CN101902474A

Movatterモバイル変換

Info

Publication number: CN101902474A
Application number: CN201010234850.XA
Authority: CN
Inventors: 吴建平; 李�杰; 徐恪
Original assignee: Tsinghua University
Current assignee: Tsinghua University
Priority date: 2010-07-21
Filing date: 2010-07-21
Publication date: 2010-12-01
Anticipated expiration: 2030-07-21
Also published as: CN101902474B

Abstract

本发明涉及下一代可信任互联网技术领域，提出了一种自治域间基于标签替换的IPv6真实源地址验证方法，包括以下步骤，当源自治域和目的自治域同属一个信任联盟时，由源自治域端的和目的自治域端的边界路由器依据源自治域和目的自治域对应的标签来完成单一联盟成员间传送的数据报文的源地址验证；当源自治域和目的自治域分属不同信任联盟时，由源自治域端的和目的自治域端的联盟边界路由器和边界路由器协作对标签进行多次替换来完成跨联盟间传送的数据报文的源地址验证。本发明为自治域间的IPv6真实源地址验证提供了一种实现机制简单轻权的、对自治域间高速通信影响甚微的、可层次化渐进式部署的真实源地址验证方法。

The present invention relates to the technical field of next-generation trusted Internet, and proposes an IPv6 real source address verification method based on label replacement between autonomous domains, including the following steps. When the source autonomous domain and the destination autonomous domain belong to the same trust alliance, the source autonomous The border routers at the domain end and the destination autonomous domain complete the source address verification of data packets transmitted between members of a single federation according to the labels corresponding to the source autonomous domain and the destination autonomous domain; when the source autonomous domain and the destination autonomous domain belong to different trust federations , the confederation border routers at the source autonomous domain end and the destination autonomous domain end and the border routers cooperate to replace the label multiple times to complete the source address verification of the data packets transmitted across the confederation. The present invention provides a real source address verification method for the IPv6 real source address verification between autonomous domains, which has a simple mechanism and light weight, has little impact on high-speed communication between autonomous domains, and can be deployed hierarchically and progressively.

Description

Verification method of IPv 6 true source address between every two autonomous domains based on the label replacement

Technical field

The present invention relates to trusted Internet technical field of future generation, but the verification method of IPv 6 true source address between every two autonomous domains that particularly a kind of stratification is disposed based on the label replacement.

Background technology

Trusted is the key character of Next Generation Internet.Current the Internet, the basic foundation of IP packet forward are purpose IP addresses, generally the IP source address of grouping are not done authenticity examination, cause the IP source address of grouping easily to be forged.Along with expanding day by day and commercial becoming increasingly abundant of using of internet scale, it is unusual complicated that the network user's composition becomes, malicious attack from some advanced level user usually is to implement by the IP source address of forging grouping, the IP source address of forging simultaneously again for malicious attacker concealment true identity, escape to sanction hotbed be provided, and caused a lot of safe, management and charging problem thus.No avoidable, the authenticity verification of IP source address has proposed lot of challenges for the safe operation and the sustainable development of the Internet.Be devoted to the long-term interest of the Internet, the Internet only provides highly believable network service, could satisfy the demand of future development.Therefore, guarantee the to divide into groups authenticity of source IP address is to realize the key problem of credible Next Generation Internet.

Current providing of internet transmission service is the pattern of doing one's best, and corresponding next jumping is mail to it in router purpose IP address according to grouping in transmitting, and when grouping arrives the recipient, can only judge identity of the sender according to source IP address.The sender of grouping can distort the source IP address of grouping arbitrarily, to reach illegal purpose.The recipient can not differentiate the authenticity of the source IP address in the grouping, just can't determine that also whether grouping is from real transmit leg, therefore present network service just rests on the level of transmitting to destination of doing one's best, and do not reach do one's best guarantee the believable height of source end.Simultaneously, the forgery grouping of carrying false source IP address also can be forwarded to the destination, will bring in various degree security threat to the recipient.

The checking of IPv6 true source address is the most complicated in a whole internet architecture trusty level between autonomous territory (AS), and its target is to realize the true source address checking of autonomous territory granularity.

