BGP (Border Gateway Protocol) routing trusted verification method based on SDN (Software Defined Network) architecture

Abstract

The invention relates to a BGP (Border Gateway Protocol) routing trusted verification method based on SDN (Software Defined Network) architecture. The method comprises the following steps: I, building a BGP routing trusted verification environment based on the SDN architecture; II, acquiring BGP neighbor information by a centralized control point; III, detecting anomalies in a centralized way by the centralized control point, verifying whether BGP routing is trustable or not, if so, ending, otherwise, entering a step IV; IV, generating a security policy for blocking the anomalies by the centralized control point; V, issuing the security policy by the centralized control point to block anomalous routing; and VI, verifying whether the anomalous routing is blocked or not by the centralized control point by a method of reading a BGP neighbor information table once again by an agent, transmitting the BGP neighbor information table to the centralized control point through a NETCONF protocol, and turning to the step III. Compared with an existing BGP routing trusted verification method, the BGP routing trusted verification method disclosed by the invention has the advantages that the deployment overhead can be lowered; the anomaly detection performance and real-time performance are enhanced; the anomalies are blocked through closed-loop control; forward compatibility and high expandability are realized; and the overall cost-performance ratio of a system is increased greatly.

Description

technical field [0001] The present invention mainly relates to the field of network security, in particular to a BGP (Border Gateway Protocol, Border Gateway Protocol) route trustworthy verification method based on an SDN (Software Defined Network, software defined network) architecture. Background technique [0002] Inter-domain routing security is of great significance to the security of the entire Internet. One of the keys to enhancing the security of inter-domain routing is to improve the security of inter-domain routing protocols. BGP protocol is currently the only inter-domain routing protocol, and its security is the key to the security of the entire Internet routing system. Whether the BGP route is trustworthy is the basis for ensuring the security of the BGP protocol. However, at the beginning of BGP design, the issue of trusted routing was not fully considered, and only some simple authentication mechanisms ensured security. In the current complex network environ...

AI Technical Summary

Problems solved by technology

This method has the following disadvantages: in the digital signature authentication method, each device is required to have two kinds of keys, public key and private key, the key generation, distribution, and maintenance work is cumbersome, the key system is difficult to deploy, and the cost is very high; With the increase of the network scale, the exponential growth of network equipment greatly increases the difficulty of deployment and management of the key system and reduces the overall cost performance of the system.

[0004] Another common way to ensure the credibility of BGP routes is to adopt the BGP route detection system to detect route anomalies. This method has the following disadvantages: 1. The existing route security monitoring system only provides abnormal discovery and alarm services, and does not block abnormalities. function, that is

Images