Explanation of vro Technology Diffusion

China's vro technology has developed rapidly and has a high market demand. Many people may not be familiar with the diffusion technology in vro technology. After reading this article, you must have gained a lot, I hope this article will teach you more things. One of the important ways GFW works is to block IP addresses at the network layer. In fact, GFW uses a much more efficient Access Control method than the traditional Access Control List (ACL)-routing diffusion technology. Before analyzing this new technology, let's take a look at the traditional technology and introduce several concepts.

Access Control List ACL)

An ACL can work on a layer-2 link layer) or a layer-3 network layer. Taking an ACL that works on a layer-3 as an example, the basic principle is as follows: if you want to use an ACL to control a vro, for example, whether it is a cut off) for access to an IP address, you only need to add this IP address to the ACL through configuration and specify a control action for this IP address, such as the simplest discard action. When a packet passes through this router technology, the ACL is matched before the packet is forwarded. If the destination IP address of the packet exists in the ACL, perform operations based on the control actions defined in the previous ACL for the IP address, such as discarding the packet. In this way, access to this IP address can be cut off through ACL. The ACL can also be used to control the source address of a message. If the ACL works on the second layer, the object controlled by the ACL changes from the third-layer IP address to the second-layer MAC address. According to the working principle of ACL, the ACL inserts an ACL-matching operation in the normal packet forwarding process, which will definitely affect the packet forwarding efficiency, if you need to control a large number of IP addresses, the ACL list will be longer, and the time required to match the ACL will be longer, so the forwarding efficiency of the packets will be lower, which is intolerable for some backbone routers.

Dynamic Routing Protocol

The dynamic routing protocol is briefly introduced before route redistribution. Under normal circumstances, vrouters use various routing protocols, such as OSPF, IS-IS, and BGP, to calculate and maintain their own route tables, route entries generated by all protocols are finally summarized into one routing management module. For a destination IP address, various routing protocols can calculate a route. However, the routing calculated by the protocol used for forwarding specific packets is selected by the Routing Management Module Based on certain algorithms and principles, and finally a route is selected, used as the route entry.

Static Routing

Compared with the dynamic route entries calculated by the dynamic routing protocol, another route is manually configured by the Administrator instead of calculated by the routing protocol. This is called a static route. This route entry has the highest priority. When there is a static route, the routing management module selects a static route first, instead of a dynamic route calculated by the routing protocol.

Route redistribution

As mentioned above, under normal circumstances, each routing protocol only maintains its own route. But in some cases, for example, there are two AS autonomous systems), the AS uses the OSPF protocol, and the OSPF between the AS cannot interwork, so the routes between the two AS cannot interwork. To enable the communication between the two AS instances, you need to run a BGP protocol between the two AS instances and configure the routes calculated by OSPF in the two AS instances, it can be redistributed between the two through BGP. BGP will advertise the routes inside the two AS nodes to the same AS nodes, and the two AS nodes can communicate with each other. In this case, the OSPF route entries are redistributed through the BGP protocol.

In another case, the administrator configures a static route on a vro, but this static route can only work on this vro technology. If you want it to work on another vro, the most stupid way is to manually configure a static route on each vro technology, which is very troublesome. A better way IS to re-distribute the static route through dynamic routing protocols such as OSPF or IS-IS. In this way, the static route IS re-distributed to other routers through dynamic routing agreement, saves the trouble of manual configuration of router technologies one by one.

Working principle of GFW route diffusion technology

As mentioned above, static routes are normally provided by the Administrator based on the network topology or for other purposes. This route is at least correct, the router technology can be guided to forward packets to the correct destination. The static route used in GFW's route diffusion technology is actually an incorrect route and is intentionally incorrectly configured. The purpose is to direct all packets originally sent to an IP address to a "black hole server" instead of forwarding them to the correct destination. The black hole server can do nothing, so that the packets will be lost silently. More, you can analyze and count these packets on the server to obtain more information, or even make a false response.

Rating

With this new method, each IP address previously configured in the ACL can be converted into a static route information that is intentionally incorrectly configured. This static route information directs the corresponding IP packets to the black hole server. Through the routing redistribution function of the dynamic routing protocol, these incorrect routing information can be published to the entire network. In this way, the router technology is only performing a conventional packet forwarding action based on this route entry, without the need to perform ACL matching. Compared with the old method, this greatly improves the packet forwarding efficiency. The conventional forwarding action of the router technology forwards packets to the black hole router technology, which improves the efficiency, achieves the purpose of controlling packets, and provides more advanced means. This technology is not used in normal network operations, and the wrong routing information will disturb the network. Normal network operations and control systems vary greatly, and the control system needs to block more IP addresses. ACL entries in normal network operations are usually fixed, with a small change and a small number, which will not have a big impact on forwarding. This technology directly modifies the backbone route table frequently. If a problem occurs, it will cause a backbone network failure.

Therefore, GFW uses the route diffusion technology. Under normal circumstances, no carrier will spread a wrong route information. Or, compared with normal network operations, GFW is a clever way to apply routing diffusion technology. The normal routing protocol function has been abused so far, and it is very practical and efficient ,? Chao is truly a talented person in this respect.