Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

ppt

advertisement 
Secure Network Performance
Testing using SeRIF
Dr. Charles J. Antonelli
Center for Information Technology Integration
University of Michigan
Winter 2006 CSG
http://www.albinoblacksheep.com/flash/nintendogs.php
U-M Contributors
• CITI
–
–
–
–
–
Andy Adamson
Charles Antonelli
Nathan Gallaher
Olga Kornievskaia
David Richter
• ITCom
• MGRID
Work supported by OVPR and ITCom
SeRIF
• SeRIF : Secure Remote Invocation
Framework
• Purpose : provide a secure and extensible
remote process invocation service, with
strong authentication and flexible
authorization
• Based on Globus 2.4, GARA 1.2.2
• Leverages existing user credentials
– Kerberos (via kx509)
• Adds fine-grained authorization
– Walden
SeRIF
• Central portal host
– Authentication
– Control (invocation, parameters, results)
– Databases (LDAP)
• Dedicated remote nodes
–
–
–
–
Gatekeeper
Local scheduler for execution and cleanup
Provides status and output redirection
Fine grained authorization at resource
SeRIF Architecture
Portal
Apache
mod ssl
mod kct
mod kx509
User Workstation
SSL – Client Certificate required
3
4
Kerberos
5
KCA
mod php
KDC
mod jk
Tomcat
CHEF
LDAP
Output
GSI
libpkcs11
GateKeeper
Resource Mgr
SASL
8
Resource
kx509
2
Kerberos
kinit
1
Grid Resource
6
NW Topology
WALDEN
Authorization
Kerberos V5
KCT
Browser
SASL
7
WALDEN
Authorization
NTAP
• NTAP : Network Testing and Performance
• Purpose : provide a secure and extensible
network testing and performance tool
invocation service at U-M
• Uses SeRIF framework
• Runs on portal host and Performance
Measurement Platforms (PMPs) attached to
routers in a VLAN environment
NTAP Architecture
Host A
Host B
Router 1
Router 2
Router 3
Portal
GSI
GSI
GSI
PMP 1
Attribute Callout
Walden (XACML)
AFS PTS
Flat File
PMP 2
PMP 3
Mapping and Reporting
• Segment mapping
– Use traceroute to obtain packet routing path
– Use network topology database to map each
router to its associated PMP
– Execute pairwise performance tests along path
• Reporting tool
– Output hop-by-hop matrix display
– Color-coded test history
– Click through cells for detailed views
• Links to most recent tests
Host Endpoint Testing
• Solution to first mile problem
Host A
– Leverages Network Diagnostic Tester
• Authenticated user clicks first-mile link
Router 1
– Portal runs traceroute back to client
– Portal determines client’s first-hop router and
attached PMP (running NDT server) from path
and network topology database
– Portal displays link to first-hop PMP
– Client downloads NDT app from PMP as usual
– Client runs NDT test and displays results as usual
– NDT server sends results to NTAP database
Automated Testing
• Need repetitive, automated testing
– … but with secure authentication and
authorization
• Solution: renewable credentials
– User obtains long-term credentials
– Portal schedules repetitive testing
– Prior to a test cycle, portal validates long-term
credential and derives from it a short-term
credential
– Rest of SeRIF architecture unchanged
Future Work
• Post-processed statistics, graphs
• Measurement database reorganization
– Scalability improvements
• Alternatives to topology database
– Active infrastructure probing
• Automated tools a la NDT
– Tune TCP stack
– Detect conditions, e.g. duplex mismatches
• Cross-domain testing
Cross-Domain Testing
Host A
Host B
Router 1
Router 2
Router 3
Portal
GSI
GSI
Domain 2
PMP 1
PMP 2
Domain 1
PMP 3
GSI
Portal
Cross-Domain Testing
• Goals
– Extend test path across administrative domains
– Address larger end-to-end performance issues
– Leverage SeRIF’s strong security and finegrained authorization model
– Promote SeRIF at other institutions
– Share performance data among institutions
Cross-Domain Testing
• Approach
– Retain portal within each domain
– Originating portal runs traceroute
• Determines sequence of domains
• Verfies permissions for test
• Or “chunked” by domain
– Each portal tests and stores local results
• Independently, or synchronized
– Test data available via local SeRIF controls
– Boundary-crossing segments
• Need cross-domain trust
– Transit segments
Merit Measurement Infrastructure
Cross-Domain Testing
• Seeking
– Large network testbed
– Independent administrative domains
– Partners
– Funding
– Proposal
SeRIF Resources
• SeRIF & NTAP home page
– http://www.citi.umich.edu/projects/ntap
– FAQ & documentation
– Download NTAP code & installation instructions
• Tools
– iperf http://dast.nlanr.net/Projects/Iperf/
– ndt http://e2epi.internet2.edu/ndt/
– owamp http://e2epi.internet2.edu/owamp/
Any Questions?
http://www.citi.umich.edu
Related documents
How to use the AIM-VA portal Who can order? If you are longtime
How to use the AIM-VA portal Who can order? If you are longtime
Aeries Parent Portal is available as an app. Click for directions
Aeries Parent Portal is available as an app. Click for directions
Directions on how to access the Parent Portal
Directions on how to access the Parent Portal
Transition to Preschool or Kindergarten
Transition to Preschool or Kindergarten
A Clinical Portal Approach to EPR
A Clinical Portal Approach to EPR
PowerSchool - Georges P. Vanier Junior High School
PowerSchool - Georges P. Vanier Junior High School
MGRID: Network Testing and Performance Charles J. Antonelli Center for Information Technology Integration
MGRID: Network Testing and Performance Charles J. Antonelli Center for Information Technology Integration
PPT - lsntap
PPT - lsntap
Download
advertisement