Implementing a Captive Portal in Scala @kuro_m88

ScalaͰύέοτΛॻ͖׵͍͑ͨ • ScalaͰύέοτॲཧ͕ͨ͘͠ͳͬͨ • ཧ༝͸ޙड़͠·͢ • ScalaͰݱ࣮తʹύέοτॲཧ͢Δํ๏͸͋Δͷ͔ʁ • ͲͷϨΠϠ·Ͱૢ࡞Ͱ͖Δͷ͔

ScalaͰύέοτΛಈతʹॻ͖׵͑Δํ๏ • libpcap? • Ͱ͖ͳ͘͸ͳ͍͚Ͳ͠ΜͲͦ͏ɺ΋͏ͪΐͬͱָ͕͍ͨ͠ • ϧʔςΟϯάϓϩτίϧʁ • ѼઌͰϧʔςΟϯά͸Ͱ͖Δ͕ɺૹ৴ݩͰϧʔςΟϯά͸Ͱ͖ͳ͍ • Policy Based Routing͕͋Δ͕ɺ੍ޚ͕Ή͔ͣͦ͠͏ • iptables? • Ͱ͖ͳ͘͸ͳͦ͞͏ɺScalaͰ੍ޚ͢ΔͷͲ͏͢ΔΜ͚ͩͬ… • Segment Routing? • ࠷৽ٕज़?ա͗ͯͲ͜·Ͱ࢖͑Δͷ͔Α͘Θ͔Βͳ͍… • OpenFlow? • ͳΜ͔ฉ͍ͨ͜ͱ͋Δɺ͍͚ͦ͏ͳؾ͕͖ͯͨ͠

OpenFlow • Software Defined Network(ͷͨΊͷ௨৴ϓϩτίϧ) • SDN: Ϋϥ΢υͷཁૉٕज़ͱͯ͠΋ͯ͸΍͞Ε͍ͯΔ(ͨ?) • ίϯτϩʔϧϓϨʔϯͱσʔλϓϨʔϯΛ෼཭ • ίϯτϩʔϧϓϨʔϯ͕ࣗ༝ʹ࣮૷Ͱ͖Δ • 2011೥ʹversion 1.1͕ग़ͨ + https://www.nic.ad.jp/ja/newsletter/No52/0800.html

OpenFlowͷ֓ཁ • 5෼ͰΘ͔Δɺ͜Ε·ͰͷSDNಈ޲ • https://qiita.com/ttsubo/items/9062addd7c24d5adfcf3 • Ͳ͏ॲཧ͍͍͔ͯ͠Θ͔Βͳ͍ύέοτ => ίϯτϩʔϥʔʹసૹ • ίϯτϩʔϥʔ => ड͚औͬͨύέοτͷॲཧΛεΠονʹࢦࣔ • ίϯτϩʔϥʔ => ॲཧͷύλʔϯΛ
 ༧ΊεΠονʹڭ͓͑ͯ͘
 (ίϯτϩʔϥʹసૹ͞Εͳ͍ͷͰߴ଎)

OpenFlowίϯτϩʔϥʔͷطଘͷ࣮૷ • Python: Ryu • Ruby: Trema • Java: Floodlight • Java: OpenDaylight • ࠓճ͸ϑϨʔϜϫʔΫΛ࢖Θͳ͍Ͱ
 ࣗલͰ࣮૷ͯ͠ΈΔ • OpenDaylightͷϝοηʔδͷύʔα͚ͩطଘ࣮૷Λྲྀ༻

OpenFlowίϯτϩʔϥʔΛScalaͰ࣮૷͢Δ • HTTPͷ௨৴͚ͩΛNAT͢Δ(ߦ͖)

OpenFlowίϯτϩʔϥʔΛScalaͰ࣮૷͢Δ • HTTPͷ௨৴͚ͩΛNAT͢Δ(ؼΓ)

OpenFlowίϯτϩʔϥʔΛScalaͰ࣮૷͢Δ • HTTPͷ௨৴͕͖ͨΒίϯτϩʔϥʔʹసૹ͢Δ

༧උ࣮ݧ • ScalaͰͲΕ͘Β͍ύέοτΛॲཧͰ͖Δͷ͔࣮ݧͯ͠ΈΔ • Packet in => Packet out ͢Δ͚ͩͷίϯτϩʔϥʔΛ
 netty + Akka StreamsͰ࣮૷ • OpenFlowController + Open vSwitch: c5.2xlarge • iperf3Ͱଌఆ

༧උ࣮ݧ݁Ռ • 200Mbps, 150K packets / sec͘Β͍͸సૹͰ͖ͨ • ύέοτͷԟ෮஗Ԇ͸2~3ms͘Β͍ • ࠷େͷసૹੑೳ͕200Mbpsఔ౓ͱ͍͏͜ͱ͕Θ͔ͬͨ

༧උ࣮ݧ݁Ռ • Կ΋ॲཧ͠ͳ͍࣌ͷ࠷େͷసૹੑೳ͕200Mbpsఔ౓Ͱ໰୊ͳ͍ͷ͔ʁ • ໰୊ͳ͍ • ࠓճ͸͢΂ͯͷύέοτΛίϯτϩʔϥʔܦ༝ʹ͕ͨ͠ɺϢʔβ͝ͱͷύ έοτͷॲཧํ๏ΛεΠονʹهԱ͓͚ͤͯ͞͹ίϯτϩʔϥʔʹ௨৴͕ ͘Δͷ͸ॳճͷ1ύέοτ໨͚ͩɺ͋ͱ͸εΠονͷసૹੑೳ • ࣮ݧͰ͸Open vSwitch(Ծ૝εΠονΛར༻)ɺϓϩτίϧʹޓ׵ੑ͕͋Δ ͷͰ෺ཧεΠον΋ಉ༷ʹίϯτϩʔϧՄೳ

