Implementing a Captive Portal in Scala

Transcript

1. Implementing a Captive Portal in Scala @kuro_m88

2. ScalaͰύέοτΛॻ͖׵͍͑ͨ • ScalaͰύέοτॲཧ͕ͨ͘͠ͳͬͨ • ཧ༝͸ޙड़͠·͢ • ScalaͰݱ࣮తʹύέοτॲཧ͢Δํ๏͸͋Δͷ͔ʁ • ͲͷϨΠϠ·Ͱૢ࡞Ͱ͖Δͷ͔

3. ScalaͰύέοτΛಈతʹॻ͖׵͑Δํ๏ • libpcap? • Ͱ͖ͳ͘͸ͳ͍͚Ͳ͠ΜͲͦ͏ɺ΋͏ͪΐͬͱָ͕͍ͨ͠ • ϧʔςΟϯάϓϩτίϧʁ • ѼઌͰϧʔςΟϯά͸Ͱ͖Δ͕ɺૹ৴ݩͰϧʔςΟϯά͸Ͱ͖ͳ͍ •

   Policy Based Routing͕͋Δ͕ɺ੍ޚ͕Ή͔ͣͦ͠͏ • iptables? • Ͱ͖ͳ͘͸ͳͦ͞͏ɺScalaͰ੍ޚ͢ΔͷͲ͏͢ΔΜ͚ͩͬ… • Segment Routing? • ࠷৽ٕज़?ա͗ͯͲ͜·Ͱ࢖͑Δͷ͔Α͘Θ͔Βͳ͍… • OpenFlow? • ͳΜ͔ฉ͍ͨ͜ͱ͋Δɺ͍͚ͦ͏ͳؾ͕͖ͯͨ͠

4. OpenFlow • Software Defined Network(ͷͨΊͷ௨৴ϓϩτίϧ) • SDN: Ϋϥ΢υͷཁૉٕज़ͱͯ͠΋ͯ͸΍͞Ε͍ͯΔ(ͨ?) • ίϯτϩʔϧϓϨʔϯͱσʔλϓϨʔϯΛ෼཭

   • ίϯτϩʔϧϓϨʔϯ͕ࣗ༝ʹ࣮૷Ͱ͖Δ • 2011೥ʹversion 1.1͕ग़ͨ + https://www.nic.ad.jp/ja/newsletter/No52/0800.html

5. OpenFlowͷ֓ཁ • 5෼ͰΘ͔Δɺ͜Ε·ͰͷSDNಈ޲ • https://qiita.com/ttsubo/items/9062addd7c24d5adfcf3 • Ͳ͏ॲཧ͍͍͔ͯ͠Θ͔Βͳ͍ύέοτ => ίϯτϩʔϥʔʹసૹ •

   ίϯτϩʔϥʔ => ड͚औͬͨύέοτͷॲཧΛεΠονʹࢦࣔ • ίϯτϩʔϥʔ => ॲཧͷύλʔϯΛ
 ༧ΊεΠονʹڭ͓͑ͯ͘
 (ίϯτϩʔϥʹసૹ͞Εͳ͍ͷͰߴ଎)

6. OpenFlowίϯτϩʔϥʔͷطଘͷ࣮૷ • Python: Ryu • Ruby: Trema • Java: Floodlight

   • Java: OpenDaylight • ࠓճ͸ϑϨʔϜϫʔΫΛ࢖Θͳ͍Ͱ
 ࣗલͰ࣮૷ͯ͠ΈΔ • OpenDaylightͷϝοηʔδͷύʔα͚ͩطଘ࣮૷Λྲྀ༻

7. OpenFlowίϯτϩʔϥʔΛScalaͰ࣮૷͢Δ • HTTPͷ௨৴͚ͩΛNAT͢Δ(ߦ͖)

8. OpenFlowίϯτϩʔϥʔΛScalaͰ࣮૷͢Δ • HTTPͷ௨৴͚ͩΛNAT͢Δ(ؼΓ)

9. OpenFlowίϯτϩʔϥʔΛScalaͰ࣮૷͢Δ • HTTPͷ௨৴͕͖ͨΒίϯτϩʔϥʔʹసૹ͢Δ

10. ༧උ࣮ݧ • ScalaͰͲΕ͘Β͍ύέοτΛॲཧͰ͖Δͷ͔࣮ݧͯ͠ΈΔ • Packet in => Packet out ͢Δ͚ͩͷίϯτϩʔϥʔΛ


    netty + Akka StreamsͰ࣮૷ • OpenFlowController + Open vSwitch: c5.2xlarge • iperf3Ͱଌఆ

11. ༧උ࣮ݧ݁Ռ • 200Mbps, 150K packets / sec͘Β͍͸సૹͰ͖ͨ • ύέοτͷԟ෮஗Ԇ͸2~3ms͘Β͍ •

    ࠷େͷసૹੑೳ͕200Mbpsఔ౓ͱ͍͏͜ͱ͕Θ͔ͬͨ

12. ༧උ࣮ݧ݁Ռ • Կ΋ॲཧ͠ͳ͍࣌ͷ࠷େͷసૹੑೳ͕200Mbpsఔ౓Ͱ໰୊ͳ͍ͷ͔ʁ • ໰୊ͳ͍ • ࠓճ͸͢΂ͯͷύέοτΛίϯτϩʔϥʔܦ༝ʹ͕ͨ͠ɺϢʔβ͝ͱͷύ έοτͷॲཧํ๏ΛεΠονʹهԱ͓͚ͤͯ͞͹ίϯτϩʔϥʔʹ௨৴͕ ͘Δͷ͸ॳճͷ1ύέοτ໨͚ͩɺ͋ͱ͸εΠονͷసૹੑೳ •

