David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 1 | ========================================================== |
| 2 | A beginners guide to installing and testing NLSR on Fedora |
| 3 | ========================================================== |
| 4 | |
| 5 | :Authors: David Arjona-Villicaña, Octavio Renteria-Vidales, Ashlesh Gawande |
| 6 | :Date: November, 2018 |
| 7 | :Abstract: This is an easy to follow guide on how to install and test the NLSR routing protocol for NDN using two Fedora 28 machines. The commands and the paths used in this guide have been tested only in Fedora, although a similar procedure should be used for other linux systems. Specifically, the testing section (§ `5 <#test>`__) is platform independent. Therefore users who have NLSR already installed may skip to this section. Since neither NDN, NLSR nor Fedora are static software developments, it is expected that some commands and features in this guide will change over time. However, this guide is as accurate as it could be at the time it was published. |
| 8 | |
| 9 | .. role:: raw-latex(raw) |
| 10 | :format: latex |
| 11 | |
| 12 | |
| 13 | .. _intro: |
| 14 | |
| 15 | 1. Introduction |
| 16 | =============== |
| 17 | |
| 18 | The following instructions are based on the information provided at the |
| 19 | Named Data Networking project web page [NDNmain]_. |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 20 | Before installing NLSR it is necessary to install different libraries and |
Varun Patil | 7d2d689 | 2022-10-14 12:50:30 -0700 | [diff] [blame] | 21 | programs: ndn-cxx, NFD, ChronoSync [optional], ndn-svs [optional] and PSync. |
| 22 | This document describes the necessary steps to correctly install these |
| 23 | programs (§ `2 <#ndncxx>`__, `3 <#nfd>`__ and `4 <#nlsr>`__) and a brief |
| 24 | guide on how to configure and test NLSR using a simple two-node |
| 25 | network (§ `5 <#test>`__). |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 26 | |
| 27 | Many of the commands in this guide need to be executed as *root*. |
| 28 | Starting from Fedora 28, there is no need to set a root user |
| 29 | [Kolman2018]_. However it is possible to define it, |
| 30 | using the following command: |
| 31 | |
| 32 | :: |
| 33 | |
| 34 | $ sudo -i |
| 35 | |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 36 | And then using the ``passwd`` command to set up a password. After setting |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 37 | up the root user, it is possible to become root by employing the |
| 38 | following command and providing the root password when prompted: |
| 39 | |
| 40 | :: |
| 41 | |
| 42 | $ su - |
| 43 | |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 44 | Fedora employs the ``dnf`` command to install and verify installed |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 45 | packages. The following commands may become useful during the |
| 46 | installation process and should be executed as root: |
| 47 | |
| 48 | - To verify that all installed packages are up to date |
| 49 | |
| 50 | :: |
| 51 | |
| 52 | $ dnf update |
| 53 | |
| 54 | - To verify if a package is already installed in the system |
| 55 | |
| 56 | :: |
| 57 | |
| 58 | $ dnf list --installed <package-name> |
| 59 | |
| 60 | - To search for information about a package or family of packages (not |
| 61 | necessarily installed in the system). |
| 62 | |
| 63 | :: |
| 64 | |
| 65 | $ dnf info <package-name> |
| 66 | |
| 67 | - To install a package in the system. |
| 68 | |
| 69 | :: |
| 70 | |
| 71 | $ dnf install <package-name> |
| 72 | |
| 73 | It is also a good installation practice to download and install all the |
| 74 | NDN programs in a common directory. Therefore, it is recommended to |
| 75 | create a directory at the home directory where all the following |
| 76 | programs may get installed. The name of this directory is not important. |
| 77 | However, the following are provided as suggestions: project, NDNproject, |
| 78 | NDNprograms. Each of the programs in the following sections should be |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 79 | downloaded to their own directory using the ``git`` command, and then |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 80 | compiled in this directory. |
| 81 | |
| 82 | .. _ndncxx: |
| 83 | |
| 84 | 2. Installing ndn-cxx |
| 85 | ===================== |
| 86 | |
| 87 | 2.1 Before installing ndn-cxx |
| 88 | ----------------------------- |
| 89 | |
| 90 | An updated list of the packages and programs that need to be installed |
| 91 | before installing ndn-cxx, is provided at [NDN-cxx]_. |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 92 | This list is also reproduced below with the commands to verify that all |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 93 | the packages have been installed in the system. The following commands |
| 94 | should be run as root: |
| 95 | |
| 96 | #. gcc and gcc-c++ |
| 97 | |
| 98 | :: |
| 99 | |
| 100 | $ dnf list --installed gcc |
| 101 | $ dnf list --installed gcc-c++ |
| 102 | |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 103 | #. Python version 3.6 or later |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 104 | |
| 105 | :: |
| 106 | |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 107 | $ python3 -V |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 108 | |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 109 | #. SQLite 3.x |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 110 | |
| 111 | :: |
| 112 | |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 113 | $ dnf list --installed sqlite-devel |
| 114 | |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 115 | #. OpenSSL version 1.1.1 or later |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 116 | |
| 117 | :: |
| 118 | |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 119 | $ dnf list --installed openssl-devel |
| 120 | |
| 121 | #. pkgconf that replaces pkg-config |
| 122 | |
| 123 | :: |
| 124 | |
| 125 | $ dnf list --installed pkgconf* |
| 126 | |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 127 | #. Boost libraries version 1.65.1 or later |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 128 | |
| 129 | :: |
| 130 | |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 131 | $ dnf list --installed boost-devel |
| 132 | |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 133 | #. git |
| 134 | |
| 135 | :: |
| 136 | |
| 137 | $ dnf list --installed git |
| 138 | |
| 139 | #. doxygen (optional) |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 140 | |
| 141 | :: |
| 142 | |
| 143 | $ dnf list --installed doxygen |
| 144 | |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 145 | #. graphviz (optional) |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 146 | |
| 147 | :: |
| 148 | |
| 149 | $ dnf list --installed graphviz |
| 150 | |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 151 | #. python3-pip (optional) |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 152 | |
| 153 | :: |
| 154 | |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 155 | $ dnf list --installed python3-pip |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 156 | |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 157 | #. After verifying that the python3-pip package has been installed, it |
| 158 | is necessary to run the following command: |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 159 | |
| 160 | :: |
| 161 | |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 162 | $ pip install sphinx sphinxcontrib-doxylink |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 163 | |
| 164 | 2.2 Downloading and installing ndn-cxx |
| 165 | -------------------------------------- |
| 166 | |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 167 | The ``git`` command allows to download the ndn-cxx library in its own |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 168 | folder, also called *ndn-cxx*. Therefore it is recommended to execute |
| 169 | this command at the directory created at § `1 <#intro>`__: |
| 170 | |
| 171 | :: |
| 172 | |
| 173 | $ git clone --depth 1 https://github.com/named-data/ndn-cxx.git |
| 174 | |
| 175 | Move to the ndn-cxx directory: |
| 176 | |
| 177 | :: |
| 178 | |
| 179 | $ cd ndn-cxx |
| 180 | |
| 181 | Use the following command to verify that everything is ready to compile. |
| 182 | If an error message displays, it is necessary to fix it before |
| 183 | continuing: |
| 184 | |
| 185 | :: |
| 186 | |
| 187 | $ ./waf configure --with-examples |
| 188 | |
| 189 | Compile the ndn-cxx library and install the compiled files at the |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 190 | system's directories: |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 191 | |
| 192 | :: |
| 193 | |
| 194 | $ ./waf |
| 195 | $ sudo ./waf install |
| 196 | |
| 197 | 2.3 Configuring ndn-cxx |
| 198 | ----------------------- |
| 199 | |
| 200 | The commands in this subsection need to be run as root. First, it is |
| 201 | necessary to create file *local.conf*, which contains a line with the |
| 202 | location for the ndn-cxx library: |
| 203 | |
| 204 | :: |
| 205 | |
| 206 | $ echo /usr/local/lib64 >> /etc/ld.so.conf.d/local.conf |
| 207 | |
| 208 | The following command configures the libraries: |
| 209 | |
| 210 | :: |
| 211 | |
