10-Jun-2005 OWAMP and BWCTL: Installation and Configuration Jeff Boote Network Performance Workshop.

Slides:



Advertisements
Similar presentations
Sonny J Zambrana University of Pennsylvania ISC-SEO November 2008.
Advertisements

DHCP -Ameeta and Haripriya -cmsc 691x. DHCP ► Dynamic Host Configuration Protocol ► It controls vital networking parameters of hosts with the help of.
1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.
Michelle J. Gosselin, Jennifer Schommer Guanzhong Wang.
OWAMP March 10 th 2011, OSG All Hands Meeting, Network Performance Jason Zurawski – Internet2.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
14.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.
Lesson 19: Configuring Windows Firewall
Chapter 23: ARP, ICMP, DHCP IS333 Spring 2015.
Network Performance Toolkit (NPToolkit) A Knoppix Live-CD Rich Carlson Tools Tutorial 12/4/06.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
APACHE SERVER By Innovationframes.com »
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Installing Samba Vicki Insixiengmay Jonathan Krieger.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
2007/01/031 Bandwidth Test Controller Speaker : Po-Chou Chen Cheng-Lin Tsai Advisor : Quincy Wu Date : 2008/01/03.
Session 5: Working with MySQL iNET Academy Open Source Web Development.
Name Resolution Domain Name System.
BWCTL March 10 th 2011, OSG All Hands Meeting, Network Performance Jason Zurawski – Internet2.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System.
Copyright 2000 eMation SECURITY - Controlling Data Access with
70-411: Administering Windows Server 2012
Course ILT Internet/intranet support Unit objectives Use the Internet Information Services snap-in to manage IIS, Web sites, virtual directories, and WebDAV.
1 Apache and Virtual Sites and SSL Dorcas Muthoni.
Implementing a Port Knocking System in C Honors Thesis Defense by Matt Doyle.
CHAPTER 3 PLANNING INTERNET CONNECTIVITY. D ETERMINING INTERNET CONNECTIVITY REQUIREMENTS Factors to be considered in internet access strategy: Sufficient.
Firewalls. Intro to Firewalls Basically a firewall is a __________to keep destructive forces away from your ________ ____________.
Hands On Networking Network Applications Ram P Rustagi, ISE Dept Kundan Kumar, MCA Dept Manini Sahoor, MCA Dept Ravi Teja, MCA Dept Sourav.
Web Site Access Control with Apache Fort Collins, CO Copyright © XTR Systems, LLC Web Site Access Control Using the Apache Web Server Instructor: Joseph.
OWAMP August 10 th 2010, OSG Site Admin Workshop - Network Performance Jason Zurawski, Internet2.
05-Apr-2006 OWAMP and BWCTL: Installation and Configuration Jeff Boote Network Performance Workshop.
1 Linux Networking and Security Chapter 5. 2 Configuring File Sharing Services Configure an FTP server for anonymous or regular users Set up NFS file.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 11: Managing Access to File System Resources.
26th APAN - Queenstown, New Zealand - August 5, 2008 Installing PerfSONAR-BUOY John Hicks Indiana University TransPAC2
10-Jun-2005 OWAMP (One-Way Active Measurement Protocol) Jeff Boote Network Performance Workshop.
XWN740 X-Windows Configuring and Using Remote Access (Chapter 13: Pages )‏
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
Bandwidth Test Controller (BWCTL) Speaker: Shin-Fu Huang Date: 2009/10/08 1.
Web Technology – Web Server Setup : Chris Uriarte Meeting 4: Advanced Topics, Continued: Securing the Apache Server and Apache Performance Tuning Rutgers.
Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.
Linux Operations and Administration
E2E piPEfitters Eric L. Boyd. 2 Agenda NLANR / DAST Advisor Jim Ferguson John Estabrook OWAMP Jeff Boote SONAR Prototype Deployment Eric Boyd.
(ITI310) By Eng. BASSEM ALSAID SESSIONS 9: Dynamic Host Configuration Protocol (DHCP)
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
10-Jun-05 BWCTL (Bandwidth Test Control) Jeff Boote Network Performance Workshop.
IP ADDRESS An IP (Internet Protocol) address is a unique identifier for a node or host connection on an IP network. An IP address is a 32 bit binary number.
BWCTL August 10 th 2010, OSG Site Admin Workshop - Network Performance Jason Zurawski, Internet2.
COMP1321 Digital Infrastructure Richard Henson March 2016.
1 Example security systems n Kerberos n Secure shell.
Skype.
1 E-Site - FTP Services Setup / install guide. 2 About FTP services can run on any desired port(s) Runs as a windows service Works for all sites installed.
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
1 Remote Installation Service Windows 2003 Server Prof. Abdul Hameed.
BWCTL (Bandwidth Test Control)
Authentication & .htaccess
OWAMP (One-Way Active Measurement Protocol)
XWN740 X-Windows Configuring and Using Remote Access
FTP - File Transfer Protocol
Understand Networking Services
Implementing TMG Server Publishing
(bandwidth control) Jeff Boote Internet2
OWAMP One-Way Active Measurement Protocol (Sample Implementation)
BWCTL (Bandwidth Test Control)
Setting Up Firewall using Netfilter and Iptables
Configuring Internet-related services
Computer Networks Protocols
Session 20 INST 346 Technologies, Infrastructure and Architecture
Presentation transcript:

