YD-T 4964-2024 BGPsec技术要求 BGPsec协议

ICS 33.040.40 CCS L78 YD 中华人民共和国通信行业标准 BGPsec技术要求 BGPsec协议 BGPsec technical requirements —BGPsec protocol specification 点击此处添加与国际标准一致性程度的标识（报批稿） - XX - XX发布 XXXX - XX - XX实施中华人民共和国工业和信息化部发布 YD/T XXXXX —XXXX XX/T XXXXX—XXXX I目次前言 .................................................................................. IV 引言 ................................................................................... V 1　范围 ................................................................................ 1 2　规范性引用文件 ...................................................................... 1 3　术语和定义 .......................................................................... 1 4　缩略语 .............................................................................. 1 5　概述 ................................................................................ 1 6　BGPsec协商 ......................................................................... 2 6.1　BGPsec功能 ..................................................................... 2 6.2　协商BGPsec支持 ................................................................. 2 7　BGPsec_PATH 属性 .................................................................... 3 7.1　BGPsec_PATH 属性结构 ............................................................ 3 7.2　Secure_Path ..................................................................... 4 7.3　Signature_Block ................................................................. 5 8　BGPSec　UPDATE消息 ................................................................. 6 8.1　BGPsec　UPDATE消息规范 ......................................................... 6 8.2　构建BGPsec_PATH属性 ............................................................ 7 8.3　联盟成员处理说明 ................................................................ 9 8.4　重新构造 AS_PATH属性 ........................................................... 10 9　处理收到的BGPsec　UPDATE消息 ...................................................... 11 9.1　整体流程 ....................................................................... 11 9.2　BGPsec验证概述 ................................................................ 11 9.3　验证算法 ....................................................................... 12 10　算法和可扩展性 .................................................................... 14 10.1　算法套件注意事项 .............................................................. 14 10.2　SKI大小的注意事项 ............................................................ 14 10.3　可扩展性注意事项 .............................................................. 14 11　运营和管理注意事项 ................................................................ 14 11.1　能力协商失败 .................................................................. 14 11.2　防止误用pCount=0 ............................................................. 15 11.3　提前终止签名验证 .............................................................. 15 11.4　非确定性签名算法 .............................................................. 15 11.5　私有AS号 ..................................................................... 15 XX/T XXXXX—XXXX II11.6　访问RPKI数据的鲁棒性注意事项 ................................................. 16 11.7　平滑重启 ...................................................................... 16 11.8　ECDSA中秘密随机数的鲁棒性 .................................................... 16 11.9　增量/部分部署注意事项 ......................................................... 16 11.10 其他 .......................................................................... 16 12　安全注意事项 ...................................................................... 17 12.1　安全保障 ...................................................................... 17 12.2　关于BGPsec签名的删除 ......................................................... 17 12.3　缓解拒绝服务攻击 .............................................................. 18 12.4　其它安全注意事项 .............................................................. 18 参考文献 ..................................