CN104468349B - A kind of BGP routing authentication methods based on hop-by-hop supervision - Google Patents
A kind of BGP routing authentication methods based on hop-by-hop supervision Download PDFInfo
- Publication number
- CN104468349B CN104468349B CN201410705485.4A CN201410705485A CN104468349B CN 104468349 B CN104468349 B CN 104468349B CN 201410705485 A CN201410705485 A CN 201410705485A CN 104468349 B CN104468349 B CN 104468349B
- Authority
- CN
- China
- Prior art keywords
- hop
- packet
- bgp
- bloom filter
- fbf
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention relates to a kind of BGP routing authentication methods based on hop-by-hop supervision, including:1) unique mark value is added in the information that AS (autonomous system) is safeguarded, binary vector data structure BF (Bloom Filter) is calculated according to the unique mark value;2) using BF construction as_path informations, by carrying BF in bgp update packet, and by it compared with AS unique mark value, routing update message forwarding interface corresponding to selection, BGP routes are established;3) in packet repeating process, BF fields are carried in the packet exported from AS, the AS for receiving the packet is verified using BF fields, judges whether packet correctly transmits from upper hop according to the route established, and realizes the BGP routing authentications based on hop-by-hop supervision.The present invention can improve the efficiency verified in route establishment process, realize the veritification of declaration route and data forwarding paths uniformity.
Description
Technical field
The invention belongs to network technique field, and in particular to a kind of BGP routing authentication methods based on hop-by-hop supervision.
Background technology
BGP (Border Gateway Protocol) agreement is a kind of inter-domain routing protocol, and Internet most attaches most importance to
One of Routing Protocol wanted.Bgp protocol results from the 1980s, at that time, Internet predecessor --- Advanced Research Projects Agency Network is quick
Development, to solve to route scalability problem caused by network size drastically expands.RFC827 proposes a solution,
Advanced Research Projects Agency Network is changed into by multiple autonomous systems (Autonomous System, abbreviation from the network of a single coordinated management
AS the network of interconnection) is disperseed.Autonomous system is also known as Autonomous Domain, is managed by independent community.In Autonomous Domain can unrestricted choice OSPF,
The intra-area routes agreement such as RIP, identical inter-domain routing protocol is then used between Autonomous Domain.Initial inter-domain routing protocol be
The EGP (Exterior Gateway Protocol) used in Advanced Research Projects Agency Network, EGP agreements can be described as the young bird of bgp protocol design
Shape, it is applied to the Advanced Research Projects Agency Network based on early backbone network, only supports the network of tree topology.With the topology of internet
Structure is gradually changed from tree-shaped to netted interconnection, and EGP agreements are difficult in adapt to new network environment.Now, bgp protocol is as EGP
The replacer of agreement just arises at the historic moment.
First bgp protocol version is formulated in RFC 1105.After the multiple modification of IETF IDR working groups, at present, mutually
The version of actual motion is BGP-4 in networking.Bgp protocol is a kind of path vector (path vector) agreement, and it is supported
CIDR, route aggregation and flexible and changeable routing strategy.
In history, distinctions won on the battlefield have been made in commercializations and globalization of the BGP for internet.However, the design of bgp protocol
The defects of huge is left in secure context, this directly results in the generation of internet security a lot of major events in history.Compare
The well-known AS7007 for having 1997 mismatches event, the route injections of the TTNet of 2004 event, the abduction of the YouTube of 2008
Event and Australia network interruption event of 2012.In addition, the design defect of bgp protocol also makes hacker attack bgp protocol
It is increasingly dense to hit interest.For example, DEFCON hacker's conference of 2008, two speakers are demonstrated among bgp protocol progress
People is attacked to realize the attack method of flow abduction.All these security incidents and attack all fully expose BGP routes
Agreement is in fragility for security.