In recent years, academia has made many relevant effort with industrial quarters, summarizes to get up can be divided three classes: based on the technology of encrypting and authenticating, based on the technology of filtering with based on the technology of following the trail of.Wherein introduced a kind of authentication mechanism for encrypting end to end based on the method for encrypting and authenticating, got rid of the influence of network topology, routed path, need not the intermediate node special processing, encryption is finished by the label that AS end in source adds the certification source true identity, message is forwarded to purpose AS end, check that grouping carries label,, promptly label is removed from grouping and given destination host packet forward if the label checking is correct; If the label checking is incorrect, just grouping is abandoned.All AS that dispose encryption and authentication method form one and trust alliance, and every couple of source AS wherein and purpose AS obtain in some cycles effectively unique label through consultation.Can guarantee that based on the method for encrypting and authenticating the source address of trusting each AS in the alliance can not forged by other AS, realize the real IP address visit of AS level granularity.The AS of participation encrypting and authenticating can protect the user in the present networks to a certain extent, therefore has the excitation of deployment.Yet, in existing territory verification method of IPv 6 true source address between based on label, the deployment of trusting alliance only limits to single trust alliance architecture, and promptly all are disposed and belong to a single trust alliance between the AS of source addresses checking, the architecture of this flattening makes inner all routing devices of alliance must safeguard the correctly enforcement checking work of the huge global information of quantity, and the routing device that participates in checking is stored, and overburden, authentication of message postpones to increase, efficient reduces, by the whole alliance of the radiation scope that influences that member's variation brings, the incremental deploying that causes trusting alliance becomes difficult unusually.

Summary of the invention

The present invention is intended to address the above problem, propose a kind of support the branch level break the wall of mistrust alliance, low expense, that extensibility is strong, verification the verifying results is good, the verification method of IPv 6 true source address between every two autonomous domains of replacing based on label.

For achieving the above object, but the present invention proposes source address verification method between the autonomous territory that a kind of stratification disposes, may further comprise the steps: the multistage trust alliance of stratification is formed in the autonomous territory that will dispose this method, when the autonomous territory of source autonomous domain and purpose belongs to one together when trusting alliance, finish the source address checking of the data message that transmits between single allied member according to the label of source autonomous domain and the autonomous territory of purpose correspondence by the border router source autonomous domain end and the autonomous territory of purpose end; When different trusts alliance is adhered in the autonomous territory of source autonomous domain and purpose separately, verify by the source address of label repeatedly being replaced the data message of finishing the cross-alliance transmission source autonomous domain end with alliance's border router and border router the cooperation autonomous territory of purpose end; When the source autonomous domain is non-trusts allied member for trusting the autonomous territory of allied member's purpose, need not carries out source address and verify that data message is directly transmitted according to destination address.

In one embodiment of the invention, describedstartup handling procedure 1 further comprises: search describedstate machine 1, checking is also removedlabel 1 described in the data message; Searching with described alliance at the corresponding levels is that the source is thestate machine 2 of place with described purpose prefix place alliance, andcorresponding label 2 is also added in generation in data message, to the outside forwarding of alliance at the corresponding levels.

In one embodiment of the invention, describedstartup handling procedure 2 further comprises: search describedstate machine 2, checking is also removedlabel 2 described in the data message; To search with autonomous territory, described this locality be the source with the autonomous territory at described purpose prefix place is the state machine 3 of place, generates and also add corresponding label 3 in data message, transmits to alliance at the corresponding levels is inner.

In one embodiment of the invention, when the autonomous territory of described purpose end border router is received the message that alliance's border router sends, verify the authenticity of described data message source address, when described data message source address is true, transmit to inside, autonomous territory, this locality, further comprise: during alliance's border router was sent under the autonomous territory of described purpose end border router was received data message, search corresponding described state machine 3, checking is also removed described label 3, E-Packets to inside, autonomous territory, described this locality.

In one embodiment of the invention, when described source autonomous domain is non-trust allied member for trusting the autonomous territory of the described purpose of allied member, do not do the source address checking, directly transmit data message according to destination address, further comprise: when communication message between the described trust user of alliance and the non-trust user of alliance when leading to the path transmission of purpose prefix, by way of the inner boundary router to the autonomous territory of non-originating from local, and the message that purpose is pointed to autonomous territory, non-this locality prefix is directly transmitted; When communication message between the described trust user of alliance and the non-trust user of alliance when leading to the path transmission of purpose prefix, by way of alliance's border router be derived from alliance at the corresponding levels to non-, and the message that purpose is pointed to non-alliance at the corresponding levels prefix is directly transmitted.

