Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A trusted verification method for bgp routing based on sdn architecture

A technology of SDN architecture and verification method, applied in the field of network security, can solve the problems of no automatic feedback control, no forward compatibility, abnormal routing security monitoring system, etc., to achieve good versatility and scalability, reduce deployment Overhead, the effect of improving verification efficiency

Active Publication Date: 2019-06-28
NAT UNIV OF DEFENSE TECH
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method has the following disadvantages: in the digital signature authentication method, each device is required to have two kinds of keys, public key and private key, the key generation, distribution, and maintenance work is cumbersome, the key system is difficult to deploy, and the cost is very high; With the increase of the network scale, the exponential growth of network equipment greatly increases the difficulty of deployment and management of the key system and reduces the overall cost performance of the system.
[0004] Another common way to ensure the credibility of BGP routes is to adopt the BGP route detection system to detect route anomalies. This method has the following disadvantages: 1. The existing route security monitoring system only provides abnormal discovery and alarm services, and does not block abnormalities. function, that is, no automatic feedback control is formed
At the same time, when monitoring anomalies, it is necessary to refer to the existing anomaly type knowledge base to determine whether there is an anomaly in the system. This method relies on the accuracy and completeness of the knowledge base, and can only detect anomalies without an automatic feedback mechanism
2. The existing routing security monitoring system can only detect abnormalities when the services required by network applications cannot be guaranteed and the network status fluctuates. Meet the real-time requirements of current network security
3. Existing routing safety monitoring systems are of various types and are divided into systems, and the interoperability between the systems is poor and difficult to be compatible
And most of the systems are only backward compatible, not forward compatible

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A trusted verification method for bgp routing based on sdn architecture
  • A trusted verification method for bgp routing based on sdn architecture
  • A trusted verification method for bgp routing based on sdn architecture

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0049] The present invention will be further described in detail below in conjunction with the accompanying drawings and specific implementation examples.

[0050] Such as figure 1 Shown, a kind of BGP routing credible verification method based on SDN architecture of the present invention, its steps are:

[0051] The first step is to build a trusted verification environment for BGP routing based on the SDN architecture, such as figure 2 As shown, the BGP routing trusted verification environment includes: an agent deployed for each router, and a centralized control point deployed on the client; the agent is responsible for interacting with the BGP protocol process, reading and writing the BGP neighbor information table; the centralized control point is a software The module is responsible for using the network configuration protocol NETCONF (Network Configuration Protocol, Network Configuration Protocol) to periodically interact with the agent, obtain the BGP neighbor informati...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention relates to a BGP routing credible verification method based on SDN architecture, the steps of which are as follows: the first step is to build a BGP routing credible verification environment based on SDN architecture; the second step is to collect BGP neighbor information at a centralized control point; third In the first step, the centralized control point detects abnormalities and verifies whether the BGP route is credible. If the BGP route is credible, it ends. If the BGP route is untrustworthy, enter the fourth step; in the fourth step, the centralized control point generates a security policy for blocking exceptions; The fifth step is that the centralized control point issues a security policy to block the abnormal route; the sixth step is that the centralized control point verifies whether the abnormal route is blocked. The method is: the agent reads the BGP neighbor information table again and sends it to the centralized Control point, go to the third step. Compared with the existing BGP routing trusted verification method, the present invention can reduce deployment overhead, improve anomaly detection performance and real-time performance, close-loop control to block anomalies, forward compatibility and high scalability, and greatly improve the overall cost performance of the system.

Description

technical field [0001] The present invention mainly relates to the field of network security, in particular to a BGP (Border Gateway Protocol, Border Gateway Protocol) route trustworthy verification method based on an SDN (Software Defined Network, software defined network) architecture. Background technique [0002] Inter-domain routing security is of great significance to the security of the entire Internet. One of the keys to enhancing the security of inter-domain routing is to improve the security of inter-domain routing protocols. BGP protocol is currently the only inter-domain routing protocol, and its security is the key to the security of the entire Internet routing system. Whether the BGP route is trustworthy is the basis for ensuring the security of the BGP protocol. However, at the beginning of BGP design, the issue of trusted routing was not fully considered, and only some simple authentication mechanisms ensured security. In the current complex network environ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/715H04L12/721H04L29/06H04L29/08
CPCH04L45/04H04L45/70H04L63/1441H04L67/562
Inventor 邓文平王宝生曾皓苏金树陈曙晖胡宁郦苏丹王宏陶静彭伟唐竹
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com