Based on this, the research about BGP safety is concerned by people very much always.In State-level, Department of Homeland Security of the U.S. in
BGP was formally included safely to cyberspace National Security Strategy in 2003, National Institute of Standards and Technology is also 2007
Year has formulated bgp protocol safety standard document.In academia, BGP is also an important research side of network safety filed safely
To many researchers and WSO further investigate to it always.Than it is more typical have BBN companies design S-BGP,
The soBGP and the safe inter-domain routings of IETF (Secure Inter-Domain Routing, abbreviation that Cisco companies release
SIDR) the RPKI&BGPsec agreements that working group is developing.These all for solve BGP safety problems provide technical thought and
Striving direction.RPKI&BGPsec has turned into the practical work standard of following large scale deployment, and wherein RPKI standardization effort is substantially complete
Into architectural framework obtains five big RIR (Regional Internet Register, provincialism under ICANN promotions
Internet registration bodies) deployment support, among BGPsec standardization effort is also carried out in full preparation.
Because the AS topologys held relation and determine its upstream of IP address, IP address-based point of inter-domain routing decision-making
With situation.Therefore, one of basic function of RPKI systems is that the distribution to these resources provides the guarantee that can verify that in cryptography.
The current distribution of IP address is level:The top of level is IANA;It is five major region property the Internet registereds under IANA
Mechanism (RIRs) --- RIRs manages IP address and AS resources in oneself region;The third layer of distribution level is country because of spy
Net registration body (NIRs) and local the Internet registered mechanism (LIRs or referred to as ISP) and so-called independent distribution holder
(in certain areas, the third level only may also be made up of ISP/LIR and independent distribution holder).
Generally, the holder of IP address block can distribute the part of its address block has registration to the department of oneself or with it
The mechanism of relation.Because this structure, IP address distribution can be described naturally by the PKI of stratification --- each certificate
Describe an IP address distribution (it is this to describe to be equally applicable to the distribution of AS numbers, but AS numbers can not by except RIR and
Mechanism sub-distribution again outside NIR).Therefore, IP address and AS numbers can be safeguarded by same set of PKI.The head that RPKI is solved
The problem is wanted to be exactly:Some AS whether be some IP lawful owner, and whether an AS possess a certain IP prefixes of notice
Legal authorization (origin AS authenticity).Based on this function, BGPsec institutes other problem solved is that:One BGP road
AS_PATH in whether with its Network Layer Reachable Information (Network Layer Reachability Information, letter
Claiming NLRI) path of actual propagation is consistent (i.e. AS_APTH integrality).As path vector protocol, BGP is when propagating route
Carry important routing information.On the one hand routing information is used to indicate the network topology for reaching the route, on the other hand also use
In Route Selection.The routing information that BGP is propagated mainly includes Network Layer Reachable Information (network layer reachability
Information, abbreviation NLRI) and path attribute (path attribute).Network Layer Reachable Information includes IP prefixes
(prefix) and length, the cidr address for recognition purpose network.Path attribute is described to up to the route of the cidr address
Specific properties.For example, as_path attribute, which lists, reaches a string of AS paths that purpose network is passed through, NEXT_HOP attributes are said
Understand the next hop address of the route.
Specifically, RPKI certificate issue system is distributed with existing address and AS number assignment systems match, it
Resource credentials are signed and issued step by step downwards from IANA and RIR, until end entity (end entity).End entity possesses one section can not be thin again
The IP address resource divided, it is one section of entitled route source mandate (route origination using the private key of oneself
Authorizations, abbreviation ROA) information signed.The IP address block and end entity that ROA includes end entity are specified and used
In noticing No. AS of the sector address.All certificates and ROA pass through a set of distributed RPKI Certificate Storage Systems (RPKI
Repository system) collection neutralization distribution is carried out, every bgp router can obtain from the ISP point of departures belonging to oneself
All kinds of certificates and ROA.ROA information is authenticated using end entity certificate, it is possible to verify the origin AS in AS_PATH
Whether notice NLRI mandate is had.
However, there is following three in current BGPsec basic agreements:
1) all AS included in AS_PATH are subjected to signatures nested, then owned by what routing update message was passed through
AS is decrypted and verified, the problem for the treatment of effeciency is too low be present;
2) route messages are included in as_path attribute in the form of AS numbers, can be direct if there is RPKI Key Exposures
Cause the leakage of bgp routing policy;
3) whether BGPsec only ensure that the safety of Route establishment, but can not be to AS according to declaring that it is actual that route is carried out
The veritification function of packet forwarding.
