基于路由状态因果链的域间路由不稳定溯源检测方法

doi:10.11959/j.issn.1000-436x.2021221

通信学报 ›› 2021, Vol. 42 ›› Issue (12): 76-87.doi: 10.11959/j.issn.1000-436x.2021221

基于路由状态因果链的域间路由不稳定溯源检测方法

陈迪¹^,², 邱菡¹, 张万里¹, 朱会虎¹, 朱俊虎¹, 王清贤¹

¹ 信息工程大学网络空间安全学院，河南郑州 450002
² 电子信息系统复杂电磁环境效应国家重点实验室，河南洛阳 471003

修回日期:2021-11-17 出版日期:2021-12-01 发布日期:2021-12-01
作者简介:陈迪（1992- ），女，河南郑州人，信息工程大学博士生，主要研究方向为网络系统安全、区块链技术
邱菡（1981- ），女，湖北随州人，博士，信息工程大学副教授，主要研究方向为域间路由安全、网络安全模拟与评估
张万里（1998- ），男，湖南常德人，信息工程大学硕士生，主要研究方向为数据安全、漏洞挖掘
朱会虎（1992- ），男，河南郑州人，信息工程大学博士生，主要研究方向为域间路由安全
朱俊虎（1974- ），男，河南郑州人，信息工程大学教授，主要研究方向为网络对抗、网络安全测试与评估
王清贤（1960- ），男，河南卫辉人，博士，信息工程大学教授、博士生导师，主要研究方向为网络安全
基金资助:
国家自然科学基金资助项目(61502528);国家自然科学基金资助项目(61902447)

Interdomain routing instability traceable detection method based on route state causal chain

Di CHEN¹^,², Han QIU¹, Wanli ZHANG¹, Huihu ZHU¹, Junhu ZHU¹, Qingxian WANG¹

¹ Institute of Cyberspace Security， Information Engineering University， Zhengzhou 450002， China
² State Key Laboratory of Complex Electromagnetic Environment Effect on Electronic and Information System， Luoyang 471003， China

Revised:2021-11-17 Online:2021-12-01 Published:2021-12-01
Supported by:
The National Natural Science Foundation of China(61502528);The National Natural Science Foundation of China(61902447)

摘要/Abstract

摘要：

针对现有域间路由不稳定溯源检测方法中检测时间受限于路由更新时延、溯源信息可能被篡改的问题，提出一种基于路由状态因果链的域间路由不稳定溯源检测方法。通过分析路由状态间存在的因果关系，定义能够刻画路由状态及其转移过程的路由状态变更标识，将其随路由更新传播发布并存储于区块链，从而构建去中心化、防篡改的路由状态因果链；通过分析本地路由状态因果链判断路由不稳定类型，追溯失效链路或策略冲突自治域序列，完成路由不稳定的溯源检测。理论证明了所提方法能够追溯导致收敛时延的失效链路和导致路由振荡的策略冲突自治域序列，并基于软件路由器在经典拓扑中进行验证。实验结果表明，所提方法可在不改变 BGP 的前提下及时检测策略与拓扑动态变化导致的路由不稳定现象并确定其源头。

关键词: 域间路由安全, 路由振荡, 收敛时延, 区块链

Abstract:

To solve the problem of detection time limitation caused by route update delay and the possible tampering of traceability information in existing route instability traceable detection methods， an interdomain routing instability traceable detection method based on route state causal chain was proposed.By analyzing the causal relationship of route states， the route state update token that can describe the route state change and transfer process was defined.Route state update tokens were published and stored in the blockchain during the route update propagation to construct the decentralized and tamper-resistant route state causal chain.By analyzing the route state causal chain， the type of route instability was judged， and the failed links or policy-conflict AS sequences were located to achieve route instability traceable detection.The capability of proposed method to trace the failure link and the policy-conflict AS sequence which could lead to convergence delay and persistent route oscillation respectively was proven theoretically， and validating experiment based on software routers in typical topology was carried out.The experimental results demonstrate that the proposed method can timely detect route instability caused by the dynamic changes of both policy and topology， and determine type and root cause of route instability without modifying BGP.

