| 支持域间分布式分组过滤的BGP扩展 | |
| 王立军 ; 吴建平 ; 徐恪 ; WANG Li-Jun ; WU Jian-Ping ; XU Ke | |
| 2010-06-09 ; 2010-06-09 | |
| 关键词 | 可信任互联网 边界网关协议 域间路由 分布式分组过滤 trustworthy Internet border gateway protocol(BGP) inter-domain routing distributed packets filtering TP393.01 |
| 其他题名 | BGP Extension to Support Inter-Domain Distributed Packets Filtering |
| 中文摘要 | 可信任是下一代互联网的重要特征.目前,互联网的路由系统只按照分组的目的IP地址转发分组,携带虚假源IP地址的伪造分组也会被传输到目的地,这会在威胁接收方安全的同时,隐藏发送方的真实身份.可信任互联网的路由系统不仅需要能够正确地转发分组,而且能够验证分组来自正确的发送方.基于路由的域间分布式分组过滤是过滤伪造分组的有效方法.提出了BGP的路由选择通知功能扩展,为域间分组过滤提供过滤标准.在扩展的支持下,边界路由器能够鉴别进入本自治系统的分组的真实性,过滤掉伪造其他自治系统地址的分组.模拟结果表明,路由选择通知不会对BGP正常的路由功能产生负面影响,选择合理的路由选择时钟参数,可以在同时取得较小带宽开销和较快收敛速度的情况下,为域间分布式分组过滤提供支持.; To be trustworthy is an important characteristic of the next generation Internet.The routing system of the present Internet forwards packets only according to the destination IP address.Forged packets with spoofed source IP address will also be forwarded to the destination,which impairs the security of receiver and conceals the real identity of the sender.The trustworthy Internet requires the routing system not only forward packets correctly, but also validate the packets from the real sender.Inter-domain distributed packet filtering is an effective method to filter out spoofed packets.This paper proposes to extend BGP with route selection notice to provide filtering criteria. With the support,border routers can validate incoming packets and filter the spoofed packets form false autonomous systems.Simulation result indicates BGP route selection notice does not impair the routing function of BGP,and both proper design acceptable bandwidth cost and fast convergence may be achieved simultaneously.; Supported by the National Natural Science Foundation of China under Grant No.60473082(国家自然科学基金); the National Basic Research Program of China under Grant No.2003CB314801(国家重点基础研究发展计划(973)) |
| 语种 | 中文 ; 中文 |
| 内容类型 | 期刊论文 |
| 源URL | [http://hdl.handle.net/123456789/55380]  |
| 专题 | 清华大学 |
| 推荐引用方式 GB/T 7714 | 王立军,吴建平,徐恪,等. 支持域间分布式分组过滤的BGP扩展[J],2010, 2010. |
| APA | 王立军,吴建平,徐恪,WANG Li-Jun,WU Jian-Ping,&XU Ke.(2010).支持域间分布式分组过滤的BGP扩展.. |
| MLA | 王立军,et al."支持域间分布式分组过滤的BGP扩展".(2010). |
| 个性服务 |
| 查看访问统计 |
| 相关权益政策 |
| 暂无数据 |
| 收藏/分享 |
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论