Faculty of information technology
Download 1.67 Mb. Pdf ko'rish
|
full thesis
- Bu sahifa navigatsiya:
- Operation Implementation
|
4.3
Router management Only those router settings, which are directly tied to the functionality of the VPN controller, will be remotely managed. To implement it, a simple application (user module) shall be created and installed on every router. This application will be handling requests it receives from the Customer Server. The control messages sent between the CS and routers will travel through an encrypted tunnel. As such, a simple TCP connection will be used for communication. At any time there will always be at most 1 TCP connection open with a particular (validated) router. This TCP connection will be closed right after a response from the router is received (or after timeout) and re-opened only when a new request needs to be delivered. To prevent unauthorized devices from manipulating routers through the application, the daemon listening on routers will be bound to tun interface and compare the source address of incoming messages with the one it expects CS to have (always the first address of the virtual network). Whenever a router’s status changes from offline to online, the cs-controller will send him a message, containing all configuration information needed to reach the expected state. This mechanism will, to a limited extent, protect routers’ configuration from unwanted changes by their local administrators. 23 Operation Implementation Create group ∙ Create an IP set. ∙ Insert 1 rule into cs-service chain. ∙ Create a new group chain. ∙ Insert 1 rule into cs-fw chain. Delete group ∙ Remove 1 rule from cs-service chain. ∙ Delete an IP set. ∙ Delete a group chain. ∙ Delete 1 rule from cs-fw chain. Add custom filter ∙ Insert 1 rule into the given group’s chain. Delete custom filter ∙ Delete 1 rule from the given group’s chain. Table 4.2: Implementation of group operations after custom filtering rules are introduced. Download 1.67 Mb. Do'stlaringiz bilan baham: 
|