The content of the invention
The present invention is in view of the above-mentioned problems, provide a kind of BGP routing authentication methods based on hop-by-hop supervision, by BGPsec
Bloom Filter are added in packet, realize the BGP routing authentications based on hop-by-hop supervision.
The technical solution adopted by the present invention is as follows:
A kind of BGP routing authentication methods based on hop-by-hop supervision, its step include:
1) unique mark value is added in the information that AS (Autonomous System, autonomous system) is safeguarded, according to this
Binary vector data structure BF (Bloom Filter) is calculated in unique mark value;
2) using BF construction as_path informations, by carrying BF in bgp update packet, and by its unique mark with AS
Knowledge value is compared, routing update message forwarding interface corresponding to selection, so as to establish BGP routes;
3) in packet repeating process, BF fields is carried in the packet exported from AS, receive the packet
AS is verified using BF fields, judges whether packet correctly transmits from upper hop according to the route established, so as to realize
BGP routing authentications based on hop-by-hop supervision.
Further, step 1) the binary vector data structure Bloom Filter, including:
FBF, represent whole path through AS calculate Bloom Filter;
CBF, before representing this AS processing, the Bloom Filter for the AS calculating that packet passes through;
LBF, before representing upper hop AS processing, the Bloom Filter for the AS calculating that packet passes through.
Further, step 2) establish BGP route detailed process be:Router receives the bgp update number comprising FBF
According to bag (BGP UPDATE) after, first check for oneself identify whether be included in:
If it is, the message is correctly received in explanation, then map network layer is carried out up to information (network layer
Reachability information, abbreviation NLRI) routing update, then, the router determines whether to be included in FBF
In direct-connected peer node, and bgp update packet is continued to be forwarded to the next-hop AS included in FBF;
If it is not, illustrating that the router mistakenly receives bgp update packet, then it is anti-to carry out mistake to receiving interface
Feedback;After receiving error feedback, it was demonstrated that path establish it is wrong, then router hop-by-hop return error message, until source receives
Again path planning afterwards.
Further, the detailed process of step 3) progress BGP routing authentications is:
In packet repeating process, an IP option (ASPATH) is added from the packet of some AS outlets, it is taken
Band tri- fields of FBF, CBF and LBF, the received end AS public key encryptions of FBF prevent midway from distorting;
After some AS receives packet, the mark for sending AS by upper hop packet first judges whether LBF should turn
Move on to CBF (i.e. whether CBF is equal to " LBF+ upper hops AS marks "), if it is, the AS think packet from upper hop be according to
What the route having built up correctly was transmitted, so as to which LBF is arranged to CBF value, and by " the current AS marks of CBF+ " as new CBF
It is transmitted to next-hop;If it is not, then it is wrong to think that upper hop AS is sent, so as to feedback error prompting message;
If all AS checkings in path are errorless, show that approach AS does not forge to BF, when last AS receives number
During according to bag, FBF is decrypted with its private key, checks whether CBF and FBF is identical:If identical, it is according to all routes to show packet
The path that device is established forwards with strategy;Otherwise show that packet does not forward according to predefined paths, then directly to data originating end
Notified.
Although RPKI systems realize the credible distribution and verification machine between internet code number (AS numbers and and IP address)
System, and realize the trust authentication system (BGPsec) in BGP route establishment process.But compared with BGPsec, the present invention just like
Lower beneficial effect:
1) checked with BF and replace key authentication, improve the efficiency verified in route establishment process;
2) AS numbers Bu roads, which have in message, transmits, but with its corresponding BF, the risk revealed in the absence of any route;
3) veritification of declaration route and data forwarding paths uniformity is realized.
Brief description of the drawings
Fig. 1 is routing update flow chart in embodiment.
Fig. 2 is packet forwarding process figure in embodiment.
