DOCSLIB.ORG

Through the Looking-Glass, and What Eve Found There

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Through the Looking-Glass, and What Eve Found There Through the Looking-Glass, and What Eve Found There Luca Bruno, Mariano Graziano, Davide Balzarotti, Aurelien´ Francillon EURECOM ffirstname.lastnameg@eurecom.fr Abstract of software flaws and widespread misconfigurations in “looking-glass” software that offers limited web-access Looking-glasses are web applications commonly de- to backbone routers. ployed by Autonomous Systems to offer restricted web The paper is organized as follow. In Section1 we access to their routing infrastructure, in order to ease re- introduce the concept of “looking-glass” software as a mote debugging of connectivity issues. In our study, we public-access network debug tool, and its typical code looked at existing deployments and open-source code to architecture. Then, in Section3 we outline a possible assess the security of this critical software. As a result, threat model, along with some of the most severe men- we found several flaws and misconfigurations that can be aces. Furthermore, in Section4 and5 we present the re- exploited to escalate from a web attack to a remote com- sults of the software review we did, and we describe the mand execution on backbone routers. indirect experiments we performed to confirm our find- This paper summarises the results of our study, and ings. The most relevant statistics and results of our ex- shows how even an attacker with very limited resources periments are shown in Section6, along with an empir- can exploit such flaws in operators’ networks and gain ical rough estimation of BGP injection feasibility, based access to core Internet infrastructure. Depending on sys- on historical records. Finally, Section8 summarises our tems configuration, these attacks may result in traffic dis- findings and give some insights on the current state of the ruption and global BGP routes injection, with severe im- Internet infrastructure. plications for the security of the Internet. 2 Background 1 Introduction An AS infrastructure is composed of several network ser- The Internet is composed by a large number of Autonou- vices, each handled by different systems and devices. mous Systems (AS) which cooperate to exchange and For the purposes of this paper, we will limit our focus carry data across their links. Several intra- and extra- to just two categories of systems that are strictly related AS routing protocols running on backbone routers are to Internet routing: backbone BGP routers and Linux- responsible for distributing routes in the control plane, based route servers. across the world. Some of those protocols, however, have not been designed with security in mind and are not • Backbone routers specifically resilient against malicious agents [1]. The worldwide Internet backbone is run on top For example, the Border Gateway Protocol (BGP) [2] of dedicated network devices capable of acceler- takes care of extra-AS routes distribution, but any mali- ated packet routing in the data-plane, using custom cious or wrongly configured AS can hijack and re-route ASICs and dedicated hardware. prefixes owned by other ASes. Therefore, most of In- These devices run a custom OS and control-plane ternet routing relies on the assumption that no malicious stack which is responsible for computing the rout- BGP routers are ever allowed to announce bogus routes, ing topology, e.g., by participating in BGP sessions and that the existing routers are benign and properly se- with neighbors. In addition, all these devices have cured. one or more interfaces for remote and out-of-band The aim of our study is to show how these assumptions (OOB) administration, like a telnet service, a SSH do not hold true in the real-world, by focusing on a series service, or a remote serial port. The access to these AS64497 AS64496 Private net Public net Internet NOC NOC AS64498 Public web (looking-glass) Private admin (telnet/SSH) NOC Public IP (data+BGP) Figure 1: Looking glass architecture. interfaces should be strictly restricted to Network Looking glass Language Release (date) Operations Center (NOC) operators and authorized Cougar-LG [6] Perl 1.9 (2004-11-25) AS personnels. Cistron-LG [7] Perl 1.01 (1997-10-21) • Route servers MRLG [8] Perl 5.4.1 (2007-08-30) Routing software exists for traditional Linux- MRLG4PHP [9] PHP 1.0.7 (2007-10-11) based servers to establish BGP sessions with other routers and servers. Two prominent examples are Telephone [10] PHP 1.2.0 (2012-10-01) Quagga [3] and Xorp [4], which are used by several operators and are under active development. Table 1: Open-source looking-glass software. The usages of route servers are multiple, from pro- viding a read-only copy of the global BGP table to tional utilities for latency and traceroute measurements. allowing scripting of BGP rules (e.g., by using tra- Figure1 briefly shows their typical architecture and de- ditional UNIX utilities). Also these servers can be ployment. accessed out-of-band by AS personnel, via telnet or We decided to focus our attention on looking-glass SSH. software, as most of them are small and old web- Some public services exist, like the Route Views applications that have been last updated in early 2000s. project [5], which provide unrestricted telnet access In this paper we analyse what we found to be the most to their route servers to expose a read-only copy of commonly used open-source software looking-glasses, the BGP table to analysts and researchers. How- as listed in Table1. ever, those services are purposefully meant for pub- lic access, and are therefore outside the scope of this paper. 