| 212 | $ ldconfig -v | grep ndn |
| 213 | |
| 214 | This command should display a line similar to the following: |
| 215 | |
| 216 | :: |
| 217 | |
| 218 | libndn-cxx.so.0.6.1 -> libndn-cxx.so.0.6.1 |
| 219 | |
| 220 | Configure the NDN path: |
| 221 | |
| 222 | :: |
| 223 | |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 224 | $ echo export PKG_CONFIG_PATH=/usr/local/lib64/pkgconfig >> /etc/profile.d/ndn.sh |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 225 | |
| 226 | After this command has been executed, it is necessary to apply the |
| 227 | changes by either logging out and back in, and then running the |
| 228 | following command: |
| 229 | |
| 230 | :: |
| 231 | |
| 232 | $ printenv | grep PKG |
| 233 | |
| 234 | Or by executing the following command: |
| 235 | |
| 236 | :: |
| 237 | |
| 238 | $ ./etc/profile.d/ndn.sh |
| 239 | |
| 240 | For more information and examples about how to compile and configure |
| 241 | this library, users should read the ndn-cxx guide at |
| 242 | [NDN-cxx]_. |
| 243 | |
| 244 | .. _nfd: |
| 245 | |
| 246 | 3. Installing NFD |
| 247 | ================= |
| 248 | |
| 249 | 3.1 Before installing NFD |
| 250 | ------------------------- |
| 251 | |
| 252 | An updated list of the packages and programs that need to be installed |
| 253 | before NFD is provided at [NDNNFD]_. Before installing |
| 254 | NFD it is necessary to verify that the following packages are installed: |
| 255 | |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 256 | #. pcap library |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 257 | |
| 258 | :: |
| 259 | |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 260 | $ dnf list --installed libpcap-devel |
| 261 | |
| 262 | 3.2 Downloading and installing NFD |
| 263 | ---------------------------------- |
| 264 | |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 265 | This software is downloaded and installed in a folder called *NFD*, which |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 266 | should be created at the directory defined at § `1 <#intro>`__. The |
| 267 | following commands need to be run as a regular user: |
| 268 | |
| 269 | :: |
| 270 | |
| 271 | $ git clone --depth 1 https://github.com/named-data/NFD.git |
| 272 | $ cd NFD |
| 273 | $ ./waf configure |
| 274 | |
| 275 | If the previous command prints an error message saying that waf cannot |
| 276 | find WebSocket, it is necessary to follow the instructions provided by |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 277 | this same output, which tells the user to run the following command: |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 278 | |
| 279 | :: |
| 280 | |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 281 | $ git submodule update --init |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 282 | |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 283 | After executing these instructions, complete the configuration by running |
| 284 | ``./waf configure`` again. Then complete the installation by means of the |
| 285 | following commands: |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 286 | |
| 287 | :: |
| 288 | |
| 289 | $ ./waf |
| 290 | $ sudo ./waf install |
| 291 | |
| 292 | 3.3 Configuring NFD |
| 293 | ------------------- |
| 294 | |
| 295 | Create a configuration file by running the following command as root: |
| 296 | |
| 297 | :: |
| 298 | |
| 299 | $ cp /usr/local/etc/ndn/nfd.conf.sample /usr/local/etc/ndn/nfd.conf |
| 300 | |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 301 | After the configuration file has been created, NFD's behavior may be |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 302 | changed by modifying this file. Once the configuration file has been |
| 303 | created, it is recommended to start NFD by using the following command: |
| 304 | |
| 305 | :: |
| 306 | |
| 307 | $ nfd-start |
| 308 | |
| 309 | This command does not properly allow to employ the command window to |
| 310 | enter new commands; however it displays the NFD logs. Therefore, it is |
| 311 | recommended to open a new command window. This second window may be used |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 312 | to verify NDF's status and then stop NFD by using the following |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 313 | commands: |
| 314 | |
| 315 | :: |
| 316 | |
| 317 | $ nfd-status |
| 318 | $ nfd-stop |
| 319 | |
| 320 | .. _nlsr: |
| 321 | |
| 322 | 4. Installing NLSR |
| 323 | ================== |
| 324 | |
Ashlesh Gawande | 30d96e4 | 2021-03-21 19:15:33 -0700 | [diff] [blame] | 325 | 4.1 Installing PSync |
| 326 | -------------------- |
| 327 | |