Embodiment
In order to facilitate the understanding of the purposes, features and advantages of the present invention, below by specific embodiment and
Accompanying drawing, the present invention will be further described.
The problem of BGPsec basic agreements are present is (as described in the background art) that the present invention proposes to be based on Bloom
Filter carries out the main starting point of the BGP routing authentication mechanism of hop-by-hop supervision.
The present invention includes three Bloom Filter in BGPsec packets:
Final BF(FBF):The Bloom that whole path institute calculates through AS (Autonomous System, autonomous system)
Filter。
Current BF(CBF):Before this AS processing, the Bloom Filter for the AS calculating that packet passes through.
Last BF(LBF):Before upper hop AS processing, the Bloom Filter for the AS calculating that packet passes through.
On this basis, network state is divided into two kinds of scenes and respective demand by the present invention:
1) trustable network state:Between AS under mutual trusted status, ensure the high efficiency of routing update process.
2) unreliable network state:Between AS under insincere state, mainly solve the problems, such as it is that can packet according to
The path established is transmitted, if do not transmitted according to predefined paths, should be able to accurately be found.
The present invention stores mark corresponding to each AS using RPKI and provides support with its public key for above-mentioned flow.Lower mask body
Introduce the particular content of the present invention.
1) maintenance of the corresponding marks of AS
RPKI has been provided for a kind of credible architectural framework, for safeguarding the legal IP prefix informations possessed of AS, can verify that
Identity information etc..Need to be extended on this basis in the present invention, safeguard that its whole world is added at the center of information in AS
Unique ident value, AS in itself with AS numbers also with global uniqueness, but in order to not reveal AS privacy informations, in reality
AS numberings can be used to calculate the present invention completely in and put forward each BF values, the generation of the value preferably uses the supreme side distributed downwards
Formula, and carried out together with the distribution of CA certificate.Assuming that needing to be numbered for most 65536 AS, its allocation rule can adopt
Use following manner:
● IANA distributes some position (such as 20) marks to five big RIR and is respectively
00000000000000000000,0001000000000000000,0010000000000000000,
00110000000000000000,0100000000000000000
● each RIR carries out unique number using rear some positions (such as 16) to the AS of its affiliated scope.
2) BF generation
The present invention constructs as_path information using BF, and Bloom filter are to be proposed by Howard Bloom in 1970
Binary vector data structure, it has good room and time efficiency, be used to detect an element whether gather
In a member, if two of same position value full 0s, result 0, are otherwise 1.BF in the present invention is multiple No. AS
Code Hash generates character string or result of calculation.
● assuming that AS1's is identified as:00000001000100010001
● assuming that AS2's is identified as:00000000111100001101
● the BF of the AS_PATH so comprising AS1 and AS2 is:00000001111100011101
When certain AS receives the BF, only it is included in its mark for 1 position in the BF, just illustrates that the AS is included
In to AS_PATH, otherwise illustrate the AS not in the AS_PATH.
3) route establishment process
This part is directed under trustable network environment, how efficiently to establish the path from certain AS to certain IP prefix, i.e.,
The AS_PATH for how ensureing to include in BGP UPDATE packets can by quickly handled through AS and establish corresponding route shape
State.In BGP route establishment process of the present invention, routing update origin AS carries FBF in transmitted BGP routing update messages
(for the disposition flexibility of the increase present invention, where carrying this information and do not providing in the present invention), it is direct-connected by calculating
AS mark and compared with FBF, routing update message forwarding interface corresponding to AS selections, its flow are as shown in Figure 1.This
Wen Zhong, AS numbering/number are all referring to AS numbers, and such as AS 1024, in AS 20334, numeral below is exactly AS numberings/number,
And AS marks refer in the present invention by numbering string of the processing for generating BF.
As can be seen here, after receiving the BGP UPDATE comprising FBF, router first check for oneself identify whether include
Wherein:If it is, the message is correctly received in explanation, then corresponding NLRI routing update is carried out, then, the router is sentenced
Which of direct-connected peer node of breaking is included in FBF, and UPDATE is continued to be forwarded to the next-hop AS included in FBF;
If it is not, then illustrating that the router mistakenly receives UPDATE, then error feedback is carried out to receiving interface.Receive mistake
After feedback, it was demonstrated that path establish it is wrong, then router hop-by-hop return error message, plan road again after source receives
Footpath.
