Design And Implementation Of Multi-granularity Monitoring System For Internet Inter-domain Routing

Inter-domain routing system is a huge flat self-organizing system exchanging Network Layer Reachable Information (NLRI), each node in the system can only sense the state of local domain and its neighbors. However, the network administrators locating at different levels are concerned about different part of the Internet. The academic society hopes to understand the evolution of the interconnections among Autonomous Systems and the usage of Internet resources; national network administrators wish that they can bring the country's internal and external sessions into their supervision, which reflects a country's behavior; the network operators in AS hope to protect their prefixes from hijacking while the end-users expect more stable access services their internet providers can maintain to enjoy the Internet. .All of these requirements can't be satisfied through single-view or single-granularity until the monitoring services of Internet in different granularity was provided.To provide more colorful and accurate views of Internet, we design and implement a inter-domain routing monitoring system. That the multiple levels including Internet, country, ISP and specific route our monitoring system locating at makes our work largely different from current researches. The key achievement we get during the design and implementation of our system are listed as follows.In terms of multi-granularity monitoring, we propose a routing table detection model, which detects the route anomalies from single view and multiple views respectively on the basis of the detecting rules exploited from normal routing behaviors and topology characteristics of Internet. Then, the anomalies identified by detection are visualized in the four perspectives mentioned above.In order to detect the route anomalies more effectively, we analyze normal routing behaviors and topology characteristics of Internet to enrich our detecting rules. Both the ISPs and the country level administrators can benefit from the results of the detection when they produce their routing policies.To provide more accurate perspectives for network administrators, we introduce corporations among the monitoring services in four granularities. We also propose a scheme to tell the network operators how to locate the anomalies with the help of detecting results in multiple granularities when security incidents occurred.Based on the hierarchy and the power-law characteristics of Internet, we propose a layout algorithm, which firstly separates the nodes of the topology into multi-levels, then lays the nodes level by level. The algorithm has been applied in our visualization of the Internet and the national network topology.On the basis of the hierarchical characteristic in inter-domain routing system, we propose a security evaluation model which makes use of anomalous BGP routes detected in our system. The model is used to assess the security threat status for autonomous systems, ISP networks and the whole Internet inter-domain routing system respectively. It can also provide valuable intuitional curve for Internet operators.