Over the new few months, I’ll be working on the DNS artitecture of Signposts.

Techincal Setup

• Setting up suitable machines for development
• Installing OCaml compiler, toolclain, package manager
• Get the appropirate libraries, plus the docs/source
• Set up the version control and project docs: code on github, signposts organisation maybe, issues tracking on Github issues
• Finish reading “Real World OCaml” and look at examples of the libraries in use
• Become familiar with the the setup of similar projects: The use of OASIS, OPAM, structure and syntax of Makefiles

Describing Artitecture

• Why use DNS for naming ? what have other related systems used ?
• This is an unusaul use of DNS, how does it affect the infastructure ?
• How do middleboxes manipulate DNS packets ?
• How does TTL 0 affect caching, performance etc ?
• This is the 3rd prototype, how is it different to the first two
• Security properties of the artitecture
• Components of Signposts Naming and interface with tactics engine

Preparation

• Extending the functionality of ocaml-dns : adding a lwt client resolver, EDNS0 extensions, DNSSEC extension (using Cryptokit), any DNS stuff for Signposts that may be useful to other applications
• Using, test and extend the signpost-test-tool, developed by Haris
• Extending the functionality of ocaml-crypto-key, ready for use in Signpost

We’ve entered the Signpost poster into the Computer Laboratory 75th Anniversary Poster Competition

Signpost Poster @ Computer Laboratory 75th Anniversary

I was very fortunate today, to give a talk on Signpost at Open Hardware, Software, Internet & Jobs, after Jon “maddog” Hall. Here are the slides:

This is a guide to the installation of Signpost on a 64 bit edition of ubuntu 12.04.

The steps of the installation process are:

1    install OCaml
2    install and set up OPAM
3    use OPAM to install the latest OCaml compiler and switch to this new compiler version
4    Add the remote repositories required for signposts to OPAM
5    Install the libraries required using OPAM
6    Download the code for signpost
7    Set up vswitch
8    Generate and place keys
9    Install iodine and set up password
10    Run Signposts

1 INSTALLING OCAML
OCaml 3.12.1 is available from the ubuntu repositories, this is not a up to date version of the compiler but it will do to bootstrap the process.

$ sudo apt-get install ocaml

2 INSTALLING & SET UP OPAM

OPAM is a useful package manager for OCaml code such as signposts. To download the initialize:

$ git clone git://github.com/OCamlPro/opam.git
$ cd opam && ./configure && make
$ sudo make install
$ opam init
$ eval ‘opam config -env’
$ echo “$ which opam && eval ‘opam config -env'” >> ~/.profile

3 SWITCH TO LATEST OCAML COMPILER
To see the compiler versions avaliable on OPAM use:

$ opam switch -list

To see the version of the OCaml compiler that is currently in use, use

$ ocaml -version

Then switch the OCaml 4.00.1 using

$ opam switch 4.00.1
$ eval ‘opam config -env’

This process may take quite a while. You can now check the version of OCaml again, it it should show that the PATH is now pointing towards a new OCaml compiler version

4 REMOTE REPOSITORIES

To view the current remote respositories that OPAM is using, enter:

$ opam remote -list

This should give you the following output:

[curl]     default     http://opam.ocamlpro.com

To add the remote respositories required for signposts enter the following:

$ opam remote -kind git -add dev https://github.com/mirage/opam-repo-dev.git
$ opam remote -kind git -add mirage git://github.com/mirage/opam-repo.git

Checking the current remote repositories as before, now returns

[git]       mirage     git://github.com/mirage/opam-repo.git
[git]   mirage-dev     git://github.com/mirage/opam-repo-dev.git
[curl]     default     http://opam.ocamlpro.com

5 INSTALL LIBRARIES

To install the required packages from OPAM and the package manager use:

$ opam install lwt cstruct mirage mirage-net ocamlgraph uri rpc oasis ssl
$ sudo apt-get install libnfnetlink-dev libnl-3-dev libnl-cli-3-dev libnl-genl-3-dev libnl-nf-3-dev libnl-route-3-dev

