BGP路由配置文件检查工具的设计与实现
|
摘要
在过去几十年里,Internet的规模和复杂程度经历了爆炸式的增长。从管理的角度来看,Internet由成千上万的自治系统(Autonomous Ayatem, AS)组成,这些AS之间通过BGP (Border Gateway Protocol,边界网关协议)相互交换网络层可达信息。BGP是基于策略的路由选择协议,其策略通过域内每一个路由器配置文件进行配置。BGP路由器的本地配置错误可能会对自治系统甚至整个网络产生全局性影响,例如导致路由循环、无效路由和持久性路由振荡等现象。因此确保实施到现行网络的BGP路由配置的正确性显得十分重要。
本文详细分析了BGP路由配置文件中容易出现的词法、语法和语义错误,并介绍了路由选择协议应当满足路径可见性、路由有效性和安全性三种属性,同时针对能引发路径可见性故障和路由有效性故障的语义配置错误进行了重点描述。
本文具体实现了一种检查BGP路由配置文件的工具,该工具能通过对BGP路由配置文件的静态检查发现潜在错误。结合Cisco路由器的BGP配置命令,本文论述了BGP路由配置文件检查工具的设计思想、功能模块划分及主要功能的实现方法。该工具主要分为配置文件管理模块、词法和语法检查模块、语义检查模块和配置错误查看模块四个部分。
BGP路由配置文件检查工具经过对BGP配置文件进行词法、语法及语义上的静态检查,能有效地检查出BGP路由配置错误,保证网络的安全性和稳定性。
In the past decades, the scale and complexity of the Internet have increased at an unprecedented rate. The Internet is composed of thousands of independent autonomous systems that exchange reachability information to destinations using Border Gateway Protocol. BGP is a policy-based routing protocol, network operators use router configurations to provide reachability and to express routing policy, and the configuration is distributed across routers. Operator-induced configuration fault, such as routing loop, invalid routes and persistently oscillating routes, are perhaps the biggest threat to a single AS, even the whole Internet. Hence, it is important to develop a checker based on static analysis of the router configurations before the protocol running on a live network.
In this paper, the lexical, syntax and semantic errors, which are common in the BGP routing configuration file, are described, and three properties to classify the behavior of a routing protocol:path visibility, route validity and safety, are introduced. Also, semantic errors which could cause path visibility fault and route validity fault in configuration are defined as well.
This paper describes the implemention of BGP configuration checker, a tool that finds faults in BGP configurations using static analysis. In the base of Cisco router configuration syntax, the configuration checker's design method, the design of function module and implementation of the main functions are discussed. The checker framework involves configuration file management module, lexical and syntax checker module, semantic checker module and view errors module.
By using static analysis, BGP routing configuration checker can effectively detect the configuration faults in BGP configurations, guaranteeing the safety and stability of the network.
本文详细分析了BGP路由配置文件中容易出现的词法、语法和语义错误,并介绍了路由选择协议应当满足路径可见性、路由有效性和安全性三种属性,同时针对能引发路径可见性故障和路由有效性故障的语义配置错误进行了重点描述。
本文具体实现了一种检查BGP路由配置文件的工具,该工具能通过对BGP路由配置文件的静态检查发现潜在错误。结合Cisco路由器的BGP配置命令,本文论述了BGP路由配置文件检查工具的设计思想、功能模块划分及主要功能的实现方法。该工具主要分为配置文件管理模块、词法和语法检查模块、语义检查模块和配置错误查看模块四个部分。
BGP路由配置文件检查工具经过对BGP配置文件进行词法、语法及语义上的静态检查,能有效地检查出BGP路由配置错误,保证网络的安全性和稳定性。
In the past decades, the scale and complexity of the Internet have increased at an unprecedented rate. The Internet is composed of thousands of independent autonomous systems that exchange reachability information to destinations using Border Gateway Protocol. BGP is a policy-based routing protocol, network operators use router configurations to provide reachability and to express routing policy, and the configuration is distributed across routers. Operator-induced configuration fault, such as routing loop, invalid routes and persistently oscillating routes, are perhaps the biggest threat to a single AS, even the whole Internet. Hence, it is important to develop a checker based on static analysis of the router configurations before the protocol running on a live network.
In this paper, the lexical, syntax and semantic errors, which are common in the BGP routing configuration file, are described, and three properties to classify the behavior of a routing protocol:path visibility, route validity and safety, are introduced. Also, semantic errors which could cause path visibility fault and route validity fault in configuration are defined as well.
This paper describes the implemention of BGP configuration checker, a tool that finds faults in BGP configurations using static analysis. In the base of Cisco router configuration syntax, the configuration checker's design method, the design of function module and implementation of the main functions are discussed. The checker framework involves configuration file management module, lexical and syntax checker module, semantic checker module and view errors module.
By using static analysis, BGP routing configuration checker can effectively detect the configuration faults in BGP configurations, guaranteeing the safety and stability of the network.
