority of the second routing information are both low than the default priority. For example, if the default value of MED is 0, the value of MED in the first routing information and the value of MED in the second routing information are both 100.
  • the trusted state of the second network element device is that the state of the second network element device is unknown. Both the priority of the first routing information and the priority of the second routing information are lower than the default priority and higher than the priority when the second network element device is untrustworthy.
  • the priority when the second network element device is untrustworthy is the priority of the first routing information and the priority of the second routing information in the above-mentioned case B2.
  • the value of local_pref of the first routing information and the value of local_pref of the second routing information in case B3 are both smaller than the default value of local_pref, and greater than the value of local_pref of the first routing information and the value of the second routing information in case B2
  • the value of local_pref For example, the default value of local_pref is 100, the value of local_pref of the first routing information and the value of local_pref of the second routing information in case B2 are both 0, then the value of local_pref of the first routing information and the value of the second routing information in case B3
  • the values of local_pref of information are all 50.
  • both the value of MED of the first routing information and the value of MED of the second routing information in case B3 are greater than the default value of MED, and smaller than the value of MED of the first routing information and the value of the second The MED value of routing information.
  • the default value of MED is 0, and the value of MED of the first routing information and the value of MED of the second routing information in case B2 are both 100, then the value of MED of the first routing information and the value of MED of the second routing information The values are all 50.
  • the second management manner can also make the lower the trustworthiness of the second network element device, the lower the probability of traffic passing through the second network element device.
  • the second network element device is trusted (i.e. case B1)
  • the state of the second network element device is unknown (i.e. case B3)
  • the second network element device is untrustworthy (i.e. case B2).
  • the degree of credibility decreases in turn.
  • the routing information corresponding to the second network element device has the highest priority in the case B1 of the highest degree of credibility, and the priority of the routing information corresponding to the second network element device in the case B3 of the second highest degree of credibility Secondly, in the case B2 with the lowest degree of trustworthiness, the routing information corresponding to the second network element device has the lowest priority. Therefore, in the route selection process, the trusted second network element device is selected first, the second network element device with unknown status is selected next, and the untrusted second network element device is selected again. The selection probability decreases in turn, and the second network element device is selected. The probability of affects the probability that traffic passes through the second network element device. Thus, it is realized that the lower the degree of trustworthiness of the second network element device is, the lower the probability of traffic passing through the second network element device is.
  • the above steps 301 and 302 are periodically performed. In this way, routing management can be performed on the second network element device on a regular basis, which ensures the reliability of management.
  • the remote attestation result is applied to the management process of the second network element device, so that the remote attestation result can be reflected in the routing function of the second network element device. Since the remote attestation result is used to indicate the trusted state of the second network element device, the application of the remote attestation result to manage the second network element device improves the reliability of management, thereby ensuring that the The security of the network architecture, and the security of communication based on the second network element device. Moreover, the application of the embodiment of the present application can also make the lower the degree of trustworthiness of the second network element device, the lower the probability of traffic passing through the second network element device.
  • the first network element device When the first network element device has the RR function, a BGP connection for route reflection is established between the first network element device and the second network element device.
  • the first network element device is used as the RA server, and the second network element device is remotely authenticated through the first network element device and the BGP connection. Deploying other additional devices in addition to the second network element device does not need to manually establish a dedicated connection, which not only saves costs, but also improves the efficiency of remote certification.
  • the specific process for the first network element device to obtain the remote attestation result corresponding to the second network element device in step 301 of the embodiment shown in FIG. 3 includes the following steps 901-905.
  • the first network element device sends a first BGP packet to the second network element device based on the BGP connection, where the first BGP packet is used to query metric information of the second network element device.
  • the first network element device is a device with a route reflection function (such as the first network element device 11 in Figure 1 or Figure 2), and a network for performing route reflection is established between the first network element device and the second network element device.
  • BGP connection BGP connection is also called BGP session (session).
  • a transmission control protocol (transmission control protocol, TCP) connection is first established between the first network element device and the second network element device, and then a BGP connection is established based on the TCP connection.
  • TCP transmission control protocol
  • a BGP session list is stored in the first network element device, and the BGP session list includes at least one network element device, and any network element device in the at least one network element device establishes a BGP session with the first network element device Therefore, any network element device in the BGP session list can be used as the second network element device.
  • the first network element device traverses the BGP session list and selects the second network element device from the BGP session list, then the first network element device can automatically discover the second network element device that needs to be remotely certified.
  • the metric information of the second network element device includes: information generated by components of the second network element device during operation of service software, and the service software is software installed on the second network element device.
  • the running process includes a starting process
  • the metric information of the second network element device includes: information generated by components of the second network element device during the starting process of the service software.
  • the components of the second network element device include but are not limited to individual boards in the second network element device, and the number of components of the second network element device may be one or more.
  • other methods can also be used to determine the measurement information of the second network element device.
  • the embodiment of the present application does not limit the method of determining the measurement information. The measurement information is based on actual needs. OK.
  • the first BGP message includes a first type length value (type length value, TLV) field, and the first TLV field is used to indicate query metric information.
  • TLV type length value
  • the process of querying metric information is also called a challenge process
  • the first BGP message is also called a challenge message.
  • the first TLV field includes a first type field, a first length field, and a first value field, and the first type field carries a first type (type) value
  • the first type value is used to indicate query metric information or carry a metric information
  • the first length field is used to indicate the length of the first value field
  • the first value field is used to indicate that the first type value indicates query metric information.
  • the manner in which the first value field indicates that the value of the first type indicates query metric information is: the first value field carries a first reference value, or the first value field is left blank. Where the first value field carries a first reference value, the first reference value includes a value that is different from and not confused with the metric information. The first reference value may be obtained through configuration, or may be obtained through negotiation between the first network element device and the second network element device, and this embodiment of the present application does not limit the first reference value. When the first value field is blank, since the first length field is used to indicate the length of the first value field, the first length field is set to zero.
  • the message structure of the BGP message will be described next, so as to facilitate the understanding of the message structures of the first BGP message and other BGP messages in the following text.
  • a BGP packet includes a BGP packet header and packet content.
  • Fig. 10 shows the structure of the BGP message header.
  • the BGP message header includes a marker field, a length field, and a type value field.
  • the marker field is used for BGP authentication
  • the length field is used to indicate the total length of the BGP message, that is, the BGP message header and message content.
  • the sum of lengths, the type value field is used to distinguish different packet types. For example, if the value of the type value field is 1, the message type is an open (open) type. If the value of the type value field is 2, the message type is an update (update) type.
  • different message types correspond to different message contents.
  • FIG. 11 shows a message structure of an update-type BGP message.
  • the update-type BGP message includes a BGP message header and message content corresponding to the update type.
  • the message content corresponding to the update type includes the total path attribute length (total path attribute length) field and the path attributes (path attributes) field.
  • the total path attribute length field is used to indicate the length of the path attribute field, and the length of the path attribute field is variable.
  • the path attribute field is in TLV format, and the path attribute field includes an attribute type (attribute type) field, an attribute length (attribute length) field and an attribute value (attribute value) field, and the length of the attribute value field is variable .
  • the first BGP message is a first update message
  • the first update message is a BGP message whose message type is an update type.
  • the first update packet includes a first path attribute field
  • the first TLV field is located in the first path attribute field.
  • the first path attribute field is the path attribute field shown in Figure 11
  • the first type field included in the first TLV field is the attribute type field shown in Figure 11
  • the first length field included in the first TLV field It is the attribute length field shown in FIG. 11
  • the first value field included in the first TLV field is the attribute value field shown in FIG. 11 .
  • the first type value carried by the first type field included in the first TLV field is: any type value among the unassigned type values corresponding to the path attribute field.
  • the unregistered type values corresponding to the path attribute field include but are not limited to: 39, 41-127, 130-240, 244-254, and the first type value in the embodiment of the present application is, for example, 201.
  • TCG has proposed the concepts of "trust chain” and "trust measurement” for trusted computing. Among them, a root of trust is set first, and the root of trust is used to measure the trust of other devices. If the root of trust verifies that a device is in a trusted state, the device in the trusted state and the root of trust form a chain of trust . In the embodiment of the present application, the first network element device verifies whether the second network element device is in a trusted state, that is, the first network element device performs trustworthiness measurement on the second network element device, so before performing step 901, The first network element device needs to be set as the root of trust.
  • the first network element device In response to the first network element device verifying that the second network element device is in a trusted state in the subsequent process, the first network element device and the second network element device form a trust chain.
  • the embodiment of the present application also needs to set the first network element device as the RA server.
  • the first network element device receives a command line configured by the user, or receives a configuration command sent by the network management device, so as to configure the first network element device as the RA server.
  • the command line is, for example, an RA server enable (RA server enable) command line.
  • the first network element device receives the configuration command sent by the network management device through a simple network management protocol (simple network management protocol, SNMP) or a network configuration (network configuration, NETCONF) protocol.
  • the second network element device receives the first BGP packet sent by the first network element device based on the BGP connection.
  • the second network element device can receive the first BGP message.
  • the second network element device parses the first BGP packet, so as to determine that the first BGP packet is used to query the metric information of the second network element device.
  • the second network element device sends a second BGP packet to the first network element device based on the BGP connection, and the second BGP packet carries measurement information, so that the first network element device obtains a remote attestation result corresponding to the second network element device .
  • the second network element device After determining that the first BGP message is used to query the metric information of the second network element device, the second network element device obtains the metric information, and sends the second BGP message carrying the metric information to the first network element device.
  • the second network element device acquires the metric information from security hardware embedded in the second network element device (for example, a TPM chip including a PCR).
  • the second BGP message is a second update message
  • the second update message is a BGP message whose message type is an update type.
  • the second update packet includes a second path attribute field
  • the second TLV field is located in the second path attribute field.
  • the second path attribute field is the path attribute field shown in Figure 11
  • the second type field included in the second TLV field is the attribute type field shown in Figure 11
  • the second length field included in the second TLV field It is the attribute length field shown in FIG. 11
  • the second value field included in the second TLV field is the attribute value field shown in FIG. 11 .
  • the first network element device receives the second BGP packet sent by the second network element device based on the BGP connection, and parses the second BGP packet to obtain metric information carried in the second BGP packet.
  • the first network element device can receive the second BGP packet.
  • the first network element device parses the second BGP packet, so as to obtain the metric information of the second network element device.
  • the first network element device compares and analyzes the obtained measurement information and the remote attestation baseline file to obtain a remote attestation result.
  • the metric information obtained by parsing is the metric information of the second network element device carried in the second BGP message.
  • the remote attestation baseline file includes the reference value of the measurement information, and the remote attestation baseline file is used as a benchmark of the measurement information, that is, the basis for comparison in the RA process.
  • the measurement information includes information generated by components of the second network element device during the operation of the service software
  • the remote attestation baseline file includes the untampered, true and complete information generated by the above components during the operation of the service software Information.
  • the remote attestation baseline file also includes the information generated by multiple components during the operation of the authentic and complete business software that has not been tampered with.
  • the remote attestation baseline file can Represented as a list.
  • the authentic and complete service software that has not been tampered with includes the service software at the time of release.
  • the first network element device compares the analyzed metric information with the remote attestation baseline file to obtain a remote attestation result indicating whether the second network element device is in a trusted state. Wherein, in response to the fact that the metric information is consistent with the remote attestation baseline file, the first network element device obtains a remote attestation result indicating that the second network element device is in a trusted state. In response to the inconsistency between the metric information and the remote attestation baseline file, the first network element device obtains a remote attestation result indicating that the second network element device is in an untrusted state.
  • a network element device obtains a remote attestation result indicating that the second network element device is in a trusted state.
  • the first network element device sends the remote certification result to the network management device, so as to present the remote certification result to the user of the network management device, and the network management device
  • the user manages the second network element device based on the remote attestation result. For example, when the remote attestation result is used to indicate that the second network element device is in an untrusted state, the user of the network management device sends an alarm to the user of the second network element device, or the user of the network management device sends the second network element device offline.
  • the first network element device needs to obtain the remote attestation baseline file.
  • the remote attestation baseline file is received by the first network element device.
  • the first network element device receives the remote attestation baseline file sent by other devices, such as a network management device, and the user of the network management device uploads the remote attestation baseline file to the first network element device through the network management device.
  • the first network element device receives the remote attestation baseline file in a secure environment.
  • the first network element device receives the remote attestation baseline file through a secure file transfer protocol (secure file transfer protocol, SFTP).
  • SFTP secure file transfer protocol
  • the remote attestation baseline file is generated by the first network element device according to the metric information of the first network element device.
  • the first network element device in response to the fact that the first network element device and the second network element device are devices of the same version provided by the same supplier, the first network element device generates the remote attestation baseline file according to the measurement information of the first network element device.
  • the reason why the first network element device can generate the remote attestation baseline file is that the first network element device is a root of trust, so the service software in the first network element device has not been tampered with, is true and complete.
  • the first network element device and the second network element device include the same components. Therefore, the first network element device can record the information generated by each component during the operation of the service software, and obtain the measurement information of the first network element device, so that the measurement information of the first network element device can be used as a remote certification baseline file.
  • the above steps 901-905 may be periodically performed, thereby regularly verifying whether the second network element device is in a trusted state, and ensuring the security of the second network element device.
  • the first network element device sends the first BGP message to the second network element device based on the BGP connection, including: the first network element device establishes a secure connection with the second network element device based on the BGP connection , sending the first BGP packet to the second network element device through the secure connection.
  • the transmission of the first BGP message through the secure connection can improve the security of the first BGP message in the transmission process, thereby improving the accuracy of the subsequently obtained remote attestation result.
  • the second network element device receives the first BGP message sent by the first network element device based on the BGP connection, including: the second network element device establishes a secure connection with the first network element device based on the BGP connection; connection, and receive the first BGP message sent by the first network element device through the secure connection.
  • the second network element device sending the second BGP message to the first network element device based on the BGP connection includes: the second network element device sending the second BGP message to the first network element device through a secure connection.
  • the first network element device receiving the second BGP message sent by the second network element device based on the BGP connection includes: the first network element device receives the second BGP message sent by the second network element device through a secure connection.
  • the secure connection includes a transport layer security (TLS) connection or an Internet Protocol (IP) security (sec) tunnel.
  • TLS transport layer security
  • IP Internet Protocol
  • the first network element device establishes a secure connection with the second network element device based on the BGP connection, including: the first network element device establishes a new TCP connection with the second network element device based on the BGP connection, A TLS connection is established based on a new TCP connection, and a new BGP connection is established based on the TLS connection.
  • the new BGP connection is also called a BGP over TLS (BGP over TLS) connection.
  • the first network element device When the security connection is an IP Sec tunnel, the first network element device does not need to establish a new BGP connection, but directly establishes an IP Sec tunnel based on the BGP connection.
  • the embodiment of the present application does not limit the secure connection, and the secure connection can be selected according to actual needs.
  • the first network element device establishes a secure connection with the second network element device based on the BGP connection, including: in response to determining that the second network element device supports the remote attestation function, the first network element device sends the second network element device to the second network element device through the BGP connection.
  • the second network element device sends a secure connection establishment request, and establishes a secure connection with the second network element device according to the secure connection establishment request.
  • the second network element device establishes a secure connection with the first network element device based on the BGP connection, including: the second network element device receives the secure connection establishment request sent by the first network element device through the BGP connection, Establish a secure connection with the first network element device according to the secure connection establishment request.
  • the first network element device when it is determined that the second network element device supports the remote attestation function, the first network element device establishes a secure connection with the second network element device, thereby exchanging the first BGP message and the second network element device based on the secure connection.
  • Two BGP packets implement the RA process. In this way, the situation that the secure connection has been established but the second network element device does not support the remote attestation function can be avoided, and waste of transmission bandwidth and processing resources can be avoided.
  • the second network element device supporting the remote attestation function includes: the version information corresponding to the second network element device matches the version information corresponding to the remote attestation baseline file, and/or, the second network element device has an address family expansion capabilities. Therefore, the remote attestation function supported by the second network element device includes the following three situations.
  • the second network element device supports the remote attestation function, which means that the version information corresponding to the second network element device matches the version information corresponding to the remote attestation baseline file, and the second network element device has the address family extension capability.
  • the method further includes the following steps 906-914.
  • the first network element device sends a third BGP message to the second network element device through the BGP connection, where the third BGP message is used to instruct to query version information corresponding to the second network element device.
  • the purpose of the first network element device querying the version information corresponding to the second network element device is: the first network element device needs to determine whether the version information corresponding to the remote attestation baseline file is the same as the version information corresponding to the second network element device. Only when the version information corresponding to the remote attestation baseline file is the same as the version information corresponding to the second network element device, can the first network element device use the remote attestation baseline file to remotely attest to the second network element device.
  • the third BGP message includes a third TLV field, and the third TLV field is used to indicate query version information.
  • the third TLV field includes a third type field, a third length field, and a third value field
  • the third type field carries a second type value
  • the second type value is used to indicate query version information or carry version information.
  • the three-length field is used to indicate the length of the third value field
  • the third value field is used to indicate that the second type value indicates query version information.
  • the third value field carries the second reference value, or the third value field is left blank to indicate that the second type value indicates query version information.
  • the second reference value includes a value that is different from the version information and will not be confused with the version information, the second reference value is obtained through configuration or negotiation, and the embodiment of the present application does not limit the second reference value.
  • the third value field is left blank, the third length field is set to zero.
  • the third BGP message is a third update message
  • the third update message is a BGP message whose message type is an update type.
  • the third update packet includes a third path attribute field
  • the third TLV field is located in the third path attribute field.
  • the third path attribute field is the path attribute field shown in Figure 11
  • the third type field included in the third TLV field is the attribute type field shown in Figure 11
  • the third length field included in the third TLV field It is the attribute length field shown in FIG. 11
  • the third value field included in the third TLV field is the attribute value field shown in FIG. 11 .
  • the second type value carried by the third type field included in the third TLV field is: any type value in the unregistered type value corresponding to the path attribute field, and the second type value is the same as the above-mentioned
  • the first type value in the first BGP message is different from that in the second BGP message.
  • the value of the second type is 200 in the embodiment of the present application.
  • the second network element device receives the third BGP packet sent by the first network element device through the BGP connection.
  • the second network element device After the first network element device sends the third BGP packet through the BGP connection, the second network element device also receives the third BGP packet through the BGP connection. The second network element device parses the third BGP packet, so as to determine that the third BGP packet is used to instruct to query version information corresponding to the second network element device.
  • the second network element device sends a fourth BGP packet to the first network element device through the BGP connection, where the fourth BGP packet carries version information corresponding to the second network element device.
  • the second network element device obtains the version information corresponding to the second network element device after determining that the third BGP message is used to query the version information corresponding to the second network element device, and sends the second network element device carrying the second The third BGP message of the version information corresponding to the network element device.
  • the fourth BGP packet includes a fourth TLV field, and the fourth TLV field is used to carry version information corresponding to the second network element device.
  • the version information corresponding to the second network element device includes subversion information of at least one component in the second network element device, and the subversion information of any component in the at least one component includes at least one of a software version and a hardware version. kind of information.
  • the fourth TLV field is used to carry an information list, and the information list includes at least one information item, and any information item in the at least one information item includes a component name of any component and subversion information of any component.
  • the components of the second network element device include board 1-board N (N is not less than 2 and N is a positive integer), then the information list carried in the fourth TLV field includes N information items, and N information items are related to N There is a one-to-one correspondence between each board.
  • the first information item includes board 1, the hardware version of board 1, and the software version of board 1, and the second information item includes board 2, the hardware version of board 2, and the software version of board 2.
  • the Nth information item includes the board N, the hardware version of the board N, and the software version of the board N.
  • the fourth TLV field includes a fourth type field, a fourth length field, and a fourth value field.
  • the fourth type field carries a second type value, and the second type value is used to indicate query version information or carry version information.
  • the fourth length field is used to indicate the length of the fourth value field, and the fourth value field is used to carry version information corresponding to the second network element device, so as to indicate that the second type value indicates that version information is carried.
  • the fourth TLV field carries the foregoing information list
  • the information list is carried by a fourth value field included in the fourth TLV field.
  • the fourth BGP message is a fourth update message
  • the fourth update message is a BGP message whose message type is an update type.
  • the fourth update message includes a fourth path attribute field
  • the fourth TLV field is located in the fourth path attribute field.
  • the fourth path attribute field is the path attribute field shown in Figure 11
  • the fourth type field included in the fourth TLV field is the attribute type field shown in Figure 11
  • the fourth length field included in the fourth TLV field It is the attribute length field shown in FIG. 11
  • the fourth value field included in the fourth TLV field is the attribute value field shown in FIG. 11 .
  • the first network element device receives the fourth BGP message sent by the second network element device through the BGP connection, and parses the fourth BGP message to obtain version information corresponding to the second network element device carried in the fourth BGP message.
  • the first network element device can determine the version information corresponding to the second network element device and the version corresponding to the remote attestation baseline file The information is the same.
  • the first network element device negotiates address family extension capabilities with the second network element device, that is, the first network element device determines whether the second network element device is capable of supporting the extended address family.
  • An extended address family can be obtained by extending the address family. The purpose of extending the address family is to differentiate services, so that the RA process is implemented based on the extended address family, while other services are implemented based on other address families.
  • the command line configured by the user includes the global command line and the command line under the address family. The global command line is effective for all address families, and the command line under the address family is only effective for some specified address families.
  • Step 901 above illustrates the process of the first network element device receiving the command line configured by the user, and the command line is used to use the first network element device as the RA server.
  • the command line includes command lines under the address family.
  • the fifth BGP message includes at least one first capability subfield, and any first capability subfield in the at least one first capability subfield carries an address family identifier, and the address family identifier is used to indicate the extended address family.
  • the first network element device notifies the second network element device of the extended address family through the fifth BGP message, so that the second network element device can confirm whether the second network element device is capable of supporting the extended address family, thereby realizing address family extension Negotiation of capabilities.
  • the first capability subfield in the fifth BGP message is in one-to-one correspondence with the extended address family, and the more the number of the first capability subfields included in the fifth BGP message, the extended the fifth BGP negotiation The greater the number of address families, the embodiment of the present application does not limit the number of the first capability subfield.
  • the fifth BGP message includes two first capability subfields, wherein one first capability subfield carries an Internet protocol version 4 (internet protocol version 4, IPv4) address family identifier, and the IPv4 address family identifier is used for Indicates the extended IPv4 address family af-ipv4-RA, and another first capability subfield carries the address family identifier of the sixth version of the Internet protocol (internet protocol version 6, IPv6), and the IPv6 address family identifier is used to indicate the extended IPv6 address family af -ipv6-RA. That is to say, the fifth BGP message is used to negotiate the extended IPv4 address family and the extended IPv6 address family.
  • IPv4 Internet protocol version 4
  • IPv6 address family identifier is used for Indicates the extended IPv4 address family af-ipv4-RA
  • IPv6 address family identifier is used for Indicates the extended IPv4 address family af-ipv4-RA
  • the value of the capability number field is 1 to indicate the negotiation address family capability
  • the capability length field is used to indicate the length of the capability value field
  • the capability value field includes the address family identifier (address family identifier, AFI) field, the reserved (reserve) field and the The address family identifier (sub-address family identifier, SAFI) field
  • the AFI field is used to indicate the address family that needs to be negotiated
  • the reserved field is set to zero
  • the SAFI field is used to distinguish different indication communication modes.
  • the communication modes include but are not limited to unicast, Multicast and virtual private network (virtual private network, VPN).
  • a value of 256 in the AFI field is used to indicate the extended IPv4 address family
  • a value of 257 in the AFI field is used to indicate the extended IPv6 address family.
  • the embodiment of the present application does not limit the communication mode indicated by the SAFI field.
  • the second network element device receives the fifth BGP packet sent by the first network element device through the BGP connection.
  • the second network element device generates a sixth BGP packet based on the address family extension capability of the second network element device, and sends the sixth BGP packet to the first network element device through the BGP connection.
  • the second network element device generates the sixth BGP message based on the address family extension capability of the second network element device, including: in response to determining that the second network element device has the address family extension capability, the second network element The device sends a sixth BGP packet including at least one second capability subfield carrying the address family identifier to the first network element device, that is, the sixth BGP packet includes at least one second capability subfield carrying the address family identifier field.
  • the second network element device has an address family extension capability, including: the second network element device can support an extended address family indicated by at least one address family identifier.
  • the second network element device can support the extended address family indicated by the address family identifier, and the second capability subfield included in the sixth BGP message sent by the second network element device to the first network element device includes which The address family identifier, and the second capability subfield correspond one-to-one with the address family identifier.
  • the fifth BGP packet includes two first capability subfields, respectively carrying an IPv4 address family identifier and an IPv6 address family identifier.
  • the second network element device In response to the second network element device being able to only support the extended IPv4 address family indicated by the IPv4 address family identifier, sending the sixth BGP message including the second capability subfield carrying the IPv4 address family identifier to the first network element device .
  • the second network element device In response to the fact that the second network element device can support the extended IPv4 address family indicated by the IPv4 address family identifier, and can support the extended IPv6 address family indicated by the IPv6 address family identifier, the second network element device sends the first network element device
  • the sixth BGP packet sent includes two second capability subfields, which respectively carry an IPv4 address family identifier and an IPv6 address family identifier.
  • the first network element device receives the sixth BGP message sent by the second network element device through the BGP connection, and based on the sixth BGP message, it is determined that the second network element device has the address family extension capability, and the second network element device supports remote Proof function.
  • the second network element device in response to determining that the second network element device has an address family extension capability based on the sixth BGP message, it is determined that the second network element device supports the remote attestation function.
  • the version information corresponding to the second network element device is consistent with the version information corresponding to the remote attestation baseline file through steps 906-910 above. match, so as to determine that the second network element device supports the remote attestation function.
  • the first network element device determining, based on the sixth BGP message, that the second network element device has an address family extension capability includes: parsing the sixth BGP message by the first network element device. In response to the fact that the sixth BGP packet includes at least one second capability subfield carrying the address family identifier, the first network element device determines that the second network element device has an address family extension capability. Wherein, if the sixth BGP message includes the second capability subfield carrying the address family identifier, it means that the second network element device can support the extended address family indicated by the address family identifier, so that the second The network element device has the address family expansion capability.
  • steps 906-910 and steps 911-914 does not limit the execution order of steps 906-910 and steps 911-914.
  • steps 906-910 are executed first and then steps 911-914 are executed.
  • steps 911-914 first and then execute steps 906-910.
  • steps 906-910 and steps 911-914 are executed synchronously.
  • steps 906-910 and steps 911-914 are all executed, it can be determined that the second network element device supports the remote attestation function, so that the above steps 901-905 can be continued.
  • step 910 is aimed at the situation that the version information corresponding to the second network element device is the same as the version information corresponding to the remote attestation baseline file. It should be understood that, after steps 906-909 are performed, there may also be cases where the version information corresponding to the second network element device is different from the version information corresponding to the remote attestation baseline file, that is, the version information corresponding to the second network element device is different from the version information corresponding to the remote attestation baseline file. The version information corresponding to the remote attestation baseline file does not match.
  • the first network element device determines that the second network element device does not support the remote attestation function and cannot perform remote attestation on the second network element device, and thus does not need to perform the above steps 901-905. Moreover, in response to steps 911-914 being performed later, the first network element device does not need to perform steps 911-914 again in the case of mismatch, thereby avoiding waste of processing resources.
  • steps 913 and 914 are aimed at the situation that the second network element device has the address family expansion capability. It should be understood that after step 911 and step 912 are performed, there may be a situation that the second network element device does not have the address family extension capability. In the case that the second network element device does not have the address family extension capability, the second network element device no longer sends to the first network element device the first network element device including at least one second capability subfield carrying the address family identifier. Instead, the sixth BGP message that does not include the second capability subfield carrying the address family identifier is sent to the first network element device. In the case that the message type of the sixth BGP message is an open type, the sixth BGP message includes a second optional parameter field, and the second optional parameter field is empty.
  • the sixth BGP message no longer includes at least one second capability subfield carrying the address family identifier as in step 914, but does not include the second capability subfield carrying the address family identifier.
  • the second capability subfield so that the first network element device determines that the second network element device does not have the address family extension capability.
  • the first NE device determines that the second NE device does not support the remote attestation function and cannot remotely attest to the second NE device, so there is no need to perform the above steps Steps 901-905.
  • the first network element device does not need to perform steps 906-910 when the second network element device does not have the address family extension capability, thereby avoiding a waste of processing resources. waste.
  • the fact that the second network element device supports the remote attestation function means that the version information corresponding to the second network element device matches the version information corresponding to the remote attestation baseline file.
  • the first device sends the first BGP packet to the second network element device based on the BGP connection, or before the second network element device receives the first BGP packet sent by the first network element device based on the BGP connection, only It is only necessary to perform the above steps 906-910, and it is not necessary to perform the above steps 911-914. After performing the above steps 906-910, the above steps 901-905 can be continued.
  • the first network element device determines that the second network element device does not support the remote attestation function, If the remote certification cannot be performed on the second network element device, the above steps 901-905 are not performed again.
  • the fact that the second network element device supports the remote attestation function means that the second network element device has an address family expansion capability.
  • the first device sends the first BGP packet to the second network element device based on the BGP connection, or before the second network element device receives the first BGP packet sent by the first network element device based on the BGP connection, only It is only necessary to perform the above steps 911-914, and it is not necessary to perform the above steps 906-910. After performing the above steps 911-914, the above steps 901-905 can be continued.
  • the first network element device determines that the second network element device does not support the remote attestation function and cannot authenticate the second network element device. For remote attestation, the above steps 901-905 are no longer performed.
  • the second network element device does not have the address family extension capability, for the sixth BGP message, refer to the description in the first case above, and details will not be repeated here.
  • FIG. 14 shows a schematic flowchart of obtaining a remote attestation result through the remote attestation process between the first network element device and the second network element device.
  • the remote attestation process is generally described in conjunction with FIG. 14 .
  • the RA process includes the following steps 1401-1412.
  • the first network element device has a route reflection function.
  • the first network element device can perform trustworthiness measurement on the second network element device, thereby realizing the RA process.
  • the second network element device is a device that needs to be determined whether it is in a trusted state, and a BGP connection for route reflection is established between the first network element device and the second network element device.
  • the first network element device acquires the remote attestation baseline file.
  • the first network element device receives the remote attestation baseline file sent by other devices. Or, when the first network element device and the second network element device are devices of the same version provided by the same supplier, the first network element device generates the remote attestation baseline file by itself according to the measurement information of the first network element device.
  • the first network element device sends a fifth BGP packet to the second network element device, so as to negotiate address family extension capability with the second network element device.
  • step 1403 refer to the description in step 911 above, and details are not repeated here.
  • the second network element device sends a sixth BGP packet to the first network element device, so as to negotiate address family extension capability with the first network element device.
  • step 1404 refer to the description in step 913 above, and details are not repeated here.
  • the first network element device determines whether the second network element device has an address family extension capability. Wherein, the first network element device checks the address family extension capability of the second network element device based on the analysis result of the sixth BGP message. If the second network element device has the address family extension capability, continue to perform step 1406 . If the second network element device does not have the address family extension capability, the first network element device determines that it cannot remotely authenticate the second network element device.
  • the first network element device sends a third BGP packet to the second network element device to query version information corresponding to the second network element device.
  • step 1406 refer to the description in step 906 above, which will not be repeated here.
  • the second network element device sends a fourth BGP packet to the first network element device, where the fourth BGP packet carries version information corresponding to the second network element device.
  • step 1407 refer to the description in step 908 above, and details are not repeated here.
  • the first network element device determines whether the version information corresponding to the second network element device matches the version information corresponding to the remote certification file. Wherein, the first network element device checks the version information corresponding to the second network element device based on the analysis result of the fourth BGP message. If the version information corresponding to the second network element device matches the version information corresponding to the remote attestation baseline file, proceed to step 1409; otherwise, the first network element device determines that the remote attestation cannot be performed on the second network element device.
  • the first network element device establishes a secure connection with the second network element device.
  • the first network element device sends a first BGP packet to the second network element device through the secure connection, so as to query the metric information of the second network element device.
  • step 1410 refer to the description in step 901 above, and details are not repeated here.
  • the second network element device sends a second BGP packet to the first network element device through a secure connection, where the second BGP packet carries metric information of the second network element device.
  • step 1411 refer to the description in step 903 above, and details are not repeated here.
  • the first network element device compares the measurement information of the second network element device carried in the second BGP message with the locally stored remote attestation baseline file to obtain a remote attestation result, and the remote attestation result is used to instruct the second network element to Whether the meta-device is in a trusted state.
  • step 1412 refer to the description in step 905 above, and details are not repeated here.
  • the embodiment of the present application also provides a remote attestation application device.
  • the apparatus is applied to the first network element device.
  • the apparatus is used to implement the remote attestation application method performed by the first network element device in FIG. 3 through various modules shown in FIG. 15 .
  • the remote attestation application device provided by the embodiment of the present application includes the following modules.
  • the obtaining module 1501 is configured to obtain a remote attestation result corresponding to the second network element device, the remote attestation result is used to indicate the trusted state of the second network element device, and the trusted state of the second network element device includes trusted, untrusted, or The state is unknown; for example, the manner in which the obtaining module 1501 obtains the remote attestation result corresponding to the second network element device can refer to the above-mentioned embodiment shown in FIG. 9 , which will not be repeated here. Alternatively, for the manner in which the acquiring module 1501 acquires the remote attestation result corresponding to the second network element device, reference may be made to the related content of step 301 in the embodiment shown in FIG. 3 , which will not be repeated here.
  • the management module 1502 is configured to perform routing management on the second network element device based on the trusted state of the second network element device indicated by the remote attestation result.
  • the management module 1502 performs routing management on the second network element device based on the trusted state of the second network element device indicated by the remote attestation result, please refer to the relevant content of step 302 in the embodiment shown in FIG. repeat.
  • the management module 1502 is configured to obtain the routing information corresponding to the second network element device; based on the trusted status of the second network element device, according to the configured rules for the routing information corresponding to the second network element device to manage.
  • the configured rules include routing management policies
  • the management module 1502 is configured to determine a target policy that matches the trusted state of the second network element device from the routing management policies; Manage routing information corresponding to network element devices.
  • the routing information corresponding to the second network element device includes at least one of the first routing information, the second routing information, the third routing information, and the fourth routing information, where the first routing information is The routing information that the second network element device needs to publish, the second routing information is the routing information published by the second network element device, the third routing information is the routing information that the second network element device needs to receive, and the fourth routing information is the second routing information
  • the routing information received by the network element device; the target policy includes at least one policy corresponding to the first routing information, the second routing information, the third routing information and the fourth routing information.
  • the trusted state of the second network element device is that the second network element device is trusted; the policy corresponding to the first routing information is used to indicate the release of the first routing information; the policy corresponding to the second routing information is used to Instructing to maintain the second routing information; the strategy corresponding to the third routing information is used to instruct publishing the third routing information to the second network element device; the strategy corresponding to the fourth routing information is used to instruct maintaining the fourth routing information.
  • the trusted state of the second network element device is that the second network element device is untrustworthy; the strategy corresponding to the first routing information is used to indicate that the first routing information is not issued; the strategy corresponding to the second routing information is used.
  • the policy corresponding to the third routing information is used to indicate not to publish the third routing information to the second network element device; the policy corresponding to the fourth routing information is used to indicate the withdrawal of the fourth routing information.
  • the trusted state of the second network element device is that the state of the second network element device is unknown; the strategy corresponding to the first routing information is used to indicate the release of the first routing information and the first priority index, and the first priority
  • the level indicator is used to indicate the priority of the first routing information, and the priority of the first routing information is lower than the default priority; the policy corresponding to the second routing information is used to indicate the release of the second routing information and the second priority indicator.
  • the second priority indicator is used to indicate the priority of the second routing information released this time. The priority of the second routing information released this time is lower than the default priority and lower than the priority of the second routing information released last time.
  • the strategy corresponding to the third routing information is used to instruct to issue the third routing information to the second network element device; the strategy corresponding to the fourth routing information is used to instruct to maintain the fourth routing information.
  • the configured rules include executable code, and the executable code is used to configure the routing information corresponding to the second network element device with a priority indicator that matches the trusted status of the second network element device, and manage Module 1502, configured to configure a third priority index for routing information corresponding to the second network element device by running executable code, wherein the third priority index is a priority index that matches the trusted status of the second network element device. level index, and the third priority index is used to indicate the priority of the routing information corresponding to the second network element device; and publish the routing information corresponding to the second network element device and the third priority index.
  • the routing information corresponding to the second network element device includes at least one of the first routing information and the second routing information, where the first routing information is the routing information that the second network element device needs to publish , the second routing information is the routing information published by the second network element device, the third priority index includes at least one of the priority index corresponding to the first routing information and the priority index corresponding to the second routing information, the first A priority indicator corresponding to the routing information is used to indicate the priority of the first routing information, and a priority indicator corresponding to the second routing information is used to indicate the priority of the second routing information.
  • the trusted state of the second network element device is that the second network element device is trusted; neither the priority of the first routing information nor the priority of the second routing information is lower than the default priority.
  • the trusted state of the second network element device is that the second network element device is not trusted; the priority of the first routing information and the priority of the second routing information are both lower than the default priority.
  • the priority indicator is a BGP attribute
  • the priority indicator includes a local priority or a multi-exit discriminator, wherein the larger the value of the local priority, the higher the priority indicated by the local priority, and more The smaller the value of the exit discriminator, the higher the priority indicated by the multi-exit discriminator.
  • the acquisition module 1501 is configured to read a remote certification result acquisition command, and the remote certification result acquisition command is used to indicate the acquisition path of the remote certification result; acquire the remote certification according to the acquisition path indicated by the remote certification result acquisition command result.
  • the remote attestation application device shown in Figure 15 is applied to the first network element device, the structure it has, the detailed process of interacting with the second network element device, and the details of applying the remote attestation result to the second network element device for routing management
  • the first network element device has a route reflection function, and a BGP connection for route reflection is established between the first network element device and the second network element device.
  • the remote attestation result is applied to the management process of the second network element device, so that the remote attestation result can be reflected in the routing function of the second network element device. Since the remote attestation result is used to indicate the trusted state of the second network element device, the application of the remote attestation result to manage the second network element device improves the reliability of management, thereby ensuring that the The security of the network architecture, and the security of communication based on the second network element device. Moreover, the application of the embodiment of the present application can also make the lower the degree of trustworthiness of the second network element device, the lower the probability of traffic passing through the second network element device.
  • FIG. 16 shows a schematic structural diagram of an exemplary remote certification application device 1600 of the present application.
  • the remote certification application device 1600 includes at least one processor 1601 , memory 1603 and at least one network interface 1604 .
  • the processor 1601 is, for example, a general-purpose CPU, a digital signal processor (digital signal processor, DSP), a network processor (network processor, NP), a GPU, a neural network processor (neural-network processing units, NPU), a data processing unit ( Data Processing Unit, DPU), microprocessor or one or more integrated circuits or application-specific integrated circuits (application-specific integrated circuit, ASIC), programmable logic device (programmable logic device, PLD) or Other programmable logic devices, transistor logic devices, hardware components, or any combination thereof.
  • DSP digital signal processor
  • NP network processor
  • GPU a neural network processor
  • NPU neural-network processing units
  • DPU data processing unit
  • microprocessor or one or more integrated circuits or application-specific integrated circuits application-specific integrated circuit, ASIC
  • programmable logic device programmable logic device, PLD
  • Other programmable logic devices transistor logic devices, hardware components, or any combination thereof.
  • the PLD is, for example, a complex programmable logic device (complex programmable logic device, CPLD), a field-programmable gate array (field-programmable gate array, FPGA), a general array logic (generic array logic, GAL) or any combination thereof. It can implement or execute the various logical blocks, modules and circuits described in connection with the present disclosure.
  • the processor can also be a combination of computing functions, for example, a combination of one or more microprocessors, a combination of DSP and a microprocessor, and so on.
  • the remote attestation application device 1600 further includes a bus 1602 .
  • the bus 1602 is used to communicate information between the various components of the remote attestation application device 1600.
  • the bus 1602 may be a peripheral component interconnect standard (PCI for short) bus or an extended industry standard architecture (EISA for short) bus or the like.
  • PCI peripheral component interconnect standard
  • EISA extended industry standard architecture
  • the bus 1602 can be divided into address bus, data bus, control bus and so on. For ease of representation, only one thick line is used in FIG. 16 , but it does not mean that there is only one bus or one type of bus.
  • the memory 1603 is, for example, a read-only memory (read-only memory, ROM) or other types of storage devices that can store static information and instructions, or a random access memory (random access memory, RAM) or other types that can store information and instructions.
  • types of dynamic storage devices such as electrically erasable programmable read-only memory (EEPROM), compact disc read-only memory (CD-ROM) or other optical disc storage, optical disc storage (including compact discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), magnetic disk storage media or other magnetic storage devices, or can be used to carry or store desired program code in the form of instructions or data structures and can be used by Any other medium accessed by a computer, but not limited to.
  • the memory 1603 exists independently, for example, and is connected to the processor 1601 through the bus 1602 .
  • the memory 1603 can also be integrated with the processor 1601.
  • the network interface 1604 uses any device such as a transceiver for communicating with other devices or a communication network.
  • the communication network can be Ethernet, radio access network (radio access network, RAN) or wireless local area network (wireless local area network, WLAN). )wait.
  • the network interface 1604 may include a wired network interface, and may also include a wireless network interface.
  • the network interface 1604 can be an Ethernet (Ethernet) interface, such as: Fast Ethernet (Fast Ethernet, FE) interface, Gigabit Ethernet (Gigabit Ethernet, GE) interface, asynchronous transfer mode (Asynchronous Transfer Mode, ATM) interface, WLAN interface, cellular network interface, or a combination thereof.
  • the Ethernet interface can be an optical interface, an electrical interface or a combination thereof.
  • the network interface 1604 may be used for remote attestation application device 1600 to communicate with other devices.
  • the processor 1601 may include one or more CPUs, such as CPU0 and CPU1 shown in FIG. 16 . Each of these processors can be a single-core processor or a multi-core processor.
  • a processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (eg, computer program instructions).
  • the remote certification application device 1600 may include multiple processors, such as the processor 1601 and the processor 1605 shown in FIG. 16 . Each of these processors can be a single-core processor or a multi-core processor.
  • a processor herein may refer to one or more devices, circuits, and/or processing cores for processing data such as computer program instructions.
  • the memory 1603 is used to store program instructions 1610 for implementing the solutions of the present application
  • the processor 1601 can execute the program instructions 1610 stored in the memory 1603 . That is to say, the remote attestation application device 1600 can implement the method provided by the method embodiment through the processor 1601 and the program instructions 1610 in the memory 1603, that is, the first network element device or the second network element device in FIGS. 3, 9, 12, and 14 Second, the method executed by the network element device.
  • One or more software modules may be included in the program instructions 1610 .
  • the processor 1601 itself may also store program instructions for executing the solution of the present application.
  • the remote attestation application device 1600 of the present application may correspond to the first network element device for performing the above method, and the processor 1601 in the remote attestation application device 1600 reads the instructions in the memory 1603, so that The remote attestation application device 1600 shown in FIG. 16 can execute all or part of the steps in the method embodiment.
  • the remote attestation application device 1600 may also correspond to the apparatus shown in FIG. 15 above, and each functional module in the apparatus shown in FIG. In other words, the functional modules included in the apparatus shown in FIG. 15 are generated after the processor 1601 of the remote attestation application device 1600 reads the program instructions 1610 stored in the memory 1603.
  • each step of the method shown in FIG. 3 , 9 , 12 , and 14 is completed by an integrated logic circuit of hardware in the processor of the remote attestation application device 1600 or an instruction in the form of software.
  • the steps combined with the method embodiments disclosed in this application may be directly implemented by a hardware processor, or implemented by a combination of hardware and software modules in the processor.
  • the software module can be located in a mature storage medium in the field such as random access memory, flash memory, read-only memory, programmable read-only memory or electrically erasable programmable memory, register.
  • the storage medium is located in the memory, and the processor reads the information in the memory, and completes the steps of the above method embodiments in combination with its hardware. To avoid repetition, no detailed description is given here.
  • processor can be a central processing unit (Central Processing Unit, CPU), and can also be other general-purpose processors, digital signal processing (digital signal processing, DSP), application specific integrated circuit (application specific integrated circuit, ASIC), field-programmable gate array (field-programmable gate array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • a general purpose processor may be a microprocessor or any conventional processor or the like. It should be noted that the processor may be a processor supporting advanced RISC machines (ARM) architecture.
  • ARM advanced RISC machines
  • the above-mentioned memory may include a read-only memory and a random-access memory, and provide instructions and data to the processor.
  • Memory may also include non-volatile random access memory.
  • the memory may also store device type information.
  • the memory can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory.
  • the non-volatile memory can be read-only memory (read-only memory, ROM), programmable read-only memory (programmable ROM, PROM), erasable programmable read-only memory (erasable PROM, EPROM), electrically programmable Erases programmable read-only memory (electrically EPROM, EEPROM) or flash memory.
  • Volatile memory can be random access memory (RAM), which acts as external cache memory. By way of illustration and not limitation, many forms of RAM are available.
  • static random access memory static random access memory
  • dynamic random access memory dynamic random access memory
  • DRAM dynamic random access memory
  • SDRAM synchronous dynamic random access memory
  • double data rate synchronous dynamic random access Memory double data date SDRAM, DDR SDRAM
  • enhanced synchronous dynamic random access memory enhanced SDRAM, ESDRAM
  • serial link DRAM SLDRAM
  • direct memory bus random access memory direct rambus RAM
  • a remote attestation application system includes a first network element device and at least one second network element device, the first network element device is communicatively connected to the at least one second network element device, The first network element device is used to execute the method executed by the first network element device in Figures 3, 9, 12, and 14, and the second network element device is used to execute the method executed by the second network element device in Figures 9, 12, and 14 method.
  • a computer program (product) is provided, and the computer program (product) includes: computer program code, when the computer program code is run by a computer, the computer is made to execute An application method of remote attestation performed by a network element device. Alternatively, the computer is made to execute the method executed by the second network element device in FIGS. 9 , 12 , and 14 .
  • a computer-readable storage medium stores programs or instructions. When the programs or instructions are run on the computer, the computer executes the above-mentioned steps in FIGS. 3, 9, 12, and 14. A method performed by a network element device. Alternatively, the computer executes the methods executed by the second network element device in FIGS. 9 , 12 , and 14 above.
  • a chip including a processor, for calling and executing instructions stored in the memory from the memory, so that the device installed with the chip executes the first network shown in FIGS. 3, 9, 12, and 14.
  • another chip including: an input interface, an output interface, a processor, and a memory.
  • the input interface, the output interface, the processor, and the memory are connected through an internal connection path, and the processor is used to execute the memory in the memory.
  • code when the code is executed, the processor is configured to execute the method executed by the first network element device in FIG. 3 , 9 , 12 , and 14 .
  • the processor is configured to execute the method executed by the second network element device in FIGS. 9 , 12 , and 14 .
  • all or part of them may be implemented by software, hardware, firmware or any combination thereof.
  • software When implemented using software, it may be implemented in whole or in part in the form of a computer program product.
  • the computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on the computer, the processes or functions according to the present application will be generated in whole or in part.
  • the computer can be a general purpose computer, a special purpose computer, a computer network, or other programmable devices.
  • the computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from a website, computer, server or data center Transmission to another website site, computer, server, or data center by wired (eg, coaxial cable, optical fiber, DSL) or wireless (eg, infrared, wireless, microwave, etc.) means.
  • the computer-readable storage medium may be any available medium that can be accessed by a computer, or a data storage device such as a server or a data center integrated with one or more available media.
  • the available medium may be a magnetic medium (for example, a floppy disk, a hard disk, a magnetic tape), an optical medium (for example, DVD), or a semiconductor medium (for example, a Solid State Disk).
  • first and second are used to distinguish the same or similar items with basically the same function and function. It should be understood that “first”, “second” and “nth” There are no logical or timing dependencies, nor are there restrictions on quantity or order of execution. It should also be understood that although the following description uses the terms first, second, etc. to describe various elements, these elements should not be limited by the terms. These terms are only used to distinguish one element from another.
  • if and “if” may be construed to mean “when” ("when” or “upon”) or “in response to determining” or “in response to detecting”.
  • phrases “if it is determined" or “if [the stated condition or event] is detected” may be construed to mean “when determining” or “in response to determining... ” or “upon detection of [stated condition or event]” or “in response to detection of [stated condition or event]”.

