构建可扩展的RPKI依赖方系统部署机制

发布时间:2023-03-06 作者:马迪

 

摘要:互联网码号资源公钥基础设施(RPKI)依赖方系统是各类网络运行机构开展RPKI 应用实践的一个关键环节。RPKI 依赖方系统的研发和部署,既需要处理RPKI 核心功能的“普遍性”问题,又需要兼顾网络互联互通特征的“特殊性”问题。相关解决方案需要考虑RPKI 依赖方系统应当有哪些组件,各个组件如何在网络上分布,以及以何种逻辑关系分布。面向RPKI 依赖方系统的核心功能,梳理了影响RPKI 依赖方系统运行效能的4 对矛盾,并提出了一种可扩展的RPKI 依赖方系统部署机制,包含软件层面的解耦机制和硬件层面的部署机制。

关键词:RPKI;路由安全;互联网码号资源管理

 

Abstract: The resource public key infrastructure (RPKI) relying party system is key to network operations with regard to the RPKI in practice. The development and deployment of the RPKI relying party system involves both the essential functionality of the RPKI universally and the networking condition where it operates particularly. The very resolution calls for the design of modularizing the RPKI relying party system and deploying those modules physically and logically. Four contradictions regarding the operation efficiency of the RPKI relying party system are summarized and a scheme of scaling the RPKI relying party system is proposed with respect to both the decoupling mechanism of software and the deployment principle of network hardware.

Keywords: RPKI; routing security; Internet number resource management

在线PDF浏览: PDF