diff --git a/ReadMe.md b/ReadMe.md index 0369805c..8878cade 100644 --- a/ReadMe.md +++ b/ReadMe.md @@ -10,9 +10,9 @@ 本计划是 [freeCodeCamp 中文社区文章翻译计划][5]的扩展项目,在相同的宗旨和工作流程下翻译 freeCodeCamp 社区之外的优秀开源、技术文章。 -- [新增原文][6] -- 翻译文章:[![gitlocalized](https://gitlocalize.com/repo/9653/whole_project/badge.svg)][7] -- [进度看板][8] +- [新增原文][6] +- 翻译文章:[![gitlocalized](https://gitlocalize.com/repo/9653/whole_project/badge.svg)][7] +- [进度看板][8] ## 内容授权 diff --git a/_drafts/Article/Translation/introduction-to-bgp-from-operator-of-small-as.md b/_drafts/Article/Translation/introduction-to-bgp-from-operator-of-small-as.md index 14b1bec6..8aa83033 100644 --- a/_drafts/Article/Translation/introduction-to-bgp-from-operator-of-small-as.md +++ b/_drafts/Article/Translation/introduction-to-bgp-from-operator-of-small-as.md @@ -1,5 +1,5 @@ --- -title: An Introduction to BGP... from the operator of a small AS +title: BGP 介绍... 来自一个小型 AS 的运营者 date: 2023-07-14T05:05:37.000Z authorURL: "" originalURL: https://quantum5.ca/2023/07/14/introduction-to-bgp-from-operator-of-small-as/ @@ -7,170 +7,150 @@ translator: "" reviewer: "" --- -# An Introduction to BGP... from the operator of a small AS +# BGP 介绍... 来自一个小型 AS 的运营者 [BGP][1] -12 minutes +[qt.ax/bgp][2] -Quantum +[边界网关协议][3](通常缩写为 BGP)是使现代互联网成为可能的关键协议,但即使是长期使用者也往往对它理解不足。同时,它在互联网上几次高调的宕机事件中扮演了重要角色。作为一个运营"自己的互联网一部分"— [AS200351][4] —已有半年的人,我认为是时候写一篇文章来解释 BGP 到底是什么,AS200351 是什么,以及互联网在幕后是如何真正运作的。让我们从基础开始。 -[qt.ax/bgp][2] +要理解 BGP,我们首先必须理解为什么它被称为"互联网"(Internet)。简单来说,互联网之所以这样命名是因为它是由 BGP 粘合在一起的网络(network)之间(inter)的互联(更准确地说,是[自治系统][5],或称 AS)。由于这听起来像是一串没有意义的词,让我们深入了解一下。 -[Border Gateway Protocol][3] (often abbreviated BGP) is a critical protocol that makes the modern Internet possible, yet remains one of its most poorly understood parts even among its long-time users. At the same time, it has played a significant role in several high-profile outages on the Internet. As someone who has been running my “own piece of the Internet”—[AS200351][4]—for half a year now, I think the time has come to write a piece explaining exactly what BGP is, what AS200351 is, and how the Internet truly functions behind the scenes. We’ll start with the basics. +## 什么是网络? -To understand BGP, we must first understand why it is called the “Internet” in the first place. To simplify greatly, the Internet is called that because it’s an _inter_connected network of _net_works (more precisely, [autonomous systems][5], or ASes) glued together by BGP. Since this sounds like a nonsensical sequence of words, let’s dive a bit deeper. +让我们从考虑 Alice 的一个非常简单的家庭网络开始,暂时不考虑互联方面。为了简单起见,我们将使用更熟悉的 192.168.0.0/16 范围内的 IPv4 地址。 -## What is a network? +**关于表示法的快速说明:** IPv4 地址由四个字节(每个 8 位)组成,总共 32 位。每个字节通常用十进制表示,用点分隔。/16 指的是与 192.168.0.0 共享前 16 位(或点分表示法中的前两个十进制数)的所有 IPv4 地址,即所有以 192.168 开头的地址。这被称为[CIDR 表示法][7]。 -Let’s start by considering a very simple home network belonging to Alice without considering the interconnected aspect. For the sake of simplicity, we’ll use the more familiar IPv4[1][6] addresses from the 192.168.0.0/16 range. +这是 Alice 的家庭网络: +简单网络 -**A quick note on notation:** IPv4 addresses consist of four bytes (8 bits each) for a total of 32 bits. Each byte is conventionally expressed in decimal, separated by dots. The /16 refers to all IPv4 addresses that share the first 16 bits (or the first two decimal numbers in the dotted notation) as 192.168.0.0, i.e. every address that starts with 192.168. This is called the [CIDR notation][7]. +在图中,有一个位于 192.168.1.1 的路由器(目前什么都不做,因为它没有连接到任何其他网络),以及两台计算机—192.168.1.2 和 192.168.1.3,都连接到一个[交换机][8]上。我们用 CIDR 表示法将这个网络称为 192.168.1.0/24,包含 192.168.1.x 的地址。 -Here’s Alice’s home network: +注意,在常见的家庭设置中,路由器和交换机通常捆绑在一个设备中,但这些在逻辑上是两个不同的功能。交换机本质上是将所有连接到它的设备连接在一起,使所有设备可以直接相互通信(技术上称为单个广播域)。另一方面,路由器连接不同的广播域—而不需要所有相关设备直接看到彼此。或者,用 ChatGPT 的话说:"网络交换机就像一个特殊的盒子,帮助同一个房子里的设备相互交谈,而路由器就像一个魔法门,帮助不同房子相互交谈。"(我不确定这个比喻有多大帮助。) -![Simple network](/assets/bgp/simple-site-122138c86761d2238169e60ec103c1a7f0defd46f99091819511b0b447f884d38de44308d3c43746818ad7f997b9ddb0f9942dffb2c16d42c2c26595807349cc.svg) +在网络世界中,这样的网络可能被称为一个"站点",因为这是仅存在于一个位置的网络。 -In the diagram, there is a router at 192.168.1.1, which currently does nothing since it’s not connected to any other network, and two computers—192.168.1.2 and 192.168.1.3, all connected to a [switch][8]. We refer to this network as 192.168.1.0/24 in CIDR notation, containing addresses 192.168.1.x. +## 连接站点 -Note that in a common home setup, the router and switch are usually bundled into a single appliance, but these are logically two distinct functions. A switch essentially connects all the devices attached to it together in such a way that all devices can talk directly to each other (technically called a single broadcast domain). A router, on the other hand, connects distinct broadcast domains together—without requiring all involved devices to see each other directly. Alternatively, in the words of ChatGPT[2][9]: “A network switch is like a special box that helps devices in the same house talk to each other, while a router is like a magic door that helps different houses talk to each other.” (I am not sure how helpful this actually is.) +现在,如果 Alice 的叔叔也想要一个家庭网络,并且能够与 Alice 的家庭网络通信怎么办?他可以获得类似的设置,他的路由器地址为 192.168.2.1 等,创建网络 192.168.2.0/24。 -In the world of networking, such a network might be referred to as a _site_, since this is a network existing in only one location. +显而易见的问题是:我们如何将 192.168.1.0/24 和 192.168.2.0/24 连接在一起?这就是路由器发挥作用的地方。让我们在一个单独的网络上连接路由器,然后给 Alice 家中的路由器分配外部地址 192.168.0.1,给她叔叔家的路由器分配 192.168.0.2: -## Connecting sites +网络连接 -Now, what if Alice’s uncle wants a network in his home too and to be able to talk to Alice’s home network? He can get a similar setup, with a router at 192.168.2.1 for his router, etc. to create the network 192.168.2.0/24. +现在,我们可以告诉 192.168.0.1,所有发往 192.168.2.0/24 的数据包都应该发送到 192.168.0.2。这被称为"路由"。然后,如果 192.168.1.2 想要与 192.168.2.3 通信,它可以将数据包发送到路由器 192.168.1.1(也就是 192.168.0.1),由它将数据包转发给 192.168.0.2(也就是 192.168.2.1),再发送到最终目的地 192.168.2.3。当然,要接收回复,我们还需要告诉 192.168.0.2,所有发往 192.168.1.0/24 的数据包都应该发送到 192.168.0.1。这种显式定义路由的方式被称为"静态路由"。 -The obvious question is: how would we connect 192.168.1.0/24 and 192.168.2.0/24 together? Well, this is where the routers come in. Let’s connect the routers together on a separate network, then give the router in Alice’s home the external address 192.168.0.1 and the router in her uncle’s house 192.168.0.2: +在这种设置中,只有路由器需要知道彼此的存在。对于每个网络上的计算机来说,它们只需要知道发往不在同一网络的目的地的数据包应该发送到路由器,路由器知道如何处理这些数据包。 -![Two sites connected](/assets/bgp/simple-as-65980e97358045a14a90518c714f0301a24938c47dfb6139b4988eb4319fdeaa866c88d70eee9f8f3d39ca3d91374502a9e623d44cdb713c38c4676eafd26faa.svg) +在 BGP 世界中,由同一实体运行的一组站点可能被称为"自治系统"或 AS。我们稍后会正式定义这个术语。 -Now, we can tell 192.168.0.1 that all packets destined for 192.168.2.0/24 should be sent to 192.168.0.2. This is called a _route_. Then, if 192.168.1.2 wants to talk to 192.168.2.3, it can send packets to the router 192.168.1.1, which is also known as 192.168.0.1, to forward the packet to 192.168.0.2, who is also known as 192.168.2.1, to send it to the final destination of 192.168.2.3. Of course, to receive a reply, we also need to tell 192.168.0.2 that all packets destined for 192.168.1.0/24 should be sent to 192.168.0.1. Explicitly defining routes this way is called _static routing_. +## 连接 AS -In this setup, only the routers need to be aware of each other. For the computers on each network, all they have to know is that packets going to destinations that are not in the same network should go to the router, who knows what to do with them. +现在,考虑 Bob,他为他的家人设置了类似的系统(当然,使用不同的 IP 地址)。现在,如果 Alice 和 Bob 想要连接他们的网络(自治系统)以便他们都可以相互通信怎么办?同样,他们可以在路由器上设置静态路由,这样他们就知道如何找到对方的前缀。 -In the world of BGP, a group of sites run by the same entity might be called an “autonomous system” or an AS. We’ll define this term formally later. +然而,这里有一个问题—让我们考虑一下如果 Alice 的另一个叔叔想要添加一个网络会发生什么。Alice 可以轻松地更改她管理的所有路由器的静态路由表,但 Bob 呢?Alice 必须告诉 Bob 在他的所有路由器上的路由表中添加新路由。这有点烦人。现在想象一下,如果不仅仅是 Alice 和 Bob,而是十个人,或者更糟,一百人或一千人—Alice 必须告诉他们所有人更改他们的路由表,这样他们才知道如何到达她的新前缀。这是一个巨大的痛点,显然无法扩展。 -## Connecting ASes +## BGP 登场 -Now, consider Bob who has a similar setup for his family (naturally, with a different set of IP addresses). Now, what if Alice and Bob want to connect their networks (autonomous systems) together so that they can all talk to each other? Once again, they can set up static routes on their routers so they know how to find each other’s prefixes. +互联网早期就是像上面的例子那样工作的。自然,它遇到了同样的问题。每次一个自治系统(代表大学或类似实体)添加一个新的 IP 前缀,其他所有人都需要被通知以更新他们的路由。很快,就明显需要一些自动化的东西。 -However, there is a problem here—let’s consider what happens if Alice’s other uncle wants to add a network. Alice can easily change the static routing tables of all routers she manages, but what about Bob? Alice would have to tell Bob to add the new route to _his_ routing tables on _all his routers_. This is sort of annoying. Now imagine if it’s not just Alice and Bob, but ten people, or worse, a hundred people or a thousand people—Alice would have to tell them all to change their routing table so that they know how to reach her new prefix. This is a _huge_ pain and clearly doesn’t scale. +因此,两位工程师在一家餐厅坐下来,在三张沾有番茄酱的餐巾纸上(或者根据不同说法是两张[3][10])提出了一个新协议。结果就是"三张餐巾纸协议",正式名称为边界网关协议或 BGP。 -## Enter BGP +有了 BGP,Alice 的路由器可以与 Bob 的路由器通信,并向对方宣告它们可以到达的目的地。接收方可以将从其他路由器通过 BGP 收到的所有路由添加到自己的路由表中,这样连接的计算机就可以到达这些目的地。每个 BGP 连接被称为一个"会话",会话的每一端被称为"对等体"。当两个路由器相互连接时,它们被称为对等。 -The early days of the Internet worked like the example above. Naturally, it ran into the same issues. Every time an autonomous system, which represented universities or similar entities, added a new IP prefix, _everyone else_ needs to be notified to update their routes. Soon, it became clear that something automatic was needed. +## 什么是自治系统? -Thus, two engineers sat down at a restaurant and came up with a new protocol on the backs of three ketchup-stained napkins (or two, depending on who you ask[3][10]). The result was the “three-napkin protocol”, more formally known as Border Gateway Protocol or BGP. +现在,我一直在使用"自治系统"这个术语,但还没有真正定义它。正式定义大概是"由一个或多个网络运营商运行的一组 IP 网络,具有单一明确定义的路由策略,"[4][11]但这听起来像一堆没有意义的词。 -With BGP, Alice’s routers can talk to Bob’s routers and announce to each other the destinations that they can reach. The receiving side can add all the routes received from the other routers over BGP to their own routing tables so that the attached computers can reach those destinations. Each BGP connection is called a _session_, and each end of the session is called a _peer_. When two routers are connected to each other, they are said to be peered. +把自治系统想象成由某个实体控制的一堆网络可能更有用,这个实体费心获得了一个全球唯一的编号。这个编号被称为 ASN(自治系统号)。相关实体通常是某种 ISP(互联网服务提供商),但也可以是任何人。例如,我运营[我自己的自治系统][12],被分配了编号 200351。通常,自治系统被称为 ASxx,其中 xx 是 ASN。 -## What is an autonomous system? +一些自治系统的例子包括: -Now, I’ve been using the term “autonomous system” quite a bit, but haven’t really defined it. The formal definition is something like “a group of IP networks run by one or more network operators with a single clearly defined routing policy,”[4][11] but that sounds like a bunch of meaningless words. +- AS13335:Cloudflare, Inc.; +- AS15169:Google LLC; +- AS577:Bell Canada(一个加拿大住宅 ISP); +- AS1299:Arelion(一个连接其他 ISP 的大型 ISP);以及 +- AS200351:Guanzhong Chen(那就是我!)。 -It might be more useful to think of an autonomous system as a bunch of networks controlled by some entity that bothered to get a globally unique number assigned. That number is called an ASN (autonomous system number). The entity in question is most often some kind of an ISP (Internet Service Provider), but it could be anyone. For example, I run [my own autonomous system][12] that was assigned the number 200351. Typically, autonomous systems are referred to ASxx, where xx is the ASN. +当然,还有更多,截至 2023 年总数超过 100,000 个。这些自治系统可以相互连接,它们共同构成了互联网。 -Some examples of autonomous systems include: +## 什么是互联网? -- AS13335: Cloudflare, Inc.; -- AS15169: Google LLC; -- AS577: Bell Canada (a Canadian residential ISP); -- AS1299: Arelion (a large ISP that connects other ISPs); and -- AS200351: Guanzhong Chen (that’s me!). +到这点,"由 BGP 连接的自治系统"这个概念就更有意义了。然而,还有更多内容。正如你可能想象的那样,直接连接所有 AS 并不实际,因为它们超过 100,000 个。 -Of course, there are many more, totalling over 100 000100\\,000 as of 2023. These autonomous systems can interconnect with each other, and together they constitute the Internet. +BGP 的一个关键优势是并非每个网络都需要直接对等。