Research On Key Technologies For Inter-Domain Routing Survivability

In the modern information era, Internet has become the most important communication infrastructure. The emerging time delay sensitive services have put forward higher requirements on the network survivability. Link failures are common in the network, which seriously affected the end-to-end performance of the network, network survivability becomes more and more serious. As the de facto inter-domain routing protocol, Border Gateway Protocol (BGP) experiences considerable delay in reaching convergence, which can’t meet the requirements of the newly developing data services. Moreover, defects in the design of the BGP protocol make it vulnerable to attacks arising from human, which trigger the change of the network structure, and affects the survival of inter-domain routing.In order to solve the problems mentioned above, this paper focuses on the survivability of inter-domain routing. The main content is as follows:(1) Fast reroute system architecture (FRRSA) based on the principle of SDN. The expansion of the Internet and the rapid development of network services have put forward higher requirements on the existing network infrastructure, while the traditional architecture has drawbacks in the availability and reliability which makes it unable to meet the needs of the emerging data business. A fast reroute system architecture based on the principle of SDN is proposed to address the problem. The architecture decouples forwarding and control plane in order to achieve the centralized control, it also provides programmable interfaces for applications, which brings great flexibility to innovation and can meet the customized needs of different users.(2) FRRSA-based AS-level fast rerouting for single link failures. A fast recovery scheme based on FRRSA is proposed, which aims to address the inter-domain single link failures in one administrative domain. Considering routing policies and BGP decision rules, a new algorithm is designed to automatically and adaptively find the protection path for the link failures. Then OpenFlow tunnel bypassing the failed link is constructed to ensure the packets delivery continuity. A method based on the stable routing is proposed to deactivate the protection tunnels of the affected prefix. This scheme does not need resource reservation or human intervention. It achieves excellent compatibility with BGP, and facilitates incremental deployment. Experimental results show that the scheme can provide quickly and effectively failure recovery for single link failure reducing the packets loss.(3) FRRSA-based inter-domain fast rerouting for multiple link failures. As the network scale increase remarkably, multiple failure scenarios gain more attention recently. A local fast reroute approach based on FRRSA is proposed to effectively recover from multiple link failures in one administrative domain composed of multiple ASes. It is applicable for two kinds of networks environment flexibility and adaptability, one is networks with AS relationships, the other without AS relationships. Firstly, an algorithm is designed to accurately recognize the failure scenarios. Secondly, it is need to determine the network environment. For network with or without AS relationships, the application for network with or without AS relationships is used. In the application for network without AS relationships, the algorithm is designed to automatically find the policy-compliant protection paths using failure information, BGP routing policies and decision rules. In the other case, we design the other effectively algorithm of policy-compliant protection paths, using the relationship correspond to the failure links and AS relationships. Finally, OpenFlow is used to construct the protection tunnels in order to guarantee decoupled separation between fast rerouting and the forwarding behavior directed by routing protocols. The proposal cooperates with legacy routing protocols seamlessly and facilitates incremental deployment. Besides, a method is designed to safely deactivate the protection path for the shared protection tunnels. Experimental results show that the proposal provides effective failure recovery for multiple link failures in networks with or without AS relationships, and the introduced overhead is acceptable.(4) AS hijacking detection scheme based on real-time monitoring. Malicious attacks and configuration errors also affect the survival of the inter-domain routing. For the AS hijacking happening in the administrative domain, a scheme is proposed to quickly detect AS hijacking based on real-time monitoring. The information collection module is firstly designed to collect the network information, and BGPmon is utilized to collect BGP Updates. Then the algorithm is designed to automatically detect AS hijacking using BGP Updates, connection between ASes and configuration information. The detected AS hijacking will be display in the form of real-time dynamic visualization. By real-time monitoring, the scheme can detect AS hijacking during the network construction and running, which helps administrators to deal with events timely and accurately, avoiding cause serious global consequences. Experiment results show that the proposed system can detect AS hijacking attacks rapidly and accurately.