Abstract

The present application relates to the technical field of communications, and discloses a remote attestation application method, apparatus, device, and system, and a storage medium. The method comprises: a first network element device obtains a remote attestation result corresponding to a second network element device, wherein the remote attestation result is used for indicating the trust state of the second network element device, the trust states of the second network element device comprising trusted, untrusted, or state unknown; and then, the first network element device performs routing management on the second network element device on the basis of the trust state of the second network element device indicated by the remote attestation result. In embodiments of the present application, after the remote attestation result is obtained, the remote attestation result is applied to a management process of the second network element device, such that the remote attestation result can be reflected on a routing function of the second network element device. Since the remote attestation result is used for indicating the trust state of the second network element device, the management reliability is improved by applying the remote attestation result to manage the second network element device.

Description

远程证明的应用方法、装置、设备、系统及存储介质Application method, device, equipment, system and storage medium of remote certification
本申请要求于2021年11月29日提交的申请号为202111436561.2、发明名称为“远程证明的应用方法、装置、设备、系统及存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application with the application number 202111436561.2 and the title of the invention "Application method, device, equipment, system and storage medium of remote certification" filed on November 29, 2021, the entire contents of which are incorporated by reference in this application.
技术领域technical field
本申请涉及通信技术领域,特别涉及远程证明的应用方法、装置、设备、系统及存储介质。The present application relates to the technical field of communication, and in particular to an application method, device, equipment, system and storage medium of remote certification.
背景技术Background technique
在通信技术领域中,远程证明(remote attestation,RA)过程是基于网元设备对应的度量信息对网元设备进行可信度量的过程。其中,通过RA过程能够得到RA结果,RA结果用于指示网元设备的可信状态。因此,可以将RA结果应用于对网元设备的管理,从而提高管理的可靠性。In the field of communication technology, the remote attestation (remote attestation, RA) process is a process of performing credible measurement on the network element device based on the measurement information corresponding to the network element device. Wherein, the RA result can be obtained through the RA process, and the RA result is used to indicate the trusted state of the network element device. Therefore, the RA result can be applied to the management of network element devices, thereby improving the reliability of management.
发明内容Contents of the invention
本申请提供了一种远程证明的应用方法、装置、设备、系统及存储介质,以将RA结果应用于对网元设备的管理,从而提高管理的可靠性,技术方案如下。This application provides an application method, device, equipment, system and storage medium for remote attestation, so as to apply RA results to the management of network element equipment, thereby improving the reliability of management. The technical solution is as follows.
第一方面,提供了一种远程证明的应用方法,方法包括:In the first aspect, a remote attestation application method is provided, the method includes:
第一网元设备首先获取第二网元设备对应的远程证明结果。其中,该远程证明结果用于指示第二网元设备的可信状态,第二网元设备的可信状态包括可信、不可信或者状态未知。之后,第一网元设备基于远程证明结果所指示的第二网元设备的可信状态,对第二网元设备进行路由管理。The first network element device first obtains the remote attestation result corresponding to the second network element device. Wherein, the remote attestation result is used to indicate the trusted status of the second network element device, and the trusted status of the second network element device includes trusted, untrusted or unknown status. Afterwards, the first network element device performs routing management on the second network element device based on the trusted status of the second network element device indicated by the remote attestation result.
本申请实施例在获取远程证明结果之后,将远程证明结果应用至第二网元设备的管理过程中,使得该远程证明结果能够反映在第二网元设备的路由功能上。由于该远程证明结果用于指示第二网元设备的可信状态,因而应用该远程证明结果对第二网元设备进行管理提高了管理的可靠性,从而保证了包含该第二网元设备的网络架构的安全性,以及基于第二网元设备进行通信的安全性。In the embodiment of the present application, after the remote attestation result is obtained, the remote attestation result is applied to the management process of the second network element device, so that the remote attestation result can be reflected in the routing function of the second network element device. Since the remote attestation result is used to indicate the trusted state of the second network element device, the application of the remote attestation result to manage the second network element device improves the reliability of management, thereby ensuring that the The security of the network architecture, and the security of communication based on the second network element device.
在一种可能的实现方式中,第一网元设备基于远程证明结果所指示的第二网元设备的可信状态,对第二网元设备进行路由管理,包括:第一网元设备获取第二网元设备对应的路由信息;第一网元设备基于第二网元设备的可信状态,按照已配置的规则对第二网元设备对应的路由信息进行管理。In a possible implementation manner, the first network element device performs routing management on the second network element device based on the trusted state of the second network element device indicated by the remote attestation result, including: the first network element device obtains the second network element device The routing information corresponding to the second network element device; the first network element device manages the routing information corresponding to the second network element device according to the configured rules based on the trusted state of the second network element device.
按照已配置的规则对第二网元设备对应的路由信息进行管理,能够使得第一网元设备自动实现对第二网元设备的路由管理,可靠性较高。The routing information corresponding to the second network element device is managed according to the configured rules, so that the first network element device can automatically realize the routing management of the second network element device, and the reliability is high.
在一种可能的实现方式中,已配置的规则包括路由管理策略,第一网元设备基于第二网元设备的可信状态,按照已配置的规则对第二网元设备对应的路由信息进行管理,包括:第 一网元设备从路由管理策略中确定与第二网元设备的可信状态相匹配的目标策略;第一网元设备按照目标策略对第二网元设备对应的路由信息进行管理。In a possible implementation, the configured rules include routing management policies, and the first network element device performs routing information corresponding to the second network element device according to the configured rules based on the trusted status of the second network element device. Management, including: the first network element device determines a target policy that matches the trusted state of the second network element device from the routing management policy; the first network element device performs routing information corresponding to the second network element device according to the target policy manage.
其中,配置路由管理策略作为规则,基于此种规则进行管理的灵活性较高。Among them, routing management policies are configured as rules, and management based on such rules is more flexible.
在一种可能的实现方式中,第二网元设备对应的路由信息包括第一路由信息、第二路由信息、第三路由信息和第四路由信息中的至少一种信息,其中,第一路由信息是第二网元设备需要发布的路由信息,第二路由信息是第二网元设备已发布的路由信息,第三路由信息是第二网元设备需要接收的路由信息,第四路由信息是第二网元设备已接收的路由信息;目标策略包括第一路由信息对应的策略、第二路由信息对应的策略、第三路由信息对应的策略和第四路由信息对应的策略中的至少一种策略。In a possible implementation, the routing information corresponding to the second network element device includes at least one of the first routing information, the second routing information, the third routing information, and the fourth routing information, where the first routing The information is the routing information that the second network element device needs to publish, the second routing information is the routing information that the second network element device has released, the third routing information is the routing information that the second network element device needs to receive, and the fourth routing information is The routing information received by the second network element device; the target strategy includes at least one of a strategy corresponding to the first routing information, a strategy corresponding to the second routing information, a strategy corresponding to the third routing information, and a strategy corresponding to the fourth routing information Strategy.
基于路由管理策略,能够对多种路由信息进行管理,每种路由信息分别对应不同的策略,较为细致和灵活。Based on the routing management strategy, it can manage a variety of routing information, and each routing information corresponds to a different strategy, which is more detailed and flexible.
在一种可能的实现方式中,第二网元设备的可信状态为第二网元设备可信;第一路由信息对应的策略用于指示发布第一路由信息;第二路由信息对应的策略用于指示维持第二路由信息;第三路由信息对应的策略用于指示向第二网元设备发布第三路由信息;第四路由信息对应的策略用于指示维持第四路由信息。In a possible implementation, the trusted state of the second network element device is that the second network element device is trusted; the policy corresponding to the first routing information is used to indicate the release of the first routing information; the policy corresponding to the second routing information The policy corresponding to the third routing information is used to indicate to release the third routing information to the second network element device; the policy corresponding to the fourth routing information is used to indicate maintaining the fourth routing information.
在第二网元设备可信的情况下,第二网元设备可以正常收发路由信息,从而使得流量通过可信的第二网元设备的概率最高。When the second network element device is trusted, the second network element device can normally send and receive routing information, so that the probability of traffic passing through the trusted second network element device is the highest.
在一种可能的实现方式中,第二网元设备的可信状态为第二网元设备不可信;第一路由信息对应的策略用于指示不发布第一路由信息;第二路由信息对应的策略用于指示撤销第二路由信息;第三路由信息对应的策略用于指示不向第二网元设备发布第三路由信息;第四路由信息对应的策略用于指示撤销第四路由信息。In a possible implementation manner, the trusted state of the second network element device is that the second network element device is untrustworthy; the policy corresponding to the first routing information is used to indicate that the first routing information is not to be published; the policy corresponding to the second routing information The policy is used to indicate the withdrawal of the second routing information; the policy corresponding to the third routing information is used to indicate not to publish the third routing information to the second network element device; the policy corresponding to the fourth routing information is used to indicate the withdrawal of the fourth routing information.
在第二网元设备不可信的情况下,第二网元设备不能正常收发路由信息,从而使得流量通过不可信的第二网元设备的概率最低。When the second network element device is untrustworthy, the second network element device cannot send and receive routing information normally, so that the probability of traffic passing through the untrusted second network element device is the lowest.
在一种可能的实现方式中,第二网元设备的可信状态为第二网元设备状态未知;第一路由信息对应的策略用于指示发布第一路由信息和第一优先级指标,第一优先级指标用于指示第一路由信息的优先级,第一路由信息的优先级低于缺省优先级;第二路由信息对应的策略用于指示发布第二路由信息和第二优先级指标,第二优先级指标用于指示本次发布的第二路由信息的优先级,本次发布的第二路由信息的优先级低于缺省优先级且低于上次发布的第二路由信息的优先级;第三路由信息对应的策略用于指示向第二网元设备发布第三路由信息;第四路由信息对应的策略用于指示维持第四路由信息。In a possible implementation manner, the trusted state of the second network element device is that the state of the second network element device is unknown; the policy corresponding to the first routing information is used to indicate the release of the first routing information and the first priority indicator, and the first A priority indicator is used to indicate the priority of the first routing information, the priority of the first routing information is lower than the default priority; the strategy corresponding to the second routing information is used to indicate the release of the second routing information and the second priority indicator , the second priority indicator is used to indicate the priority of the second routing information released this time. The priority of the second routing information released this time is lower than the default priority and lower than that of the second routing information released last time. Priority; the strategy corresponding to the third routing information is used to instruct to release the third routing information to the second network element device; the strategy corresponding to the fourth routing information is used to instruct to maintain the fourth routing information.
在第二网元设备状态未知的情况下,第二网元设备虽然能收发路由信息,但需要降低路由信息的优先级,从而使得流量通过状态未知的第二网元设备的概率处于上述最高概率和最低概率之间。其中,第二网元设备可信、第二网元设备状态未知、第二网元设备不可信这三种可信状态的可信程度依次降低,基于以上说明能够看出,流量通过这三种可信状态的第二网元设备的概率也依次降低。因此,本申请能够实现:第二网元设备的可信程度越低,则流量通过第二网元设备的概率越小。When the state of the second network element device is unknown, although the second network element device can send and receive routing information, it needs to lower the priority of the routing information, so that the probability of traffic passing through the second network element device with an unknown state is the highest probability mentioned above and the lowest probability. Among them, the trustworthiness of the three trustworthy states of the second network element device trusted, the second network element device status unknown, and the second network element device untrusted decrease in turn. The probability of the second network element device in the trusted state also decreases in turn. Therefore, the present application can realize that the lower the trustworthiness of the second network element device is, the lower the probability of traffic passing through the second network element device is.
在一种可能的实现方式中,已配置的规则包括可执行代码,可执行代码用于为第二网元设备对应的路由信息配置与第二网元设备的可信状态相匹配的优先级指标,第一网元设备基于第二网元设备的可信状态,按照已配置的规则对第二网元设备对应的路由信息进行管理, 包括:第一网元设备通过运行可执行代码,为第二网元设备对应的路由信息配置第三优先级指标,其中,第三优先级指标是与第二网元设备的可信状态相匹配的优先级指标,第三优先级指标用于指示第二网元设备对应的路由信息的优先级;第一网元设备发布第二网元设备对应的路由信息和第三优先级指标。In a possible implementation manner, the configured rule includes executable code, and the executable code is used to configure the routing information corresponding to the second network element device with a priority indicator that matches the trusted status of the second network element device , the first network element device manages the routing information corresponding to the second network element device according to the configured rules based on the trusted state of the second network element device, including: the first network element device executes the executable code for the second network element device The routing information corresponding to the second network element device is configured with a third priority indicator, where the third priority indicator is a priority indicator that matches the trusted status of the second network element device, and the third priority indicator is used to indicate that the second The priority of the routing information corresponding to the network element device; the first network element device publishes the routing information corresponding to the second network element device and the third priority index.
其中,配置可执行代码作为规则,配置过程所需要的工作量较小。Among them, configuring the executable code as a rule requires less work in the configuration process.
在一种可能的实现方式中,第二网元设备对应的路由信息包括第一路由信息和第二路由信息中的至少一种信息,其中,第一路由信息是第二网元设备需要发布的路由信息,第二路由信息是第二网元设备已发布的路由信息,第三优先级指标包括第一路由信息对应的优先级指标和第二路由信息对应的优先级指标中的至少一种指标,第一路由信息对应的优先级指标用于指示第一路由信息的优先级,第二路由信息对应的优先级指标用于指示第二路由信息的优先级。In a possible implementation manner, the routing information corresponding to the second network element device includes at least one of the first routing information and the second routing information, where the first routing information is what the second network element device needs to publish Routing information, the second routing information is the routing information published by the second network element device, and the third priority index includes at least one of the priority index corresponding to the first routing information and the priority index corresponding to the second routing information , the priority indicator corresponding to the first routing information is used to indicate the priority of the first routing information, and the priority indicator corresponding to the second routing information is used to indicate the priority of the second routing information.
基于可执行代码,能够对多种路由信息进行管理,每种路由信息分别对应不同的优先级。Based on the executable code, various routing information can be managed, and each routing information corresponds to a different priority.
在一种可能的实现方式中,第二网元设备的可信状态为第二网元设备可信;第一路由信息的优先级和第二路由信息的优先级均不低于缺省优先级。In a possible implementation, the trusted state of the second network element device is that the second network element device is trusted; the priority of the first routing information and the priority of the second routing information are not lower than the default priority .
在一种可能的实现方式中,第二网元设备的可信状态为第二网元设备不可信;第一路由信息的优先级和第二路由信息的优先级均低于缺省优先级。In a possible implementation manner, the trusted state of the second network element device is that the second network element device is not trusted; the priority of the first routing information and the priority of the second routing information are both lower than the default priority.
在一种可能的实现方式中,第二网元设备的可信状态为第二网元设备状态未知;第一路由信息的优先级和第二路由信息的优先级均低于缺省优先级且高于第二网元设备不可信的情况下的优先级。In a possible implementation manner, the trusted state of the second network element device is that the state of the second network element device is unknown; the priority of the first routing information and the priority of the second routing information are both lower than the default priority and It is higher than the priority when the second network element device is untrusted.
其中,第二网元设备可信、第二网元设备状态未知、第二网元设备不可信这三种可信状态的可信程度依次降低。能够看出,对于可信程度最高的第二网元设备可信的情况,第二网元设备对应的路由信息的优先级最高。对于可信程度次高的第二网元设备状态未知的情况,第二网元设备对应的路由信息的优先级次高。对于可信程度最低的第二网元设备不可信的情况,第二网元设备对应的路由信息的优先级最低。因此,选路过程中优先选择可信的第二网元设备,其次选择状态未知的第二网元设备,再次选择不可信的第二网元设备,选择概率依次降低,选择第二网元设备的概率影响着流量通过第二网元设备的概率。由此,实现了第二网元设备的可信程度越低,则流量通过第二网元设备的概率越低。Wherein, the trustworthiness of the three trusted states of the second network element device being trusted, the second network element device being in an unknown state, and the second network element device being untrusted decreases successively. It can be seen that, when the second network element device with the highest degree of trust is trusted, the routing information corresponding to the second network element device has the highest priority. For the case where the status of the second network element device with the second highest degree of reliability is unknown, the routing information corresponding to the second network element device has the second highest priority. For the case where the second network element device with the lowest degree of trust is not trustworthy, the routing information corresponding to the second network element device has the lowest priority. Therefore, in the route selection process, the trusted second network element device is selected first, the second network element device with unknown status is selected next, and the untrusted second network element device is selected again. The selection probability decreases in turn, and the second network element device is selected. The probability of affects the probability that traffic passes through the second network element device. Thus, it is realized that the lower the degree of trustworthiness of the second network element device is, the lower the probability of traffic passing through the second network element device is.
在一种可能的实现方式中,优先级指标是BGP属性,优先级指标包括本地优先级或者多出口鉴别器,其中,本地优先级的数值越大,则本地优先级所指示的优先级越高,多出口鉴别器的数值越小,则多出口鉴别器所指示的优先级越高。In a possible implementation manner, the priority indicator is a BGP attribute, and the priority indicator includes a local priority or a multi-exit discriminator, wherein the larger the value of the local priority, the higher the priority indicated by the local priority , the smaller the value of the multi-exit discriminator, the higher the priority indicated by the multi-exit discriminator.
在一种可能的实现方式中,第一网元设备获取第二网元设备对应的远程证明结果,包括:第一网元设备读取远程证明结果获取命令,远程证明结果获取命令用于指示远程证明结果的获取路径;第一网元设备按照远程证明结果获取命令所指示的获取路径获取远程证明结果。In a possible implementation, the first network element device acquires the remote certification result corresponding to the second network element device, including: the first network element device reads the remote certification result acquisition command, and the remote certification result acquisition command is used to instruct the remote An acquisition path of the certification result: the first network element device acquires the remote certification result according to the acquisition path indicated by the remote certification result acquisition command.
在一种可能的实现方式中,第一网元设备具备路由反射功能,第一网元设备与第二网元设备之间建立有用于进行路由反射的BGP连接。In a possible implementation manner, the first network element device has a route reflection function, and a BGP connection for performing route reflection is established between the first network element device and the second network element device.
复用具有路由反射功能的第一网元设备来执行上述方法,无需在第一网元设备和第二网元设备之间额外部署其他网元设备,也无需额外建立第一网元设备与第二网元设备之间的连接,直接使用BGP连接即可。由此,节约了远程证明的应用过程的成本,提高了远程证明的应用过程的效率。Multiplexing the first network element device with the route reflection function to execute the above method does not require additional deployment of other network element devices between the first network element device and the second network element device, and does not require additional establishment of the first network element device and the second network element device. The connection between the two network element devices can be directly connected through BGP. Therefore, the cost of the application process of the remote certification is saved, and the efficiency of the application process of the remote certification is improved.
第二方面,提供了一种远程证明的应用装置,该装置包括:In the second aspect, a remote certification application device is provided, which includes:
获取模块,用于获取第二网元设备对应的远程证明结果,远程证明结果用于指示第二网元设备的可信状态,第二网元设备的可信状态包括可信、不可信或者状态未知;An acquisition module, configured to acquire a remote attestation result corresponding to the second network element device, the remote attestation result is used to indicate the trusted state of the second network element device, and the trusted status of the second network element device includes trusted, untrusted, or state unknown;
管理模块,用于基于远程证明结果所指示的第二网元设备的可信状态,对第二网元设备进行路由管理。The management module is configured to perform routing management on the second network element device based on the trusted state of the second network element device indicated by the remote attestation result.
在一种可能的实现方式中,管理模块,用于获取第二网元设备对应的路由信息;基于第二网元设备的可信状态,按照已配置的规则对第二网元设备对应的路由信息进行管理。In a possible implementation manner, the management module is configured to obtain routing information corresponding to the second network element device; based on the trusted status of the second network element device, the routing information corresponding to the second network element device is configured according to the configured rules. information is managed.
在一种可能的实现方式中,已配置的规则包括路由管理策略,管理模块,用于从路由管理策略中确定与第二网元设备的可信状态相匹配的目标策略;按照目标策略对第二网元设备对应的路由信息进行管理。In a possible implementation, the configured rules include routing management policies, and the management module is configured to determine from the routing management policies a target policy that matches the trusted status of the second network element device; Manage the routing information corresponding to the two network element devices.
在一种可能的实现方式中,第二网元设备对应的路由信息包括第一路由信息、第二路由信息、第三路由信息和第四路由信息中的至少一种信息,其中,第一路由信息是第二网元设备需要发布的路由信息,第二路由信息是第二网元设备已发布的路由信息,第三路由信息是第二网元设备需要接收的路由信息,第四路由信息是第二网元设备已接收的路由信息;目标策略包括第一路由信息对应的策略、第二路由信息对应的策略、第三路由信息对应的策略和第四路由信息对应的策略中的至少一种策略。In a possible implementation, the routing information corresponding to the second network element device includes at least one of the first routing information, the second routing information, the third routing information, and the fourth routing information, where the first routing The information is the routing information that the second network element device needs to publish, the second routing information is the routing information that the second network element device has released, the third routing information is the routing information that the second network element device needs to receive, and the fourth routing information is The routing information received by the second network element device; the target strategy includes at least one of a strategy corresponding to the first routing information, a strategy corresponding to the second routing information, a strategy corresponding to the third routing information, and a strategy corresponding to the fourth routing information Strategy.
在一种可能的实现方式中,第二网元设备的可信状态为第二网元设备可信;第一路由信息对应的策略用于指示发布第一路由信息;第二路由信息对应的策略用于指示维持第二路由信息;第三路由信息对应的策略用于指示向第二网元设备发布第三路由信息;第四路由信息对应的策略用于指示维持第四路由信息。In a possible implementation, the trusted state of the second network element device is that the second network element device is trusted; the policy corresponding to the first routing information is used to indicate the release of the first routing information; the policy corresponding to the second routing information The policy corresponding to the third routing information is used to indicate to release the third routing information to the second network element device; the policy corresponding to the fourth routing information is used to indicate maintaining the fourth routing information.
在一种可能的实现方式中,第二网元设备的可信状态为第二网元设备不可信;第一路由信息对应的策略用于指示不发布第一路由信息;第二路由信息对应的策略用于指示撤销第二路由信息;第三路由信息对应的策略用于指示不向第二网元设备发布第三路由信息;第四路由信息对应的策略用于指示撤销第四路由信息。In a possible implementation manner, the trusted state of the second network element device is that the second network element device is untrustworthy; the policy corresponding to the first routing information is used to indicate that the first routing information is not to be published; the policy corresponding to the second routing information The policy is used to indicate the withdrawal of the second routing information; the policy corresponding to the third routing information is used to indicate not to publish the third routing information to the second network element device; the policy corresponding to the fourth routing information is used to indicate the withdrawal of the fourth routing information.
在一种可能的实现方式中,第二网元设备的可信状态为第二网元设备状态未知;第一路由信息对应的策略用于指示发布第一路由信息和第一优先级指标,第一优先级指标用于指示第一路由信息的优先级,第一路由信息的优先级低于缺省优先级;第二路由信息对应的策略用于指示发布第二路由信息和第二优先级指标,第二优先级指标用于指示本次发布的第二路由信息的优先级,本次发布的第二路由信息的优先级低于缺省优先级且低于上次发布的第二路由信息的优先级;第三路由信息对应的策略用于指示向第二网元设备发布第三路由信息;第四路由信息对应的策略用于指示维持第四路由信息。In a possible implementation manner, the trusted state of the second network element device is that the state of the second network element device is unknown; the policy corresponding to the first routing information is used to indicate the release of the first routing information and the first priority indicator, and the first A priority indicator is used to indicate the priority of the first routing information, the priority of the first routing information is lower than the default priority; the strategy corresponding to the second routing information is used to indicate the release of the second routing information and the second priority indicator , the second priority indicator is used to indicate the priority of the second routing information released this time. The priority of the second routing information released this time is lower than the default priority and lower than that of the second routing information released last time. Priority; the strategy corresponding to the third routing information is used to instruct to release the third routing information to the second network element device; the strategy corresponding to the fourth routing information is used to instruct to maintain the fourth routing information.
在一种可能的实现方式中,已配置的规则包括可执行代码,可执行代码用于为第二网元设备对应的路由信息配置与第二网元设备的可信状态相匹配的优先级指标,管理模块,用于第一网元设备通过运行可执行代码,为第二网元设备对应的路由信息配置第三优先级指标,其中,第三优先级指标是与第二网元设备的可信状态相匹配的优先级指标,第三优先级指标用于指示第二网元设备对应的路由信息的优先级;第一网元设备发布第二网元设备对应的路由信息和第三优先级指标。In a possible implementation manner, the configured rule includes executable code, and the executable code is used to configure the routing information corresponding to the second network element device with a priority indicator that matches the trusted status of the second network element device , a management module, configured for the first network element device to configure a third priority index for the routing information corresponding to the second network element device by running executable code, wherein the third priority index is the same as the second network element device. The priority indicator that matches the communication status, the third priority indicator is used to indicate the priority of the routing information corresponding to the second network element device; the first network element device publishes the routing information corresponding to the second network element device and the third priority index.
在一种可能的实现方式中,第二网元设备对应的路由信息包括第一路由信息和第二路由信息中的至少一种信息,其中,第一路由信息是第二网元设备需要发布的路由信息,第二路 由信息是第二网元设备已发布的路由信息,第三优先级指标包括第一路由信息对应的优先级指标和第二路由信息对应的优先级指标中的至少一种指标,第一路由信息对应的优先级指标用于指示第一路由信息的优先级,第二路由信息对应的优先级指标用于指示第二路由信息的优先级。In a possible implementation manner, the routing information corresponding to the second network element device includes at least one of the first routing information and the second routing information, where the first routing information is what the second network element device needs to publish Routing information, the second routing information is the routing information published by the second network element device, and the third priority index includes at least one of the priority index corresponding to the first routing information and the priority index corresponding to the second routing information , the priority indicator corresponding to the first routing information is used to indicate the priority of the first routing information, and the priority indicator corresponding to the second routing information is used to indicate the priority of the second routing information.
在一种可能的实现方式中,第二网元设备的可信状态为第二网元设备可信;第一路由信息的优先级和第二路由信息的优先级均不低于缺省优先级。In a possible implementation, the trusted state of the second network element device is that the second network element device is trusted; the priority of the first routing information and the priority of the second routing information are not lower than the default priority .
在一种可能的实现方式中,第二网元设备的可信状态为第二网元设备不可信;第一路由信息的优先级和第二路由信息的优先级均低于缺省优先级。In a possible implementation manner, the trusted state of the second network element device is that the second network element device is not trusted; the priority of the first routing information and the priority of the second routing information are both lower than the default priority.
在一种可能的实现方式中,第二网元设备的可信状态为第二网元设备状态未知;第一路由信息的优先级和第二路由信息的优先级均低于缺省优先级且高于第二网元设备不可信的情况下的优先级。In a possible implementation manner, the trusted state of the second network element device is that the state of the second network element device is unknown; the priority of the first routing information and the priority of the second routing information are both lower than the default priority and It is higher than the priority when the second network element device is untrusted.
在一种可能的实现方式中,优先级指标是边界网关协议BGP属性,优先级指标包括本地优先级或者多出口鉴别器,其中,本地优先级的数值越大,则本地优先级所指示的优先级越高,多出口鉴别器的数值越小,则多出口鉴别器所指示的优先级越高。In a possible implementation manner, the priority indicator is a Border Gateway Protocol BGP attribute, and the priority indicator includes a local priority or a multi-exit discriminator, wherein the larger the value of the local priority, the priority indicated by the local priority The higher the level, the smaller the value of the multi-exit discriminator, and the higher the priority indicated by the multi-exit discriminator.
在一种可能的实现方式中,获取模块,用于读取远程证明结果获取命令,远程证明结果获取命令用于指示远程证明结果的获取路径;按照远程证明结果获取命令所指示的获取路径获取远程证明结果。In a possible implementation, the obtaining module is used to read the command for obtaining the remote proof result, and the command for obtaining the remote proof result is used to indicate the path for obtaining the remote proof result; to obtain the remote Prove results.
在一种可能的实现方式中,远程证明的应用装置应用于第一网元设备,第一网元设备具备路由反射功能,第一网元设备与第二网元设备之间建立有用于进行路由反射的BGP连接。In a possible implementation manner, the remote attestation application device is applied to the first network element device, the first network element device has a route reflection function, and a routing link is established between the first network element device and the second network element device. Reflected BGP connections.
第三方面,提供了一种远程证明的应用设备,该设备包括存储器及处理器;存储器中存储有至少一条指令,至少一条指令由处理器加载并执行,以使远程证明的应用设备实现第一方面或第一方面的任一种可能的实现方式中的方法。In a third aspect, a remote attestation application device is provided, the device includes a memory and a processor; at least one instruction is stored in the memory, at least one instruction is loaded and executed by the processor, so that the remote attestation application device realizes the first Aspect or a method in any possible implementation of the first aspect.
第四方面,提供了一种远程证明的应用设备,该设备包括:网络接口、存储器和处理器。其中,该网络接口、该存储器和该处理器通过内部连接通路互相通信。网络接口用于根据处理器的控制发送或接收报文。该存储器用于存储指令,当该指令被该处理器执行时,使得该设备执行第一方面或第一方面的任一种可能的实现方式中的方法。In a fourth aspect, a remote attestation application device is provided, and the device includes: a network interface, a memory, and a processor. Wherein, the network interface, the memory and the processor communicate with each other through an internal connection path. The network interface is used to send or receive messages according to the control of the processor. The memory is used to store an instruction, and when the instruction is executed by the processor, the device executes the method in the first aspect or any possible implementation manner of the first aspect.
可选地,处理器为一个或多个,存储器为一个或多个。Optionally, there are one or more processors, and one or more memories.
可选地,存储器可以与处理器集成在一起,或者存储器与处理器分离设置。Optionally, the memory may be integrated with the processor, or the memory may be separated from the processor.
在具体实现过程中,存储器可以为非瞬时性(non-transitory)存储器,例如只读存储器(read only memory,ROM),其可以与处理器集成在同一块芯片上,也可以分别设置在不同的芯片上,本申请对存储器的类型以及存储器与处理器的设置方式不做限定。In the specific implementation process, the memory can be a non-transitory (non-transitory) memory, such as a read-only memory (read only memory, ROM), which can be integrated with the processor on the same chip, or can be set in different On the chip, the application does not limit the type of the memory and the arrangement of the memory and the processor.
第五方面,提供了一种远程证明的应用系统,该系统包括第一网元设备和至少一个第二网元设备,第一网元设备与至少一个第二网元设备通信连接,第一网元设备用于执行第一方面或第一方面的任一种可能的实现方式中的方法。In the fifth aspect, a remote attestation application system is provided, the system includes a first network element device and at least one second network element device, the first network element device is communicatively connected to the at least one second network element device, and the first network element device The meta-device is used to execute the first aspect or the method in any possible implementation manner of the first aspect.
第六方面,提供了一种计算机程序(产品),计算机程序(产品)包括:计算机程序代码,当计算机程序代码被计算机运行时,使得计算机执行上述各方面中的方法。According to a sixth aspect, a computer program (product) is provided, and the computer program (product) includes: computer program code, when the computer program code is run by a computer, it causes the computer to execute the methods in the above aspects.
第七方面,提供了一种计算机可读存储介质,计算机可读存储介质存储程序或指令,当程序或指令在计算机上运行时,上述各方面中的方法被执行。In a seventh aspect, a computer-readable storage medium is provided. The computer-readable storage medium stores programs or instructions. When the programs or instructions are run on a computer, the methods in the above aspects are executed.
第八方面,提供了一种芯片,包括处理器,用于从存储器中调用并运行存储器中存储的 指令,使得安装有芯片的通信设备执行上述各方面中的方法。In an eighth aspect, a chip is provided, including a processor, configured to call and execute instructions stored in the memory from the memory, so that the communication device installed with the chip executes the method in the above aspects.
第九方面,提供另一种芯片,包括:输入接口、输出接口、处理器和存储器,输入接口、输出接口、处理器以及存储器之间通过内部连接通路相连,处理器用于执行存储器中的代码,当代码被执行时,处理器用于执行上述各方面中的方法。In the ninth aspect, another chip is provided, including: an input interface, an output interface, a processor, and a memory, the input interface, the output interface, the processor, and the memory are connected through an internal connection path, and the processor is used to execute codes in the memory, When the code is executed, the processor is used to perform the methods in the above aspects.
附图说明Description of drawings
图1为本申请实施例提供的一种实施环境的示意图;FIG. 1 is a schematic diagram of an implementation environment provided by an embodiment of the present application;
图2为本申请实施例提供的一种第二网元设备的结构示意图;FIG. 2 is a schematic structural diagram of a second network element device provided in an embodiment of the present application;
图3为本申请实施例提供的一种远程证明的应用方法的流程示意图;FIG. 3 is a schematic flowchart of a remote attestation application method provided in an embodiment of the present application;
图4为本申请实施例提供的一种相关技术中应用RA结果的流程示意图;FIG. 4 is a schematic flow chart of applying RA results in a related art provided in an embodiment of the present application;
图5为本申请实施例提供的一种对路由信息进行管理的流程示意图;FIG. 5 is a schematic flow diagram of routing information management provided by an embodiment of the present application;
图6为本申请实施例提供的一种用于进行路由发布的BGP报文的结构示意图;FIG. 6 is a schematic structural diagram of a BGP message for routing advertisement provided by an embodiment of the present application;
图7为本申请实施例提供的一种用于进行路由撤销的BGP报文的结构示意图;FIG. 7 is a schematic structural diagram of a BGP message for routing withdrawal provided by an embodiment of the present application;
图8为本申请实施例提供的一种路由信息的选择顺序的流程示意图;FIG. 8 is a schematic flowchart of a selection sequence of routing information provided by an embodiment of the present application;
图9为本申请实施例提供的一种远程证明的方法的流程示意图;FIG. 9 is a schematic flowchart of a remote attestation method provided by an embodiment of the present application;
图10为本申请实施例提供的一种BGP报文头的结构示意图;FIG. 10 is a schematic structural diagram of a BGP packet header provided by an embodiment of the present application;
图11为本申请实施例提供的一种更新类型的BGP报文的结构示意图;FIG. 11 is a schematic structural diagram of an update-type BGP message provided by an embodiment of the present application;
图12为本申请实施例提供的一种远程证明的方法的流程示意图;Fig. 12 is a schematic flowchart of a remote attestation method provided by the embodiment of the present application;
图13为本申请实施例提供的一种开放类型的BGP报文的结构示意图;FIG. 13 is a schematic structural diagram of an open type of BGP message provided by an embodiment of the present application;
图14为本申请实施例提供的一种远程证明的方法的流程示意图;Fig. 14 is a schematic flowchart of a remote attestation method provided by the embodiment of the present application;
图15为本申请实施例提供的一种远程证明的应用装置的结构示意图;FIG. 15 is a schematic structural diagram of a remote attestation application device provided by an embodiment of the present application;
图16为本申请实施例提供的一种远程证明的应用设备的结构示意图。FIG. 16 is a schematic structural diagram of a remote attestation application device provided by an embodiment of the present application.
具体实施方式Detailed ways
本申请的实施方式部分使用的术语仅用于对本申请的具体实施例进行解释,而非旨在限定本申请。The terms used in the embodiments of the present application are only used to explain specific embodiments of the present application, and are not intended to limit the present application.
在不同网元设备之间的通信过程中,通信安全问题尤为重要,在通信过程中使用处于可信状态的网元设备是解决通信安全问题的关键。对此,可信计算组(trusted computing group,TCG)推动和开发了一种名为可信计算的技术,可信计算的其中一种方案包括用于验证网元设备的可信状态的RA过程。在RA过程中,两个网元设备分别作为RA客户端(client)和RA服务器(server),作为RA客户端的网元设备是需要被验证是否处于可信状态的网元设备,作为RA服务器的网元设备是用于进行验证的可信的网元设备(又称为可信根)。作为RA客户端的网元设备产生度量信息,并向作为RA服务器的网元设备发送度量信息。作为RA服务器的网元设备根据接收到的度量信息验证作为RA客户端的网元设备是否处于可信状态,从而得到RA结果,该RA结果用于指示作为RA客户端的网元设备的可信状态。In the communication process between different network element devices, communication security issues are particularly important, and using trusted network element devices in the communication process is the key to solving communication security issues. In this regard, the Trusted Computing Group (Trusted Computing Group, TCG) has promoted and developed a technology called Trusted Computing. One of the solutions of Trusted Computing includes the RA process for verifying the trusted status of network element devices. . In the RA process, the two network element devices act as the RA client (client) and the RA server (server). The network element device serving as the RA client is the network element device that needs to be verified whether it is The network element device is a trusted network element device (also called root of trust) for verification. A network element device serving as an RA client generates measurement information and sends the measurement information to a network element device serving as an RA server. The network element device serving as the RA server verifies whether the network element device serving as the RA client is in a trusted state according to the received metric information, thereby obtaining an RA result, and the RA result is used to indicate the trusted state of the network element device serving as the RA client.
正是由于RA结果用于指示作为RA客户端的网元设备的可信状态,因而可以将该RA结果应用于对作为RA客户端的网元设备的管理,以提高管理的可靠性。因此,本申请实施例提供了一种远程证明的应用方法。该方法能够应用于图1所示的实施环境中。Just because the RA result is used to indicate the trusted status of the network element device as the RA client, the RA result can be applied to the management of the network element device as the RA client, so as to improve the reliability of management. Therefore, the embodiment of the present application provides a remote attestation application method. The method can be applied to the implementation environment shown in FIG. 1 .
图1中,包括第一网元设备11和至少一个第二网元设备12(图1仅以3个第二网元设 备12为例进行举例说明),第一网元设备11和第二网元设备12通信连接。其中,第一网元设备11用于获取第二网元设备对应的RA结果,该RA结果用于指示第二网元设备的可信状态。之后,第一网元设备11用于基于第二网元设备对应的RA结果所指示的可信状态,对第二网元设备12进行路由管理。示例性地,第二网元设备12的数量为至少一个。In Fig. 1, it includes a first network element device 11 and at least one second network element device 12 (Fig. 1 only uses three second network element devices 12 as examples for illustration), the first network element device 11 and the second network element device 12 Metadevice 12 is connected in communication. Wherein, the first network element device 11 is used to acquire the RA result corresponding to the second network element device, and the RA result is used to indicate the trusted status of the second network element device. Afterwards, the first network element device 11 is configured to perform routing management on the second network element device 12 based on the trusted state indicated by the RA result corresponding to the second network element device. Exemplarily, the number of the second network element device 12 is at least one.
示例性地,第一网元设备11从本地或者除本地之外的其他网元设备获取第二网元设备对应的RA结果。响应于第一网元设备11用于作为RA服务器,则第一网元设备11获取第二网元设备对应的RA结果的方式包括但不限于:第一网元设备11从本地获取该RA结果、或从存储有该RA结果的网元设备中获取该RA结果。或者,响应于第一网元设备11不用于作为RA服务器,则第一网元设备11获取第二网元设备对应的RA结果的方式包括但不限于:第一网元设备11从用于作为RA服务器的网元设备中获取该RA结果、或从存储有该RA结果的网元设备中获取该RA结果。在一些实施方式中,上述存储有RA结果的网元设备包括提供数据库服务、或者共享存储服务的设备等。Exemplarily, the first network element device 11 acquires the RA result corresponding to the second network element device from the local or other network element devices except the local one. In response to the fact that the first network element device 11 is used as an RA server, the way for the first network element device 11 to obtain the RA result corresponding to the second network element device includes but not limited to: the first network element device 11 obtains the RA result locally , or acquire the RA result from the network element device storing the RA result. Or, in response to the fact that the first network element device 11 is not used as an RA server, the way for the first network element device 11 to obtain the RA result corresponding to the second network element device includes but not limited to: Obtain the RA result from the network element device of the RA server, or obtain the RA result from the network element device storing the RA result. In some implementation manners, the above-mentioned network element device storing the RA result includes a device providing a database service or a shared storage service.
在一些实施方式中,第一网元设备11具有路由反射(route reflection,RR)功能,第一网元设备11与包括第二网元设备12在内的其他网元设备之间分别建立有用于进行路由反射的边界网关协议(border gateway protocol,BGP)连接。第一网元设备11对第二网元设备12进行路由管理的方式包括但不限于:第一网元设备11发送BGP报文。示例性地,具有RR功能的第一网元设备11为路由反射器。在路由反射过程中,第二网元设备12将需要发布的路由通过BGP连接发送至具有RR功能的第一网元设备11,其他网元设备也将需要发布的路由通过BGP连接发送至第一网元设备11。第一网元设备11通过对路由学习和处理来选择合适的路由,将合适的路由反射至所有与第一网元设备11建立有BGP连接的网元设备,从而在无需形成全连接的情况下实现了路由传递,降低了网络开销、提升了网络可扩展性。其中,第一网元设备11、第二网元设备12和其他网元设备位于同一个自治系统(autonomous system,AS)域或者安全域内,上述全连接是指AS域或者安全域内的第二网元设备12和其他网元设备中的任意两个网元设备均需要建立BGP连接,该BGP连接又称内部BGP(internal BGP,IBGP)连接。In some embodiments, the first network element device 11 has a route reflection (route reflection, RR) function, and the first network element device 11 and other network element devices including the second network element device 12 are respectively established for A border gateway protocol (BGP) connection for route reflection. A manner in which the first network element device 11 performs route management on the second network element device 12 includes but is not limited to: the first network element device 11 sends a BGP packet. Exemplarily, the first network element device 11 having the RR function is a route reflector. In the process of route reflection, the second network element device 12 sends the route to be released to the first network element device 11 with the RR function through the BGP connection, and other network element devices also send the route to be released to the first network element device through the BGP connection. Network element device 11. The first network element device 11 selects an appropriate route by learning and processing the route, and reflects the appropriate route to all network element devices that have established BGP connections with the first network element device 11, so that there is no need to form a full connection Route transmission is realized, network overhead is reduced, and network scalability is improved. Wherein, the first network element device 11, the second network element device 12 and other network element devices are located in the same autonomous system (autonomous system, AS) domain or security domain, and the above-mentioned full connection refers to the second network in the AS domain or security domain Any two network element devices among the element device 12 and other network element devices need to establish a BGP connection, and the BGP connection is also called an internal BGP (internal BGP, IBGP) connection.
在另一些实施方式中,第一网元设备11不具有RR功能,第一网元设备11对第二网元设备12进行路由管理的方式包括但不限于:第一网元设备11向具有RR功能的网元设备发送指令,使得具有RR功能的网元设备发送BGP报文。In some other embodiments, the first network element device 11 does not have the RR function, and the way that the first network element device 11 performs routing management on the second network element device 12 includes but not limited to: The network element device with the RR function sends a command to make the network element device with the RR function send BGP packets.
