testbed image

[ This page under construction ]

As part of the OASIS project, we have constructed a testbed that will serve as an experimental platform for our technology. This page describes the layout of this testbed, the changes and modifications necessary to build it, and also contains the relevant software used.

Requirements:

  • A reconfigurable, fast interconnect that can easily be programmed to a range of topologies and network conditions
  • A set of nodes which run virtual machine models of our PNE platform
  • A set of nodes which emulate characteristics of the WAN (latency, loss rates, traffic patterns, and routing dynamics)
  • A collection of end-hosts that run multimedia applications, storage protocols, and other "end-system" traffic
The testbed is centered around 20 Alteon ISD SSL Accelerator boxes, donated by Nortel Networks, which have been modified to serve as general purpose application servers and network element emulators.

The testbed in more detail:

  1. Logical Network Overview
  2. Modification of Alteon ISD
  3. Necessary software and boot images
  4. Overview of individual elements:
    • Server
    • PNE emulator
    • WAN emulator
    • iSCSI end-host
    • Media sources

1) Logical Network Overview

To emulate a variety of topologies and network scenarios, we have divided the network interconnect into two seperate networks: a management network and an experimental network. The management network supports the NFS protocol (since each isd is diskless, it must mount its root filesystem via NFS from isd01). Furthermore, the management network allows us to distribute code and collect data from the isds without impacting the "real" network.

2) Modification of the Alteon ISD

The heart of our testbed is a collection of twenty (20) Alteon ISD SSL Accelerators. The ISDs are 1-u rack mount Linux PCs that have been specially designed for the purpose of offloading SSL transactions from webservers. To do this, Alteon web-switches can divert traffic to the ISDs, receiving back encrypted (or decrypted) web sessions. Transforming these devices into "standard" linux PCs that we can use as a platform for our software was somewhat tricky. The steps are outlined below.


Alteon ISDs in the rack

2.1) ISD Limitations as Shipped

Out of the box, the ISDs have some limitations that make them unsuitable for general-purpose computing. These include:

Before we tackle these problems, let's look in more detail at the box itself.

2.2) ISD Internals


Alteon ISD Internals

The ISD sports a pretty standard architecture, including a small-footprint motherboard, 150-watt power supply, and 1-u case design. The motherboard is the PCI-946, designed by Teknor, Inc (now Kontron, Inc).

The motherboard itself is organized as follows:

As shipped, the software necessary to talk with the crypto boards (which are described below) lives on a 64-meg SANdisk flash card, which has a special interface to the motherboard. The flash chip sits in a cradle which attaches to the motherboard under the supplied 3com 3c905c-tx-m ethernet card. The Flash Disk is probed as the master on the 2nd IDE interface (the 1st IDE interface is disabled on the motherboard).


64-meg SANdisk Flash Card in cradle

Included in the ISD are two Rainbow CryptoSwift PCI Cards from Rainbow, Inc.. Each card is capable of initiating 200 SSL transactions per second, which translates into the ISDs claim of 400 SSL transactions per second. Currently, these cards are not used in our testbed, however they may be used in the future. Incidentally, Linux has native support for crypto cards.


Two Rainbow CryptoSwift PCI cards

2.3) Building a keyboard

First of all, we need a way to type into the ISD. This is a pretty simple operation. First, get a 16 connector IDC connector and a length of ribbon cable. We need to interface a standard keyboard with the multi-purpose 16-pin connector located on the motherboard (J11) (see diagram above). On the multifunction header, the pins are as follows:

Pin 1KCLKBlue
Pin 2GNDRed
Pin 3KDATBlack
Pin 5+5VBrown

After heatshrinking, the final product looked like so:

In retrospect, it would probably be a better idea to wire up a female DB-9 connector, rather than directly wire into a functional keyboard :-)

2.4) Bypassing the BIOS password

Since the keyboard and floppy drive are disabled in BIOS, and there is no way to reset the password (since the BIOS is backed up into Flash), the only way to proceed is to reflash the BIOS entirely. Without a floppy drive, this is a little tricky. What I ended up doing was

  1. Formatting an IDE hard drive with MSDOS 6.2
  2. Put the BIOS image (from the above Konton link) onto the drive
  3. Install the UBIOS.exe program (google to find download site)
  4. Edit the autoexec.bat file on the drive to run ubios.exe in batch mode (/U /B, etc)
  5. Make sure to disable himem.sys in config.sys!
  6. Install the drive into the IDE port of the motherboard (see above diagram or PCI-946 docs referenced above for the location of the IDE interface)
  7. The computer will boot up, run the ubios.exe program, reflash the bios, and then reboot
  8. Power the machine down before it re-flashes the bios yet again
  9. Voila!
Now you can go into BIOS and configure it as follows....

2.5) Configuring the BIOS

Insert a PCI video card into the ISD, install the newly made keyboard cable, and turn it on. You should see the familiar startup sequence. Hit delete at the appropriate time, and enter the (now password free!) CMOS setup screen. I've found that the following settings work pretty well:

2.6) Setting up the Flash drive to network boot

The idea here is that we want to boot the ISDs in a diskless manner. To do that, we're going to install grub onto the flash drive, configure a minimal boot environment in which the ISD will use BOOTP to obtain its IP address and the location of the kernel. It will then fetch the kernel using the TFTP protocol, boot that kernel, and then NFS mount its root filesystem and complete the boot process. To get this process started, you have to obtain a compact-flashcard to USB interface:


Compact Flashcard-to-USB adapter

First, install the source to grub onto a workstation. Recompile with the following options: 

$ ./configure --enable-diskless --enable-3c595

as appropriate. Then you can run fdisk on the flashcard to reset its partition table. On my system, that was accomplished thusly: 

$ ./fdisk /dev/sda

Create a single Linux partition that is both bootable and takes up the entire 64 megs. Set the parition to be active. Then install grub onto the device: 

$ mount -t ext2 /dev/sda1 /mnt/flash
$ grub-install --root-directory=/mtn/flash /dev/sda
Then start up the grub that you compiled with diskless support: 

$ ./grub
grub> root (hd1,0)
grub> setup (hd1)

(you might have to change hd1 as appropriate). Remount the flash drive and change to the "/boot/grub" directory: 

$ mount -t ext2 /dev/sda1 /mnt/flash
$ cd /mnt/flash/boot/grub
$ cp /tmp/grub.conf ./
$ grub
grub> root (hd1,0)
grub> setup (hd1)
Where /tmp/grub.conf is: 
timeout=3
hiddenmenu
bootp
title Red Hat Linux ISD EDITION (2.4.20)
    root (nd)
    kernel /vmlinuz.isd root=/dev/nfs ip=bootp
You will have to build a kernel that includes the "Root over NFS" option built in (not as a module) as well as drivers for your particular network interface. More explicit details on how to do that are available from this page and from this page. Thanks to Jamie Zawinski at the DNALounge for his great docs on building Root-over-NFS systems.