Basic operational model:
The Embedded X-Bone host (referred to simply as "host") provides, depending on the configuration, either a simple node daemon acting as a X-Bone host or a router or an overlay manager(see X-Bone documentation at http://www.isi.edu/xbone). In addition to the Node Daemon, the host also runs X-Bone GUI which can be used to access any configured X-Bone Overlay Manager, including the host itself.
Deployment of an Embedded X-Bone host involves a small number of steps:
Each of these steps is explained in detail below. For a short no-fuss recipe see the Embedded X-Bone Quickstart page.
The Embedded X-Bone user interface offers a number of other configuration and monitoring options, which are also described:
If you encounter any problems that are not addressed in this documentation, please email xbone@isi.edu, and include the following information:
The backside of the Embedded X-Bone Box ( Soekris 4801 ) looks like this:
In the middle, there are atleast two Ethernet connectors PVT and LAN. (Some versions of the Embedded X-Bone Box may have additional Ethernet connectors, which are unused.) The LAN port will be used to connect the box to the rest of the network/Internet, the PVT port will usually be connected through a switch/hub or directly to a client (PC/Laptop). The client configures all aspects of the Embedded X-Bone host using the PVT interface. The cabling diagram is simple and shown above.
Important: Make sure the Embedded X-Bone is powered down (power cable unplugged) before continuing.
Connect the network cable providing connectivity at the deployment site to the LAN port.
The PVT port of the X-Bone box will be connected to client usually directly but sometimes through through a switch (or hub). The ports on the Embedded X-Bone box are regular (not crossover) Ethernet ports, so connect the Embedded X-Bone box to a regular port on the switch, not an uplink port. When connecting a client machine directly to the PVT port of the X-Bone box (without going through a switch or hub), use a crossover Ethernet cable.
Plug in the power cable. After about a minute, the Status LED starts blinking (if there is one). The X-Bone box begins to act as a router for the local network, assigning private IP addresses to clients via DHCP on its PVT interface.
Further configuration is performed through a web-based interface. Connect a client machine to the switch. Make sure the machine is configured to obtain an IP address via DHCP, and has a web browser installed that supports HTTPS.
While the X-Bone configuration pages are relatively simple, they use HTML features that are not well supported on older browsers. Mozilla (recommended) and Internet Explorer (version 5 and higher) are known to work. Some older browsers (e.g. versions of Netscape Navigator) are known not to work.
Open the web browser, and access any web page or the X-Bone start page (https://router.local.lan). The X-Bone box will automatically redirect access to any web site to the X-Bone start page. Enter your login information in the password dialog, and proceed.
You should now see the Embedded X-Bone start page:
The Quickstart button displays these quickstart instructions, the Documentation button displays this document, and all other settings will be described in detail below.
By default, the Embedded X-Bone will try to obtain an IP address for the LAN port using DHCP. However DHCP addresses tend to be vary with time. A stable address must be set for consistent X-Bone Node Daemon/GUI behavior. If the DHCP provided address has the desired properties, then skip to the next step
Otherwise, click on the LAN Setup button on the Embedded X-Bone start page. The X-Bone LAN setup page should appear:
There are two reasons to change the LAN setup:
If your provider requires a registered MAC address for DHCP, the Embedded X-Bone can spoof the address of a registered Ethernet card. Enter the registered MAC address in the MAC Address field or select clone from client to obtain it automatically from the machine accessing the web interface. Make sure LAN Connection is set to DHCP, and click Configure LAN Port. If your LAN adminstrator does not require a registered MAC address for a DHCP lease, do not change the default.
Otherwise, if your adminstrator has allocated a static IP address, change the type of LAN Connection to Static IP Address. Enter the allocated IP address in the IPv4 Address field, the corresponding subnet mask in the Network Mask field, the address of the default gateway in the Default Route field, and the addresses of your provider's DNS servers in the DNS Servers text area. Then click Configure LAN Port.
In the Reboot Dialog, answer Yes and wait for the Embedded X-Bone to reboot. Once the Status LED has started to blink again, access the Embedded X-Bone start page, and continue with the next step.
The PVT Setup page allows users to configure the PVT interface setting and the Private Address Space DHCP service available on that interface.
To change the private address space, click the PVT Setup button on the Embedded X-Bone start page and pick a class C (/24) subnetwork in any of the RFC1918 spaces that does not conflict with the IP address given to the LAN interface.
Users must click Configure PVT Port, and let the box reboot after changing the configurations of X-Bone PVT.
In cases where the LAN address space conflicts with the PVT address space, choose a different PVT address space. The X-Bone Node Daemon/GUI are not designed to handle this conflict.
On boot, and periodically during uptime, the Embedded X-Bone will synchronize its clock with an Internet time server. In most cases, you will never need to change the default settings. In rare cases, the default time server of the Embedded X-Bone may not be reachable at a remote location. In such cases, the Embedded X-Bone NTP setup page (NTP Setup button on the Embedded X-Bone start page) can be used to specify a different time server or let users set the date and time manually:
NTP Server specifies the IP address of the Internet time server the Embedded X-Bone will contact.