在本申请实施例中,第二网元设备对应的RA结果所指示第二网元设备的可信状态包括但不限于:第二网元设备可信、第二网元设备不可信或者第二网元设备状态未知。其中,在第二网元设备12能够支持RA过程的情况下,第二网元设备12用于作为RA客户端,该RA结果可能指示上述三种可信状态中的任一种。在第二网元设备12不能够支持RA过程的情况下,该RA结果则指示第二网元设备12状态未知这一种可信状态。In this embodiment of the application, the trusted state of the second network element device indicated by the RA result corresponding to the second network element device includes, but is not limited to: the second network element device is trusted, the second network element device is untrustworthy, or the second network element device is trusted. The status of the NE device is unknown. Wherein, if the second network element device 12 can support the RA process, the second network element device 12 is used as an RA client, and the RA result may indicate any one of the above three trustworthy states. In the case that the second network element device 12 cannot support the RA process, the RA result indicates that the second network element device 12 is in an unknown trusted state.
对于第二网元设备12能够支持RA过程的情况,第二网元设备12的结构可以参见图2。图2中,包括处理器21、存储器22、网络接口23、安全硬件24和总线25,处理器21、存储器22、网络接口23和安全硬件24分别与总线25连接,操作系统、业务软件和RA客户端以程序代码的形式存储于存储器22中。其中,处理器21从存储器22中读取程序代码,以使得操作系统能够运行,并使得业务软件和RA客户端能够在操作系统中运行。安全硬件24通过总线25从处理器21获取并存储第二网元设备的度量信息,该度量信息包括业务软件的运行 过程中第二网元设备12的组件产生的信息,组件例如为单板。在RA过程中,RA客户端通过总线25从安全硬件24中读取度量信息,通过总线25向网络接口23发送度量信息,网络接口23通过BGP连接向用于作为RA服务器的网元设备发送度量信息。用于作为RA服务器的网元设备将度量信息与远程证明基线文件进行对比,得到远程证明结果。For the case where the second network element device 12 can support the RA process, the structure of the second network element device 12 may refer to FIG. 2 . In Fig. 2, comprise processor 21, memory 22, network interface 23, safety hardware 24 and bus 25, processor 21, memory 22, network interface 23 and safety hardware 24 are connected with bus 25 respectively, operating system, service software and RA The client is stored in the memory 22 in the form of program code. Wherein, the processor 21 reads the program code from the memory 22, so that the operating system can run, and the service software and the RA client can run in the operating system. The security hardware 24 acquires and stores the metric information of the second network element device from the processor 21 through the bus 25, and the metric information includes information generated by components of the second network element device 12 during the operation of the service software, such as a single board. In the RA process, the RA client reads the measurement information from the security hardware 24 through the bus 25, and sends the measurement information to the network interface 23 through the bus 25, and the network interface 23 sends the measurement to the network element device used as the RA server through the BGP connection information. The network element device used as the RA server compares the measurement information with the remote attestation baseline file to obtain the remote attestation result.
在一些实施方式中,上述安全硬件包括安全芯片,安全芯片例如为可信平台模块(trusted platform module,TPM)芯片,TPM芯片为符合TPM要求的安全硬件。TPM是一项安全密码处理器(secure crypto processor)的国际标准,TPM要求包括但不限于:使用安全硬件执行与密钥有关的功能,与密钥有关的功能包括上述RA。此外,与密钥有关的功能还可以包括生成密钥、生成随机数和密钥存储等,此处不加以限定。示例性地,TPM芯片包括(platform configuration register,PCR),TPM芯片将第二网元设备的度量信息存储于PCR中,存储于PCR中的第二网元设备的度量信息又称PCR值。In some implementation manners, the above-mentioned security hardware includes a security chip, for example, the security chip is a trusted platform module (trusted platform module, TPM) chip, and the TPM chip is security hardware that meets the requirements of the TPM. TPM is an international standard for secure crypto processors. TPM requirements include but are not limited to: use secure hardware to perform key-related functions, and key-related functions include the above-mentioned RA. In addition, functions related to keys may also include key generation, random number generation, key storage, etc., which are not limited here. Exemplarily, the TPM chip includes a (platform configuration register, PCR), and the TPM chip stores the metric information of the second network element device in the PCR, and the metric information of the second network element device stored in the PCR is also called a PCR value.
另外,对于第二网元设备12不能够支持RA过程的情况,第二网元设备12中则不包括图2所示的RA客户端和安全硬件,此处不再进行赘述。In addition, for the case that the second network element device 12 cannot support the RA process, the second network element device 12 does not include the RA client and the security hardware shown in FIG. 2 , which will not be repeated here.
基于上述图1所示的实施环境,本申请实施例提供了一种远程证明的应用方法,该方法应用于上述说明中的第一网元设备。如图3所示,该方法包括如下的步骤301和302。Based on the implementation environment shown in FIG. 1 above, the embodiment of the present application provides a remote attestation application method, which is applied to the first network element device in the above description. As shown in FIG. 3 , the method includes the following steps 301 and 302 .
301,第一网元设备获取第二网元设备对应的远程证明结果,远程证明结果用于指示第二网元设备的可信状态,第二网元设备的可信状态包括可信、不可信或者状态未知。301. The first network element device obtains a remote attestation result corresponding to the second network element device. The remote attestation result is used to indicate the trusted state of the second network element device. The trusted state of the second network element device includes trusted and untrusted Or the status is unknown.
其中,第一网元设备获取的第二网元设备对应的远程证明结果,由第二网元设备参与远程证明过程得到。该远程证明结果所指示的第二网元设备的可信状态包括:第二网元设备可信(又称远程证明结果正确)、第二网元设备不可信(又称远程证明结果错误)或者第二网元设备状态未知(又称远程证明结果为空)。这三种可信状态的可信程度由高到低依次为:第二网元设备可信、第二网元设备状态未知、第二网元设备不可信。Wherein, the remote attestation result corresponding to the second network element device acquired by the first network element device is obtained by the second network element device participating in the remote attestation process. The trusted state of the second network element device indicated by the remote attestation result includes: the second network element device is trusted (also known as the remote attestation result is correct), the second network element device is not trusted (also known as the remote attestation result is wrong), or The device status of the second network element is unknown (also known as the remote attestation result is empty). The trust levels of the three trusted states are, from high to low, as follows: the second network element device is trusted, the state of the second network element device is unknown, and the second network element device is untrusted.
在示例性实施例中,第一网元设备获取第二网元设备对应的远程证明结果,包括:第一网元设备读取远程证明结果获取命令,远程证明结果获取命令用于指示远程证明结果的获取路径。第一网元设备按照远程证明结果获取命令所指示的获取路径获取远程证明结果。需要说明的是,无论第一网元设备从本地获取该远程证明结果,还是从除本地之外的网元设备获取该远程证明结果,第一网元设备均需要读取该远程证明结果获取命令。示例性地,该远程证明结果获取命令所指示的远程证明结果的获取路径包括但不限于:本地或者除本地之外的网元设备中的文件、配置项等等,本申请实施例不对远程证明结果的获取路径加以限定。In an exemplary embodiment, the acquisition of the remote certification result corresponding to the second network element device by the first network element device includes: the first network element device reads the remote certification result acquisition command, and the remote certification result acquisition command is used to indicate the remote certification result The acquisition path. The first network element device acquires the remote attestation result according to the acquisition path indicated by the remote attestation result acquisition command. It should be noted that no matter whether the first network element device acquires the remote certification result locally or from a network element device other than the local network element device, the first network element device needs to read the remote certification result acquisition command . Exemplarily, the remote certification result acquisition path indicated by the remote certification result acquisition command includes, but is not limited to: files, configuration items, etc. in the local or other network element devices. The path to obtain the result is restricted.
302,第一网元设备基于远程证明结果所指示的第二网元设备的可信状态,对第二网元设备进行路由管理。302. The first network element device performs routing management on the second network element device based on the trusted state of the second network element device indicated by the remote attestation result.
其中,本申请实施例在获取远程证明结果之后,将远程证明结果应用至第二网元设备的管理过程中,使得该远程证明结果能够反映在第二网元设备的网络功能(例如,路由功能)上。并且,由于该远程证明结果用于指示第二网元设备的可信状态,因而应用该远程证明结果对第二网元设备进行管理,提高了管理的可靠性,从而保证了包含该第二网元设备的网络架构的安全性,以及基于第二网元设备进行通信的安全性。Wherein, in the embodiment of the present application, after obtaining the remote attestation result, the remote attestation result is applied to the management process of the second network element device, so that the remote attestation result can be reflected in the network function (for example, routing function) of the second network element device. )superior. Moreover, since the remote attestation result is used to indicate the trusted state of the second network element device, the remote attestation result is used to manage the second network element device, which improves the reliability of management, thereby ensuring that the second network element device includes The security of the network architecture of the element device, and the security of communication based on the second network element device.
参见图4,图4示出了相关技术中应用远程证明结果的示意图。其中,RA服务器得到RA结果之后,将RA结果发送至网络管理设备(简称网管),则网管处的用户能够浏览到RA结果。 之后,网管处的用户根据浏览到的RA结果对RA客户端进行人为干涉。由于相关技术需要人为干涉,因而没有充分利用远程证明结果所指示的可信状态,可靠性不高。并且,相关技术应用远程证明结果的过程不能及时反映在第二网元设备的网络功能上。基于上文对于本申请实施例的说明可知,本申请实施例能够改善相关技术所存在的问题。接下来,继续对本申请实施例提供的对第二网元设备进行路由管理的过程进行举例说明。Referring to FIG. 4 , FIG. 4 shows a schematic diagram of the result of applying remote attestation in the related art. Wherein, after the RA server obtains the RA result, it sends the RA result to the network management device (referred to as the network management device), and the user at the network management device can browse the RA result. Afterwards, the user at the network management office manually interferes with the RA client according to the browsed RA results. Because the related technology requires human intervention, it does not make full use of the trusted state indicated by the remote attestation result, and the reliability is not high. Moreover, the process of applying the remote attestation result in the related art cannot be reflected in the network function of the second network element device in time. Based on the above description of the embodiments of the present application, it can be seen that the embodiments of the present application can improve the problems existing in the related technologies. Next, continue to illustrate the process of routing management for the second network element device provided by the embodiment of the present application.
在示例性实施例中,第一网元设备基于远程证明结果所指示的第二网元设备的可信状态,对第二网元设备进行路由管理,包括:第一网元设备获取第二网元设备对应的路由信息。第一网元设备基于第二网元设备的可信状态,按照已配置的规则对第二网元设备对应的路由信息进行管理。In an exemplary embodiment, the first network element device performs route management on the second network element device based on the trusted state of the second network element device indicated by the remote attestation result, including: the first network element device obtains the second network element device Routing information corresponding to the meta-device. Based on the trusted state of the second network element device, the first network element device manages the routing information corresponding to the second network element device according to configured rules.
其中,第一网元设备通过按照已配置的规则管理第二网元设备对应的路由信息,从而实现对第二网元设备的路由管理。示例性地,已配置的规则为BGP全局下的规则或者BGP地址族下的规则。BGP全局下的规则对所有BGP地址族均生效,BGP地址族下的规则仅对部分指定的BGP地址族生效,本申请实施例不对已配置的规则的生效范围加以限定。Wherein, the first network element device manages the routing information corresponding to the second network element device according to configured rules, so as to implement routing management for the second network element device. Exemplarily, the configured rules are rules under BGP global or rules under BGP address family. The rules under BGP global are effective for all BGP address families, and the rules under BGP address families are only effective for some specified BGP address families. This embodiment of this application does not limit the effective scope of the configured rules.
在示例性实施例中,已配置的规则包括路由管理策略或者可执行代码,可执行代码例如为脚本,本申请实施例不对可执行代码加以限定。其中,按照路由管理策略进行管理的过程较为灵活,不过配置路由管理策略的工作量较大。按照可执行代码进行管理的过程不够灵活,但配置可执行代码的工作量较小。在已配置的规则不同的情况下,对第二网元设备对应的路由信息进行管理的方式也不同,以下分别进行说明。In an exemplary embodiment, the configured rules include routing management policies or executable codes. The executable codes are, for example, scripts. The embodiments of the present application do not limit the executable codes. Among them, the process of managing according to the routing management policy is more flexible, but the workload of configuring the routing management policy is relatively large. The process of managing by executable code is less flexible, but the effort to configure executable code is less. In the case of different configured rules, the manner of managing the routing information corresponding to the second network element device is also different, which will be described respectively below.
第一种管理方式,已配置的规则包括路由管理策略。第一网元设备基于第二网元设备的可信状态,按照已配置的规则对第二网元设备对应的路由信息进行管理,包括:第一网元设备从路由管理策略中确定与第二网元设备的可信状态相匹配的目标策略。第一网元设备按照目标策略对第二网元设备对应的路由信息进行管理。In the first management mode, the configured rules include routing management policies. Based on the trusted state of the second network element device, the first network element device manages the routing information corresponding to the second network element device according to the configured rules, including: the first network element device determines from the routing management policy The target policy that matches the trusted state of the network element device. The first network element device manages the routing information corresponding to the second network element device according to the target policy.
在第一网元设备中,路由管理策略包括第二网元设备的各个可信状态分别对应的策略。由于第二网元设备的可信状态包括可信、不可信或者状态未知,因而路由管理策略包括第二网元设备可信对应的策略、第二网元设备不可信对应的策略和第二网元设备状态未知对应的策略。第一网元设备基于第二网元设备的可信状态,可以从路由管理策略中确定与第二网元设备的可信状态相匹配的目标策略,从而按照目标策略管理第二网元设备对应的路由信息。In the first network element device, the routing management policy includes policies respectively corresponding to the trusted states of the second network element device. Since the trusted state of the second network element device includes trusted, untrusted, or unknown status, the routing management policy includes the policy corresponding to the trusted second network element device, the policy corresponding to the untrusted second network element device, and the second network element device. Metadevice state unknown corresponding policy. Based on the trusted state of the second network element device, the first network element device can determine the target policy that matches the trusted state of the second network element device from the routing management policy, so as to manage the second network element device according to the target policy routing information.
在示例性实施例中,第二网元设备对应的路由信息包括第一路由信息、第二路由信息、第三路由信息和第四路由信息中的至少一种信息。其中,第一路由信息是第二网元设备需要发布的路由信息,也就是说,第二网元设备还未向其他网元设备发布过该第一路由信息,当前或之后需要向其他网元设备发布该第一路由信息。第二路由信息是第二网元设备已发布的路由信息,第二网元设备之前已经向其他网元设备发布过该第二路由信息。第三路由信息是第二网元设备需要接收的路由信息,该第三路由信息为其他网元设备还未向第二网元设备发布过、当前或之后需要向第二网元设备发布的路由信息。第四路由信息是第二网元设备已接收的路由信息,也就是说,其他网元设备之前已经向第二网元设备发布过该第四路由信息。In an exemplary embodiment, the routing information corresponding to the second network element device includes at least one of first routing information, second routing information, third routing information, and fourth routing information. Wherein, the first routing information is the routing information that the second network element device needs to publish, that is to say, the second network element device has not released the first routing information to other network element devices, and needs to send the first routing information to other network element devices currently or in the future. The device publishes the first routing information. The second routing information is routing information published by the second network element device, and the second network element device has previously released the second routing information to other network element devices. The third routing information is the routing information that the second network element device needs to receive. The third routing information is the route that other network element devices have not released to the second network element device, and need to be released to the second network element device at present or in the future. information. The fourth routing information is routing information that has been received by the second network element device, that is, other network element devices have released the fourth routing information to the second network element device before.
在一些实施方式中,第一网元设备具有RR功能,则第一网元设备获取第二网元设备对应的路由信息,包括:第一网元设备接收第二网元设备和其他网元设备发送的路由信息,从接收的路由信息中得到第二网元设备对应的路由信息。在另一些实施方式中,第二网元设备不具有RR功能,则第一网元设备获取第二网元设备对应的路由信息,包括:第一网元设备从具 有RR功能的网元设备获取第二网元设备对应的路由信息,或者,第一网元设备从第二网元设备和其他网元设备分别获取路由信息,从获取的路由信息中得到第二网元设备对应的路由信息。本申请实施例不对第二网元设备对应的路由信息的获取方式加以限定。In some implementations, the first network element device has the RR function, and the first network element device obtains the routing information corresponding to the second network element device, including: the first network element device receives the second network element device and other network element devices The sent routing information is used to obtain the routing information corresponding to the second network element device from the received routing information. In other embodiments, the second network element device does not have the RR function, and the first network element device obtains the routing information corresponding to the second network element device, including: the first network element device obtains from the network element device with the RR function The routing information corresponding to the second network element device, or the first network element device obtains the routing information from the second network element device and other network element devices respectively, and obtains the routing information corresponding to the second network element device from the obtained routing information. The embodiment of the present application does not limit the manner of obtaining the routing information corresponding to the second network element device.
基于上述第二网元设备对应的路由信息,目标策略包括第一路由信息对应的策略、第二路由信息对应的策略、第三路由信息对应的策略和第四路由信息对应的策略中的至少一种策略。在第二网元设备的可信状态不同的情况下,目标策略也不同。通过情况A1-A3对三种可信状态对应的目标策略分别进行举例说明。Based on the routing information corresponding to the second network element device, the target policy includes at least one of a policy corresponding to the first routing information, a policy corresponding to the second routing information, a policy corresponding to the third routing information, and a policy corresponding to the fourth routing information. strategy. In the case that the trusted status of the second network element device is different, the target policy is also different. Through cases A1-A3, the target policies corresponding to the three trusted states are illustrated respectively.
情况A1,第二网元设备的可信状态为第二网元设备可信。In case A1, the trusted status of the second network element device is that the second network element device is trusted.
参见图5,由于情况A1中第二网元设备可信,因而第二网元设备可以正常收发第二网元设备对应的路由信息。在情况A1中,目标策略中包括的各个策略参见如下的情况A11-A14。Referring to FIG. 5 , since the second network element device is trusted in case A1, the second network element device can normally send and receive routing information corresponding to the second network element device. In case A1, each policy included in the target policy refers to the following cases A11-A14.
情况A11,第一路由信息对应的策略用于指示发布第一路由信息。In case A11, the policy corresponding to the first routing information is used to instruct publishing the first routing information.
由于第二网元设备可信,因而第二网元设备需要发布的第一路由信息可以发布给其他网元设备。在一些实施方式中,第一网元设备具有RR功能,则第二网元设备会向第一网元设备发送该第一路由信息。示例性地,第一网元设备按照目标策略对第二网元设备对应的路由信息进行管理,包括:第一网元设备接收第一路由信息,按照第一路由信息对应的策略向其他网元设备发送携带该第一路由信息的BGP报文,以发布该第一路由信息。在另一些实施方式中,第一网元设备不具有RR功能,则第一网元设备向具有RR功能的网元设备发送指令,以使得具有RR功能的网元设备向其他网元设备发送上述携带第一路由信息的BGP报文。Since the second network element device is trusted, the first routing information that needs to be published by the second network element device can be published to other network element devices. In some implementation manners, the first network element device has an RR function, and the second network element device sends the first routing information to the first network element device. Exemplarily, the first network element device manages the routing information corresponding to the second network element device according to the target policy, including: the first network element device receives the first routing information, and sends other network element devices according to the policy corresponding to the first routing information The device sends a BGP message carrying the first routing information to advertise the first routing information. In other embodiments, the first network element device does not have the RR function, and the first network element device sends an instruction to the network element device with the RR function, so that the network element device with the RR function sends the above-mentioned A BGP message carrying the first routing information.
参见图6,图6示出了一种用于进行路由发布的BGP报文,该BGP报文的报文类型为更新(update)类型,该BGP报文包括BGP报文头和报文内容。BGP报文头包括标记(marker)字段、长度(length)字段和类型值字段,标记字段用于进行BGP认证,长度字段用于指示BGP报文的总长度,即BGP报文头的长度与报文内容的长度之和,类型值字段用于区分不同的报文类型。其中,类型值字段的取值为2,用于指示报文类型为更新类型。报文内容包括总路径属性长度(total path attribute length)字段、路径属性(path attributes)字段和网络层可达信息(network layer reachability information,NLRI)字段。总路径属性长度字段用于指示路径属性字段的长度与NLRI的长度之和,NLRI字段用于携带需要发布的路由信息,路径属性字段用于携带NLRI字段所携带的路由信息的BGP属性,BGP属性可根据实际情况进行设置。Referring to FIG. 6, FIG. 6 shows a BGP message for routing advertisement, the message type of the BGP message is an update type, and the BGP message includes a BGP message header and message content. The BGP message header includes a marker field, a length field, and a type value field. The marker field is used for BGP authentication, and the length field is used to indicate the total length of the BGP message, that is, the length of the BGP message header is the same as that of the message. The sum of the length of the message content, and the type value field is used to distinguish different message types. Wherein, the value of the type value field is 2, which is used to indicate that the message type is an update type. The message content includes a total path attribute length (total path attribute length) field, a path attributes (path attributes) field, and a network layer reachability information (network layer reachability information, NLRI) field. The total path attribute length field is used to indicate the sum of the length of the path attribute field and the length of the NLRI field. The NLRI field is used to carry the routing information to be advertised. The path attribute field is used to carry the BGP attribute of the routing information carried by the NLRI field. The BGP attribute It can be set according to the actual situation.
在图6示出的报文结构的基础上,通过NLRI字段携带第一路由信息,即可得到携带第一路由信息的BGP报文。On the basis of the packet structure shown in FIG. 6 , by carrying the first routing information in the NLRI field, a BGP packet carrying the first routing information can be obtained.
情况A12,第二路由信息对应的策略用于指示维持第二路由信息。In case A12, the policy corresponding to the second routing information is used to indicate to maintain the second routing information.
由于第二网元设备可信,因而其他网元设备可以继续使用第二网元设备已发布的第二路由信息。示例性地,由于该第二路由信息已发布,因而第一网元设备无需进行操作,即可维持该第二路由信息。Since the second network element device is trustworthy, other network element devices can continue to use the second routing information that has been released by the second network element device. Exemplarily, since the second routing information has already been released, the first network element device can maintain the second routing information without any operation.
情况A13,第三路由信息对应的策略用于指示向第二网元设备发布第三路由信息。In case A13, the policy corresponding to the third routing information is used to instruct publishing the third routing information to the second network element device.
由于第二网元设备可信,因而其他网元设备需要发布的第三路由信息可以发布给第二网元设备。在一些实施方式中,第一网元设备具有RR功能,则其他网元设备会向第一网元设备发送该第三路由信息。示例性地,第一网元设备按照目标策略对第二网元设备对应的路由信息进行管理,包括:第一网元设备接收第三路由信息,按照第三路由信息对应的策略向第二网元设备发送携带第三路由信息的BGP报文,以发布该第三路由信息。在另一些实施方式中, 第一网元设备不具有RR功能,则第一网元设备向具有RR功能的网元设备发送指令,以使得具有RR功能的网元设备向第二网元设备发送上述携带第三路由信息的BGP报文。Since the second network element device is trusted, the third routing information that other network element devices need to publish can be published to the second network element device. In some implementation manners, the first network element device has an RR function, and then other network element devices will send the third routing information to the first network element device. Exemplarily, the first network element device manages the routing information corresponding to the second network element device according to the target policy, including: the first network element device receives the third routing information, sends the second network element device The meta-device sends a BGP message carrying the third routing information to advertise the third routing information. In some other embodiments, the first network element device does not have the RR function, then the first network element device sends an instruction to the network element device with the RR function, so that the network element device with the RR function sends an instruction to the second network element device The aforementioned BGP message carrying the third routing information.
其中,如图6所示,通过图6所示的NLRI字段携带第三路由信息,即可得到携带第三路由信息的BGP报文。Wherein, as shown in FIG. 6 , by carrying the third routing information in the NLRI field shown in FIG. 6 , a BGP message carrying the third routing information can be obtained.
情况A14,第四路由信息对应的策略用于指示维持第四路由信息。In case A14, the policy corresponding to the fourth routing information is used to indicate to maintain the fourth routing information.
由于第二网元设备可信,因而第二网元设备可以继续使用其他网元设备已发布的第四路由信息。示例性地,由于该第四路由信息已发布,因而第一网元设备无需进行操作,即可维持该第四路由信息。Since the second network element device is trusted, the second network element device can continue to use the fourth routing information published by other network element devices. Exemplarily, since the fourth routing information has already been released, the first network element device can maintain the fourth routing information without any operation.
情况A2,第二网元设备的可信状态为第二网元设备不可信。In case A2, the trusted state of the second network element device is that the second network element device is not trusted.
参见图5,由于情况A2中第二网元设备不可信,因而第二网元设备不收发第二网元设备对应的路由信息。在情况A2中,目标策略中包括的各个策略参见如下的情况A21-A24。Referring to FIG. 5 , since the second network element device is not trusted in case A2, the second network element device does not send or receive routing information corresponding to the second network element device. In case A2, each policy included in the target policy refers to the following cases A21-A24.
情况A21,第一路由信息对应的策略用于指示不发布第一路由信息。In case A21, the policy corresponding to the first routing information is used to indicate not to publish the first routing information.
由于第二网元设备不可信,因而第二网元设备需要发布的第一路由信息不可以发布给其他网元设备。在一些实施方式中,第一网元设备具有RR功能,则第二网元设备会向第一网元设备发送该第一路由信息。示例性地,第一网元设备按照目标策略对第二网元设备对应的路由信息进行管理,包括:第一网元设备不接收该第一路由信息,或者,第一网元设备接收该第一路由信息并丢弃,又或者,第一网元设备接收并存储该第一路由信息,但不发布该第一路由信息。总之,第一网元设备不会向其他网元设备发布该第一路由信息。在另一些实施方式中,第一网元设备不具有RR功能,则第一网元设备向具有RR功能的网元设备发送指令,以使得具有RR功能的网元设备不向其他网元设备发布该第一路由信息。Since the second network element device is untrustworthy, the first routing information that needs to be published by the second network element device cannot be published to other network element devices. In some implementation manners, the first network element device has an RR function, and the second network element device sends the first routing information to the first network element device. Exemplarily, the first network element device manages the routing information corresponding to the second network element device according to the target policy, including: the first network element device does not receive the first routing information, or the first network element device receives the first network element device The first routing information is discarded, or the first network element device receives and stores the first routing information, but does not publish the first routing information. In a word, the first network element device will not publish the first routing information to other network element devices. In some other embodiments, the first network element device does not have the RR function, and the first network element device sends an instruction to the network element device with the RR function, so that the network element device with the RR function does not issue an instruction to other network element devices. The first routing information.
情况A22,第二路由信息对应的策略用于指示撤销第二路由信息。In case A22, the policy corresponding to the second routing information is used to indicate to revoke the second routing information.
由于第二网元设备不可信,因而其他网元设备不可以继续使用第二网元设备已发布的第二路由信息。在一些实施方式中,第一网元设备具有RR功能,因而该第二路由信息是第一网元设备从第二网元设备接收并发布给其他网元设备的。示例性地,第一网元设备按照目标策略对第二网元设备对应的路由信息进行管理,包括:第一网元设备按照第二路由信息对应的策略向其他网元设备发送携带第二路由信息的BGP报文,以撤销该第二路由信息。在另一些实施方式中,第一网元设备不具有RR功能,则第一网元设备向具有RR功能的网元设备发送指令,以使得具有RR功能的网元设备向其他网元设备发送携带第二路由信息的BGP报文。Since the second network element device is untrustworthy, other network element devices cannot continue to use the second routing information published by the second network element device. In some implementation manners, the first network element device has an RR function, so the second routing information is received by the first network element device from the second network element device and released to other network element devices. Exemplarily, the first network element device manages the routing information corresponding to the second network element device according to the target policy, including: the first network element device sends the second routing information to other network element devices according to the policy corresponding to the second routing information The BGP message of the information is used to revoke the second routing information. In some other implementation manners, the first network element device does not have the RR function, then the first network element device sends an instruction to the network element device with the RR function, so that the network element device with the RR function sends the carrying A BGP packet of the second routing information.
参见图7,图7示出了一种用于进行路由撤销的BGP报文,该BGP报文的报文类型为更新类型,该BGP报文包括BGP报文头和报文内容,BGP报文头参见上文情况A11中图6对应的说明,此处不再进行赘述。在报文内容中,包括撤销路由长度(withdrawn routes length)字段和撤销路由(withdrawn routes)字段,撤销路由长度字段用于指示撤销路由字段的长度,撤销路由字段用于携带需要撤销的路由信息。Referring to Fig. 7, Fig. 7 shows a kind of BGP message that is used to carry out routing withdrawal, the message type of this BGP message is update type, and this BGP message includes BGP message head and message content, BGP message For details, refer to the description corresponding to Figure 6 in the above case A11, and details will not be repeated here. In the message content, include withdrawn routes length (withdrawn routes length) field and withdrawn routes (withdrawn routes) field, the withdrawn route length field is used to indicate the length of the withdrawn route field, and the withdrawn route field is used to carry the routing information that needs to be withdrawn.
在图7示出的报文结构的基础上,通过撤销路由字段携带第二路由信息,即可得到上述携带第二路由信息的BGP报文。On the basis of the packet structure shown in FIG. 7 , by canceling the routing field carrying the second routing information, the above-mentioned BGP packet carrying the second routing information can be obtained.
情况A23,第三路由信息对应的策略用于指示不向第二网元设备发布第三路由信息。In case A23, the policy corresponding to the third routing information is used to indicate not to publish the third routing information to the second network element device.
由于第二网元设备不可信,因而其他网元设备需要发布的第三路由信息不可以发布给第二网元设备。在一些实施方式中,第一网元设备具有RR功能,则其他网元设备会向第一网元设备发送该第三路由信息。示例性地,第一网元设备按照目标策略对第二网元设备对应的路 由信息进行管理,包括:第一网元设备不接收该第三路由信息,或者,第一网元设备接收该第三路由信息并丢弃,又或者,第一网元设备接收该第三路由信息,且第一网元设备向除第二网元设备之外的网元设备发布该第三路由信息。总之,第一网元设备不会向第二网元设备发布该第三路由信息。在另一些实施方式中,第一网元设备不具有RR功能,则第一网元设备向具有RR功能的网元设备发送指令,使得具有RR功能的网元设备不向第二网元设备发布第三路由信息。Since the second network element device is untrustworthy, the third routing information that needs to be published by other network element devices cannot be published to the second network element device. In some implementation manners, the first network element device has an RR function, and then other network element devices will send the third routing information to the first network element device. Exemplarily, the first network element device manages the routing information corresponding to the second network element device according to the target policy, including: the first network element device does not receive the third routing information, or the first network element device receives the third routing information The third routing information is discarded, or, the first network element device receives the third routing information, and the first network element device publishes the third routing information to network element devices other than the second network element device. In short, the first network element device will not publish the third routing information to the second network element device. In some other implementation manners, the first network element device does not have the RR function, then the first network element device sends an instruction to the network element device with the RR function, so that the network element device with the RR function does not issue an instruction to the second network element device Third routing information.
情况A24,第四路由信息对应的策略用于指示撤销第四路由信息。In case A24, the policy corresponding to the fourth routing information is used to indicate to revoke the fourth routing information.
由于第二网元设备不可信,因而第二网元设备不可以继续使用其他网元设备已发布的第四路由信息。在一些实施方式中,第一网元设备具有RR功能,因而该第四路由信息是第一网元设备从其他网元设备接收并发布给第二网元设备的。示例性地,第一网元设备按照目标策略对第二网元设备对应的路由信息进行管理,包括:第一网元设备按照第四路由信息对应的策略向第二网元设备发送携带第四路由信息的BGP报文,以撤销该第四路由信息。在另一些实施方式中,第一网元设备不具有RR功能,则第一网元设备向具有RR功能的网元设备发送指令,以使得具有RR功能的网元设备向第二网元设备发送携带第四路由信息的BGP报文。Since the second network element device is untrustworthy, the second network element device cannot continue to use the fourth routing information published by other network element devices. In some implementation manners, the first network element device has an RR function, so the fourth routing information is received by the first network element device from other network element devices and published to the second network element device. Exemplarily, the first network element device manages the routing information corresponding to the second network element device according to the target policy, including: the first network element device sends to the second network element device carrying the fourth A BGP packet of routing information, so as to revoke the fourth routing information. In some other implementation manners, the first network element device does not have the RR function, then the first network element device sends an instruction to the network element device with the RR function, so that the network element device with the RR function sends an instruction to the second network element device A BGP packet carrying fourth routing information.
其中,如图7所示,通过图7中的撤销路由字段携带第四路由信息,即可得到携带第四路由信息的BGP报文。Wherein, as shown in FIG. 7 , by carrying the fourth routing information in the withdraw route field in FIG. 7 , a BGP message carrying the fourth routing information can be obtained.
情况A3,第二网元设备的可信状态为第二网元设备状态未知。In case A3, the trusted state of the second network element device is that the state of the second network element device is unknown.
参见图5,由于情况A3中第二网元设备状态未知,因而第二网元设备虽然可以收发第二网元设备对应的路由信息,但需要降低第二网元设备对应的路由信息的优先级。在情况A3中,目标策略中包括的各个策略参见如下的情况A31-A34。Referring to Fig. 5, since the status of the second network element device is unknown in case A3, although the second network element device can send and receive the routing information corresponding to the second network element device, it is necessary to lower the priority of the routing information corresponding to the second network element device . In case A3, each policy included in the target policy refers to the following cases A31-A34.
情况A31,第一路由信息对应的策略用于指示发布第一路由信息和第一优先级指标,第一优先级指标用于指示第一路由信息的优先级,第一路由信息的优先级低于缺省优先级。In case A31, the policy corresponding to the first routing information is used to instruct the release of the first routing information and the first priority indicator, the first priority indicator is used to indicate the priority of the first routing information, and the priority of the first routing information is lower than Default priority.
由于第二网元设备的状态未知,因而第二网元设备需要发布的第一路由信息可以发布给其他网元设备,但该第一路由信息的优先级需要低于缺省优先级,以避免其他网元设备优先选择该第一路由信息。因此,需要对用于指示第一路由信息的优先级的第一优先级指标和第一路由信息一并进行发布。其中,在不针对路由信息设置优先级指标的情况下,路由信息对应默认的优先级指标,该默认的优先级指标所指示的优先级即为缺省优先级,本申请实施例不对缺省优先级加以限定。Since the state of the second network element device is unknown, the first routing information that the second network element device needs to publish can be published to other network element devices, but the priority of the first routing information needs to be lower than the default priority to avoid Other network element devices preferentially select the first routing information. Therefore, the first priority index used to indicate the priority of the first routing information needs to be published together with the first routing information. Wherein, if no priority index is set for the routing information, the routing information corresponds to a default priority index, and the priority indicated by the default priority index is the default priority, and the embodiment of the present application does not set the default priority level is limited.
在一些实施方式中,第一网元设备具有RR功能,则第二网元设备会向第一网元设备发送第一路由信息。示例性地,第一网元设备按照目标策略对第二网元设备对应的路由信息进行管理,包括:第一网元设备接收第一路由信息,按照第一路由信息对应的策略向其他网元设备发送携带第一路由信息和第一优先级指标的BGP报文。在另一些实施方式中,第一网元设备不具有RR功能,则第一网元设备向具有RR功能的网元设备发送指令,以使得具有RR功能的网元设备向其他网元设备发送上述携带第一路由信息和第一优先级指标的BGP报文。In some implementation manners, the first network element device has an RR function, and the second network element device sends the first routing information to the first network element device. Exemplarily, the first network element device manages the routing information corresponding to the second network element device according to the target policy, including: the first network element device receives the first routing information, and sends other network element devices according to the policy corresponding to the first routing information The device sends a BGP packet carrying the first routing information and the first priority index. In other embodiments, the first network element device does not have the RR function, and the first network element device sends an instruction to the network element device with the RR function, so that the network element device with the RR function sends the above-mentioned A BGP message carrying the first routing information and the first priority index.
在示例性实施例中,该第一优先级指标是BGP属性。根据上文情况A11中图6对应的说明可知,图6中的NLRI字段用于携带需要发布的路由信息,路径属性字段用于携带NLRI字段所携带的路由信息的BGP属性。因此,本申请实施例通过该路径属性字段携带第一优先级指标,且通过NLRI字段携带第一路由信息,从而得到携带第一路由信息和第一优先级指标的BGP报文。其中,BGP属性的数量为多个,各个BGP属性的属性标识、属性名称、属 性含义和属性类型参见如下的表1。In an exemplary embodiment, the first priority indicator is a BGP attribute. According to the description corresponding to Figure 6 in case A11 above, it can be seen that the NLRI field in Figure 6 is used to carry the routing information to be advertised, and the path attribute field is used to carry the BGP attribute of the routing information carried in the NLRI field. Therefore, in the embodiment of the present application, the path attribute field carries the first priority index, and the NLRI field carries the first routing information, thereby obtaining a BGP message carrying the first routing information and the first priority index. Wherein, there are multiple BGP attributes, and the attribute identifier, attribute name, attribute meaning and attribute type of each BGP attribute are shown in Table 1 below.
表1Table 1
Figure PCTCN2022091015-appb-000001
Figure PCTCN2022091015-appb-000001
在表1中,与优先级相关的BGP属性包括local_pref和MED,因而本申请实施例中采用local_pref或者MED作为第一优先级指标。因此,需要通过上述图6所示的路径属性字段携带local_pref或者MED。在路径属性字段中,包括类型长度值(type length value,TLV)格式的属性类型(attribute type)字段、属性长度(attribute type)字段和属性值(attribute value)字段。其中,属性类型字段包括属性标记(attribute flags)字段和属性类型编号(attribute type code)字段,属性标记字段用于指示BGP属性的可选性、可传递性、局部性和属性长度字段是否需要扩展,属性标记字段可以基于上述表1中的属性类型进行设置,属性类型编号字段用于携带上述表1中的属性标识。属性长度字段用于指示属性值字段的长度。属性值字段用于携带与属性类型编号字段所携带的属性标识相对应的内容。例如,属性类型编码字段携带的属性标识为4,则第一优先级指标为local_pref,因而属性值字段携带local_pref的数值。又例如,属性类型编码字段携带的属性标识为5,则第一优先级指标为MED,因而属性值字段携带MED的数值。In Table 1, BGP attributes related to priority include local_pref and MED, so local_pref or MED is used as the first priority index in this embodiment of the application. Therefore, it is necessary to carry local_pref or MED through the path attribute field shown in FIG. 6 above. The path attribute field includes attribute type (attribute type) field, attribute length (attribute type) field and attribute value (attribute value) field in type length value (TLV) format. Among them, the attribute type field includes attribute flags (attribute flags) field and attribute type code (attribute type code) field, and the attribute flag field is used to indicate whether the optionality, transitivity, locality and attribute length fields of BGP attributes need to be extended , the attribute tag field can be set based on the attribute type in Table 1 above, and the attribute type number field is used to carry the attribute identifier in Table 1 above. The attribute length field is used to indicate the length of the attribute value field. The attribute value field is used to carry the content corresponding to the attribute identifier carried in the attribute type number field. For example, if the attribute identifier carried in the attribute type code field is 4, then the first priority index is local_pref, so the attribute value field carries the value of local_pref. For another example, if the attribute identifier carried in the attribute type code field is 5, then the first priority indicator is MED, so the attribute value field carries the value of MED.
需要说明的是,local_pref的数值越大,则local_pref所指示的优先级越高。在第一优先级指标为local_pref的情况下,由于第一优先级指标所指示的第一路由信息的优先级需要低于缺省优先级,因而第一优先级指标的数值需要小于local_pref的缺省值,该缺省值用于指示缺省优先级。例如,local_pref的缺省值为100,则第一优先级指标的数值为小于100的30、50、70等,本申请实施例不对第一优先级指标的数值加以限定。此外,MED的数值越小,则MED指示的优先级越高。在第一优先级指标为MED的情况下,由于第一优先级指标所指示的第一路由信息的优先级需要低于缺省优先级,因而第一优先级指标的数值需要大于MED的缺 省值,该缺省值用于指示缺省优先级。例如,MED的缺省值为0,第一优先级指标的数值为大于0的20、50、100等,本申请实施例不对MED的数值加以限定。并且,以上的local_pref和MED也均为举例,不构成对第一优先级指标的限制,本申请实施例也可以根据实际需要采用其他的第一优先级指标。It should be noted that, the larger the value of local_pref is, the higher the priority indicated by local_pref is. When the first priority indicator is local_pref, since the priority of the first routing information indicated by the first priority indicator needs to be lower than the default priority, the value of the first priority indicator needs to be smaller than the default value of local_pref value, which is the default value used to indicate the default priority. For example, if the default value of local_pref is 100, then the value of the first priority index is 30, 50, 70, etc. which are less than 100, and the embodiment of the present application does not limit the value of the first priority index. In addition, the smaller the numerical value of the MED, the higher the priority indicated by the MED. When the first priority index is MED, since the priority of the first routing information indicated by the first priority index needs to be lower than the default priority, the value of the first priority index needs to be greater than the default value of MED. value, which is the default value used to indicate the default priority. For example, the default value of the MED is 0, and the value of the first priority index is 20, 50, 100, etc. that are greater than 0. The embodiment of the present application does not limit the value of the MED. In addition, the above local_pref and MED are also examples, and do not constitute a limitation on the first priority index, and this embodiment of the present application may also adopt other first priority indexes according to actual needs.
参见图8,图8示出了路由信息的选择顺序的流程示意图。如果存在多个到达同一目的地址的路由信息,且下一跳可达,则开始按照图8所示的各个选路依据进行选路。选路过程中,在多个路由信息中优先选择协议首选值的数值大的路由信息。如果多个路由信息的协议首选值的数值相同,则在多个路由信息中优先选择local_pref的数值大的路由信息,也即是local_pref的数值小的路由信息不会被优先选择。如果多个路由信息的local_pref的数值也相同,且多个路由信息的local_pref和MED之间的各个选路依据(图8中已省略)均相同,则在多个路由信息中优先选择MED的数值小的路由信息,也即是MED的数值大的路由信息不会被优先选择。如果多个路由信息的MED的数值也相同,则继续使用MED之后的各个选路依据进行选路(图8中已省略),直至使用到对等体地址这一选路依据为止,结束选路过程。Referring to FIG. 8 , FIG. 8 shows a schematic flowchart of a selection sequence of routing information. If there are multiple routing information to the same destination address, and the next hop is reachable, start routing according to the routing criteria shown in FIG. 8 . During the route selection process, among multiple routing information, the routing information with a larger protocol preferred value is preferentially selected. If the protocol preference values of multiple routing information are the same, the routing information with a larger local_pref value is preferred among the multiple routing information, that is, the routing information with a smaller local_pref value will not be preferentially selected. If the value of local_pref of multiple routing information is also the same, and the route selection basis (omitted in Figure 8) between local_pref and MED of multiple routing information is the same, then the value of MED is preferentially selected among multiple routing information Small routing information, that is, routing information with a large MED value will not be preferentially selected. If the MED values of multiple routing information are also the same, then continue to use the various routing criteria after the MED for routing (omitted in Figure 8), until the routing criteria of the peer address is used, and the routing is ended process.
由此可见,本申请实施例中采用local_pref或者MED作为第一优先级指标,并在第二网元设备状态未知的情况下,通过设置第一优先级指标的数值使得第一路由信息的优先级低于缺省优先级,能够避免该第一路由信息被优先选择,从而避免流量优先通过状态未知的第二网元设备。It can be seen that in the embodiment of the present application, local_pref or MED is used as the first priority indicator, and when the status of the second network element equipment is unknown, the priority of the first routing information is set by setting the value of the first priority indicator. If the priority is lower than the default, the first routing information can be prevented from being preferentially selected, thereby preventing traffic from preferentially passing through the second network element device whose status is unknown.
情况A32,第二路由信息对应的策略用于指示发布第二路由信息和第二优先级指标,第二优先级指标用于指示本次发布的第二路由信息的优先级,本次发布的第二路由信息的优先级低于缺省优先级且低于上次发布的第二路由信息的优先级。In case A32, the strategy corresponding to the second routing information is used to indicate the release of the second routing information and the second priority indicator, the second priority indicator is used to indicate the priority of the second routing information released this time, and the second routing information released this time The priority of the second routing information is lower than the default priority and lower than the priority of the second routing information released last time.
