互联网BGP路由可视及安全检测技术架构与实践

doi:10.11959/j.issn.1000-0801.2021263

Telecommunications Science ›› 2021, Vol. 37 ›› Issue (12): 110-120.doi: 10.11959/j.issn.1000-0801.2021263

• Engineering and Application • Previous Articles Next Articles

Architecture and practice of BGP internet routing visibility and security detection

Chaoyang YE¹, Chen SHEN², Mingqing HUANG³, Shicong ZHANG¹, Yisha LIU¹

¹ National (Hangzhou) New-Type Internet Exchange Point, Zhejiang 311200, China
² China Academy of Information and Communications Technology, Beijing 100191, China
³ Huawei Technologies Co., Ltd., Beijing 100095, China

Revised:2021-12-08 Online:2021-12-20 Published:2021-12-01

Abstract

Abstract:

Border Gateway Protocol (BGP) is the de facto inter-domain routing protocol of today’s global internet for exchanging routing information.However, it was supposed that all participants were reliable without generating routing security issues by mistakes or on purpose when BGP was designed 50 years ago.As Internet is getting involved in all aspects of our society, internet routing security is becoming the problems that couldn’t be ignored anymore.A general architecture was proposed which coved inference of BGP routing knowledge database and provided visibility of global internet routing.Detection of route security events such as routing hijacks and routing leaks were realized.The deployment shows that the system can provide good visibility of internet routing and precise detection of routing security events.

Key words: BGP, internet routing security, routing hijack, routing leak

CLC Number:

TP393

Chaoyang YE, Chen SHEN, Mingqing HUANG, Shicong ZHANG, Yisha LIU. Architecture and practice of BGP internet routing visibility and security detection[J]. Telecommunications Science, 2021, 37(12): 110-120.

Figures/Tables 6

References 7

[1]	ZHAO X L , PEI D , et al . An Analysis of BGP Multiple Origin AS Conflicts[C]// Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement 2001. New York:ACM Press, 2001.
[2]	CHIN K W , . On the characteristics of BGP multiple origin AS conflicts[C]// Proceedings of 2007 Australasian Telecommunication Networks and Applications Conference. Piscataway:IEEE Press, 2007: 157-162.
[3]	LUCKIE M , HUFFAKER B , DHAMDHERE A ,et al. AS relationships,customer cones,and validation[C]// Proceedings of the 2013 conference on Internet measurement conference. New York:ACM Press, 2013.
[4]	LI Y C , SCOTT C et al . Stable and Practical AS Relationship Inference with ProbLink[C]// Proceedings of 16th {USENIX}Symposium on Networked Systems Design and Implementation ({NSDI} 19). 2019: 581-598.
[5]	GIOTSAS V , LUCKIE M , et al . Inferring Complex AS Relationships[C]// Proceedings of the 2014 conference on Internet measurement conference. New York:ACM Press, 2014.
[6]	FENG G Y , SESHAN S , STEENKISTE P ,et al. PARI:a probabilistic approach to AS relationships inference[EB]. 2019.
[7]	JIN Z T , SHI X G , YANG Y ,et al. TopoScope:recover AS relationships from fragmentary observations[C]// Proceedings of the ACM Internet Measurement Conference. New York:ACM Press, 2020.

Metrics

Recommended 0

No Suggested Reading articles found!

链路类型	TP/条	TN/条	FP/条	FN/条	查全率	准确率
P2C	33 870	39 413	94	315	99.08%	99.72%
P2P	39 400	33 872	313	107	99.73%	99.21%

Architecture and practice of BGP internet routing visibility and security detection

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 6

References 7

Related Articles 7

Metrics

Recommended 0

[1]	Yingying SU, Dan LI, Honglin YE. Resource public key infrastructure RPKI: status and problems [J]. Telecommunications Science, 2021, 37(3): 75-89.
[2]	Haolun WANG. Design of backhaul routes in VRRP networks of MPLS VPN [J]. Telecommunications Science, 2020, 36(11): 165-173.
[3]	Yongjun HUANG,Xiaoming LU,Weihua CAO. Typical applications and realization of SDN in IP WAN [J]. Telecommunications Science, 2016, 32(3): 7-13.
[4]	Yujia LUO,Liang OU,Zhiwei MO,Hong TANG. Flow scheduling technology based on BGP extended protocol [J]. Telecommunications Science, 2016, 32(3): 20-27.
[5]	Jiexin ZHANG,Zhiming WU. Interconnection scheme of VxLAN based cloud datacenter networks [J]. Telecommunications Science, 2016, 32(12): 122-128.
[6]	Zheng Dong,Haijun Tang. A Static Line Redundant Backup Method Based on Routing Switching Technology [J]. Telecommunications Science, 2015, 31(10): 197-202.
[7]	Hong Zhu,Sidong Zhang,Hongke Zhang. Research of BGP/MPLS VPN Mobility over IPv6 [J]. Telecommunications Science, 2006, 22(4): 54-58.