3 Threat model When debugging BGP routing problems, NOC oper- A looking-glass is an often overlooked critical part of an ators are often facing issues affecting only a few ASes. operator infrastructure, as it sits at the border between the Such problems are harder to debug due to the lack of a public web and restricted admin consoles. As such, the view on the remote routing table. threat model encompasses both the typical web security For this reason, a new category of web-applications scenario and some more custom networking threats. emerged in the ’90s to permit a restricted set of opera- We categorized some of the most relevant issues as tions on AS routers and route servers by the large public, follow: over the web. This kind of software is usually referred as “looking-glass”, as it offers a local observation point to • Reverse Cross-Channel Scripting (Reverse-XCS) remote network engineers. Reverse-XCS are defined by Bojinov et al. [11] as Looking-glasses are web scripts, usually implemented “the use of web interface to eventually attack a non- in Perl or PHP and directly connected to routers admin web channel”. interfaces (i.e., telnet or SSH). These scripts are designed In our scenario, this translates to two relevant cases: to relay textual commands from the web to the router and print back the router’ replies. They run on top of com- – Malicious command injection mon Linux/Apache stacks, and sometimes provide addi- Bypassing a weak or non-existent commands 2 sanitization, an attacker may trick the looking- as plain-text to anyone querying the proper URL. By in- glass into sending malformed commands to a specting source code and looking at default file names, it router console, e.g., to trigger a DoS on the is possible to guess the URL of configuration files and, if control-plane. not properly protected, retrieve them. – Routing Information Base (RIB) manipulation Finally, some software allows advanced authentication By exploiting flaws in the looking-glass, an at- methods, for example by using SSH public/private key- tacker may inject arbitrary commands to ma- pairs instead of cleartext passwords. In this case, the nipulate the RIB on the router, e.g., by chang- path to the SSH key is stored in the configuration files, ing the BGP configuration. If the attacked instead of the full passwords. However, the SSH keys router relays its topology to neighboring ASs, themselves could be stored by mistake in the same path, this may also affect remote networks. openly readable to the entire world. • Web flaws 4.2 Poor network policies Typical web threats applies here too. In particular, we highlight two of the most relevant cases: Backbone routers are parts of a critical infrastructure and as such their admin interfaces have to be properly se- – Exposed routers credentials cured. Cisco’s own best practices [13], for example, rec- The configuration files of a looking glass con- ommend exposing consoles only over out-of-band loop- tain IP addresses, usernames, and passwords back interfaces, unreachable from the public Internet in cleartext. If not properly secured, an at- (e.g., by using private addresses and placing them in ded- tacker may be able to gather credentials by icated admin VLANs). guessing the URLs of configuration files. However, some operators may decide to put loopback interfaces on publicly routable networks, or to expose ad- – Cookies stealing via XSS ministration services on all router’s interfaces. In such Even though looking-glass applications are cases, a remote attacker may be able to directly login usually unauthenticated, an attacker may ex- onto them, e.g., by using stolen credentials. ploit XSS flaws in them to gather admin cook- ies for other administration web-applications served under the same-origin domain. 4.3 Web security It is usually recommended that actionable web applica- 4 Threat Analysis tions make use of captcha or other automation blocker to avoid scripted attacks [14]. While this may not look like 4.1 Misconfigurations a big issue for looking-glasses, the lack of this counter- measure can effectively help an attacker to automatically Misconfiguration or improper access control of resources map resources in an AS infrastructure and scan them for are two of the most basic, yet important, issues for web information gathering.
