#+title: Community-Lab: A Community Networking Testbed for the Future Internet
* Introduction
Hello, I'm (Speaker) from (organization), I work at the CONFINE project and
I'm going to talk you about Community-Lab, a community networking testbed for
the future Internet. *##*
** Community networks
- Infrastructure deployed by organized groups of people for self-provision of
  broadband networking that works and grows according to their own interests.
- Characteristics: Open participation, open and transparent management,
  distributed ownership.
- The EU regards CNs as fundamental for *##* the universalization of broadband
  networking.
- Means new research challenge: How to support the growth and sustainability
  of CNs by providing the means to conduct experimentally driven research. *##*
** The CONFINE project: Community Networks Testbed for the Future Internet
- The CONFINE project takes on the previous challenge.
- Project supported by the European Community Framework Programme 7 within the
  Future Internet Research and Experimentation Initiative (FIRE).
- Partners: (*##* community networks) guifi.net, Funkfeuer, Athens Wireless
  Metropolitan Network; (*##* research institutions) Universitat Politècnica de
  Catalunya, Fraunhofer Institute for Communication, Information Processing
  and Ergonomics, iMinds research institute; (*##* supporting NGOs) OPLAN
  Foundation, Pangea. *##*
- Objective: Provide a testbed and associated tools and knowledge for
  researchers to experiment on real community networks. *##*
** Testbed?
- Environment built with real hardware for realistic experimental research on
  network technologies. *##*
- Some wireless testbeds, both indoor and outdoor.
  - Problems: their limited local scale, their unrealistic controlled
    environment, experiments can't share resources simultaneously.
- Internet: PlanetLab, planet-scale testbed with resource sharing on nodes.
  Main inspiration for Community-Lab. *##*
** Community-Lab: a testbed for community networks
- Community-Lab is the testbed developed by CONFINE.
- Integrates and extends the participating community networks.
- Using the FEDERICA research backbone for interconnection. *##*
- All Community-Lab's software and documentation is “free as in freedom” so
  people can use it to setup their own CONFINE testbed.
* Requirements and challenges
A testbed has requirements that are challenged by the unique characteristics
of CNs.  For instance, how to *##*
** Simple management vs. Distributed node ownership
- manage devices belonging to diverse owners? *##*
** Features vs. Lightweight & low cost
- support devices ranging from PCs to embedded boards? *##*
** Compatibility vs. Heterogeneity
- work with devices which allow little customization?
- support diverse connectivity models and link technologies including
  wireless, wired and fiber? *##*
** Familiarity & flexibility vs. System stability
- Researchers usually prefer a familiar Linux env with root access.
- isolate experiments that share the same node?
- *##* Sometimes accessing node locations can be hard. *##*
  - keep nodes stable to avoid in-place maintenance? *##*
** Flexibility vs. Network stability
- Remember that network experiments run on a production network.
- allow interaction at the lowest possible layer of the CN while not
  disrupting or saturating it? *##*
** Traffic collection vs. Privacy of community network users
- allow experiments performing traffic collection and characterization?
- While avoiding researchers spying on users' data? *##*
** Management robustness vs. Link instability
- deal with frequent outages in the CN when managing nodes? *##*
** Reachability vs. IP address provisioning
- CNs suffer from IPv4 scarcity and incompatible addressing besides little
  IPv6 support.
- support testbed spanning different CNs? *##*
* Community-Lab testbed architecture
** Overall architecture
This is the architecture developed by the CONFINE project to handle the
previous challenges.  It applies to all testbeds using CONFINE software.
Here you see two CNs with several nodes connected to them, all managed by
their respective admins.
- A testbed consists of a set of nodes managed by the same server.
  - Server managed by testbed admins.
  - Network and nodes managed by CN members.
  - Node admins must adhere to testbed terms and conditions.
  - This decouples testbed management from infrastructure ownership & mgmt.
- Testbed management traffic uses a tinc mesh VPN:
  - Avoids problems with firewalls and private networks in nodes.
  - Uses IPv6 to avoid address scarcity and incompatibility between CNs.
  - Mgmt connections are short-lived to tolerate link instability.
- Gateways are entry points to the mgmt network.
  - They help extend it over multiple CNs by external means (e.g. FEDERICA, the
    Internet).
  - They can also route the management network to the Internet.
- Experiments are configured by researchers in the server and run in nodes. *##*
** Slices, slivers and nodes
- Particularly, researchers select nodes for running experiments.
- Each node is able to run several experiments simultaneously.
- An experiment runs in a given node as a sliver which holds a share of its
  resources (CPU, memory, disk, bandwidth, interfaces…).
- Finally, related slivers are grouped in a slice for management purposes.