    ࣮ݧͰ͸Open vSwitch(Ծ૝εΠονΛར༻)ɺϓϩτίϧʹޓ׵ੑ͕͋Δ ͷͰ෺ཧεΠον΋ಉ༷ʹίϯτϩʔϧՄೳ

13. ͳΜͰScalaͰύέοτΛॻ͖׵͑ͨ͘ͳͬͨͷ͔ • Scala MatsuriͷWi-FiεϙϯαʔΛ͠·͢ʂ • ۀ຿ͩͱׂʹ߹Θͳ͔ͬͨܦҢΛฉ͍ͨͷͰɺ΍ͬͯΈ͍ͨਓୡͰ΍Δ • Wi-Fiʹෆຬ͕ग़͍ͯͨΒ͍͠ͷͰɺ෺ྔͰԥΓ͍ͨʂʂ • ΍ͬͯΈ͍ͨ͜ͱΛ΍Δ

    • PublicΫϥ΢υΛ࢖Θͣʹࣗ࡞͢Δ • Πϯλʔωοτ઀ଓΛ
 Home NOC Operator's Groupʹ
 ఏڙ͍ͯͨͩ͘͠

14. ͳΜͰScalaͰύέοτΛॻ͖׵͑ͨ͘ͳͬͨͷ͔ • Scala MatsuriͳͷͰΠϯϑϥʹ΋ScalaΛऔΓೖΕ͍ͨ • Scalaཁૉ͕ͪΐͬͱͰ΋ೖͬͯΕ͹ਖ਼௚ͳΜͰ΋͍͍ • LT/ΞϯΧϯϑΝϨϯεͷωλʹͳΓͦ͏ͳ͜ͱΛ΍Γ͍ͨ • Captive

    PortalΛ࡞ͬͯΈΔ…ʁ

15. Captive Portalͱ͸ʁ • Free Wi-Fiʹ઀ଓ͢Δͱ͖ʹॳճʹϒϥ΢βભҠ͢Δ΍ͭ • ن໿ͱ͔ʹಉҙ͢ΔϘλϯԡ͢ͱΠϯλʔωοτʹͭͳ͕Δ
 (৔߹ʹΑͬͯ͸ೝূ) • ͜ΕΛScalaͰ࣮૷ͯ͠ΈΔ

16. Captive Portal͕Ͳ͏΍ͬͨΒ࣮ݱͰ͖Δͷ͔ • ࣮ࡍͷ࢓૊Έ͸Α͘஌Βͳ͍ͷͰ૝૾Ͱ࣮૷͢Δ • ͨͿΜҎԼ͕࣮ݱͰ͖Ε͹͍͍ • ೝՄ͍ͯ͠ͳ͍୺຤(IP)͔Βͷhttp௨৴͸ڧ੍ϦμΠϨΫτ • ೝՄ͍ͯ͠Δ୺຤(IP)͔Βͷ௨৴͸Πϯλʔωοτʹ௨͢

    • ಛఆͷwebϖʔδͰϘλϯΛԡ͢ͱೝՄ͢Δ

17. Captive Portalը໘ʹભҠͤ͞Δ࢓૊Έ • Captive Portal Detection • OS͕Captive PortalΛݕग़͢ΔͨΊʹཪଆͰҎԼͷURLΛͨͨ͘ •

    Android: http://connectivitycheck.gstatic.com/generate_204 • iOS/Mac: http://captive.apple.com/hotspot-detect.html • Windows: http://www.msftncsi.com/ncsi.txt • ظ଴͞ΕΔϨεϙϯε͕ฦ͖ͬͯͨ => Πϯλʔωοτ઀ଓ͕͋Δ • Ϩεϙϯε͕͔͑ͬͯ͜ͳ͍ => Πϯλʔωοτ઀ଓ͕ͳ͍ • ϦμΠϨΫτ͞Εͨ => Captive PortalΛݕ஌

18. Captive PortalΛ࣮૷͢Δʹ͸ • ૹ৴ݩͷೝՄ/ະೝՄ ୺຤IPʹԠͯ͡ύέοτΛॻ͖׵͑Δඞཁ͕͋Δ • ૹ৴ݩ͕ೝՄࡁͩͬͨ৔߹ Α͏ͦ͜ը໘(ೝূ) Πϯλʔωοτ Captive

    Portal (webαʔό) Ϣʔβ OpenFlow Switch

19. Captive PortalΛ࣮૷͢Δʹ͸ • ૹ৴ݩͷೝՄ/ະೝՄ ୺຤IPʹԠͯ͡ύέοτΛॻ͖׵͑Δඞཁ͕͋Δ • ૹ৴ݩ͕ະೝՄͩͬͨ৔߹ Α͏ͦ͜ը໘(ೝূ) Πϯλʔωοτ Captive

    Portal (webαʔό) Ϣʔβ OpenFlow Switch ✗

20. Implementing a Captive Portal in Scala • server: netty •

    controller: Akka Streams • http: Akka Http OpenFlow Switch server http controller

21. ·ͱΊ • Scala MatsuriͰScalaΛΠϯϑϥʹ૊ΈࠐΜͰΈΑ͏ͱ͍ͯ͠Δ • ؒʹ߹͏ͷ͔͸·ͩΘ͔Βͳ͍ • ಉ࣌઀ଓ1000ΫϥΠΞϯτن໛ͷͱ͜ΖͰॳ৺ऀ͕SDNͰ͖Δͷ͔௅ઓ • Ϋϥ΢υͷཁૉٕज़ͷͻͱͭͷཧղ͕ਂ·Δ͔΋͠Εͳ͍