Load more
Loading...
Loading...
Loading...
Loading...
Loading...

3 pages remaining, click to load more.

Recommended publications
  • "Mutually Controlled Routing with Independent Isps"
    Mutually Controlled Routing with Independent ISPs Ratul Mahajan David Wetherall Thomas Anderson Microsoft Research University of Washington University of Washington and Intel Research Abstract – We present , an Internet routing pro- Our intent is to develop an interdomain routing proto- Wiser tocol that enables ISPs to jointly control routing in a way col that addresses these problems at a more basic level. that produces efficient end-to-end paths even when they We aim to allow all ISPs to exert control over all routes act in their own interests. is a simple extension to as large a degree as possible, while still selecting end- Wiser of BGP, uses only existing peering contracts for mone- to-end paths that are of high quality. This is a difficult tary exchange, and can be incrementally deployed. Each problem and there are very few examples of effective me- ISP selects paths in a way that presents a compromise diation in networks, despite competitive interests having between its own considerations and those of other ISPs. long been identified as an important factor [8]. Done over many routes, this allows each ISP to improve While it is not a priori obvious that it is possible to its situation by its own optimization criteria compared to succeed at this goal, our earlier work on Nexit [28] sug- the use of BGP today. We evaluate using a router- gests that efficient paths are, in fact, a feasible outcome of Wiser level prototype and simulation on measured ISP topolo- routing across independent ISPs in realistic network set- gies. We find that, unlike Internet routing today, tings.
    [Show full text]
  • Openflow: Enabling Innovation in Campus Networks
    OpenFlow: Enabling Innovation in Campus Networks Nick McKeown Tom Anderson Hari Balakrishnan Stanford University University of Washington MIT Guru Parulkar Larry Peterson Jennifer Rexford Stanford University Princeton University Princeton University Scott Shenker Jonathan Turner University of California, Washington University in Berkeley St. Louis This article is an editorial note submitted to CCR. It has NOT been peer reviewed. Authors take full responsibility for this article’s technical content. Comments can be posted through CCR Online. ABSTRACT to experiment with production traffic, which have created an This whitepaper proposes OpenFlow: a way for researchers exceedingly high barrier to entry for new ideas. Today, there to run experimental protocols in the networks they use ev- is almost no practical way to experiment with new network ery day. OpenFlow is based on an Ethernet switch, with protocols (e.g., new routing protocols, or alternatives to IP) an internal flow-table, and a standardized interface to add in sufficiently realistic settings (e.g., at scale carrying real and remove flow entries. Our goal is to encourage network- traffic) to gain the confidence needed for their widespread ing vendors to add OpenFlow to their switch products for deployment. The result is that most new ideas from the net- deployment in college campus backbones and wiring closets. working research community go untried and untested; hence We believe that OpenFlow is a pragmatic compromise: on the commonly held belief that the network infrastructure has one hand, it allows researchers to run experiments on hetero- “ossified”. geneous switches in a uniform way at line-rate and with high Having recognized the problem, the networking commu- port-density; while on the other hand, vendors do not need nity is hard at work developing programmable networks, to expose the internal workings of their switches.
