CareNet Fall2011 [PRES 02] RG Technical Overview
Transcript of CareNet Fall2011 [PRES 02] RG Technical Overview
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
1/24
* CareNet Residential Gateway Technical OverviewStockholm, November 2 nd 2011
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
2/24
* CareNe
Agenda
2
Background Migration from CentOS to Bifrost OS
Service isolation via Linux Containers Automatic Updates using rsync Transparent Multi Homing
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
3/24
* CareNe3
Background
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
4/24
* CareNe
Background
4
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
5/24
* CareNe
Background
5
ISP
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
6/24
* CareNe
Background
6
Backup ISP
Primary ISP
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
7/24* CareNe
Background
7
Primary ISP
Backup ISP
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
8/24* CareNe
Background
8
Primary ISP
Backup ISP
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
9/24* CareNe
Background
9
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
10/24* CareNe
Background: Key developments
10 10
Automatic updates All software can be remotley updated Simplifies distribution of updatessoftware Could potentially also support pushingspecialized configurations etc if needed inthe future.
Namespace isolation Separates the gateway into three logicaldomains Solves the performance overhead issuesof virtualization Raises some security concerns,especially since configuration is complex
Multi homing Increases dependinility throughtransparent n:n link redundancy Supports both physical and wireless links Transfers any type of layer 4 transportprotocol
Dedicated Operating system Designed from scratch to be a lightweight routing platform Increaes performance through reducedprocess/memory overhead Raises security through obscurity andsimplification
May June July August September October
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
11/24* CareNe11
Bifrost migration
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
12/24* CareNe
Bifrrost: Introduction
12 12
[bifrost] is mainly targeted for production and infrastructure networking, routing/firewalling
Advantages compared to CentOS Very lightweight in terms of memory/CPU reuirements Designed ground-up for routing packets,and nothing else No frills vanilla release yield highlycustomized deployments Security through simplicity High level of support from KTH/UU
Disadvantages compared to CentOS Low level of general community support.No commercial support. High developer/operator learning curve Very few pre built software packagesavailable, time consuming to compilesoftware Limited hardware support in standardrelease.
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
13/24* CareNe
Bifrrost: Rationale
13 13
1. Improved overall performance of router. Decreased memory overhead Decreased filesystem size Decreased CPU overhead
2. Increased security Only essential services active Security through obscurity
3. Tailored for specific needs No excess packages shipped with Vanilla release
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
14/24* CareNe14
Isolation using LXC
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
15/24* CareNe
LXC: introduction
15 15
[LXC is] a lightweight virtual system mechanism sometimes described as chroot on steroids
Name space isolation Virtualization
LXC KVM Virtualbox
High performance Low performance
Complex security Robust security
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
16/24* CareNe
LXC: rationale
16 16
1. Decreased memory overhead Enables us to run more containers in parallel, if needed Leaves space for processes and services
2. Decreased filesystem size Decreases storage reuirements Decreases remote update/distribution time
3. Align well with keep it simple philosophy of Bifrost Only relevant processes running No extra kernels or memory mapping running
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
17/24* CareNe
LXC: rationale
17 17
0
500
1000
1500
2000
2500
April (CentOS/Full virt) September (Bifrost/LXC) November process (Bifrost/LXC)
M B
File system overhead
Substantial decrease thanksto LXC
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
18/24* CareNe
LXC: rationale
18 18
0
50
100
150
200
250
April (estimate) September November
M B
Memory overhead
Increase due to substantialfunctionality additions
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
19/24* CareNe19
Remote updates
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
20/24* CareNe
Remote updates: Overview
20 20
Overview : Remote software/configuration updates supported in latest CareNet softwarerelease.
Background : To date, updates have been distributed physically via flashdrives to testers. Not possible in large deployments
Deployment details : Implemented using the widely used rsync framework Thoroughly tested in-house
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
21/24* CareNe21
Multi homing
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
22/24* CareNe
Multihoming Architecture
22 22
Primary ISP
Backup ISP
Server
CareNet Container
br0Multihoming M-UDP Appln
InternetContainer
eth0 eth1 eth2 eth3
eth0 eth1 eth2
eth3 eth4 eth5
eth4 eth5
eth3
OpenVpn
Hospital
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
23/24* CareNe
Multihoming Architecture
23 23
Primary ISP
Server
CareNet Container
br0Multihoming M-UDP Appln
InternetContainer
eth0 eth1 eth2 eth3
eth0 eth1 eth2
eth3 eth4 eth5
eth4 eth5
eth3
OpenVpn
Hospital
Backup ISP
-
8/3/2019 CareNet Fall2011 [PRES 02] RG Technical Overview
24/24* CareNe24
Live Demonstration