Jayant Patil Department of Computer Science

Slides:



Advertisements
Similar presentations
WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
Advertisements

Chapter 17: WEB COMPONENTS
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
9/26/2001Godavari Thesis Proposal SSL Proxy1 The Design and Implementation of a SSL Proxy for Content Switch Thesis Proposal by Ganesh Kumar Godavari Department.
Design of Web Interface for Advanced Content Switch Thesis proposal by Jayant Patil Department of Computer Science Univ. of Colorado at Colorado Springs.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
NPCSlli 1 DESIGN AND IMPLEMENTATION OF CONTENT SWITCH ON IXP1200EB Presenter: Longhua Li Committee Members: Dr. C. Edward Chow Dr. Jugal K. Kalita Dr.
1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.
11/2/2000Weihong Wang/Content Switch Page 1 Content Web Switch Weihong Wang.
Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.
The Design and Implementation of a SSL Proxy For Content Switch Thesis Proposal by Ganesh Kumar Godavari Department of Computer Science Univ. of Colorado.
Application Layer. Applications A program or group of programs designed for end users. A program or group of programs designed for end users. Software.
JVM Tehnologic Company profile & core business Founded: February 1992; –Core business: design and implementation of large software applications mainly.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.
INTRODUCTION TO WEB DATABASE PROGRAMMING
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
5 Chapter Five Web Servers. 5 Chapter Objectives Learn about the Microsoft Personal Web Server Software Learn how to improve Web site performance Learn.
1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.
PORTING A NETWORK CRYPTOGRAPHIC SERVICE TO THE RMC2000 : A CASE STUDY IN EMBEDDED SOFTWARE DEVELOPMENT.
Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.
Application Block Diagram III. SOFTWARE PLATFORM Figure above shows a network protocol stack for a computer that connects to an Ethernet network and.
1 MSCS 237 Overview of web technologies (A specific type of distributed systems)
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.
An Architecture and Prototype Implementation for TCP/IP Hardware Support Mirko Benz Dresden University of Technology, Germany TERENA 2001.
Principles of Information Systems, Sixth Edition 1 The Internet, Intranets, and Extranets Chapter 7.
Microsoft ISA Server 2000 Presented by Ricardo Diaz Ryan Fansa.
ASP. ASP is a powerful tool for making dynamic and interactive Web pages An ASP file can contain text, HTML tags and scripts. Scripts in an ASP file are.
Also known as hardware/physi cal address Customer Computer (Client) Internet Service Provider (ISP) MAC Address Each Computer has: Given by NIC card.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
1 Chapter 1 INTRODUCTION TO WEB. 2 Objectives In this chapter, you will: Become familiar with the architecture of the World Wide Web Learn about communication.
Web and Proxy Server.
Enhancements for Voltaire’s InfiniBand simulator
TOPIC: HTTPS (Security protocol)
VMware ESX and ESXi Module 3.
Fundamentals of Information Systems, Sixth Edition
Distributed Control and Measurement via the Internet
Tiny http client and server
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 1: Networking Overview.
WWW and HTTP King Fahd University of Petroleum & Minerals
Netscape Application Server
SECURING NETWORK TRAFFIC WITH IPSEC
Secure Sockets Layer (SSL)
UNIT.4 IP Security.
Principles of Network Applications
E-commerce | WWW World Wide Web - Concepts
E-commerce | WWW World Wide Web - Concepts
Using MIS 2e Chapter 6 Appendix
FTP - File Transfer Protocol
Processes The most important processes used in Web-based systems and their internal organization.
PHP / MySQL Introduction
Wednesday, September 19, 2018 What Is the Internet?
The Design and Implementation of a Secure Content Switch
Using SSL – Secure Socket Layer
Chapter 3: Windows7 Part 1.
Unit 27: Network Operating Systems
Web Server Administration
Chapter 2: The Linux System Part 1
Information Technology Ms. Abeer Helwa
The Secure Sockets Layer (SSL) Protocol
Lecture9: Embedded Network Operating System: cisco IOS
IP Control Gateway (IPCG)
APACHE WEB SERVER.
Web Application Development Using PHP
Lecture9: Embedded Network Operating System: cisco IOS
Presentation transcript:

The Design of Web-based Management Interface for Network Processor based Content Switch Jayant Patil Department of Computer Science Univ. of Colorado at Colorado Springs Welcome the committee members. 9/16/2018 Web Interface for NPCS/J Patil