Some the packages here are not the most upto date, to get the updates

$ git clone https://github.com/crotsos/mirage-platform.git
$ cd mirage-platform/
$ make all install
$ git clone https://github.com/crotsos/mirage-net.git
$ cd mirage-net/
$ make all install
$ git clone https://github.com/crotsos/ocaml-openflow.git
$ cd ocaml-openflow/
$ make all install
$ git clone https://github.com/crotsos/ocaml-dns.git
$ cd ocaml-dns/
$ make all install
$ git clone https://github.com/crotsos/ocaml-crypto-keys.git
$ cd ocaml-crypto-keys/
$ make all install

In the future, you update your packages using:

$ opam update
$ opam upgrade

6 GET SIGNPOST CODE

To download a copy of the Signpost Code using:

$ git clone https://github.com/crotos/signpostd
$ cd signpostd
$ make

7 VSWITCH

$ sudo wget https://www.dropbox.com/s/4n0hwgoycm3838g/openvswitch_mod.ko?dl=1 -O /lib/modules/`uname -r`/extra/openvswitch_mod.ko
$ sudo wget https://www.dropbox.com/s/f7ivv8upe0bfurf/brcompat_mod.ko?dl=1 -O /lib/modules/`uname -r`/extra/brcompat_mod.ko
$ sudo depmod -a
$ modprobe openvswitch_mod
$ sudo modprobe brocompat_mod
$ sudo ovs-vsctl add-br br0
$ sudo ovs-vsctl add-port br0 eth0
$ sudo ifconfig eth0 up
$ sudo ifconfig br0 up
$ sudo ovs-vsctl set-fail-mode br0 standalone
$ sudo ovs-vsctl set-controller br0 tcp:localhost
$ sudo ln -s /etc/init.d/openvswitch-switch /etc/rcS.d/S10openvswitch-switch
$ sudo chmod 777 /etc/network/interfaces
$ echo “pre-up ifconfig eth0 up” >> /etc/network/interfaces

8 KEY GENERATION

For the each client we wish to add to the signposts personal cloud we need to generate a private and associated key. To generate these key we will be using onpenssl. On each client we need to generate the private key and place it into the signposd/conf directory when we need to generate the public key from this and place on the server un signpostd/conf/authorized_keys

on the client

$ openssl genrsa -out conf/signpost.pem 2046

and on the server

$ openssl rsa -in conf/signpost.pem -pubout -out conf/authorized_keys/clientname.pub

9 IODINE

To install iodine from the ubuntu package manager
sudo apt-get install iodine

I am going to work through my last article, where I explained how to generate the required files to run my Java code here 

SETUP

I connect my laptop and android phone to the same Wi-Fi network and get there private IP addresses:

• The server (my laptop) –  192.168.14.245
• The client (my android phone) – 192.168.14.47

IperfOutput.txt 

If ./adb shell returns error:device not found then wait a few seconds before trying again. This is because there can be a slight delay between plugging an android device and its being recognised.

Terminal 1
heidi@ubuntu:~$ cd Downloads/android-sdk-linux/platform-tools/
heidi@ubuntu:~/Downloads/android-sdk-linux/platform-tools$ ./adb shell
# iperf -u -c 192.168.14.245 -t 100
————————————————————
Client connecting to 192.168.14.245, UDP port 5001
Sending 1470 byte datagrams
UDP buffer size:  110 KByte (default)
————————————————————
[  3] local 192.168.14.47 port 52285 connected with 192.168.14.245 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-100.0 sec  12.5 MBytes  1.05 Mbits/sec
[  3] Sent 8918 datagrams
[  3] Server Report:
[  3]  0.0-100.0 sec  12.5 MBytes  1.05 Mbits/sec   1.783 ms   10/ 8918 (0.11%)
[Ctrl-C]

Terminal 2
heidi@ubuntu:~$ cd TestingSignpostAppOutput/
heidi@ubuntu:~/TestingSignpostAppOutput$ iperf -s -u >> IperfOutput.txt
[Ctrl-C]

Everyone who I have spoken to about my work since yesterday, has asked me the same question. Why are you writing this in Java ? The answer is that I am going on the Google European Android Development Camp in a few weeks so I am using Java were possible in my work so that I can get familiar with the basics again.

