System and method for verifying the validity of a path in a network environment

inn iiiiiii Hi mi mi Q^JlPJll^Jliyil^ ^ ^ ^ ^ ^

(12) United States Patent

Cook et al.

(io) Patent No.: (45) Date of Patent:

US 7,626,948 Bl Dec. 1, 2009

(54) SYSTEM AND METHOD FOR VERIFYING THE VALIDITY OF A PATH IN A NETWORK ENVIRONMENT

(75) Inventors: David A. Cook, Raleigh, NC (US);

James L. Ng, Mebane, NC (US); Alvaro
E. Retana, Morrisville, NC (US);
Russell I. White, Holly Springs, NC
(US)

(73) Assignee: Cisco Technology, Inc., San Jose, CA (US)

( * ) Notice: Subject to any disclaimer, the term of this patent is extended or adjusted under 35 U.S.C. 154(b) by 939 days.

(21) Appl.No.: 10/661,326

(22) Filed: Sep. 12, 2003

(51) Int. CI.

H04L12/28 (2006.01)

(52) U.S. CI 370/256; 370/400; 709/230;

709/238

(58) Field of Classification Search 370/400 408,

370/250, 244, 248, 255, 411, 256, 219, 220, 370/236, 389, 473; 709/223-224, 230, 239 See application file for complete search history.

(56) References Cited

U.S. PATENT DOCUMENTS

5,345,558 A 9/1994 Opher et al 395/200

5,511,122 A 4/1996 Atkinson 380/25

5,590,118 A 12/1996 Nederlof 370/218

5,757,924 A 5/1998 Friedman et al 380/49

5,881,243 A * 3/1999 Zaumen et al 709/241

5,926,101 A 7/1999 Dasgupta 340/825.02

6,009,081 A * 12/1999 Wheeler etal 370/255

6,055,561 A 4/2000 Feldmanetal 709/200

6,069,889 A 5/2000 Feldmanetal 370/351

6,130,889 A 10/2000 Feldmanetal 370/397

6,148,000 A 11/2000 Feldmanetal 370/397

6,269,099 Bl* 7/2001 Borellaetal 370/389

6,392,997 Bl * 5/2002 Chen 370/252

A method for verifying a validity of a path is provided that includes receiving an advertisement communication at a first autonomous system from a second autonomous system, the advertisement communication including a list of one or more connected autonomous systems. The method also includes identifying whether the first autonomous system claims a connection to the second autonomous system and whether the second autonomous system claims a connection to the first autonomous system such that two-way connectivity is established between the autonomous systems. In response to the establishment of the two-way connectivity, a directed graph is constructed that includes two nodes representing the first and second autonomous systems respectively. An edge may be formed that connects the two nodes.

21 Claims, 1 Drawing Sheet

U.S. PATENT DOCUMENTS

7,085,279 Bl* 8/2006 Kumaretal 370/401

7,133,370 B2* 11/2006 Ikedaetal 370/255

7,236,453 B2 * 6/2007 Visseretal 370/219

7,327,683 B2 * 2/2008 Ogieretal 370/236

7,388,862 B2 * 6/2008 Tranetal 370/389

7,391,730 Bl* 6/2008 Chandra etal 370/236

2003 0112799 Al* 6/2003 Chandra et al 370/389

2003/0120769 Al * 6/2003 McCollom et al 709/224

2006/0182034 Al * 8/2006 Klinker et al 370/238

OTHER PUBLICATIONS

Xiao et al, "Optimizing IBGP Route Reflection Network", May 11-15, 2003, IEEE Intl. Conference on Communications, 2003, vol. 3, p. 1765-1769 *

J. Rosenberg, H. Salama, M. Squire, Telephony Routing Over IP (TRIP), Network Working Group, RFC 3219, 74 pgs, Jan. 2002.

* cited by examiner

1

SYSTEM AND METHOD FOR VERIFYING
THE VALIDITY OF A PATH IN A NETWORK
ENVIRONMENT

TECHNICAL FIELD OF THE INVENTION 5

This invention relates in general to the field of communications and, more particularly, to a system and method for verifying the validity of a path in a network environment.

10

BACKGROUND OF THE INVENTION

The field of communications has become increasingly important in today's society. One area of importance associated with network communications relates to routing. Rout- 15 ing protocols allow one or more components, devices, or modules to correctly direct information to its appropriate destination. Certain paths or designated routes may be considered optimal or preferred over others. Additionally, it is generally important to ensure that a path being advertised or 20 offered to various network elements is valid, as the integrity of communications are directly affected by the accuracy of routing information.

