Conventional networks such as the Internet may be made up of several autonomous systems, which are networks under the administrative control of a single entity, such as a conventional Internet Service Provider, or ISP. Each autonomous system (“AS”) communicates topology and routing information with every other AS to which it is in communication directly, that is, without passing through another AS. The conventional (E)BGP protocol (known as the Border Gateway Protocol) may be used to communicate such information.
A border router at the edge one AS uses a different connection with each border router in the other AS to which it is connected to exchange (E)BGP information with the other border routers to which it is in communication. Additional connections are employed to accurately communicate this (E)BGP information to the other border routers in the AS. Because the computer processing the (E)BGP information may have a finite amount of resources, and each connection takes a certain amount of these resources, as the number of routers in other autonomous systems connected to a border router grows, and as the number of routers in the same AS as the router to which the router must be connected also grows, (E)BGP information is communicated through separate connections to each of these other devices, processor capacity can become a constraint.
It can be desirable to use processor capacity for other purposes. For example, because the communications between routers in different autonomous systems is unauthenticated and unencrypted, it subjects each autonomous system to attack by malicious parties. It would be desirable to encrypt and/or authenticate the (E)BGP information arriving from outside of an AS, but in many cases, there may be no processor capacity available to perform these functions. Even if there is, as the network grows, the processors in the route processors may be needed for the additional connections required, making parties reluctant to commit capacity to authorization and encryption that may be needed in the future to support additional connections.
An additional problem can occur if encryption is employed. If a route processor fails, another route processor cannot take over the duties of that route processor because the second route processor will not have the encryption state needed to continue the session. Instead, another session must be started, further reducing the capacity of the route processor.
What is needed is a system and method that can accurately disseminate (E)BGP information between and within an AS that can encrypt and/or authenticate (E)BGP information and have sufficient capacity available for connections to communicate (E)BGP and other routing information even as a network grows, and can allow for redundancy among route processors.