    [Show full text]
  • Virtually Eliminating Router Bugs
    Virtually Eliminating Router Bugs Eric Keller∗ Minlan Yu∗ Matthew Caesar† Jennifer Rexford∗ ∗ Princeton University, Princeton, NJ, USA † UIUC, Urbana, IL, USA ekeller@princeton.edu {minlanyu, jrex}@cs.princeton.edu caesar@cs.uiuc.edu ABSTRACT 1. INTRODUCTION Software bugs in routers lead to network outages, security The Internet is an extremely large and complicated dis- vulnerabilities, and other unexpected behavior. Rather than tributed system. Selecting routes involves computations across simply crashing the router, bugs can violate protocol se- millions of routers spread over vast distances, multiple rout- mantics, rendering traditional failure detection and recovery ing protocols, and highly customizable routing policies. Most techniques ineffective. Handling router bugs is an increas- of the complexity in Internet routing exists in protocols im- ingly important problem as new applications demand higher plemented as software running on routers. These routers availability, and networks become better at dealing with tra- typically run an operating system, and a collection of proto- ditional failures. In this paper, we tailor software and data col daemons which implement the various tasks associated diversity (SDD) to the unique properties of routing proto- with protocol operation. Like any complex software, routing cols, so as to avoid buggy behavior at run time. Our bug- software is prone to implementation errors, or bugs. tolerant router executes multiple diverse instances of routing software, and uses voting to determine the output to publish 1.1 Challenges in dealing with router bugs to the forwarding table, or to advertise to neighbors. We de- sign and implement a router hypervisor that makes this par- The fact that bugs can produce incorrect and unpredictable allelism transparent to other routers, handles fault detection behavior, coupled with the mission-critical nature of Inter- and booting of new router instances, and performs voting in net routers, can produce disastrous results.
    [Show full text]
  • IEEE Workshop on Open-Source Software Networking (OSSN) CALL for PAPERS
    IEEE Workshop on Open-Source Software Networking (OSSN) CALL FOR PAPERS SEOUL, KOREA – June 6 2016 http://opennetworking.kr/ossn The IEEE International Workshop on Open-Source Software Networking (OSSN 2016) will be held on June 6, 2016 in Seoul Korea along with the 2nd IEEE International Conference on Network Softwarization (NetSoft 2016, sites.ieee.org/netsoft). The OSSN workshop aims to provide a venue for sharing experiences on developing and operating open-source software-centric networking tools and platforms. It intends to cover various aspects for open-source collaboration community of professionals from academia and industry. Full and short (work-in-process) papers are solicited to discuss experiences on development, deployment, operation, and experimental studies around the overall lifecycle of open-source software networking. Topics of Interest Authors are invited to submit papers that fall into any topics related with open-source software networking. Topics of interest include, but are not limited to, the following: • SDN (Software Defined Networking): ONOS, Open Daylight, Ryu, … • NFV (Network Function Virtualization): OPNFV, OpenMano, … • Switching: Open vSwitch, Open Switch, Open Network Linux, Indigo, … • Routing: Click, Zebra, Quagga, XORP, VyOS, Project Calico, … • Wireless: OpenLTE, OpenAirInterface, … • Cloud and Analytics: OpenStack Neutron, Docker networking, Hadoop, Spark, … • Monitoring and Messaging: Catti, Nagios, Zabbix, Zenoss, Ntop, Kafka, RabbitMQ, … • Security and Utilities: Snort, OpenVPN, Netfilter, IPtables, Wireshark, NIST Net, … • Development and Simulation: NetFPGA, GNU radio, ns-3, … Paper Submission Authors are invited to submit only original papers (written in English) not published or submitted for publication elsewhere. Full papers can be up to 6 pages while short (work-in-progress) papers are up to 4 pages.