Based on this flow, routing update message can be smoothly by the AS that should pass through, but does not expose explicitly
Routing information is completed corresponding to NLRI, and (calculating of this function based on Bloom Filter is irreversible, i.e., can not be by inversely calculating
Infer whether some AS is included in Bloom Filter).
Under trustable network state, as long as establishing safe and reliable routing state, router will be according to the road of foundation
By carry out data forwarding.But, it is necessary to veritified to data forwarding under incredible network state, i.e. below step 4) institute
The process of description.
4) routing authentication process
In packet repeating process of the present invention, an IP option (ASPATH) is added from the packet of some AS outlets
(a TLV option of such as option as IPv6 data hop-by-hop options header), it carries tri- fields of FBF, CBF and LBF.To it
Handling process is as shown in Figure 2.
The received end AS public key encryptions of FBF prevent midway from distorting.So in incredible network environment, some AS is received
After packet, first by upper hop packet send AS mark judge LBF whether should be transferred to CBF (i.e. CBF whether etc.
In " LBF+ upper hops AS marks "), if it is, the AS thinks that packet from upper hop is correctly passed according to the route having built up
Defeated, so as to which LBF is arranged to CBF value, and " the current AS of CBF+ are identified " is transmitted to next-hop as new CBF.If not,
It is wrong then to think that upper hop AS is sent, so as to feedback error prompting message.If all AS checkings in path are errorless, show approach AS
BF is not forged, when last AS receives packet, with its private key decrypt FBF, check CBF and FBF whether phase
Together:If identical, showing packet is forwarded according to the path that all-router is established and strategy;Otherwise packet is shown not
Forward, then directly notified to data originating end according to predefined paths.
The above embodiments are merely illustrative of the technical solutions of the present invention rather than is limited, the ordinary skill of this area
Technical scheme can be modified by personnel or equivalent substitution, without departing from the spirit and scope of the present invention, this
The protection domain of invention should be to be defined described in claim.
Claims (6)
1. a kind of BGP routing authentication methods based on hop-by-hop supervision, wherein BGP represents Border Gateway Protocol, the step of this method
Including:
1) unique mark value is added in AS is the information that autonomous system is safeguarded, two is calculated according to the unique mark value and enters
Vector data structure Bloom Filter processed;
2) using Bloom Filter construction as_path informations, by carrying Bloom in bgp update packet
Filter, and by it compared with AS unique mark value, routing update message forwarding interface corresponding to selection, so as to establish
BGP is route;
3) in packet repeating process, Bloom Filter fields is carried in the packet exported from AS, receive the number
Verified according to the AS of bag using Bloom Filter fields, judge packet whether from upper hop according to the route established just
Really transmission, so as to realize the BGP routing authentications based on hop-by-hop supervision.
2. the method as described in claim 1, it is characterised in that step 1) the binary vector data structure Bloom
Filter, including:
FBF, represent whole path through AS calculate Bloom Filter;
CBF, before representing this AS processing, the Bloom Filter for the AS calculating that packet passes through;
LBF, before representing upper hop AS processing, the Bloom Filter for the AS calculating that packet passes through.
3. method as claimed in claim 2, it is characterised in that step 2), which establishes the detailed process that BGP is route, is:Router connects
After receiving the bgp update packet comprising FBF, first check for oneself identify whether be included in:
If it is, the message is correctly received in explanation, then corresponding NLRI routing update is carried out, wherein NLRI represents Internet
Up to information;Then, the router determine whether be included in FBF in direct-connected peer node, and by bgp update packet after
It is continuous to be forwarded to the next-hop AS included in FBF;
If it is not, illustrating that the router mistakenly receives bgp update packet, then error feedback is carried out to receiving interface;
After receiving error feedback, it was demonstrated that path establish it is wrong, then router hop-by-hop return error message, after source receives weight
New path planning.