Web Interface for NPCS/J Patil Outline of the Talk Overview of Content Switch, SSL, and Intel IXP12EB. NPCS Interface Requirements Components of interface – Web server, RAM-based file system, restructured rule module Experimental results Lessons Learned and Future Directions Conclusion First I will be briefly describing a content switch, SSL technology and Intel’s web development kit IXp12EB. Then I will present the NPCS interface requirements. I will explain the components of Web-based interface – Webserver, Ram-based filrsystem and restructured rulemodule. Thereafter I will present the experimental results. Then will talk about the lessons learned and future directions. 9/16/2018 Web Interface for NPCS/J Patil

Web Interface for NPCS/J Patil Content Switch (CS) server1 home.htm client Content Switch server2 uccs.jpg . Index.htm . rocky.mid server9 Route packets based on high layer (Layer 5/7) headers and content. Examples: Direct Web traffic based on pattern of URLs, host tags, cookies. Can Route incoming email based on email address; Connect POP/IMAP based on login Web switches and Intel XML Director/accelerator are special cases of content switch. 9/16/2018 Web Interface for NPCS/J Patil

What Services It Can Provide Enabling premium services for e-commerce, ISP, and Web hosting providers Load Balancing and High Available Server Clusters: Web, E-commerce, Email, Computing, File, SAN Policy-based networking, differential/QoS services. Firewall, Strengthening DoS protection, cache/firewall load-balancing ‘Flash-crowd' management It makes more sense, to provide faster, more efficient service to larger, older customers of e-commerce company. This is only possible using content switch since the clients can be routed to faster/powerful servers based upon the request contents. Flash crowd management also becomes simple, as just by changing switching ruleset dynamically, we can add more power more quickly to the server farm, and later remove it. 9/16/2018 Web Interface for NPCS/J Patil

Content Switch Operation 9/16/2018 Web Interface for NPCS/J Patil

Secure Socket Layer (SSL) Protocol We need SSL for secure communications between client and server. SSL Protocol allows the exchange of certificates for the authentication of server and potentially the clients cipher suites and selection of session keys for encryption 9/16/2018 Web Interface for NPCS/J Patil

Web Interface for NPCS/J Patil OpenSSL OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. Open Source toolkit implementing the Secure Socket Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library Important Libraries SSL The OpenSSL ssl library implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols Crypto The OpenSSL crypto library implements a wide range of cryptographic algorithms used in various Internet standards. The services provided by this library are used by the OpenSSL implementations of SSL, TLS, and they have also been used to implement SSH, OpenPGP, and other cryptographic standards OpenSSL combines two tools in one package: a cryptography library and an SSL toolkit. OpenSSL supports ·        MD2, MD4, MD5, MDC2, SHA1 and RIPEMD-160 message digest algorithms; ·        Blowfish, CAST5, DES, 3DES (Triple DES), IDEA, RC2, RC4, and RC5 symmetric ciphers and most of the ciphers support different modes, including CBC, CFB, ECB and OFB; ·        Public key cryptography including Diffie-Hellman algorithm (only used for key agreement), Digital Signature Algorithm (DSA), and RSA. 9/16/2018 Web Interface for NPCS/J Patil

IXP12EB: IXP1200 Network Processor Ethernet Evaluation Kit Contain IXP1200 Network Processor with StrongArm Core Six MicroEngines 256 KB SRAM 64MB SDRAM 2 Fiber Gigabit Ethernet Interface 8 Fast Ethernet Interface IXP12DE software development kit. Allow developers to test network software at gigabit wired processing speed 9/16/2018 Web Interface for NPCS/J Patil

NPCS: Network Processor based Content Switch Explore the design issues in using Intel IXP1200 Network Processor as content switch. Longhua Li ported Linux based Secure Content Switch developed by Ganesh Godavari to run on IXP12EB NPCS version 1. NPCS version 1 does not support Web-based management interface Dynamic content switch rule set update Content switch status query 9/16/2018 Web Interface for NPCS/J Patil

NCPS Web-based Interface Requirements Secure Efficient Reliable User-friendly Web-based The secure web-based interface should enable Configuration of the content switch Dynamic update of the content switching rules Retrieval of the network session/statistical data 9/16/2018 Web Interface for NPCS/J Patil

Web Interface for NPCS/J Patil NPCS Software layers 9/16/2018 Web Interface for NPCS/J Patil

Enhanced NPCS v2 Architecture In-process CGI explained later in detail. 9/16/2018 Web Interface for NPCS/J Patil