Key words: interdomain routing security, route oscillation, convergence delay, blockchain

中图分类号:

TN393

陈迪, 邱菡, 张万里, 朱会虎, 朱俊虎, 王清贤. 基于路由状态因果链的域间路由不稳定溯源检测方法[J]. 通信学报, 2021, 42(12): 76-87.

Di CHEN, Han QIU, Wanli ZHANG, Huihu ZHU, Junhu ZHU, Qingxian WANG. Interdomain routing instability traceable detection method based on route state causal chain[J]. Journal on Communications, 2021, 42(12): 76-87.

图/表 9

图1

图2

图3

图4

图5

图6

图7

图8

图9

参考文献 23

[1]	REKHTER Y , LI T , HARES S . A border gateway protocol 4 (BGP-4)[R]. RFC Editor, 2006.
[2]	LABOVITZ C , AHUJA A , BOSE A ,et al. Delayed Internet routing convergence[J]. IEEE/ACM Transactions on Networking, 2001,9(3): 293-306.
[3]	PEI D , ZHANG B C , MASSEY D ,et al. An analysis of convergence delay in path vector routing protocols[J]. Computer Networks, 2006,50(3): 398-421.
[4]	VARADHAN K , GOVINDAN R , ESTRIN D . Persistent route oscillations in inter-domain routing[J]. Computer Networks, 2000,32(1): 1-16.
[5]	KUSHMAN N , KANDULA S , KATABI D . Can You hear me now? ![J]. ACM SIGCOMM Computer Communication Review, 2007,37(2): 75-84.
[6]	GRIFFIN T G , SHEPHERD F B , WILFONG G . The stable paths problem and interdomain routing[J]. IEEE/ACM Transactions on Networking, 2002,10(2): 232-243.
[7]	GAO L X , REXFORD J . Stable Internet routing without global coordination[J]. IEEE/ACM Transactions on Networking, 2001,9(6): 681-692.
[8]	GILL P , SCHAPIRA M , GOLDBERG S . A survey of interdomain routing policies[J]. ACM SIGCOMM Computer Communication Review, 2013,44(1): 28-34.
[9]	VILLAMIZAR C , CHANDRA R , GOVINDAN R . BGP route flap damping[R]. RFC Editor, 1998.
[10]	MAO Z M , GOVINDAN R , VARGHESE G ,et al. Route flap damping exacerbates Internet routing convergence[J]. ACM SIGCOMM Computer Communication Review, 2002,32(4): 221-233.
[11]	DA S R B , SOUZA M E . A survey on approaches to reduce BGP interdomain routing convergence delay on the Internet[J]. IEEE Communications Surveys ＆ Tutorials, 2017,19(4): 2949-2984.
[12]	GODFREY P B , CAESAR M , HAKEN I ,et al. Stabilizing route selection in BGP[J]. IEEE/ACM Transactions on Networking, 2015,23(1): 282-299.
[13]	SOBRINHO J L , FIALHO D , MATEUS P . Stabilizing BGP through distributed elimination of recurrent routing loops[C]// Proceedings of 2017 IEEE 25th International Conference on Network Protocols (ICNP). Piscataway:IEEE Press, 2017: 1-10.
[14]	ZHANG J , HU Z Y , ZHANG T . Update chain-based approach for checking route oscillation of BGP[J]. Chinese Journal of Aeronautics, 2011,24(2): 202-209.
[15]	LI Q , XU M W , WU J P ,et al. Toward a practical approach for BGP stability with root cause check[J]. Journal of Parallel and Distributed Computing, 2011,71(8): 1098-1110.
[16]	FEAMSTER N , JOHARI R , BALAKRISHNAN H . Implications of autonomy for the expressiveness of policy routing[J]. ACM SIGCOMM Computer Communication Review, 2005,35(4): 25-36.
[17]	KWON J . Tendermint:consensus without mining[R]. 2014.
[18]	PEI D , AZUMA M , MASSEY D ,et al. BGP-RCN:improving BGP convergence through root cause notification[J]. Computer Networks, 2005,48(2): 175-194.
[19]	AFEK Y , BREMLER-BARR A , SCHWARZ S . Improved BGP convergence via ghost Flushing[J]. IEEE Journal on Selected Areas in Communications, 2004,22(10): 1933-1948.
[20]	OLIVEIRA R , ZHANG B C , PEI D ,et al. Quantifying path exploration in the Internet[J]. IEEE/ACM Transactions on Networking, 2009,17(2): 445-458.
[21]	WENHUA W , QINGGUO S , QIN Z . On the relationship between BGP convergence delay and network topology[C]// Proceedings of 2008 11th IEEE International Conference on Communication Technology. Piscataway:IEEE Press, 2008: 546-549.
[22]	G?MPERLI A , KOTRONIS V , DIMITROPOULOS X . Evaluating the effect of centralization on routing convergence on a hybrid BGP-SDN emulation framework[C]// Proceedings of the 2014 ACM Conference on SIGCOMM. New York:ACM Press, 2014: 369-370.
[23]	BONEH D , BüNZ B , FISCH B . Batching techniques for accumulators with applications to IOPs and stateless blockchains[C]// Advances in Cryptology – CRYPTO 2019. Berlin:Springer, 2019: 561-586.