4. method as claimed in claim 3, it is characterised in that step 3) carry out BGP routing authentications detailed process be:
In packet repeating process, from some AS outlet packet be added an IP option, its carry FBF, CBF and
Tri- fields of LBF, the received end AS public key encryptions of FBF prevent midway from distorting;
After some AS receives packet, the mark for sending AS by upper hop packet first judges whether LBF should be transferred to
CBF, if it is, the AS thinks that packet from upper hop is correctly transmitted according to the route having built up, so as to which LBF is arranged to
CBF value, and " the current AS of CBF+ are identified " is transmitted to next-hop as new CBF;If it is not, then think that upper hop AS is sent
It is wrong, so as to feedback error prompting message;
If all AS checkings in path are errorless, show that approach AS does not forge to BF, when last AS receives packet
When, FBF is decrypted with its private key, checks whether CBF and FBF is identical:If identical, showing packet is built according to all-router
Vertical path forwards with strategy;Otherwise show that packet does not forward according to predefined paths, then directly carried out to data originating end
Notice.
5. method as claimed in claim 1 or 2, it is characterised in that:Numbered using AS and calculate binary vector data structure
Bloom Filter value.
6. method as claimed in claim 5, it is characterised in that:The value of the Bloom Filter is that multiple AS numbers are breathed out
The "or" result of calculation of character string is generated after uncommon calculating.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410705485.4A CN104468349B (en) | 2014-11-27 | 2014-11-27 | A kind of BGP routing authentication methods based on hop-by-hop supervision |
PCT/CN2014/095174 WO2016082275A1 (en) | 2014-11-27 | 2014-12-26 | Bgp route authentication method based on hop-by-hop monitoring |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410705485.4A CN104468349B (en) | 2014-11-27 | 2014-11-27 | A kind of BGP routing authentication methods based on hop-by-hop supervision |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104468349A CN104468349A (en) | 2015-03-25 |
CN104468349B true CN104468349B (en) | 2017-11-14 |
Family
ID=52913749
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410705485.4A Active CN104468349B (en) | 2014-11-27 | 2014-11-27 | A kind of BGP routing authentication methods based on hop-by-hop supervision |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN104468349B (en) |
WO (1) | WO2016082275A1 (en) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105523061B (en) * | 2015-12-21 | 2018-03-20 | 南京漫科智能科技有限公司 | A kind of complete control device of the data of interlocking by electric locks |
CN106060014B (en) * | 2016-05-18 | 2019-04-26 | 中国互联网络信息中心 | Method that is a kind of while solving prefix hijack, path abduction and routing leakage attack |
CN107870925B (en) * | 2016-09-26 | 2021-08-20 | 华为技术有限公司 | Character string filtering method and related device |
CN113162889B (en) * | 2020-01-22 | 2023-02-17 | 北京车和家信息技术有限公司 | Authentication method and device for route updating information |
CN112003959B (en) * | 2020-07-13 | 2023-06-16 | 深圳网基科技有限公司 | Automatic issuing method and device for route origin authorization |
CN112003822B (en) * | 2020-07-15 | 2022-11-01 | 互联网域名***北京市工程研究中心有限公司 | Quality detection method and device for route origin authorization |
CN113542116B (en) * | 2021-02-26 | 2023-02-21 | 互联网域名***北京市工程研究中心有限公司 | ASPA (advanced application platform Power) improvement-based path verification method |
CN113055829B (en) * | 2021-03-16 | 2022-04-19 | 深圳职业技术学院 | Privacy protection method and device for network broadcast information and readable storage medium |
CN114124811B (en) * | 2021-10-21 | 2023-08-01 | 中盈优创资讯科技有限公司 | Route leakage real-time monitoring method |
CN114124411B (en) * | 2021-12-07 | 2024-01-09 | 牙木科技股份有限公司 | Information registration method, information authentication method, DNS server, and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101099340A (en) * | 2005-02-01 | 2008-01-02 | 思科技术公司 | System and methods for network path detection |
