OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.
-
Upload
donna-boone -
Category
Documents
-
view
229 -
download
2
Transcript of OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.
![Page 1: OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649e195503460f94b06a7c/html5/thumbnails/1.jpg)
OASIS V2+Next Generation Open Access
Server
CSD 2006 / Team 12
![Page 2: OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649e195503460f94b06a7c/html5/thumbnails/2.jpg)
Agenda
• Project background and context
• Goals and objectives
• Architecture
• Project status
• Future work
• Questions and answers
![Page 3: OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649e195503460f94b06a7c/html5/thumbnails/3.jpg)
Background and context
• OASIS V.1- KTH university – IT campus- Stockholm open
• Problems of V.1:- No encryption of data- Attacks on IP level
![Page 4: OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649e195503460f94b06a7c/html5/thumbnails/4.jpg)
Goals and objectives
• To create a solution for multiple ISPs to share an access network, letting the end-users choose the ISP.
• To support wired and wireless connections of user-end.
• To create easy to implement solution for ISP administrators
• To provide a free and complete software package (open source package).
![Page 5: OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649e195503460f94b06a7c/html5/thumbnails/5.jpg)
Architecture
• User interface
- ISP UI
- Operator UI
• Monitoring subsystem
• Authentication subsystem
• Management subsystem
![Page 6: OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649e195503460f94b06a7c/html5/thumbnails/6.jpg)
User of ISP a
VLAN
802.1x
Free Radius Proxy server
![Page 7: OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649e195503460f94b06a7c/html5/thumbnails/7.jpg)
Authentication Daemon
• Purpose: authenticate users´ login requests.
• Program continuously in listening state. A process is tied to every request; reused a number of times.
• Connection to database – able to read table with username/passwords in order to authenticate users.
−Only component allowed to access that table.
![Page 8: OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649e195503460f94b06a7c/html5/thumbnails/8.jpg)
Method of Authentication• CRAM (challenge response authentication mode).
• Authentication Type used is a variation of ‘CRAM-MD5’ − It is in fact a modified CRAM-SHA256.
• Entire transfer of data is tunneled using SSL.
• Purpose: this method protects against passive attacks.−Dictionary and Replay attacks.
![Page 9: OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649e195503460f94b06a7c/html5/thumbnails/9.jpg)
Mechanism
Hello
Challenge
DigestC(Challenge)=DigestS(Challenge)
Username+DigestC(challenge)
![Page 10: OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649e195503460f94b06a7c/html5/thumbnails/10.jpg)
Policy Daemon• This Daemon is related to the authentication daemon.
• Authentication leads to privileges(sharing resources).− Policy mandates authorization.
• Responsible for controlling clients´ access to resources according to their privileges.
• Like in our monitoring system the ISP’s have access to less information than the Network operator.
![Page 11: OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649e195503460f94b06a7c/html5/thumbnails/11.jpg)
Monitoring protocol daemon (Monpd)
It acts as a middle man between client and functional daemons.
Unprivileged, listens to external requests.
Performs privileged operations by communicating with other daemons.
It receives XMLRPC queries from client and responds back after servicing the request.
PHP(User Interface)
Oasis2 MonpdFunctionalDaemons
XMLRPC
HTTPS
ProcReq( )
Result( )
![Page 12: OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649e195503460f94b06a7c/html5/thumbnails/12.jpg)
An Application Layer Protocol.
• Monitoring
• Management
SNMP(Simple Network Management Protocol)
![Page 13: OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649e195503460f94b06a7c/html5/thumbnails/13.jpg)
SNMPBased on Manager/Agent Model
Consists of• A manager• An Agent• A Database of Management Information• Managed Objects
• Network Protocol
![Page 14: OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649e195503460f94b06a7c/html5/thumbnails/14.jpg)
RRD Master
RRDBConfig
DB
OASIS Server
SWITCHES
GETBULK()
SNMPOverview of OASIS v2+
![Page 15: OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649e195503460f94b06a7c/html5/thumbnails/15.jpg)
Physical Layout/Grouping Root Node
SubArea(1-2)
AP (2B)
Switch (1C)
Area(2)
Area(1)SubArea(1-1)
Switch (1A)Switch (1B)
AP (1A)
AP 1(B)
Switch (2A)AP (2A)
AP (2C)
AP (2D)
Core Layer
Distribution Layer
Access Layer
![Page 16: OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649e195503460f94b06a7c/html5/thumbnails/16.jpg)
SNMP features in OASIS v2+
• Monitoring Interface Traffic
• Monitoring SNMP Enabled Devices
• Network Path Definition and link failure
• Off network Alert Notification
• Network Performance Reporting
![Page 17: OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649e195503460f94b06a7c/html5/thumbnails/17.jpg)
RRDtool
SNMP pollerGraphical interface
RRDb
![Page 18: OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649e195503460f94b06a7c/html5/thumbnails/18.jpg)
RRDb – Round Robin Database
SNMP poller
Graphs on demand
Time interval
![Page 19: OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649e195503460f94b06a7c/html5/thumbnails/19.jpg)
Graph
http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/gallery/index.en.html
![Page 20: OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649e195503460f94b06a7c/html5/thumbnails/20.jpg)
How we will implement RRDtool
C API
Cmd line
RRDtool
Perl scripts
Redesigned
C API
C++ wrapper
Today
Goal Faster
ScalablePerl scripts
Cmd LineCompatibility
layer
![Page 21: OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649e195503460f94b06a7c/html5/thumbnails/21.jpg)
Project status
• Subsystem’s analysis finished
• Use cases−Sequence Diagrams are ready
• Framework (AFX)−Component Diagrams are ready
• Designing C++ wrapper for RRDtool−brand-new RRDtool C API
![Page 22: OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649e195503460f94b06a7c/html5/thumbnails/22.jpg)
Project status
• Blueprint of user interface
• Authentication daemon−Basic functionality
• XMLRPC server design & implementation− Prototype available.
• XMLRPC client Initialization
![Page 23: OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649e195503460f94b06a7c/html5/thumbnails/23.jpg)
Future work• SNMP Poller – basic functionalities
• Complete Implementing of XMLRPC Server
• Complete Implementing of XMLRPC client
• Design of web page for Operator and ISP
• Policyd completion
• RRDtool++: implementing more functionality
![Page 24: OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12.](https://reader036.fdocuments.us/reader036/viewer/2022062321/56649e195503460f94b06a7c/html5/thumbnails/24.jpg)
Thanks for your attention!
Questions?
Email: [email protected]
Web Site: http://csd.ssvl.kth.se/~csd2006-team12/