-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
1/24
* CareNet Residential Gateway Technical OverviewStockholm,
November 2 nd 2011
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
2/24
* CareNe
Agenda
2
Background Migration from CentOS to Bifrost OS
Service isolation via Linux Containers Automatic Updates using
rsync Transparent Multi Homing
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
3/24
* CareNe3
Background
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
4/24
* CareNe
Background
4
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
5/24
* CareNe
Background
5
ISP
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
6/24
* CareNe
Background
6
Backup ISP
Primary ISP
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
7/24* CareNe
Background
7
Primary ISP
Backup ISP
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
8/24* CareNe
Background
8
Primary ISP
Backup ISP
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
9/24* CareNe
Background
9
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
10/24* CareNe
Background: Key developments
10 10
Automatic updates All software can be remotley updated
Simplifies distribution of updatessoftware Could potentially also
support pushingspecialized configurations etc if needed inthe
future.
Namespace isolation Separates the gateway into three
logicaldomains Solves the performance overhead issuesof
virtualization Raises some security concerns,especially since
configuration is complex
Multi homing Increases dependinility throughtransparent n:n link
redundancy Supports both physical and wireless links Transfers any
type of layer 4 transportprotocol
Dedicated Operating system Designed from scratch to be a
lightweight routing platform Increaes performance through
reducedprocess/memory overhead Raises security through obscurity
andsimplification
May June July August September October
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
11/24* CareNe11
Bifrost migration
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
12/24* CareNe
Bifrrost: Introduction
12 12
[bifrost] is mainly targeted for production and infrastructure
networking, routing/firewalling
Advantages compared to CentOS Very lightweight in terms of
memory/CPU reuirements Designed ground-up for routing packets,and
nothing else No frills vanilla release yield highlycustomized
deployments Security through simplicity High level of support from
KTH/UU
Disadvantages compared to CentOS Low level of general community
support.No commercial support. High developer/operator learning
curve Very few pre built software packagesavailable, time consuming
to compilesoftware Limited hardware support in standardrelease.
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
13/24* CareNe
Bifrrost: Rationale
13 13
1. Improved overall performance of router. Decreased memory
overhead Decreased filesystem size Decreased CPU overhead
2. Increased security Only essential services active Security
through obscurity
3. Tailored for specific needs No excess packages shipped with
Vanilla release
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
14/24* CareNe14
Isolation using LXC
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
15/24* CareNe
LXC: introduction
15 15
[LXC is] a lightweight virtual system mechanism sometimes
described as chroot on steroids
Name space isolation Virtualization
LXC KVM Virtualbox
High performance Low performance
Complex security Robust security
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
16/24* CareNe
LXC: rationale
16 16
1. Decreased memory overhead Enables us to run more containers
in parallel, if needed Leaves space for processes and services
2. Decreased filesystem size Decreases storage reuirements
Decreases remote update/distribution time
3. Align well with keep it simple philosophy of Bifrost Only
relevant processes running No extra kernels or memory mapping
running
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
17/24* CareNe
LXC: rationale
17 17
0
500
1000
1500
2000
2500
April (CentOS/Full virt) September (Bifrost/LXC) November
process (Bifrost/LXC)
M B
File system overhead
Substantial decrease thanksto LXC
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
18/24* CareNe
LXC: rationale
18 18
0
50
100
150
200
250
April (estimate) September November
M B
Memory overhead
Increase due to substantialfunctionality additions
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
19/24* CareNe19
Remote updates
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
20/24* CareNe
Remote updates: Overview
20 20
Overview : Remote software/configuration updates supported in
latest CareNet softwarerelease.
Background : To date, updates have been distributed physically
via flashdrives to testers. Not possible in large deployments
Deployment details : Implemented using the widely used rsync
framework Thoroughly tested in-house
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
21/24* CareNe21
Multi homing
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
22/24* CareNe
Multihoming Architecture
22 22
Primary ISP
Backup ISP
Server
CareNet Container
br0Multihoming M-UDP Appln
InternetContainer
eth0 eth1 eth2 eth3
eth0 eth1 eth2
eth3 eth4 eth5
eth4 eth5
eth3
OpenVpn
Hospital
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
23/24* CareNe
Multihoming Architecture
23 23
Primary ISP
Server
CareNet Container
br0Multihoming M-UDP Appln
InternetContainer
eth0 eth1 eth2 eth3
eth0 eth1 eth2
eth3 eth4 eth5
eth4 eth5
eth3
OpenVpn
Hospital
Backup ISP
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
24/24* CareNe24
Live Demonstration
![CareNet Fall2011 [PRES 03] Final Presentation Flatted](https://img.pdfslide.us/doc/110x75/577d22d21a28ab4e1e98518e/carenet-fall2011-pres-03-final-presentation-flatted.jpg)