| 328 | Before installing NLSR, it is also necessary to download and install |
| 329 | PSync. PSync is a synchronization library which allows NLSR to synchronize LSAs |
| 330 | similar to ChronoSync. More information about PSync may be found at [PSync]_. |
| 331 | This library may be installed by running the following commands as a regular |
| 332 | user and at the directory defined at § `1 <#intro>`__: |
| 333 | |
| 334 | :: |
| 335 | |
| 336 | $ git clone --depth 1 https://github.com/named-data/PSync.git |
| 337 | $ cd PSync |
| 338 | $ ./waf configure |
| 339 | $ ./waf |
| 340 | $ sudo ./waf install |
| 341 | |
| 342 | The following command needs to be used again to configure the libraries: |
| 343 | |
| 344 | :: |
| 345 | |
| 346 | $ sudo ldconfig -v | grep -i psync |
| 347 | |
| 348 | This command should display a line similar to the following: |
| 349 | |
| 350 | :: |
| 351 | |
| 352 | libPSync.so.0.1.0 -> libPSync.so.0.1.0 |
| 353 | |
| 354 | 4.2 [Optional] Installing ChronoSync |
| 355 | ------------------------------------ |
| 356 | |
| 357 | By default NLSR no longer builds with ChronoSync support. |
| 358 | Since ChronoSync is deprecated, only install it for testing purposes. |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 359 | |
| 360 | Before installing NLSR, it is necessary to first download and install |
Ashlesh Gawande | 32ec3fd | 2018-07-18 13:42:32 -0500 | [diff] [blame] | 361 | ChronoSync, which is a synchronization library which allows NLSR routers |
| 362 | to synchronize Link State Advertisements (LSAs). More information about |
| 363 | ChronoSync may be found at [Chronosync]_. This library may be |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 364 | installed by running the following commands as a regular user and at the |
| 365 | directory defined at § `1 <#intro>`__: |
| 366 | |
| 367 | :: |
| 368 | |
| 369 | $ git clone --depth 1 https://github.com/named-data/ChronoSync.git |
| 370 | $ cd ChronoSync |
| 371 | $ ./waf configure |
| 372 | $ ./waf |
| 373 | $ sudo ./waf install |
| 374 | |
| 375 | The following command needs to be used again to configure the libraries: |
| 376 | |
| 377 | :: |
| 378 | |
Ashlesh Gawande | 32ec3fd | 2018-07-18 13:42:32 -0500 | [diff] [blame] | 379 | $ sudo ldconfig -v | grep -i chronosync |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 380 | |
| 381 | This command should display a line similar to the following: |
| 382 | |
| 383 | :: |
| 384 | |
| 385 | libChronoSync.so.0.5.0 -> libChronoSync.so.0.5.0 |
| 386 | |
Varun Patil | 7d2d689 | 2022-10-14 12:50:30 -0700 | [diff] [blame] | 387 | 4.3 [Optional] Installing SVS |
| 388 | ----------------------------- |
| 389 | |
| 390 | NLSR can also use State Vector Sync as the underlying Sync protocol, |
| 391 | using the ndn-svs library. |
| 392 | |
| 393 | This library may be installed by running the following commands as a |
| 394 | regular user and at the directory defined at § `1 <#intro>`__: |
| 395 | |
| 396 | :: |
| 397 | |
| 398 | $ git clone --depth 1 https://github.com/named-data/ndn-svs.git |
| 399 | $ cd ndn-svs |
| 400 | $ ./waf configure |
| 401 | $ ./waf |
| 402 | $ sudo ./waf install |
| 403 | |
| 404 | The following command needs to be used again to configure the libraries: |
| 405 | |
| 406 | :: |
| 407 | |
| 408 | $ sudo ldconfig -v | grep ndn-svs |
| 409 | |
| 410 | This command should display a line similar to the following: |
| 411 | |
| 412 | :: |
| 413 | |
| 414 | libndn-svs.so.0.0.1 -> libndn-svs.so.0.0.1 |
| 415 | |
| 416 | 4.4 Downloading and installing NLSR |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 417 | ----------------------------------- |
| 418 | |
| 419 | NLSR is downloaded and installed in a folder called *NLSR* which should |
| 420 | be created at the directory defined at § `1 <#intro>`__. The following |
| 421 | commands need to be run as a regular user: |
| 422 | |
| 423 | :: |
| 424 | |
| 425 | $ git clone --depth 1 https://github.com/named-data/NLSR.git |
| 426 | $ cd NLSR |
| 427 | $ ./waf configure |
| 428 | $ ./waf |
| 429 | $ sudo ./waf install |
| 430 | |
Ashlesh Gawande | 30d96e4 | 2021-03-21 19:15:33 -0700 | [diff] [blame] | 431 | If ChronoSync support is needed for testing, please configure NLSR with: |
| 432 | |
| 433 | :: |
| 434 | |
| 435 | $ ./waf configure --with-chronosync |
| 436 | |
Varun Patil | 7d2d689 | 2022-10-14 12:50:30 -0700 | [diff] [blame] | 437 | 4.5 Configuring NLSR |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 438 | -------------------- |
| 439 | |
| 440 | Create and configure the following directory by running the following |
| 441 | commands as root: |
| 442 | |
| 443 | :: |
| 444 | |
| 445 | $ mkdir /var/lib/nlsr |
