1. Field of the Invention
The present invention relates to computers and computer networks. More particularly, the invention relates to detecting an invalid Border Gateway Protocol (BGP) route in the Internet.
2. Background of the Related Art
The Internet routing system is partitioned into tens of thousands of independently administrated Autonomous Systems (ASs). Border Gateway Protocol (BGP) is the de facto inter-domain routing protocol that maintains and exchanges routing information between ASs. However, BGP was designed based on the implicit trust between all participants and does not employ any measures to authenticate the routes injected into or propagated through the system. So, virtually any AS can announce any route into the routing system and sometimes, the bogus routes (i.e., invalid routes) can trigger large-scale anomalies in the Internet. A canonical example happened in 1997 when AS7007 announced prefixes of a large portion of the Internet and interrupted the reachability for hours. Moreover, bogus routes can be used to enable stealthy attacks in the Internet. For instance, spammers can announce an arbitrary prefix briefly and send spam from the hijacked address space, thereby rendering traceback to the spammer much more difficult. Thus, it is important for ISPs to detect any bogus routing information in their routing system in real-time.
Although the destructive effects of bogus routes has raised serious concerns in the Internet operator community, prevention of bogus routes largely relies on ad hoc route filters. Various bogus routes still keep emerging. Meanwhile, although several secured extension of BGP, such as S-BGP and soBGP, have been proposed, their comprehensive deployment is still unforeseeable. Hence, it is imperative to provide a practical system to help network operators identify the bogus routing information and thereby to detect malicious activities associated with them.