例如,如果 Alice 和 Bob 是对等的,Bob 和 Carol 是对等的,那么 Alice 和 Carol 不需要对等就能相互连接。相反,Bob 可以向 Carol 宣告 Alice 的路由,向 Alice 宣告 Carol 的路由。这样,Alice 和 Carol 就可以通过 Bob 通信。 -## What’s the Internet? +这个方面真正体现了 BGP 如何将互联网连接在一起—你的 ISP(互联网服务提供商)不需要与世界上的每个其他 AS 对等。相反,只要有一系列其他 ISP 愿意将你的 ISP 连接到任何给定的目的地,你的 ISP 就可以到达整个互联网。在 BGP 术语中,中间的 ISP 被称为提供"传输",我们将在未来深入探讨这一点。 -At this point, “autonomous systems connected to each other by BGP” is a lot more meaningful. However, there’s a bit more to it than that. As you might imagine, it’s not practical to connect all ASes together directly, since there are over 100 000100\\,000 of them. +如你所见,互联网确实是一个由 BGP 粘合在一起的自治系统互联网络。 -A key advantage of BGP is that not every network needs to be peered directly. For example, if Alice and Bob are peered, and Bob and Carol are peered, then Alice and Carol don’t need to be peered to be able to connect to each other. Instead, Bob can announce Alice’s routes to Carol and Carol’s routes to Alice. Then, Alice and Carol can communicate through Bob. +## BGP 是如何工作的? -This aspect is really how BGP holds the Internet together—your ISP (Internet Service Provider) doesn’t need to peer with every other AS in the world. Instead, as long as there is a series of other ISPs willing to connect your ISP to any given destination, your ISP can reach all of the Internet. In BGP terminology, the intermediate ISP is said to offer “transit”, and we’ll dive into this in the future. +现在,如果只谈论 BGP 做什么而不谈论它如何工作就结束这篇文章,那将是疯狂的,所以让我们做一个快速概述,而不深入细节。 -As you can see, the Internet is really an interconnected network of autonomous systems, glued together by BGP. +BGP 对等体通过[TCP][13]端口 179 相互通信。通常,两个对等体都监听该端口并尝试连接对方,这并不重要。每个 BGP 对等体可以执行两种非常简单的操作:宣告一个路由和撤销一个路由。如果 BGP 连接丢失,每个对等体都会认为对方撤销了所有路由。 -## How does BGP work? +每个路由包括以下基本信息: -Now, it would be crazy to end a post about BGP after only talking about what BGP does and not how it works, so let’s do a quick overview without diving too deeply into the weeds. +- 前缀:该路由要到达的 IP 前缀; +- 下一跳:该对等体应该将数据包转发到的 IP 地址; +- AS 路径:到达最终目的地的 ASN 链;以及 +- 社区:路由上的额外标签。 -BGP peers talk to each other over [TCP][13] port 179. Typically, both peers listen on the port and try connecting to the other, and it doesn’t matter which one is the server and which one is the client, as long as a connection is established. +(当然,还有更多,但这些是最重要的。) -The BGP peers can, in fact, belong to the same AS. When used this way, it’s called _Internal_ BGP or iBGP, as opposed to _External_ BGP or eBGP when used between two different ASes. In the case of iBGP, this can solve the problem of Alice managing all her sites without relying on static routing, to use our example above. +如你所见,BGP 是一个非常简单的协议,也许太简单了—它没有任何内置的安全机制[5][14],例如。复杂性并非来自 BGP 本身,而是来自它所构建的网络。网络越复杂,路由逻辑越复杂,路由越多,结果就是一个巨大而复杂的网络,那就是互联网。 -Logically, each BGP peer can perform two very simple operations: _announcing_ a route and _withdrawing_ a route. If a BGP connection is lost, each peer will deem the other peer to have withdrawn all their routes. +## 为什么 BGP 会导致宕机? -Each route includes the following basic information: +从上面的信息中,我们现在可以看到为什么 BGP 会导致互联网宕机。BGP 告诉互联网的路由器如何连接整个网络,一旦出错,事情就会停止工作。 -- Prefix: the IP prefix this route is meant to reach; -- Next hop: the IP address to which the peer should forward the packets destined to the prefix; -- AS path: the chain of ASNs through which the final destination is reached; and -- Communities: extra tags on the route. +BGP 有两个主要的故障模式: -(There are obviously more, but these are the most important.) +1. 错误地宣告路由。基本上,一个不应该宣告路由的对等体宣告了路由,可能是由于错误(路由泄露)或恶意行为(BGP 劫持)。例如,在 2008 年,巴基斯坦试图通过宣告指向无处的内部路由来屏蔽 YouTube,但错误地将其泄露到整个互联网,导致 YouTube 宕机。恶意攻击者也可以这样做,以冒充网站或捕获流量。 +2. 错误地撤销路由。例如,在 2021 年 Facebook 宕机事件中,Facebook 错误地撤销了指向其 DNS 服务器的路由,结果是互联网上的任何人都无法访问其 DNS 服务器并获取 facebook.com 等的 IP 地址。自然,这导致了 Facebook 宕机。 -As you can see, BGP is a very simple protocol, perhaps too simple—it doesn’t really have any built-in security mechanisms[5][14], for example. The complexity doesn’t come from BGP itself, but arises from the network it is used to build. The more complex the network, the fancier the routing logic, the more routes there are, resulting in the huge and complex network that is the Internet. +## 下次? -## Why does BGP cause outages? +这篇文章到此结束了对 BGP 的基本介绍。[下次][17],我将解释更多关于自治系统的内容,以及它们如何被组织成不同的层次。这将使你更好地理解互联网的组织结构以及 AS 之间的关系。 -From all the information here, we can now see why BGP is involved in so many Internet outages. BGP tells the routers of the Internet how to connect the whole thing together, and with one mistake, things could stop working. +## 注释 -There are really two main failure modes with plain BGP: +1. IPv4 是互联网协议的旧版本,其地址看起来像 192.0.2.123。这仍然是最常见的版本,也是大多数人熟悉的,因此我在这里使用它。然而,它开始显示出自己的年龄—总共 232 个地址正在耗尽。IPv6 是新版本,具有 2128 个地址,数量惊人。其地址看起来像 2001:db8::123 或 2001:db8:1234:5678:90ab:cdef:dead:beef。由于 IPv4 地址稀缺,AS200351 仅支持 IPv6。 -1. Mistakenly announcing routes. Basically, a peer that’s not supposed to announce a route announces it anyways, whether by accident (route leak) or maliciously ([BGP hijack][15]). For example, in 2008, Pakistan tried to block YouTube by announcing routes to YouTube internally that led nowhere, but accidentally leaked it to the whole Internet, bringing down YouTube. Malicious attackers can also do this to impersonate websites or capture traffic. -2. Mistakenly withdrawing routes. For example, in the [2021 Facebook outage][16], Facebook accidentally withdrew the routes to its DNS server, the result being that no one on the Internet could reach their DNS servers and obtain the IP addresses for `facebook.com` et al. Naturally, this brought down Facebook. +2. 具体来说,当 GPT-3.5 被要求向 5 岁的孩子解释路由器和交换机之间的区别时。 -## Next time? +3. 互联网似乎对这个问题意见相对均匀。我看到了[一张图片][20],据称是三张餐巾纸的照片,所以我认为是三张。 -That concludes our basic introduction to BGP. [Next time][17], I’ll explain a bit more about autonomous systems and how they are organized into different tiers. This should give you a better understanding of how the Internet is organized and how relationships between ASes work. +4. 这是[RIPE NCC][22](欧洲和西亚互联网网络协调中心)提供的定义,是欧洲和西亚的[区域互联网注册机构][23]。我们将在深入探讨 AS 时了解更多关于他们的内容。 -## Notes +5. 这是一个相当大的问题。有像 RPKI[25]和 ASPA[26]这样的解决方案旨在解决安全问题,但采用率令人失望。互联网运行在信任和大量路由过滤器之上。 -1. IPv4 is the legacy version of the Internet Protocol, and the addresses look like 192.0.2.123. This is still the most common version and familiar to most people, hence why I am using it in the examples here. However, it’s beginning to show its age—the 2322^{32} total addresses are running out. IPv6 is the new version with 21282^{128} addresses, a mind-bogglingly large number. Its addresses look like 2001:db8::123 or 2001:db8:1234:5678:90ab:cdef:dead:beef. Due to IPv4 address scarcity, AS200351 is IPv6-only. [↩][18] - -2. Specifically, when GPT-3.5 is asked to explain the difference between routers and switches to a 5-year-old. [↩][19] - -3. The Internet seems pretty evenly divided on this. I’ve seen [a picture][20] that purports to be of the three napkins in question, so I am going with three. [↩][21] - -4. This is the [definition given by RIPE NCC][22] (_Réseaux IP Européens_ Network Coordination Centre), the [regional Internet registry][23] for Europe and Western Asia. We’ll learn more about them when we dive deeper into ASes. [↩][24] - -5. This is a pretty big problem, actually. There are solutions such as [RPKI][25] and [ASPA][26] that are aimed at fixing security issues, but adoption leaves a lot to be desired. The Internet runs on trust and lots and lots of route filters. [↩][27] - +请启用 JavaScript 以查看由[Disqus][31]提供的评论。 -Please enable JavaScript to view the [comments powered by Disqus.][31] -[][32] -[1]: /category/bgp/ -[2]: https://qt.ax/bgp "Border Gateway Protocol" +[1]: https://quantum5.ca/category/bgp/ +[2]: https://qt.ax/bgp "边界网关协议" [3]: https://en.wikipedia.org/wiki/Border_Gateway_Protocol [4]: https://as200351.net [5]: https://en.wikipedia.org/wiki/Autonomous_system_(Internet) -[6]: #fn:1 [7]: https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation [8]: https://en.wikipedia.org/wiki/Network_switch -[9]: #fn:2 -[10]: #fn:3 -[11]: #fn:4 [12]: https://as200351.net [13]: https://en.wikipedia.org/wiki/Transmission_Control_Protocol -[14]: #fn:5 [15]: https://en.wikipedia.org/wiki/BGP_hijacking [16]: https://en.wikipedia.org/wiki/2021_Facebook_outage -[17]: /2023/07/19/diving-into-autonomous-systems/ -[18]: #fnref:1 -[19]: #fnref:2 -[20]: /assets/bgp/napkins-90c13247921d7171f9eee3008d900532bca3423e2bdb772589ce086c161f947d45672f0e71038994bcd8d6783a753303b7d128fd71e1526133cd0163431c6017.png -[21]: #fnref:3 +[17]: https://quantum5.ca/2023/07/19/diving-into-autonomous-systems/ +[20]: https://quantum5.ca/assets/bgp/napkins-90c13247921d7171f9eee3008d900532bca3423e2bdb772589ce086c161f947d45672f0e71038994bcd8d6783a753303b7d128fd71e1526133cd0163431c6017.png [22]: https://www.ripe.net/publications/docs/ripe-679#Definition [23]: https://en.wikipedia.org/wiki/Regional_Internet_registry -[24]: #fnref:4 [25]: https://en.wikipedia.org/wiki/Resource_Public_Key_Infrastructure [26]: https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-aspa-verification -[27]: #fnref:5 [28]: /2024/10/31/implementing-aspa-validation-in-bird2-filter-language/ [29]: /2024/06/23/on-inter-rir-transfer-as200351-from-ripe-ncc-to-arin/ [30]: /2023/12/21/bgp-route-selection-high-availability-anycast/