10-Jun-2005 OWAMP and BWCTL: Installation and Configuration Jeff Boote Network Performance Workshop

Policies and Procedures2005-Mar-22 2 Overview Intro Installation Policy Partitioning Resources Classifying Connections OWAMP configuration owampd general configuration owampd policy configuration Testing and troubleshooting BWCTL configuration bwctld general configuration bwctld policy configuration Testing and troubleshooting

Policies and Procedures2005-Mar-22 3 Review Website Most of the information from this talk is on the web sites:

Policies and Procedures2005-Mar-22 4 Overview Intro Installation Policy Partitioning Resources Classifying Connections OWAMP configuration owampd general configuration owampd policy configuration Testing and troubleshooting BWCTL configuration bwctld general configuration bwctld policy configuration Testing and troubleshooting

Policies and Procedures2005-Mar-22 5 Download

Policies and Procedures2005-Mar-22 6 Unpack/Build/Install %gzip -cd owamp-$VERS.tar.gz | tar xf - %cd owamp-$VERS %./configure --prefix=/ami #--prefix is only needed if you don't like the default #(/usr/local on most systems) %make %make install Does not install configuration files (Same process for BWCTL - do it now)

Policies and Procedures2005-Mar-22 7 Overview Intro Installation Policy Partitioning Resources Classifying Connections OWAMP configuration owampd general configuration owampd policy configuration Testing and troubleshooting BWCTL configuration bwctld general configuration bwctld policy configuration Testing and troubleshooting

Policies and Procedures2005-Mar-22 8 General Security Considerations (review) Do no harm Don’t want machines to be a source of denial of service attacks On the other hand, would like them to be as available as possible, so as useful as possible for debugging Avoid being an attractive nuisance Again, obscurity lessens usefulness But do harden machines themselves

Policies and Procedures2005-Mar-22 9 OWAMP Security Considerations Limit the bandwidth that can be consumed Limit the memory/disk that can be consumed on the test host

Policies and Procedures2005-Mar BWCTL Security considerations Limit the bandwidth that can be consumed Including protocol type (UDP/TCP)

Policies and Procedures2005-Mar Partitioning Resources Decide upon complete amount of resources it is acceptable for the test host to consume Decide how to allocate those resources among users How much disk space can be dedicated? Per group? How much bandwidth total? Per group? Keep system load in mind as well as network. The data accuracy will suffer if the system is too loaded.