ͳΜͰScalaͰύέοτΛॻ͖׵͑ͨ͘ͳͬͨͷ͔ • Scala MatsuriͷWi-FiεϙϯαʔΛ͠·͢ʂ • ۀ຿ͩͱׂʹ߹Θͳ͔ͬͨܦҢΛฉ͍ͨͷͰɺ΍ͬͯΈ͍ͨਓୡͰ΍Δ • Wi-Fiʹෆຬ͕ग़͍ͯͨΒ͍͠ͷͰɺ෺ྔͰԥΓ͍ͨʂʂ • ΍ͬͯΈ͍ͨ͜ͱΛ΍Δ • PublicΫϥ΢υΛ࢖Θͣʹࣗ࡞͢Δ • Πϯλʔωοτ઀ଓΛ
 Home NOC Operator's Groupʹ
 ఏڙ͍ͯͨͩ͘͠

ͳΜͰScalaͰύέοτΛॻ͖׵͑ͨ͘ͳͬͨͷ͔ • Scala MatsuriͳͷͰΠϯϑϥʹ΋ScalaΛऔΓೖΕ͍ͨ • Scalaཁૉ͕ͪΐͬͱͰ΋ೖͬͯΕ͹ਖ਼௚ͳΜͰ΋͍͍ • LT/ΞϯΧϯϑΝϨϯεͷωλʹͳΓͦ͏ͳ͜ͱΛ΍Γ͍ͨ • Captive PortalΛ࡞ͬͯΈΔ…ʁ

Captive Portalͱ͸ʁ • Free Wi-Fiʹ઀ଓ͢Δͱ͖ʹॳճʹϒϥ΢βભҠ͢Δ΍ͭ • ن໿ͱ͔ʹಉҙ͢ΔϘλϯԡ͢ͱΠϯλʔωοτʹͭͳ͕Δ
 (৔߹ʹΑͬͯ͸ೝূ) • ͜ΕΛScalaͰ࣮૷ͯ͠ΈΔ

Captive Portal͕Ͳ͏΍ͬͨΒ࣮ݱͰ͖Δͷ͔ • ࣮ࡍͷ࢓૊Έ͸Α͘஌Βͳ͍ͷͰ૝૾Ͱ࣮૷͢Δ • ͨͿΜҎԼ͕࣮ݱͰ͖Ε͹͍͍ • ೝՄ͍ͯ͠ͳ͍୺຤(IP)͔Βͷhttp௨৴͸ڧ੍ϦμΠϨΫτ • ೝՄ͍ͯ͠Δ୺຤(IP)͔Βͷ௨৴͸Πϯλʔωοτʹ௨͢ • ಛఆͷwebϖʔδͰϘλϯΛԡ͢ͱೝՄ͢Δ

Captive Portalը໘ʹભҠͤ͞Δ࢓૊Έ • Captive Portal Detection • OS͕Captive PortalΛݕग़͢ΔͨΊʹཪଆͰҎԼͷURLΛͨͨ͘ • Android: http://connectivitycheck.gstatic.com/generate_204 • iOS/Mac: http://captive.apple.com/hotspot-detect.html • Windows: http://www.msftncsi.com/ncsi.txt • ظ଴͞ΕΔϨεϙϯε͕ฦ͖ͬͯͨ => Πϯλʔωοτ઀ଓ͕͋Δ • Ϩεϙϯε͕͔͑ͬͯ͜ͳ͍ => Πϯλʔωοτ઀ଓ͕ͳ͍ • ϦμΠϨΫτ͞Εͨ => Captive PortalΛݕ஌

Captive PortalΛ࣮૷͢Δʹ͸ • ૹ৴ݩͷೝՄ/ະೝՄ ୺຤IPʹԠͯ͡ύέοτΛॻ͖׵͑Δඞཁ͕͋Δ • ૹ৴ݩ͕ೝՄࡁͩͬͨ৔߹ Α͏ͦ͜ը໘(ೝূ) Πϯλʔωοτ Captive Portal (webαʔό) Ϣʔβ OpenFlow Switch

Captive PortalΛ࣮૷͢Δʹ͸ • ૹ৴ݩͷೝՄ/ະೝՄ ୺຤IPʹԠͯ͡ύέοτΛॻ͖׵͑Δඞཁ͕͋Δ • ૹ৴ݩ͕ະೝՄͩͬͨ৔߹ Α͏ͦ͜ը໘(ೝূ) Πϯλʔωοτ Captive Portal (webαʔό) Ϣʔβ OpenFlow Switch ✗

Implementing a Captive Portal in Scala • server: netty • controller: Akka Streams • http: Akka Http OpenFlow Switch server http controller

·ͱΊ • Scala MatsuriͰScalaΛΠϯϑϥʹ૊ΈࠐΜͰΈΑ͏ͱ͍ͯ͠Δ • ؒʹ߹͏ͷ͔͸·ͩΘ͔Βͳ͍ • ಉ࣌઀ଓ1000ΫϥΠΞϯτن໛ͷͱ͜ΖͰॳ৺ऀ͕SDNͰ͖Δͷ͔௅ઓ • Ϋϥ΢υͷཁૉٕज़ͷͻͱͭͷཧղ͕ਂ·Δ͔΋͠Εͳ͍