The embodiments of the invention are directed to a method by which a user of the Internet may identify autonomous systems through which incoming messages to the user will not pass.
The Internet is a network of computers divided into autonomous systems. An autonomous system is responsible for routing packets within its domain. The routing of packets between autonomous systems is performed using an interautonomous system routing protocol, such as the BGP4 protocol. Each autonomous system is identified on the network by its unique 16-bit identifier. The interautonomous system routing protocol allows an autonomous system to find the neighboring autonomous system to which a packet is to be sent for getting to a destination IP address. The protocol also provides to the autonomous system the entry point at the autonomous system where the packet should be forwarded. The interautonomous system routing protocol is used at each autonomous system to route the packet through the network of autonomous systems to the destination address.
The embodiments of the present invention are for use with an interautonomous system routing protocol that includes a method for preventing routing loops. For example, BGP speakers on autonomous systems are used to propagate (advertise) BGP update messages throughout the Internet. Update messages inform autonomous systems of where to send a message addressed to a particular IP address. The message includes the entry point to the autonomous systems that sent the message. The message also includes network layer reachability information which is a list of IP addresses on the network reachable from the advertising autonomous system. Thus, an autonomous system receiving an update message will know that to reach any of those network addresses, it may send a message to the entry point indicated on the update message. An update message includes a list of the autonomous system identifiers for all the autonomous systems the update message has passed through. As an autonomous system receives an update message, it adds its identifier to the update message so that if the update message is sent back to that autonomous system, it will know to ignore the message. This prevents the message from returning to an autonomous system to which it has already passed thereby resulting in a routing loop.
There are situations in which a user at a particular IP address would prefer that messages it is receiving not come through a particular autonomous system. This may be particularly true for user destinations at which confidential or highly sensitive information may be communicated. It may be undesirable for such messages to travel through an autonomous system that is viewed as being insecure. It would therefore be desirable for an Internet customer to have the ability to identify a list of autonomous systems to be excluded from passing messages on their way to the customer""s IP address.
Embodiments of the invention are directed toward producing an exclusion list of autonomous systems through which messages are prevented from passing to a particular destination IP address. A method involves adding the identification number of each autonomous system specified in the exclusion list onto any update message created for the destination IP address. An autonomous system routing protocol speaker implementing the invention includes a data input for receiving instructions to exclude message routing through a specified autonomous system to a destination IP address. The speaker further includes program code for creating update messages that will include an identification number of the specified autonomous system to be excluded.
A computer program product for implementing the exclusion of an autonomous system includes program code for creating an update message for an IP address. The computer program product further includes program code for determining whether any of the IP addresses in the update message have issued instructions to exclude certain autonomous systems from passage of incoming messages. When an exclusion list exists, the program code further includes instructions for adding an identification number of the specified autonomous system to the update message. Alternatively, a computer program product may include code for separating the update message into an update message for IP addresses for which instructions to exclude autonomous systems were not received and an update message for the remaining IP addresses. The program code would add the identification number of the specified autonomous system to the update message directed for the other IP addresses including those that had an exclusion list.
A network of autonomous systems in accordance with an embodiment of the invention includes a receiver in each autonomous system adapted to receive update messages from peer autonomous systems. Each autonomous system retains routing information indicating which peer autonomous systems provided an update message associated with a given IP address identifier only for update messages which did not include the autonomous system""s own identification number. Program code with exclusion list capability is responsive to instructions to exclude routing of messages through a specified autonomous system to an IP address by creating update messages for the IP address that include the identification number of the specified autonomous system.
In accordance with the embodiments of the invention, a user at an IP address can identify autonomous systems through which messages to that IP address will not be sent. Other objects and advantages of the invention will become apparent during the following description of the presently preferred embodiments of the invention taken in conjunction with the drawings.