As traffic and the subscriber base of end users increases, so too does the importance of proper routing and efficient man- 25 agement of communication sessions and data flows. Some network equipment may provide incorrect path information or inaccurate data for other network elements, which rely on the erroneous information in determining an optimal route or subsequent destination. Deficient or inferior routing pro- 30 cesses may cause network instability, whereby network equipment is susceptible to routing information incorrectly, managing communications improperly, breaching security parameters, or losing/dropping information. Thus, the ability to accurately manage or direct information in a network envi- 35 ronment provides a significant challenge to network operators and system designers.

SUMMARY OF THE INVENTION

40

From the foregoing, it may be appreciated by those skilled in the art that a need has arisen for an improved communications approach that offers proper path validation for autonomous systems in a network environment. In accordance with one embodiment of the present invention, a system and a 45 method for verifying the validity of a path in a network environment are provided that substantially eliminate or greatly reduce disadvantages and problems associated with conventional communication techniques.

According to one embodiment of the present invention, 50 there is provided a method for verifying the validity of a path that includes receiving an advertisement communication at a first autonomous system from a second autonomous system, the advertisement communication including a list of one or more connected autonomous systems. The method also 55 includes identifying whether the first autonomous system claims a connection to the second autonomous system and whether the second autonomous system claims a connection to the first autonomous system such that two-way connectivity is established between the autonomous systems. In 60 response to the establishment of the two-way connectivity, a directed graph is constructed that includes two nodes representing the first and second autonomous systems respectively. An edge may be formed that connects the two nodes.

Certain embodiments of the present invention may provide 65 a number of technical advantages. For example, according to one embodiment of the present invention, a path validity

2

approach is provided that allows connectivity information to be advertised independent of any routing (reachability) information. This, in turn, may allow any protocol for propagating routing information to remain unchanged and independent of changes in topology. The amount of encryption for such pathverification approaches is also minimized because encryption processing only needs to take place when advertisements of connectivity are received and not necessarily for every path that is received. A two-way connectivity check forces at least two autonomous systems to cooperate to confirm or reject a path through an internetwork. It is also noteworthy that while the main purpose of such a type of path advertisement is to communicate existing topology information, the advertisement may also be used to signal a lack of connectivity. For a border gateway protocol (BGP), this lack of connectivity can be translated into an implicit withdraw of all routes that included the connection in question in their autonomous system path. As a result, faster convergence may be achieved, resulting in optimal data management capabilities in the network.

Another technical advantage associated with one embodiment of the present invention is a result of the architecture of the communication system. The enhancement in integrity in paths that are advertised ensures that information is securely routed to its intended next destination. This could address security concerns in cases where a spoofed or a bogus is address is being advertised as providing a valid path for information propagating through the network. Such a scenario could be readily avoided with use of a two-way connectivity check. Additionally, adjustments and/or additions to existing (i.e. legacy) components may be effectuated in order to allow for this enhanced validation approach. In a general sense, many types of network architectures could be quickly and easily upgraded in order to perform more effective routing procedures. Certain embodiments of the present invention may enjoy some, all, or none of these advantages. Other technical advantages may be readily apparent to one skilled in the art from the following figures, description, and claims.

BRIEF DESCRIPTION OF THE DRAWINGS

To provide a more complete understanding of the present invention and features and advantages thereof, reference is made to the following description, taken in conjunction with the accompanying figures, wherein like reference numerals represent like parts, in which:

FIG. 1 is a simplified block diagram of a communication system for verifying the validity of a path in a network environment; and

FIG. 2 is a flowchart illustrating a series of example steps associated with a method for verifying the validity of a path in a network environment.

DETAILED DESCRIPTION OF EXAMPLE
EMBODIMENTS OF THE INVENTION

FIG. 1 is a simplified block diagram of a communication system 10 for verifying the validity of a path in a network environment in accordance with one embodiment of the present invention. Communication system 10 includes a set of autonomous systems 12,14,16,18, 20, and 22. For purposes of illustration, each of autonomous systems 12,14,16,18,20, and 22 is designated as A-F respectively. These designations are arbitrary and have been used for purposes of teaching some of the example operations of communication system 10. The designations do not reflect any hierarchy, priority, or any other characteristic or networking parameter. Communica