| 446 | $ chmod 777 /var/lib/nlsr |
| 447 | |
| 448 | .. _test: |
| 449 | |
| 450 | 5. Configuring and Testing NLSR |
| 451 | =============================== |
| 452 | |
| 453 | To test NLSR, the first step is to configure the keys and certificates |
| 454 | that implement a secure communication between the routers. Then it is |
| 455 | necessary to verify that the computers in the test network are |
| 456 | connected, that NFD is running and the faces between the computers are |
| 457 | configured. Finally, the NLSR configuration file has to be edited before |
| 458 | running NLSR. The following subsections are provided as a guide to |
| 459 | define and configure a simple computer network between two computers: |
| 460 | router1 and router2. |
| 461 | |
| 462 | .. _security: |
| 463 | |
| 464 | 5.1 Setting up the security |
| 465 | --------------------------- |
| 466 | |
| 467 | Configuring security in an NDN network requires to generate, exchange |
| 468 | and install, keys and certificates between the root, site, operator and |
| 469 | router computers that form the network |
| 470 | [NLSRsecconf]_, [NLSRdevguide]_, although in practice, it |
| 471 | is possible to keep more than one of these entities in a single machine. |
| 472 | The following example and *Figure 1* show how to configure security |
| 473 | for a single router, called Router X. In this example, the root, site, |
| 474 | operator and Router X are in different computers: |
| 475 | |
| 476 | .. figure:: security_comp.png |
| 477 | :alt: Security configuration example for Router X. |
| 478 | :width: 19cm |
| 479 | :align: center |
| 480 | |
| 481 | Fig. 1. Security configuration example for Router X. |
| 482 | |
| 483 | |
| 484 | #. At the root server, generate the root key: |
| 485 | |
| 486 | :: |
| 487 | |
| 488 | $ ndnsec-key-gen /ndn/ > root.key |
| 489 | |
| 490 | #. Generate the certificate for the root key at the root server: |
| 491 | |
| 492 | :: |
| 493 | |
| 494 | $ ndnsec-cert-dump -i /ndn/ > root.cert |
| 495 | |
| 496 | #. Install the root certificate at the root server: |
| 497 | |
| 498 | :: |
| 499 | |
| 500 | $ ndnsec-cert-install -f root.cert |
| 501 | |
| 502 | #. At the site server, generate the site key: |
| 503 | |
| 504 | :: |
| 505 | |
| 506 | $ ndnsec-key-gen /ndn/edu/uaslp > site.key |
| 507 | |
| 508 | #. Copy the site key to the root server and generate the certificate for |
| 509 | the site server: |
| 510 | |
| 511 | :: |
| 512 | |
| 513 | $ ndnsec-cert-gen -s /ndn/ site.key > site.cert |
| 514 | |
| 515 | #. Copy the site certificate to the site server and install it: |
| 516 | |
| 517 | :: |
| 518 | |
| 519 | $ ndnsec-cert-install -f site.cert |
| 520 | |
| 521 | #. At the operator server, generate the operator key: |
| 522 | |
| 523 | :: |
| 524 | |
| 525 | $ ndnsec-key-gen /ndn/edu/uaslp/%C1.Operator/op > op.key |
| 526 | |
| 527 | #. Copy the operator key to the site server and generate the certificate |
| 528 | for the operator server: |
| 529 | |
| 530 | :: |
| 531 | |
| 532 | $ ndnsec-cert-gen -s /ndn/edu/uaslp op.key > op.cert |
| 533 | |
| 534 | #. Copy the operator certificate to the operator server and install it: |
| 535 | |
| 536 | :: |
| 537 | |
| 538 | $ ndnsec-cert-install -f op.cert |
| 539 | |
| 540 | #. At the router, generate the router key: |
| 541 | |
| 542 | :: |
| 543 | |
| 544 | $ ndnsec-key-gen /ndn/edu/uaslp/%C1.Router/routerX > routerX.key |
| 545 | |
| 546 | #. Copy the router key to the operator server and generate the |
| 547 | certificate for the router: |
| 548 | |
| 549 | :: |
| 550 | |
| 551 | $ ndnsec-cert-gen -s /ndn/edu/uaslp/%C1.Operator/op routerX.key > |
| 552 | routerX.cert |
| 553 | |
| 554 | #. Copy the router certificate to the router and install it: |
| 555 | |
| 556 | :: |
| 557 | |
| 558 | $ ndnsec-cert-install -f routerX.cert |
| 559 | |
| 560 | In the previous steps, the *%C1.Router* and *%C1.Operator* labels are |
| 561 | NDN keywords and should not be changed. These labels will be also used |
| 562 | by the configuration file (§ `5.4 <#configfile>`__) |
| 563 | |
| 564 | The following command may be used to verify that the certificates have |
| 565 | been installed in a computer: |
| 566 | |
| 567 | :: |
| 568 | |
| 569 | $ ndnsec-list |
| 570 | |
| 571 | This guide recommends that one machine functions as the root, site, |
| 572 | operator and router1, while a different computer only functions as |
| 573 | router2. *Figure 2* shows this |
| 574 | configuration. For router1, the twelve steps described before need to be |