Policies and Procedures2005-Mar Resources Allocated Using Hierarchical Limitclasses Users are grouped into hierarchical limitclasses One parent-less class allowed, it defines the total amount of resources available When limitclasses are defined, limits of the one and only parent are inherited When consumable resources are requested, the limits of the limitclass and all parent limitclasses must be satisfied (memory/bandwidth/timeslots)

Policies and Procedures2005-Mar Classifications of users into limitclasses Root: Complete set of resources available Hostile: Used to “jail” hostile users NOC: Super-user limits Peer: Extended limits for peer tests Normal: Reasonable limits for end-users Open == Conservative limits for *anyone* Example organization of limitclasses

Policies and Procedures2005-Mar Available per limitclass Root: Complete set of resources available Hostile: No tests allowed NOC: Inherit Root limits Peer: Limit UDP to 500m Could make children limitclasses for each individual peer if lower limits should be applied to some Normal: UDP not needed for most end users Open: No tests allowed Example Allocation for bandwidth (BWCTL)

Policies and Procedures2005-Mar Example limitclass definition # total available limit root with \ AllowTCP=on, \ AllowUDP=on, \ bandwidth=900m # Hostile limit hostile with parent=root, \ AllowTCP=off, \ AllowUDP=off

Policies and Procedures2005-Mar Classifying Connections IP/netmask The IP address of the client is matched against a list of IP netmask specified subnets and assigned to a limitclass based on the address of the client Username and AES key Client specifies a username, the server must already know the associated AES key AES key is used as a symmetric session key –Client and Server use the key as a shared secret

Policies and Procedures2005-Mar IP/netmask matching rules The most specific matching mask wins No set bits are allowed in the address portion beyond the number of mask bits Does not need to be a “real” sub-net

Policies and Procedures2005-Mar Example netmask assignment setup # loopback assign net ::/127 noc assign net /32 noc # abilene nmslan (observatory systems) assign net 2001:468:0::/40 peer assign net /23 peer

Policies and Procedures2005-Mar Username and AES key rules Usernames are limited to 16 characters AES key is a 128 bit session key Not encrypted in the keys file, use UNIX permissions to protect Can use a pass phrase to generate the AES key Server: use aespasswd to add pass phrase generated keys into the keys file Client: application prompts user for pass phrase

Policies and Procedures2005-Mar Example key file joea0167ac6101b360d2f4dd164abba2337 bob2dc36fc cdfbe180b71d2b4a0f sam3fc763fb270ce6ba6e928bd10d4977d3

Policies and Procedures2005-Mar aespasswd Similar command-line to htpasswd (apache web server) Specify an identity to be added to a key file, prompted for a passphrase man.html

Policies and Procedures2005-Mar Example username/key assignment setup # local super users assign user boote noc assign user joe noc # peers assign user warren peer assign user bob peer # normal assign user sam normal

Policies and Procedures2005-Mar Overview Intro Installation Policy Partitioning Resources Classifying Connections OWAMP configuration owampd general configuration owampd policy configuration Testing and troubleshooting BWCTL configuration bwctld general configuration bwctld policy configuration Testing and troubleshooting

Policies and Procedures2005-Mar Configure (owampd.conf) These parameters control how the owampd runs –General operations such as where it reports its errors and where it stores buffered data files. Most installations will only need to modify –datadir –vardir –user –group

Policies and Procedures2005-Mar Configure (owampd.limits) html Two parts: 1.Authentication Who is making the request? 2.Authorization What is that identity allowed to do?

Policies and Procedures2005-Mar Configure (owampd.limits) Authentication is done by assigning a limitclass to each new connection as it comes in IP/netmask method: assign net /32 noc username method: assign user boote noc

Policies and Procedures2005-Mar Configure (owampd.limits) Authorization is done by associating a set of hierarchical limits with each limitclass and verifying that each incoming request adheres to them. Limit root with \ Disk=100M, \ Bandwidth=0, \ Delete_on_fetch=on, \ Allow_open_mode=off Limit noc with parent=root, \ Allow_open_mode=on

