【作者】 刘欣；

【导师】 朱培栋；

【作者基本信息】 国防科学技术大学 ， 计算机科学与技术， 2004， 硕士

【摘要】 国家的经济建设和社会发展对全球Internet的依赖性越来越强。然而,作为Internet关键支撑部分的域间路由系统却存在许多问题,如路由震荡、收敛延迟、BGP协议实现缺陷以及缺乏安全机制等等。目前,对Internet域间路由安全的研究受到极大关注,已成为Internet领域中的一个研究热点。 业界开展的工作主要集中在域间路由系统的三个平面:管理平面、控制平面与转发平面。本文深入分析了当前关于域间路由安全的研究工作,认为由于S-BGP等新型域间路由协议的部署存在重重障碍,要基于现有网络设备确保域间路由系统的健康,管理平面的域间路由监测是非常实际和真正能够发挥效用的技术途径。由于现有监测系统的作用与效果还远不能令人满意,首先应该建立一个有效的域间路由监测系统模型,研究该模型下的若干关键技术,给出该监测系统的设计方案并实现,最后还需要对监测结果数据进行分析、讨论以指导监测系统的改进。本文以此为线索,针对这些内容开展深入研究,主要取得以下一些研究成果: 1.提出了一种有效的监测域间路由的系统模型。该模型基于BGP路由表监测或BGP更新报文监测两种技术之上,能利用Internet拓扑特性来检测异常路由,从而达到监测域间路由系统的目的。 2.研究了几种基本的ISP商业互连关系以及这个关系模型的构造问题,提出了一种ISP商业互连关系模型的构造算法,并把该算法应用于域间路由监测系统ISP-HEALTH中。 3.研究了Internet的层次模型构造技术。提出了一种可扩展的Internet三级层次模型,并给出该模型的构造算法。不仅使用本算法刻画了Internet的层次特性,还把本算法用于域间路由监测系统ISP-HEALTH中。 4.给出域间路由监测系统的详细设计方案,并实现了一个Internet域间路由监测系统原型——ISP-HEALTH系统。 5.对BGP路由表中的环形异常路由进行深入研究。指出其产生的主要原因是管理员错误使用prepend命令;传播的原因是BGP协议没有定义如何处理环形异常路由;但是,由于负载平衡、链路备份等因素使得其对Internet的连通性影响并不大。更多还原

【Abstract】 National economy and society development become more and more dependent on the global Internet. However, inter-domain routing system as a key part of the Internet has severe problems. Currently, the researches about security of inter-domain routing of the Internet have got great attentions, and are being hot research points.After analyzing current issues and researches about the security of inter-doamin routing deeply, we conclude that the problem should be studied at three levels of inter-domain routing system, which are management plane, control plane and forwarding plane. Since the deployment of the new inter-domain routing protocol, e.g. S-BGP, is confronted with many obstacles, monitoring is an effective and practical method to ensure the healthy inter-domain routing system based on the current network devices. Because current monitoring systems of inter-domain are not effective, firstly we build an effective model of monitoring system of Inter-domain. Secondly, we study some key technologies of the model, provide detailed design schemes of this monitoring system and implement it. Finally, we analyze the monitored data to optimize it. In this dissertation, the main contributions are as follows:1. Proposes a monitoring model for inter-domain routing system, which can detect anomalous routes by utilizing the characteristics of the Internet topology, and avoid the deficiencies of other monitoring systems.2. Studies the problem of how to get commercial relationships of the ISPs. Several typical commercial relationships are discussed, and a new algorithm which can be used to ISP-HEALTH is provided.3. Studies the hierarchy of the Internet, and proposes a scalable 3-level model of the Internet and a new construction algorithm. This algorithm is not only used to study the hierarchy characteristic of the Internet, but also implemented in ISP-HEALTH.4. Discusses the detailed implement schemes of this monitoring system and has finished prototype.5. Examines the routing-loop phenomenon of the inter-domain routing system by analyzing the data from RouteViews, and provides the informative statistics and analysises. The discussion on the causes of routing-loops and related problems contribute greatly to the healthy operation of the Internet.更多还原