To ensure that the server (my laptop) and the client (my android phone) can address each other I ensure that they are behind the same NAT so that private IP addresses can be used. This ensures that both devices can initialize an connect with the other

My Java code for analyzing and comparing Signpost Diagnostic Application to the results generated by Iperf and Ping, requires the following files:

• SignOutput.txt – this is generated by the Signpost Diagnostic Application, It can be generated by:
  • Hard coding the server IP address into the application code, found here
  • Uninstall previous versions of the application and connect the android phone via USB
  • Within eclipse, load the application onto the android phone
  • cd into Downloads/android-sdk-linux/platform-tools
  • In another terminal, cd into the location of the demo server and start server using ./server.native
  • use “./adb logcat-s SIGPST >> SignOutput.txt”
  • The location of the file SignOutput.txt is now Downloads/android-sdk-linux/platform-tools, copy the file to /TestingSignpostAppOutput
• IperfOutput.txt – this is generated by a remote shell on the Android phone, it can be generated by:
  • (In terminal 1) cd into Downloads/android-sdk-linux/platform-tools
  • connect android phone via USB
  • use “./adb shell” to start a remote shell
  • in another terminal (terminal 2), cd into /TestingSignpostAppOutput so output file is loaded straight into correct directory
  • (In terminal 2) use  iperf -s -u >> IperfOutput.txt
  • (In terminal 1) use iperf -u -c {insert laptop IP}
• PingDownstreamOutput.txt – this is generated by the server sending pings to the client (the android phone), it can be generated by:
  • cd into  /TestingSignpostAppOutput so output file is loaded straight into correct directory
  • Run a bash script containing the following:
  • #!/bin/bashfor i in {1..10}
    do
    ping {insert phone IP} -c 10 -n -q >>

    PingDownstreamOutput.txt;
    done

• PingUpstreamOutput.txt – this is generated by the client (android phone) sending pings to the server, it can be generated by:
  • cd into Downloads/android-sdk-linux/platform-tools
  • Save a bash script (lets call it pingUp) containing the following
  • #!/bin/bashfor i in {1..10}
    do
    ping {insert laptop IP} -c 10 -n -q >>

    PingUpstreamOutput.txt;
    done

  • Connect android phone via USB and copy script to SD cards using  “./adb push pingUp / sdcard/   “
  •  use “./adb shell” to start a remote shell
  • In the remote shell cd into /sdcard
  • In the remote shell run the script using ./pingUp
  • exit the remote shell
  • cd into  /TestingSignpostAppOutput
  • copy the PingUpstreamOutput.txt file to the laptop from the android phone using “./adb pull /sdcard/PingUpstreamOutput.txt

Once you have generated all of these files then you can run my program SignpostOutputAnalysis.java found here which should output the average true and estimated latency, goodput and jitter.
The code in SignpostOutputAnalysis.java is still incomplete and untested, I also have not yet tested my instructions for generating the correct files at the correct locations for the java code to be ran. I will be doing this testing next…

Now its time for me to collect data from the Signpost Diagnostics Application and Iperf to see if there is a statistically significant difference between the Latency and Goodput data from the two applications. [Jitter will soon be added to the application so I will need to go back the test that]

THE PLAN…

Part A – Data from Signpost Application

1. Connect the android phone (the client) and laptop (the server) to Internet in such a way that they are behind the same NAT box, so the client can initiate a connection with the server from a private IP address
2. Set up the OCaml Server running on my laptop
3. Change in client IP address in the client code and load onto android phone
4. Running client with server, collecting data whilst viewing output from log files

Part B – Latency data from Ping

1. Workout how to send pings bothways
2. Workout how to use ping to get RRT bothways
3. Collect some data on latency

Part C – Compare Data from Signposts Application and Ping

1. Extract sufficient data from both methods
2. Get data from both method into a suitable format
3. If required, convert units for latency so all data in same units
4. Compare data
5. Answer the Question: Is there a significant difference between the data collected by Ping (assumed to be accurate) and the Signpost Application

AND THE REALITY…

Part A

I’ve just been send the most recent version of the Signpost Diagnostics Application as a .apk file. I uninstall the old version of the application using the Android GUI and install the new version using:

I quick come to realize that the above is stage is useless. It will correctly install an application from the .apk file but I need to be able to edit the code of the application so that I can set the client IP address at a later stage

I connect both the client and server to the same Wi-FI network so that the client will be able in initiate an connection with the server

As per usual, to start up the OCaml Server, I will do

I uninstalled the last Signpost Application, change the IP address in the code and load onto phone, via Eclipse using the run as dialogue.

