Features and working lines
In this section the current features implemented in SERVAL as well as the opened working lines are mentioned.
Current project state
The SERVAL project has three software indepent modules. They are:
- SERVAL server. The SERVAL server is the program which emulates the switch. It is the software that clients connect to to access to the VLANS.
- SERVAL client. The SERVAL client is the program that users have to run locally in their computer to access SERVAL. It has to be running continuosly in the client machine and it is the piece of software which creates the virtual network interface and both sends and receive messages.
- SERVAL client-shell. The SERVAL client shell is the program that users have to run to administer its virtual connection. This program contacts with the client and sends it administrative messages. These administrative messages are to create VLANs, delete VLANs, join VLANs, list the clients connected to a VLAN, etc
Now, the main features currently implemented in these modules are detailed.
SERVAL server
The SERVAL server is fully implemented using Erlang. Its main features are:
- UDP or TCP option to use as transport protocol in client-server connections.
- Multinode support. The server is designed in order to be deployed as a monode or a multinode switch. In a multinode environment there are several SERVAL server instances which collaborates and synchronize among them to set up a unique virtual switch. With multinode configurations clients can connect to the SERVAL switch through any of its nodes and higher performances are obtained on having more processing power. Each node would be deployed in a different computer.
- SERVAL communications protocol defined in ASN.1. The ASN.1 standard is an abstract notation to specify datatypes and it defines the way to convert these datatypes to a stream of bytes to send through a computer network.
- Use of of the Mnesia database. Mnesia is used as backbone to coordinate and synchronize the nodes of the SERVAL server cluster.
- Log system. The server has a log engine to keep track of all the relevant information is wanted to be registered.
- SSL encryption. It has been added the possibility to choose an encrypted link layer in SERVAL communications. The SSL communications use TCP sockets. A ssl certificate has to be provided for the server.
- Authentication system. It has been added a subsystem in the server to let users log in SERVAL. The backend authentication is based on Mnesia tables. The subsystem has been designed to be easily configured to use another backend - LDAP, another database ... -. Currently, two authentication methods are supported:
- Client SSL certificate based. If a SSL connection with the SERVAL server is chosen, SSL certificates can be used to authenticate users by the SERVAL server.
- Plain authentication. Protocol messages for this type of authentication based on login, password mechanism have also been added.
- ACLs for operations. Users have to be authenticated and belong to certain groups to request some operations.
- Dynamic MAC assignation. MAC addresses for the client's virtual network interfaces are asigned by the server at connection time. The MAC assignation engine can be configured to use a static database strategy to assign them or a dynamic one.
- Static MAC assignation strategy consists of specifying a set of MACs to assign to the clients.
- Dynamic MAC strategy consists of assigning MACs from a range specified in a template.
- Keep-alive engine. An engine to monitor the client connection state has been added to the server. With the keep-alive subsystem client crashes can be easily managed and they are deleted from the server when a failure in a client is detected.
- Promiscous mode option. Server support to turn on and off the promiscous mode in a client. With this option turned on a client will receive all the messages sent to any of the clients belonging to the VLANs is connected to.
- GNU plot module. With this module we can observe the number of messages sent and received by the server, the latencies of the messages, etc in real time. It is very useful to check the performance of the server.
- Active node list communication. The server sends to client the list of active nodes the SERVAL server cluster is made up. This list may be used by the client to contact another node in case of a crash of its connection node.
SERVAL client
The SERVAL client has two parts, an Erlang part and a C one. The Erlang part is the
user program. Its purpose is to receive the frames from the
Ethernet virtual network controller and convert them into SERVAL messages. The cited
Ethernet virtual network controller is responsible for controlling the communication between the kernel interface and the
user program.
The main characteristics of the SERVAL client are:
- Use of the Universal TUN/TAP driver. In the client the TAP driver is used, which is a low level kernel module which creates a virtual ethernet interface. Through a device file it is possible to write and read ethernet frames.
- Log system. The serval client has a log engine to keep track of all the events, errors, warnings which happen in execution time.
- Erl interface. This Erlang library is used for the C part to communicate with the Erlang node. The C part appears to the Erlang node as a another Erlang node.
- Keep-alive engine.
- UDP and TCP encapsulation.
- SSL suppport.
- Authentication messages.
- Dynamic getting up and down of the TAP network interface depending on the connection state. If client connects to a SERVAL server it brings up the TAP network interfaces and, on disconnecting, it brings it down.
SERVAL shell client
The client shell is written in Erlang and communicates with the Serval client.
div class="twikiTopicInfo twikiRevInfo twikiGrayText twikiMoved"<&/div>-->