引文
[1]Halbi, S, D.McPherson因特网的路由选择技术电子工业出版社,2001
[2]Doyle, J. Routing TCP/IP Volume Ⅱ. Cisco Press,2001
[3]RFC 4271, A Border Gateway Protocol(BGP-4) [S]
[4]RFC 4456, BGP Route Reflection-An Alternative to Full Mesh Internal BGP(iBGP) [S]
[5]RFC 4451, BGP MULTI_EXIT_DISC (MED) Considerations [S]
[6]RFC 5123, Considerations in Validating the Path in BGP [S]
[7]RFC 5004, Avoid BGP Best Path Transitions from One External to another [S]
[8]Caesar, M. and J. Rexford, BGP routing policies in ISP networks IEEE Network 19(6) 2005 p.5-11.
[9]Vutukuru, M., et al. How to construct a correct and scalable iBGP configuration. in INFOCOM 2006:25th IEEE International Conference on Computer Communications, April 23,2006-April 29,2006.2006. Barcelona, Spain:Institute of Electrical and Electronics Engineers Inc.
[10]Griffin, T. G. and G. Wilfong. On the correctness of IBGP configuration. in ACM SIGCOMM 2002 Conference, August 19,2002 August 23,2002.2002. Pittsburgh, PA, United states:Association for Computing Machinery.
[11]何胜利Zebra与BGP路由监测的实现电子设计工程2009(06)p.4-6.
[12]王洪君一种BGP路由配置错误动态检测方法计算机工程2006(14)p.81-82+103.
[13]张元媛,et al.,基于导出策略的路由配置错误检测方法.计算技术与自动化,2008(01):p.107-110.
[14]Nicholas Greer Feamster, Proactive Techniques for Correct and Predictable Internet Routing [Dissertation] Massachusetts Massachusetts Institute of Technology 2006
[15]MASASI E, YOU KI K, SUGURU Y, et al. Improvement of consistency among AS policies on IRR database, proceedings of the TERENA,2005. VOL 1 2005:216-225.
[16]孙兆玉,朱鸿宇,黄宇光Linux环境中使用Flex、Bison进行SQL语法分析电脑编程技巧与维护,2007(02) p.38-43.
[17]赵郁峰,王骏,秦茗应用Lex与Yacc实现设备描述分析自动化仪表2007(06)p.28-30+34.
[18]臧天宁BGP协议模拟技术的优化[学位论文]哈尔滨哈尔滨工程大学2007
[19]刘娟BGP路由策略冲突检测研究与实现[学位论文]北京北方工业大学2005
[2]Doyle, J. Routing TCP/IP Volume Ⅱ. Cisco Press,2001
[3]RFC 4271, A Border Gateway Protocol(BGP-4) [S]
[4]RFC 4456, BGP Route Reflection-An Alternative to Full Mesh Internal BGP(iBGP) [S]
[5]RFC 4451, BGP MULTI_EXIT_DISC (MED) Considerations [S]
[6]RFC 5123, Considerations in Validating the Path in BGP [S]
[7]RFC 5004, Avoid BGP Best Path Transitions from One External to another [S]
[8]Caesar, M. and J. Rexford, BGP routing policies in ISP networks IEEE Network 19(6) 2005 p.5-11.
[9]Vutukuru, M., et al. How to construct a correct and scalable iBGP configuration. in INFOCOM 2006:25th IEEE International Conference on Computer Communications, April 23,2006-April 29,2006.2006. Barcelona, Spain:Institute of Electrical and Electronics Engineers Inc.
[10]Griffin, T. G. and G. Wilfong. On the correctness of IBGP configuration. in ACM SIGCOMM 2002 Conference, August 19,2002 August 23,2002.2002. Pittsburgh, PA, United states:Association for Computing Machinery.
[11]何胜利Zebra与BGP路由监测的实现电子设计工程2009(06)p.4-6.
[12]王洪君一种BGP路由配置错误动态检测方法计算机工程2006(14)p.81-82+103.
[13]张元媛,et al.,基于导出策略的路由配置错误检测方法.计算技术与自动化,2008(01):p.107-110.
[14]Nicholas Greer Feamster, Proactive Techniques for Correct and Predictable Internet Routing [Dissertation] Massachusetts Massachusetts Institute of Technology 2006
[15]MASASI E, YOU KI K, SUGURU Y, et al. Improvement of consistency among AS policies on IRR database, proceedings of the TERENA,2005. VOL 1 2005:216-225.
[16]孙兆玉,朱鸿宇,黄宇光Linux环境中使用Flex、Bison进行SQL语法分析电脑编程技巧与维护,2007(02) p.38-43.
[17]赵郁峰,王骏,秦茗应用Lex与Yacc实现设备描述分析自动化仪表2007(06)p.28-30+34.
[18]臧天宁BGP协议模拟技术的优化[学位论文]哈尔滨哈尔滨工程大学2007
[19]刘娟BGP路由策略冲突检测研究与实现[学位论文]北京北方工业大学2005