由于第二网元设备的状态未知,因而其他网元设备可以继续使用第二网元设备已发布的第二路由信息。但是,本次需要降低该第二路由信息的优先级,以避免其他网元设备优先选择该第二路由信息。因此,本申请实施例发布第二路由信息和第二优先级指标,也即是重新发布第二路由信息,从而使得上次发布的第二路由信息的优先级降低为第二优先级指标所指示的优先级。另外,本次发布的第二路由信息的优先级还低于缺省优先级,申请实施例不对缺省优先级加以限定。Since the state of the second network element device is unknown, other network element devices may continue to use the second routing information published by the second network element device. However, the priority of the second routing information needs to be lowered this time, so as to prevent other network element devices from preferentially selecting the second routing information. Therefore, the embodiment of the present application releases the second routing information and the second priority index, that is, re-publishing the second routing information, so that the priority of the second routing information released last time is reduced to that indicated by the second priority index priority. In addition, the priority of the second routing information released this time is lower than the default priority, and the embodiment of the application does not limit the default priority.
需要说明的是,根据上文情况A22中的说明可知,在第二网元设备不可信时第一网元设备需要撤销第二路由信息,而不会发布第二路由信息。因此,上次发布第二路由信息时第二网元设备的可信状态不会包括第二网元设备不可信,而仅会包括第二网元设备可信或者第二网元设备状态未知。如果上次发布第二路由信息时第二网元设备可信,则说明本次发布时第二网元设备的可信程度相比于上次发布时有所降低,因此本次需要降低第二路由信息的优先级。如果上次发布第二路由信息时第二网元设备状态未知,则虽然本次发布时第二网元设备的可信程度与上次发布时相同,但第二网元设备状态未知这一情况已出现至少两次,因而本次同样需要降低第二网元设备的优先级。It should be noted that, according to the description in the above case A22, it can be seen that when the second network element device is untrustworthy, the first network element device needs to revoke the second routing information, and will not publish the second routing information. Therefore, the trusted state of the second network element device when the second routing information is released last time does not include that the second network element device is untrustworthy, but only includes that the second network element device is trusted or the state of the second network element device is unknown. If the second network element device is credible when the second routing information was released last time, it means that the second The priority of routing information. If the status of the second network element device was unknown when the second routing information was released last time, the status of the second network element device is unknown even though the reliability of the second network element device at the time of this release is the same as that at the time of the last release It has occurred at least twice, so the priority of the second network element device also needs to be lowered this time.
在一些实施方式中,第一网元设备具有RR功能,因而该第二路由信息是第一网元设备从第二网元设备接收并发布给其他网元设备的。示例性地,第一网元设备按照目标策略对第二网元设备对应的路由信息进行管理,包括:第一网元设备接收第二路由信息,按照第二路由信息对应的策略向其他网元设备发送携带第二路由信息和第二优先级指标的BGP报文。在另一些实施方式中,第一网元设备不具有RR功能,则第一网元设备向具有RR功能的网元设备发 送指令,以使得具有RR功能的网元设备向其他网元设备发送上述携带第二路由信息和第二优先级指标的BGP报文。In some implementation manners, the first network element device has an RR function, so the second routing information is received by the first network element device from the second network element device and released to other network element devices. Exemplarily, the first network element device manages the routing information corresponding to the second network element device according to the target policy, including: the first network element device receives the second routing information, and sends other network element devices according to the policy corresponding to the second routing information The device sends a BGP packet carrying the second routing information and the second priority indicator. In other embodiments, the first network element device does not have the RR function, and the first network element device sends an instruction to the network element device with the RR function, so that the network element device with the RR function sends the above-mentioned A BGP message carrying the second routing information and the second priority index.
在示例性实施例中,第二优先级指标为BGP属性,第二优先级指标包括local_pref或者MED。local_pref的数值越大,则local_pref所指示的优先级越高。MED的数值越小,则MED指示的优先级越高。示例性地,第二优先级指标所指示的优先级为最低优先级,则在第二优先级指标包括local_pref的情况下,第二优先级指标的数值为local_pref的最小值,而在第二优先级指标包括MED的情况下,第二优先级指标的数值为MED的最大值。本申请实施例不对local_pref的最小值和MED的最大值进行限定。另外,本申请实施例通过图6所示的路径属性字段携带第二优先级指标,通过NLRI字段携带第二路由信息,从而得到携带第二路由信息和第二优先级指标的BGP报文。其中,携带第二路由信息和第二优先级指标的BGP报文参见上文情况A31中对于携带第一路由信息和第一优先级指标的BGP报文的说明,此处不再进行赘述。In an exemplary embodiment, the second priority indicator is a BGP attribute, and the second priority indicator includes local_pref or MED. The larger the value of local_pref, the higher the priority indicated by local_pref. The smaller the value of the MED, the higher the priority indicated by the MED. Exemplarily, the priority indicated by the second priority index is the lowest priority, then when the second priority index includes local_pref, the value of the second priority index is the minimum value of local_pref, and in the second priority In the case where the first priority index includes MED, the value of the second priority index is the maximum value of MED. The embodiment of this application does not limit the minimum value of local_pref and the maximum value of MED. In addition, in the embodiment of the present application, the path attribute field shown in FIG. 6 is used to carry the second priority index, and the NLRI field is used to carry the second routing information, thereby obtaining a BGP message carrying the second routing information and the second priority index. Wherein, for the BGP message carrying the second routing information and the second priority index, refer to the description of the BGP message carrying the first routing information and the first priority index in the above case A31, which will not be repeated here.
情况A33,第三路由信息对应的策略用于指示向第二网元设备发布第三路由信息。In case A33, the policy corresponding to the third routing information is used to instruct publishing the third routing information to the second network element device.
情况A33参见上文情况A13中的说明,此处不再进行赘述。For case A33, refer to the description in case A13 above, and details will not be repeated here.
情况A34,第四路由信息对应的策略用于指示维持第四路由信息。In case A34, the policy corresponding to the fourth routing information is used to indicate to maintain the fourth routing information.
情况A34参见上文情况A14中的说明,此处不再进行赘述。For case A34, refer to the description in case A14 above, and details will not be repeated here.
需要说明的是,第一种管理方式能够使得第二网元设备的可信程度越低,则流量通过第二网元设备的概率越低。根据步骤301中的说明可知,第二网元设备可信(即情况A1)、第二网元设备状态未知(即情况A3)、第二网元设备不可信(即情况A2)这三种情况的可信程度依次降低。在本申请实施例中,可信程度最高的情况A1可以正常收发路由信息,可信程度次高的情况A3收发路由信息且降低路由信息的优先级,可信程度最低的情况A2不收发路由信息。因此,选路过程中选择可信的第二网元设备的概率最大,选择状态未知的第二网元设备的概率次之,选择不可信的第二网元设备的概率最小。由此,实现了第二网元设备的可信程度越低,则流量通过第二网元设备的概率越低。It should be noted that, the first management manner can make the lower the trustworthiness of the second network element device, the lower the probability of traffic passing through the second network element device. According to the description in step 301, it can be known that the second network element device is trusted (i.e. case A1), the state of the second network element device is unknown (i.e. case A3), and the second network element device is untrustworthy (i.e. case A2). The degree of credibility decreases in turn. In this embodiment of the application, A1 with the highest degree of credibility can send and receive routing information normally, A3 with the second highest degree of credibility can send and receive routing information and lower the priority of routing information, and A2 with the lowest degree of credibility does not send and receive routing information . Therefore, in the route selection process, the probability of selecting a trusted second network element device is the largest, the probability of selecting a second network element device with an unknown state is the second, and the probability of selecting an untrusted second network element device is the smallest. Thus, it is realized that the lower the degree of trustworthiness of the second network element device is, the lower the probability of traffic passing through the second network element device is.
以上对第一种管理方式进行了说明,第一种管理方式对应于已配置的规则包括路由管理策略的情况。以下,对第二种管理方式进行说明,第二种管理方式对应于已配置的规则包括可执行代码的情况。The first management mode has been described above, and the first management mode corresponds to the case where the configured rules include routing management policies. Hereinafter, the second management mode will be described, and the second management mode corresponds to the case where the configured rules include executable codes.
第二种管理方式,已配置的规则包括可执行代码。可执行代码用于为第二网元设备对应的路由信息配置与第二网元设备的可信状态相匹配的优先级指标。第一网元设备基于第二网元设备的可信状态,按照已配置的规则对第二网元设备对应的路由信息进行管理,包括:第一网元设备通过运行可执行代码,为第二网元设备对应的路由信息配置第三优先级指标,其中,第三优先级指标是与第二网元设备的可信状态相匹配的优先级指标,第三优先级指标用于指示第二网元设备对应的路由信息的优先级。第一网元设备发布第二网元设备对应的路由信息和第三优先级指标。In the second management mode, configured rules include executable code. The executable code is used to configure the routing information corresponding to the second network element device with a priority indicator that matches the trusted status of the second network element device. Based on the trusted state of the second network element device, the first network element device manages the routing information corresponding to the second network element device according to the configured rules, including: The routing information corresponding to the network element device is configured with a third priority index, where the third priority index is a priority index that matches the trusted status of the second network element device, and the third priority index is used to indicate that the second network The priority of the routing information corresponding to the meta-device. The first network element device publishes the routing information and the third priority index corresponding to the second network element device.
其中,第一网元设备通过运行可执行代码,确定需要为第二网元设备对应的路由信息配置与第二网元设备的可信状态相匹配的优先级指标,即第三优先级指标,该第三优先级指标用于指示第二网元设备对应的路由信息的优先级。在一些实施方式中,第一网元设备具有RR功能,因而第二网元设备会向第一网元设备发送第二网元设备对应的路由信息。示例性地,第一网元设备发布第二网元设备对应的路由信息和第三优先级指标,包括:第一网元设备接收第二网元设备对应的路由信息,向其他网元设备发送携带第二网元设备对应的路由信息和 第三优先级指标的BGP报文。在另一些实施方式中,第一网元设备不具有RR功能,则第一网元设备向具有RR功能的网元设备发送指令,以使得具有RR功能的网元设备向其他网元设备发送携带第二网元设备对应的路由信息和第三优先级指标的BGP报文。Wherein, by running the executable code, the first network element device determines that a priority indicator that matches the trusted state of the second network element device needs to be configured for the routing information corresponding to the second network element device, that is, the third priority indicator, The third priority index is used to indicate the priority of the routing information corresponding to the second network element device. In some implementation manners, the first network element device has an RR function, and thus the second network element device sends routing information corresponding to the second network element device to the first network element device. Exemplarily, the first network element device publishes the routing information corresponding to the second network element device and the third priority indicator, including: the first network element device receives the routing information corresponding to the second network element device, and sends the routing information to other network element devices A BGP message carrying routing information corresponding to the second network element device and a third priority index. In some other implementation manners, the first network element device does not have the RR function, then the first network element device sends an instruction to the network element device with the RR function, so that the network element device with the RR function sends the carrying The routing information corresponding to the second network element device and the BGP packet of the third priority indicator.
示例性地,该第三优先级指标为BGP属性,第三优先级指标包括local_pref或者MED。local_pref的数值越大,则local_pref所指示的优先级越高。MED的数值越小,则MED指示的优先级越高。本申请实施例通过图6所示的路径属性字段携带第三优先级指标,通过NLRI字段携带第二网元设备对应的路由信息,从而得到携带第二网元设备对应的路由信息和第三优先级指标的BGP报文。其中,携带第二网元设备对应的路由信息和第三优先级指标的BGP报文参见上文情况A31中对于携带第一路由信息和第一优先级指标的BGP报文的说明,此处不再进行赘述。Exemplarily, the third priority index is a BGP attribute, and the third priority index includes local_pref or MED. The larger the value of local_pref, the higher the priority indicated by local_pref. The smaller the value of the MED, the higher the priority indicated by the MED. In this embodiment of the present application, the path attribute field shown in FIG. 6 is used to carry the third priority index, and the NLRI field is used to carry the routing information corresponding to the second network element device, so as to obtain the routing information corresponding to the second network element device and the third priority index. BGP packets with level indicators. Among them, for the BGP message carrying the routing information corresponding to the second network element device and the third priority indicator, please refer to the description of the BGP message carrying the first routing information and the first priority indicator in the above situation A31, which is not mentioned here. Let me repeat.
在示例性实施例中,第二网元设备对应的路由信息包括第一路由信息和第二路由信息中的至少一种信息,其中,第一路由信息是第二网元设备需要发布的路由信息,第二路由信息是第二网元设备已发布的路由信息。第一路由信息和第二路由信息参见上文第一种管理方式中的说明,此处不再进行赘述。在此基础上,第三优先级指标包括第一路由信息对应的优先级指标和第二路由信息对应的优先级指标中的至少一种指标,第一路由信息对应的优先级指标用于指示第一路由信息的优先级,第二路由信息对应的优先级指标用于指示第二路由信息的优先级。示例性地,在第二网元设备对应的路由信息包括第一路由信息和第二路由信息的情况下,上述携带第二网元设备对应的路由信息和第三优先级指标的BGP报文,包括:携带第一路由信息和第一路由信息对应的优先级指标的BGP报文,和,携带第二路由信息和第二路由对应的优先级指标的BGP报文。In an exemplary embodiment, the routing information corresponding to the second network element device includes at least one of the first routing information and the second routing information, where the first routing information is the routing information that the second network element device needs to publish , the second routing information is routing information published by the second network element device. For the first routing information and the second routing information, refer to the description in the first management method above, and details will not be repeated here. On this basis, the third priority index includes at least one of the priority index corresponding to the first routing information and the priority index corresponding to the second routing information, and the priority index corresponding to the first routing information is used to indicate the A priority of the routing information, the priority indicator corresponding to the second routing information is used to indicate the priority of the second routing information. Exemplarily, in the case where the routing information corresponding to the second network element device includes the first routing information and the second routing information, the BGP message carrying the routing information corresponding to the second network element device and the third priority indicator, It includes: a BGP message carrying the first routing information and a priority indicator corresponding to the first routing information, and a BGP message carrying the second routing information and the priority indicator corresponding to the second route.
需要说明的是,在第二网元设备的可信状态不同的情况下,第一路由信息的优先级和第二路由信息的优先级也不同。通过情况B1-B3对三种可信状态对应的第一路由信息的优先级和第二路由信息的优先级分别进行举例说明。It should be noted that, in the case that the trusted status of the second network element device is different, the priority of the first routing information and the priority of the second routing information are also different. The priorities of the first routing information and the priorities of the second routing information corresponding to the three trustworthy states are illustrated respectively through cases B1-B3.
情况B1,第二网元设备的可信状态为第二网元设备可信。第一路由信息的优先级和第二路由信息的优先级均不低于缺省优先级。In case B1, the trusted state of the second network element device is that the second network element device is trusted. Neither the priority of the first routing information nor the priority of the second routing information is lower than the default priority.
示例性地,第一路由信息的优先级指标和第二路由信息的优先级指标均为local_pref。由于local_pref的数值越大,local_pref所指示的优先级越高,因而第一路由信息的local_pref的数值和第二路由信息的local_pref的数值均不小于local_pref的缺省值,该缺省值用于指示缺省优先级,便能够使得第一路由信息的优先级和第二路由信息的优先级均不低于缺省优先级。比如,local_pref的缺省值为100,第一路由信息的local_pref的数值和第二路由信息的local_pref的数值均为200。Exemplarily, both the priority indicator of the first routing information and the priority indicator of the second routing information are local_pref. Since the value of local_pref is larger, the priority indicated by local_pref is higher, so the value of local_pref of the first routing information and the value of local_pref of the second routing information are not less than the default value of local_pref, which is used to indicate The default priority can make the priority of the first routing information and the priority of the second routing information not lower than the default priority. For example, the default value of local_pref is 100, and the value of local_pref of the first routing information and the value of local_pref of the second routing information are both 200.
或者,示例性地,第一路由信息的优先级指标和第二路由信息的优先级指标均为MED。由于MED的数值越小,MED所指示的优先级越高,因而第一路由信息的MED的数值和第二路由信息的MED的数值均不大于MED的缺省值,该缺省值用于指示缺省优先级,便能够使得第一路由信息的优先级和第二路由信息的优先级均不低于缺省优先级。比如,MED的缺省值为0,第一路由信息的MED的数值和第二路由信息的MED的数值均为0。Or, for example, both the priority indicator of the first routing information and the priority indicator of the second routing information are MED. Since the smaller the value of the MED, the higher the priority indicated by the MED, the value of the MED of the first routing information and the value of the MED of the second routing information are not greater than the default value of MED, which is used to indicate The default priority can make the priority of the first routing information and the priority of the second routing information not lower than the default priority. For example, the default value of MED is 0, and the value of MED in the first routing information and the value of MED in the second routing information are both 0.
情况B2,第二网元设备的可信状态为第二网元设备不可信。第一路由信息的优先级和第二路由信息的优先级均低于缺省优先级。In case B2, the trusted state of the second network element device is that the second network element device is not trusted. Both the priority of the first routing information and the priority of the second routing information are lower than the default priority.
示例性地,第一路由信息的local_pref的数值和第二路由信息的local_pref的数值均小于 local_pref的缺省值,从而使得第一路由信息的优先级和第二路由信息的优先级均低于缺省优先级。比如,local_pref的缺省值为100,则第一路由信息的local_pref的数值和第二路由信息的local_pref的数值均为0。Exemplarily, the value of local_pref of the first routing information and the value of local_pref of the second routing information are both smaller than the default value of local_pref, so that the priority of the first routing information and the priority of the second routing information are lower than those of the default Provincial priority. For example, if the default value of local_pref is 100, the value of local_pref of the first routing information and the value of local_pref of the second routing information are both 0.
或者,示例性地,第一路由信息的MED的数值和第二路由信息的MED的数值均大于MED的缺省值,从而使得第一路由信息的优先级和第二路由信息的优先级均低于缺省优先级。比如,MED的缺省值为0,则第一路由信息的MED的数值和第二路由信息的MED的数值均为100。Or, for example, the value of the MED of the first routing information and the value of the MED of the second routing information are both greater than the default value of MED, so that the priority of the first routing information and the priority of the second routing information are both low than the default priority. For example, if the default value of MED is 0, the value of MED in the first routing information and the value of MED in the second routing information are both 100.
情况B3,第二网元设备的可信状态为第二网元设备状态未知。第一路由信息的优先级和第二路由信息的优先级均低于缺省优先级且高于第二网元设备不可信的情况下的优先级。In case B3, the trusted state of the second network element device is that the state of the second network element device is unknown. Both the priority of the first routing information and the priority of the second routing information are lower than the default priority and higher than the priority when the second network element device is untrustworthy.
其中,第二网元设备不可信情况下的优先级,也即是上述情况B2中的第一路由信息的优先级和第二路由信息的优先级。Wherein, the priority when the second network element device is untrustworthy is the priority of the first routing information and the priority of the second routing information in the above-mentioned case B2.
示例性地,情况B3中第一路由信息的local_pref的数值和第二路由信息的local_pref的数值均小于local_pref的缺省值,且大于情况B2中第一路由信息的local_pref的数值和第二路由信息的local_pref的数值。比如,local_pref的缺省值为100,情况B2中第一路由信息的local_pref的数值和第二路由信息的local_pref的数值均为0,则情况B3中第一路由信息的local_pref的数值和第二路由信息的local_pref的数值均为50。Exemplarily, the value of local_pref of the first routing information and the value of local_pref of the second routing information in case B3 are both smaller than the default value of local_pref, and greater than the value of local_pref of the first routing information and the value of the second routing information in case B2 The value of local_pref. For example, the default value of local_pref is 100, the value of local_pref of the first routing information and the value of local_pref of the second routing information in case B2 are both 0, then the value of local_pref of the first routing information and the value of the second routing information in case B3 The values of local_pref of information are all 50.
或者,示例性地,情况B3中第一路由信息的MED的数值和第二路由信息的MED的数值均大于MED的缺省值,且小于情况B2中第一路由信息的MED的数值和第二路由信息的MED的数值。比如,MED的缺省值为0,情况B2中第一路由信息的MED的数值和第二路由信息的MED的数值均为100,则第一路由信息的MED的数值和第二路由信息的MED的数值均为50。Or, for example, both the value of MED of the first routing information and the value of MED of the second routing information in case B3 are greater than the default value of MED, and smaller than the value of MED of the first routing information and the value of the second The MED value of routing information. For example, the default value of MED is 0, and the value of MED of the first routing information and the value of MED of the second routing information in case B2 are both 100, then the value of MED of the first routing information and the value of MED of the second routing information The values are all 50.
需要说明的是,第二种管理方式也能够使得第二网元设备的可信程度越低,则流量通过第二网元设备的概率越低。根据步骤301中的说明可知,第二网元设备可信(即情况B1)、第二网元设备状态未知(即情况B3)、第二网元设备不可信(即情况B2)这三种情况的可信程度依次降低。在本申请实施例中,可信程度最高的情况B1中第二网元设备对应的路由信息的优先级最高,可信程度次高的情况B3中第二网元设备对应的路由信息的优先级次之,可信程度最低的情况B2中第二网元设备对应的路由信息的优先级最低。因此,选路过程中优先选择可信的第二网元设备,其次选择状态未知的第二网元设备,再次选择不可信的第二网元设备,选择概率依次降低,选择第二网元设备的概率影响着流量通过第二网元设备的概率。由此,实现了第二网元设备的可信程度越低,则流量通过第二网元设备的概率越低。It should be noted that, the second management manner can also make the lower the trustworthiness of the second network element device, the lower the probability of traffic passing through the second network element device. According to the description in step 301, it can be seen that the second network element device is trusted (i.e. case B1), the state of the second network element device is unknown (i.e. case B3), and the second network element device is untrustworthy (i.e. case B2). The degree of credibility decreases in turn. In this embodiment of the application, the routing information corresponding to the second network element device has the highest priority in the case B1 of the highest degree of credibility, and the priority of the routing information corresponding to the second network element device in the case B3 of the second highest degree of credibility Secondly, in the case B2 with the lowest degree of trustworthiness, the routing information corresponding to the second network element device has the lowest priority. Therefore, in the route selection process, the trusted second network element device is selected first, the second network element device with unknown status is selected next, and the untrusted second network element device is selected again. The selection probability decreases in turn, and the second network element device is selected. The probability of affects the probability that traffic passes through the second network element device. Thus, it is realized that the lower the degree of trustworthiness of the second network element device is, the lower the probability of traffic passing through the second network element device is.
本申请实施例在第一网元设备的工作过程中,或者说在第二网元设备的使用过程中,周期性的执行上述步骤301和302。由此,能够定期对第二网元设备进行路由管理,保证了管理的可靠性。In the embodiment of the present application, during the working process of the first network element device, or in other words, during the use process of the second network element device, the above steps 301 and 302 are periodically performed. In this way, routing management can be performed on the second network element device on a regular basis, which ensures the reliability of management.
综上所述,本申请实施例在获取远程证明结果之后,将远程证明结果应用至第二网元设备的管理过程中,使得该远程证明结果能够反映在第二网元设备的路由功能上。由于该远程证明结果用于指示第二网元设备的可信状态,因而应用该远程证明结果对第二网元设备进行管理提高了管理的可靠性,从而保证了包含该第二网元设备的网络架构的安全性,以及基于第二网元设备进行通信的安全性。并且,应用本申请实施例还能够使得第二网元设备的可信程度越低,则流量通过该第二网元设备的概率也越低。To sum up, in the embodiment of the present application, after obtaining the remote attestation result, the remote attestation result is applied to the management process of the second network element device, so that the remote attestation result can be reflected in the routing function of the second network element device. Since the remote attestation result is used to indicate the trusted state of the second network element device, the application of the remote attestation result to manage the second network element device improves the reliability of management, thereby ensuring that the The security of the network architecture, and the security of communication based on the second network element device. Moreover, the application of the embodiment of the present application can also make the lower the degree of trustworthiness of the second network element device, the lower the probability of traffic passing through the second network element device.
在第一网元设备具有RR功能的情况下,第一网元设备与第二网元设备之间建立有用于进 行路由反射的BGP连接。在此种情况下,将第一网元设备作为RA服务器,通过第一网元设备和BGP连接对第二网元设备进行远程证明,则无需为实现远程证明而在第一网元设备和第二网元设备之外部署其他额外设备,也无需手动建立专用连接,不仅节约了成本,而且提高了远程证明的效率。参见图9,在此种情况下,以上附图3所示实施例的步骤301中第一网元设备获取第二网元设备对应的远程证明结果的具体过程,包括如下步骤901-905。When the first network element device has the RR function, a BGP connection for route reflection is established between the first network element device and the second network element device. In this case, the first network element device is used as the RA server, and the second network element device is remotely authenticated through the first network element device and the BGP connection. Deploying other additional devices in addition to the second network element device does not need to manually establish a dedicated connection, which not only saves costs, but also improves the efficiency of remote certification. Referring to FIG. 9 , in this case, the specific process for the first network element device to obtain the remote attestation result corresponding to the second network element device in step 301 of the embodiment shown in FIG. 3 includes the following steps 901-905.
901,第一网元设备基于BGP连接向第二网元设备发送第一BGP报文,第一BGP报文用于查询第二网元设备的度量信息。901. The first network element device sends a first BGP packet to the second network element device based on the BGP connection, where the first BGP packet is used to query metric information of the second network element device.
其中,第一网元设备为具有路由反射功能的设备(如图1或图2中的第一网元设备11),第一网元设备与第二网元设备之间建立有用于进行路由反射的BGP连接,BGP连接又称BGP会话(session)。示例性地,第一网元设备与第二网元设备之间首先建立传输控制协议(transmission control protocol,TCP)连接,再以TCP连接为基础建立BGP连接。在一些实施方式中,第一网元设备中存储有BGP会话列表,该BGP会话列表包括至少一个网元设备,至少一个网元设备中的任一网元设备与第一网元设备建立有BGP连接,因而该BGP会话列表中的任一网元设备均可以作为第二网元设备。示例性地,第一网元设备遍历该BGP会话列表,从该BGP会话列表中选择得到第二网元设备,则第一网元设备能够自动发现需要进行远程证明的第二网元设备。Wherein, the first network element device is a device with a route reflection function (such as the first network element device 11 in Figure 1 or Figure 2), and a network for performing route reflection is established between the first network element device and the second network element device. BGP connection, BGP connection is also called BGP session (session). Exemplarily, a transmission control protocol (transmission control protocol, TCP) connection is first established between the first network element device and the second network element device, and then a BGP connection is established based on the TCP connection. In some embodiments, a BGP session list is stored in the first network element device, and the BGP session list includes at least one network element device, and any network element device in the at least one network element device establishes a BGP session with the first network element device Therefore, any network element device in the BGP session list can be used as the second network element device. Exemplarily, the first network element device traverses the BGP session list and selects the second network element device from the BGP session list, then the first network element device can automatically discover the second network element device that needs to be remotely certified.
在示例性实施例中,第二网元设备的度量信息包括:业务软件的运行过程中第二网元设备的组件产生的信息,业务软件为安装于第二网元设备上的软件。示例性地,运行过程包括启动过程,则第二网元设备的度量信息包括:业务软件在启动过程中第二网元设备的组件产生的信息。在一些实施方式中,第二网元设备的组件包括但不限于第二网元设备中的各个单板,第二网元设备的组件数量可以为一个或多个。除上述确定第二网元设备的度量信息的方式外,还可以采用其他方式来确定第二网元设备的度量信息,本申请实施例不对度量信息的确定方式加以限定,该度量信息根据实际需求确定即可。In an exemplary embodiment, the metric information of the second network element device includes: information generated by components of the second network element device during operation of service software, and the service software is software installed on the second network element device. Exemplarily, the running process includes a starting process, and the metric information of the second network element device includes: information generated by components of the second network element device during the starting process of the service software. In some implementations, the components of the second network element device include but are not limited to individual boards in the second network element device, and the number of components of the second network element device may be one or more. In addition to the above method of determining the measurement information of the second network element device, other methods can also be used to determine the measurement information of the second network element device. The embodiment of the present application does not limit the method of determining the measurement information. The measurement information is based on actual needs. OK.
在示例性实施例中,第一BGP报文包括第一类型长度值(type length value,TLV)字段,第一TLV字段用于指示查询度量信息。其中,查询度量信息的过程又称为挑战过程,该第一BGP报文又称为挑战报文。示例性地,第一TLV字段包括第一类型字段、第一长度字段和第一值字段,第一类型字段携带第一类型(type)值,第一类型值用于指示查询度量信息或者携带度量信息,第一长度字段用于指示第一值字段的长度,第一值字段用于指示第一类型值所指示的是查询度量信息。在一些实施方式中,第一值字段指示第一类型值所指示的是查询度量信息的方式为:第一值字段携带第一参考数值,或者,第一值字段置空。在第一值字段携带第一参考数值的情况下,第一参考数值包括与度量信息不同且不会与度量信息混淆的数值。第一参考数值可以通过配置得到,也可以由第一网元设备和第二网元设备协商得到,本申请实施例不对第一参考数值加以限定。在第一值字段置空的情况下,由于第一长度字段用于指示第一值字段的长度,因而第一长度字段置零。In an exemplary embodiment, the first BGP message includes a first type length value (type length value, TLV) field, and the first TLV field is used to indicate query metric information. Wherein, the process of querying metric information is also called a challenge process, and the first BGP message is also called a challenge message. Exemplarily, the first TLV field includes a first type field, a first length field, and a first value field, and the first type field carries a first type (type) value, and the first type value is used to indicate query metric information or carry a metric information, the first length field is used to indicate the length of the first value field, and the first value field is used to indicate that the first type value indicates query metric information. In some implementations, the manner in which the first value field indicates that the value of the first type indicates query metric information is: the first value field carries a first reference value, or the first value field is left blank. Where the first value field carries a first reference value, the first reference value includes a value that is different from and not confused with the metric information. The first reference value may be obtained through configuration, or may be obtained through negotiation between the first network element device and the second network element device, and this embodiment of the present application does not limit the first reference value. When the first value field is blank, since the first length field is used to indicate the length of the first value field, the first length field is set to zero.
由于第一BGP报文属于BGP报文的一种,接下来,对BGP报文的报文结构进行说明,以便于理解第一BGP报文和后文的其他BGP报文的报文结构。Since the first BGP message belongs to a type of BGP message, the message structure of the BGP message will be described next, so as to facilitate the understanding of the message structures of the first BGP message and other BGP messages in the following text.
BGP报文包括BGP报文头和报文内容。参见图10,图10示出了BGP报文头的结构。BGP报文头包括标记(marker)字段、长度(length)字段和类型值字段,标记字段用于进行BGP认证,长度字段用于指示BGP报文的总长度,即BGP报文头与报文内容的长度之和, 类型值字段用于区分不同的报文类型。例如,类型值字段的取值为1,则报文类型为开放(open)类型。类型值字段的取值为2,则报文类型为更新(update)类型。并且,不同的报文类型对应不同的报文内容。A BGP packet includes a BGP packet header and packet content. Referring to Fig. 10, Fig. 10 shows the structure of the BGP message header. The BGP message header includes a marker field, a length field, and a type value field. The marker field is used for BGP authentication, and the length field is used to indicate the total length of the BGP message, that is, the BGP message header and message content The sum of lengths, the type value field is used to distinguish different packet types. For example, if the value of the type value field is 1, the message type is an open (open) type. If the value of the type value field is 2, the message type is an update (update) type. Moreover, different message types correspond to different message contents.
如图11所示,图11示出了更新类型的BGP报文的报文结构,更新类型的BGP报文包括BGP报文头和更新类型对应的报文内容。在更新类型对应的报文内容中,包括总路径属性长度(total path attribute length)字段和路径属性(path attributes)字段,总路径属性长度字段用于指示路径属性字段的长度,路径属性字段的长度是可变的(variable)。在一些实施方式中,路径属性字段为TLV格式,路径属性字段包括属性类型(attribute type)字段、属性长度(attribute length)字段和属性值(attribute value)字段,属性值字段的长度是可变的。As shown in FIG. 11 , FIG. 11 shows a message structure of an update-type BGP message. The update-type BGP message includes a BGP message header and message content corresponding to the update type. The message content corresponding to the update type includes the total path attribute length (total path attribute length) field and the path attributes (path attributes) field. The total path attribute length field is used to indicate the length of the path attribute field, and the length of the path attribute field is variable. In some embodiments, the path attribute field is in TLV format, and the path attribute field includes an attribute type (attribute type) field, an attribute length (attribute length) field and an attribute value (attribute value) field, and the length of the attribute value field is variable .
在示例性实施例中,第一BGP报文为第一更新报文,第一更新报文也即是报文类型为更新类型的BGP报文。第一更新报文包括第一路径属性字段,第一TLV字段位于第一路径属性字段中。其中,该第一路径属性字段即为图11所示的路径属性字段,第一TLV字段包括的第一类型字段即为图11所示的属性类型字段,第一TLV字段包括的第一长度字段即为图11所示的属性长度字段,第一TLV字段包括的第一值字段即为图11所示的属性值字段。在此种情况下,第一TLV字段包括的第一类型字段携带的第一类型值为:路径属性字段对应的未注册(unassigned)的类型值中的任一类型值。其中,路径属性字段对应的未注册的类型值包括但不限于:39、41-127、130-240、244-254,本申请实施例中第一类型值例如为201。In an exemplary embodiment, the first BGP message is a first update message, and the first update message is a BGP message whose message type is an update type. The first update packet includes a first path attribute field, and the first TLV field is located in the first path attribute field. Wherein, the first path attribute field is the path attribute field shown in Figure 11, the first type field included in the first TLV field is the attribute type field shown in Figure 11, and the first length field included in the first TLV field It is the attribute length field shown in FIG. 11 , and the first value field included in the first TLV field is the attribute value field shown in FIG. 11 . In this case, the first type value carried by the first type field included in the first TLV field is: any type value among the unassigned type values corresponding to the path attribute field. Wherein, the unregistered type values corresponding to the path attribute field include but are not limited to: 39, 41-127, 130-240, 244-254, and the first type value in the embodiment of the present application is, for example, 201.
需要说明的是,TCG针对于可信计算提出了“信任链”和“可信度量”的概念。其中,首先设定一个可信根,由该可信根对其他设备进行可信度量,如果该可信根验证一个设备处于可信状态,则处于可信状态的设备与可信根组成信任链。本申请实施例中由第一网元设备验证第二网元设备是否处于可信状态,也即是由第一网元设备对第二网元设备进行可信度量,因而在执行步骤901之前,需要将第一网元设备设定为可信根。响应于在后续过程中第一网元设备验证第二网元设备处于可信状态,则第一网元设备与第二网元设备组成信任链。此外,在步骤901之前,本申请实施例还需要设定第一网元设备作为RA服务器。示例性地,第一网元设备接收用户配置的命令行,或者接收网络管理设备发送的配置命令,以配置第一网元设备作为RA服务器。在一些实施方式中,命令行例如为RA服务器使能(RA server enable)命令行。在另一些实施方式中,第一网元设备通过简单网络管理协议(simple network management protocol,SNMP)或者网络配置(network configuration,NETCONF)协议接收网络管理设备发送的配置命令。It should be noted that TCG has proposed the concepts of "trust chain" and "trust measurement" for trusted computing. Among them, a root of trust is set first, and the root of trust is used to measure the trust of other devices. If the root of trust verifies that a device is in a trusted state, the device in the trusted state and the root of trust form a chain of trust . In the embodiment of the present application, the first network element device verifies whether the second network element device is in a trusted state, that is, the first network element device performs trustworthiness measurement on the second network element device, so before performing step 901, The first network element device needs to be set as the root of trust. In response to the first network element device verifying that the second network element device is in a trusted state in the subsequent process, the first network element device and the second network element device form a trust chain. In addition, before step 901, the embodiment of the present application also needs to set the first network element device as the RA server. Exemplarily, the first network element device receives a command line configured by the user, or receives a configuration command sent by the network management device, so as to configure the first network element device as the RA server. In some implementation manners, the command line is, for example, an RA server enable (RA server enable) command line. In some other implementation manners, the first network element device receives the configuration command sent by the network management device through a simple network management protocol (simple network management protocol, SNMP) or a network configuration (network configuration, NETCONF) protocol.
902,第二网元设备基于BGP连接接收第一网元设备发送的第一BGP报文。902. The second network element device receives the first BGP packet sent by the first network element device based on the BGP connection.
在第一网元设备基于BGP连接向第二网元设备发送第一BGP报文之后,第二网元设备便能够接收到第一BGP报文。其中,第二网元设备解析该第一BGP报文,从而确定该第一BGP报文用于查询第二网元设备的度量信息。After the first network element device sends the first BGP message to the second network element device based on the BGP connection, the second network element device can receive the first BGP message. Wherein, the second network element device parses the first BGP packet, so as to determine that the first BGP packet is used to query the metric information of the second network element device.
903,第二网元设备基于BGP连接向第一网元设备发送第二BGP报文,第二BGP报文携带度量信息,以使第一网元设备得到第二网元设备对应的远程证明结果。903. The second network element device sends a second BGP packet to the first network element device based on the BGP connection, and the second BGP packet carries measurement information, so that the first network element device obtains a remote attestation result corresponding to the second network element device .
其中,第二网元设备在确定第一BGP报文用于查询第二网元设备的度量信息后,获取度量信息,并向第一网元设备发送携带有度量信息的第二BGP报文。示例性地,第二网元设备从第二网元设备内嵌的安全硬件(例如包括PCR的TPM芯片)中获取度量信息。Wherein, after determining that the first BGP message is used to query the metric information of the second network element device, the second network element device obtains the metric information, and sends the second BGP message carrying the metric information to the first network element device. Exemplarily, the second network element device acquires the metric information from security hardware embedded in the second network element device (for example, a TPM chip including a PCR).
在示例性实施例中,第二BGP报文包括第二TLV字段,第二TLV字段用于携带度量信 息。其中,携带度量信息是为了向第一网元设备返回度量信息,返回度量信息的过程又称为应答过程,因而该第二BGP报文又称为应答报文。示例性地,第二TLV字段包括第二类型字段、第二长度字段和第二值字段,第二类型字段携带第一类型值,第一类型值用于指示查询度量信息或者携带度量信息,第一类型值参见步骤901中的说明,此处不再进行赘述。第二长度字段用于指示第二值字段的长度,第二值字段用于携带度量信息,从而能够指示第一类型值所指示的是携带度量信息。In an exemplary embodiment, the second BGP message includes a second TLV field, and the second TLV field is used to carry metric information. The purpose of carrying the metric information is to return the metric information to the first network element device, and the process of returning the metric information is also called a response process, so the second BGP message is also called a response message. Exemplarily, the second TLV field includes a second type field, a second length field, and a second value field, the second type field carries a first type value, and the first type value is used to indicate query metric information or carry metric information. For a type value, refer to the description in step 901, which will not be repeated here. The second length field is used to indicate the length of the second value field, and the second value field is used to carry metric information, so as to indicate that the first type value indicates that metric information is carried.
根据步骤901中的说明可知,第二网元设备的度量信息包括业务软件的运行过程(例如启动过程)中第二网元设备的组件产生的信息。在一些实施方式中,第二值字段携带的度量信息包括对第二网元设备的度量信息进行哈希(hash)计算所得到的哈希值。在一些实施方式中,第二值字段携带的度量信息包括已按照又一个下一代(yet another next generation,YANG)模型编码的度量信息。该YANG模型例如为draft-ietf-rats-yang-tpm-charra-11定义的YANG模型。According to the description in step 901, it can be known that the metric information of the second network element device includes information generated by components of the second network element device during the running process of the service software (for example, the startup process). In some implementations, the metric information carried in the second value field includes a hash value obtained by hashing (hash) the metric information of the second network element device. In some embodiments, the metric information carried in the second value field includes metric information that has been encoded according to a yet another next generation (YANG) model. The YANG model is, for example, the YANG model defined by draft-ietf-rats-yang-tpm-charra-11.
在示例性实施例中,第二BGP报文为第二更新报文,第二更新报文也即是报文类型为更新类型的BGP报文。第二更新报文包括第二路径属性字段,第二TLV字段位于第二路径属性字段中。其中,该第二路径属性字段即为图11所示的路径属性字段,第二TLV字段包括的第二类型字段即为图11所示的属性类型字段,第二TLV字段包括的第二长度字段即为图11所示的属性长度字段,第二TLV字段包括的第二值字段即为图11所示的属性值字段。In an exemplary embodiment, the second BGP message is a second update message, and the second update message is a BGP message whose message type is an update type. The second update packet includes a second path attribute field, and the second TLV field is located in the second path attribute field. Wherein, the second path attribute field is the path attribute field shown in Figure 11, the second type field included in the second TLV field is the attribute type field shown in Figure 11, and the second length field included in the second TLV field It is the attribute length field shown in FIG. 11 , and the second value field included in the second TLV field is the attribute value field shown in FIG. 11 .
904,第一网元设备基于BGP连接接收第二网元设备发送的第二BGP报文,解析第二BGP报文得到第二BGP报文携带的度量信息。904. The first network element device receives the second BGP packet sent by the second network element device based on the BGP connection, and parses the second BGP packet to obtain metric information carried in the second BGP packet.
由于第二网元设备向第一网元设备发送了第二BGP报文,因而第一网元设备能够接收到第二BGP报文。第一网元设备解析该第二BGP报文,从而得到第二网元设备的度量信息。Since the second network element device sends the second BGP packet to the first network element device, the first network element device can receive the second BGP packet. The first network element device parses the second BGP packet, so as to obtain the metric information of the second network element device.
905,第一网元设备对比解析得到的度量信息和远程证明基线文件,得到远程证明结果。905. The first network element device compares and analyzes the obtained measurement information and the remote attestation baseline file to obtain a remote attestation result.
其中,解析得到的度量信息即为第二BGP报文中携带的第二网元设备的度量信息。远程证明基线文件包括度量信息的参考值,远程证明基线文件用于作为度量信息的基准,也即是RA过程中进行对比的依据。示例性地,在度量信息包括业务软件的运行过程中第二网元设备的组件产生的信息的情况下,远程证明基线文件包括未被篡改、真实且完整的业务软件的运行过程中上述组件产生的信息。在第二网元设备包括多个组件的情况下,远程证明基线文件也包括未被篡改、真实且完整的业务软件的运行过程中多个组件产生的信息,此种情况下远程证明基线文件可以表示为列表。示例性地,未被篡改、真实且完整的业务软件包括发布时的业务软件。Wherein, the metric information obtained by parsing is the metric information of the second network element device carried in the second BGP message. The remote attestation baseline file includes the reference value of the measurement information, and the remote attestation baseline file is used as a benchmark of the measurement information, that is, the basis for comparison in the RA process. Exemplarily, in the case where the measurement information includes information generated by components of the second network element device during the operation of the service software, the remote attestation baseline file includes the untampered, true and complete information generated by the above components during the operation of the service software Information. In the case that the second network element device includes multiple components, the remote attestation baseline file also includes the information generated by multiple components during the operation of the authentic and complete business software that has not been tampered with. In this case, the remote attestation baseline file can Represented as a list. Exemplarily, the authentic and complete service software that has not been tampered with includes the service software at the time of release.
第一网元设备将解析得到的度量信息和远程证明基线文件进行对比,得到用于指示第二网元设备是否处于可信状态的远程证明结果。其中,响应于度量信息和远程证明基线文件一致,则第一网元设备得到用于指示第二网元设备处于可信状态的远程证明结果。响应于度量信息和远程证明基线文件不一致,则第一网元设备得到用于指示第二网元设备处于不可信状态的远程证明结果。The first network element device compares the analyzed metric information with the remote attestation baseline file to obtain a remote attestation result indicating whether the second network element device is in a trusted state. Wherein, in response to the fact that the metric information is consistent with the remote attestation baseline file, the first network element device obtains a remote attestation result indicating that the second network element device is in a trusted state. In response to the inconsistency between the metric information and the remote attestation baseline file, the first network element device obtains a remote attestation result indicating that the second network element device is in an untrusted state.
