域间路由协同管理机制及其应用
A Cooperative Mechanism for Inter-Domain Routing Management
-
摘要: 域间路由系统是互联网的核心基础设施,由多个独立配置和管理路由策略的自治系统互联而成.这种缺乏协同的管理模式会引起诸多控制和管理问题,例如:路由震荡、路由安全及流量工程违背等.为了消除路由策略冲突,自治系统之间需要协同.出于竞争目的,运营商需要对外隐藏自己的秘密信息,例如:路由策略、网络拓扑等等.这种行为阻碍了自治系统的协同.由于缺乏有效的协同信息访问机制,跨域路由策略管理难以实施.为了加强运营商的协同能力,基于离散对数假设提出一种面向多自治系统协同的路由策略一致性检查方法,该方法能够在不透露自治系统路由策略的前提下完成策略冲突检测.与基于加同态公钥密码算法的解决方案相比,不需要引入茫然第三方,具有更小的计算和通信开销.不需要修改BGP协议,易于实现和实施,支持可渐进部署,能够用于域间路由策略冲突检测、路由有效性验证、路由监测和协同入侵检测等多个领域.Abstract: Inter-domain routing system is the fundamental infrastructure of Internet. It consists of many interconnected autonomous systems (ASes) which configure and operate their routing policy independently. The uncoordinated routing decision can cause various problems such as routing oscillations, routing security and traffic engineering failure. To detect and remove the routing policy conflict, multi-ASs cooperation is needed. For competitive purpose, ISP always keeps some information confidential such as routing policy, network topology and this requirement of privacy preserve hinders the cooperation among ISP. Due to the lack of effective coordinative mechanism for confidential information access, the cross-domain routing policy management can not be implemented. To improve the cooperative ability of ISP, the authors design a multi-AS-cooperation-oriented method for routing policy consistency analysis based on disperse logarithm hypothesis, which can detect the inconsistency existing among multi ASs routing policy without leaking the confidential information of policy. Compared with the solution based additively homomorphic asymmetrical encrypt function, this method need not an oblivious third party and has lower computing and communication cost. This method need not modify the BGP routing protocol, so it is easier to deploy and cheaper to implement. It can be used in many applications such as routing policy conflict detection, routing validation, routing monitor and cooperative intrusion detection.