88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
...
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
- A testbed consists of a set of nodes managed by the same server.
- Server managed by testbed admins.
- Network and node managed by CN members.
- Node admins must adhere to testbed terms and conditions.
- This decouples testbed management from infrastructure ownership and mgmt.
- Testbed management traffic uses a tinc mesh VPN:
- Avoids problems with firewalls and private networks in nodes.
- Mgmt network uses IPv6 to avoid address scarcity and incompatibility
between CNs.
- Short-lived mgmt connections make components mostly autonomous and
tolerant to link instability.
- Gateways allow a testbed to span multiple CNs.
- Bridging the mgmt net over external means (e.g. FEDERICA, the Internet).
- Gateways can route the management network to the Internet.
- A researcher runs the experiments of a slice in slivers each running in a
different node.
** Nodes, slices and slivers
# Diagram: Slices and slivers, two or three nodes with a few slivers on them,
# each with a color identifying it with a slice.)
- These concepts are inspired in PlanetLab.
................................................................................
# Node simplified diagram, hover to interesting parts.
- The community device
- Completely normal CN device, so existing ones can be used.
- Routes traffic between the CN and the node's wired local network (which
runs no routing protocol).
- The research device
- Usually more powerful than CD, since experiments run here.
- Separating CD/RD makes integration with any CN simple and safe:
- Little CONFINE-specific tampering with CN infrastructure.?!
- Little CN-specific configuration for RDs.?!
- Misbehaving experiments can't crash CN infrastructure.
- Runs OpenWrt firmware customized by CONFINE.
- Slivers are implemented as Linux containers.
- Lightweight virtualization supported mainstream.
- Provides a familiar and flexible env for researchers.
- Direct interfaces allow experiments to bypass the CD when interacting with
the CN.
- Control software
- Uses LXC tools on containers to enforce resource limitation, resource
isolation and node stability.
- Uses traffic control, filtering and anonymization to ensure network
stability, isolation and privacy (partialy implemented).
- The recovery device (not implemented) can force a remote hardware reboot of
the RD in case it hangs. It also helps with upgrade and recovery.
|
|
<
|
<
|
<
>
<
|
<
|
|
<
|
<
>
|
|
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
...
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
- A testbed consists of a set of nodes managed by the same server.
- Server managed by testbed admins.
- Network and node managed by CN members.
- Node admins must adhere to testbed terms and conditions.
- This decouples testbed management from infrastructure ownership and mgmt.
- Testbed management traffic uses a tinc mesh VPN:
- Avoids problems with firewalls and private networks in nodes.
- IPv6 is used to avoid address scarcity and incompatibility between CNs.
- Link instability is tolerated by using short-lived mgmt connections.
- Gateways allow a testbed to span multiple CNs.
- Connecting the mgmt net over external means (e.g. FEDERICA, the Internet).
- Gateways can make the management network available to the Internet.
- A researcher runs the experiments of a slice in slivers each running in a
different node.
** Nodes, slices and slivers
# Diagram: Slices and slivers, two or three nodes with a few slivers on them,
# each with a color identifying it with a slice.)
- These concepts are inspired in PlanetLab.
................................................................................
# Node simplified diagram, hover to interesting parts.
- The community device
- Completely normal CN device, so existing ones can be used.
- Routes traffic between the CN and the node's wired local network (which
runs no routing protocol).
- The research device
- Usually more powerful than CD, since experiments run here.
- A separated RD minimizes tampering with CN infrastructure.
- Also experiments can't crash the CD.
- Runs OpenWrt firmware customized by CONFINE.
- Slivers are implemented as lightweight Linux containers.
- Provide a familiar and flexible env for researchers.
- Direct interfaces allow low-level interaction of experiments with the CN
bypassing the CD.
- Control software
- Uses LXC tools on containers to enforce resource limitation, resource
isolation and node stability.
- Uses traffic control, filtering and anonymization to ensure network
stability, isolation and privacy (partialy implemented).
- The recovery device (not implemented) can force a remote hardware reboot of
the RD in case it hangs. It also helps with upgrade and recovery.
|