Web Interface for NPCS/J Patil GoAhead Webserver Fully-featured, open-source embedded Web server by GoAhead Software - http://www.goahead.com/ Active Server Pages Embedded JavaScript Standard CGI Implementation GoForms™ (in-memory CGI processing) URL Handlers Extensive API Documentation Small Footprint -- 50K RAM (critical for NPCS) Make a note here, that GoAhead software doesnot provide SSL implementation code, but only has support interface to the RSA Security’s SSL toolkit, RSA BSAFE SSL-C. We have currently implemented digest based user security. 9/16/2018 Web Interface for NPCS/J Patil

GoForms : In-Process CGI processing Instead of spawning separate process to execute the CGI program, the GoForms makes call to the function that is compiled and linked with the web server. The function processes and returns the dynamic web content. For example, following is the code that writes the uploaded file onto the RAM-based file system. void upldForm(webs_t wp, char_t * path, char_t * query) { FILE * fp; char_t * fn; char_t * bn = NULL; int locWrite; int numLeft; int numWrite; char fulfilename[100]; fn = websGetVar(wp, T("filename"), T("")); strcat(bn,"rules"); strcat(fulfilename,”DEV1:/”); strcat(fulfilename, bn); What is CGI? : When web server gets a request, that is a program instead of a static webpage, it spawns separate process to execute the program. The program executes, and returns HTML page to the browser as a response. 9/16/2018 Web Interface for NPCS/J Patil

GoForms : In-Process CGI processing continued…….. if ((fp = fopen((fulfilename == NULL ? "upldForm.bin" : fulfilename), "w+b")) == NULL) { websWrite(wp, T("File open failed!<br>")); } else { websWrite(wp, T("File opened!<br>")); locWrite = 0; numLeft = wp->lenPostData; while (numLeft > 0) { numWrite = fwrite(&(wp->postData[locWrite]), sizeof(*(wp->postData)), numLeft, fp); if (numWrite < numLeft) { websWrite(wp, T("File write failed.<br>")); break; } locWrite += numWrite; numLeft -= numWrite; if (numLeft == 0) { if (fclose(fp) != 0) { websWrite(wp, T("File close failed.<br>")); websWrite(wp, T("File Size Written = %d bytes<br>"), wp->lenPostData); websWrite(wp, T("numLeft=%d locWrite=%d Size=%d bytes<br>"), numLeft, locWrite, wp->lenPostData); 9/16/2018 Web Interface for NPCS/J Patil

GoForms : In-Process CGI processing continued…….. Following is the code we use to execute the refresh function to refresh switching ruleset. What is CGI? : When web server gets a request, that is a program instead of a static webpage, it spawns separate process to execute the program. The program executes, and returns HTML page to the browser as a response. 9/16/2018 Web Interface for NPCS/J Patil

Dynamic Update of NPCS Ruleset Rulemodule is responsible for matching the request with the rules in ruleset, and returning the designated real server for the request. NPCS v1 had the rules coded in the rulemodule code. Thus, to change the active ruleset, it was required to Shutdown the current rulemodule Unload rulemodule from memory, Load new rulemodule binary and Start new rulemodule It is very cumbersome and consumes lot of time. Thus it is decided to redesign the rulemodule. 9/16/2018 Web Interface for NPCS/J Patil

Web Interface for NPCS/J Patil Enhance Rulemodule The rulemodule is restructured into two components: The rulematching component that matches request header/content with the ruleset. The ruleset maintenance module that loads/refreshes the ruleset on demand 9/16/2018 Web Interface for NPCS/J Patil

Rule grammar and parser We modify the rule grammar and parser developed by Ganesh Godavari for Secure Information Sharing project. The rules are specified as per following grammar : Rulemodule match {if ( <expression> ) return <url path> expression := <term> | <term> && <expression> | (<expression>) | ! (<expression>) <term> := <factor> | <factor> || <term> | (<term>) <factor> := <variable operator value><operator> := > | >= | < | <= | == |!= | #} Here is an example : if ( ( url # "*wbtree*" ) ) return cow.csnet.uccs.edu 9/16/2018 Web Interface for NPCS/J Patil

Web Interface for NPCS/J Patil Ram based File System There are two pieces provided by VxWorks : Block device driver and dosFs – MSDOS Compatible file system. We created a small ram memory based file system by making use of blocked device driver and dosFs filesystem provided by VxWorks. 9/16/2018 Web Interface for NPCS/J Patil

Web Interface for NPCS/J Patil Rulefile uploading 9/16/2018 Web Interface for NPCS/J Patil

