Shulou(Shulou.com)06/01 Report--

The original article is from [listening Cloud Technology blog]: http://blog.tingyun.com/web/article/detail/1348

Abstract

This article is for junior network engineer, data mining engineer, involving EGP (external Gateway Protocol; Exterior Gateway Protocol), IGP (Internal Gateway Protocol; Interior Gateway Protocol) two kinds of protocols, AS (Autonomous system; Autonomous System) composition, whois content parsing and part of RPSL (routing Policy Specification language; Routing Policy Specification Language) syntax to understand what the ISP in the so-called operator library is. Senior operation and maintenance players quickly disperse.

The data cited in this article will be updated until 2016-12-10. Some of the links cited are from wiki and need to be * *.

Anti-confusion statement

Before starting again, due to the different publication time and credibility of different books, the possible misdefinitions are corrected and unified before the text. EGP and IGP refer to two types of protocols, not a specific algorithm. The earliest [RFC 827] defined a protocol called EGP, and then successively used BGP (Border Gateway Protocol; Border Gateway Protocol) and BGP4 to replace the algorithm, which is now extended to BGP4+, that can support ipv6. All three algorithms belong to the EGP category. In addition, because the word Router is used in the new RFC document, some books translate these two types of protocols into ERP (external routing Protocol; Exterior Router Protocol) and IRP (Internal routing Protocol; Interior Router Protocol). In fact, they mean the same thing. In addition, all readers who have passed the Intermediate Certificate examination can skip to the third section to save reading time.

Start talking with IGP.

Do not talk about the specific algorithm, this article does not focus on this, only talk about ideas.

There are many kinds of such protocols, such as RIP,IGRP,OSPF,IS-IS,EIGRP, which are not translated here. There is no point in putting too much emphasis on Chinese. The main difference between them lies in the implementation of the algorithm and the link distance index of the protocol, that is, the cost of the link distance. In the simplest RIP, routers communicate with each other in pairs, and each router does not understand the topology of the entire network. They only report their own reachable distance to other neighboring routers, exceeding and including 16 and indicating unreachability (some books define reachable distance from 0 to indicate intranet distance that does not need to pass through the router) and update each other.

While OSPF and IS-IS forward routes by link state, in short, routers using these two protocols store the routing topology of the entire internal network, while RIP only knows part of it. Another advantage of OSPF over RIP is that it sets the route propagation cost. Yes, it adds a number to the topology line to indicate whether the road is easy or not, and then calculate the cost before choosing.

To BGP.

Basically, it's the same idea as IGP, how to transfer and so on, to set up a routing table and so on, but why do you have a separate protocol, because of the scenario. This involves the concept of an autonomous system, which roughly means that my own internal computers can communicate with each other, and even if I don't communicate with the outside world, I can still play online games and not surf the Internet. But if you want to access the Internet, you have to announce to other networks who I am and who in my network can correctly forward messages to other AS. At this time, you need a × × to show your identity, that is, ASN (Autonomous System Number). If you want this number, you have to pay for it, and so is IP. Who will you buy it from? Five major international organizations have contracted for these things. Insert a picture to illustrate everything.

NIC says the letters in front of Network Information Center are Africa, Asia Pacific, Latin America and the Caribbean.

The names of the United States and Europe are very strange. They have been specially checked and sorted out as follows.

The division method is probably based on this (map of the US Imperial War Zone, ahem, it doesn't really matter)

In a country, you can also apply for (buy) from the national distribution agency, CNNIC, and require you to use the AS number you applied for to set up an BGP agreement with an ISP within one month, and to set up an BGP agreement with more than two (including two) ISP within 3-6 months [1]. So we can understand why Baidu (AS38365) and NetEase (AS45062) all appear in the list of various ISP libraries.

OK, back to why the scenarios are different. Currently, there are 72739 IP prefix routing tables in the globally interconnected backbone network (reported by BGP servers). It is not appropriate to synchronize the routing tables through link-state protocols. In addition to technical reasons, there are many complex political and security issues involved, such as the flow of traffic within China, there is no need to run from the outside. Therefore, many rules will be set on the border router of AS, for example, allowing network packets from AS1 to enter the network, not allowing AS2 to enter the network, or allowing 4.0.0.0 AS 8 from AS1 to enter the network, or giving priority to other AS that have purchased the network bandwidth. The setting syntax here is described later.

The final BGP needs to find an accessible route, not the shortest one. Therefore, BGP uses the path vector selection protocol (in this case, category, which is different from the distance vector protocol of RIP and the link-state protocol of OSPF).

