diff options
| -rw-r--r-- | docs/source/vTC/README.rst | 96 | ||||
| -rw-r--r-- | docs/source/vTC/abbreviations.rst | 6 | ||||
| -rw-r--r-- | vTC/build.sh | 44 |
3 files changed, 146 insertions, 0 deletions
diff --git a/docs/source/vTC/README.rst b/docs/source/vTC/README.rst new file mode 100644 index 000000000..018573541 --- /dev/null +++ b/docs/source/vTC/README.rst @@ -0,0 +1,96 @@ +========= +Yardstick +========= + +Overview of the virtual Traffic Classifier +======== +The virtual Traffic Classifier VNF [1], comprises in the current version of +1 VNFC [2]. The VNFC contains both the Traffic Inspection module, and the +Traffic forwarding module, needed to run the VNF. The exploitation of DPI +methods for traffic classification is built around two basic assumptions: +(i) third parties unaffiliated with either source or recipient are able to +inspect each IP packet’s payload and +(ii) the classifier knows the relevant syntax of each application’s packet +payloads (protocol signatures, data patterns, etc.). +The proposed DPI based approach will only use an indicative, small number of the +initial packets from each flow in order to identify the content and not inspect +each packet. +In this respect it follows the Packet Based per Flow State (PBFS). +This method uses a table to track each session based on the 5-tuples +(src address,dest address,src port,dest port,transport protocol) +that is maintained for each flow. + +Concepts +======== +Traffic Inspection: The process of packet analysis and application +identification of network traffic that passes through the vTC. + +Traffic Forwarding: The process of packet forwarding from an incoming +network interface to a pre-defined outgoing network interface. + +Traffic Rule Application: The process of packet tagging, based on a +predefined set of rules. Packet tagging may include e.g. ToS field modification. + +Architecture +============ + +The Traffic Inspection module is the most computationally intensive component +of the VNF. It implements filtering and packet matching algorithms in order to +support the enhanced traffic forwarding capability of the VNF. The component +supports a flow table (exploiting hashing algorithms for fast indexing of flows) +and an inspection engine for traffic classification. The implementation used for +these experiments exploits the nDPI library. The packet capturing mechanism is +implemented using libpcap. When the DPI engine identifies a new flow, the flow +register is updated with the appropriate information and transmitted across the +Traffic Forwarding module, which then applies any required policy updates. +The Traffic Forwarding moudle is responsible for routing and packet forwarding. +It accepts incoming network traffic, consults the flow table for classification +information for each incoming flow and then applies pre-defined policies marking +e.g. type of Service/Differentiated Services Code Point (TOS/DSCP) multimedia +traffic for QoS enablement on the forwarded traffic. It is assumed that the +traffic is forwarded using the default policy until it is identified and new +policies are enforced. The expected response delay is considered to be +negligible,as only a small number of packets are required to identify each flow. + +Graphical Overview +================== + ++----------------------------+ +| | +| Virtual Traffic Classifier | +| | +| Analysing/Forwarding | +| +--------> | +| ethA ethB | ++------+--------------+------+ + | ^ + | | + | | + | | + v | ++------+--------------+------+ +| | +| Virtual Switch | +| | ++----------------------------+ + + +Install +======= + +run the build.sh with root privileges + +Run +=== + +sudo ./pfbridge -a eth1 -b eth2 + +Custom Image +============ + +TBD + +Development Environment +======================= + +Ubuntu 14.04 >= VM diff --git a/docs/source/vTC/abbreviations.rst b/docs/source/vTC/abbreviations.rst new file mode 100644 index 000000000..61475415a --- /dev/null +++ b/docs/source/vTC/abbreviations.rst @@ -0,0 +1,6 @@ +Abbreviations for the virtual Traffic Classifier +======== + +[1] VNF - Virtual Network Function +[2] VNFC - Virtual Network Function Component + diff --git a/vTC/build.sh b/vTC/build.sh new file mode 100644 index 000000000..aa4e46328 --- /dev/null +++ b/vTC/build.sh @@ -0,0 +1,44 @@ +#!/bin/sh + +# Jira No.137 + +# download and install required libraries +apt-get update +apt-get install -y git build-essential gcc libnuma-dev bison flex byacc libjson0-dev libcurl4-gnutls-dev jq dh-autoreconf libpcap-dev libpulse-dev libtool pkg-config + +# Setup for PF_RING and bridge between interfaces + +# Get the source code from the bitbucket repository with OAuth2 authentication +rm resp.json +curl -X POST -u "mPkgwvJPsTFS8hYmHk:SDczcrK4cvnkMRWSEchB3ANcWbqFXqPx" https://bitbucket.org/site/oauth2/access_token -d grant_type=refresh_token -d refresh_token=38uFQuhEdPvCTbhc7k >> resp.json +access_token=`jq -r '.access_token' resp.json` +git clone https://x-token-auth:${access_token}@bitbucket.org/akiskourtis/vtc.git +cd vtc +git checkout -b stable +#Build nDPI library +cd nDPI +NDPI_DIR=$(pwd) +echo $NDPI_DIR +NDPI_INCLUDE=$(pwd)/src/include +echo $NDPI_INCLUDE +./autogen.sh +./configure +make +make install + +#Build PF_RING library +cd .. +cd PF_RING +make +#Build PF_RING examples, including the modified pfbridge, with nDPI integrated. +cd userland/examples/ +sed -i 's#EXTRA_LIBS =#EXTRA_LIBS='"${NDPI_DIR}"'/src/lib/.libs/libndpi.a -ljson-c#' ./Makefile +sed -i 's# -Ithird-party# -Ithird-party/ -I'"$NDPI_INCLUDE"' -I'"$NDPI_DIR"'#' ./Makefile +echo $NDPI_DIR +make +cd ../.. +cd .. +cd .. +#sudo rmmod pf_ring +insmod ./vtc/PF_RING/kernel/pf_ring.ko min_num_slots=16384 enable_debug=1 quick_mode=1 enable_tx_capture=0 +#./vtc/PF_RING/userland/examples/pfbridge -a eth1 -b eth2 |