    [Show full text]
  • The Dawn of Open-Source Routing
    VYATTA, INC. | Release Notes Vyatta Release 2.0 February 2007 Document Part No. A0-0081-10-02 Vyatta Suite 160 One Waters Park Drive San Mateo, CA 94403 vyatta.com VYATTA, INC. | Release Notes Contents • New in This Release • Behavior Changes • Upgrade Notes • Resolved Issues • Known Issues New in This Release • IPsec VPN. This release introduces support for IPsec VPN. This IPsec VPN implementation allows small to large enterprises and enterprise branch offices to deploy a high-performance, robust, integrated routing and security solution for site-to-site secure communications. Vyatta’s implementation employs standard cryptographic and hash algorithms and is interoperable with other standards-based IPsec VPN products. • Bug fixes. A number of issues have been resolved with Release 2.0. A summary list of these is provided in the “Resolved Issues” section, which begins on page H2. Behavior Changes There are no behavior changes in this release. Upgrade Notes Release 1.1.2 can be upgraded to Release 2.0 using an ordinary package upgrade. Release 2.0 configuration files are not compatible with configuration files from Release 1.0.3 and earlier. Therefore, existing configurations from Release 1.0.x must be migrated to the new release. Users are strongly urged to consult the Release 2.0 upgrade procedure available in the Subscription Knowledge Base located on the Vyatta Customer Care Center web site (http://www2.vyatta.com/support) for instructions on how to most easily migrate existing Release 1.0.x configurations to Release 2.0. /..1 VYATTA,
    [Show full text]
  • Open Source Software for Routing a Look at the Status of Open Source Software for Routing
    APNIC 34 Open Source Software for Routing A look at the status of Open Source Software for Routing Martin Winter OpenSourceRouting.org 1 Who is OpenSourceRouting Quick Overview of what we do and who we are www.opensourcerouting.org ‣ Started late summer 2011 ‣ Focus on improving Quagga ‣ Funded by Companies who like an Open Source Alternative ‣ Non-Profit Organization • Part of ISC (Internet System Consortium) 2 Important reminder: Quagga/Bird/… are not complete routers. They are only the Route Engine. You still need a forwarding plane 3 Why look at Open Source for routing, Why now? Reasons for Open Source Software in Routing 1 Popular Open Source Software Overview of Bird, Quagga, OpenBGPd, Xorp 2 Current Status of Quagga Details on where to consider Quagga, where to avoid it 3 What Open Source Routing is doing What we (OpenSourceRouting.org) do on Quagga 4 How you can help Open Source needs your help. And it will help you. 5 4 Reasons why the time is NOW A few reasons to at least start thinking about Open Source Could be much cheaper. You don’t need all the Money features and all the specialized hardware everywhere. All the current buzzwords. And most of it started SDN, with Open Source – and is designed for it. Does Cloud, .. your vendor provide you with the features for new requirements in time? Your Missing a feature? Need a special feature to distinguish from the competition? You have access Features to the source code. Not just one company is setting the schedule on Support what the fix and when you get the software fix.
    [Show full text]
  • Tutorial on Openflow, Software Defined Networking (SDN) and Network Function Virtualization (NFV)
    OpenFlow,OpenFlow, SoftwareSoftware DefinedDefined NetworkingNetworking (SDN)(SDN) andand NetworkNetwork . FunctionFunction VirtualizationVirtualization (NFV)(NFV) SDN=Standard Southbound API SDN = Centralization of control plane SDN=OpenFlow SDN = Separation of Control and Data Planes Raj Jain Washington University in Saint Louis Saint Louis, MO 63130, Jain@cse.wustl.edu Tutorial at IEEE International Conference on Communications (ICC) 2014, Sydney, Australia, June 14, 2014 These slides and audio/video recordings of this tutorial are at: http://www.cse.wustl.edu/~jain/tutorials/icc14.htm Washington University in St. Louis http://www.cse.wustl.edu/~jain/tutorials/icc14.htm ©2014 Raj Jain 1 OverviewOverview 1. OpenFlow and Tools 2. Software Defined Networking (SDN) 3. Network Function Virtualization (NFV) Washington University in St. Louis http://www.cse.wustl.edu/~jain/tutorials/icc14.htm ©2014 Raj Jain 2 PartPart I:I: OpenFlowOpenFlow andand ToolsTools Planes of Networking OpenFlow OpenFlow Switches including Open vSwitch OpenFlow Evolution OpenFlow Configuration Protocol (OF-Config) OpenFlow Notification Framework OpenFlow Controllers Washington University in St. Louis http://www.cse.wustl.edu/~jain/tutorials/icc14.htm ©2014 Raj Jain 3 PartPart II:II: SoftwareSoftware DefinedDefined NetworkingNetworking What is SDN? Alternative APIs: XMPP, PCE, ForCES, ALTO RESTful APIs and OSGi Framework OpenDaylight SDN Controller Platform and Tools Washington University in St. Louis http://www.cse.wustl.edu/~jain/tutorials/icc14.htm ©2014