Web Interface for NPCS/J Patil Ruleset Refreshing 9/16/2018 Web Interface for NPCS/J Patil

NPCS V2 Development setup Describe the setup in detail 9/16/2018 Web Interface for NPCS/J Patil

Web Interface for NPCS/J Patil NPCS V2 Test setup 9/16/2018 Web Interface for NPCS/J Patil

Hardware Configuration Machine Spec IP Address O/S Web Server IXP12EB 200MHz (Content switch) Port 0 : 128.198.60.130 PCI Ethernet Card : 128.198.60.32 VxWorks 5.4 GoAhead a) dilbert.uccs.edu Dell Precision 330 128.198.60.23 a) Windows NT, 4.0 N/A a) buck.csnet.uccs.edu b) cow.csnet.uccs.edu HP Vectra Machines, 500 MHz, 256MB RAM (Real Server) 128.198.61.112 128.198.61.113 Fedora Core 3 (2.6.10-1.770_FC3) Apache httpd server 9/16/2018 Web Interface for NPCS/J Patil

Webbench test results - 1 Table 1: WebBench Summary C:\WebBench\Controller\Suites\Webbench\verify_ssl_wb401.tst Mix Name Requests Per Second Throughput (Bytes/Sec)   Test Information 1_client 0.425 1345.975 Engine Types: http 4_client 1147.525 WebBench 5.0 8_client 1314.850 Start Suite: Thu Apr 28 03:26:35 2005 12_client 0.400 1640.525 Finish Suite: Thu Apr 28 03:45:59 2005 16_client 1606.750 Elapsed Time: 00:19:24 20_client 1082.025 Status: Suite completed successfully 24_client 627.950 Comments: 28_client 739.675 32_client 1403.250 36_client 822.175 40_client 824.225 44_client 2533.825 48_client 1323.575 52_client 1080.550 56_client 915.875 60_client 2963.300 9/16/2018 Web Interface for NPCS/J Patil

Webbench test results - 2 9/16/2018 Web Interface for NPCS/J Patil

Web Interface for NPCS/J Patil 9/16/2018 Web Interface for NPCS/J Patil

Web Interface for NPCS/J Patil Lessons Learned Sometimes, the peth0 driver initialization fail Manual compilation of VxWorks bootable image Generally available PC Webbench’s encryption level is 40bit. Thus, I had to reduce the ssl_proxy’s encryption level. 9/16/2018 Web Interface for NPCS/J Patil

Web Interface for NPCS/J Patil Conclusion A Secure Web-based Management Interface was developed for a Intel IXP1200 based Content Switch. It is capable of Dynamic update of the content switch rule sets Retrieving content switch status With reasonable management task performance. The NPCS performance is still slow due to not fully utilized the six microengine. The size of ssl_proxy.out (the downloadable application for IXP1200) is 9MB. It is relatively big in an embedded system with small memory size. It can be improved. 9/16/2018 Web Interface for NPCS/J Patil

Web Interface for NPCS/J Patil References “Linux Virtual Server”, http://www.linuxvirtualserver.org High Performance Cluster Computing:Architechures and Systems, Vol 1&2, by Rajkumar Buyya(Editor), May 21, 1999, Prentice Hall Gregory Yerxa and James Hutchinson, “Web Content Switching”, http://www.networkcomputing.com C. Edward Chow and Weihong Wang, “Design and Implementation of a Linux-based Content Switch”, to be published in Proceedings of Second International Conference on Parallel and Distributed Computing, Applications and Techniques. http://cs.uccs.edu/~chow/pub/contentsw/status/chow1.doc Intel IXP1200 Network Processor http://developer.intel.com/design/network/products/npfamily/ixp1200.htm Intel IXA (Internet Exchange Architecture) http://developer.intel.com/design/network/ixa.htm WindRiver Tornado Development Tools http://www.windriver.com/products/html/tornado2.html Tornado User’s Guide (Wondows Version) 2.0 WindRiver VxWorks, http://www.windriver.com/products/vxworks5/index.html C. Edward Chow and Longhua Li, “The Design and Implementation of Content Switch on IXP12EB” Ganesh Godavari, “Role Based Access Right Specification for Secure Information Sharing. Jigsaw – W3C’s Server http://www.w3.org/Jigsaw Avenida – 100% pure Java-based web server http://www.serverwatch.com/webserver-avenida.html Goahead webserver from GoAhead Software - http://www.goahead.com/ Form-based File Upload in HTML - http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc1867.html 9/16/2018 Web Interface for NPCS/J Patil

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.