Policies and Procedures2005-Mar Configure (owampd.keys) Used to hold the username/AESKey pairing information for the daemon. Use the aespasswd program to generate a key if you want a passphrase associated with it

Policies and Procedures2005-Mar Starting owampd start in foreground during testing /usr/local/bin/owampd -c /usr/local/etc -Z

Policies and Procedures2005-Mar Testing (owping) Simple localhost test: /ami/bin/owping localhost Test to Internet2 test host: /ami/bin/owping nmsy-aami.abilene.ucaid.edu Others: /usr/local/bin/owping otherhost

Policies and Procedures2005-Mar Troubleshooting No control connection Control connection denied 100% packet loss in test streams Clock offset (ntpq, loss timeout) Firewall

Policies and Procedures2005-Mar Overview Intro Installation Policy Partitioning Resources Classifying Connections OWAMP configuration owampd general configuration owampd policy configuration Testing and troubleshooting BWCTL configuration bwctld general configuration bwctld policy configuration Testing and troubleshooting

Policies and Procedures2005-Mar Configure (bwctld.conf) These parameters control how the bwctld runs General operations such as where it reports its errors and other daemon wide configuration options Most installations will only need to modify vardir user group

Policies and Procedures2005-Mar Configure (bwctld.limits) Two parts: 1.Authentication Who is making the request? 2.Authorization What is that identity allowed to do?

Policies and Procedures2005-Mar Configure (bwctld.limits) Authentication is done by assigning a limitclass to each new connection as it comes in IP/netmask method: assign net /32 noc username method: assign user boote noc

Policies and Procedures2005-Mar Configure (bwctld.limits) Authorization is done by associating a set of hierarchical limits with each limitclass and verifying that each incoming request adheres to them. Limit root with \ bandwidth=900m, \ duration=0, \ allow_tcp=on, \ allow_udp=on, \ allow_open_mode=off Limit noc with parent=root, \ Allow_open_mode=on

Policies and Procedures2005-Mar Configure (bwctld.keys) Used to hold the username/AESKey pairing information for the daemon. Use the aespasswd program to generate a key if you want a passphrase associated with it

Policies and Procedures2005-Mar Testing bwctl Try to create a test from the Internet2 test host: % /ami/bin/bwctl -s nmsx-aami.abilene.ucaid.edu A AESKEY jimbob Try to create a test toward the Internet2 test host: % /ami/bin/bwctl -c nmsx-aami.abilene.ucaid.edu A AESKEY jimbob

Policies and Procedures2005-Mar Starting bwctld start in foreground during testing /usr/local/bin/bwctld -c /usr/local/etc -Z

Policies and Procedures2005-Mar Testing bwctl (With Your Daemon) If there is a local daemon running, the bwctl client will automatically connect to it to schedule the local resources instead of running the test directly. (The same command-lines are used from above to test this.) Try to create a test from the Internet2 test host: % /ami/bin/bwctl -s nmsx-aami.abilene.ucaid.edu A AESKEY jimbob Try to create a test toward the Internet2 test host: % /ami/bin/bwctl -c nmsx-aami.abilene.ucaid.edu A AESKEY jimbob

Policies and Procedures2005-Mar Testing bwctl (3-Party) The bwctl client can be used to request a test between 2 other hosts If you have the same identity on the two hosts: % /ami/bin/bwctl -s sendhost -c recvhost -A A AESKEY jimbob If you have different identities, you must append the auth args after the host: % /ami/bin/bwctl -s sendhost A AESKEY jim -c recvhost A AESKEY bob

Policies and Procedures2005-Mar Troubleshooting No control connection Control connection denied Initial control connection works - peer connection fails Scheduling problems Iperf connections fail Iperf results are bad

Policies and Procedures2005-Mar Questions?/Review? Intro Installation Policy Partitioning Resources Classifying Connections OWAMP configuration owampd general configuration owampd policy configuration Testing and troubleshooting BWCTL configuration bwctld general configuration bwctld policy configuration Testing and troubleshooting

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.