新一代互联网域间路由系统协同机理研究

项目名称： 新一代互联网域间路由系统协同机理研究

项目编号： No.60873214

项目类型： 面上项目

立项/批准年度： 2009

项目学科： 金属学与金属工艺

项目作者： 朱培栋

作者单位： 中国人民解放军国防科学技术大学

项目金额： 33万元

中文摘要： 域间路由系统是Internet 核心基础设施，在性能、结构和安全上的诸多问题很大程度上归结为ISP 间缺乏良好的交互与协同。本课题深入研究域间路由系统ISP 协同机理，构建了完整的ISP自组织协同模型，提出了基础的分布式信任安全模型和基于ISP联盟的协同形态，围绕路由系统的收敛性、健壮性、安全协议以及监测、管理等全面设计协同机制，以约束ISP 自私性、克服单点决策局部性、激励ISP间信息共享与协同行动。具体包括：1）基于多观测点刻画BGP路由扰动，改善路由稳定性的合作收敛机制;2）BGP路由强度协同攻击模型，自治系统级k-容错健壮性评估;3）基于分布式信任模型的新型路由安全机制;4）路由信息可信性的多维评估方法，自主协同的路由安全监测模型与系统，基于源端确认的协同安全监测方法;5）域间路由系统协同管理体系，基于信誉机制的路由安全协同管理方法。从协同形态、协同机制、协同能力和协同理论等方面，建立完整的域间路由系统协同模型，推进新一代互联网健康发展。研究成果已用于核心网络路由安全监测系统的实现和部署。

中文关键词： 新一代互联网；域间路由；协同；性能；安全

英文摘要： The inter-domain routing system works as a key infrastructure of the Internet. The lack of interactions and cooperation among ISPs leads to various issues in performance,structure and security. We have made a deep investigation into the cooperation issues of the the inter-domain routing system, and developed a rather complete self-organized cooperation model. Cooperation mechanisms are designed to solve the issues in the routing system convergence,robustness, security protocol,monitoring and management, in order to restrict the ISP's selfishness, mitigate the limitation of local view and encourage the information sharing and collaboration.The contributions are as follows: (1)Observations on the BGP message churns at different points and cooperative mechanism for reducing the convergence time and enhance routing stability; (2)Study on the collaborative stress attack model and k-fault tolerance model of AS graph; (3)Security-enhanced BGP based on fully-distrubed trust model; (4)Multi-dimensional evaluation on the trustworhiness of routing information, self-organized collaborative monitoring model and system for routing securiy,and a source-verification based co-monitoring method; (5)Cooperative management architecture for inter-domain routing, and reputation-based cooperation methods. Based on the above efforts in cooperation forms, mechanisms,capability building and fundamental theories, we have constructed a relatively complete cooperative model for the inter-domain routing system, which will boost the healthy evolution of the future Internet.Some of the research outcomes have been used in the security monitoring system for several backbone networks.

英文关键词： future Internet; inter-domain routing; cooperation; performance; security