1 / 19

Secure Network Performance Testing using SeRIF

Dr. Charles J. Antonelli Center for Information Technology Integration University of Michigan Winter 2006 CSG. Secure Network Performance Testing using SeRIF. http://www.albinoblacksheep.com/flash/nintendogs.php. U-M Contributors. CITI Andy Adamson Charles Antonelli Nathan Gallaher

lesley
Download Presentation

Secure Network Performance Testing using SeRIF

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dr. Charles J. Antonelli Center for Information Technology Integration University of Michigan Winter 2006 CSG Secure Network Performance Testing using SeRIF

  2. http://www.albinoblacksheep.com/flash/nintendogs.php

  3. U-M Contributors • CITI • Andy Adamson • Charles Antonelli • Nathan Gallaher • Olga Kornievskaia • David Richter • ITCom • MGRID Work supported by OVPR and ITCom

  4. SeRIF • SeRIF : Secure Remote Invocation Framework • Purpose : provide a secure and extensible remote process invocation service, with strong authentication and flexible authorization • Based on Globus 2.4, GARA 1.2.2 • Leverages existing user credentials • Kerberos (via kx509) • Adds fine-grained authorization • Walden

  5. SeRIF • Central portal host • Authentication • Control (invocation, parameters, results) • Databases (LDAP) • Dedicated remote nodes • Gatekeeper • Local scheduler for execution and cleanup • Provides status and output redirection • Fine grained authorization at resource

  6. LDAP Output NW Topology SeRIF Architecture Portal User Workstation Apache SSL – Client Certificate required mod ssl Browser 3 mod kct libpkcs11 Kerberos V5 4 KCT Kerberos kx509 mod kx509 2 5 KCA kinit Kerberos mod php 1 KDC mod jk Tomcat CHEF GSI Grid Resource WALDEN 6 SASL Authorization GateKeeper 7 Resource Mgr Resource SASL WALDEN 8 Authorization

  7. NTAP • NTAP : Network Testing and Performance • Purpose : provide a secure and extensible network testing and performance tool invocation service at U-M • Uses SeRIF framework • Runs on portal host and Performance Measurement Platforms (PMPs) attached to routers in a VLAN environment

  8. Host A Host B Router 1 Router 2 Router 3 Portal GSI GSI GSI PMP 1 PMP 2 PMP 3 Attribute Callout AFS PTS Walden (XACML) Flat File NTAP Architecture

  9. Mapping and Reporting • Segment mapping • Use traceroute to obtain packet routing path • Use network topology database to map each router to its associated PMP • Execute pairwise performance tests along path • Reporting tool • Output hop-by-hop matrix display • Color-coded test history • Click through cells for detailed views • Links to most recent tests

  10. Host A Router 1 Host Endpoint Testing • Solution to first mile problem • Leverages Network Diagnostic Tester • Authenticated user clicks first-mile link • Portal runs traceroute back to client • Portal determines client’s first-hop router and attached PMP (running NDT server) from path and network topology database • Portal displays link to first-hop PMP • Client downloads NDT app from PMP as usual • Client runs NDT test and displays results as usual • NDT server sends results to NTAP database

  11. Automated Testing • Need repetitive, automated testing • … but with secure authentication and authorization • Solution: renewable credentials • User obtains long-term credentials • Portal schedules repetitive testing • Prior to a test cycle, portal validates long-term credential and derives from it a short-term credential • Rest of SeRIF architecture unchanged

  12. Future Work • Post-processed statistics, graphs • Measurement database reorganization • Scalability improvements • Alternatives to topology database • Active infrastructure probing • Automated tools a la NDT • Tune TCP stack • Detect conditions, e.g. duplex mismatches • Cross-domain testing

  13. Portal Portal Cross-Domain Testing Host A Host B Router 1 Router 2 Router 3 Domain 2 GSI GSI PMP 1 PMP 2 PMP 3 Domain 1 GSI

  14. Cross-Domain Testing • Goals • Extend test path across administrative domains • Address larger end-to-end performance issues • Leverage SeRIF’s strong security and fine-grained authorization model • Promote SeRIF at other institutions • Share performance data among institutions

  15. Cross-Domain Testing • Approach • Retain portal within each domain • Originating portal runs traceroute • Determines sequence of domains • Verfies permissions for test • Or “chunked” by domain • Each portal tests and stores local results • Independently, or synchronized • Test data available via local SeRIF controls • Boundary-crossing segments • Need cross-domain trust • Transit segments

  16. Merit Measurement Infrastructure

  17. Cross-Domain Testing • Seeking • Large network testbed • Independent administrative domains • Partners • Funding • Proposal

  18. SeRIF Resources • SeRIF & NTAP home page • http://www.citi.umich.edu/projects/ntap • FAQ & documentation • Download NTAP code & installation instructions • Tools • iperf http://dast.nlanr.net/Projects/Iperf/ • ndt http://e2epi.internet2.edu/ndt/ • owamp http://e2epi.internet2.edu/owamp/

  19. Any Questions? http://www.citi.umich.edu

More Related