在示例性实施例中,度量信息和远程证明基线文件一致,包括:度量信息中的每个信息均与远程证明基线文件中相对应的信息一致,相对应的信息是指由同一个组件产生的信息。以第二网元设备中的组件包括单板1和单板2为例,度量信息包括业务软件的运行过程中单板1产生的信息和单板2产生的信息,远程证明基线文件包括未被篡改、真实且完整的业务 软件的运行过程中单板1产生的信息和单板2产生的信息。响应于度量信息中单板1产生的信息与远程证明基线文件中单板1产生的信息相同,且度量信息中单板2产生的信息与远程证明基线文件中单板2产生的信息相同,第一网元设备得到用于指示第二网元设备处于可信状态的远程证明结果。In an exemplary embodiment, the metric information is consistent with the remote attestation baseline file, including: each information in the metric information is consistent with the corresponding information in the remote attestation baseline file, and the corresponding information refers to information generated by the same component information. Taking the components in the second network element device including board 1 and board 2 as an example, the measurement information includes the information generated by board 1 and the information generated by board 2 during the operation of the service software, and the remote certification baseline file includes The information generated by board 1 and the information generated by board 2 during the operation of tampered, authentic and complete business software. Responding to the fact that the information generated by board 1 in the metric information is the same as the information generated by board 1 in the remote attestation baseline file, and that the information generated by board 2 in the metric information is the same as the information generated by board 2 in the remote attestation baseline file, para. A network element device obtains a remote attestation result indicating that the second network element device is in a trusted state.
示例性地,在第一网元设备得到远程证明结果之后,第一网元设备向网络管理设备发送该远程证明结果,以将该远程证明结果展示给网络管理设备的用户,由网络管理设备的用户基于远程证明结果管理第二网元设备。例如,在远程证明结果用于指示第二网元设备处于不可信状态的情况下,网络管理设备的用户向第二网元设备的用户进行告警,或者网络管理设备的用户将第二网元设备下线。Exemplarily, after the first network element device obtains the remote certification result, the first network element device sends the remote certification result to the network management device, so as to present the remote certification result to the user of the network management device, and the network management device The user manages the second network element device based on the remote attestation result. For example, when the remote attestation result is used to indicate that the second network element device is in an untrusted state, the user of the network management device sends an alarm to the user of the second network element device, or the user of the network management device sends the second network element device offline.
能够理解的是,在执行步骤905之前,第一网元设备需要获取该远程证明基线文件。在一些实施方式中,远程证明基线文件由第一网元设备接收得到。其中,第一网元设备接收其他设备发送的远程证明基线文件,其他设备例如为网络管理设备,网络管理设备的用户通过网络管理设备将远程证明基线文件上传至第一网元设备。在一些实施方式中,第一网元设备在能够确保安全的环境下接收该远程证明基线文件。例如,第一网元设备通过安全文件传送协议(secure file transfer protocol,SFTP)接收远程证明基线文件。在另一些实施方式中,远程证明基线文件由第一网元设备根据第一网元设备的度量信息生成。示例性地,响应于第一网元设备和第二网元设备为相同供应商提供的相同版本的设备,则第一网元设备根据第一网元设备的度量信息生成该远程证明基线文件。第一网元设备能够自行生成该远程证明基线文件的原因在于:第一网元设备是可信根,因而第一网元设备中的业务软件未被篡改、真实且完整的。在此基础上,由于第一网元设备和第二网元设备为相同供应商提供的相同版本的设备,因而第一网元设备和第二网元设备包括相同的组件。因此,第一网元设备可以记录业务软件的运行过程中各个组件产生的信息,得到第一网元设备的度量信息,从而将第一网元设备的度量信息作为远程证明基线文件。It can be understood that, before performing step 905, the first network element device needs to obtain the remote attestation baseline file. In some implementation manners, the remote attestation baseline file is received by the first network element device. Wherein, the first network element device receives the remote attestation baseline file sent by other devices, such as a network management device, and the user of the network management device uploads the remote attestation baseline file to the first network element device through the network management device. In some implementation manners, the first network element device receives the remote attestation baseline file in a secure environment. For example, the first network element device receives the remote attestation baseline file through a secure file transfer protocol (secure file transfer protocol, SFTP). In some other implementation manners, the remote attestation baseline file is generated by the first network element device according to the metric information of the first network element device. Exemplarily, in response to the fact that the first network element device and the second network element device are devices of the same version provided by the same supplier, the first network element device generates the remote attestation baseline file according to the measurement information of the first network element device. The reason why the first network element device can generate the remote attestation baseline file is that the first network element device is a root of trust, so the service software in the first network element device has not been tampered with, is true and complete. On this basis, since the first network element device and the second network element device are devices of the same version provided by the same supplier, the first network element device and the second network element device include the same components. Therefore, the first network element device can record the information generated by each component during the operation of the service software, and obtain the measurement information of the first network element device, so that the measurement information of the first network element device can be used as a remote certification baseline file.
另外,在第二网元设备的使用过程中,可以周期性的执行上述步骤901-905,从而定期验证了第二网元设备是否处于可信状态,保证了第二网元设备的安全性。In addition, during the use of the second network element device, the above steps 901-905 may be periodically performed, thereby regularly verifying whether the second network element device is in a trusted state, and ensuring the security of the second network element device.
在示例性实施例中,步骤901中第一网元设备基于BGP连接向第二网元设备发送第一BGP报文,包括:第一网元设备基于BGP连接与第二网元设备建立安全连接,通过安全连接向第二网元设备发送第一BGP报文。通过该安全连接进行第一BGP报文的传输,能够提高第一BGP报文在传输过程中的安全性,从而提高了后续获得的远程证明结果的准确性。在示例性实施例中,步骤902中第二网元设备基于BGP连接接收第一网元设备发送的第一BGP报文,包括:第二网元设备基于BGP连接与第一网元设备建立安全连接,通过安全连接接收第一网元设备发送的第一BGP报文。步骤903中第二网元设备基于BGP连接向第一网元设备发送第二BGP报文,包括:第二网元设备通过安全连接向第一网元设备发送第二BGP报文。步骤904中第一网元设备基于BGP连接接收第二网元设备发送的第二BGP报文,包括:第一网元设备通过安全连接接收第二网元设备发送的第二BGP报文。In an exemplary embodiment, in step 901, the first network element device sends the first BGP message to the second network element device based on the BGP connection, including: the first network element device establishes a secure connection with the second network element device based on the BGP connection , sending the first BGP packet to the second network element device through the secure connection. The transmission of the first BGP message through the secure connection can improve the security of the first BGP message in the transmission process, thereby improving the accuracy of the subsequently obtained remote attestation result. In an exemplary embodiment, in step 902, the second network element device receives the first BGP message sent by the first network element device based on the BGP connection, including: the second network element device establishes a secure connection with the first network element device based on the BGP connection; connection, and receive the first BGP message sent by the first network element device through the secure connection. In step 903, the second network element device sending the second BGP message to the first network element device based on the BGP connection includes: the second network element device sending the second BGP message to the first network element device through a secure connection. In step 904, the first network element device receiving the second BGP message sent by the second network element device based on the BGP connection includes: the first network element device receives the second BGP message sent by the second network element device through a secure connection.
在示例性实施例中,安全连接包括传输层安全(transport layer security,TLS)连接或者互联网协议(internet protocol,IP)安全(security,sec)隧道。在安全连接为TLS连接的情况下,第一网元设备基于BGP连接与第二网元设备建立安全连接,包括:第一网元设备基于BGP连接与第二网元设备建立新的TCP连接,基于新的TCP连接建立TLS连接,再基于 TLS连接建立新的BGP连接,新的BGP连接又称基于TLS的BGP(BGP over TLS)连接。在安全连接为IP Sec隧道的情况下,第一网元设备则无需再建立新的BGP连接,而是直接基于BGP连接建立IP Sec隧道即可。本申请实施例不对安全连接加以限定,安全连接根据实际需要选择即可。In an exemplary embodiment, the secure connection includes a transport layer security (TLS) connection or an Internet Protocol (IP) security (sec) tunnel. When the secure connection is a TLS connection, the first network element device establishes a secure connection with the second network element device based on the BGP connection, including: the first network element device establishes a new TCP connection with the second network element device based on the BGP connection, A TLS connection is established based on a new TCP connection, and a new BGP connection is established based on the TLS connection. The new BGP connection is also called a BGP over TLS (BGP over TLS) connection. When the security connection is an IP Sec tunnel, the first network element device does not need to establish a new BGP connection, but directly establishes an IP Sec tunnel based on the BGP connection. The embodiment of the present application does not limit the secure connection, and the secure connection can be selected according to actual needs.
在示例性实施例中,第一网元设备基于BGP连接与第二网元设备建立安全连接,包括:响应于确定第二网元设备支持远程证明功能,第一网元设备通过BGP连接向第二网元设备发送安全连接建立请求,根据安全连接建立请求与第二网元设备建立安全连接。对于第二网元设备而言,第二网元设备基于BGP连接与第一网元设备建立安全连接,包括:第二网元设备通过BGP连接接收第一网元设备发送的安全连接建立请求,根据安全连接建立请求与第一网元设备建立安全连接。本申请实施例中,在确定第二网元设备支持远程证明功能的情况下,第一网元设备再与第二网元设备建立安全连接,从而基于该安全连接交互第一BGP报文和第二BGP报文,实现RA过程。由此,能够避免发生已建立安全连接但第二网元设备不支持远程证明功能的情况,避免造成传输带宽和处理资源的浪费。In an exemplary embodiment, the first network element device establishes a secure connection with the second network element device based on the BGP connection, including: in response to determining that the second network element device supports the remote attestation function, the first network element device sends the second network element device to the second network element device through the BGP connection. The second network element device sends a secure connection establishment request, and establishes a secure connection with the second network element device according to the secure connection establishment request. For the second network element device, the second network element device establishes a secure connection with the first network element device based on the BGP connection, including: the second network element device receives the secure connection establishment request sent by the first network element device through the BGP connection, Establish a secure connection with the first network element device according to the secure connection establishment request. In this embodiment of the present application, when it is determined that the second network element device supports the remote attestation function, the first network element device establishes a secure connection with the second network element device, thereby exchanging the first BGP message and the second network element device based on the secure connection. Two BGP packets implement the RA process. In this way, the situation that the secure connection has been established but the second network element device does not support the remote attestation function can be avoided, and waste of transmission bandwidth and processing resources can be avoided.
在示例性实施例中,第二网元设备支持远程证明功能包括:第二网元设备对应的版本信息与远程证明基线文件对应的版本信息相匹配,和/或,第二网元设备具备地址族扩展能力。因此,第二网元设备支持远程证明功能包括如下的三种情况。In an exemplary embodiment, the second network element device supporting the remote attestation function includes: the version information corresponding to the second network element device matches the version information corresponding to the remote attestation baseline file, and/or, the second network element device has an address family expansion capabilities. Therefore, the remote attestation function supported by the second network element device includes the following three situations.
第一种情况,第二网元设备支持远程证明功能是指第二网元设备对应的版本信息与远程证明基线文件对应的版本信息相匹配,且第二网元设备具备地址族扩展能力。对于第一种情况,第一设备基于BGP连接向第二网元设备发送第一BGP报文之前,或者说第二网元设备基于BGP连接接收第一网元设备发送的第一BGP报文之前,参见图12,方法还包括如下的步骤906-914。In the first case, the second network element device supports the remote attestation function, which means that the version information corresponding to the second network element device matches the version information corresponding to the remote attestation baseline file, and the second network element device has the address family extension capability. For the first case, before the first device sends the first BGP packet to the second network element device based on the BGP connection, or before the second network element device receives the first BGP packet sent by the first network element device based on the BGP connection , referring to FIG. 12, the method further includes the following steps 906-914.
906,第一网元设备通过BGP连接向第二网元设备发送第三BGP报文,第三BGP报文用于指示查询第二网元设备对应的版本信息。906. The first network element device sends a third BGP message to the second network element device through the BGP connection, where the third BGP message is used to instruct to query version information corresponding to the second network element device.
其中,第一网元设备查询第二网元设备对应的版本信息的目的在于:第一网元设备需要确定远程证明基线文件对应的版本信息和第二网元设备对应的版本信息是否相同。在远程证明基线文件对应的版本信息和第二网元设备对应的版本信息相同的情况下,第一网元设备才能够使用远程证明基线文件对第二网元设备进行远程证明。The purpose of the first network element device querying the version information corresponding to the second network element device is: the first network element device needs to determine whether the version information corresponding to the remote attestation baseline file is the same as the version information corresponding to the second network element device. Only when the version information corresponding to the remote attestation baseline file is the same as the version information corresponding to the second network element device, can the first network element device use the remote attestation baseline file to remotely attest to the second network element device.
在示例性实施例中,第三BGP报文包括第三TLV字段,第三TLV字段用于指示查询版本信息。示例性地,第三TLV字段包括第三类型字段、第三长度字段和第三值字段,第三类型字段携带第二类型值,第二类型值用于指示查询版本信息或者携带版本信息,第三长度字段用于指示第三值字段的长度,第三值字段用于指示第二类型值所指示的是查询版本信息。示例性地,第三值字段携带第二参考数值,或者,第三值字段置空,以指示第二类型值所指示的是查询版本信息。其中,第二参考数值包括与版本信息不同且不会与版本信息混淆的数值,第二参考数值通过配置或者协商得到,本申请实施例不对第二参考数值加以限定。另外,在第三值字段置空的情况下,第三长度字段置零。In an exemplary embodiment, the third BGP message includes a third TLV field, and the third TLV field is used to indicate query version information. Exemplarily, the third TLV field includes a third type field, a third length field, and a third value field, the third type field carries a second type value, and the second type value is used to indicate query version information or carry version information. The three-length field is used to indicate the length of the third value field, and the third value field is used to indicate that the second type value indicates query version information. Exemplarily, the third value field carries the second reference value, or the third value field is left blank to indicate that the second type value indicates query version information. Wherein, the second reference value includes a value that is different from the version information and will not be confused with the version information, the second reference value is obtained through configuration or negotiation, and the embodiment of the present application does not limit the second reference value. In addition, when the third value field is left blank, the third length field is set to zero.
在示例性实施例中,第三BGP报文为第三更新报文,第三更新报文也即是报文类型为更新类型的BGP报文。第三更新报文包括第三路径属性字段,第三TLV字段位于第三路径属性字段中。其中,该第三路径属性字段即为图11所示的路径属性字段,第三TLV字段包括的第三类型字段即为图11所示的属性类型字段,第三TLV字段包括的第三长度字段即为图 11所示的属性长度字段,第三TLV字段包括的第三值字段即为图11所示的属性值字段。在此种情况下,第三TLV字段包括的第三类型字段携带的第二类型值为:路径属性字段对应的未注册的类型值中的任一类型值,且第二类型值与上文第一BGP报文和第二BGP报文中的第一类型值不同。示例性地,本申请实施例中第二类型值为200。In an exemplary embodiment, the third BGP message is a third update message, and the third update message is a BGP message whose message type is an update type. The third update packet includes a third path attribute field, and the third TLV field is located in the third path attribute field. Wherein, the third path attribute field is the path attribute field shown in Figure 11, the third type field included in the third TLV field is the attribute type field shown in Figure 11, and the third length field included in the third TLV field It is the attribute length field shown in FIG. 11 , and the third value field included in the third TLV field is the attribute value field shown in FIG. 11 . In this case, the second type value carried by the third type field included in the third TLV field is: any type value in the unregistered type value corresponding to the path attribute field, and the second type value is the same as the above-mentioned The first type value in the first BGP message is different from that in the second BGP message. Exemplarily, the value of the second type is 200 in the embodiment of the present application.
907,第二网元设备通过BGP连接接收第一网元设备发送的第三BGP报文。907. The second network element device receives the third BGP packet sent by the first network element device through the BGP connection.
在第一网元设备通过BGP连接发送第三BGP报文之后,第二网元设备也通过BGP连接接收第三BGP报文。第二网元设备解析该第三BGP报文,从而确定该第三BGP报文用于指示查询第二网元设备对应的版本信息。After the first network element device sends the third BGP packet through the BGP connection, the second network element device also receives the third BGP packet through the BGP connection. The second network element device parses the third BGP packet, so as to determine that the third BGP packet is used to instruct to query version information corresponding to the second network element device.
908,第二网元设备通过BGP连接向第一网元设备发送第四BGP报文,第四BGP报文携带第二网元设备对应的版本信息。908. The second network element device sends a fourth BGP packet to the first network element device through the BGP connection, where the fourth BGP packet carries version information corresponding to the second network element device.
其中,第二网元设备在确定第三BGP报文用于查询第二网元对应的版本信息后,获取第二网元设备对应的版本信息,并向第一网元设备发送携带有第二网元设备对应的版本信息的第三BGP报文。Wherein, the second network element device obtains the version information corresponding to the second network element device after determining that the third BGP message is used to query the version information corresponding to the second network element device, and sends the second network element device carrying the second The third BGP message of the version information corresponding to the network element device.
在示例性实施例中,第四BGP报文包括第四TLV字段,第四TLV字段用于携带第二网元设备对应的版本信息。示例性地,第二网元设备对应的版本信息包括第二网元设备中的至少一个组件的子版本信息,至少一个组件中任一组件的子版本信息包括软件版本和硬件版本中的至少一种信息。第四TLV字段用于携带信息列表,信息列表包括至少一个信息项,至少一个信息项中的任一信息项包括任一组件的组件名称和任一组件的子版本信息。例如,第二网元设备的组件包括单板1-单板N(N不小于2且N为正整数),则第四TLV字段携带的信息列表包括N个信息项,N个信息项与N个单板一一对应。第一个信息项中包括单板1、单板1的硬件版本和单板1的软件版本,第二个信息项中包括单板2、单板2的硬件版本和单板2的软件版本,以此类推,第N个信息项中包括单板N、单板N的硬件版本和单板N的软件版本。In an exemplary embodiment, the fourth BGP packet includes a fourth TLV field, and the fourth TLV field is used to carry version information corresponding to the second network element device. Exemplarily, the version information corresponding to the second network element device includes subversion information of at least one component in the second network element device, and the subversion information of any component in the at least one component includes at least one of a software version and a hardware version. kind of information. The fourth TLV field is used to carry an information list, and the information list includes at least one information item, and any information item in the at least one information item includes a component name of any component and subversion information of any component. For example, the components of the second network element device include board 1-board N (N is not less than 2 and N is a positive integer), then the information list carried in the fourth TLV field includes N information items, and N information items are related to N There is a one-to-one correspondence between each board. The first information item includes board 1, the hardware version of board 1, and the software version of board 1, and the second information item includes board 2, the hardware version of board 2, and the software version of board 2. By analogy, the Nth information item includes the board N, the hardware version of the board N, and the software version of the board N.
示例性地,第四TLV字段包括第四类型字段、第四长度字段和第四值字段,第四类型字段携带第二类型值,第二类型值用于指示查询版本信息或者携带版本信息,第二类型值参见上文步骤906中的说明,此处不再进行赘述。第四长度字段用于指示第四值字段的长度,第四值字段用于携带第二网元设备对应的版本信息,从而能够指示第二类型值所指示的是携带版本信息。在第四TLV字段携带上述信息列表的情况下,该信息列表由第四TLV字段包括的第四值字段携带。Exemplarily, the fourth TLV field includes a fourth type field, a fourth length field, and a fourth value field. The fourth type field carries a second type value, and the second type value is used to indicate query version information or carry version information. For the second type of value, refer to the description in step 906 above, and details will not be repeated here. The fourth length field is used to indicate the length of the fourth value field, and the fourth value field is used to carry version information corresponding to the second network element device, so as to indicate that the second type value indicates that version information is carried. In the case that the fourth TLV field carries the foregoing information list, the information list is carried by a fourth value field included in the fourth TLV field.
在示例性实施例中,第四BGP报文为第四更新报文,第四更新报文也即是报文类型为更新类型的BGP报文。第四更新报文包括第四路径属性字段,第四TLV字段位于第四路径属性字段中。其中,该第四路径属性字段即为图11所示的路径属性字段,第四TLV字段包括的第四类型字段即为图11所示的属性类型字段,第四TLV字段包括的第四长度字段即为图11所示的属性长度字段,第四TLV字段包括的第四值字段即为图11所示的属性值字段。In an exemplary embodiment, the fourth BGP message is a fourth update message, and the fourth update message is a BGP message whose message type is an update type. The fourth update message includes a fourth path attribute field, and the fourth TLV field is located in the fourth path attribute field. Wherein, the fourth path attribute field is the path attribute field shown in Figure 11, the fourth type field included in the fourth TLV field is the attribute type field shown in Figure 11, and the fourth length field included in the fourth TLV field It is the attribute length field shown in FIG. 11 , and the fourth value field included in the fourth TLV field is the attribute value field shown in FIG. 11 .
909,第一网元设备通过BGP连接接收第二网元设备发送的第四BGP报文,解析第四BGP报文得到第四BGP报文携带的第二网元设备对应的版本信息。909. The first network element device receives the fourth BGP message sent by the second network element device through the BGP connection, and parses the fourth BGP message to obtain version information corresponding to the second network element device carried in the fourth BGP message.
由于第二网元设备向第一网元设备发送了第四BGP报文,因而第一网元设备能够接收到第四BGP报文。第一网元设备解析该第四BGP报文,得到第二网元设备对应的版本信息。Since the second network element device sends the fourth BGP message to the first network element device, the first network element device can receive the fourth BGP message. The first network element device parses the fourth BGP packet to obtain version information corresponding to the second network element device.
910,第一网元设备响应于第二网元设备对应的版本信息与远程证明基线文件对应的版本 信息相同,确定第二网元设备支持远程证明功能。910. The first network element device determines that the second network element device supports the remote attestation function in response to the fact that the version information corresponding to the second network element device is the same as the version information corresponding to the remote attestation baseline file.
示例性地,响应于第二网元设备对应的版本信息与远程证明基线文件对应的版本信息相同,则可以确定第二网元设备对应的版本信息与远程证明基线文件对应的版本信息相匹配,从而确定第二网元设备支持远程证明功能。示例性地,在确定第二网元设备对应的版本信息与远程证明基线文件对应的版本信息相匹配的基础上,还需要确定第二网元设备具备地址族扩展能力,从而确定第二网元设备支持远程证明功能。其中,确定第二网元设备具备地址族扩展能力的方式参见后文步骤911-914中的说明,此处暂不进行赘述。Exemplarily, in response to the fact that the version information corresponding to the second network element device is the same as the version information corresponding to the remote attestation baseline file, it may be determined that the version information corresponding to the second network element device matches the version information corresponding to the remote attestation baseline file, Therefore, it is determined that the second network element device supports the remote attestation function. For example, on the basis of determining that the version information corresponding to the second network element device matches the version information corresponding to the remote attestation baseline file, it is also necessary to determine that the second network element device has the address family extension capability, so as to determine that the second network element device The device supports the remote attestation function. Wherein, for the manner of determining that the second network element device has the address family expansion capability, refer to the description in steps 911-914 later, and details will not be described here.
在示例性实施例中,第二网元设备对应的版本信息与远程证明基线文件对应的版本信息相同,包括:度量信息中的每个信息均与远程证明基线文件中相对应的信息一致,相对应的信息是指由同一个组件产生的信息。以第二网元设备中的组件包括单板1和单板2、版本信息包括软件版本和硬件版本为例,则:响应于度量信息中单板1的硬件版本与远程证明基线文件中单板1的硬件版本相同,度量信息中单板1的软件版本与远程证明基线文件中单板1的软件版本相同,度量信息中单板2的硬件版本与远程证明基线文件中单板2的硬件版本相同,度量信息中单板2的软件版本与远程证明基线文件中单板2的软件版本相同,则第一网元设备能够确定第二网元设备对应的版本信息与远程证明基线文件对应的版本信息相同。In an exemplary embodiment, the version information corresponding to the second network element device is the same as the version information corresponding to the remote attestation baseline file, including: each information in the measurement information is consistent with the corresponding information in the remote attestation baseline file, and Corresponding information refers to information generated by the same component. Taking the components in the second network element device including board 1 and board 2 as an example, and the version information includes software version and hardware version, then: in response to the hardware version of board 1 in the measurement information and the board in the remote certification baseline file The hardware version of board 1 is the same, the software version of board 1 in the measurement information is the same as the software version of board 1 in the remote attestation baseline file, and the hardware version of board 2 in the measurement information is the same as the hardware version of board 2 in the remote attestation baseline file Same, if the software version of board 2 in the measurement information is the same as the software version of board 2 in the remote attestation baseline file, then the first network element device can determine the version information corresponding to the second network element device and the version corresponding to the remote attestation baseline file The information is the same.
911,第一网元设备通过BGP连接向第二网元设备发送第五BGP报文,第五BGP报文用于与第二网元设备协商地址族扩展能力。911. The first network element device sends a fifth BGP packet to the second network element device through the BGP connection, where the fifth BGP packet is used to negotiate address family extension capabilities with the second network element device.
其中,第一网元设备与第二网元设备协商地址族扩展能力,也即是第一网元设备确定第二网元设备是否有能力支持扩展的地址族。通过对地址族进行扩展能够得到扩展的地址族,对地址族进行扩展的目的在于进行业务区分,使得RA过程基于扩展的地址族实现,而其他业务则基于其他地址族实现。需要说明的是,用户配置的命令行包括全局命令行和地址族下的命令行,全局命令行对所有地址族均生效,而地址族下的命令行仅对部分指定的地址族生效。上文步骤901中说明了第一网元设备接收用户配置的命令行的过程,该命令行用于将第一网元设备作为RA服务器。示例性地,在对地址族进行扩展的情况下,该命令行包括地址族下的命令行。Wherein, the first network element device negotiates address family extension capabilities with the second network element device, that is, the first network element device determines whether the second network element device is capable of supporting the extended address family. An extended address family can be obtained by extending the address family. The purpose of extending the address family is to differentiate services, so that the RA process is implemented based on the extended address family, while other services are implemented based on other address families. It should be noted that the command line configured by the user includes the global command line and the command line under the address family. The global command line is effective for all address families, and the command line under the address family is only effective for some specified address families. Step 901 above illustrates the process of the first network element device receiving the command line configured by the user, and the command line is used to use the first network element device as the RA server. Exemplarily, in the case of extending the address family, the command line includes command lines under the address family.
在示例性实施例中,第五BGP报文包括至少一个第一能力子字段,至少一个第一能力子字段中的任一第一能力子字段携带一个地址族标识,地址族标识用于指示扩展的地址族。第一网元设备通过第五BGP报文告知第二网元设备扩展的地址族,以便于第二网元设备确认第二网元设备是否有能力支持该扩展的地址族,从而实现地址族扩展能力的协商。In an exemplary embodiment, the fifth BGP message includes at least one first capability subfield, and any first capability subfield in the at least one first capability subfield carries an address family identifier, and the address family identifier is used to indicate the extended address family. The first network element device notifies the second network element device of the extended address family through the fifth BGP message, so that the second network element device can confirm whether the second network element device is capable of supporting the extended address family, thereby realizing address family extension Negotiation of capabilities.
能够理解的是,第五BGP报文中的第一能力子字段与扩展的地址族一一对应,第五BGP报文包括的第一能力子字段的数量越多,则第五BGP协商的扩展的地址族的数量也越多,本申请实施例不对第一能力子字段的数量加以限定。示例性地,第五BGP报文中包括两个第一能力子字段,其中一个第一能力子字段携带互联网协议第四版(internet protocol version 4,IPv4)地址族标识,IPv4地址族标识用于指示扩展的IPv4地址族af-ipv4-RA,另一个第一能力子字段携带互联网协议第六版(internet protocol version 6,IPv6)地址族标识,IPv6地址族标识用于指示扩展的IPv6地址族af-ipv6-RA。也就是说,第五BGP报文用于协商扩展的IPv4地址族和扩展的IPv6地址族。其中,IPv4地址族af-ipv4-RA和IPv6地址族af-ipv6-RA均用于实现RA过程。af-ipv4-RA为IPv4地址族的名称,af-ipv6-RA为IPv6地址族的名称,这两个名称仅为举例,本申请实施例不限定IPv4地址族和IPv6地址族的名称。It can be understood that the first capability subfield in the fifth BGP message is in one-to-one correspondence with the extended address family, and the more the number of the first capability subfields included in the fifth BGP message, the extended the fifth BGP negotiation The greater the number of address families, the embodiment of the present application does not limit the number of the first capability subfield. Exemplarily, the fifth BGP message includes two first capability subfields, wherein one first capability subfield carries an Internet protocol version 4 (internet protocol version 4, IPv4) address family identifier, and the IPv4 address family identifier is used for Indicates the extended IPv4 address family af-ipv4-RA, and another first capability subfield carries the address family identifier of the sixth version of the Internet protocol (internet protocol version 6, IPv6), and the IPv6 address family identifier is used to indicate the extended IPv6 address family af -ipv6-RA. That is to say, the fifth BGP message is used to negotiate the extended IPv4 address family and the extended IPv6 address family. Wherein, both the IPv4 address family af-ipv4-RA and the IPv6 address family af-ipv6-RA are used to implement the RA process. af-ipv4-RA is the name of the IPv4 address family, and af-ipv6-RA is the name of the IPv6 address family. These two names are just examples. This embodiment of the present application does not limit the names of the IPv4 address family and the IPv6 address family.
在示例性实施例中,第五BGP报文为第一开放报文。第一开放报文也即是报文类型为开放类型的BGP报文。参见图13,对开放类型的BGP报文的报文结构进行说明。开放类型的BGP报文包括BGP报文头和开放类型对应的报文内容。根据上文步骤901中的说明可知,BGP报文头包括的类型值字段的取值为1用于指示报文类型为开放类型。在开放类型对应的报文内容中,包括可选参数长度(optional parameter length)字段和可选参数(optional parameter)字段。可选参数长度字段用于指示可选参数字段的长度。可选参数字段包括参数类型(parameter type)字段、参数长度(parameter length)字段和参数值(parameter value)字段,参数类型字段的取值为2用于指示进行能力协商,参数长度字段用于指示参数值字段的长度,参数值字段包括至少一个能力(capability)字段。一个能力字段包括能力编号(capability code)字段、能力长度(capability length)字段和能力值(capability value)字段。能力编号字段的取值为1用于指示协商地址族能力,能力长度字段用于指示能力值字段的长度,能力值字段包括地址族标识(address family identifier,AFI)字段、保留(reserve)字段和子地址族标识(sub-address family identifier,SAFI)字段,AFI字段用于指示需要协商的地址族,保留字段置零,SAFI字段用于区分不同的指示通信模式,通信模式包括但不限于单播、组播和虚拟专用网络(virtual private network,VPN)。In an exemplary embodiment, the fifth BGP message is the first open message. The first open message is a BGP message whose message type is an open type. Referring to FIG. 13 , the message structure of the open type BGP message is described. An open BGP packet includes a BGP packet header and the packet content corresponding to the open type. According to the above description in step 901, it can be seen that the value of the type value field included in the BGP message header is 1, which indicates that the message type is an open type. The message content corresponding to the open type includes an optional parameter length (optional parameter length) field and an optional parameter (optional parameter) field. The optional parameter length field is used to indicate the length of the optional parameter field. The optional parameter field includes parameter type (parameter type) field, parameter length (parameter length) field and parameter value (parameter value) field. The value of the parameter type field is 2 to indicate capability negotiation, and the parameter length field is used to indicate The length of the parameter value field, where the parameter value field includes at least one capability (capability) field. A capability field includes a capability code (capability code) field, a capability length (capability length) field, and a capability value (capability value) field. The value of the capability number field is 1 to indicate the negotiation address family capability, the capability length field is used to indicate the length of the capability value field, and the capability value field includes the address family identifier (address family identifier, AFI) field, the reserved (reserve) field and the The address family identifier (sub-address family identifier, SAFI) field, the AFI field is used to indicate the address family that needs to be negotiated, the reserved field is set to zero, and the SAFI field is used to distinguish different indication communication modes. The communication modes include but are not limited to unicast, Multicast and virtual private network (virtual private network, VPN).
在示例性实施例中,第一开放报文包括第一可选参数字段,至少一个第一能力子字段位于第一可选参数字段中。其中,该第一可选参数字段即为图13所示的可选参数字段,第一能力子字段即为图13所示的能力字段,第一能力子字段需要携带的地址族标识即为图13所示的AFI字段。在相关技术中,AFI字段的取值为1、2和196时分别用于指示IPv4地址族、IPv6地址族和二层(layer 2,L2),因而本申请实施例中采用1、2和196之外的其他取值作为地址族标识,以指示扩展的地址族。例如,AFI字段的取值为256用于指示扩展的IPv4地址族,AFI的取值为257用于指示扩展的IPv6地址族。另外,本申请实施例不对SAFI字段所指示的通信模式加以限定。In an exemplary embodiment, the first open packet includes a first optional parameter field, and at least one first capability subfield is located in the first optional parameter field. Wherein, the first optional parameter field is the optional parameter field shown in Figure 13, the first capability subfield is the capability field shown in Figure 13, and the address family identifier that the first capability subfield needs to carry is the The AFI field shown in 13. In the related art, when the values of the AFI field are 1, 2 and 196, they are respectively used to indicate the IPv4 address family, the IPv6 address family and the second layer (layer 2, L2), so 1, 2 and 196 are used in the embodiment of the present application The value other than is used as the address family identifier to indicate the extended address family. For example, a value of 256 in the AFI field is used to indicate the extended IPv4 address family, and a value of 257 in the AFI field is used to indicate the extended IPv6 address family. In addition, the embodiment of the present application does not limit the communication mode indicated by the SAFI field.
912,第二网元设备通过BGP连接接收第一网元设备发送的第五BGP报文。912. The second network element device receives the fifth BGP packet sent by the first network element device through the BGP connection.
第二网元设备接收并解析第五BGP报文,从而确定该第五BGP报文用于与第一网元设备协商地址族扩展能力。根据上文步骤911中的说明可知,第五BGP报文中包括至少一个携带有地址族标识的第一能力子字段,第二网元设备通过解析第五BGP报文,能够获取到地址族标识,从而确定地址族标识所指示的扩展的地址族。The second network element device receives and parses the fifth BGP packet, so as to determine that the fifth BGP packet is used for negotiating address family extension capabilities with the first network element device. According to the description in step 911 above, it can be seen that the fifth BGP message includes at least one first capability subfield carrying the address family identifier, and the second network element device can obtain the address family identifier by parsing the fifth BGP message , so as to determine the extended address family indicated by the address family ID.
913,第二网元设备基于第二网元设备的地址族扩展能力生成第六BGP报文,通过BGP连接向第一网元设备发送第六BGP报文。913. The second network element device generates a sixth BGP packet based on the address family extension capability of the second network element device, and sends the sixth BGP packet to the first network element device through the BGP connection.
在第二网元设备确定扩展的地址族之后,通过第二网元设备的地址族扩展能力能够确定第二网元设备支持该扩展的地址族。因此,第二网元设备通过第六BGP报文告知第一网元设备第二网元设备有能力支持该扩展的地址族。After the second network element device determines the extended address family, it can be determined through the address family extension capability of the second network element device that the second network element device supports the extended address family. Therefore, the second network element device informs the first network element device that the second network element device is capable of supporting the extended address family through the sixth BGP message.
在示例性实施例中,第二网元设备基于第二网元设备的地址族扩展能力生成第六BGP报文,包括:响应于确定第二网元设备具备地址族扩展能力,第二网元设备向第一网元设备发送包括至少一个携带有地址族标识的第二能力子字段的第六BGP报文,也即是第六BGP报文包括至少一个携带有地址族标识的第二能力子字段。In an exemplary embodiment, the second network element device generates the sixth BGP message based on the address family extension capability of the second network element device, including: in response to determining that the second network element device has the address family extension capability, the second network element The device sends a sixth BGP packet including at least one second capability subfield carrying the address family identifier to the first network element device, that is, the sixth BGP packet includes at least one second capability subfield carrying the address family identifier field.
其中,第二网元设备具备地址族扩展能力,包括:第二网元设备能够支持至少一个地址族标识所指示的扩展的地址族。并且,第二网元设备能够支持哪个地址族标识所指示的扩展 的地址族,第二网元设备向第一网元设备发送的第六BGP报文包括的第二能力子字段中便包括哪个地址族标识,第二能力子字段与地址族标识一一对应。例如,第五BGP报文中包括两个第一能力子字段,分别携带IPv4地址族标识和IPv6地址族标识。响应于第二网元设备仅能够支持IPv4地址族标识所指示的扩展的IPv4地址族,则向第一网元设备发送包括携带有IPv4地址族标识的第二能力子字段的第六BGP报文。响应于第二网元设备能够支持IPv4地址族标识所指示的扩展的IPv4地址族,且能够支持IPv6地址族标识所指示的扩展的IPv6地址族,则第二网元设备向第一网元设备发送的第六BGP报文包括两个第二能力子字段,分别携带IPv4地址族标识和IPv6地址族标识。Wherein, the second network element device has an address family extension capability, including: the second network element device can support an extended address family indicated by at least one address family identifier. In addition, the second network element device can support the extended address family indicated by the address family identifier, and the second capability subfield included in the sixth BGP message sent by the second network element device to the first network element device includes which The address family identifier, and the second capability subfield correspond one-to-one with the address family identifier. For example, the fifth BGP packet includes two first capability subfields, respectively carrying an IPv4 address family identifier and an IPv6 address family identifier. In response to the second network element device being able to only support the extended IPv4 address family indicated by the IPv4 address family identifier, sending the sixth BGP message including the second capability subfield carrying the IPv4 address family identifier to the first network element device . In response to the fact that the second network element device can support the extended IPv4 address family indicated by the IPv4 address family identifier, and can support the extended IPv6 address family indicated by the IPv6 address family identifier, the second network element device sends the first network element device The sixth BGP packet sent includes two second capability subfields, which respectively carry an IPv4 address family identifier and an IPv6 address family identifier.
在示例性实施例中,第六BGP报文的报文类型为开放类型,第六BGP报文包括第二可选参数字段,响应于第六BGP报文包括至少一个携带有地址族标识的第二能力子字段,则至少一个携带有地址族标识的第二能力子字段位于第二可选参数字段中。其中,该第二可选参数字段即为图13所示的可选参数字段,第二能力子字段即为图13所示的能力字段,第二能力子字段需要携带的地址族标识即为图13所示的AFI字段。AFI字段参见上文步骤911中的说明,此处不再进行赘述。In an exemplary embodiment, the message type of the sixth BGP message is an open type, the sixth BGP message includes a second optional parameter field, and in response to the sixth BGP message including at least one Two capability subfields, at least one second capability subfield carrying the address family identifier is located in the second optional parameter field. Wherein, the second optional parameter field is the optional parameter field shown in Figure 13, the second capability subfield is the capability field shown in Figure 13, and the address family identifier that the second capability subfield needs to carry is the The AFI field shown in 13. For the AFI field, refer to the description in step 911 above, and details will not be repeated here.
914,第一网元设备通过BGP连接接收第二网元设备发送的第六BGP报文,基于第六BGP报文确定第二网元设备具备地址族扩展能力,则第二网元设备支持远程证明功能。914. The first network element device receives the sixth BGP message sent by the second network element device through the BGP connection, and based on the sixth BGP message, it is determined that the second network element device has the address family extension capability, and the second network element device supports remote Proof function.
其中,响应于基于第六BGP报文确定第二网元设备具备地址族扩展能力,则确定第二网元设备支持远程证明功能。示例性地,在确定第二网元设备具备地址族扩展能力的基础上,还需要通过上文的步骤906-910确定第二网元设备对应的版本信息与远程证明基线文件对应的版本信息相匹配,从而确定第二网元设备支持远程证明功能。Wherein, in response to determining that the second network element device has an address family extension capability based on the sixth BGP message, it is determined that the second network element device supports the remote attestation function. Exemplarily, on the basis of determining that the second network element device has the address family extension capability, it is also necessary to determine that the version information corresponding to the second network element device is consistent with the version information corresponding to the remote attestation baseline file through steps 906-910 above. match, so as to determine that the second network element device supports the remote attestation function.
在示例性实施例中,第一网元设备基于第六BGP报文确定第二网元设备具备地址族扩展能力,包括:第一网元设备解析第六BGP报文。响应于第六BGP报文包括至少一个携带有地址族标识的第二能力子字段,则第一网元设备确定第二网元设备具备地址族扩展能力。其中,在第六BGP报文中包括携带有地址族标识的第二能力子字段的情况下,说明第二网元设备能够支持该地址族标识所指示的扩展的地址族,从而能够确定第二网元设备具备地址族扩展能力。In an exemplary embodiment, the first network element device determining, based on the sixth BGP message, that the second network element device has an address family extension capability includes: parsing the sixth BGP message by the first network element device. In response to the fact that the sixth BGP packet includes at least one second capability subfield carrying the address family identifier, the first network element device determines that the second network element device has an address family extension capability. Wherein, if the sixth BGP message includes the second capability subfield carrying the address family identifier, it means that the second network element device can support the extended address family indicated by the address family identifier, so that the second The network element device has the address family expansion capability.
能够理解的是,本申请实施例不对步骤906-910和步骤911-914的执行顺序加以限定。例如,先执行步骤906-910后执行步骤911-914。或者,先执行步骤911-914后执行步骤906-910。又或者,同步执行步骤906-910和步骤911-914。总之,在步骤906-910和步骤911-914均执行完毕之后,能够确定第二网元设备支持远程证明功能,从而能够继续执行上文的步骤901-905。It can be understood that, the embodiment of the present application does not limit the execution order of steps 906-910 and steps 911-914. For example, steps 906-910 are executed first and then steps 911-914 are executed. Or, execute steps 911-914 first and then execute steps 906-910. Alternatively, steps 906-910 and steps 911-914 are executed synchronously. In a word, after steps 906-910 and steps 911-914 are all executed, it can be determined that the second network element device supports the remote attestation function, so that the above steps 901-905 can be continued.
上文的步骤910所针对的是第二网元设备对应的版本信息与远程证明基线文件对应的版本信息相同的情况。应理解的是,在执行步骤906-909之后还可能存在第二网元设备对应的版本信息与远程证明基线文件对应的版本信息不同的情况,也即是第二网元设备对应的版本信息与远程证明基线文件对应的版本信息不匹配的情况。在不匹配的情况下,第一网元设备确定第二网元设备不支持远程证明功能、无法对第二网元设备进行远程证明,因而无需执行上文的步骤901-905。并且,响应于步骤911-914为后执行的步骤,则第一网元设备在不匹配的情况下也无需再执行步骤911-914,从而避免造成处理资源的浪费。The above step 910 is aimed at the situation that the version information corresponding to the second network element device is the same as the version information corresponding to the remote attestation baseline file. It should be understood that, after steps 906-909 are performed, there may also be cases where the version information corresponding to the second network element device is different from the version information corresponding to the remote attestation baseline file, that is, the version information corresponding to the second network element device is different from the version information corresponding to the remote attestation baseline file. The version information corresponding to the remote attestation baseline file does not match. In the case of no match, the first network element device determines that the second network element device does not support the remote attestation function and cannot perform remote attestation on the second network element device, and thus does not need to perform the above steps 901-905. Moreover, in response to steps 911-914 being performed later, the first network element device does not need to perform steps 911-914 again in the case of mismatch, thereby avoiding waste of processing resources.
上文的步骤913和步骤914所针对的是第二网元设备具备地址族扩展能力的情况。应理 解的是,在执行步骤911和步骤912之后还可能存在第二网元设备不具备地址族扩展能力的情况。在第二网元设备不具备地址族扩展能力的情况下,第二网元设备不再如步骤913一样向第一网元设备发送包括至少一个携带有地址族标识的第二能力子字段的第六BGP报文,而是向第一网元设备发送不包括携带有地址族标识的第二能力子字段的第六BGP报文。在第六BGP报文的报文类型为开放类型的情况下,第六BGP报文包括第二可选参数字段,该第二可选参数字段为空。第一网元设备解析第六BGP报文之后,第六BGP报文也不再如步骤914一样包括至少一个携带有地址族标识的第二能力子字段,而是不包括携带有地址族标识的第二能力子字段,从而使得第一网元设备确定第二网元设备不具备地址族扩展能力。在第二网元设备不具备地址族扩展能力的情况下,第一网元设备确定第二网元设备不支持远程证明功能、无法对第二网元设备进行远程证明,因而无需执行上文的步骤901-905。并且,响应于步骤906-910为后执行的步骤,则第一网元设备在第二网元设备不具备地址族扩展能力的情况下也无需再执行步骤906-910,从而避免造成处理资源的浪费。The above steps 913 and 914 are aimed at the situation that the second network element device has the address family expansion capability. It should be understood that after step 911 and step 912 are performed, there may be a situation that the second network element device does not have the address family extension capability. In the case that the second network element device does not have the address family extension capability, the second network element device no longer sends to the first network element device the first network element device including at least one second capability subfield carrying the address family identifier. Instead, the sixth BGP message that does not include the second capability subfield carrying the address family identifier is sent to the first network element device. In the case that the message type of the sixth BGP message is an open type, the sixth BGP message includes a second optional parameter field, and the second optional parameter field is empty. After the first network element device parses the sixth BGP message, the sixth BGP message no longer includes at least one second capability subfield carrying the address family identifier as in step 914, but does not include the second capability subfield carrying the address family identifier. The second capability subfield, so that the first network element device determines that the second network element device does not have the address family extension capability. When the second NE device does not have the address family extension capability, the first NE device determines that the second NE device does not support the remote attestation function and cannot remotely attest to the second NE device, so there is no need to perform the above steps Steps 901-905. In addition, in response to steps 906-910 being performed later, the first network element device does not need to perform steps 906-910 when the second network element device does not have the address family extension capability, thereby avoiding a waste of processing resources. waste.
第二种情况,第二网元设备支持远程证明功能是指第二网元设备对应的版本信息与远程证明基线文件对应的版本信息相匹配。此种情况下第一设备基于BGP连接向第二网元设备发送第一BGP报文之前,或者说第二网元设备基于BGP连接接收第一网元设备发送的第一BGP报文之前,仅执行上述步骤906-910即可,无需执行上述步骤911-914。在执行上述步骤906-910之后,便能够继续执行上述步骤901-905。另外,响应于在执行步骤906-909之后确定第二网元设备对应的版本信息与远程证明基线文件对应的版本信息不同,则第一网元设备确定第二网元设备不支持远程证明功能、无法对第二网元设备进行远程证明,不再执行上文的步骤901-905。In the second case, the fact that the second network element device supports the remote attestation function means that the version information corresponding to the second network element device matches the version information corresponding to the remote attestation baseline file. In this case, before the first device sends the first BGP packet to the second network element device based on the BGP connection, or before the second network element device receives the first BGP packet sent by the first network element device based on the BGP connection, only It is only necessary to perform the above steps 906-910, and it is not necessary to perform the above steps 911-914. After performing the above steps 906-910, the above steps 901-905 can be continued. In addition, in response to determining that the version information corresponding to the second network element device is different from the version information corresponding to the remote attestation baseline file after performing steps 906-909, the first network element device determines that the second network element device does not support the remote attestation function, If the remote certification cannot be performed on the second network element device, the above steps 901-905 are not performed again.
第三种情况,第二网元设备支持远程证明功能是指第二网元设备具备地址族扩展能力。此种情况下第一设备基于BGP连接向第二网元设备发送第一BGP报文之前,或者说第二网元设备基于BGP连接接收第一网元设备发送的第一BGP报文之前,仅执行上述步骤911-914即可,无需执行上述步骤906-910。在执行上述步骤911-914之后,便能够继续执行上述步骤901-905。另外,响应于在执行步骤911和步骤912之后确定第二网元设备不具备地址族扩展能力,则第一网元设备确定第二网元设备不支持远程证明功能、无法对第二网元设备进行远程证明,不再执行上文的步骤901-905。在第二网元设备不具备地址族扩展能力的情况下,第六BGP报文参见上文第一种情况中的说明,此处不再进行赘述。In the third case, the fact that the second network element device supports the remote attestation function means that the second network element device has an address family expansion capability. In this case, before the first device sends the first BGP packet to the second network element device based on the BGP connection, or before the second network element device receives the first BGP packet sent by the first network element device based on the BGP connection, only It is only necessary to perform the above steps 911-914, and it is not necessary to perform the above steps 906-910. After performing the above steps 911-914, the above steps 901-905 can be continued. In addition, in response to determining that the second network element device does not have the address family extension capability after performing step 911 and step 912, the first network element device determines that the second network element device does not support the remote attestation function and cannot authenticate the second network element device. For remote attestation, the above steps 901-905 are no longer performed. In the case that the second network element device does not have the address family extension capability, for the sixth BGP message, refer to the description in the first case above, and details will not be repeated here.
参见图14,图14示出了第一网元设备与第二网元设备之间通过远程证明过程得到远程证明结果的流程示意图,结合图14对远程证明过程进行总体说明。如图14所示,RA过程包括如下的步骤1401-1412。Referring to FIG. 14 , FIG. 14 shows a schematic flowchart of obtaining a remote attestation result through the remote attestation process between the first network element device and the second network element device. The remote attestation process is generally described in conjunction with FIG. 14 . As shown in Figure 14, the RA process includes the following steps 1401-1412.
1401,将第一网元设备设定为可信根。1401. Set the first network element device as a root of trust.
其中,该第一网元设备具备路由反射功能。通过将第一网元设备设定为可信根,能够使得第一网元设备对第二网元设备进行可信度量,从而实现RA过程。该第二网元设备是需要确定是否处于可信状态的设备,第一网元设备与第二网元设备之间建立有用于进行路由反射的BGP连接。Wherein, the first network element device has a route reflection function. By setting the first network element device as the root of trust, the first network element device can perform trustworthiness measurement on the second network element device, thereby realizing the RA process. The second network element device is a device that needs to be determined whether it is in a trusted state, and a BGP connection for route reflection is established between the first network element device and the second network element device.
1402,第一网元设备获取远程证明基线文件。1402. The first network element device acquires the remote attestation baseline file.
示例性地,第一网元设备接收其他设备发送的远程证明基线文件。或者,在第一网元设备与第二网元设备为相同供应商提供的相同版本的设备的情况下,第一网元设备根据第一网 元设备的度量信息自行生成远程证明基线文件。Exemplarily, the first network element device receives the remote attestation baseline file sent by other devices. Or, when the first network element device and the second network element device are devices of the same version provided by the same supplier, the first network element device generates the remote attestation baseline file by itself according to the measurement information of the first network element device.
1403,第一网元设备向第二网元设备发送第五BGP报文,以与第二网元设备协商地址族扩展能力。步骤1403参见上文步骤911中的说明,此处不再进行赘述。1403. The first network element device sends a fifth BGP packet to the second network element device, so as to negotiate address family extension capability with the second network element device. For step 1403, refer to the description in step 911 above, and details are not repeated here.
1404,第二网元设备向第一网元设备发送第六BGP报文,以与第一网元设备协商地址族扩展能力。步骤1404参见上文步骤913中的说明,此处不再进行赘述。1404. The second network element device sends a sixth BGP packet to the first network element device, so as to negotiate address family extension capability with the first network element device. For step 1404, refer to the description in step 913 above, and details are not repeated here.
1405,第一网元设备确定第二网元设备是否具备地址族扩展能力。其中,第一网元设备基于对第六BGP报文的解析结果,检查第二网元设备的地址族扩展能力。如果第二网元设备具备地址族扩展能力,则继续执行步骤1406。如果第二网元设备不具备地址族扩展能力,则第一网元设备确定无法对第二网元设备进行远程证明。1405. The first network element device determines whether the second network element device has an address family extension capability. Wherein, the first network element device checks the address family extension capability of the second network element device based on the analysis result of the sixth BGP message. If the second network element device has the address family extension capability, continue to perform step 1406 . If the second network element device does not have the address family extension capability, the first network element device determines that it cannot remotely authenticate the second network element device.
1406,第一网元设备向第二网元设备发送第三BGP报文,以查询第二网元设备对应的版本信息。步骤1406参见上文步骤906中的说明,此处不再进行赘述。1406. The first network element device sends a third BGP packet to the second network element device to query version information corresponding to the second network element device. For step 1406, refer to the description in step 906 above, which will not be repeated here.
1407,第二网元设备向第一网元设备发送第四BGP报文,第四BGP报文中携带第二网元设备对应的版本信息。步骤1407参见上文步骤908中的说明,此处不再进行赘述。1407. The second network element device sends a fourth BGP packet to the first network element device, where the fourth BGP packet carries version information corresponding to the second network element device. For step 1407, refer to the description in step 908 above, and details are not repeated here.
1408,第一网元设备确定第二网元设备对应的版本信息是否与远程证明文件对应的版本信息相匹配。其中,第一网元设备基于对第四BGP报文的解析结果,检查第二网元设备对应的版本信息。如果第二网元设备对应的版本信息与远程证明基线文件对应的版本信息相匹配,则继续执行步骤1409,否则第一网元设备确定无法对第二网元设备进行远程证明。1408. The first network element device determines whether the version information corresponding to the second network element device matches the version information corresponding to the remote certification file. Wherein, the first network element device checks the version information corresponding to the second network element device based on the analysis result of the fourth BGP message. If the version information corresponding to the second network element device matches the version information corresponding to the remote attestation baseline file, proceed to step 1409; otherwise, the first network element device determines that the remote attestation cannot be performed on the second network element device.
1409,第一网元设备与第二网元设备建立安全连接。1409. The first network element device establishes a secure connection with the second network element device.
1410,第一网元设备通过安全连接向第二网元设备发送第一BGP报文,以查询第二网元设备的度量信息。步骤1410参见上文步骤901中的说明,此处不再进行赘述。1410. The first network element device sends a first BGP packet to the second network element device through the secure connection, so as to query the metric information of the second network element device. For step 1410, refer to the description in step 901 above, and details are not repeated here.
1411,第二网元设备通过安全连接向第一网元设备发送第二BGP报文,第二BGP报文中携带第二网元设备的度量信息。步骤1411参见上文步骤903中的说明,此处不再进行赘述。1411. The second network element device sends a second BGP packet to the first network element device through a secure connection, where the second BGP packet carries metric information of the second network element device. For step 1411, refer to the description in step 903 above, and details are not repeated here.
1412,第一网元设备将第二BGP报文中携带的第二网元设备的度量信息和本地保存的远程证明基线文件进行对比,得到远程证明结果,该远程证明结果用于指示第二网元设备是否处于可信状态。步骤1412参见上文步骤905中的说明,此处不再进行赘述。1412. The first network element device compares the measurement information of the second network element device carried in the second BGP message with the locally stored remote attestation baseline file to obtain a remote attestation result, and the remote attestation result is used to instruct the second network element to Whether the meta-device is in a trusted state. For step 1412, refer to the description in step 905 above, and details are not repeated here.
以上介绍了本申请实施例提供的远程证明的应用方法,与上述方法对应,本申请实施例还提供了一种远程证明的应用装置。其中,该装置应用于第一网元设备。该装置用于通过图15所示的各个模块执行上述图3中第一网元设备所执行的远程证明的应用方法。如图15所示,本申请实施例提供的远程证明的应用装置包括如下几个模块。The above describes the remote attestation application method provided by the embodiment of the present application. Corresponding to the above method, the embodiment of the present application also provides a remote attestation application device. Wherein, the apparatus is applied to the first network element device. The apparatus is used to implement the remote attestation application method performed by the first network element device in FIG. 3 through various modules shown in FIG. 15 . As shown in FIG. 15 , the remote attestation application device provided by the embodiment of the present application includes the following modules.
获取模块1501,用于获取第二网元设备对应的远程证明结果,远程证明结果用于指示第二网元设备的可信状态,第二网元设备的可信状态包括可信、不可信或者状态未知;例如,获取模块1501获取第二网元设备对应的远程证明结果的方式可参见上述图9所示实施例,此处暂不赘述。或者,获取模块1501获取第二网元设备对应的远程证明结果的方式可参见图3所示实施例中步骤301的相关内容,此处暂不赘述。The obtaining module 1501 is configured to obtain a remote attestation result corresponding to the second network element device, the remote attestation result is used to indicate the trusted state of the second network element device, and the trusted state of the second network element device includes trusted, untrusted, or The state is unknown; for example, the manner in which the obtaining module 1501 obtains the remote attestation result corresponding to the second network element device can refer to the above-mentioned embodiment shown in FIG. 9 , which will not be repeated here. Alternatively, for the manner in which the acquiring module 1501 acquires the remote attestation result corresponding to the second network element device, reference may be made to the related content of step 301 in the embodiment shown in FIG. 3 , which will not be repeated here.
管理模块1502,用于基于远程证明结果所指示的第二网元设备的可信状态,对第二网元设备进行路由管理。管理模块1502基于远程证明结果所指示的第二网元设备的可信状态,对第二网元设备进行路由管理的方式可参见图3所示实施例中步骤302的相关内容,此处暂不赘 述。The management module 1502 is configured to perform routing management on the second network element device based on the trusted state of the second network element device indicated by the remote attestation result. For the manner in which the management module 1502 performs routing management on the second network element device based on the trusted state of the second network element device indicated by the remote attestation result, please refer to the relevant content of step 302 in the embodiment shown in FIG. repeat.
在示例性实施例中,管理模块1502,用于获取第二网元设备对应的路由信息;基于第二网元设备的可信状态,按照已配置的规则对第二网元设备对应的路由信息进行管理。In an exemplary embodiment, the management module 1502 is configured to obtain the routing information corresponding to the second network element device; based on the trusted status of the second network element device, according to the configured rules for the routing information corresponding to the second network element device to manage.
在示例性实施例中,已配置的规则包括路由管理策略,管理模块1502,用于从路由管理策略中确定与第二网元设备的可信状态相匹配的目标策略;按照目标策略对第二网元设备对应的路由信息进行管理。In an exemplary embodiment, the configured rules include routing management policies, and the management module 1502 is configured to determine a target policy that matches the trusted state of the second network element device from the routing management policies; Manage routing information corresponding to network element devices.
在示例性实施例中,第二网元设备对应的路由信息包括第一路由信息、第二路由信息、第三路由信息和第四路由信息中的至少一种信息,其中,第一路由信息是第二网元设备需要发布的路由信息,第二路由信息是第二网元设备已发布的路由信息,第三路由信息是第二网元设备需要接收的路由信息,第四路由信息是第二网元设备已接收的路由信息;目标策略包括第一路由信息对应的策略、第二路由信息对应的策略、第三路由信息对应的策略和第四路由信息对应的策略中的至少一种策略。In an exemplary embodiment, the routing information corresponding to the second network element device includes at least one of the first routing information, the second routing information, the third routing information, and the fourth routing information, where the first routing information is The routing information that the second network element device needs to publish, the second routing information is the routing information published by the second network element device, the third routing information is the routing information that the second network element device needs to receive, and the fourth routing information is the second routing information The routing information received by the network element device; the target policy includes at least one policy corresponding to the first routing information, the second routing information, the third routing information and the fourth routing information.
在示例性实施例中,第二网元设备的可信状态为第二网元设备可信;第一路由信息对应的策略用于指示发布第一路由信息;第二路由信息对应的策略用于指示维持第二路由信息;第三路由信息对应的策略用于指示向第二网元设备发布第三路由信息;第四路由信息对应的策略用于指示维持第四路由信息。In an exemplary embodiment, the trusted state of the second network element device is that the second network element device is trusted; the policy corresponding to the first routing information is used to indicate the release of the first routing information; the policy corresponding to the second routing information is used to Instructing to maintain the second routing information; the strategy corresponding to the third routing information is used to instruct publishing the third routing information to the second network element device; the strategy corresponding to the fourth routing information is used to instruct maintaining the fourth routing information.
在示例性实施例中,第二网元设备的可信状态为第二网元设备不可信;第一路由信息对应的策略用于指示不发布第一路由信息;第二路由信息对应的策略用于指示撤销第二路由信息;第三路由信息对应的策略用于指示不向第二网元设备发布第三路由信息;第四路由信息对应的策略用于指示撤销第四路由信息。In an exemplary embodiment, the trusted state of the second network element device is that the second network element device is untrustworthy; the strategy corresponding to the first routing information is used to indicate that the first routing information is not issued; the strategy corresponding to the second routing information is used The policy corresponding to the third routing information is used to indicate not to publish the third routing information to the second network element device; the policy corresponding to the fourth routing information is used to indicate the withdrawal of the fourth routing information.
在示例性实施例中,第二网元设备的可信状态为第二网元设备状态未知;第一路由信息对应的策略用于指示发布第一路由信息和第一优先级指标,第一优先级指标用于指示第一路由信息的优先级,第一路由信息的优先级低于缺省优先级;第二路由信息对应的策略用于指示发布第二路由信息和第二优先级指标,第二优先级指标用于指示本次发布的第二路由信息的优先级,本次发布的第二路由信息的优先级低于缺省优先级且低于上次发布的第二路由信息的优先级;第三路由信息对应的策略用于指示向第二网元设备发布第三路由信息;第四路由信息对应的策略用于指示维持第四路由信息。In an exemplary embodiment, the trusted state of the second network element device is that the state of the second network element device is unknown; the strategy corresponding to the first routing information is used to indicate the release of the first routing information and the first priority index, and the first priority The level indicator is used to indicate the priority of the first routing information, and the priority of the first routing information is lower than the default priority; the policy corresponding to the second routing information is used to indicate the release of the second routing information and the second priority indicator. The second priority indicator is used to indicate the priority of the second routing information released this time. The priority of the second routing information released this time is lower than the default priority and lower than the priority of the second routing information released last time. The strategy corresponding to the third routing information is used to instruct to issue the third routing information to the second network element device; the strategy corresponding to the fourth routing information is used to instruct to maintain the fourth routing information.
在示例性实施例中,已配置的规则包括可执行代码,可执行代码用于为第二网元设备对应的路由信息配置与第二网元设备的可信状态相匹配的优先级指标,管理模块1502,用于通过运行可执行代码,为第二网元设备对应的路由信息配置第三优先级指标,其中,第三优先级指标是与第二网元设备的可信状态相匹配的优先级指标,第三优先级指标用于指示第二网元设备对应的路由信息的优先级;发布第二网元设备对应的路由信息和第三优先级指标。In an exemplary embodiment, the configured rules include executable code, and the executable code is used to configure the routing information corresponding to the second network element device with a priority indicator that matches the trusted status of the second network element device, and manage Module 1502, configured to configure a third priority index for routing information corresponding to the second network element device by running executable code, wherein the third priority index is a priority index that matches the trusted status of the second network element device. level index, and the third priority index is used to indicate the priority of the routing information corresponding to the second network element device; and publish the routing information corresponding to the second network element device and the third priority index.
在示例性实施例中,第二网元设备对应的路由信息包括第一路由信息和第二路由信息中的至少一种信息,其中,第一路由信息是第二网元设备需要发布的路由信息,第二路由信息是第二网元设备已发布的路由信息,第三优先级指标包括第一路由信息对应的优先级指标和第二路由信息对应的优先级指标中的至少一种指标,第一路由信息对应的优先级指标用于指示第一路由信息的优先级,第二路由信息对应的优先级指标用于指示第二路由信息的优先级。In an exemplary embodiment, the routing information corresponding to the second network element device includes at least one of the first routing information and the second routing information, where the first routing information is the routing information that the second network element device needs to publish , the second routing information is the routing information published by the second network element device, the third priority index includes at least one of the priority index corresponding to the first routing information and the priority index corresponding to the second routing information, the first A priority indicator corresponding to the routing information is used to indicate the priority of the first routing information, and a priority indicator corresponding to the second routing information is used to indicate the priority of the second routing information.
在示例性实施例中,第二网元设备的可信状态为第二网元设备可信;第一路由信息的优先级和第二路由信息的优先级均不低于缺省优先级。In an exemplary embodiment, the trusted state of the second network element device is that the second network element device is trusted; neither the priority of the first routing information nor the priority of the second routing information is lower than the default priority.
在示例性实施例中,第二网元设备的可信状态为第二网元设备不可信;第一路由信息的优先级和第二路由信息的优先级均低于缺省优先级。In an exemplary embodiment, the trusted state of the second network element device is that the second network element device is not trusted; the priority of the first routing information and the priority of the second routing information are both lower than the default priority.
在示例性实施例中,第二网元设备的可信状态为第二网元设备状态未知;第一路由信息的优先级和第二路由信息的优先级均低于缺省优先级且高于第二网元设备不可信的情况下的优先级。In an exemplary embodiment, the trusted state of the second network element device is unknown state of the second network element device; the priority of the first routing information and the priority of the second routing information are both lower than the default priority and higher than The priority when the second network element device is untrusted.
在示例性实施例中,优先级指标是BGP属性,优先级指标包括本地优先级或者多出口鉴别器,其中,本地优先级的数值越大,则本地优先级所指示的优先级越高,多出口鉴别器的数值越小,则多出口鉴别器所指示的优先级越高。In an exemplary embodiment, the priority indicator is a BGP attribute, and the priority indicator includes a local priority or a multi-exit discriminator, wherein the larger the value of the local priority, the higher the priority indicated by the local priority, and more The smaller the value of the exit discriminator, the higher the priority indicated by the multi-exit discriminator.
在示例性实施例中,获取模块1501,用于读取远程证明结果获取命令,远程证明结果获取命令用于指示远程证明结果的获取路径;按照远程证明结果获取命令所指示的获取路径获取远程证明结果。In an exemplary embodiment, the acquisition module 1501 is configured to read a remote certification result acquisition command, and the remote certification result acquisition command is used to indicate the acquisition path of the remote certification result; acquire the remote certification according to the acquisition path indicated by the remote certification result acquisition command result.
图15所示的远程证明的应用装置应用于第一网元设备,所具备的结构,与第二网元设备交互的详细过程,以及应用远程证明结果对第二网元设备进行路由管理的详细过程,请参照前面图1-3、5-8相关的各实施例的描述,在这里不再重复。在示例性实施例中,第一网元设备具备路由反射功能,第一网元设备与第二网元设备之间建立有用于进行路由反射的BGP连接。The remote attestation application device shown in Figure 15 is applied to the first network element device, the structure it has, the detailed process of interacting with the second network element device, and the details of applying the remote attestation result to the second network element device for routing management For the process, please refer to the descriptions of the above embodiments related to FIGS. 1-3 and 5-8, and will not be repeated here. In an exemplary embodiment, the first network element device has a route reflection function, and a BGP connection for route reflection is established between the first network element device and the second network element device.
综上所述,本申请实施例在获取远程证明结果之后,将远程证明结果应用至第二网元设备的管理过程中,使得该远程证明结果能够反映在第二网元设备的路由功能上。由于该远程证明结果用于指示第二网元设备的可信状态,因而应用该远程证明结果对第二网元设备进行管理提高了管理的可靠性,从而保证了包含该第二网元设备的网络架构的安全性,以及基于第二网元设备进行通信的安全性。并且,应用本申请实施例还能够使得第二网元设备的可信程度越低,则流量通过该第二网元设备的概率也越低。To sum up, in the embodiment of the present application, after obtaining the remote attestation result, the remote attestation result is applied to the management process of the second network element device, so that the remote attestation result can be reflected in the routing function of the second network element device. Since the remote attestation result is used to indicate the trusted state of the second network element device, the application of the remote attestation result to manage the second network element device improves the reliability of management, thereby ensuring that the The security of the network architecture, and the security of communication based on the second network element device. Moreover, the application of the embodiment of the present application can also make the lower the degree of trustworthiness of the second network element device, the lower the probability of traffic passing through the second network element device.
应理解的是,上述图15提供的装置在实现其功能时,仅以上述各功能模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能模块完成,即将设备的内部结构划分成不同的功能模块,以完成以上描述的全部或者部分功能。另外,上述实施例提供的装置与方法实施例属于同一构思,其具体实现过程详见方法实施例,这里不再赘述。It should be understood that when the device provided in Figure 15 realizes its functions, it only uses the division of the above-mentioned functional modules for illustration. In practical applications, the above-mentioned function allocation can be completed by different functional modules according to needs. The internal structure of the system is divided into different functional modules to complete all or part of the functions described above. In addition, the device and the method embodiment provided by the above embodiment belong to the same idea, and the specific implementation process thereof is detailed in the method embodiment, and will not be repeated here.
参见图16,图16示出了本申请一示例性的远程证明的应用设备1600的结构示意图,该远程证明的应用设备1600包括至少一个处理器1601、存储器1603以及至少一个网络接口1604。Referring to FIG. 16 , FIG. 16 shows a schematic structural diagram of an exemplary remote certification application device 1600 of the present application. The remote certification application device 1600 includes at least one processor 1601 , memory 1603 and at least one network interface 1604 .
处理器1601例如是通用CPU、数字信号处理器(digital signal processor,DSP)、网络处理器(network processer,NP)、GPU、神经网络处理器(neural-network processing units,NPU)、数据处理单元(Data Processing Unit,DPU)、微处理器或者一个或多个用于实现本申请方案的集成电路或专用集成电路(application-specific integrated circuit,ASIC),可编程逻辑器件(programmable logic device,PLD)或者其他可编程逻辑器件、晶体管逻辑器件、硬件部件或者其任意组合。PLD例如是复杂可编程逻辑器件(complex programmable logic device,CPLD)、现场可编程逻辑门阵列(field-programmable gate array,FPGA)、通用阵列逻辑(generic array logic,GAL)或其任意组合。其可以实现或执行结合本申请公开内容所描述的各种逻辑方框、模块和电路。处理器也可以是实现计算功能的组合,例如包括一个或多个微处理器组合,DSP和微处理器的组合等等。The processor 1601 is, for example, a general-purpose CPU, a digital signal processor (digital signal processor, DSP), a network processor (network processor, NP), a GPU, a neural network processor (neural-network processing units, NPU), a data processing unit ( Data Processing Unit, DPU), microprocessor or one or more integrated circuits or application-specific integrated circuits (application-specific integrated circuit, ASIC), programmable logic device (programmable logic device, PLD) or Other programmable logic devices, transistor logic devices, hardware components, or any combination thereof. The PLD is, for example, a complex programmable logic device (complex programmable logic device, CPLD), a field-programmable gate array (field-programmable gate array, FPGA), a general array logic (generic array logic, GAL) or any combination thereof. It can implement or execute the various logical blocks, modules and circuits described in connection with the present disclosure. The processor can also be a combination of computing functions, for example, a combination of one or more microprocessors, a combination of DSP and a microprocessor, and so on.
可选的,远程证明的应用设备1600还包括总线1602。总线1602用于在远程证明的应用设 备1600的各组件之间传送信息。总线1602可以是外设部件互连标准(peripheral component interconnect,简称PCI)总线或扩展工业标准结构(extended industry standard architecture,简称EISA)总线等。总线1602可以分为地址总线、数据总线、控制总线等。为便于表示,图16中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。Optionally, the remote attestation application device 1600 further includes a bus 1602 . The bus 1602 is used to communicate information between the various components of the remote attestation application device 1600. The bus 1602 may be a peripheral component interconnect standard (PCI for short) bus or an extended industry standard architecture (EISA for short) bus or the like. The bus 1602 can be divided into address bus, data bus, control bus and so on. For ease of representation, only one thick line is used in FIG. 16 , but it does not mean that there is only one bus or one type of bus.
存储器1603例如是只读存储器(read-only memory,ROM)或可存储静态信息和指令的其它类型的存储设备,又如是随机存取存储器(random access memory,RAM)或者可存储信息和指令的其它类型的动态存储设备,又如是电可擦可编程只读存储器(electrically erasable programmable read-only Memory,EEPROM)、只读光盘(compact disc read-only memory,CD-ROM)或其它光盘存储、光碟存储(包括压缩光碟、激光碟、光碟、数字通用光碟、蓝光光碟等)、磁盘存储介质或者其它磁存储设备,或者是能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其它介质,但不限于此。存储器1603例如是独立存在,并通过总线1602与处理器1601相连接。存储器1603也可以和处理器1601集成在一起。The memory 1603 is, for example, a read-only memory (read-only memory, ROM) or other types of storage devices that can store static information and instructions, or a random access memory (random access memory, RAM) or other types that can store information and instructions. Types of dynamic storage devices, such as electrically erasable programmable read-only memory (EEPROM), compact disc read-only memory (CD-ROM) or other optical disc storage, optical disc storage (including compact discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), magnetic disk storage media or other magnetic storage devices, or can be used to carry or store desired program code in the form of instructions or data structures and can be used by Any other medium accessed by a computer, but not limited to. The memory 1603 exists independently, for example, and is connected to the processor 1601 through the bus 1602 . The memory 1603 can also be integrated with the processor 1601.
网络接口1604使用任何收发器一类的装置,用于与其它设备或通信网络通信,通信网络可以为以太网、无线接入网(radio access network,RAN)或无线局域网(wireless local area network,WLAN)等。网络接口1604可以包括有线网络接口,还可以包括无线网络接口。具体的,网络接口1604可以为以太(Ethernet)接口,如:快速以太(Fast Ethernet,FE)接口、千兆以太(Gigabit Ethernet,GE)接口,异步传输模式(Asynchronous Transfer Mode,ATM)接口,WLAN接口,蜂窝网络接口或其组合。以太网接口可以是光接口,电接口或其组合。在本申请的一些实施方式中,网络接口1604可以用于远程证明的应用设备1600与其他设备进行通信。The network interface 1604 uses any device such as a transceiver for communicating with other devices or a communication network. The communication network can be Ethernet, radio access network (radio access network, RAN) or wireless local area network (wireless local area network, WLAN). )wait. The network interface 1604 may include a wired network interface, and may also include a wireless network interface. Specifically, the network interface 1604 can be an Ethernet (Ethernet) interface, such as: Fast Ethernet (Fast Ethernet, FE) interface, Gigabit Ethernet (Gigabit Ethernet, GE) interface, asynchronous transfer mode (Asynchronous Transfer Mode, ATM) interface, WLAN interface, cellular network interface, or a combination thereof. The Ethernet interface can be an optical interface, an electrical interface or a combination thereof. In some embodiments of the present application, the network interface 1604 may be used for remote attestation application device 1600 to communicate with other devices.
在具体实现中,作为一些实施方式,处理器1601可以包括一个或多个CPU,如图16中所示的CPU0和CPU1。这些处理器中的每一个可以是一个单核处理器,也可以是一个多核处理器。这里的处理器可以指一个或多个设备、电路、和/或用于处理数据(例如计算机程序指令)的处理核。In a specific implementation, as some implementation manners, the processor 1601 may include one or more CPUs, such as CPU0 and CPU1 shown in FIG. 16 . Each of these processors can be a single-core processor or a multi-core processor. A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (eg, computer program instructions).
在具体实现中,作为一些实施方式,远程证明的应用设备1600可以包括多个处理器,如图16中所示的处理器1601和处理器1605。这些处理器中的每一个可以是一个单核处理器,也可以是一个多核处理器。这里的处理器可以指一个或多个设备、电路、和/或用于处理数据(如计算机程序指令)的处理核。In a specific implementation, as some implementation manners, the remote certification application device 1600 may include multiple processors, such as the processor 1601 and the processor 1605 shown in FIG. 16 . Each of these processors can be a single-core processor or a multi-core processor. A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data such as computer program instructions.
在一些实施方式中,存储器1603用于存储执行本申请方案的程序指令1610,处理器1601可以执行存储器1603中存储的程序指令1610。也即是,远程证明的应用设备1600可以通过处理器1601以及存储器1603中的程序指令1610,来实现方法实施例提供的方法,即图3、9、12、14中第一网元设备或第二网元设备所执行的方法。程序指令1610中可以包括一个或多个软件模块。可选地,处理器1601自身也可以存储执行本申请方案的程序指令。In some implementations, the memory 1603 is used to store program instructions 1610 for implementing the solutions of the present application, and the processor 1601 can execute the program instructions 1610 stored in the memory 1603 . That is to say, the remote attestation application device 1600 can implement the method provided by the method embodiment through the processor 1601 and the program instructions 1610 in the memory 1603, that is, the first network element device or the second network element device in FIGS. 3, 9, 12, and 14 Second, the method executed by the network element device. One or more software modules may be included in the program instructions 1610 . Optionally, the processor 1601 itself may also store program instructions for executing the solution of the present application.
在具体实施过程中,本申请的远程证明的应用设备1600可对应于用于执行上述方法的第一网元设备,远程证明的应用设备1600中的处理器1601读取存储器1603中的指令,使图16所示的远程证明的应用设备1600能够执行方法实施例中的全部或部分步骤。In the specific implementation process, the remote attestation application device 1600 of the present application may correspond to the first network element device for performing the above method, and the processor 1601 in the remote attestation application device 1600 reads the instructions in the memory 1603, so that The remote attestation application device 1600 shown in FIG. 16 can execute all or part of the steps in the method embodiment.
远程证明的应用设备1600还可以对应于上述图15所示的装置,图15所示的装置中的每个功能模块采用远程证明的应用设备1600的软件实现。换句话说,图15所示的装置包括的功能 模块为远程证明的应用设备1600的处理器1601读取存储器1603中存储的程序指令1610后生成的。The remote attestation application device 1600 may also correspond to the apparatus shown in FIG. 15 above, and each functional module in the apparatus shown in FIG. In other words, the functional modules included in the apparatus shown in FIG. 15 are generated after the processor 1601 of the remote attestation application device 1600 reads the program instructions 1610 stored in the memory 1603.
其中,图3、9、12、14所示的方法的各步骤通过远程证明的应用设备1600的处理器中的硬件的集成逻辑电路或者软件形式的指令完成。结合本申请所公开的方法实施例的步骤可以直接体现为硬件处理器执行完成,或者用处理器中的硬件及软件模块组合执行完成。软件模块可以位于随机存储器,闪存、只读存储器,可编程只读存储器或者电可擦写可编程存储器、寄存器等本领域成熟的存储介质中。该存储介质位于存储器,处理器读取存储器中的信息,结合其硬件完成上述方法实施例的步骤,为避免重复,这里不再详细描述。Wherein, each step of the method shown in FIG. 3 , 9 , 12 , and 14 is completed by an integrated logic circuit of hardware in the processor of the remote attestation application device 1600 or an instruction in the form of software. The steps combined with the method embodiments disclosed in this application may be directly implemented by a hardware processor, or implemented by a combination of hardware and software modules in the processor. The software module can be located in a mature storage medium in the field such as random access memory, flash memory, read-only memory, programmable read-only memory or electrically erasable programmable memory, register. The storage medium is located in the memory, and the processor reads the information in the memory, and completes the steps of the above method embodiments in combination with its hardware. To avoid repetition, no detailed description is given here.
应理解的是,上述处理器可以是中央处理器(Central Processing Unit,CPU),还可以是其他通用处理器、数字信号处理器(digital signal processing,DSP)、专用集成电路(application specific integrated circuit,ASIC)、现场可编程门阵列(field-programmable gate array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者是任何常规的处理器等。值得说明的是,处理器可以是支持进阶精简指令集机器(advanced RISC machines,ARM)架构的处理器。It should be understood that the above-mentioned processor can be a central processing unit (Central Processing Unit, CPU), and can also be other general-purpose processors, digital signal processing (digital signal processing, DSP), application specific integrated circuit (application specific integrated circuit, ASIC), field-programmable gate array (field-programmable gate array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general purpose processor may be a microprocessor or any conventional processor or the like. It should be noted that the processor may be a processor supporting advanced RISC machines (ARM) architecture.
进一步地,在一种可选的实施例中,上述存储器可以包括只读存储器和随机存取存储器,并向处理器提供指令和数据。存储器还可以包括非易失性随机存取存储器。例如,存储器还可以存储设备类型的信息。Further, in an optional embodiment, the above-mentioned memory may include a read-only memory and a random-access memory, and provide instructions and data to the processor. Memory may also include non-volatile random access memory. For example, the memory may also store device type information.
该存储器可以是易失性存储器或非易失性存储器,或可包括易失性和非易失性存储器两者。其中,非易失性存储器可以是只读存储器(read-only memory,ROM)、可编程只读存储器(programmable ROM,PROM)、可擦除可编程只读存储器(erasable PROM,EPROM)、电可擦除可编程只读存储器(electrically EPROM,EEPROM)或闪存。易失性存储器可以是随机存取存储器(random access memory,RAM),其用作外部高速缓存。通过示例性但不是限制性说明,许多形式的RAM可用。例如,静态随机存取存储器(static RAM,SRAM)、动态随机存取存储器(dynamic random access memory,DRAM)、同步动态随机存取存储器(synchronous DRAM,SDRAM)、双倍数据速率同步动态随机存取存储器(double data date SDRAM,DDR SDRAM)、增强型同步动态随机存取存储器(enhanced SDRAM,ESDRAM)、同步连接动态随机存取存储器(synchlink DRAM,SLDRAM)和直接内存总线随机存取存储器(direct rambus RAM,DR RAM)。The memory can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. Among them, the non-volatile memory can be read-only memory (read-only memory, ROM), programmable read-only memory (programmable ROM, PROM), erasable programmable read-only memory (erasable PROM, EPROM), electrically programmable Erases programmable read-only memory (electrically EPROM, EEPROM) or flash memory. Volatile memory can be random access memory (RAM), which acts as external cache memory. By way of illustration and not limitation, many forms of RAM are available. For example, static random access memory (static RAM, SRAM), dynamic random access memory (dynamic random access memory, DRAM), synchronous dynamic random access memory (synchronous DRAM, SDRAM), double data rate synchronous dynamic random access Memory (double data date SDRAM, DDR SDRAM), enhanced synchronous dynamic random access memory (enhanced SDRAM, ESDRAM), synchronous connection dynamic random access memory (synchlink DRAM, SLDRAM) and direct memory bus random access memory (direct rambus) RAM, DR RAM).
在示例性实施例中,提供了一种远程证明的应用系统,该系统包括第一网元设备和至少一个第二网元设备,第一网元设备与至少一个第二网元设备通信连接,第一网元设备用于执行图3、9、12、14中第一网元设备所执行的方法,第二网元设备用于执行图9、12、14中第二网元设备所执行的方法。In an exemplary embodiment, a remote attestation application system is provided, the system includes a first network element device and at least one second network element device, the first network element device is communicatively connected to the at least one second network element device, The first network element device is used to execute the method executed by the first network element device in Figures 3, 9, 12, and 14, and the second network element device is used to execute the method executed by the second network element device in Figures 9, 12, and 14 method.
在示例性实施例中,提供了一种计算机程序(产品),计算机程序(产品)包括:计算机程序代码,当计算机程序代码被计算机运行时,使得计算机执行图3、9、12、14中第一网元设备所执行的远程证明的应用方法。或者,使得计算机执行图9、12、14中第二网元设备所执行的方法。In an exemplary embodiment, a computer program (product) is provided, and the computer program (product) includes: computer program code, when the computer program code is run by a computer, the computer is made to execute An application method of remote attestation performed by a network element device. Alternatively, the computer is made to execute the method executed by the second network element device in FIGS. 9 , 12 , and 14 .
在示例性实施例中,提供了一种计算机可读存储介质,计算机可读存储介质存储程序或指令,当程序或指令在计算机上运行时,计算机执行上述图3、9、12、14中第一网元设备所 执行的方法。或者,计算机执行上述图9、12、14中第二网元设备所执行的方法。In an exemplary embodiment, a computer-readable storage medium is provided. The computer-readable storage medium stores programs or instructions. When the programs or instructions are run on the computer, the computer executes the above-mentioned steps in FIGS. 3, 9, 12, and 14. A method performed by a network element device. Alternatively, the computer executes the methods executed by the second network element device in FIGS. 9 , 12 , and 14 above.
在示例性实施例中,提供了一种芯片,包括处理器,用于从存储器中调用并运行存储器中存储的指令,使得安装有芯片的设备执行图3、9、12、14中第一网元设备所执行的方法。或者,使得安装有芯片的设备执行9、12、14中第二网元设备所执行的方法。In an exemplary embodiment, a chip is provided, including a processor, for calling and executing instructions stored in the memory from the memory, so that the device installed with the chip executes the first network shown in FIGS. 3, 9, 12, and 14. The method implemented by the metadevice. Or, make the device installed with the chip execute the method executed by the second network element device in 9, 12, and 14.
在示例性实施例中,提供另一种芯片,包括:输入接口、输出接口、处理器和存储器,输入接口、输出接口、处理器以及存储器之间通过内部连接通路相连,处理器用于执行存储器中的代码,当代码被执行时,处理器用于执行图3、9、12、14中第一网元设备所执行的方法。或者,处理器用于执行图9、12、14中第二网元设备所执行的方法。In an exemplary embodiment, another chip is provided, including: an input interface, an output interface, a processor, and a memory. The input interface, the output interface, the processor, and the memory are connected through an internal connection path, and the processor is used to execute the memory in the memory. code, when the code is executed, the processor is configured to execute the method executed by the first network element device in FIG. 3 , 9 , 12 , and 14 . Alternatively, the processor is configured to execute the method executed by the second network element device in FIGS. 9 , 12 , and 14 .
在上述实施例中,可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用软件实现时,可以全部或部分地以计算机程序产品的形式实现。所述计算机程序产品包括一个或多个计算机指令。在计算机上加载和执行所述计算机程序指令时,全部或部分地产生按照本申请所述的流程或功能。所述计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。所述计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴电缆、光纤、数字用户线)或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可用介质集成的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质,(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质(例如固态硬盘Solid State Disk)等。In the above embodiments, all or part of them may be implemented by software, hardware, firmware or any combination thereof. When implemented using software, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on the computer, the processes or functions according to the present application will be generated in whole or in part. The computer can be a general purpose computer, a special purpose computer, a computer network, or other programmable devices. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from a website, computer, server or data center Transmission to another website site, computer, server, or data center by wired (eg, coaxial cable, optical fiber, DSL) or wireless (eg, infrared, wireless, microwave, etc.) means. The computer-readable storage medium may be any available medium that can be accessed by a computer, or a data storage device such as a server or a data center integrated with one or more available media. The available medium may be a magnetic medium (for example, a floppy disk, a hard disk, a magnetic tape), an optical medium (for example, DVD), or a semiconductor medium (for example, a Solid State Disk).
本申请中术语“第一”“第二”等字样用于对作用和功能基本相同的相同项或相似项进行区分,应理解,“第一”、“第二”、“第n”之间不具有逻辑或时序上的依赖关系,也不对数量和执行顺序进行限定。还应理解,尽管以下描述使用术语第一、第二等来描述各种元素,但这些元素不应受术语的限制。这些术语只是用于将一元素与另一元素区别分开。In this application, the terms "first" and "second" are used to distinguish the same or similar items with basically the same function and function. It should be understood that "first", "second" and "nth" There are no logical or timing dependencies, nor are there restrictions on quantity or order of execution. It should also be understood that although the following description uses the terms first, second, etc. to describe various elements, these elements should not be limited by the terms. These terms are only used to distinguish one element from another.
还应理解,在本申请的各个实施例中,各个过程的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本申请实施例的实施过程构成任何限定。It should also be understood that in each embodiment of the present application, the size of the sequence numbers of the various processes does not mean the order of execution, and the execution order of the processes should be determined by their functions and internal logic, rather than by the implementation order of the embodiments of the present application. The implementation process constitutes no limitation.
本申请中术语“至少一个”的含义是指一个或多个,本申请中术语“多个”的含义是指两个或两个以上,例如,多个第二设备是指两个或两个以上的第二设备。本文中术语“系统”和“网络”经常可互换使用。The meaning of the term "at least one" in this application refers to one or more, the meaning of the term "multiple" in this application refers to two or more, for example, a plurality of second devices refers to two or two above the second device. The terms "system" and "network" are often used interchangeably herein.
应理解,在本文中对各种所述示例的描述中所使用的术语只是为了描述特定示例,而并非旨在进行限制。如在对各种所述示例的描述和所附权利要求书中所使用的那样,单数形式“一个(“a”,“an”)”和“该”旨在也包括复数形式,除非上下文另外明确地指示。It is to be understood that the terminology used in describing the various described examples herein is for the purpose of describing particular examples only and is not intended to be limiting. As used in the description of the various described examples and in the appended claims, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context dictates otherwise Clearly instruct.
还应理解,本文中所使用的术语“和/或”是指并且涵盖相关联的所列出的项目中的一个或多个项目的任何和全部可能的组合。术语“和/或”,是一种描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。另外,本申请中的字符“/”,一般表示前后关联对象是一种“或”的关系。It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items. The term "and/or" is an association relationship describing associated objects, which means that there may be three kinds of relationships, for example, A and/or B can mean: A exists alone, A and B exist simultaneously, and B exists independently. situation. In addition, the character "/" in this application generally indicates that the contextual objects are an "or" relationship.
还应理解,术语“若”和“如果”可被解释为意指“当...时”(“when”或“upon”)或“响应于确定”或“响应于检测到”。类似地,根据上下文,短语“若确定...”或“若检测到[所陈述的条件或事件]” 可被解释为意指“在确定...时”或“响应于确定...”或“在检测到[所陈述的条件或事件]时”或“响应于检测到[所陈述的条件或事件]”。It should also be understood that the terms "if" and "if" may be construed to mean "when" ("when" or "upon") or "in response to determining" or "in response to detecting". Similarly, depending on the context, the phrases "if it is determined..." or "if [the stated condition or event] is detected" may be construed to mean "when determining" or "in response to determining... ” or “upon detection of [stated condition or event]” or “in response to detection of [stated condition or event]”.
以上所述仅为本申请的实施例,并不用以限制本申请,凡在本申请的原则之内,所作的任何修改、等同替换、改进等,均应包含在本申请的保护范围之内。The above descriptions are only examples of the present application, and are not intended to limit the present application. Any modifications, equivalent replacements, improvements, etc. made within the principles of the present application shall be included within the protection scope of the present application.

