ABone Architecture and Operation

ABCd — ABone Control Daemon• Server for remote EE management

• On-demand EE initiation and termination• Automatic EE restart (permanent EEs)• Java and C debugging support

• Node management support• File upload/download• Script execution (management “EE-lets”)

• Self-management capabilities• Event logging and status reporting• Reconfiguration and restart

• Supports the ABone security model• Runs as an ordinary, unprivileged user

Netiod — Network I/O Daemon• Packet I/O service for EEs and AAs

• Implements Node OS channel abstraction• Uniform I/O interface across node OSs• Supplements OS kernel filtering capabilities• Normally runs as a root-privileged service• Can run in user space

ABone Registry• Central database maintained by ABOCC• User contact data and public authentication keys• Core node information• Trusted code server data• Access control (ACL/TCL) data

• Features• User self-service for contact data, keys, and nodes• Administrative functions for ABOCC• Secure Web interface

• ABone support functions• Automated ACL/TCL generation and distribution• Node and contact lists to support monitoring tools

Usability Features

ABCd Client GUI• Guided command construction

• Context-sensitive menus• Intuitive explanations• No syntax to learn

• Command history and recall• Uses ABCd client Java API

• Modular library implementation• Supports custom client development

ABoneShell• Client/server extensions to ABCd• Simplifies common tasks

• EE management• File transfer• Problem diagnosis

• Client user interface• Unix shell-like command tool• Scripting capabilities• Command history and recall

• Remote server extension• Special-purpose EE-let• Transparently invoked

ABoneMonitor• Web-based node and EE monitor• Real-time ABone status reporting• Graphical summary views

• Permanent EE topologies• Whole ABone

• Table-based detailed views• Node liveness• ABCd status• EE and AA status

High-Level Design

• Core nodes• Centrally administered community resource• Required to be continually available• Support multiple EE topologies in permanent configurations

• Edge nodes• Private nodes controlled by individual developers• Not registered as part of the testbed• Dynamically join and leave permanent EE topologies

Composed of Two Node Types

• Active Applications (AAs): Java and C (EE-dependent)• Execution Environments (EEs): Java and C• Node Operating System (Node OS): Unix/POSIX-based

Based on the Active Networks Reference Architecture

• Active Applications (AAs)• Fundamental unit of network programming• AA code may migrate from node to node

• Execution Environments (EEs)• Environment for AA execution• Stable part of active node software

• Node Operating System (Node OS)• Environment for EE execution• Permanent part of active node software

. . .

Node OS

EE

AAAA . . .

EE

AA AA . . .

Reference Architecture for Active NodesDeveloped by the Active Networks

Community

ABone Security Model• Trusted EEs, untrusted AAs

• All code executed within ordinary Unix user accounts• EEs may be downloaded only from trusted servers• EE code trusted not to be malevolent• AA trust requirements EE-dependent

• Access controls• ACL files control who may perform what operations• TCL files control who may use which EE code servers

• File integrity• Guarded by Unix file permission rules• Security-critical files strictly separated from EE/AA files

• Node access• ABOCC trusted to maintain ACL/TCL files• Node administrators control root access

ABone Node Architecture

Authentication &Access Control

Command Processing

ClientCommunications

EE Downloadingand Execution

Unix Operating System

EE

ABCd Netiod

EE Code Server

ACL/TCL Server

Remote User

Channel Control

Packet Filtering

Control messages

InChannel

OutChannel

Network I/O

AA AA

AA Code Server