Research On Cooperation Based Management Technology Of Inter-Domain Routing

Inter-domain routing system is the fundamental infrastructure of Internet and its management is an essential guarantee to the transmission performance, connection and security of Internet. Due to lacking of necessary global infrastructure and essential mechanism, ISPs operate their network independently such as policy configuration, route monitoring and routing security. This uncoordinated management causes various problems such as policy conflicts, network disruptions and routing spoofing.According to the typical problems and common requirements of inter-domain routing management, we studied ISP cooperation mechanisms and technologies, mainly including the management framework, privacy preserve, information sharing and routing security. We also implemented a prototype system to validate our research work. The major contributions of this thesis are as following:Considering ISP's uncoordinated management mode on inter-domain routing system, we propose an ISP cooperation management framework ISPCMF, which includes fundamental cooperation mechanisms such as privacy preserving, information sharing and reputation evaluation. ISPCMF provides ISP cooperative management ability which includes configuration checking, route monitoring and routing security. ISPCMF emphasizes the importance of incremental deployment and ease of implementation and is constructed on P2P network. Because it does not modify the routing protocol, it is easier to deploy and cheaper to implement. In addition, ISPCMF has good scalability, lower calculation and communication cost.Aiming at the problem of policy conflict and ISP's confidentiality requirements, we provided ISP a cooperative policy analyses method CoRCC. Firstly we convert the policy conflict analyses into the comparison of routing decision results, and proved the correctness of this conversion. Secondly, we design a security comparing protocol based on disperse logarithm hypothesis and commutative encryption function. We also prove the protocol is security to prevent ISP's policy from leaking. Finally, we describe how to detect the policy conflicts with CoRCC. Compared with existing solutions, CoRCC has four advantages as following. First, it detects routing policy conflicts without leaking ISP's policy. Second, it does not need a middleman and avoids collusion attack. Third, the number of encryptions and communication is decreased by 30% and 50%. Last, it can be used to not only policy conflict analyses, but also route validation and policy negotiation and etc.To enhance the weak monitoring capability of single autonomous system, we propose an information-sharing based cooperative route monitoring method CoRVM. We first design a sharing mechanism according to the local and relevant characteristics of route monitoring information. In this mechanism, ISPs can share monitoring information as needed by local decisions without a central control and improve its capability of identifying bogus routing information. Then, we describe how to validate BGP routes and announce spoofing route detection. Finally, we validated CoRVM's effectiveness by simulations. Compared with existing solution, CoRVM has four advantages. First, it enables ISPs to share monitoring information in a self-organizing mode which does not depend on control center. Second, it has good scalability. As the amount of cooperation node increase, the valid covering rate of information increases at an exponential rate and the cost of invalid communication decreases exponentially too. Third, it facilitates the autonomous systems to increase their contribution as they are rewarded doing so. Last, it is suitable to many cooperation management applications such as route monitoring, intrusion detection and DDos attack resistance.Aiming at the bogus route problem of routing security, this thesis proposed a reputation based cooperative security solution CoRSD. We design a reputation evaluation model which takes in the statistical results on routing trustworthiness announced by autonomous system (AS) and employs posterior probability theory to calculate the routing reputation. We also design a group reputation management mechanism based on the power law character of inter-domain routing system's topology, which is called AS reputation alliance in this thesis. Lastly, we provid a routing defense solution based on the reputation mechanism. CoRSD has three advantages. First, it achieves the whole routing system's security gains by AS group's local cooperation. Second, it punishes malicious routing behavior. CoRSD can restrain the spreading range of bogus routes and isolate the malicious AS which often executes spoofing behavior. Last, in CoRSD, an alliance member's storage and communication cost is reduced by 35% and 31% respectively, compared with full distributed management model.To validate and implement these methods described upon, we design and develop a prototype system ISPCoware. We discuss the implemented technology from multiple views such as logical function, model development, and system deployment. ISPCoware is not only a routing management tool for ISP but also an integrative platform for building ISP cooperation environment.Our research results are valuable to facilitate ISP cooperation and the health of Internet evolution. They provide essential support to construct ISP cooperation management environment and have been integrated into our actually project.