OASIS V2+Next Generation Open Access

Server

CSD 2006 / Team 12

Agenda

• Project background and context

• Goals and objectives

• Architecture

• Project status

• Future work

• Questions and answers

Background and context

• OASIS V.1- KTH university – IT campus- Stockholm open

• Problems of V.1:- No encryption of data- Attacks on IP level

Goals and objectives

• To create a solution for multiple ISPs to share an access network, letting the end-users choose the ISP.

• To support wired and wireless connections of user-end.

• To create easy to implement solution for ISP administrators

• To provide a free and complete software package (open source package).

Architecture

• User interface

- ISP UI

- Operator UI

• Monitoring subsystem

• Authentication subsystem

• Management subsystem

User of ISP a

VLAN

802.1x

Free Radius Proxy server

Authentication Daemon

• Purpose: authenticate users´ login requests.

• Program continuously in listening state. A process is tied to every request; reused a number of times.

• Connection to database – able to read table with username/passwords in order to authenticate users.

−Only component allowed to access that table.

Method of Authentication• CRAM (challenge response authentication mode).

• Authentication Type used is a variation of ‘CRAM-MD5’ − It is in fact a modified CRAM-SHA256.

• Entire transfer of data is tunneled using SSL.

• Purpose: this method protects against passive attacks.−Dictionary and Replay attacks.

Mechanism

Hello

Challenge

DigestC(Challenge)=DigestS(Challenge)

Username+DigestC(challenge)

Policy Daemon• This Daemon is related to the authentication daemon.

• Authentication leads to privileges(sharing resources).− Policy mandates authorization.

• Responsible for controlling clients´ access to resources according to their privileges.

• Like in our monitoring system the ISP’s have access to less information than the Network operator.

Monitoring protocol daemon (Monpd)

It acts as a middle man between client and functional daemons.

Unprivileged, listens to external requests.

Performs privileged operations by communicating with other daemons.

It receives XMLRPC queries from client and responds back after servicing the request.

PHP(User Interface)

Oasis2 MonpdFunctionalDaemons

XMLRPC

HTTPS

ProcReq( )

Result( )

An Application Layer Protocol.

• Monitoring

• Management

SNMP(Simple Network Management Protocol)

SNMPBased on Manager/Agent Model

Consists of• A manager• An Agent• A Database of Management Information• Managed Objects

• Network Protocol

RRD Master

RRDBConfig

DB

OASIS Server

SWITCHES

GETBULK()

SNMPOverview of OASIS v2+

Physical Layout/Grouping Root Node

SubArea(1-2)

AP (2B)

Switch (1C)

Area(2)

Area(1)SubArea(1-1)

Switch (1A)Switch (1B)

AP (1A)

AP 1(B)

Switch (2A)AP (2A)

AP (2C)

AP (2D)

Core Layer

Distribution Layer

Access Layer

SNMP features in OASIS v2+

• Monitoring Interface Traffic

• Monitoring SNMP Enabled Devices

• Network Path Definition and link failure

• Off network Alert Notification

• Network Performance Reporting

RRDtool

SNMP pollerGraphical interface

RRDb

RRDb – Round Robin Database

SNMP poller

Graphs on demand

Time interval

Graph

http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/gallery/index.en.html

How we will implement RRDtool

C API

Cmd line

RRDtool

Perl scripts

Redesigned

C API

C++ wrapper

Today

Goal Faster

ScalablePerl scripts

Cmd LineCompatibility

layer

Project status

• Subsystem’s analysis finished

• Use cases−Sequence Diagrams are ready

• Framework (AFX)−Component Diagrams are ready

• Designing C++ wrapper for RRDtool−brand-new RRDtool C API

Project status

• Blueprint of user interface

• Authentication daemon−Basic functionality

• XMLRPC server design & implementation− Prototype available.

• XMLRPC client Initialization

Future work• SNMP Poller – basic functionalities

• Complete Implementing of XMLRPC Server

• Complete Implementing of XMLRPC client

• Design of web page for Operator and ISP

• Policyd completion

• RRDtool++: implementing more functionality

Thanks for your attention!

Questions?

Email: csd2006-team12@csd.ssvl.kth.se

Web Site: http://csd.ssvl.kth.se/~csd2006-team12/