Faculty of information technology
Download 1.67 Mb. Pdf ko'rish
|
full thesis
5
Implementation 32 5.1 External API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 5.2 User module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 5.3 Customer Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 5.4 Dispatch Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 5.5 Security measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 5.5.1 “Pretending to be a CS” attack . . . . . . . . . . . . . . . . . . . . . 36 5.5.2 IP spoofing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 6 Stress tests 38 6.1 Docker . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 6.2 Fargate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 6.3 Router agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 6.4 Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 6.5 Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 6.6 Measurements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 6.7 Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 6.8 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 7 Conclusion 43 Bibliography 44 2 Chapter 1 Introduction Many industrial routers, spread all over the world, are placed in remote locations where the only way to access the internet is through a mobile connection. When a network administrator needs to access one of these routers, which are often located in busses, trains, mountains, and other places that are difficult to physically access, he faces a problem: mobile devices often do not have public IP addresses. They are hidden behind a network address translation (NAT). Rather than having to always travel to the router or paying more money for a better deal with the internet service provider, the administrator has several choices. He could use IPv6 addresses. Those are more plentiful and they are significantly cheaper. However, since not all internet providers offer IPv6 addresses and the fact that IPv6 NAT also exists, the cheapest and broadly usable solution can often be the use of a virtual private network (VPN). This not only solves the initial problem, but also brings the advantage of higher security. The aim of this diploma thesis is to design and implement a VPN based system that would allow administrators easy access to such routers, and also provided a way to make dynamic changes to the topology of the network. Through clustering routers into groups, the administrator would be able to enable traffic flow between some routers, while denying it elsewhere, without a regard to whether the affected routers are currently online. Further, settings of each LAN interface, of every router, will be managed by a central station, and access into/from the VPN can be granted to devices behind some interfaces and denied to those behind others. Where 2 or more LANs use overlapping ranges of IP addresses, a user may simply set the relevant interfaces into a virtualized mode (on the central station), upon which they will be assigned ranges of virtual addresses, making the local devices addressable from the VPN. Those and many other features are described in greater detail in chapter 2 . In chapter 3 can be found examination of similar existing systems and tools. Their shortcomings and strengths will be evaluated and their usability for our purposes discussed. Chapter 4 lays out a solution that can be used for implementation of the desired sys- tem. Various design choices are presented there and the reasoning behind them explained. Chapter 5 then offers a closer look at a selection of problems that were encountered during implementation and to how they were resolved. Chapter 6 is dedicated to assessment of the created system. Various measurements of performance are conducted and their results discussed. The solution presented in this paper is tailored primarily for use with routers of Ad- vantech manufacturer, nevertheless, every attempt will be made to make it possible to add support for other types of devices in the future. 3 |
Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©fayllar.org 2024
ma'muriyatiga murojaat qiling
ma'muriyatiga murojaat qiling