| 575 | executed except for exchanging files between computers. For the router2, |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 576 | only steps 10 to 12 are needed to generate this router's certificate. |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 577 | |
| 578 | Additionally, the following command may be used to print a list and a |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 579 | brief description of all the ``ndnsec`` commands: |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 580 | |
| 581 | :: |
| 582 | |
| 583 | $ man ndnsec |
| 584 | |
| 585 | |
| 586 | .. figure:: netwk1.png |
| 587 | :alt: Example network. |
| 588 | :width: 19cm |
| 589 | :align: center |
| 590 | |
| 591 | Fig. 2. Example network. |
| 592 | |
| 593 | |
| 594 | 5.2 Configuring the network |
| 595 | --------------------------- |
| 596 | |
| 597 | The first step is to configure the physical network. If two computers |
| 598 | are going to get connected using a single Ethernet cable, it is |
| 599 | necessary to verify that this cable is a crossover. The other option is |
| 600 | to employ a switch between two computers that are then connected using |
| 601 | two regular Ethernet cables. |
| 602 | |
| 603 | After the physical network has been assembled, it is necessary to |
| 604 | configure the network addresses and cards for all the computers in the |
| 605 | network. It is important to remember that computers that are connected |
| 606 | to each other should use the same subnetwork address. It is possible to |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 607 | verify the network configuration in a Linux computer by means of the |
| 608 | ``ip addr`` command. |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 609 | |
| 610 | Once the physical network and network cards have been configured, it is |
| 611 | necessary to verify that the computers can communicate with each other. |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 612 | The simplest way to do this is by using the ``ping`` command: |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 613 | |
| 614 | :: |
| 615 | |
| 616 | $ ping <remote-ip-address> |
| 617 | |
| 618 | 5.3 Starting and configuring NFD |
| 619 | -------------------------------- |
| 620 | |
| 621 | To start and configure NFD it is necessary to open two terminal windows. |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 622 | The first one will be used to start NFD by means of the ``nfd-start`` |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 623 | command. This terminal will also display the logs that NFD generates. By |
| 624 | default, NFD only generates informational logs (INFO). However, it is |
| 625 | possible to obtain different levels of verbosity for these logs. These |
| 626 | levels can be set before NFD starts by editing the |
| 627 | */usr/local/etc/ndn/nfd.conf* file. Open this file using a regular text |
| 628 | editor, read the information provided about logging and then modify the |
| 629 | *default-level* variable at the *log* section according to the |
| 630 | instructions provided in the file. Additional information about NFD |
| 631 | configuration may be found at [NDNNFDusage]_. |
| 632 | |
| 633 | The second terminal will be used to monitor the NFD status: |
| 634 | |
| 635 | :: |
| 636 | |
| 637 | $ nfd-status |
| 638 | |
| 639 | Employ the following command to configure each face that a computer uses |
| 640 | to connect to a neighboring computer: |
| 641 | |
| 642 | :: |
| 643 | |
| 644 | $ nfdc face create udp4://<remote-ip-address> |
| 645 | |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 646 | The face id may be displayed by running: |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 647 | |
| 648 | :: |
| 649 | |
| 650 | $ nfdc face list |
| 651 | |
| 652 | The status of the face may be verified by using the following command: |
| 653 | |
| 654 | :: |
| 655 | |
| 656 | $ nfdc face show id <face-id> |
| 657 | |
| 658 | After finishing NLSR testing, it is necessary to destroy the face before |
| 659 | stopping NFD. This operation is described at § `5.6 <#turn_off>`__. For |
| 660 | the two computer network provided as an example (*Figure 2*), it is necessary that both |
| 661 | machines run NFD and that each one configures a face that connects to |
| 662 | the other machine. |
| 663 | |
| 664 | .. _configfile: |
| 665 | |
| 666 | 5.4 Setting up the configuration file |
| 667 | ------------------------------------- |
| 668 | |
| 669 | Instructions on how to use the configuration file are already provided |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 670 | at the NLSR's Router Configuration page [NLSRrtrconf]_. |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 671 | Read the information in this page to understand NLSR router |