    [Show full text]
  • An Architecture for Multicasting Using Private Tunnel
    An Architecture for Multicasting using Private Tunnel Thesis submitted in partial fulfillment of the requirements for the award of degree of Master of Engineering in Software Engineering Submitted By Amandeep Singh Sidhu (Roll No. 801131002) Under the supervision of: Dr. Neeraj Kumar Assistant Professor COMPUTER SCIENCE AND ENGINEERING DEPARTMENT THAPAR UNIVERSITY PATIALA – 147004 June 2013 i | P a g e Acknowledgement My time as a postgraduate student at Thapar University, Patiala is supported by many kind people. This page attempts to recognize those who have been most helpful along the way. First of all, I thank God for providing me such an opportunity and support. I am deeply indebted to my supervisor, Dr. Neeraj Kumar. His advice, support and kind encouragement on thesis and professional issues have effectively guided me to the right path. He always led my research papers to clear, smart and effective ones. Without him this thesis would not be possible. Thanks to all members of Thapar University. Dr Maninder Singh, Head of Computer Science Department, for his kind support and directing me in field of research based on his extensive knowledge. All staff members of Computer Science and Engineering Department for providing me all the resources required for the completion of my thesis. I would like to thank my friends, Rajinder Singh Sidhu and Amritpal Singh for their moral and technical support. They always encourage me when I needed the most. Outside the Computer Science and Engineering Department, I benefited from time spent with friends especially Atul Sharma , Mandeep Singh and Gurusharan Virk. Interdisciplinary discussion with these friends has given me many new ideas and perspectives to work on my thesis.
    [Show full text]
  • Brocade 5600 Vrouter Basic System Configuration Guide, V4.2R1
    CONFIGURATION GUIDE Brocade 5600 vRouter Basic System Configuration Guide Supporting Brocade 5600 vRouter 4.2R1 53-1004247-01 16 May 2016 © 2016, Brocade Communications Systems, Inc. All Rights Reserved. Brocade, Brocade Assurance, the B-wing symbol, ClearLink, DCX, Fabric OS, HyperEdge, ICX, MLX, MyBrocade, OpenScript, VCS, VDX, Vplane, and Vyatta are registered trademarks, and Fabric Vision is a trademark of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned may be trademarks of others. Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government. The authors and Brocade Communications Systems, Inc. assume no liability or responsibility to any person or entity with respect to the accuracy of this document or any loss, cost, liability, or damages arising from the information contained herein or the computer programs that accompany it. The product described by this document may contain open source software covered by the GNU General Public License or other open source license agreements. To find out which open source software is included in Brocade products, view the licensing terms applicable to the open source software, and obtain a copy of the programming source code, please visit http://www.brocade.com/support/oscd.
    [Show full text]
  • IB7200 - Connectivity in ICT4D
    IB7200 - connectivity in ICT4D Lecture 3 DNS - domain name system Mapping name and ipnumbers. Forward: name to number nic.lth.se. IN A 130.235.20.3 Reverse: number to name 3.20.235.130.in-addr.arpa. IN PTR nic.lth.se. DNS lookup Routing protocols Packets need to find way through net Static routing: Each way is added manually. Normally don’t use, gets messy very soon… Instead use dynamic routing Routing info protocol (RIP) Simple, early protocol. Distance vector. (low overhead) Rip v2 better. Never use rip v1. Avoid rip v2 Dynamic routing - OSPF Open Shortest Path First (OSPF) Used inside organisation. Very stable and compatible between vendors. Uses link state algoritm: All routers know the whole topology. Requires more computational power (no problem today) Border Gateway Protocol (BGP) Used between organizations (borders) Between autonomous systems (AS) Each AS has a number 0-65000 Can decide “policy routing” like not allowing traffic from some AS. My ORG Other ORG BGP OSFP AS y AS x Summary Use OSPF internally + BGP externally External AS2 External AS1 BGP BGP OSFP Multicast Send to many on a network. Internet Group Management Protocol (IGMP). Adresses 224.0.0.0 to 239.255.255.255 PIM - protocol independent multicast Within an organisation Multicast Source Discovery Protocol (MSDP) Between organisations IPv6 128 bit addreses. Written in hex. 2001:6b0:1:1d20:214:c2ff:fe3a:5eec/64 64 bit net + 4 bit host Host is normally 12 bit fill + 48 bit mac-addr Each “nibble” (character) is 4 bit KTH has 2001:6b0:1::/48 2001:06b0:0001 ie we have 2^18 networks each with 2^64 hosts… Wireless Local area - WiFi - WLAN 802.11* Metro - WIMAX 802.16 Wide area - GPRS: GSM, UMTS-3G VSAT - slow expensive but necesary in some places.
