1 / 16

PART II BoD server prototype Implementation & technical details MB-NG workshop @ UCL

PART II BoD server prototype Implementation & technical details MB-NG workshop @ UCL 20/21 - Feb - 2003 Bas van Oudenaarde Advanced Internet Research Group University of Amsterdam oudenaar@science.uva.nl. What to expect from this presentation.

perry-schwartz
Download Presentation

PART II BoD server prototype Implementation & technical details MB-NG workshop @ UCL

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PART II BoD server prototype Implementation & technical details MB-NG workshop@UCL 20/21 - Feb - 2003 Bas van Oudenaarde Advanced Internet Research Group University of Amsterdam oudenaar@science.uva.nl

  2. What to expect from this presentation • Not a code walk, but highlight used concepts, model used behind • Our first phase prototype of a BoD server ( based on Generic AAA) • Giving an overview for DEMO • Learn the details on building block of BoD server

  3. Generic AAA: • AAA Server: may be involved in: Authorization, Authentication, Accounting • AAA request < > Driving Policy • Behavior of the generic part is determined by the combination of Driving policies, ASMs and AAA requests

  4. “AAA protocol” > BoD request msg AAA client entity Service handler authZ serv serv policy AAA ASM client entity Service handler authZ Serv* Serv* serv policy

  5. BoD request msg, using XML,SOAP <AAARequest version="0.1" type="BoD" > <Authorization> <credential> <credential_type>simple</credential_type> <credential_ID>JanJansen</credential_ID> <credential_secret>#f034d</credential_secret> </credential> </Authorization> <BodData> <Source>192.168.1.2</Source> <Destination>192.168.1.5</Destination> <Bandwidth>1000</Bandwidth> <StartTime>now</StartTime> <Duration>20</Duration> </BodData> </AAARequest> authZ Serv*

  6. Servlet in TOMCAT: Using JAXM API public class AAAServlet extends JAXMServlet implements ReqRespListener { private RBE theRBE; … public SOAPMessage onMessage( SOAPMessage message ) { … try { theRBE.parse( request, out ); << message check (DTD) + Policy fetch } catch( Exception ex ) { return error( ex.getMessage( ) ); } return createResponse( bout ); … }

  7. Some details: • Servlet Context • used to initiate the RBE, ASMs • Java Reflection • list methods of Object (ASMs)

  8. Driving Policy: • IF - THEN -ELSE structure if ( ASM::Authorization.authorize( << C++ like namespace Request::Authorization.credential.credential_type, Request::Authorization.credential.credential_ID, Request::Authorization.credential.credential_secret ) ) Then * could work with simple data ( types if ( ASM::RM.CheckConnection( Request::BodData.Source, Request::BodData.Destination ) • Input for the Policy Objects, Javacc to serialize / used in Policy fetch

  9. ASM overview: • For the BoD service we implemented: • Resource Manager (RM) ASM • (hardcoded) Network topology, state of network elements • Switch ASM • SNMP interface dealing with 802.1Q • Authorization ASM • Authorization mechanism

  10. RM ASM, BoD method: • public int BoD( String IPsrc, String IPdst, int size, String t, int dur ){ • Full control model • Network element modeled as vertex with edges. State is updated in vertex. (link usage ) • using backtracking algorithm to find path ( recursive ) • collecting provisioning information, like VLAN id, ports etc • }

  11. Switch ASM, provisioning: /* (Single domain) Add port (+ Trunk) in VLAN. * * Cabletron ss6000 switch uses SNMP table: * ctVlanPortConfigTable * OID = "1.3.6.1.4.1.52.4.1.2.16.3.1.1" * OID.c.I1.I2 ( c= column, I1 index 1, I2 index 2 ) * */ public void setupPath( int port, int vid ) throws IOException, SnmpDecodeException,SnmpResponseException { // Setup connection SnmpPeer peer = new SnmpPeer("localhost", InetAddress.getByName( host ), SMI.PUBLIC ); SnmpConnection connection = new SnmpConnection(peer); // OID ….

  12. Authorized path discovery • QoS path through multiple administrative domains • AAA servers > Mechanism for advertising the connections they can establish • Start with simplest QoS path > Full Control model • Logical network link  iso physical network link • Decision tree for authorization of QoS elements

  13. Authorization interactions: N0 N1 N2 Nn D1 D0 D0 l0,1 l2,n AAA1,2 AAA1 AAA2 AAA0

  14. Future of AAA: • Porting J2EE environment • robust & scalable Runtime environment • Focusing on AAA concepts • developing generic RBE <-> ASM interface • Still in progress…. :( • Collaboration in developing an generic ASM interface, • policy definitions, etc

  15. Idea’s AAA in J2EE: ASMs api J2EE web EJB Container BoDreq switch1 switch2 JCA Resource Adapters ASM*

  16. Conclusions • Our focus is on authorization in multi administrative domains • The ASMs need to interface services, we need to provide a generic API • Collaborations DEMO-TIME !!!

More Related