BGP is a core Internet routing protocol.The Internet inter-domain routing relies on the exchange of BGP routing information.BGP has significant vulnerabilities,which have been found to cause problems such as prefix hijacking,route leak and Internet-targeted denial of service attack.First,by analyzing BGP route propagation and BGP routing policies,the fundamental flaw in the design of the protocol is revealed.The paper then discusses possible threats to BGP and presents a route leak model,which contributes to the description of its characteristics.Second,the existing defense mechanisms for BGP security are generalized,and their shortcomings are exposed.The paper then classifies various BGP security-enhancing technologies and studies them in detail to explore their advantages and disadvantages.Finally,the research trends of BGP security are discussed in this paper.%BGP是互联网的核心路由协议,互联网的域间选路通过BGP路由信息交换来完成.BGP协议设计存在重大的安全漏洞,容易导致前缀劫持、路由泄漏以及针对互联网的拒绝服务攻击.分析BGP路由传播及路由策略等主要特性,揭示BGP协议的设计缺陷;探讨BGP面临的主要安全威胁,并对路由泄漏进行建模分析和界定特征;概括现有的BGP安全防御机制并指出其不足,进而对各种增强BGP安全的技术和方案进行合理分类和详尽研究,比较其利弊、剖析其优劣;最后,对BGP安全的未来研究趋势进行展望.
展开▼