Compare with existing territory verification method of IPv 6 true source address between based on label, the distinguishing feature of this method is: first, application scenarios is polynary, promptly all are disposed and belong to single a trusts alliance between the AS of source addresses checking both to have can be applicable to single trust alliance architecture, and the trust alliance architecture that also can be applicable to stratification is that each grade trust alliance can member's identity adds higher one-level trust alliance's (multistage trust alliance also deposits); Second, reduced the routing device administration overhead, alliance's inner boundary router at the corresponding levels (AER) is only grasped member's situation at the corresponding levels (information about firms, state machine information etc.) and needn't be known global information, can realize that still the overall situation can reach, and global information only needs alliance's border router (TAER) to grasp; The 3rd, shortened the message processing time, shortened the time delays that source, destination address inspection and state machine searching and message label are handled to a certain extent; The 4th, be independent of each other between the alliance of stratification, make the variation of alliance of lower floor and more high-rise alliance internal network environment, invisible mutually, mutual each other nothing influence helps incremental deploying.

IPv6 source address verification method between the autonomous territory of replacing based on label that proposes by the present invention, the internet can make up the stratification of top-down pyramid and trust alliance's architecture, can effectively avoid because the autonomous territory interconnecting relation that the expansion of trust alliance scale brings and the influence of network topology change, reduced the encrypting and authenticating tag control simultaneously, consult and synchronous difficulty, reduced the expense of plant maintenance and processing label greatly, guaranteed the efficient and accurate of source address authenticity checking, strengthened and trusted the flexibility that alliance makes up, redundancy and controllability, and make it can effectively support incremental deploying.

Aspect that the present invention adds and advantage part in the following description provide, and part will become obviously from the following description, or recognize by practice of the present invention.

Description of drawings

Above-mentioned and/or additional aspect of the present invention and advantage are from obviously and easily understanding becoming the description of embodiment below in conjunction with accompanying drawing, wherein:

Fig. 1 is the trust alliance system assumption diagram of the stratification of the embodiment of the invention;

Fig. 2 is the Authentication devices control aspect process chart of the embodiment of the invention;

Fig. 3 is the AER data plane process chart of the embodiment of the invention;

Fig. 4 is the TAER data plane process chart of the embodiment of the invention;

Fig. 5 is an application example figure involved in the present invention;

Fig. 6～12nd, the data plane process chart of one embodiment of the invention; With

Figure 13 is that CERNET2 three levels of the embodiment of the invention are trusted alliance's simulation deployment design sketch.

Embodiment

Describe embodiments of the invention below in detail, the example of described embodiment is shown in the drawings, and wherein identical from start to finish or similar label is represented identical or similar elements or the element with identical or similar functions.Below by the embodiment that is described with reference to the drawings is exemplary, only is used to explain the present invention, and can not be interpreted as limitation of the present invention.

IPv6 source address verification method between the autonomous territory of replacing based on label that the present invention proposes that but stratification disposes.The core concept of this method is to introduce alliance border (TAE), be divided into multistage alliance by all the autonomous territories (AS) that will dispose authentication mechanism for encrypting, each grade trusted alliance and be can be used as the trust alliance that member's (abstract is an entire system) participates in higher level, but and provide the network architecture of the pyramid of guaranteeing source address authenticity that a kind of stratification from bottom to top disposes, make that the variation of internal network environment of alliance of lower floor and more high-rise alliance is invisible mutually each other, there is not influence mutually, can effectively realize gradual deployment, even in hierarchical structure in large scale, still can guarantee validity and the simplification verified.

But below between the autonomous territory of replacing based on label disposed of stratification that the present invention is proposed the integral body of IPv6 source address verification method be described, the authentication mechanism of this method is a kind of end to end based on the authentication mechanism for encrypting of label, in the trust alliance architecture of multilayer level, this method makes data communication be divided into three classes by judging the similarities and differences of the trust alliance that the autonomous territory of source autonomous domain and purpose is affiliated.

First, when the autonomous territory of described source autonomous domain and purpose belongs to one together when trusting alliance, finish the source address checking of the data message that transmits between single allied member according to the label of source autonomous domain and the autonomous territory of purpose correspondence by the border router source autonomous domain end and the autonomous territory of purpose end.In enforcement of the present invention, claim this type of communication to be data communication in the alliance (being that data message is trusted between the inner member of alliance mutual in a certain level), under this type of network service scene, member AS Correspondent Node each other in this level alliance, only need the state machine ordered pair of the maintenance alliance at the corresponding levels scope of dynamic, secret between AS, one generates when being used in as the source end and guarantees the real label of own identity, label is added in the message extension header by alliance's inner boundary router at the corresponding levels (AER), and AER carried out the label inspection to the message that receives when another was used in as destination.Because this type of data communication is carried out in same alliance,, this type of data message processing procedure do not replace so not relating to label.

More specifically, described source autonomous domain end border router at first in the link field port (Ingress Port) of network receive described data message, judge whether described message source address belongs to described source autonomous domain,, then abandon described message if not if then further check destination address; Then further judge that institute's message states destination address and whether belong to one together with described source address and trust alliance, if then search the described state machine corresponding between allied member of trusting at the corresponding levels, the generation label is added in the message extension header, sends in the network; Then the autonomous territory of relaying end is not done the label checking to the described message of process, directly according to the destination address forwarding of tabling look-up; After described message is sent to destination, the autonomous territory of purpose end border router is received message from the port (Egress Port) of link field external network, judge whether described message source address belongs to described source autonomous domain,, then further check destination address if not if then abandon described message; Last judge further whether described destination address belongs to one with described source address and trust alliance,, be sent to network in the territory if then search described source autonomous domain end and the corresponding state machine of the autonomous territory end of purpose with checking and removal label.

Second, when different trusts alliance is adhered in the autonomous territory of source autonomous domain and purpose separately, verify by the source address of label repeatedly being replaced the data message of finishing the cross-alliance transmission source autonomous domain end with alliance's border router and border router the cooperation autonomous territory of purpose end.In an embodiment of the present invention, claim that this type of is to stride alliance's data communication (being that different levels are trusted the data communication between allied member), under this type of network service scene, the technical staff is by introducing TAE, logically with each level alliance and extraneous Network Isolation, all source addresses are belonged to alliance at the corresponding levels purpose be forwarded to first TAE on the routed path in the data message unification of other level alliances, by alliance's border router (TAER) at this place with label replace to data message forwarding by way of the label of alliance of more high-level, make TAER form mutual " relay agent " of internal-external network data message of alliance, if data message passes through the alliance of a plurality of more high-levels, then repeatedly carry out said process and finish from bottom to top replacement step by step, and intermediate nodes all on routed path are not done any processing to the data message label, just normally transmit according to destination address, when data message is sent to purpose AS end place alliance, correspondingly the TAER of each level carries out the top-down replacement process of label step by step to message, till data message is sent to the destination.

More specifically, source AS end AER is when receiving that originating from local AS purpose is pointed to the message of non-alliance at the corresponding levels prefix, to search with local AS be the source with the alliance border of the route process of leading to the purpose prefix is the state machine (state machine 1) of place, generate and interpolation corresponding label (label 1), to the outside forwarding of local AS; Source AS end TAER can start 2 handling processes in succession when receiving that being derived from alliance at the corresponding levels purpose points to the message of non-alliance at the corresponding levels prefix:

(1)search state machine 1, checking is also removedlabel 1;

(2) searching with alliance at the corresponding levels is that the source is the state machine (state machine 2) of place with purpose prefix place alliance, generates and interpolation corresponding label (label 2), to the outside forwarding of alliance at the corresponding levels.

Subsequently, at relaying AS end, when message when transmit in the path that leads to the purpose prefix, by way of routing device point to the message of non-alliance at the corresponding levels prefix and do not carry out any checking and handle directly and transmit being derived from non-alliance at the corresponding levels purpose; Purpose AS end TAER correspondingly, can start 2 handling processes equally in succession when receiving that being derived from non-alliance at the corresponding levels purpose points to the message of alliance at the corresponding levels prefix:

(1)search state machine 2, checking is also removedlabel 2;

(2) to search with local AS be the source with the AS at purpose prefix place is the state machine (state machine 3) of place, adds also generating corresponding label (label 3), transmits to alliance at the corresponding levels is inner.

At last, purpose AS end AER searches corresponding state machine 3 when receiving the message that TAER sends, and label 3 is also removed in checking, to the inner forwarding of local AS.

The 3rd, when described source autonomous domain is non-trusts allied member for trusting the autonomous territory of the described purpose of allied member, need not do any processing to message label, directly press destination address forwarding data message.In an embodiment of the present invention, be called and non-trust alliance's data communication (promptly trusting alliance and non-data communication of trusting between alliance), under this type of network service scene, do not relate to any operation of relevant label, only need transmit according to destination address.