CN101124785A (en) * | 2005-03-04 | 2008-02-13 | 思科技术公司 | System and methods for network reachability detection |
CN102714839A (en) * | 2010-01-29 | 2012-10-03 | 瑞典爱立信有限公司 | Packet routing in a network |
CN104038384A (en) * | 2014-05-22 | 2014-09-10 | 中国电子科技集团公司第三十研究所 | Tracking and tracing system based on GBF and working method thereof |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150207675A1 (en) * | 2012-08-28 | 2015-07-23 | Nec Corporation | Path Control System, Control Apparatus, Edge Node, Path Control Method, And Program |
-
2014
- 2014-11-27 CN CN201410705485.4A patent/CN104468349B/en active Active
- 2014-12-26 WO PCT/CN2014/095174 patent/WO2016082275A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101099340A (en) * | 2005-02-01 | 2008-01-02 | 思科技术公司 | System and methods for network path detection |
CN101124785A (en) * | 2005-03-04 | 2008-02-13 | 思科技术公司 | System and methods for network reachability detection |
CN102714839A (en) * | 2010-01-29 | 2012-10-03 | 瑞典爱立信有限公司 | Packet routing in a network |
CN104038384A (en) * | 2014-05-22 | 2014-09-10 | 中国电子科技集团公司第三十研究所 | Tracking and tracing system based on GBF and working method thereof |
Also Published As
Publication number | Publication date |
---|---|
CN104468349A (en) | 2015-03-25 |
WO2016082275A1 (en) | 2016-06-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104468349B (en) | A kind of BGP routing authentication methods based on hop-by-hop supervision | |
Ahmed et al. | IPv6 neighbor discovery protocol specifications, threats and countermeasures: a survey | |
CN107251509B (en) | Trusted routing between communication network systems | |
Chuat et al. | The Complete Guide to SCION | |
US9654482B2 (en) | Overcoming circular dependencies when bootstrapping an RPKI site | |
US11362837B2 (en) | Generating trustable RPL messages having root-signed rank values | |
CN114389835B (en) | IPv6 option explicit source address encryption security verification gateway and verification method | |
CN104219239A (en) | LoWPAN (low-power wireless personal area network) node secure access control method based on neighbor discovery | |
Song et al. | Novel attacks in OSPF networks to poison routing table | |
Pei et al. | A framework for resilient Internet routing protocols | |
Wong et al. | Network infrastructure security | |
CN103906163A (en) | Safe point-to-point routing method based on fisheye domain | |
Elamathi et al. | Enhanced secure communication over inter-domain routing in heterogeneous wireless networks based on analysis of BGP anomalies using soft computing techniques | |
Li et al. | Learning the valid incoming direction of IP packets | |
Pravin et al. | Preserving Privacy Using an Unobservable Secure Routing Protocol for MANETs | |
Lee | A study on effective hash routing in MANET | |
Bakkali et al. | Security problems in BGP: An overview | |
Raheem et al. | A secure authentication protocol for IP-based wireless sensor communications using the Location/ID Split Protocol (LISP) | |
Puttini et al. | Certification and authentication services for securing MANET routing protocols | |
Phung et al. | DASSR: A distributed authentication scheme for secure routing in wireless ad-hoc networks | |
Rengarajan et al. | Secure verification technique for defending IP spoofing attacks. | |
Patil et al. | An unobservable secure routing protocol with wormhole attack prevention for mobile Ad-Hoc network | |
Patel et al. | An efficient anonymous secure routing (easr) protocol for manets in adversial environment | |
Al-attar | A comparative study on security features in manets routing protocols | |
Ananthi et al. | Two level Authentication and Packet Marking Mechanism for Defending against DoS and DDoS Attacks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20210226 Address after: 100190 room 506, building 2, courtyard 4, South 4th Street, Zhongguancun, Haidian District, Beijing Patentee after: CHINA INTERNET NETWORK INFORMATION CENTER Address before: 100190 No. four, 4 South Street, Haidian District, Beijing, Zhongguancun Patentee before: Computer Network Information Center, Chinese Academy of Sciences |
|
TR01 | Transfer of patent right |