OASIS V2+ Next Generation Open Access Server CSD 2006 / Team 12

Agenda Project background and context Goals and objectives Architecture Project status Future work Questions and answers

Background and context OASIS V.1 -KTH university – IT campus -Stockholm open Problems of V.1: -No encryption of data -Attacks on IP level

Goals and objectives To create a solution for multiple ISPs to share an access network, letting the end- users choose the ISP. To support wired and wireless connections of user-end. To create easy to implement solution for ISP administrators To provide a free and complete software package (open source package).

Architecture User interface - ISP UI - Operator UI Monitoring subsystem Authentication subsystem Management subsystem

User of ISP a VLAN 802.1x Free Radius Proxy server

Authentication Daemon Purpose: authenticate users´ login requests. Program continuously in listening state. A process is tied to every request; reused a number of times. Connection to database – able to read table with username/passwords in order to authenticate users. − Only component allowed to access that table.

Method of Authentication CRAM (challenge response authentication mode). Authentication Type used is a variation of ‘CRAM-MD5’ − It is in fact a modified CRAM-SHA256. Entire transfer of data is tunneled using SSL. Purpose: this method protects against passive attacks. − Dictionary and Replay attacks.

Mechanism Hello Challenge DigestC(Challenge)=DigestS(Challenge) Username+DigestC(challenge )

Policy Daemon This Daemon is related to the authentication daemon. Authentication leads to privileges(sharing resources). − Policy mandates authorization. Responsible for controlling clients´ access to resources according to their privileges. Like in our monitoring system the ISP’s have access to less information than the Network operator.

Monitoring protocol daemon (Monpd)  It acts as a middle man between client and functional daemons.  Unprivileged, listens to external requests.  Performs privileged operations by communicating with other daemons.  It receives XMLRPC queries from client and responds back after servicing the request. PHP (User Interface) Oasis2 Monpd Functional Daemons XMLRPC HTTPS ProcReq( ) Result( )

An Application Layer Protocol. Monitoring Management SNMP (Simple Network Management Protocol)

SNMP Based on Manager/Agent Model Consists of A manager An Agent A Database of Management Information Managed Objects Network Protocol

RRD Master RRDB Config DB OASIS Server SWITCHES GETBULK () SNMP Overview of OASIS v2+

Physical Layout/Grouping Root Node SubArea(1-2) AP (2B) Switch (1C) Area(2) Area(1) SubArea(1-1) Switch (1A) Switch (1B) AP (1A) AP 1(B) Switch (2A) AP (2A) AP (2C) AP (2D) Core Layer Distribution Layer Access Layer

SNMP features in OASIS v2+ Monitoring Interface Traffic Monitoring SNMP Enabled Devices Network Path Definition and link failure Off network Alert Notification Network Performance Reporting

RRDtool SNMP poller Graphical interface RRDb

RRDb – Round Robin Database SNMP poller Graphs on demand Time interval

Graph

How we will implement RRDtool C API Cmd line RRDtool Perl scripts Redesigned C API C++ wrapper Today GoalFaster Scalable Perl scripts Cmd Line Compatibility layer

Project status Subsystem’s analysis finished Use cases − Sequence Diagrams are ready Framework (AFX) − Component Diagrams are ready Designing C++ wrapper for RRDtool − brand-new RRDtool C API

Project status Blueprint of user interface Authentication daemon − Basic functionality XMLRPC server design & implementation − Prototype available. XMLRPC client Initialization

Future work SNMP Poller – basic functionalities Complete Implementing of XMLRPC Server Complete Implementing of XMLRPC client Design of web page for Operator and ISP Policyd completion RRDtool++: implementing more functionality

Thanks for your attention! Questions? Web Site: