127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
|
the CN.
- Control software
- Uses LXC tools on containers to enforce resource limitation, resource
isolation and node stability.
- Uses traffic control, filtering and anonymization to ensure network
stability, isolation and privacy (partialy implemented).
- The recovery device can force a hardware reboot of the RD from several
triggers and help with upgrade and recovery (not implemented yet).
** Node and sliver connectivity
# Node simplified diagram, hover to interesting parts.
Slivers can be configured with different types of network interfaces depending
on what connectivity researchers need for experiments:
- Home computer behind a NAT router: a private interface with traffic
forwarded using NAT to the CN and filtered to ensure network stability.
- Publicly open service: a public interface (with a public CN address) with
traffic routed directly to the CN and filtered to ensure network stability.
- Traffic capture (not implemented yet): a passive interface using a direct
interface for capture. Incoming traffic is filtered and anonymized to
ensure network privacy.
- Routing: an isolated interface using a VLAN on top of a direct interface.
It only can reach other slivers of the same slice with isolated interfaces
on the same link. All traffic is allowed.
- Low-level testing (not implemented yet).: the sliver is given raw access to
the interface. For privacy, isolation and stability reasons this should
only be allowed in exceptional occasions.
* How the testbed works
# Event diagram, hover over components explained.
An example experiment: two slivers, one of them (source sliver) pings the
other one (target sliver).
1. The researcher first contacts the server and creates a slice description
which specifies a template for slivers (e.g. Debian Squeeze i386).
Experiment data is attached including a program to setup the experiment and
another one to run it.
2. The server updates the registry which holds all definitions of testbed,
nodes, users, slices, slivers, etc.
|
|
|
|
|
>
|
|
|
|
<
|
|
|
|
|
|
|
|
|
|
|
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
|
the CN.
- Control software
- Uses LXC tools on containers to enforce resource limitation, resource
isolation and node stability.
- Uses traffic control, filtering and anonymization to ensure network
stability, isolation and privacy (partialy implemented).
- The recovery device can force a hardware reboot of the RD from several
triggers and help with upgrade and recovery (not implemented).
* Supported experiments
# Node simplified diagram, hover to interesting parts.
Researchers can configure slivers with different types of network interfaces
depending on the connectivity needs of experiments:
- Home PC-like access: a private interface with traffic forwarded using NAT to
the CN (filtered to ensure network stability).
- Internet service: a public interface (with a public CN address) with traffic
routed directly to the CN (filtered to ensure network stability).
- Traffic analysis (not implemented): a passive interface capturing traffic on
a direct interface (filtered and anonymized to ensure network privacy).
- Routing: an isolated interface using a VLAN on top of a direct interface.
All traffic is allowed, but it can only reach other slivers of the same
slice with isolated interfaces on the same physical link.
- Low-level testing (not implemented): the sliver is given raw access to the
interface. For privacy, isolation and stability reasons this should only be
allowed in exceptional occasions.
** An example experiment
# Event diagram, hover over components explained.
To show how the testbed works: two slivers, one of them (source sliver) pings
the other one (target sliver).
1. The researcher first contacts the server and creates a slice description
which specifies a template for slivers (e.g. Debian Squeeze i386).
Experiment data is attached including a program to setup the experiment and
another one to run it.
2. The server updates the registry which holds all definitions of testbed,
nodes, users, slices, slivers, etc.
|