More specifically, when trusting between the user of alliance and the non-trust user of alliance communication message when transmit in the path that leads to the purpose prefix, by way of AER message that the autonomous territory of non-originating from local purpose is pointed to autonomous territory, non-this locality prefix do not carry out any checking and handle directly forwarding; When trusting between the user of alliance and the non-trust user of alliance communication message when transmit in the path that leads to the purpose prefix, by way of TAER the non-alliance at the corresponding levels purpose that is derived from is pointed to the message of non-alliance at the corresponding levels prefix and is not carried out any checking and handle directly forwarding.

Source address Authentication devices and maintenance list item thereof that this method relates to mainly contain: registrar (REG), alliance's inner boundary router (AER) at the corresponding levels, alliance's border router (TAER), Control Server (ACS), alliance's state machine table (LAST) at the corresponding levels, global state machine table (GAST), global address prefix and corresponding alliance mapping table (coarseness) are (GA-TA-1), global address prefix and corresponding alliance mapping table (fine granularity) are (GA-TA-2), alliance's boundary information table (LAEIT) at the corresponding levels specifically describes referring to table 1:

Table 1

In the trust alliance architecture of stratification, the checking of the source address of data message mainly concentrates on AER and the TAER, and this checking is finished by control aspect and data plane cooperation.The control aspect mainly comprises: the registration of information about firms and reception and registration, the negotiation of state machine, change is with synchronously, and to configuration of AER and TAER or the like, its participation main body is REG, ACS and AER/TAER.Data plane mainly comprises: add label on the AER of source end AS, on the TAER of source end TAE, finish phase I source address checking and finish label replacement for the first time, on the TAER of destination TAE, finish the checking of second stage source address and finish label replacement for the second time, on the AER of destination AS label has been checked phase III source address checking, it participates in main body is AER and TAER.Wherein, for the architecture that adapts to stratification reduces to dispose cost and operation cost simultaneously, the outfit of REG, ACS is used all can be multiplexing by multistage alliance.

The source address proof procedure of data message is mainly realized following function in the control aspect, its handling process as shown in Figure 2:

(1) REG accepts member's registration and the modification information from ACS, safeguards that the member tabulates;

(2) REG is each member's time service as alliance's time reference, passes on information about firms to all members' of alliance ACS;

(3) ACS obtains member's tabulation from REG, and keeps dynamic, synchronous maintenance to member's tabulation with it;

(4) carry out the collection and the exchange of address prefix information between ACS;

(5) carry out the generation and the declaration of state machine information between ACS;

(6) ACS generates strategy and disposes to AER/TAER;

(7) ACS accepts the running status report of AER/TAER;

(8) AER/TAER receives the state machine that ACS disposes, and with its application;

(9) AER/TAER receives the strategy that ACS disposes, and with its application.

In conjunction with example shown in Figure 5, the source address proof procedure of data message in the trust alliance architecture of stratification is elaborated, the handling process of the data plane of the AER/TAER that wherein relates to is shown in Fig. 3,4.

Step (1): when AS X_AER (source end AER) received the message of the autonomous territory AS X of originating from local, the GA-TA-1 that tables look-up found that the ownership AS Y of this message purpose prefix does not belong to the Sub-TA2 of alliance at the corresponding levels, can start two handling processes in succession:

Step (1.1): it is ASZ along the TAE that routed path goes out the Sub-TA2 of alliance at the corresponding levels that the LAEIT that tables look-up finds this message;

Step (1.2): it is that the source is the state machine＜AS X of place with the border AS Z of first alliance that leads on the path of purpose prefix that the LAST that tables look-up finds with autonomous territory, this locality AS X, AS Z 〉, generate and interpolation corresponding label (label 1), transmit to autonomous territory, this locality AS X external network.Handling process as shown in Figure 6.

Step (2): when AS K_AER (intermediate ends AER) receives the message of forwarded, the GA-TA-1 that tables look-up finds that this message source points to autonomous territory, non-this locality from autonomous territory, non-this locality purpose, this message label is not done any processing, directly be forwarded to next jumping according to the purpose prefix.Handling process as shown in Figure 7.

Step (3): as AS Z_TAER (source alliance end TAER) when receiving the message that is derived from alliance at the corresponding levels, the GA-TA-2 that tables look-up finds that the ownership AS Y of this message purpose prefix does not belong to the Sub-TA2 of alliance at the corresponding levels and belongs to the reciprocity Sub-TA3 of alliance, can start 2 handling processes in succession:

Step (3.1): the LAST that tables look-up finds state machine＜AS X, AS Z 〉, checking is also removedlabel 1;

Step (3.2): it be the source with the opposite end alliance at purpose prefix place is the state machine＜Sub-TA2 of place that the GAST that tables look-up looks for alliance at the corresponding levels, Sub-TA3 〉, generate and also add corresponding label (label 2), transmit to alliance at the corresponding levels external network; Finish phase I checking and label replacement for the first time.Handling process as shown in Figure 8.