Pressing start on the Android application triggers a connection to be initiated with the server, this is successful as the sever outputs a link detailing the android phones name, IP address and port number used.

I can view the logs for this application live, using:

./adb logcat-s SIGPST

To filter the output of logcat, I use the arguments -s SIGPST, this gives me a log output such as:

I/SIGPST  ( 1520): Received Latency Upstream: 25500
I/SIGPST  ( 1520): Received Goodput Downstream: 4026
I/SIGPST  ( 1520): Received Latency Downstream: 6008
I/SIGPST  ( 1520): Received Goodput Downstream: 1262925
I/SIGPST  ( 1520): Received Latency Upstream: 49000
I/SIGPST  ( 1520): Received Goodput Downstream: 4787
I/SIGPST  ( 1520): Received Latency Downstream: 10376
I/SIGPST  ( 1520): Received Latency Upstream: 50000
I/SIGPST  ( 1520): Received Goodput Downstream: 2735
I/SIGPST  ( 1520): Received Latency Downstream: 17004
I/SIGPST  ( 1520): Received Latency Upstream: 46500
I/SIGPST  ( 1520): Received Goodput Downstream: 4461
I/SIGPST  ( 1520): Received Latency Downstream: 4463
I/SIGPST  ( 1520): Received Goodput Downstream: 799720
I/SIGPST  ( 1520): Received Latency Upstream: 51000
I/SIGPST  ( 1520): Received Goodput Downstream: 3684
I/SIGPST  ( 1520): Received Latency Downstream: 6875
I/SIGPST  ( 1520): Received Latency Upstream: 307000
I/SIGPST  ( 1520): Received Goodput Downstream: 4670
I/SIGPST  ( 1520): Received Latency Downstream: 8749
I/SIGPST  ( 1520): Received Latency Upstream: 16500
I/SIGPST  ( 1520): Received Goodput Downstream: 2652
I/SIGPST  ( 1520): Received Latency Downstream: 6795
I/SIGPST  ( 1520): Received Goodput Downstream: 24060150
I/SIGPST  ( 1520): Received Latency Upstream: 72500
I/SIGPST  ( 1520): Received Goodput Downstream: 4190
I/SIGPST  ( 1520): Received Latency Downstream: 6809

A quick code inspection, highlights that the latency values are divided by 1000 to be converted into secs, which means that the latency values here are in ms
I will look at how to convert this to a more convenient form in part 3

I can append the output to the file Signoutput.txt using “>> Signoutput.txt”

I have added a sample of Signoutput.txt here 

Part B

I open a remote shell on the android phone using ./adb shell, I then use the ping unix commend from the client to the server, and i get an output such as

24 packets transmitted, 24 received, 0% packet loss, time 23070ms
rtt min/avg/max/mdev = 35.614/90.183/297.302/51.944 ms

The latency will be half the RRT so here it is 45.0915 ms

Then repeating the test from the server to the client and i get an output such as

43 packets transmitted, 40 received, 6% packet loss, time 42070ms
rtt min/avg/max/mdev = 33.371/93.812/241.825/45.579 ms

So the latency is similar to before at 46.906 ms

Now I want to collect the data from the ping output, so I wrote the following bash script to do this:

#!/bin/bash

for i in {1..10}
do
ping 192.168.14.47 -c 10 -n -q >> Pingoutput.txt;
done

This sents 100 pings, in 10 sets of 10 and sent the results of the 10 test to a file called Pingoutput.txt
The first line “#!/bin/bash” mean that this is a bash script, the ping argument “-c 10” means said 10 pings and “-q” means quiet output. >> means append to file.

I’ve added a sample of Pingoutput.txt here

Part C

To analysis the output files, I have written the Java code here. Currently this code is untested