| 672 | configuration. The following text describes the instructions that have |
| 673 | been modified at the default nlsr.conf file for router1: |
| 674 | |
| 675 | :: |
| 676 | |
| 677 | ; AT general SECTION: |
| 678 | { |
| 679 | network /ndn/ ; name of the network |
| 680 | site /edu/uaslp ; name of the site |
| 681 | router /%C1.Router/router1 ; name of the router: router1 |
| 682 | } |
| 683 | |
| 684 | ;AT neighbors SECTION: |
| 685 | neighbors |
| 686 | { |
| 687 | neighbor |
| 688 | { |
| 689 | name /ndn/edu/uaslp/%C1.Router/router2 ; Neighbor router: router2 |
| 690 | face-uri udp://140.220.80.124 ; face to the neighbor |
| 691 | link-cost 30 ; cost of the link |
| 692 | } |
| 693 | } |
| 694 | |
| 695 | ; AT advertising SECTION: |
| 696 | advertising |
| 697 | { |
| 698 | prefix /ndn/edu/uaslp/office/bldg1 ; Advertising destinations |
| 699 | prefix /ndn/edu/uaslp/office/bldg2 ; for router1 |
| 700 | } |
| 701 | |
| 702 | ; AT security SECTION: |
| 703 | security |
| 704 | { |
| 705 | validator |
| 706 | { |
| 707 | ... |
| 708 | trust-anchor |
| 709 | { |
| 710 | type file |
| 711 | file-name "root.cert" ; root certificate file |
| 712 | } |
| 713 | } |
| 714 | |
| 715 | prefix-update-validator |
| 716 | { |
| 717 | ... |
| 718 | trust-anchor |
| 719 | { |
| 720 | type file |
| 721 | file-name "site.cert" ; site certificate file |
| 722 | } |
| 723 | } |
| 724 | |
| 725 | cert-to-publish "root.cert" ; root certificate file |
| 726 | |
| 727 | cert-to-publish "site.cert" ; site certificate file |
| 728 | |
| 729 | cert-to-publish "op.cert" ; operator certificate file |
| 730 | |
| 731 | cert-to-publish "router1.cert" ; router1 certificate file |
| 732 | } |
| 733 | |
| 734 | The following text shows the modified instructions for router2: |
| 735 | |
| 736 | :: |
| 737 | |
| 738 | ; AT general SECTION: |
| 739 | { |
| 740 | network /ndn/ ; name of the network |
| 741 | site /edu/uaslp ; name of the site |
| 742 | router /%C1.Router/router2 ; name of the router: router2 |
| 743 | } |
| 744 | |
| 745 | ;AT neighbors SECTION: |
| 746 | neighbors |
| 747 | { |
| 748 | neighbor |
| 749 | { |
| 750 | name /ndn/edu/uaslp/%C1.Router/router1 ; Neighbor router: router1 |
| 751 | face-uri udp://140.220.80.121 ; face to the neighbor |
| 752 | link-cost 30 ; cost of the link |
| 753 | } |
| 754 | } |
| 755 | |
| 756 | ; AT advertising SECTION: |
| 757 | advertising |
| 758 | { |
| 759 | prefix /ndn/edu/uaslp/labs/networks ; Advertising destinations |
| 760 | prefix /ndn/edu/uaslp/labs/hardware ; for router2 |
| 761 | } |
| 762 | |
| 763 | ; AT security SECTION: |
| 764 | security |
| 765 | { |
| 766 | validator |
| 767 | { |
| 768 | ... |
| 769 | trust-anchor |
| 770 | { |
| 771 | type file |
| 772 | file-name "root.cert" ; root certificate file |
| 773 | } ; this file needs to be copied to |
| 774 | } ; router2 |
| 775 | |
| 776 | prefix-update-validator |
| 777 | { |
| 778 | ... |
| 779 | trust-anchor |
| 780 | { |
| 781 | type file |
| 782 | file-name "site.cert" ; site certificate file |
| 783 | } ; this file needs to be copied to |
| 784 | } ; router2 |
| 785 | |
| 786 | ... |
| 787 | cert-to-publish "router2.cert" ; router2 certificate file |
| 788 | } |
| 789 | |
| 790 | Notice that files *root.cert* and *site.cert*, which were generated at |
| 791 | router1, need to be copied to router2. Also notice that the *%C1.Router* |
| 792 | and *%C1.Operator* keywords employed at § `5.1 <#security>`__ are also |
| 793 | referenced by these configuration files. |
| 794 | |
| 795 | .. _starting_nlsr: |
| 796 | |
| 797 | 5.5 Starting NLSR |
| 798 | ----------------- |
| 799 | |
| 800 | It is recommended to open a third command terminal and run NLSR in this |
| 801 | window. After the NLSR configuration file has been edited and saved as |
| 802 | *nlsr.conf*, it is possible to start NLSR by running either of the |
| 803 | following two commands: |
| 804 | |
| 805 | :: |
| 806 | |
| 807 | $ nlsr |
| 808 | $ nlsr -f <configuration-file> |
| 809 | |
| 810 | However, to verify what is NLSR doing, it becomes necessary to employ |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 811 | NLSR's logging facility [NLSRstarting]_. A brief |
| 812 | description on how to use NDN's logging facility may be displayed by |
| 813 | entering the ``man ndn-log`` command. This guide recommends using one |
| 814 | of the following two instructions to start NLSR: |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 815 | |
| 816 | :: |
| 817 | |
| 818 | $ export NDN_LOG=nlsr.*=TRACE && nlsr |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 819 | $ export NDN_LOG=nlsr.*=TRACE && nlsr -f <configuration-file> |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 820 | |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 821 | The second terminal window may be used to run ``nfd-status`` again and |
