Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jayant Patil Department of Computer Science

Similar presentations


Presentation on theme: "Jayant Patil Department of Computer Science"— Presentation transcript:

1 The Design of Web-based Management Interface for Network Processor based Content Switch
Jayant Patil Department of Computer Science Univ. of Colorado at Colorado Springs Welcome the committee members. 9/16/2018 Web Interface for NPCS/J Patil

2 Web Interface for NPCS/J Patil
Outline of the Talk Overview of Content Switch, SSL, and Intel IXP12EB. NPCS Interface Requirements Components of interface – Web server, RAM-based file system, restructured rule module Experimental results Lessons Learned and Future Directions Conclusion First I will be briefly describing a content switch, SSL technology and Intel’s web development kit IXp12EB. Then I will present the NPCS interface requirements. I will explain the components of Web-based interface – Webserver, Ram-based filrsystem and restructured rulemodule. Thereafter I will present the experimental results. Then will talk about the lessons learned and future directions. 9/16/2018 Web Interface for NPCS/J Patil

3 Web Interface for NPCS/J Patil
Content Switch (CS) server1 home.htm client Content Switch server2 uccs.jpg . Index.htm . rocky.mid server9 Route packets based on high layer (Layer 5/7) headers and content. Examples: Direct Web traffic based on pattern of URLs, host tags, cookies. Can Route incoming based on address; Connect POP/IMAP based on login Web switches and Intel XML Director/accelerator are special cases of content switch. 9/16/2018 Web Interface for NPCS/J Patil

4 What Services It Can Provide
Enabling premium services for e-commerce, ISP, and Web hosting providers Load Balancing and High Available Server Clusters: Web, E-commerce, , Computing, File, SAN Policy-based networking, differential/QoS services. Firewall, Strengthening DoS protection, cache/firewall load-balancing ‘Flash-crowd' management It makes more sense, to provide faster, more efficient service to larger, older customers of e-commerce company. This is only possible using content switch since the clients can be routed to faster/powerful servers based upon the request contents. Flash crowd management also becomes simple, as just by changing switching ruleset dynamically, we can add more power more quickly to the server farm, and later remove it. 9/16/2018 Web Interface for NPCS/J Patil

5 Content Switch Operation
9/16/2018 Web Interface for NPCS/J Patil

6 Secure Socket Layer (SSL) Protocol
We need SSL for secure communications between client and server. SSL Protocol allows the exchange of certificates for the authentication of server and potentially the clients cipher suites and selection of session keys for encryption 9/16/2018 Web Interface for NPCS/J Patil

7 Web Interface for NPCS/J Patil
OpenSSL OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. Open Source toolkit implementing the Secure Socket Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library Important Libraries SSL The OpenSSL ssl library implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols Crypto The OpenSSL crypto library implements a wide range of cryptographic algorithms used in various Internet standards. The services provided by this library are used by the OpenSSL implementations of SSL, TLS, and they have also been used to implement SSH, OpenPGP, and other cryptographic standards OpenSSL combines two tools in one package: a cryptography library and an SSL toolkit. OpenSSL supports ·        MD2, MD4, MD5, MDC2, SHA1 and RIPEMD-160 message digest algorithms; ·        Blowfish, CAST5, DES, 3DES (Triple DES), IDEA, RC2, RC4, and RC5 symmetric ciphers and most of the ciphers support different modes, including CBC, CFB, ECB and OFB; ·        Public key cryptography including Diffie-Hellman algorithm (only used for key agreement), Digital Signature Algorithm (DSA), and RSA. 9/16/2018 Web Interface for NPCS/J Patil

8 IXP12EB: IXP1200 Network Processor Ethernet Evaluation Kit
Contain IXP1200 Network Processor with StrongArm Core Six MicroEngines 256 KB SRAM 64MB SDRAM 2 Fiber Gigabit Ethernet Interface 8 Fast Ethernet Interface IXP12DE software development kit. Allow developers to test network software at gigabit wired processing speed 9/16/2018 Web Interface for NPCS/J Patil

9 NPCS: Network Processor based Content Switch
Explore the design issues in using Intel IXP1200 Network Processor as content switch. Longhua Li ported Linux based Secure Content Switch developed by Ganesh Godavari to run on IXP12EB NPCS version 1. NPCS version 1 does not support Web-based management interface Dynamic content switch rule set update Content switch status query 9/16/2018 Web Interface for NPCS/J Patil

