Research And Implementation Of Large-scale Testing System For Inter-domain Routing

Internet is playing a more and more important role in the lives of humankind as the development of society and computer networks. The Internet applications, such as on-line bussiness, electronical civil service, network bank and on-line search, have become an indispensable part of the human society as they are bringing great convenience to people's lives and works. Since the BGP based inter-domain routing system is the key infrastructure designed to maintain network reachability, BGP security is crucial to the Internet. However, the lack of security mechanism in BGP makes the Internet vulnerable. Quite a few events in BGP routing system especially prefix hijacking events, have severe negative impacts on the security and reliability of the Internet operation.In this thesis, we fistly discuss the threats the BGP security problems have brought to the Internet through the vulnerability analysis, then illuminate the significance of the our research on the large-scale routing test technology. Then we conclude the related work and investigate the difficulties large-scale routing test technologies are faced with, and finally propose to use simulation method to conquer these barriers.For the lack of large-scale routing test environment, this thesis presents an innovative integration of a series of simulation tools, ranging from network topology detection, network generation, testing task customization, test case generation, test implementation, to simulation results analysis. Furthermore, to enhance the sensitivity of simulation system towards real network environment, we design a physical-simulation communication technology. The contents of these key technologies are as follows:(1) Detecting technology for network topology. In this section, we present a systematic analysis of current AS-level and router-level topology detection. For the "top-provider" problem existing in AS relation conclusion, we propose a new AS relation conclusion algorithm, which greatly improves the accuracy. In topology visualization, this thesis presents an improved Spring Magnetic model, improving the existing primary and secondary regardless of existing models can not reflect the characteristics of the network topology and other issues make it more suitable for large-scale network topology drawing.(2) Physical-simulation communication technology. We propose a communication proxy mechanism based on the data spooling technology to effectivly exchange the information between the two systems. In this section, we firstly design the framework of the communication proxy mechanism, and then depict the implementation details of sub-proxy as well as the inter-system communications.(3) Routing test technology. This section systematically discusses the root cause of BGP security problem as well as general large-scale routing test technologies. Based on the investigation on the principle, the propagation characteristics and the negative effect of BGP prefix hijacking technology, we propose to use infection ability to evaluate the hazards of prefix hijacks.(4) Large-scale BGP simulation technology. For the problems BGP simulation facing, such as the tremendous memory consumption, too long executing time, the thesis firstly studies the actualities of large-scale BGP simulations, then optimizes the simulations through some new methods, including a shared data structure based memory optimization method, a break points based execution time optimization method and a parallel distributed optimization method.On the basis of these key technologies, we constructed a large-scale routing test simulation system named LTSIR, then studied the factors involved with infection scope during BGP prefix hijacking events. They are of great significance in both theory and practice to promote the research on the security issues in BGP.