Step (4): when AS W_TAER (intermediate ends TAER) receives the message of forwarded, the GA-TA-2 that tables look-up finds that this message source points to the non-Sub-TA3 of alliance prefix at the corresponding levels from the non-Sub-TA2 of alliance purpose at the corresponding levels, this message label is not done any processing, directly be forwarded to next jumping according to the purpose prefix.Handling process as shown in Figure 9.

Step (5): when AS U_TAER (purpose alliance end TAER) received the message that network sends, the GA-TA-2 that tables look-up found that the ownership AS Y of this message purpose prefix belongs to the Sub-TA3 of alliance at the corresponding levels, can start 2 handling processes in succession:

Step (5.1): the GAST that tables look-up finds state machine＜Sub-TA2, Sub-TA3 〉, checking is also removedlabel 2;

Step (5.2): the LAST that tables look-up finds state machine＜AS U, AS Y 〉, add label 3, mail to AS Y; Finish second stage checking and label replacement for the second time.Handling process as shown in figure 11.

Step (6): when AS L_AER (intermediate ends AER) receives the message of forwarded, the GA-TA-1 that tables look-up finds that this message source points to autonomous territory, non-this locality from autonomous territory, non-this locality purpose, this message label is not done any processing, directly be forwarded to next jumping according to the purpose prefix.Handling process as shown in figure 11.

Step (7): as AS Y_TAER (destination AER) when receiving the message of forwarded, the GA-TA-1 that tables look-up finds the local autonomous territory of the ownership of this message purpose prefix, and the LAST that tables look-up finds state machine＜AS U, AS Y 〉, checking is also removed label 3, finishes the checking in last stage.Handling process as shown in figure 12.

Below the mode of just specifically giving an example be described, disposed the trust alliance of three levels according to the method for above-mentioned deployment embodiment in pure IPv6 Networking China's education and scientific research network (CERNET2) simulation, as shown in figure 13, wherein:

Step (1): be deployed in Beijing core, make it become the alliance border of CERNET2 alliance and higher level alliance CNGI (CNGI) trust alliance;

Step (2): be deployed in China Telecom and trust alliance's Egress node, make it become the alliance border that China Telecom trusts alliance and higher level CNGI alliance;

Step (3): be deployed in CNGI-6IX, make it become the alliance border of CNGI alliance and higher level League of Nations;

Step (4): CERNET2 (first order), alliance of China Telecom (first order) belong to together and trust the CNGI member of alliance, form CNGI alliance (second level), CNGI alliance and other countries trust alliance and form League of Nations (third level), form equity or membership between above-mentioned alliance each other, internal network does not have influence, invisible mutually mutually.

More than the network architecture with I Pv6 true source address authentication function of a kind of stratification proposed by the invention is described in detail.By use that the present invention proposes based on IPv6 source address verification method between the autonomous territory of label, the internet can make up the trust alliance architecture of top-down pyramid, be easy to realize the stratification deployment, its authentication mechanism for encrypting end to end simultaneously, can not be subjected to the influence of autonomous territory interconnecting relation and peripheral network topology change, not only can be deployed in abutting connection with between autonomous territory, also can be deployed between non-adjacent autonomous territory, and need not the intermediate node special processing; On the other hand, this method can effectively be finished repeatedly the source address checking, make the inner member of each level alliance only need safeguard local information (allied member at the corresponding levels information, state machine information and address prefix information) and need not to grasp overall situation, global information (all level allied member information, state machine information and address prefix information) then grasp by the alliance border (TAE) of each level, fully guarantee the reliability and the redundancy of checking, effectively reduce the checking expense, along with the continuous growth of participating in trust alliance autonomous territory scale, the maintenance of encrypting and authenticating label and processing expenditure only are lightweight and increase, management, consulting does not increase with synchronous difficulty, therefore has the excitation of gradual deployment to a certain extent.

Although illustrated and described embodiments of the invention, for the ordinary skill in the art, be appreciated that without departing from the principles and spirit of the present invention and can carry out multiple variation, modification, replacement and modification that scope of the present invention is by claims and be equal to and limit to these embodiment.