With the wide deployment of multi-homing and traffic engineering (TE) systems, Internet routes are increasing rapidly. This, on the one hand, requires larger-capacity chips for storing oversized routing tables, thus increasing the costs of routers, and on the other hand, results in slower route convergence.
To resolve the problem of oversized routing tables caused by the abrupt increase of routes, as shown in FIG. 1, the Internet is divided into two parts: a transit network that is in the central location of the network and an edge network that connects to the transit network via a border router (BR). The BR knows routing information of the edge network and routing information of the transit network that it connects to, but the routing information will not penetrate each other.
The route prefixes inside the edge network will not be spread to the transit network. Instead, the BR of the edge network registers the prefixes of the edge network with a registration agent (RA) of the transit network. The mapping between a prefix and the BR that registers the prefix is described as mapping information. Each RA maintains a database that stores mapping information, that is, a mapping information database. Multiple RAs in the transit network synchronize information in their mapping information databases via a communications protocol, such as extension of the Border Gateway Protocol (BGP), so that the databases are synchronized and maintain the same mapping information records. After the synchronization, any RA in the transit network knows which BR is to be traversed by a route from the RA to a prefix. In FIG. 1, for example, traffic from edge network A to edge network B will first be routed to BR-A that connects to edge network A. Then, BR-A queries the RA for the mapping information of the longest prefix match with the destination Internet Protocol (IP) address to obtain the information of the BR that registers the mapping information, that is, BR-B. Then, BR-A forwards the packets to BR-B via a tunnel directed to BR-B, such as a Multi-Protocol Label Switching (MPLS) tunnel, an IP in IP tunnel, or a Generic Route Encapsulation (GRE) tunnel. BR-B knows the routing information inside the edge network it connects to and forwards the packets according to its routing table in edge network B until the packets finally reach the destination. This forwarding solution is a forwarding and query separation solution. That is, the RA only responds to the query of mapping information and the traffic between edge networks is not forwarded by the RA.
Some potential security problems in the above separation solution have been discovered:
Security of mapping information registration: an attacker may register false mapping information with the RA by using a fake identity, for example, registering a prefix belonging to someone else.
Security of mapping information query: the attacker may simulate an RA to provide false mapping information to a querier or, for some purposes, alter the information in some mapping information pairs, such as the prefix length and ingress address for example, changing the ingress of edge network B from BR-B to BR-B′ in the scenario shown in FIG. 1.
Security of mapping information database synchronization: When the mapping information databases of multiple RAs are synchronized, some RAs may publish false mapping information, for example, publishing a mapping record with an altered prefix length or fabricate a non-existent mapping information pair.