    [Show full text]
  • Openflow Controllers and Tools
    OpenFlowOpenFlow ControllersControllers andand ToolsTools OpenFlow Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu These slides and audio/video recordings of this class lecture are at: http://www.cse.wustl.edu/~jain/cse570-13/ Washington University in St. Louis http://www.cse.wustl.edu/~jain/cse570-13/ ©2013 Raj Jain 15-1 OverviewOverview 1. OpenFlow Controllers 2. Software Routing Platform 3. OpenFlow Related Tools Washington University in St. Louis http://www.cse.wustl.edu/~jain/cse570-13/ ©2013 Raj Jain 15-2 OpenFlowOpenFlow ControllersControllers 1. NOX 2. POX 3. SNAC 4. Beacon 5. Trema 6. Maestro 7. Floodlight Many more…This is not a complete list. Washington University in St. Louis http://www.cse.wustl.edu/~jain/cse570-13/ ©2013 Raj Jain 15-3 NOXNOX One of the first open source OpenFlow controllers Developed by Nicira and donated to research community in 2008 Supported by ON.LAB at Stanford and by UC Berkeley and ICSI Provides a C++ API for OpenFlow 1.0 Both a controller and a framework for developing OpenFlow applications Includes sample components for topology discovery, learning switch, network-wide switch Superseded by POX Ref: http://www.noxrepo.org/forum/ Washington University in St. Louis http://www.cse.wustl.edu/~jain/cse570-13/ ©2013 Raj Jain 15-4 POXPOX Python-based newer version of NOX. Platform for rapid development of network control software using Python OpenFlow controller plus a framework for interacting with OpenFlow switches, debugging, network virtualization, … Reusable components for path selection, topology discovery Supports the same GUI and visualization tools as NOX Runs on Linux, MACs, Windows and can be bundled with install-free PyPy runtime for easy deployment Ref: http://www.noxrepo.org/pox/about-pox/ Washington University in St.
    [Show full text]
  • Dual-Booting Windows 7 and Ubuntu 10.10
    Dual-booting Windows 7 and Ubuntu 10.10 http://www.linuxbsdos.com/2011/01/28/dual-booting... Didn't find what you were looking for? Click Questions & Answers to ask a question. Good answers await. Latest Reviews & Tutorials How to install Linux Mint 11 on a btrfs file system May 30, 2011 Like Ubuntu 11.04 on which it is based, Linux Mint 11 has support for btrfs, a modern journaling file system with features that are not available on the default file system on Linux. For example, with btrfs, you can: Writable snapshots Subvolumes... More Dual-booting Windows 7 and Ubuntu 10.10 Tutorials/Tips, ubuntu | January 28, 2011 3:31 pm Previous« 1 2 3 »Next On the Add New Entry tab, click on the Linux/BSD tab. For Type, select “GRUB 2″ from the menu. That is all you need to change. Click on Add Entry button, then click on the Edit Boot Menu tab to view your handiwork. MORE IN TUTORIALS/TIPS 1 of 16 07/05/2011 02:51 PM Dual-booting Windows 7 and Ubuntu 10.10 http://www.linuxbsdos.com/2011/01/28/dual-booting... You should see this. You may change the boot order if you wish. Exit EasyBCD, then reboot. MORE IN TUTORIALS/TIPS How to install Linux Mint Debian Edition on an encrypted LVM file system Linux Mint Debian Edition (LMDE) is the edition of Linux Mint that is based on Debian Testing. Like the edition ... 2 of 16 07/05/2011 02:51 PM Dual-booting Windows 7 and Ubuntu 10.10 http://www.linuxbsdos.com/2011/01/28/dual-booting..
    [Show full text]