Differences From
Artifact [a5a6ffd88e]:
129 129 - Uses LXC tools on containers to enforce resource limitation, resource
130 130 isolation and node stability.
131 131 - Uses traffic control, filtering and anonymization to ensure network
132 132 stability, isolation and privacy (partialy implemented).
133 133 - The recovery device can force a hardware reboot of the RD from several
134 - triggers and help with upgrade and recovery (not implemented yet).
134 + triggers and help with upgrade and recovery (not implemented).
135 135
136 -** Node and sliver connectivity
136 +* Supported experiments
137 137 # Node simplified diagram, hover to interesting parts.
138 -Slivers can be configured with different types of network interfaces depending
139 -on what connectivity researchers need for experiments:
140 -- Home computer behind a NAT router: a private interface with traffic
141 - forwarded using NAT to the CN and filtered to ensure network stability.
142 -- Publicly open service: a public interface (with a public CN address) with
143 - traffic routed directly to the CN and filtered to ensure network stability.
144 -- Traffic capture (not implemented yet): a passive interface using a direct
145 - interface for capture. Incoming traffic is filtered and anonymized to
146 - ensure network privacy.
138 +Researchers can configure slivers with different types of network interfaces
139 +depending on the connectivity needs of experiments:
140 +
141 +- Home PC-like access: a private interface with traffic forwarded using NAT to
142 + the CN (filtered to ensure network stability).
143 +- Internet service: a public interface (with a public CN address) with traffic
144 + routed directly to the CN (filtered to ensure network stability).
145 +- Traffic analysis (not implemented): a passive interface capturing traffic on
146 + a direct interface (filtered and anonymized to ensure network privacy).
147 147 - Routing: an isolated interface using a VLAN on top of a direct interface.
148 - It only can reach other slivers of the same slice with isolated interfaces
149 - on the same link. All traffic is allowed.
150 -- Low-level testing (not implemented yet).: the sliver is given raw access to
151 - the interface. For privacy, isolation and stability reasons this should
152 - only be allowed in exceptional occasions.
148 + All traffic is allowed, but it can only reach other slivers of the same
149 + slice with isolated interfaces on the same physical link.
150 +- Low-level testing (not implemented): the sliver is given raw access to the
151 + interface. For privacy, isolation and stability reasons this should only be
152 + allowed in exceptional occasions.
153 153
154 -* How the testbed works
154 +** An example experiment
155 155 # Event diagram, hover over components explained.
156 -An example experiment: two slivers, one of them (source sliver) pings the
157 -other one (target sliver).
156 +To show how the testbed works: two slivers, one of them (source sliver) pings
157 +the other one (target sliver).
158 158
159 159 1. The researcher first contacts the server and creates a slice description
160 160 which specifies a template for slivers (e.g. Debian Squeeze i386).
161 161 Experiment data is attached including a program to setup the experiment and
162 162 another one to run it.