Presentation is loading. Please wait.

Presentation is loading. Please wait.

PART II BoD server prototype Implementation & technical details MB-NG UCL 20/21 - Feb - 2003 Bas van Oudenaarde Advanced Internet Research Group.

Published byGeorgiana Carroll Modified over 8 years ago

Similar presentations

Presentation on theme: "PART II BoD server prototype Implementation & technical details MB-NG UCL 20/21 - Feb - 2003 Bas van Oudenaarde Advanced Internet Research Group."— Presentation transcript:

1 PART II BoD server prototype Implementation & technical details MB-NG workshop @ UCL 20/21 - Feb - 2003 Bas van Oudenaarde Advanced Internet Research Group University of Amsterdam oudenaar@science.uva.nl

2 What to expect from this presentation Not a code walk, but highlight used concepts, model used behind Our first phase prototype of a BoD server ( based on Generic AAA) Giving an overview for DEMO Learn the details on building block of BoD server

3 Generic AAA: o AAA Server: may be involved in: Authorization, Authentication, Accounting o AAA request Driving Policy o Behavior of the generic part is determined by the combination of Driving policies, ASMs and AAA requests

4 serv authZ client entity AAA Service handler serv authZ client entity AAA Service handler serv ASM Serv* policy “AAA protocol” > BoD request msg

5 authZ Serv* BoD request msg, using XML,SOAP simple JanJansen #f034d 192.168.1.2 192.168.1.5 1000 now 20

6 Servlet in TOMCAT: Using JAXM API public class AAAServlet extends JAXMServlet implements ReqRespListener { private RBE theRBE; … public SOAPMessage onMessage( SOAPMessage message ) { … t ry { theRBE.parse( request, out ); << message check (DTD) + Policy fetch } catch( Exception ex ) { return error( ex.getMessage( ) ); } return createResponse( bout ); … }

7 Servlet Context used to initiate the RBE, ASMs Java Reflection list methods of Object (ASMs) Some details:

8 Driving Policy: if ( ASM::Authorization.authorize( << C++ like namespace Request::Authorization.credential.credential_type, Request::Authorization.credential.credential_ID, Request::Authorization.credential.credential_secret ) Then* could work with simple data ( types if ( ASM::RM.CheckConnection( Request::BodData.Source, Request::BodData.Destination ) IF - THEN -ELSE structure Input for the Policy Objects, Javacc to serialize / used in Policy fetch

9 ASM overview: For the BoD service we implemented: Resource Manager (RM) ASM (hardcoded) Network topology, state of network elements Switch ASM SNMP interface dealing with 802.1Q Authorization ASM Authorization mechanism

10 RM ASM, BoD method: public int BoD( String IPsrc, String IPdst, int size, String t, int dur ){ Full control model Network element modeled as vertex with edges. State is updated in vertex. (link usage ) using backtracking algorithm to find path ( recursive ) collecting provisioning information, like VLAN id, ports etc }

11 Switch ASM, provisioning: /* (Single domain) Add port (+ Trunk) in VLAN. * * Cabletron ss6000 switch uses SNMP table: * ctVlanPortConfigTable * OID = "1.3.6.1.4.1.52.4.1.2.16.3.1.1" * OID.c.I1.I2 ( c= column, I1 index 1, I2 index 2 ) * */ public void setupPath( int port, int vid ) throws IOException, SnmpDecodeException, SnmpResponseException { // Setup connection SnmpPeer peer = new SnmpPeer("localhost", InetAddress.getByName( host ), SMI.PUBLIC ); SnmpConnection connection = new SnmpConnection(peer); // OID ….

12 Authorized path discovery QoS path through multiple administrative domains AAA servers > Mechanism for advertising the connections they can establish Start with simplest QoS path > Full Control model Logical network link iso physical network link Decision tree for authorization of QoS elements

13 Authorization interactions: AAA 1, 2 AAA 1 AAA 2 N1N1 N2N2 D0D0 AAA 0 N0N0 NnNn l 2,n l 0,1 D1D1 D0D0

14 Porting J2EE environment robust & scalable Runtime environment Focusing on AAA concepts developing generic RBE ASM interface Still in progress…. :( Future of AAA: Collaboration in developing an generic ASM interface, policy definitions, etc

15 Idea’s AAA in J2EE: EJB Container JCA Resource Adapters web ASMs api ASM* switch1 switch2 BoDreq J2EE

16 Conclusions Our focus is on authorization in multi administrative domains The ASMs need to interface services, we need to provide a generic API Collaborations

Download ppt "PART II BoD server prototype Implementation & technical details MB-NG UCL 20/21 - Feb - 2003 Bas van Oudenaarde Advanced Internet Research Group."

