The Locator/ID Separation Protocol (LISP) has been widely recognized as a feasible solution to address routing scalability issues and to support host mobility. In the LISP network, when an Egress Tunnel Router (ETR) receives LISP-encapsulated packets from an Ingress Tunnel Router (ITR), it acquires new source identifier-to-locator mappings and stores them in its cache table. However, such a gleaning scheme introduces a security threat that malicious users can insert an amount of fake mappings to the cache, so the ETR has to send Map-Request messages to mapping servers (MSs), which adds excess signaling overhead and transmission delay. To address this issue, this paper proposes a secure mapping solution in LISP networks (LISP-SMS). The ETR can validate the source identifier-to-locator mapping using the MSs'; public/private key without sending a Map-Request to the MSs. To evaluate the efficiency of LISP-SMS, we implement the modules of ITRs, ETRs and MSs. The evaluation results show that LISP-SMS can reduce the transmission delay.

• 出版日期2012
• 单位北京交通大学