| 822 | it should be possible to verify that the status has changed, specially |
| 823 | at the FIB and RIB sections of the generated report. |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 824 | |
| 825 | .. _turn_off: |
| 826 | |
| 827 | 5.6 Turning everything off |
| 828 | -------------------------- |
| 829 | |
| 830 | In order to stop NLSR and NFD, the following sequence of events is |
| 831 | recommended: |
| 832 | |
| 833 | #. Stop NLSR by pressing the Ctrl+C keys at the third terminal window. |
| 834 | |
| 835 | #. Destroy the face to the remote computers using either of the |
| 836 | following two commands at the second terminal window: |
| 837 | |
| 838 | :: |
| 839 | |
| 840 | $ nfdc face destroy <face-id> |
| 841 | $ nfdc face destroy udp4://<remote-ip-address> |
| 842 | |
| 843 | #. Stop NFD by entering the following command at the second terminal |
| 844 | window: |
| 845 | |
| 846 | :: |
| 847 | |
| 848 | $ nfd-stop |
| 849 | |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 850 | #. The crossover Ethernet cable may be unplugged and the computers' |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 851 | network configuration restored to its original settings. |
| 852 | |
| 853 | 5.7 Where to go from here |
| 854 | ------------------------- |
| 855 | |
| 856 | Users interested in building and configuring larger networks may want to |
| 857 | take a look at the NDN Ansible repository |
| 858 | [NDNAnsible]_. This repository uses Ansible, which is a |
| 859 | configuration management tool, to manage the official NDN testbed |
| 860 | deployment [NDNTestbed]_. |
| 861 | |
| 862 | |
Davide Pesavento | fa54ee9 | 2023-02-20 04:16:51 -0500 | [diff] [blame] | 863 | .. [NDNmain] *Named Data Networking*, https://named-data.net/, March 2018. |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 864 | |
| 865 | .. [Kolman2018] M. Kolman. *Anaconda improvements in Fedora 28*, Fedora Magazine, June 2018. |
| 866 | |
Davide Pesavento | fa54ee9 | 2023-02-20 04:16:51 -0500 | [diff] [blame] | 867 | .. [NDN-cxx] *Getting started with ndn-cxx*, https://docs.named-data.net/ndn-cxx/current/INSTALL.html, April 2018. |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 868 | |
Davide Pesavento | fa54ee9 | 2023-02-20 04:16:51 -0500 | [diff] [blame] | 869 | .. [NDNNFD] *Getting started with NFD*, https://docs.named-data.net/NFD/current/INSTALL.html, April 2018. |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 870 | |
Davide Pesavento | fa54ee9 | 2023-02-20 04:16:51 -0500 | [diff] [blame] | 871 | .. [NDNNFDusage] *NFD usage*, https://docs.named-data.net/NFD/current/manpages/nfd.html, May 2018. |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 872 | |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 873 | .. [Chronosync] Z. Zhu and A. Afanasyev. *Let's ChronoSync: Decentralized dataset state synchronization in Named Data Networking*, in IEEE ICNP, October 2013. |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 874 | |
Ashlesh Gawande | 32ec3fd | 2018-07-18 13:42:32 -0500 | [diff] [blame] | 875 | .. [PSync] M. Zhang, V. Lehman, and L. Wang. *Scalable Name-based Data Synchronization for Named Data Networking*, in IEEE INFOCOM, May 2017. |
| 876 | |
Davide Pesavento | fa54ee9 | 2023-02-20 04:16:51 -0500 | [diff] [blame] | 877 | .. [NLSRsecconf] *NLSR Security Configuration*, https://docs.named-data.net/NLSR/current/SECURITY-CONFIG.html June 2018. |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 878 | |
Davide Pesavento | ede5963 | 2022-08-26 20:35:44 -0400 | [diff] [blame] | 879 | .. [NLSRdevguide] V. Lehman, M. Chowdhury, N. Gordon, A. Gawande. *NLSR Developer's Guide*, University of Memphis, November 2017. |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 880 | |
Davide Pesavento | fa54ee9 | 2023-02-20 04:16:51 -0500 | [diff] [blame] | 881 | .. [NLSRrtrconf] *NLSR Router Configuration*, https://docs.named-data.net/NLSR/current/ROUTER-CONFIG.html, April 2018. |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 882 | |
Davide Pesavento | fa54ee9 | 2023-02-20 04:16:51 -0500 | [diff] [blame] | 883 | .. [NLSRstarting] *Getting Started with NLSR*, https://docs.named-data.net/NLSR/current/GETTING-STARTED.html, May 2018. |
David Arjona | 2e6c8bb | 2018-11-14 16:27:09 -0600 | [diff] [blame] | 884 | |
| 885 | .. [NDNAnsible] *NDN Ansible repository*, https://github.com/WU-ARL/NDN_Ansible, October 2018. |
| 886 | |
| 887 | .. [NDNTestbed] *NDN Testbed*, https://named-data.net/ndn-testbed/, October 2018. |