10 NCPS Web-based Interface Requirements
Secure Efficient Reliable User-friendly Web-based The secure web-based interface should enable Configuration of the content switch Dynamic update of the content switching rules Retrieval of the network session/statistical data 9/16/2018 Web Interface for NPCS/J Patil

11 Web Interface for NPCS/J Patil
NPCS Software layers 9/16/2018 Web Interface for NPCS/J Patil

12 Enhanced NPCS v2 Architecture
In-process CGI explained later in detail. 9/16/2018 Web Interface for NPCS/J Patil

13 Web Interface for NPCS/J Patil
GoAhead Webserver Fully-featured, open-source embedded Web server by GoAhead Software - Active Server Pages Embedded JavaScript Standard CGI Implementation GoForms™ (in-memory CGI processing) URL Handlers Extensive API Documentation Small Footprint -- 50K RAM (critical for NPCS) Make a note here, that GoAhead software doesnot provide SSL implementation code, but only has support interface to the RSA Security’s SSL toolkit, RSA BSAFE SSL-C. We have currently implemented digest based user security. 9/16/2018 Web Interface for NPCS/J Patil

14 GoForms : In-Process CGI processing
Instead of spawning separate process to execute the CGI program, the GoForms makes call to the function that is compiled and linked with the web server. The function processes and returns the dynamic web content. For example, following is the code that writes the uploaded file onto the RAM-based file system. void upldForm(webs_t wp, char_t * path, char_t * query) { FILE * fp; char_t * fn; char_t * bn = NULL; int locWrite; int numLeft; int numWrite; char fulfilename[100]; fn = websGetVar(wp, T("filename"), T("")); strcat(bn,"rules"); strcat(fulfilename,”DEV1:/”); strcat(fulfilename, bn); What is CGI? : When web server gets a request, that is a program instead of a static webpage, it spawns separate process to execute the program. The program executes, and returns HTML page to the browser as a response. 9/16/2018 Web Interface for NPCS/J Patil

15 GoForms : In-Process CGI processing continued……..
if ((fp = fopen((fulfilename == NULL ? "upldForm.bin" : fulfilename), "w+b")) == NULL) { websWrite(wp, T("File open failed!<br>")); } else { websWrite(wp, T("File opened!<br>")); locWrite = 0; numLeft = wp->lenPostData; while (numLeft > 0) { numWrite = fwrite(&(wp->postData[locWrite]), sizeof(*(wp->postData)), numLeft, fp); if (numWrite < numLeft) { websWrite(wp, T("File write failed.<br>")); break; } locWrite += numWrite; numLeft -= numWrite; if (numLeft == 0) { if (fclose(fp) != 0) { websWrite(wp, T("File close failed.<br>")); websWrite(wp, T("File Size Written = %d bytes<br>"), wp->lenPostData); websWrite(wp, T("numLeft=%d locWrite=%d Size=%d bytes<br>"), numLeft, locWrite, wp->lenPostData); 9/16/2018 Web Interface for NPCS/J Patil

16 GoForms : In-Process CGI processing continued……..
Following is the code we use to execute the refresh function to refresh switching ruleset. What is CGI? : When web server gets a request, that is a program instead of a static webpage, it spawns separate process to execute the program. The program executes, and returns HTML page to the browser as a response. 9/16/2018 Web Interface for NPCS/J Patil

17 Dynamic Update of NPCS Ruleset
Rulemodule is responsible for matching the request with the rules in ruleset, and returning the designated real server for the request. NPCS v1 had the rules coded in the rulemodule code. Thus, to change the active ruleset, it was required to Shutdown the current rulemodule Unload rulemodule from memory, Load new rulemodule binary and Start new rulemodule It is very cumbersome and consumes lot of time. Thus it is decided to redesign the rulemodule. 9/16/2018 Web Interface for NPCS/J Patil

18 Web Interface for NPCS/J Patil
Enhance Rulemodule The rulemodule is restructured into two components: The rulematching component that matches request header/content with the ruleset. The ruleset maintenance module that loads/refreshes the ruleset on demand 9/16/2018 Web Interface for NPCS/J Patil

19 Rule grammar and parser
We modify the rule grammar and parser developed by Ganesh Godavari for Secure Information Sharing project. The rules are specified as per following grammar : Rulemodule match {if ( <expression> ) return <url path> expression := <term> | <term> && <expression> | (<expression>) | ! (<expression>) <term> := <factor> | <factor> || <term> | (<term>) <factor> := <variable operator value><operator> := > | >= | < | <= | == |!= | #} Here is an example : if ( ( url # "*wbtree*" ) ) return cow.csnet.uccs.edu 9/16/2018 Web Interface for NPCS/J Patil

