【摘要】 边界网关协议(BGP)在路由交换、网络互连领域具有不可替代的重要意义,是世界网络互通的基础核心。BGP安全事件具有影响力广、危害大等特点,需要及时发现BGP安全事件并进行排查修复。但是目前针对其设计的检测框架,数据处理慢,检测时延长,安全事件无法复现。基于以上需求,本文首先设计并提出了BGP安全事件快速检测框架,从结构、功能、运行和维护四个方面进行模块化设计,数据以管道流的形式流经各个模块;其次提出了基于分布式共享内存的BGP安全事件检测方案,并设计了可扩展的分布式历史数据库,用于对已发生的安全事件进行取证和复现;最后,对整个方案设计进行了初步实现部署,并对功能实现和性能指标进行了评估。更多还原

【Abstract】 Border Gateway Protocol (BGP) plays an irreplaceable role in the field of routing exchange and network interconnection,and it is the basic core of world network interconnection.. BGP security incidents have the characteristics of wide influence and great harm,so it is necessary to find BGP security incidents in time and then conduct troubleshooting and repair them.However,the current detection framework is slowin data processing,extended in detection time,and unable to reproduce security events. Based on the above requirements,a fast BGP security incident detection framework is designed and proposed. This framework is designed to modularity from four aspects: structure,function,operation and maintenance. Data flows through each module in the form of pipeline flow. Secondly,a scheme of BGP security event detection based on distributed shared memory is proposed,and an extensible distributed history database is designed for forensics and recurrence of security events. Finally,the whole scheme design is preliminarily deployed,and the function realization and performance index are evaluated.更多还原