Synchronization Frequency specifies how often the time will be synchronized.
The Synchronize Now button forces immediate update of the time.
Current Time displays the current
system time of the Embedded X-Bone , and it also allows users to
manually set the current date and time when an NTP server is not
available.
The Status button on the Embedded X-Bone start page opens up the Embedded X-Bone status page. This page contains detailed information about the Embedded X-Bone status, including Connection status, and Additional information:
Embedded X-Bone comes pre-installed with a DNS/Named server that is
configured already to work with X-Bone. The X-Bone Overlay Manager can
update the DNS server with the overlay name-address mappings. DNSSEC is
used for dynamic updates of the DNS and a private TSIG key has already
been generated and stored on the host. If the overlay manager requires
a different address range, domain name suffix, it can be configured
through the webpage. This requires a reboot of the host for the change
to take effect. Note that old DNS entries will be lost when the name
server is updated.
The Host Setup page displays some information of the Embedded X-Bone box (software versions, uptime, etc.), lets users set/change the Login and Password of the Embedded X-Bone web interface, and includes a Restore Defaults button that when clicked will restore all settings to their default values after a reboot. The Reboot button on the same page restarts the Embedded X-Bone .
X-Bone is a system for the automated deployment and management of IP-tunneled overlay networks. The instructions below assume familiarity with the X-Bone concepts. A quick recap of X-Bone Project is presented in the X-Bone Project Manpage.
The Embedded X-Bone host comes installed with X-Bone Node Daemon and X-Bone GUI. Both can be configured using the same webpage. To configure X-Bone, click on the X-Bone Setup button on the Embedded X-Bone start page. The page shown below is displayed:
The Node Daemon configuration is split into two steps - Base and ACL configuration. Both must be completed for the configuration to be considered complete. The base configuration must be saved before configuring the ACLs. Otherwise the changes will be lost.
First a hostname must be set. This name when resolved using the DNS server specified as part of the LAN configuration. This is in almost all cases different from "router.local.lan".
The target of the configuration can be either X-Bone GUI or the Node Daemon. The X-Bone GUI, if configured, is available at port 80 of the LAN interface. In the example below, if the hostname is apple.example.com, then the X-Bone GUI should be available after configuration at http://apple.example.com. If the target is "Daemon", then the role of the Node Daemon can be set to any of {host, router, node, meta}. If the Embedded X-Bone host is to function as an overlay manager, then set the "Daemon Type" to meta.
Currently only IPv4 overlays are supported. Future versions will support IPv6 overlays.
The IPv4 address select must match the LAN interface address set in step 2.
X-Bone uses IPv4 multicast for resource discovery. Choose an appropriate IPv4 multicast address here. The multicast address must be same for all X-Bone Node Daemons at the site.
The timeout setting is appropriate only while configuring the GUI. Therefore it is disabled in the above picture.
Embedded X-Bone host mounts /var as a memory file system. It is
cleaned up during event reboot. For non-testing setups of the Embedded
X-Bone host, the directory should be changed to a directory other than
/var and /tmp. Otherwise the overlay/tunnel status is lost. This
directory is relevant to only the Node Daemon. The default is set to
/usr/local/var/xbone which is persistent
across reboots.
Load the CA/host certificates and keys. Host certificates can obtained from X-Bone Site. Typically a single Certificate Authority (CA) cert is the same used through out the site. Any mismatch in the CA/host certificates and between certificates of Node Daemons is noted on the webpages/logs.
Some notable features are missing from the current distribution that will be added soon:
This is applicable only to the X-Bone Node Daemon. The access control entries allow the administrator to control who can deploy and/or view the overlays. A description of the ACL rules semantics (included below) can also be found in the X-Bone Node Daemon Manpage.
The format of the acl is [number] = [ID] [access-level] [max_overlays] [app_uid]
After modifying the entries, they must be saved and the node daemon
restarted to take effect.
After modifying the entries, they must be saved and the node daemon restarted to take effect.
Embedded X-Bone comes preinstalled with an LDAP server. It is not configured to serve X-Bone by default. After completing the X-Bone configuration, LDAP is initialized with X-Bone tree. The order is important because the initialization process uses information from the X-Bone configuration file including hostnames and certificates. Once the initialization is complete, the LDAP server is available on the LAN interface of the host. Any standard tool such as PHPLdapadmin can be used to access the LDAP database and load host configuration information.
As pointed out in the X-Bone documentation, on all other hosts, (1) host
configuration information can be saved in LDIF format using xb-node-control command (2) the
information can be uploaded to the LDAP server using the command xb-ldap-config command. The
interface allows the configuration of the embedded X-Bone box to be
part of a world-wide X-Bone system called GX-Bone.
| TetherNet/X-Bone/DynaBone at USC/ISI. 2.0 © 2005-2006 | [Contact] [Main Page] |