20 Web Interface for NPCS/J Patil
Ram based File System There are two pieces provided by VxWorks : Block device driver and dosFs – MSDOS Compatible file system. We created a small ram memory based file system by making use of blocked device driver and dosFs filesystem provided by VxWorks. 9/16/2018 Web Interface for NPCS/J Patil

21 Web Interface for NPCS/J Patil
Rulefile uploading 9/16/2018 Web Interface for NPCS/J Patil

22 Web Interface for NPCS/J Patil
Ruleset Refreshing 9/16/2018 Web Interface for NPCS/J Patil

23 NPCS V2 Development setup
Describe the setup in detail 9/16/2018 Web Interface for NPCS/J Patil

24 Web Interface for NPCS/J Patil
NPCS V2 Test setup 9/16/2018 Web Interface for NPCS/J Patil

25 Hardware Configuration
Machine Spec IP Address O/S Web Server IXP12EB 200MHz (Content switch) Port 0 : PCI Ethernet Card : VxWorks 5.4 GoAhead a) dilbert.uccs.edu Dell Precision 330 a) Windows NT, 4.0 N/A a) buck.csnet.uccs.edu b) cow.csnet.uccs.edu HP Vectra Machines, 500 MHz, 256MB RAM (Real Server) Fedora Core 3 ( _FC3) Apache httpd server 9/16/2018 Web Interface for NPCS/J Patil

26 Webbench test results - 1
Table 1: WebBench Summary C:\WebBench\Controller\Suites\Webbench\verify_ssl_wb401.tst Mix Name Requests Per Second Throughput (Bytes/Sec) Test Information 1_client 0.425 Engine Types: http 4_client WebBench 5.0 8_client Start Suite: Thu Apr 28 03:26: 12_client 0.400 Finish Suite: Thu Apr 28 03:45: 16_client Elapsed Time: 00:19:24 20_client Status: Suite completed successfully 24_client Comments: 28_client 32_client 36_client 40_client 44_client 48_client 52_client 56_client 60_client 9/16/2018 Web Interface for NPCS/J Patil

27 Webbench test results - 2
9/16/2018 Web Interface for NPCS/J Patil

28 Web Interface for NPCS/J Patil
9/16/2018 Web Interface for NPCS/J Patil

29 Web Interface for NPCS/J Patil
Lessons Learned Sometimes, the peth0 driver initialization fail Manual compilation of VxWorks bootable image Generally available PC Webbench’s encryption level is 40bit. Thus, I had to reduce the ssl_proxy’s encryption level. 9/16/2018 Web Interface for NPCS/J Patil

30 Web Interface for NPCS/J Patil
Conclusion A Secure Web-based Management Interface was developed for a Intel IXP1200 based Content Switch. It is capable of Dynamic update of the content switch rule sets Retrieving content switch status With reasonable management task performance. The NPCS performance is still slow due to not fully utilized the six microengine. The size of ssl_proxy.out (the downloadable application for IXP1200) is 9MB. It is relatively big in an embedded system with small memory size. It can be improved. 9/16/2018 Web Interface for NPCS/J Patil

31 Web Interface for NPCS/J Patil
References “Linux Virtual Server”, High Performance Cluster Computing:Architechures and Systems, Vol 1&2, by Rajkumar Buyya(Editor), May 21, 1999, Prentice Hall Gregory Yerxa and James Hutchinson, “Web Content Switching”, C. Edward Chow and Weihong Wang, “Design and Implementation of a Linux-based Content Switch”, to be published in Proceedings of Second International Conference on Parallel and Distributed Computing, Applications and Techniques. Intel IXP1200 Network Processor Intel IXA (Internet Exchange Architecture) WindRiver Tornado Development Tools Tornado User’s Guide (Wondows Version) 2.0 WindRiver VxWorks, C. Edward Chow and Longhua Li, “The Design and Implementation of Content Switch on IXP12EB” Ganesh Godavari, “Role Based Access Right Specification for Secure Information Sharing. Jigsaw – W3C’s Server Avenida – 100% pure Java-based web server Goahead webserver from GoAhead Software - Form-based File Upload in HTML - 9/16/2018 Web Interface for NPCS/J Patil


Download ppt "Jayant Patil Department of Computer Science"

Similar presentations


Ads by Google