Encoding method and system as well as decoding method and system for routing origin authorization compression

An encoding method and technology of origin, applied in the field of information processing, can solve the problems of ROA data object issuance and size increase, high transmission, verification and use overhead, reduce the scalability of RPKI system, etc. Extended compression coding, high security effect

Active Publication Date: 2021-12-14
COMP NETWORK INFORMATION CENT CHINESE ACADEMY OF SCI
View PDF6 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this will lead to an increase in the issuance volume and size of ROA data objects, which in turn will lead to high transmission, verification and usage overhead
In particular, BGP routers need to process more RTR protocol data u

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Encoding method and system as well as decoding method and system for routing origin authorization compression
  • Encoding method and system as well as decoding method and system for routing origin authorization compression
  • Encoding method and system as well as decoding method and system for routing origin authorization compression

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0048] Assume that the CA plan will Figure 8 When the three IPv4 prefixes in are authorized to AS 111, then the AS obtains an authorized IP prefix set P={34.0.0.0 / 7,32.0.0.0 / 8,38.128.0.0 / 9} in the announced state. For AS 111, the CA first initializes a STMa (assuming the data structure is a hash table) for it to store one or more subtree blocks (identifier, bitmap), where the key is the identifier and the value is the bitmap. The encoding process of CA is actually operated one by one based on the IP prefix.

[0049] In the IPv4 prefix tree, the 5th and 10th layers are both the mounting layer. According to the specific operation content of mounting the IP prefix, the prefix lengths of the above three IPv4 prefixes are 7, 8 and 9 respectively, and the CA will determine the Layer 5 is their mounting layer. Take the authorized IPv4 prefix 34.0.0.0 / 7 as an example. Since 34.0.0.0 is a 32-bit IPv4 prefix in dot-ten notation, its binary form is: 00100010 0000000000000000 00000000....

Embodiment 2

[0051] Assume that the CA plan will Figure 9 When one of the IPv4 prefixes is authorized to AS 222, the AS obtains an authorized IP prefix set P={10.1.0.0 / 16}. For AS 222, the CA first initializes a STMa for it. In the IPv4 prefix tree, the 15th and 20th layers are both the mounting layer. According to the specific operation content of mounting the IP prefix, the prefix length of the above IPv4 prefixes is 16, and the CA will determine the 15th layer as its mounting layer. carrier layer.

[0052]For the IPv4 prefix 10.1.0.0 / 16, the first 16 bits jointly determined by the CA according to its IP address and prefix length are: 0000101000000000, therefore, the identifier of the root of the subtree it mounts is: 1000010100000000 (000010100000000 is the prefix of 0000101000000000 15 bits). Therefore, the bit string determined by the 16th bit is: 1, and by adding 1 in front of it, the node number of the IP prefix in the subtree is 3 (the binary bit code of 3 is: 11). Therefore, t...

Embodiment 3

[0054] Assume that the CA plan will Figure 10 When the two IPv4 prefixes in are deauthorized to AS 111, the CA first initializes an STMw for AS 111. The encoding operation of the subtree blocks determined for the above two IPv4 prefixes is basically the same as the encoding operation in Embodiment 1, except that the revocation flag of the bitmap is set to "1", indicating that the above two authorized IPv4 prefixes are in the revoked state. Therefore, the CA can get an STMw containing one entry (id=100100, bm=00000000000000000000000100100001). Finally, the CA encapsulates the content in the STMw in the SubTreeBlock field of the ROA data object in units of tuples (identifier, bitmap), and sets the asID field to an integer 111, and sends it to the RP through the rysnc protocol / RRDP protocol.

[0055] 2. Maintenance operation of routing origin authorization information based on subtree mapping

[0056] Embodiment one:

[0057] Suppose the RP receives the ROA data object sent f...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to an encoding method and system as well as a decoding method and system for routing origin authorization compression. The encoding method comprises the following steps of: giving an authorization IP prefix set of an AS, and maintaining IP prefixes through using an IP prefix tree; splitting the IP prefix tree into a plurality of mutually disjoint independent sub-tree blocks, wherein each sub-tree block is uniquely determined by the position of a root node of the sub-tree block in the original prefix tree; encoding a path from a root node of an original prefix tree to the root node of the sub-tree block into an integer which is used as a unique identifier of the sub-tree block; encoding all nodes contained in the whole sub-tree blocks into a bitmap (bitmap); and encoding routing origin authorization information of a given AS into a plurality of eitimers and bitmap tuples. According to the encoding method and system as well as the decoding method and system, not only can high security like a mini ROA be realized, but also the expansibility bottleneck can be broken through, and safe and extensible compressed coding of the routing origin authorization information is realized.

Description

technical field [0001] The invention relates to the technical field of information processing, in particular to a coding and decoding method and system for routing origin authorization compression. Background technique [0002] The design of Border Gateway Protocol (BGP) has relatively large deficiencies in security, and it is vulnerable to abnormal routing attacks. To address the security issues of BGP, the Resource Public Key Infrastructure (RPKI) was designed. Its basic idea is to build a public key infrastructure (Public Key Infrastructure, PKI), and based on the hierarchical allocation structure of Internet Number Resource (INR), complete the allocation of IP resources (IP address prefix) and AS resources ( AS number) assignment relationship authentication. [0003] Such as figure 1 As shown, RPKI mainly includes three types of components: Certification Authority (Certification Authority, CA), Relying Party (Relying Party, RP) and BGP router. The CA organization is ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/745H04L12/741H04L12/721H04L1/00H04L45/74H04L45/748
CPCH04L69/04H04L1/0009H04L45/14H04L45/74H04L45/748
Inventor 李彦彪邹慧陈宇轩徐胤博谢高岗
Owner COMP NETWORK INFORMATION CENT CHINESE ACADEMY OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap