Download
presentation given by hannes tschofenig implemented by henning peters n.
Skip this Video
Loading SlideShow in 5 Seconds..
NAT/FW NSLP Implementation PowerPoint Presentation
Download Presentation
NAT/FW NSLP Implementation

NAT/FW NSLP Implementation

129 Views Download Presentation
Download Presentation

NAT/FW NSLP Implementation

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Presentation given by Hannes Tschofenig Implemented by Henning Peters NAT/FW NSLP Implementation

  2. Current Status Working C++ NATFW NSLP prototype Based on Univ. Goettingen GIST implementation Most essential features are covered, including proxy modes (DS behind NAT, DR behind NAT) and all basic behavior, (CREATE/REFRESH/TEARDOWN/RESPONSE, REA/RESPONSE) TODO: Firewall Interaction Interaction with a AAA server Performance evaluation and improvements (including refinement of memory management) Development time: ~ 2 man-months (including work on GIST)

  3. Big picture

  4. Details GNU/Linux kernel 2.6.x as development platform NAT/FW API using Linux iptables/netfilter Splitted into three processes: GIST server, NAT/FW server, NAT/FW client All GIST / NAT/FW client/server communication over UNIX sockets See performance overhead paper from X. Fu et. al on GIST: http://www.tmg.informatik.uni-goettingen.de/publications Using code generation for object construction and FSM: ~1000 lines of code Virtual machines were used for testing

  5. Conclusion • Issues filed as part of the implementation experience. • E.g., REA/UCREATE separation, Missing ports using REA, how to update MRI at NATs, terminology • Some already resolved in the current draft • https://kobe.netlab.nec.de/roundup/nsis-natfw-nslp/index • Some amount of energy went into GIST code to make things more generic (e.g., FSM, objects, timers).  Easier job for new NSLP implementation using this GIST implementation