China's router technology development is very rapid, at the same time the market demand is also very high, maybe a lot of people do not understand the technology of the proliferation of routers, there is no relationship, read this article you certainly have a lot of harvest, I hope this article can teach you more things. One of the important ways of GFW is the blocking of IP at the network layer. In fact, GFW uses a much more efficient way of controlling access than the traditional access control LIST,ACL--routing diffusion technology. Before analyzing this new technology, look at the traditional techniques and introduce a few concepts.
access Control List (ACL)
ACLs can work on the network's two-layer (link layer) or three-layer (network layer), as an example of an ACL working at layer three, the rationale is as follows: To have access to an IP address with ACL control (for example, cut off) on a router's technology, simply add the IP address to the ACL by configuring it. And for this IP address to specify a control action, such as the simplest discard. When a message passes through this router technology, the ACL is first matched before forwarding the message, if the destination IP address of the message exists in the ACL, then the control action defined for the IP address in the ACL is operated, such as discarding the message. This allows you to disconnect access to this IP through ACLs. ACLs can also be used to control the source address of a message. If the ACL works on Layer Two, then the ACL-controlled object becomes the two-tier MAC address from the three-level IP address. As can be seen from the working principle of ACLs, ACL is an operation that inserts a matching ACL in the process of normal message forwarding. This will certainly affect the efficiency of message forwarding, if you need to control more IP address, the ACL list will be longer, matching ACLs longer, then the message forwarding efficiency will be lower, This is not tolerable for some backbone routers.
Dynamic routing Protocol
said that the dynamic routing protocol should be introduced briefly before routing redistribution. Under normal circumstances, routers in various routing protocols such as OSPF, Is-is, BGP, respectively, the calculation and maintenance of their own routing table, all the protocol generated routing entries eventually aggregated into a routing management module. For a given destination IP address, various routing protocols can compute a route. However, when the specific message forwarding using which protocol to calculate the route, then by the Routing management module according to a certain algorithm and principles to choose, and finally choose a route, as the actual use of the route entry.
Static routing
relative to dynamic routing entries computed by the dynamic routing protocol, there is a route that is not computed by the routing protocol, but is manually configured by the administrator, which is called static routing. This route entry has the highest precedence, and the Routing management module chooses the static route rather than the dynamic route computed by the routing protocol in the case of static routing.
Routing Redistribution
just said that under normal circumstances, each routing protocol is only maintaining its own route. However, in some cases, for example, there are two as (autonomous systems), as within the use of OSPF protocol, and as the OSPF is not interoperable, then the two as between the routes are not interoperable. In order for the two as to be interoperable, an inter-domain routing protocol BGP should be run between the two as and configured so that the routes computed by OSPF within two as, can redistribute between the two through BGP. BGP communicates the routing to each other as within two as, and two as. In this case, the routing entry for the OSPF protocol is redistributed through the BGP protocol.
in another case, the administrator has configured a static route on a router, but this static route can only work with this router technically. If you want to make it work on other routers, the dumbest way to do this is to manually configure a static route for each router, which is cumbersome. A better approach would be to redistribute this static route with a dynamic routing protocol such as OSPF or is-is, so that the static route is redistributed to other routers via a dynamic routing protocol, eliminating the hassle of manually configuring routers by Router technology.
The working principle of
GFW Routing diffusion Technology
said before is "crooked", the normal case is the static route by the administrator based on the network topology or for other purposes of a route, this route at least if correct, can guide the router technology to the correct destination. The static route used in the GFW routing diffusion technique is actually a wrong route and is intentionally misconfigured. The goal is to direct messages destined for an IP address to a "black hole server," rather than forwarding them to the correct destination. The black hole server can do nothing, so the message is silently discarded. More, you can analyze and count these messages on the server, get more information, and even make a false response.
Evaluation
with this new approach, each IP address previously configured in the ACL can be converted into a static routing information that is deliberately misconfigured. This static routing information directs the corresponding IP message to the black hole server, through the routing redistribution function of the dynamic routing protocol, which can be posted to the whole network. So for the router technology now is only based on this route to do a regular message forwarding action, no need for ACL matching, compared with the old method, greatly improve the message forwarding efficiency. And the router technology of this routine forwarding action, but is the message forwarded to the black hole router technology, so that both improve efficiency, but also reached the purpose of control messages, more sophisticated means. This technology is not used in normal network operations, and incorrect routing information disrupts the network. The normal network operation and the control system's demand difference is very big, the control system needs to shield the IP address to be more and more. Normal network operations in the ACL entries are generally fixed, small changes, a small number of forwarding will not cause too much impact. And this kind of technique changes the backbone routing table frequently, if the problem occurs, it will cause the backbone network fault.
so GFW is crooked using the routing diffusion technology, under normal circumstances without that operator will be a wrong route information spread everywhere, this is completely crooked brain. Or, relative to the normal network operation, the application of GFW diffusion technology is a clever approach. The normal routing protocol function is abused to this point, and it is very practical and efficient.