Differences From
Artifact [a5a6ffd88e]:
127 127 the CN.
128 128 - Control software
129 129 - Uses LXC tools on containers to enforce resource limitation, resource
130 130 isolation and node stability.
131 131 - Uses traffic control, filtering and anonymization to ensure network
132 132 stability, isolation and privacy (partialy implemented).
133 133 - The recovery device can force a hardware reboot of the RD from several
134 - triggers and help with upgrade and recovery (not implemented yet).
134 + triggers and help with upgrade and recovery (not implemented).
135 135
136 -** Node and sliver connectivity
136 +* Supported experiments
137 137 # Node simplified diagram, hover to interesting parts.
138 -Slivers can be configured with different types of network interfaces depending
139 -on what connectivity researchers need for experiments:
140 -- Home computer behind a NAT router: a private interface with traffic
141 - forwarded using NAT to the CN and filtered to ensure network stability.
142 -- Publicly open service: a public interface (with a public CN address) with
143 - traffic routed directly to the CN and filtered to ensure network stability.
144 -- Traffic capture (not implemented yet): a passive interface using a direct
145 - interface for capture. Incoming traffic is filtered and anonymized to
146 - ensure network privacy.
138 +Researchers can configure slivers with different types of network interfaces
139 +depending on the connectivity needs of experiments:
140 +
141 +- Home PC-like access: a private interface with traffic forwarded using NAT to
142 + the CN (filtered to ensure network stability).
143 +- Internet service: a public interface (with a public CN address) with traffic
144 + routed directly to the CN (filtered to ensure network stability).
145 +- Traffic analysis (not implemented): a passive interface capturing traffic on
146 + a direct interface (filtered and anonymized to ensure network privacy).
147 147 - Routing: an isolated interface using a VLAN on top of a direct interface.
148 - It only can reach other slivers of the same slice with isolated interfaces
149 - on the same link. All traffic is allowed.
150 -- Low-level testing (not implemented yet).: the sliver is given raw access to
151 - the interface. For privacy, isolation and stability reasons this should
152 - only be allowed in exceptional occasions.
148 + All traffic is allowed, but it can only reach other slivers of the same
149 + slice with isolated interfaces on the same physical link.
150 +- Low-level testing (not implemented): the sliver is given raw access to the
151 + interface. For privacy, isolation and stability reasons this should only be
152 + allowed in exceptional occasions.
153 153
154 -* How the testbed works
154 +** An example experiment
155 155 # Event diagram, hover over components explained.
156 -An example experiment: two slivers, one of them (source sliver) pings the
157 -other one (target sliver).
156 +To show how the testbed works: two slivers, one of them (source sliver) pings
157 +the other one (target sliver).
158 158
159 159 1. The researcher first contacts the server and creates a slice description
160 160 which specifies a template for slivers (e.g. Debian Squeeze i386).
161 161 Experiment data is attached including a program to setup the experiment and
162 162 another one to run it.
163 163 2. The server updates the registry which holds all definitions of testbed,
164 164 nodes, users, slices, slivers, etc.