基于路由状态因果链的域间路由不稳定溯源检测方法

Interdomain routing instability traceable detection method based on route state causal chain

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 9

参考文献 23

相关文章 15

Metrics

推荐阅读 0

[1]	张海波, 曹钰坤, 刘开健, 王汝言. 车联网中基于区块链的分布式信任管理方案[J]. 通信学报, 2023, 44(5): 148-157.
[2]	刘雪娇, 钟强, 夏莹杰. 基于双层分片区块链的车联网跨信任域高效认证方案[J]. 通信学报, 2023, 44(5): 213-223.
[3]	冯涛, 陈李秋, 方君丽, 石建明. 基于本地化差分隐私和属性基可搜索加密的区块链数据共享方案[J]. 通信学报, 2023, 44(5): 224-233.
[4]	夏莹杰, 朱思雨, 刘雪娇. 区块链架构下具有条件隐私的车辆编队跨信任域高效群组认证研究[J]. 通信学报, 2023, 44(4): 111-123.
[5]	蒋丽, 谢胜利, 田辉. 面向数字孪生边缘网络的区块链分片及资源自适应优化机制[J]. 通信学报, 2023, 44(3): 12-23.
[6]	戴千一, 张斌, 郭松, 徐开勇. 基于多分类器集成的区块链网络层异常流量检测方法[J]. 通信学报, 2023, 44(3): 66-80.
[7]	经普杰, 王良民, 董学文, 张玉书, 王骞, Muhammad Sohail. 分层跨链结构：一种面向区块链系统监管的可行架构[J]. 通信学报, 2023, 44(3): 93-104.
[8]	刘雪娇, 曹天聪, 夏莹杰. 区块链架构下高效的车联网跨域数据安全共享研究[J]. 通信学报, 2023, 44(3): 186-197.
[9]	黄冬艳, 李琨. 多地址的时间型区块链隐蔽通信方法研究[J]. 通信学报, 2023, 44(2): 148-159.
[10]	杨亚涛, 刘德莉, 刘培鹤, 曾萍, 肖嵩. BFV-Blockchainvoting：支持BFV全同态加密的区块链电子投票系统[J]. 通信学报, 2022, 43(9): 100-111.
[11]	冯霞, 崔凯平, 谢晴晴, 王良民. VANET中基于区块链的分布式匿名认证方案[J]. 通信学报, 2022, 43(9): 134-147.
[12]	李雷孝, 杜金泽, 林浩, 高昊昱, 杨艳艳, 高静. 区块链网络隐蔽信道研究进展[J]. 通信学报, 2022, 43(9): 209-223.
[13]	熊礼治, 朱蓉, 付章杰. 基于交易构造和转发机制的区块链网络隐蔽通信方法[J]. 通信学报, 2022, 43(8): 176-187.
[14]	杜瑞忠, 张添赫, 石朋亮. 基于区块链且支持数据共享的密文策略隐藏访问控制方案[J]. 通信学报, 2022, 43(6): 168-178.
[15]	莫梓嘉, 高志鹏, 杨杨, 林怡静, 孙山, 赵晨. 面向车联网数据隐私保护的高效分布式模型共享策略[J]. 通信学报, 2022, 43(4): 83-94.