- All these concepts are inspired in PlanetLab. *##*
** Node architecture
allows the realization of these concepts.  *##* A node is a RD connected to a CN
through the wired local network of a CD.
- The community device
  - Completely normal CN device, so existing ones can be used.
  - routes traffic between the CN and the local network (which runs no routing
    protocol).
- The research device
  - Usually more powerful than CD, since experiments run here.
    - Separating the RD from the CD minimizes tampering with CN infrastructure.
    - Also experiments can't crash CN devices.
  - runs the versatile, light & free OpenWrt distro, customized by CONFINE.
    - Slivers are implemented as lightweight Linux containers.
    - So researchers get root access to a familiar environment.
  - provides direct interfaces to allow low-level interaction of experiments
    with the CN bypassing the CD.
  - runs CONFINE control software
    - uses LXC tools to manage containers and enforce resource limits,
      isolation and node stability.
    - uses traffic control, filtering and anonymization to ensure network
      stability, isolation and privacy (partialy implemented).
- The recovery device (not implemented) can force a remote hardware reboot of
  the RD in case it hangs.  It also helps with upgrade and recovery. *##*
* Experiments support
These testbed and node architectures offer varied support for experiments. *##*
- Researchers can query testbed management information via server and node
  APIs.  This can help them implement external services to help monitor and
  choose the most appropriate nodes. *##*
- Researchers can log into their running slivers using SSH out-of-band access
  against the node to run arbitrary programs. *##*
- A researcher can use a sliver as a home PC with L3 traffic forwarded using
  NAT to the CN but filtered to ensure network stability. *##*
- A researcher can offer a network service in a sliver by using a public
  interface, which has a CN address and L3 traffic routed directly to the CN
  but filtered to ensure network stability. *##*
- Routing experiments can use an isolated interface in a sliver, which uses a
  VLAN on top of a direct interface.  All L2 traffic is allowed, but only
  between other slivers of the same slice with isolated interfaces on the same
  physical link. *##*
These were demonstrated with BitTorrent and mesh routing experiments at IEEE
P2P'12 Conference.  *##* Future support is also planned for experiments that:
- analyze traffic: using a passive interface to capture traffic on a direct
  interface, which is filtered and anonymized to ensure network privacy. *##*
- perform low-level testing: the sliver is given free raw access to a direct
  interface.  For privacy, isolation and stability reasons this should only be
  allowed in exceptional occasions. *##*
Also, researchers will soon be able to collect link quality and bandwidth
usage measurements of all RDs' interfaces through the DLEP protocol. *##*
** An example experiment
to show how the testbed works.  We'll create two slivers which ping each
other. *##*
1. The researcher first contacts the server and registers a slice description
   which specifies a template for slivers (e.g. Debian Squeeze) and includes
   data and programs to setup slivers and run experiments.
   The researcher chooses two nodes and registers sliver descriptions for them
   in the previous slice.  Each one includes a public interface to the CN.
   This and all subsequent changes performed by the researcher are stored in
   the registry, which holds the config of all components in the testbed.
2. The researcher tells the server to instantiate the slice.
   Each of the previous nodes gets a sliver description for it.  If enough
   resources are available, a container is created by applying the sliver
   configuration over the selected template.
3. Once the researcher knows that slivers have been instantiated, the server
   can be commanded to activate the slice.
   When nodes get instructions to activate slivers they start containers.
   Containers execute the setup & run programs provided by the researcher.
4. Researchers interact straight with containers if needed (e.g. via SSH) and
   collect results from them.
5. When finished, the researcher tells the server to deactivate the slice.
6. And also to deinstantiate it.
   Nodes get instructions and they stop and remove containers, respectively.
7. If the researcher wants to, the slice itself can be removed.
This was a view of the testbed from a research perspective.  From the
community perspective, *##*
* Cooperation between community networks and Community-Lab
can take different forms.  Given a typical CN like this, with most nodes
linked using cheap and ubiquitous WiFi technology: *##*
- CN members can provide an existing CD and let CONFINE connect a RD to it via
  Ethernet.  Experiments are restricted to the application layer unless the
  node owner allows the RD to include additional antennas.
- CN members can provide a location and let CONFINE set up a complete node
  there (CD and RD).  In this way CONFINE helps extend the CN.
- CONFINE can also extend the CN by setting up a physically separated cloud of
  nodes.  Additional antennas allow experiments in all layers (like routing),
  but users should be warned about the research nature of the network.
These are only a few ways of cooperation, but more can be envisioned. *##*
* Participate!
We introduced you to Community-Lab, a new testbed being developed by the
CONFINE project to support research that can help CNs become a key part of the
Internet in a near future.
More information: http://community-lab.net/, http://confine-project.eu/
Community networks and researchers: We look forward to your participation!
(Questions? Thanks!)
# Local Variables:
# mode: org
# End: