OpenSolaris
Collectives
Discussions
Documentation
Download
Source Browser
Free CD
Log-in
|
en
Project awards
:
Undergraduate Student Research Grant Program
>
Grant Proposals
>
Proposal: AFC
Top Menu
Show
:
Comments
Attachments
History
Information
Print
:
Print
Print preview
Export as PDF
Export as RTF
Export as HTML
Export as XAR
Wiki code for
Proposal: AFC
Hide Line numbers
1: == Application Flow Controller based on access authorization 2: 3: ==== Zhou Li - lead student researcher Huang Liqun - faculty advisor Zhao Jinhua, Zhou Bin, Zhang Yu - student researchers 4: 5: === Huazhong University of Science and Technology, Wuhan, China 6: 7: [[Final Report>>attach:Project awards.files@AFCFinalReport.pdf]] [PDF] 8: 9: [[User Guide>>attach:Project awards.files@AFCUserGuide.pdf]] [PDF] 10: 11: [[Sun Tech Days presentation>>attach:Project awards.files@AFCWhatIsAFC.pdf]] [PDF] 12: 13: ==== Statement and background of Purpose 14: 15: Our purpose of this project is to design a networking management system named Application Flow Controller (AFC). Application Flow is network flow that application used to communicate with the Internet. AFC can implement network access authorization control based on protocol analysis. AFC analyzes the data flow and identifies the flow of certain applications, then limits or cut such flow at proper time to ensure the network in good condition. 16: 17: Today, because the using of applications such as BT and online games become more popular, the load of networks and company networks become so heavy that affect the significant function of these networks. More over, Companies may not allow their employees to play online games at work hours. So some companies and education organizations have some prescribes to prevent their people to use certain applications such as online games. 18: 19: Tools like MTRG, RRDTOOL, NET-SNMP and NTOP are widely used in many universities and companies, for example, our university use NET-SNMP to monitor several web servers and networks. However, it can only access to server status but can not analyze and control the application flow, which means it cannot identify any certain application[1,2]. To forbid employees or students to use some software like P2P download tools, Instant Messaging tools and so on, universities and companies need a tool to control application flow. 20: 21: Our project can ban some certain applications accessing to the Internet. Some tools can achieve this goal, as IPTABLES on LINUX[3],IPFILTER on SOLARIS[4]. However, these tools just block server IP or local port. Download tools like BT can easily change their local port and Instant Messaging tools like MSN can use proxy instead of official server IP. So it is not the efficient way to limit Internet access authorization. 22: 23: AFC can be used in networking of campuses, companies and so on. With AFC, administrator can limit the authorization of some specific software to access the Internet. For example, in order to forbid their employees to use eDonkey on working hours, administrators just need to add eDonkey into a block list and then eDonkey will be banned in the whole network. 24: 25: Our university (Huazhong University of Science and Technology) is the central node of HuaZhong area of Chinese Education and Research Network(CERNET). As we know, most of our university’s servers are SOLARIS and our university has a demand of related application. We also plan to recommend our project to our university for practical use. 26: 27: ==== Approach to be used and Related Research 28: 29: The running processes of the AFC are showed as figure 1 [figure omitted]. The probe module will capture data packets from network, and then in the detecting application flow process, AFC will detect and recognize the application flow for further usage. Based on the work done before, AFC should be in the process analyzing protocol and analyzing abnormal traffic, which will analyze the specific protocol in the detected application flow such as the P2P and MSN protocol. Then the AFC can run in two ways. First, If the system detect any application flow that banned by administrator, it will cut them off, second, if no application flow is banned but network is now overloading, AFC will dynamically control the traffic and decide which application flow to be cut off. 30: 31: Flowing is the key technologies AFC used. 32: 33: 1. Data Packet and Net Flow Capture 34: There are many ways to capture net flow, for instance, directly capture the flow on gateway server, however, it is not the efficient way, this may lead gateway server to an overloading state. So we use Port Mirroring, which can capture net flow on a independent server[5].We need mirror port that monitored and analyze network traffic on a specific server. Most of Switches and Router, such as Catalyst 2900XL/3500XL/2950, Huawei S2008/S2016/S2026/S2403H/S3026 support this feature. 35: As data packet capture there are two candidate approaches to capture data packet. One is using SOLARIS API, the other is using SOLARIS tools SNOOP. Using SNOOP is much easier but not flexible. In AFC a probe will be developed based on SOLARIS API. 36: 1. Network Traffic Statistic and Dynamic Management 37: Network traffic statistic is using in AFC to monitor network status. If the network is overload, AFC would dynamically ban network access authorization according to control algorithm. For example, through traffic statistic AFC find EDONKEY or BITTORRENT application flow cause network overload, AFC will cut off EDONKEY or BITTORRENT flow. AFC will also have an order list and ban the software which has the lowest Priority. A control algorithm will be developed in this project. Meanwhile this project will give some rules to judge whether the net has abnormal traffic by analyzing the net flow information in a specific port. 38: 1. Protocol Analyze 39: Analyze protocol is the most important and difficult part of this project. AFC will ban application flow according a protocol list, which make it easily and flexibly to add a new banned protocol. Some service network flow protocol analyzed methods, such as connection ports feature, net flow feature, data transport feature, are discussed in [6] and [7]. P2P protocol and MSN protocol will be analyzed in AFC primarily. 40: Here we list candidate approaches to be used: 41: 11. Analysis of P2P protocol (BT) 42: In order to cut off the use of BT eDonkey or other P2P protocol based software, we need to detect P2P net flows. P2P tools like BT has its own protocol, so we can detect whether the net flow match BT protocol. Then we can choose to cut the connection. 43: To further increase the accuracy of BT flow judgment, we will use the relationship information between the flows. For example, in a certain time period, the same flow between the two hosts was linked together from different hosts have the same destination address and port number purpose of the flow was associated with in a certain period of time from the same host flow was associated with and so on. 44: 11. Analysis of MSN/QQ protocol 45: Since MSN will automatically switch port and the ports are common ports. So we can’t use the traditional port blocking way to restrict the use of MSN. AFC will catch the flow if application flow matches MSN application flow, as login application flow, sending message application flow. Any matched flow will be cut off. 46: 47: ==== Feature of our project 48: 49: 1. AFC analyzes protocol of application flow to ban internet access but not according to service IP or service port. 50: 1. AFC will be programmed in C, JAVA and run on Solaris, so it is easy to install on Solaris system like Indiana, Solaris Express Developer Edition. We use C to program probe so it can get a great performance; we use JAVA to program protocol analyzer so it can get a high portability. 51: 1. AFC provides a User-Oriented user interface. That means it is easy to use and configure. 52: 53: ==== System Utility Description 54: 55: Figure 2 [figure omitted] shows the system architecture of AFC, and it’s subsystems’ utilities are listed as follows. 56: 57: 1. Administration System 58: AFC provide a web based admin system. It is used to show log, set order list, set ban list and so on. 59: 1. Probe Subsystem 60: This subsystem provides effective utilities to capture data packet and network flow. 61: 1. Application Flow Detecting Subsystem 62: This subsystem detects and analyzes receiving and sending data packet. By using the data provided by the probe Subsystem, it constructs an application flow structure to describe business object to be used. 63: 1. Protocol Analyzing Subsystem 64: This subsystem analyzes the protocols and detect if any banned application try to access the internet. First it uses the application flow captured by Probe subsystem, then it analyzes the flow and its protocol and detect if it is sent by banned application. If it is, ban its network access authorization. 65: 1. Abnormal Traffic Analyzing Subsystem 66: If any application flow is beyond the client’s expectation this subsystem would dynamically cut off the source of he application flow. 67: 1. Dynamic Traffic Control Subsystem 68: AFC monitors network status by traffic statistic. User can set a warning level. This tool will ban network access authorization if the network load is above the warning level. There is an order list which includes software priority. Lowest priority software will be banned. And this tool can dynamically do this. That means it can detect which software cause the overload status and ban it. 69: 1. Log System 70: AFC provide a log system, record which has been banned and so on. 71: 72: ==== References 73: 74: 1. J.Case, K.McCloghrie, et al. RFC 1442 - Structure of management information for version 2 of the simple network management protocol (SNMPv2) .SNMP Research, Inc.Hughes LAN Systems, Dover Beach Consulting, Inc.Carnegie Mellon University, 1993. 75: 1. J.Case, M.Fedor, et al. RFC1157 -A simple network management protocol(SNMP) .Performance Systems International, SNMP Reasearch, MIT Laboratory for Computer Science, 1990 . 76: 1. Bai Tao. Internet-based information network management and monitoring system Research and Implementation .CNKI:CDMD:2.2006.147625 77: 1. Using IP Filter to Protect a Solaris 7, 8, or 9 Workstation www.cites.uiuc.edu/wsg/talks/ipfilter/ 78: 1. Huo Yaosheng, Network monitoring based on network monitor and analysis of protocol. China’s graduate thesis, full-text database 79: 1. Li Zhirong P2P application traffic management study and implementation of voice and packet-detection research module.China’s graduate thesis, full-text database 80: 1. Thomas Karagiannis, Andre Broido, Michalis Faloutsos, Kc claffy.Transport Layer Identification of P2P Traffic. In A C 2004.
Search
Collectives
Community Group
Academic and Research
Accessibility
Advocacy
Appliances
Approachability
Architecture Process and Tools
BrandZ
Chinese Users
Community Advisory Board
Databases
Desktop
Device Drivers
Distribution
Documentation
DTrace
Emerging Platforms
Fault Management
Games on OpenSolaris
HA Clusters
HPC Developer
Installation and Packaging
Internationalization and Localization
Laptop
Logical Domains
Modular Debugger (MDB)
Networking
NFS
Observability
OpenSolaris Governing Board (OGB)
OpenSolaris Printing
OS/Net (ON)
Performance
Power Management
PowerPC
Security
Service Management Facility (smf(5))
Software Porters
Solaris Volume Manager
Storage
Systems Administration Community Group
Testing
Tools Home
Unix File Systems (UFS)
Website Community
X Window System
Xen
ZFS
Zones
Project
ADSL Modem Enhancement
ARC Process Definition
ARM Platform Port
Automatic Data Migration
BIND Update
Bluetooth Stack & Drivers
Brocade FC HBA - Initiator
Brocade FC HBA - Target
Brussels - unified network link configuration
Caiman, Solaris Install Revisited
Celeste
Český portál
Chime Visualization Tool for DTrace
CIFS client for Solaris
CIFS Server
Clearview: Network Interface Coherence
Cluster Agent: Informix Dynamic Server
Cluster Agent: OpenSolaris Container
Cluster Agent: OpenSolaris xVM
Cluster Agent: Oracle E-Business Suite
Cluster agent: PostgreSQL
Cluster Agent: Samba
Cluster Agent: Tomcat
CMT
Coarse Data Flow Parallelism
Colorado: Open HA Cluster on OpenSolaris
Command Assistant
Common Array Manager
Companion - /opt/sfw: Free and Open Source software
COMSTAR: Common Multiprotocol SCSI Target
Content
Contest
CPU Observability
Credentials Process Groups
Crossbow: Network Virtualization and Resource Control
Crypto KMS Agent Toolkit
Cryptographic Framework
Data Migration Manager
Data Tethers
Deutsches Portal
Device Detection Tool
Device Driver Utility
Device Manager
Device Mapper
Direct Rendering Infrastructure & 3D drivers
DTrace Guide
Duckwater: Simplified name services management
Easy Tools
Emancipation
Emulex Fibre Channel Device Driver
Emulex Advanced Ethernet Device Driver
Enable/Enhance Solaris support for Intel Platform
Enhance the support of USB webcams
Enhanced SMF Profiles
Enhancements for AMD-based Platforms
Erlang DTrace Integration
Ethernet bridge module for Solaris
Evaluate Conary
Events Registry
Ext3 file system support
F/OSS Package Base
Facilitation
Fibre Channel over Ethernet
Fine Grained Access Policy (FGAP)
Fingerprint Authentication
Flexible Mandatory Access Control
Forensic Tools
Fully Open X Project
Fuse on Solaris
gcore
Generic Machine Check Architecture Improvements
Google SOC
HA-JBoss
HA-MySQL
Hadoop Live CD
Hitachi
HoneyComb Fixed Content Storage
HPC Stack
Image Packaging System
Improved Performance MIB
Indiana
Innovation Awards
Input Method
Intel Graphics
Internet Key Exchange, version 2
Interrupt Resource Management
IP Datapath Refactoring
IP over Infiniband
IPsec Tunnel Reform
iSCSI Extensions for Remote DMA (iSER)
iSNS Server
JeOS - Just enough Operating System
JKstat - a java binding for libkstat
Journaled File System (JFS)
K Desktop Environment
Kerberos
Kernel Sockets
Kernel SSL Enhancements
Key Management Framework
Korn Shell 93 integration/migration project
Labeled IPsec
LatencyTOP
Layer 2 Filtering
LDoms Manager
Lending
libMicro - portable microbenchmarks
Link Layer Discovery
Live Media: Technologies for distributions running from CD and other media
Locale Data
lofi compression and cryptography support
lx64 brand
Media Management System
Mega_sas
Mexico
MilaX minimal Live Distribution
MIPS Platform Port
Mozilla DTrace
MRSL.NONsharedDevice
Multi-lingual Glossary
Multi-pathing software (MPxIO)
Multiple disk sector size support
Multiple DOI
Muskoka: An open repository for OpenSolaris technical content
Navigator
Nemo: A Framework for High-Performance Networking
Network Auto-Magic
Network Data Management Protocol
Network MIBs
Network Storage
Network Time Protocol (NTP)
Nevada Globalization
New Design of 4over6 Mechanism Based on OpenSolaris
NFS RDMA transport update and performance analysis
NFS Server in non-Global Zones
NFS version 4.1 pNFS
NFSv4 namespace extensions
Nightingale: Port Songbird to OpenSolaris
NPort ID Virtualization (NPIV)
NUMA
Object Storage Device (OSD) support for Solaris
OHACGE Script Based Plug-in
ON/Nevada (ONNV) Project
Open Development Infrastructure
Open HA Cluster Utilities
Open Sound System
OpenGrok
OpenPegasus CIM Server
OpenRTI
OpenSolaris Busybox
OpenSolaris Desktop
OpenSolaris Hispano
OpenSolaris Security Audit
OpenSolaris support for the QEMU processor emulator: host and guest
PEF: Packet Event Framework
Performance Wrappers
Pkgfactory
Polski Portal
Portail Francophone
Portal Brasil
Portals
Power Management Usability Interfaces
Presto: Automatic Printing Configuration
Printable Many Page Solaris Manuals
Promise SuperTrak RAID HBA Driver
QLogic Converged Network Adapter GLDv3 NIC Driver
Quagga Routing Protocol Suite Integration
RAID Configuration Utility
RBridge (IETF TRILL) support
RDMA Offload Framework
Reno: Login Process Enhancements for Interop
Resource Management
s10brand
SAM/QFS
SCM Migration Project
SCSI RDMA Protocol
SDcard Drivers
Sensor Abstraction Layer
Session Initiation Protocol
SFW
Shell: bourne shell, korn shell, C shell, etc.
