1 / 5

NAT/FW NSLP Implementation

Presentation given by Hannes Tschofenig Implemented by Henning Peters. NAT/FW NSLP Implementation. Current Status. Working C++ NATFW NSLP prototype Based on Univ. Goettingen GIST implementation

diem
Télécharger la présentation

NAT/FW NSLP Implementation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Presentation given by Hannes Tschofenig Implemented by Henning Peters NAT/FW NSLP Implementation

  2. Current Status Working C++ NATFW NSLP prototype Based on Univ. Goettingen GIST implementation Most essential features are covered, including proxy modes (DS behind NAT, DR behind NAT) and all basic behavior, (CREATE/REFRESH/TEARDOWN/RESPONSE, REA/RESPONSE) TODO: Firewall Interaction Interaction with a AAA server Performance evaluation and improvements (including refinement of memory management) Development time: ~ 2 man-months (including work on GIST)

  3. Big picture

  4. Details GNU/Linux kernel 2.6.x as development platform NAT/FW API using Linux iptables/netfilter Splitted into three processes: GIST server, NAT/FW server, NAT/FW client All GIST / NAT/FW client/server communication over UNIX sockets See performance overhead paper from X. Fu et. al on GIST: http://www.tmg.informatik.uni-goettingen.de/publications Using code generation for object construction and FSM: ~1000 lines of code Virtual machines were used for testing

  5. Conclusion • Issues filed as part of the implementation experience. • E.g., REA/UCREATE separation, Missing ports using REA, how to update MRI at NATs, terminology • Some already resolved in the current draft • https://kobe.netlab.nec.de/roundup/nsis-natfw-nslp/index • Some amount of energy went into GIST code to make things more generic (e.g., FSM, objects, timers).  Easier job for new NSLP implementation using this GIST implementation

More Related