AS

We have talked so much about the definition and concept, so it is better to have a direct point of view. Let's take a look at the geographical distribution of China Unicom backbone Network (AS4837) in the country (note that the backbone network here is not a global backbone network, that is, the AS is not a root node, and there are other AS as its provider on top of it).

Let's take a look at the ip location of AS9389, which bought services from China Unicom (maybe some optimization, the specific processing logic can only be seen from a strategic point of view).

Track an AS broadcast. Take www.google.com as an example. In the route tracking information obtained by tracerouter, we can see

The CIDR of each ip is

A request, through the route in the source AS, reaches the border router of the autonomous system, is forwarded to AS8100, is routed from one boundary of AS8100 to another, and finally enters the inner domain of AS15169. Note that the Provider here is not necessarily a dedicated operator Internet Service Provider, and some companies have applied for ASN in order to handle traffic from multiple ISP ingress. If there is not too much difference between the traffic logic and the superior ISP, it is not necessary to apply for an ASN. Even if the BGP protocol is used, the origin domain can still use a private ASN to connect as a private IP. In the IANA regulation, [64512-65534] [4200000000-4294967294] is retained as a private ASN for the above situations. For other reserved ASN, please visit the official website.

Does all IP have corresponding ASN? No, because not all IP choose to access the Internet, if I do, then I must have ASN? Right. If you play games in a local area network, you can set up IP yourself, whatever you want, so that everyone can communicate, but if you want to play with other local area networks, the administrators of the two local area networks have to discuss with each other how to set up IP and how to communicate, so as to change the router settings. If you want to play with the world, you have to obey other people's agreement.

In order to realize the communication between × × in some multi-protocol label switching, it is also possible to apply a separate ASN for × × to distinguish each other and route [2].

Whois information

The storage format of whois information for ASN may vary from database to database. Take the database of RIPE as an example. The following is the information of China Netcom AS written in RPSL language.

Where import is the routing table import rule of AS

The Import syntax is as follows

Import: from [action]. . . From [action] accept

It means that all routing tables from AS701,A S11919, AS6453, AS9225, AS4134, AS4538, AS4789, AS9800, AS4799 are accepted from all the peering of Mina after from, and the above import information indicates that they are set to a priority of 100120 respectively.

Finer-grained syntax

Import: from AS2 action pref = 10; accept {128.9.0.0 Universe 16}

To accept the route 128.9.0.0 from AS2 16

The syntax of export is similar.

Export: to [action]. . . To [action] announce

One of the above examples of forwarding routes to all filter-compliant peer represents a route that forwards AS9929,AS9812,AS9810,AS9813,AS9816,AS9819,AS17432,AS7639 to AS4134.

The complete import and export syntax for other routing protocols, multiprotocol routing protocols, and reflected routing between protocols is as follows:

Import: [protocol] [into] from [action]. . . From [action] accept export: [protocol] [into] to [action]. . . To [action] announce

Please refer to the RFC [2622] document for a detailed explanation.

BGP hijacking

Because of the particularity of the protocol, when calculating the route, all ip prefixes in the rendezvous routing table are usually matched. If the demand for variable length mask is met, the data will be forwarded through the route. If there is the same IP prefix, a route with a smaller ip block, the one with the longest mask, will be found. Border routers usually send out incorrect or unused ip prefixes and broadcast incorrect routing information to the routing tables of superiors and other peers, so as to obtain data messages for routes that should not have been accepted.

As far as BGP itself is concerned, it is difficult to change the protocol because although the design is based on TCP, the protocol itself is not designed to verify the reliability of the data source. The only difficulty is that the connection of the border route must be physically set to the port, and the TTL of the BGP exchange message is only 1, that is, a connection must be established within 1 second before the next operation can be carried out. For example, if the border router RA and the border routing RB want to set BGP each other, which physical port the BGP will pass through must be set in the console of the router. Therefore, it is difficult to guard against changes in this kind of server.

The BGP hijacking recorded in 2014 intercepted the connection from the bitcoin miner to the miner server, diverted traffic to the owner's own mine pool, and simply looked at the traffic and collected $80, 000 worth of bitcoin at the time.

reference

Http://www.rfc-editor.org/info/rfc827

Http://www.rfc-editor.org/info/rfc1105

Http://docstore.mik.ua/orelly/networking/tcpip/ch07_05.htm

Http://docstore.mik.ua/orelly/networking/tcpip/ch07_04.htm

Http://www.cnnic.net.cn/jczyfw/ipas/assq/201206/t20120612_26541.htm

Http://www.iana.org/assignments/iana-as-numbers-special-registry/iana-as-numbers-special-registry.xhtml

Http://baike.c114.net/view.asp?MPLS

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.