Sierra: Intel WiFi Chipsets Support
Simple Panels
SM-HBA Based SAS HBA Management
SMF Documentation
Solaris iSCSI Target
Solaris PowerPC Port
SourceJuicer
Sparks: name service switch/nscd enhancements
Squashfs
Star integration/migration project
Starfish
Starter Kit
Storage Power Management
Sun Security Toolkit
Sun StorageTek Availability Suite
Support for OpenFabrics User Verbs / API on OpenSolaris OS
Support gcc4/GCCfss in Solaris
Suspend/Resume
SVR4 Packaging
Systemz
Tamarack: Removable Media Enhancements in Solaris
Tesla: OpenSolaris Enhanced Power Management
Test Development
Tickless Kernel Architecture
TIPC
Trademarks
Trusted networking interface policy database for Trusted Extensions
Trusted Platform Module support
Use Case
Validated Execution Project
Virtual Console
Virtual Network Machines
Visual Panels
Visualization for HPC
Volo
VRRP: Virtual Router Redundancy Protocol Implementation
VSCAN service
Web Stack
Website
Winchester: Schema mapping and ID mapping for AD Interoperability
Wireless USB Support
Wireless Wide Area Network
X Consolidation
x86 Generic FMA Topology Enumerator
Xen Gate
Xfce: A lightweight desktop environment
ZFS Boot and Install
ZFS on disk encryption support
Zone Manager
Zone Statistics
Русский портал
البوابة العربية
भारतीय पोर्टल
中国门户
日本ポータル
한국 포탈
User Group
Adelaide
Argentina
Arizona
Atlanta
Baltimore-Washington
Bangalore
Bangkok
Bangladesh
Beijing
Bélem
Berlin
Bhimavaram
Bloomington
Campus Ambassadors
Capital Region
Cardiff
Charlotte
Chengdu
Chennai
Chihuahua
Chile
Cleveland
Colombia
Columbus
Connecticut
Cracow
Czech
Dallas/Ft. Worth
Danish
Delaware
Edinburgh
Egypt
Finland
Florida
Front Range
FuZhou
Great Lakes
Greece
Hangzhou
Hawaii
HeFei
Houston
Hyderabad
Indonesia
Irish
Israel
Italian
Jinan
Kabul
Kansas City
Latvia
London
Madurai
Manchester
Mato Grosso
Melbourne
Minas Gerais
Minnesota
Montreal
Moscow
Mumbai
Munich
NEA
Netherlands
New England
New York City
New Zealand
NIT Hamirpur
Noroeste
Oklahoma City
Osnabrück
Peru
Philadelphia
Piaski
Pittsburgh
Porto Alegre
Puget Sound
Pune
Queensland
Research Triangle Park
Romania
Russia
San Antonio
San Diego
San Francisco
São Paulo
Scottish
Serbia
Shanghai
Shenzhen
Silicon Valley
Singapore
Slovak
South African
Southern Connecticut
St. Louis
Sweden
Switzerland
Sydney
Szczecin
Taiwan
Tecum
Thames Valley
Tokyo
Toronto
Trondheim
Tulsa
Turkey
Ukraine
University of Melbourne
Vale do Paraíba
Vancouver
Venezuela
Welsh - Cymru
Wisconsin
Xi'an
Subsites
Code Reviews
Code Repositories
Package Search
Bugster
Bugzilla
Test Machines
Planet
Mailing Lists
Elections & Polls
ARC Case Logs
Source Juicer
Package Factory
User Authentication
Project awards Pages
OpenSolaris Community Innovation Awards Program
Contest Entries
Contest FAQ
Official Rules
Contest Judging
Undergraduate Student Research Grant Program
Grant Proposals
Grant FAQ
Call for Proposals
Files