Upload
donna-boone
View
224
Download
2
Tags:
Embed Size (px)
Citation preview
OASIS V2+Next Generation Open Access
Server
CSD 2006 / Team 12
Agenda
• Project background and context
• Goals and objectives
• Architecture
• Project status
• Future work
• Questions and answers
Background and context
• OASIS V.1- KTH university – IT campus- Stockholm open
• Problems of V.1:- No encryption of data- Attacks on IP level
Goals and objectives
• To create a solution for multiple ISPs to share an access network, letting the end-users choose the ISP.
• To support wired and wireless connections of user-end.
• To create easy to implement solution for ISP administrators
• To provide a free and complete software package (open source package).
Architecture
• User interface
- ISP UI
- Operator UI
• Monitoring subsystem
• Authentication subsystem
• Management subsystem
User of ISP a
VLAN
802.1x
Free Radius Proxy server
Authentication Daemon
• Purpose: authenticate users´ login requests.
• Program continuously in listening state. A process is tied to every request; reused a number of times.
• Connection to database – able to read table with username/passwords in order to authenticate users.
−Only component allowed to access that table.
Method of Authentication• CRAM (challenge response authentication mode).
• Authentication Type used is a variation of ‘CRAM-MD5’ − It is in fact a modified CRAM-SHA256.
• Entire transfer of data is tunneled using SSL.
• Purpose: this method protects against passive attacks.−Dictionary and Replay attacks.
Mechanism
Hello
Challenge
DigestC(Challenge)=DigestS(Challenge)
Username+DigestC(challenge)
Policy Daemon• This Daemon is related to the authentication daemon.
• Authentication leads to privileges(sharing resources).− Policy mandates authorization.
• Responsible for controlling clients´ access to resources according to their privileges.
• Like in our monitoring system the ISP’s have access to less information than the Network operator.
Monitoring protocol daemon (Monpd)
It acts as a middle man between client and functional daemons.
Unprivileged, listens to external requests.
Performs privileged operations by communicating with other daemons.
It receives XMLRPC queries from client and responds back after servicing the request.
PHP(User Interface)
Oasis2 MonpdFunctionalDaemons
XMLRPC
HTTPS
ProcReq( )
Result( )
An Application Layer Protocol.
• Monitoring
• Management
SNMP(Simple Network Management Protocol)
SNMPBased on Manager/Agent Model
Consists of• A manager• An Agent• A Database of Management Information• Managed Objects
• Network Protocol
RRD Master
RRDBConfig
DB
OASIS Server
SWITCHES
GETBULK()
SNMPOverview of OASIS v2+
Physical Layout/Grouping Root Node
SubArea(1-2)
AP (2B)
Switch (1C)
Area(2)
Area(1)SubArea(1-1)
Switch (1A)Switch (1B)
AP (1A)
AP 1(B)
Switch (2A)AP (2A)
AP (2C)
AP (2D)
Core Layer
Distribution Layer
Access Layer
SNMP features in OASIS v2+
• Monitoring Interface Traffic
• Monitoring SNMP Enabled Devices
• Network Path Definition and link failure
• Off network Alert Notification
• Network Performance Reporting
RRDtool
SNMP pollerGraphical interface
RRDb
RRDb – Round Robin Database
SNMP poller
Graphs on demand
Time interval
Graph
http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/gallery/index.en.html
How we will implement RRDtool
C API
Cmd line
RRDtool
Perl scripts
Redesigned
C API
C++ wrapper
Today
Goal Faster
ScalablePerl scripts
Cmd LineCompatibility
layer
Project status
• Subsystem’s analysis finished
• Use cases−Sequence Diagrams are ready
• Framework (AFX)−Component Diagrams are ready
• Designing C++ wrapper for RRDtool−brand-new RRDtool C API
Project status
• Blueprint of user interface
• Authentication daemon−Basic functionality
• XMLRPC server design & implementation− Prototype available.
• XMLRPC client Initialization
Future work• SNMP Poller – basic functionalities
• Complete Implementing of XMLRPC Server
• Complete Implementing of XMLRPC client
• Design of web page for Operator and ISP
• Policyd completion
• RRDtool++: implementing more functionality
Thanks for your attention!
Questions?
Email: [email protected]
Web Site: http://csd.ssvl.kth.se/~csd2006-team12/