Similar presentations

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Omniran-14-0037-00-00TG 1 Cooperation for OmniRAN P802.1CF Max Riegel, NSN (Chair OmniRAN TG)

Omniran TG 1 Cooperation for OmniRAN P802.1CF Max Riegel, NSN (Chair OmniRAN TG)
CSE 333 – SECTION 8 Networking and sockets. Overview Network Sockets IP addresses and IP address structures in C/C++ DNS – Resolving DNS names Demos.

CSE 333 – SECTION 8 Networking and sockets. Overview Network Sockets IP addresses and IP address structures in C/C++ DNS – Resolving DNS names Demos.
Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.

Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.
Web Services Web Services are the basic fundamental building blocks of invoking features that can be accessed by an application program. The accessibility.

Web Services Web Services are the basic fundamental building blocks of invoking features that can be accessed by an application program. The accessibility.
Exception Handling – illustrated by Java mMIC-SFT November 2003 Anders P. Ravn Aalborg University.

Exception Handling – illustrated by Java mMIC-SFT November 2003 Anders P. Ravn Aalborg University.
Token Based Authorization of GMPLS Networks By: Leon Gommans, Paola Grosso, Fred Wan, Cees de Laat, Marten Hoekstra, Li Xu University of Amsterdam By:

Token Based Authorization of GMPLS Networks By: Leon Gommans, Paola Grosso, Fred Wan, Cees de Laat, Marten Hoekstra, Li Xu University of Amsterdam By:
Authorization of a QoS path based on Generic AAA SC2002 Baltimore NOV 16-22 Bas van Oudenaarde Advanced Internet Research Group University of Amsterdam.

Authorization of a QoS path based on Generic AAA SC2002 Baltimore NOV Bas van Oudenaarde Advanced Internet Research Group University of Amsterdam.
Tiziana FerrariWP2.3 Advance Reservation Demonstration: Description and set-up 1 WP2.3 Advance Reservation Demonstration: Description and set-up DRAFT,

Tiziana FerrariWP2.3 Advance Reservation Demonstration: Description and set-up 1 WP2.3 Advance Reservation Demonstration: Description and set-up DRAFT,
Tiziana FerrariWP2.3 Advance Reservation Demonstration: Description and set-up 1 WP2.3 Advance Reservation Demonstration: Description and set-up DRAFT,

Tiziana FerrariWP2.3 Advance Reservation Demonstration: Description and set-up 1 WP2.3 Advance Reservation Demonstration: Description and set-up DRAFT,
Generic AAA based provisioning Of Network Elements Status update EVL 9/10/03 Leon Gommans University of Amsterdam.

Generic AAA based provisioning Of Network Elements Status update EVL 9/10/03 Leon Gommans University of Amsterdam.
Remote Method Invocation Chin-Chih Chang. Java Remote Object Invocation In Java, the object is serialized before being passed as a parameter to an RMI.

Remote Method Invocation Chin-Chih Chang. Java Remote Object Invocation In Java, the object is serialized before being passed as a parameter to an RMI.
Introduction to Computer Networks 09/23 Presenter: Fatemah Panahi.

Introduction to Computer Networks 09/23 Presenter: Fatemah Panahi.
Copyright © 2012, QoS-aware Network Operating System for Software Defined Networking with Generalized OpenFlows Kwangtae Jeong, Jinwook Kim.

Copyright © 2012, QoS-aware Network Operating System for Software Defined Networking with Generalized OpenFlows Kwangtae Jeong, Jinwook Kim.
Networking with Java CSc 335 Object-Oriented Programming and Design Spring 2009.

Networking with Java CSc 335 Object-Oriented Programming and Design Spring 2009.
Omniran-13-0032-04-0000 1 IEEE 802 Scope of OmniRAN Date: 2013-05-16 Authors: NameAffiliationPhone Max RiegelNSN+49 173 293

Omniran IEEE 802 Scope of OmniRAN Date: Authors: NameAffiliationPhone Max RiegelNSN
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.
1 3. Implementing Web Services 1.Create SOAP proxy interfaces and WSDL based service descriptions 2.Register/publish services 3.Stores service descriptions.

1 3. Implementing Web Services 1.Create SOAP proxy interfaces and WSDL based service descriptions 2.Register/publish services 3.Stores service descriptions.
Unrestricted Connection manager MIF WG IETF 78, Maastricht 2010-07-29 Gaëtan Feige, Cisco (presenter) Pierrick Seïté, France Telecom -

Unrestricted Connection manager MIF WG IETF 78, Maastricht Gaëtan Feige, Cisco (presenter) Pierrick Seïté, France Telecom -
CS 493/693: Distributed Systems Programming V. “Juggy” Jagannathan CSEE, West Virginia University March 21, 2005.

CS 493/693: Distributed Systems Programming V. “Juggy” Jagannathan CSEE, West Virginia University March 21, 2005.

Similar presentations

Ads by Google