Claims (34)

  1. 一种远程证明的应用方法,其特征在于,所述方法包括:An application method of remote certification, characterized in that the method comprises:
    第一网元设备获取第二网元设备对应的远程证明结果,所述远程证明结果用于指示所述第二网元设备的可信状态,所述第二网元设备的可信状态包括可信、不可信或者状态未知;The first network element device acquires a remote attestation result corresponding to the second network element device, where the remote attestation result is used to indicate the trusted state of the second network element device, and the trusted status of the second network element device includes Trusted, untrusted, or unknown status;
    所述第一网元设备基于所述远程证明结果所指示的所述第二网元设备的可信状态,对所述第二网元设备进行路由管理。The first network element device performs routing management on the second network element device based on the trusted state of the second network element device indicated by the remote attestation result.
  2. 根据权利要求1所述的方法,其特征在于,所述第一网元设备基于所述远程证明结果所指示的所述第二网元设备的可信状态,对所述第二网元设备进行路由管理,包括:The method according to claim 1, wherein the first network element device conducts the verification of the second network element device based on the trusted state of the second network element device indicated by the remote attestation result Routing management, including:
    所述第一网元设备获取所述第二网元设备对应的路由信息;The first network element device acquires routing information corresponding to the second network element device;
    所述第一网元设备基于所述第二网元设备的可信状态,按照已配置的规则对所述第二网元设备对应的路由信息进行管理。The first network element device manages the routing information corresponding to the second network element device according to configured rules based on the trusted state of the second network element device.
  3. 根据权利要求2所述的方法,其特征在于,所述已配置的规则包括路由管理策略,所述第一网元设备基于所述第二网元设备的可信状态,按照已配置的规则对所述第二网元设备对应的路由信息进行管理,包括:The method according to claim 2, wherein the configured rules include routing management policies, and the first network element device, based on the trusted status of the second network element device, The routing information corresponding to the second network element device is managed, including:
    所述第一网元设备从所述路由管理策略中确定与所述第二网元设备的可信状态相匹配的目标策略;The first network element device determines from the routing management policy a target policy that matches the trusted status of the second network element device;
    所述第一网元设备按照所述目标策略对所述第二网元设备对应的路由信息进行管理。The first network element device manages the routing information corresponding to the second network element device according to the target policy.
  4. 根据权利要求3所述的方法,其特征在于,所述第二网元设备对应的路由信息包括第一路由信息、第二路由信息、第三路由信息和第四路由信息中的至少一种信息,其中,The method according to claim 3, wherein the routing information corresponding to the second network element device includes at least one of the first routing information, the second routing information, the third routing information and the fourth routing information ,in,
    所述第一路由信息是所述第二网元设备需要发布的路由信息,The first routing information is routing information that needs to be published by the second network element device,
    所述第二路由信息是所述第二网元设备已发布的路由信息,The second routing information is routing information published by the second network element device,
    所述第三路由信息是所述第二网元设备需要接收的路由信息,The third routing information is routing information that the second network element device needs to receive,
    所述第四路由信息是所述第二网元设备已接收的路由信息;The fourth routing information is routing information received by the second network element device;
    所述目标策略包括所述第一路由信息对应的策略、所述第二路由信息对应的策略、所述第三路由信息对应的策略和所述第四路由信息对应的策略中的至少一种策略。The target policy includes at least one of a policy corresponding to the first routing information, a policy corresponding to the second routing information, a policy corresponding to the third routing information, and a policy corresponding to the fourth routing information .
  5. 根据权利要求4所述的方法,其特征在于,所述第二网元设备的可信状态为所述第二网元设备可信;The method according to claim 4, wherein the trusted state of the second network element device is that the second network element device is trusted;
    所述第一路由信息对应的策略用于指示发布所述第一路由信息;The policy corresponding to the first routing information is used to instruct publishing the first routing information;
    所述第二路由信息对应的策略用于指示维持所述第二路由信息;The policy corresponding to the second routing information is used to instruct to maintain the second routing information;
    所述第三路由信息对应的策略用于指示向所述第二网元设备发布所述第三路由信息;The policy corresponding to the third routing information is used to instruct publishing the third routing information to the second network element device;
    所述第四路由信息对应的策略用于指示维持所述第四路由信息。The policy corresponding to the fourth routing information is used to instruct to maintain the fourth routing information.
  6. 根据权利要求4所述的方法,其特征在于,所述第二网元设备的可信状态为所述第二网元设备不可信;The method according to claim 4, wherein the trusted state of the second network element device is that the second network element device is not trusted;
    所述第一路由信息对应的策略用于指示不发布所述第一路由信息;The policy corresponding to the first routing information is used to indicate not to publish the first routing information;
    所述第二路由信息对应的策略用于指示撤销所述第二路由信息;The policy corresponding to the second routing information is used to instruct to revoke the second routing information;
    所述第三路由信息对应的策略用于指示不向所述第二网元设备发布所述第三路由信息;The policy corresponding to the third routing information is used to indicate not to issue the third routing information to the second network element device;
    所述第四路由信息对应的策略用于指示撤销所述第四路由信息。The policy corresponding to the fourth routing information is used to indicate to revoke the fourth routing information.
  7. 根据权利要求4所述的方法,其特征在于,所述第二网元设备的可信状态为所述第二网元设备状态未知;The method according to claim 4, wherein the trusted state of the second network element device is that the state of the second network element device is unknown;
    所述第一路由信息对应的策略用于指示发布所述第一路由信息和第一优先级指标,所述第一优先级指标用于指示所述第一路由信息的优先级,所述第一路由信息的优先级低于缺省优先级;The policy corresponding to the first routing information is used to instruct publishing the first routing information and a first priority indicator, the first priority indicator is used to indicate the priority of the first routing information, and the first The priority of routing information is lower than the default priority;
    所述第二路由信息对应的策略用于指示发布所述第二路由信息和第二优先级指标,所述第二优先级指标用于指示本次发布的所述第二路由信息的优先级,所述本次发布的所述第二路由信息的优先级低于所述缺省优先级且低于上次发布的所述第二路由信息的优先级;The policy corresponding to the second routing information is used to instruct publishing the second routing information and a second priority indicator, and the second priority indicator is used to indicate the priority of the second routing information published this time, The priority of the second routing information released this time is lower than the default priority and lower than the priority of the second routing information released last time;
    所述第三路由信息对应的策略用于指示向所述第二网元设备发布所述第三路由信息;The policy corresponding to the third routing information is used to instruct publishing the third routing information to the second network element device;
    所述第四路由信息对应的策略用于指示维持所述第四路由信息。The policy corresponding to the fourth routing information is used to instruct to maintain the fourth routing information.
  8. 根据权利要求2所述的方法,其特征在于,所述已配置的规则包括可执行代码,所述可执行代码用于为第二网元设备对应的路由信息配置与所述第二网元设备的可信状态相匹配的优先级指标,所述第一网元设备基于所述第二网元设备的可信状态,按照已配置的规则对所述第二网元设备对应的路由信息进行管理,包括:The method according to claim 2, wherein the configured rule includes executable code, and the executable code is used to configure routing information corresponding to the second network element device and the second network element device Based on the trusted state of the second network element device, the first network element device manages the routing information corresponding to the second network element device according to the configured rules ,include:
    所述第一网元设备通过运行所述可执行代码,为所述第二网元设备对应的路由信息配置第三优先级指标,其中,所述第三优先级指标是与所述第二网元设备的可信状态相匹配的优先级指标,所述第三优先级指标用于指示所述第二网元设备对应的路由信息的优先级;The first network element device configures a third priority index for the routing information corresponding to the second network element device by running the executable code, where the third priority index is the same as that of the second network element device. A priority index matching the trusted state of the element device, the third priority index is used to indicate the priority of the routing information corresponding to the second network element device;
    所述第一网元设备发布所述第二网元设备对应的路由信息和所述第三优先级指标。The first network element device publishes routing information corresponding to the second network element device and the third priority indicator.
  9. 根据权利要求8所述的方法,其特征在于,所述第二网元设备对应的路由信息包括第一路由信息和第二路由信息中的至少一种信息,其中,The method according to claim 8, wherein the routing information corresponding to the second network element device includes at least one of the first routing information and the second routing information, wherein,
    所述第一路由信息是所述第二网元设备需要发布的路由信息,The first routing information is routing information that needs to be published by the second network element device,
    所述第二路由信息是所述第二网元设备已发布的路由信息,The second routing information is routing information published by the second network element device,
    所述第三优先级指标包括所述第一路由信息对应的优先级指标和所述第二路由信息对应的优先级指标中的至少一种指标,所述第一路由信息对应的优先级指标用于指示所述第一路由信息的优先级,所述第二路由信息对应的优先级指标用于指示所述第二路由信息的优先级。The third priority index includes at least one of the priority index corresponding to the first routing information and the priority index corresponding to the second routing information, and the priority index corresponding to the first routing information is used To indicate the priority of the first routing information, the priority indicator corresponding to the second routing information is used to indicate the priority of the second routing information.
  10. 根据权利要求9所述的方法,其特征在于,所述第二网元设备的可信状态为所述第二网元设备可信;The method according to claim 9, wherein the trusted state of the second network element device is that the second network element device is trusted;
    所述第一路由信息的优先级和所述第二路由信息的优先级均不低于缺省优先级。Neither the priority of the first routing information nor the priority of the second routing information is lower than a default priority.
  11. 根据权利要求9所述的方法,其特征在于,所述第二网元设备的可信状态为所述第二网元设备不可信;The method according to claim 9, wherein the trusted state of the second network element device is that the second network element device is not trusted;
    所述第一路由信息的优先级和所述第二路由信息的优先级均低于缺省优先级。Both the priority of the first routing information and the priority of the second routing information are lower than a default priority.
  12. 根据权利要求9所述的方法,其特征在于,所述第二网元设备的可信状态为所述第二网元设备状态未知;The method according to claim 9, wherein the trusted state of the second network element device is that the state of the second network element device is unknown;
    所述第一路由信息的优先级和所述第二路由信息的优先级均低于缺省优先级且高于所述第二网元设备不可信的情况下的优先级。Both the priority of the first routing information and the priority of the second routing information are lower than the default priority and higher than the priority when the second network element device is untrustworthy.
  13. 根据权利要求7-12任一项所述的方法,其特征在于,所述优先级指标是边界网关协议BGP属性,所述优先级指标包括本地优先级或者多出口鉴别器,其中,所述本地优先级的数值越大,则所述本地优先级所指示的优先级越高,所述多出口鉴别器的数值越小,则所述多出口鉴别器所指示的优先级越高。The method according to any one of claims 7-12, wherein the priority index is a Border Gateway Protocol (BGP) attribute, and the priority index includes a local priority or a multi-exit discriminator, wherein the local The larger the value of the priority, the higher the priority indicated by the local priority, and the smaller the value of the multi-exit discriminator, the higher the priority indicated by the multi-exit discriminator.
  14. 根据权利要求1-13任一项所述的方法,其特征在于,所述第一网元设备获取第二网元设备对应的远程证明结果,包括:The method according to any one of claims 1-13, wherein the acquiring the remote attestation result corresponding to the second network element device by the first network element device includes:
    所述第一网元设备读取远程证明结果获取命令,所述远程证明结果获取命令用于指示所述远程证明结果的获取路径;The first network element device reads a remote certification result acquisition command, where the remote certification result acquisition command is used to indicate an acquisition path of the remote certification result;
    所述第一网元设备按照所述远程证明结果获取命令所指示的获取路径获取所述远程证明结果。The first network element device acquires the remote certification result according to the acquisition path indicated by the remote certification result acquisition command.
  15. 根据权利要求1-14任一项所述的方法,其特征在于,所述第一网元设备具备路由反射功能,所述第一网元设备与所述第二网元设备之间建立有用于进行路由反射的BGP连接。The method according to any one of claims 1-14, wherein the first network element device has a route reflection function, and a connection for BGP connection for route reflection.
  16. 一种远程证明的应用装置,其特征在于,所述装置包括:An application device for remote certification, characterized in that the device includes:
    获取模块,用于获取第二网元设备对应的远程证明结果,所述远程证明结果用于指示所述第二网元设备的可信状态,所述第二网元设备的可信状态包括可信、不可信或者状态未知;An acquiring module, configured to acquire a remote attestation result corresponding to the second network element device, the remote attestation result being used to indicate the trusted state of the second network element device, and the trusted status of the second network element device includes Trusted, untrusted, or unknown status;
    管理模块,用于基于所述远程证明结果所指示的所述第二网元设备的可信状态,对所述第二网元设备进行路由管理。A management module, configured to perform routing management on the second network element device based on the trusted state of the second network element device indicated by the remote attestation result.
  17. 根据权利要求16所述的装置,其特征在于,所述管理模块,用于获取所述第二网元设备对应的路由信息;基于所述第二网元设备的可信状态,按照已配置的规则对所述第二网元设备对应的路由信息进行管理。The device according to claim 16, wherein the management module is configured to obtain routing information corresponding to the second network element device; based on the trusted state of the second network element device, according to the configured The rule manages the routing information corresponding to the second network element device.
  18. 根据权利要求17所述的装置,其特征在于,所述已配置的规则包括路由管理策略,所述管理模块,用于从所述路由管理策略中确定与所述第二网元设备的可信状态相匹配的目标策略;按照所述目标策略对所述第二网元设备对应的路由信息进行管理。The device according to claim 17, wherein the configured rules include routing management policies, and the management module is configured to determine from the routing management policies the trusted A target policy whose status matches; managing the routing information corresponding to the second network element device according to the target policy.
  19. 根据权利要求18所述的装置,其特征在于,所述第二网元设备对应的路由信息包括第一路由信息、第二路由信息、第三路由信息和第四路由信息中的至少一种信息,其中,所述第一路由信息是所述第二网元设备需要发布的路由信息,所述第二路由信息是所述第二网元 设备已发布的路由信息,所述第三路由信息是所述第二网元设备需要接收的路由信息,所述第四路由信息是所述第二网元设备已接收的路由信息;所述目标策略包括所述第一路由信息对应的策略、所述第二路由信息对应的策略、所述第三路由信息对应的策略和所述第四路由信息对应的策略中的至少一种策略。The apparatus according to claim 18, wherein the routing information corresponding to the second network element device includes at least one of the first routing information, the second routing information, the third routing information, and the fourth routing information , wherein the first routing information is routing information that needs to be released by the second network element device, the second routing information is routing information that has been released by the second network element device, and the third routing information is The routing information that the second network element device needs to receive, the fourth routing information is the routing information that the second network element device has received; the target policy includes the policy corresponding to the first routing information, the At least one policy among the policy corresponding to the second routing information, the policy corresponding to the third routing information, and the policy corresponding to the fourth routing information.
  20. 根据权利要求19所述的装置,其特征在于,所述第二网元设备的可信状态为所述第二网元设备可信;所述第一路由信息对应的策略用于指示发布所述第一路由信息;所述第二路由信息对应的策略用于指示维持所述第二路由信息;所述第三路由信息对应的策略用于指示向所述第二网元设备发布所述第三路由信息;所述第四路由信息对应的策略用于指示维持所述第四路由信息。The device according to claim 19, wherein the trusted state of the second network element device is that the second network element device is trusted; the policy corresponding to the first routing information is used to indicate the release of the The first routing information; the strategy corresponding to the second routing information is used to instruct to maintain the second routing information; the strategy corresponding to the third routing information is used to instruct to issue the third routing information to the second network element device Routing information; the strategy corresponding to the fourth routing information is used to indicate to maintain the fourth routing information.
  21. 根据权利要求19所述的装置,其特征在于,所述第二网元设备的可信状态为所述第二网元设备不可信;所述第一路由信息对应的策略用于指示不发布所述第一路由信息;所述第二路由信息对应的策略用于指示撤销所述第二路由信息;所述第三路由信息对应的策略用于指示不向所述第二网元设备发布所述第三路由信息;所述第四路由信息对应的策略用于指示撤销所述第四路由信息。The device according to claim 19, wherein the trusted state of the second network element device is that the second network element device is not trusted; the policy corresponding to the first routing information is used to indicate that the The first routing information; the policy corresponding to the second routing information is used to indicate the withdrawal of the second routing information; the policy corresponding to the third routing information is used to indicate not to issue the The third routing information; the policy corresponding to the fourth routing information is used to indicate to revoke the fourth routing information.
  22. 根据权利要求19所述的装置,其特征在于,所述第二网元设备的可信状态为所述第二网元设备状态未知;所述第一路由信息对应的策略用于指示发布所述第一路由信息和第一优先级指标,所述第一优先级指标用于指示所述第一路由信息的优先级,所述第一路由信息的优先级低于缺省优先级;所述第二路由信息对应的策略用于指示发布所述第二路由信息和第二优先级指标,所述第二优先级指标用于指示本次发布的所述第二路由信息的优先级,所述本次发布的所述第二路由信息的优先级低于所述缺省优先级且低于上次发布的所述第二路由信息的优先级;所述第三路由信息对应的策略用于指示向所述第二网元设备发布所述第三路由信息;所述第四路由信息对应的策略用于指示维持所述第四路由信息。The device according to claim 19, wherein the trusted state of the second network element device is that the state of the second network element device is unknown; the policy corresponding to the first routing information is used to indicate the release of the First routing information and a first priority indicator, the first priority indicator is used to indicate the priority of the first routing information, the priority of the first routing information is lower than the default priority; the first routing information The policy corresponding to the second routing information is used to instruct the publishing of the second routing information and the second priority indicator, the second priority indicator is used to indicate the priority of the second routing information released this time, and the current The priority of the second routing information released for the second time is lower than the default priority and lower than the priority of the second routing information released last time; the policy corresponding to the third routing information is used to indicate to The second network element device publishes the third routing information; the policy corresponding to the fourth routing information is used to instruct to maintain the fourth routing information.
  23. 根据权利要求17所述的装置,其特征在于,所述已配置的规则包括可执行代码,所述可执行代码用于为第二网元设备对应的路由信息配置与所述第二网元设备的可信状态相匹配的优先级指标,所述管理模块,用于通过运行所述可执行代码,为所述第二网元设备对应的路由信息配置第三优先级指标,其中,所述第三优先级指标是与所述第二网元设备的可信状态相匹配的优先级指标,所述第三优先级指标用于指示所述第二网元设备对应的路由信息的优先级;发布所述第二网元设备对应的路由信息和所述第三优先级指标。The device according to claim 17, wherein the configured rules include executable codes, and the executable codes are used to configure routing information corresponding to the second network element device and the second network element device The priority indicator matching the trusted status of the network element device, the management module is configured to configure a third priority indicator for the routing information corresponding to the second network element device by running the executable code, wherein the first The three priority indicators are priority indicators that match the trusted status of the second network element device, and the third priority indicator is used to indicate the priority of the routing information corresponding to the second network element device; release Routing information corresponding to the second network element device and the third priority index.
  24. 根据权利要求23所述的装置,其特征在于,所述第二网元设备对应的路由信息包括第一路由信息和第二路由信息中的至少一种信息,其中,所述第一路由信息是所述第二网元设备需要发布的路由信息,所述第二路由信息是所述第二网元设备已发布的路由信息,所述第三优先级指标包括所述第一路由信息对应的优先级指标和所述第二路由信息对应的优先级指标中的至少一种指标,所述第一路由信息对应的优先级指标用于指示所述第一路由信息的优先级,所述第二路由信息对应的优先级指标用于指示所述第二路由信息的优先级。The apparatus according to claim 23, wherein the routing information corresponding to the second network element device includes at least one of first routing information and second routing information, wherein the first routing information is The routing information that the second network element device needs to publish, the second routing information is the routing information that has been published by the second network element device, and the third priority index includes the priority corresponding to the first routing information at least one of a priority indicator corresponding to the second routing information and a priority indicator corresponding to the first routing information, the priority indicator corresponding to the first routing information is used to indicate the priority of the first routing information, and the second routing information The priority indicator corresponding to the information is used to indicate the priority of the second routing information.
  25. 根据权利要求24所述的装置,其特征在于,所述第二网元设备的可信状态为所述第二网元设备可信;所述第一路由信息的优先级和所述第二路由信息的优先级均不低于缺省优先级。The device according to claim 24, wherein the trusted state of the second network element device is that the second network element device is trusted; the priority of the first routing information and the priority of the second route information The priority of the message is not lower than the default priority.
  26. 根据权利要求24所述的装置,其特征在于,所述第二网元设备的可信状态为所述第二网元设备不可信;所述第一路由信息的优先级和所述第二路由信息的优先级均低于缺省优先级。The device according to claim 24, wherein the trusted state of the second network element device is that the second network element device is untrusted; the priority of the first routing information and the priority of the second routing information The priority of the messages is lower than the default priority.
  27. 根据权利要求24所述的装置,其特征在于,所述第二网元设备的可信状态为所述第二网元设备状态未知;所述第一路由信息的优先级和所述第二路由信息的优先级均低于缺省优先级且高于所述第二网元设备不可信的情况下的优先级。The device according to claim 24, wherein the trusted state of the second network element device is that the state of the second network element device is unknown; the priority of the first routing information and the priority of the second routing information The priority of the information is lower than the default priority and higher than the priority in the case that the second network element device is untrustworthy.
  28. 根据权利要求22-27任一项所述的装置,其特征在于,所述优先级指标是边界网关协议BGP属性,所述优先级指标包括本地优先级或者多出口鉴别器,其中,所述本地优先级的数值越大,则所述本地优先级所指示的优先级越高,所述多出口鉴别器的数值越小,则所述多出口鉴别器所指示的优先级越高。The device according to any one of claims 22-27, wherein the priority index is a Border Gateway Protocol (BGP) attribute, and the priority index includes a local priority or a multi-exit discriminator, wherein the local The larger the value of the priority, the higher the priority indicated by the local priority, and the smaller the value of the multi-exit discriminator, the higher the priority indicated by the multi-exit discriminator.
  29. 根据权利要求16-28任一项所述的装置,其特征在于,所述获取模块,用于读取远程证明结果获取命令,所述远程证明结果获取命令用于指示所述远程证明结果的获取路径;按照所述远程证明结果获取命令所指示的获取路径获取所述远程证明结果。The device according to any one of claims 16-28, wherein the acquisition module is configured to read a remote certification result acquisition command, and the remote certification result acquisition command is used to indicate the acquisition of the remote certification result Path: acquire the remote certification result according to the acquisition path indicated by the remote certification result acquisition command.
  30. 根据权利要求16-29任一项所述的装置,其特征在于,所述远程证明的应用装置应用于第一网元设备,所述第一网元设备具备路由反射功能,所述第一网元设备与所述第二网元设备之间建立有用于进行路由反射的BGP连接。The device according to any one of claims 16-29, wherein the remote attestation application device is applied to a first network element device, the first network element device has a route reflection function, and the first network element device A BGP connection for route reflection is established between the element device and the second network element device.
  31. 一种远程证明的应用设备,其特征在于,所述设备包括存储器及处理器;所述存储器中存储有至少一条指令,所述至少一条指令由所述处理器加载并执行,以使所述远程证明的应用设备实现权利要求1-15中任一项所述的远程证明的应用方法。An application device for remote certification, characterized in that the device includes a memory and a processor; at least one instruction is stored in the memory, and the at least one instruction is loaded and executed by the processor, so that the remote The certification application device implements the remote certification application method described in any one of claims 1-15.
  32. 一种远程证明的应用系统,其特征在于,所述系统包括第一网元设备和至少一个第二网元设备,所述第一网元设备与所述至少一个第二网元设备通信连接,所述第一网元设备用于执行权利要求1-15中任一项所述的远程证明的应用方法。A remote attestation application system, characterized in that the system includes a first network element device and at least one second network element device, the first network element device is communicatively connected to the at least one second network element device, The first network element device is configured to execute the remote attestation application method described in any one of claims 1-15.
  33. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质中存储有至少一条指令,所述指令由处理器加载并执行以实现如权利要求1-15中任一项所述的远程证明的应用方法。A computer-readable storage medium, characterized in that at least one instruction is stored in the computer-readable storage medium, and the instruction is loaded and executed by a processor to implement the method described in any one of claims 1-15. Application method of remote attestation.
  34. 一种计算机程序产品,其特征在于,所述计算机程序产品包括计算机程序或指令,所 述计算机程序或指令被处理器执行,以使计算机实现权利要求1-15中任一项所述的远程证明的应用方法。A computer program product, characterized in that the computer program product includes a computer program or instruction, and the computer program or instruction is executed by a processor, so that the computer implements the remote attestation described in any one of claims 1-15 application method.
PCT/CN2022/091015 2021-11-29 2022-05-05 Remote attestation application method, apparatus, device, and system, and storage medium WO2023092951A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202111436561.2A CN116192633A (en) 2021-11-29 2021-11-29 Remote certification application method, device, equipment, system and storage medium
CN202111436561.2 2021-11-29

Publications (1)

Publication Number Publication Date
WO2023092951A1 true WO2023092951A1 (en) 2023-06-01

Family

ID=86442886

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/091015 WO2023092951A1 (en) 2021-11-29 2022-05-05 Remote attestation application method, apparatus, device, and system, and storage medium

Country Status (2)

Country Link
CN (1) CN116192633A (en)
WO (1) WO2023092951A1 (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101355495A (en) * 2008-09-11 2009-01-28 电子科技大学 Method for implementing IP credible route based on fault-tolerance and invade-tolerance
CN102572822A (en) * 2010-12-15 2012-07-11 中国科学技术大学 Method and device for realizing security routing
CN111600871A (en) * 2020-05-13 2020-08-28 中国联合网络通信集团有限公司 Attack prevention method and device
US20200322334A1 (en) * 2019-04-05 2020-10-08 Cisco Technology, Inc. Authentication of network devices based on extensible access control protocols
CN112134692A (en) * 2019-06-24 2020-12-25 华为技术有限公司 Remote certification mode negotiation method and device
CN112769843A (en) * 2021-01-16 2021-05-07 深圳市日海飞信信息系统技术有限公司 Secure and trusted network guaranteeing method, device, equipment and storage medium
CN113556282A (en) * 2020-04-23 2021-10-26 华为技术有限公司 Route processing method and equipment

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101355495A (en) * 2008-09-11 2009-01-28 电子科技大学 Method for implementing IP credible route based on fault-tolerance and invade-tolerance
CN102572822A (en) * 2010-12-15 2012-07-11 中国科学技术大学 Method and device for realizing security routing
US20200322334A1 (en) * 2019-04-05 2020-10-08 Cisco Technology, Inc. Authentication of network devices based on extensible access control protocols
CN112134692A (en) * 2019-06-24 2020-12-25 华为技术有限公司 Remote certification mode negotiation method and device
CN113556282A (en) * 2020-04-23 2021-10-26 华为技术有限公司 Route processing method and equipment
CN111600871A (en) * 2020-05-13 2020-08-28 中国联合网络通信集团有限公司 Attack prevention method and device
CN112769843A (en) * 2021-01-16 2021-05-07 深圳市日海飞信信息系统技术有限公司 Secure and trusted network guaranteeing method, device, equipment and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
NOKIA, NOKIA SHANGHAI BELL: "New Solution Using Attestation for Key Issue #13", 3GPP DRAFT; S3-213896, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG3, no. e-meeting; 20211108 - 20211119, 31 October 2021 (2021-10-31), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France, XP052073223 *

Also Published As

Publication number Publication date
CN116192633A (en) 2023-05-30

Similar Documents

Publication Publication Date Title
US11706102B2 (en) Dynamically deployable self configuring distributed network management system
US10868743B2 (en) System and method for providing fast platform telemetry data
US7788522B1 (en) Autonomous cluster organization, collision detection, and resolutions
WO2019184164A1 (en) Method for automatically deploying kubernetes worker node, device, terminal apparatus, and readable storage medium
CN105282138B (en) Interest return control message
BRPI0614925B1 (en) Caching and file sharing method
TW200803303A (en) Inter-proximity communication within a rendezvous federation
KR20110068899A (en) A distributed mesh network
US20170331708A1 (en) Systems and methods for providing a self-electing service
WO2017067385A1 (en) Methods, systems, and apparatuses of service provisioning for resource management in a constrained environment
US11595306B2 (en) Executing workloads across multiple cloud service providers
US20170264480A1 (en) Bridging Configuration Changes for Compliant Devices
US9426246B2 (en) Method and apparatus for providing caching service in network infrastructure
US10491513B2 (en) Verifying packet tags in software defined networks
WO2008089616A1 (en) Servep p2p network system and method for routing and transfering the resource key assignment thereof
US11172470B1 (en) System, security and network management using self-organizing communication orbits in distributed networks
EP1981242B1 (en) Method and system for securing a commercial grid network
WO2023092951A1 (en) Remote attestation application method, apparatus, device, and system, and storage medium
WO2021093510A1 (en) Method and system for processing network service, and gateway device
US10911207B1 (en) Reusable acknowledgments
WO2023065670A1 (en) Method and apparatus for remote attestation, device, system and readable storage medium
CN114363162A (en) Block chain log generation method and device, electronic equipment and storage medium
CN114731297A (en) Message-limited ad-hoc network group for computing device peer matching
US20160248596A1 (en) Reflecting mdns packets
WO2022063121A1 (en) Private network-based network intercommunication method and device, and computer cluster

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22897051

Country of ref document: EP

Kind code of ref document: A1