Index: script.txt ================================================================== --- script.txt +++ script.txt @@ -129,34 +129,34 @@ - Uses LXC tools on containers to enforce resource limitation, resource isolation and node stability. - Uses traffic control, filtering and anonymization to ensure network stability, isolation and privacy (partialy implemented). - The recovery device can force a hardware reboot of the RD from several - triggers and help with upgrade and recovery (not implemented yet). + triggers and help with upgrade and recovery (not implemented). -** Node and sliver connectivity +* Supported experiments # Node simplified diagram, hover to interesting parts. -Slivers can be configured with different types of network interfaces depending -on what connectivity researchers need for experiments: -- Home computer behind a NAT router: a private interface with traffic - forwarded using NAT to the CN and filtered to ensure network stability. -- Publicly open service: a public interface (with a public CN address) with - traffic routed directly to the CN and filtered to ensure network stability. -- Traffic capture (not implemented yet): a passive interface using a direct - interface for capture. Incoming traffic is filtered and anonymized to - ensure network privacy. +Researchers can configure slivers with different types of network interfaces +depending on the connectivity needs of experiments: + +- Home PC-like access: a private interface with traffic forwarded using NAT to + the CN (filtered to ensure network stability). +- Internet service: a public interface (with a public CN address) with traffic + routed directly to the CN (filtered to ensure network stability). +- Traffic analysis (not implemented): a passive interface capturing traffic on + a direct interface (filtered and anonymized to ensure network privacy). - Routing: an isolated interface using a VLAN on top of a direct interface. - It only can reach other slivers of the same slice with isolated interfaces - on the same link. All traffic is allowed. -- Low-level testing (not implemented yet).: the sliver is given raw access to - the interface. For privacy, isolation and stability reasons this should - only be allowed in exceptional occasions. + All traffic is allowed, but it can only reach other slivers of the same + slice with isolated interfaces on the same physical link. +- Low-level testing (not implemented): the sliver is given raw access to the + interface. For privacy, isolation and stability reasons this should only be + allowed in exceptional occasions. -* How the testbed works +** An example experiment # Event diagram, hover over components explained. -An example experiment: two slivers, one of them (source sliver) pings the -other one (target sliver). +To show how the testbed works: two slivers, one of them (source sliver) pings +the other one (target sliver). 1. The researcher first contacts the server and creates a slice description which specifies a template for slivers (e.g. Debian Squeeze i386). Experiment data is attached including a program to setup the experiment and another one to run it.