Changeset 260
- Timestamp:
- 10/10/13 02:06:15 (11 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
etherws/trunk/README.rst
r220 r260 1 1 Introduction 2 2 ============ 3 etherws is an implementation of Ethernet over WebSocket tunnel based on Linux4 Universal TUN/TAP device driver.3 etherws is an implementation of software switch with the Ethernet over 4 WebSocket tunnel. 5 5 6 6 Overview 7 7 ======== 8 *etherws sw* acts as a simple virtual ethernet switch, and it can create TAP9 interface or WebSocket tunnel by*etherws ctl*::10 11 [tap]12 |13 +-- ---+------+ (control)8 *etherws sw* is a simple virtual ethernet switch. And this is controlled by 9 *etherws ctl*:: 10 11 [tap] [netdev] 12 | | 13 +--+------+--+ (control) 14 14 | etherws sw | <-----------+ 15 15 +-----||-----+ | … … 19 19 +-----||-----+ | 20 20 | etherws sw | <-----------+ 21 +-- ---+------+ (control)22 |23 [tap]21 +--+------+--+ (control) 22 | | 23 [tap] [netdev] 24 24 25 25 Basic Usage … … 28 28 29 29 (Physical Network) 30 -----+------- //-------+-----30 -----+--------- // --------+----- 31 31 | 10.0.0.10 | 10.0.0.5 32 32 +----+-----+ +-----+----+ … … 39 39 (WebSocket Tunnel) 40 40 41 In this case, *WebSocket Tunnel*will be created by following commands.41 In this case, WebSocket Tunnel will be created by following commands. 42 42 43 43 on NodeA:: … … 63 63 Using SSL/TLS 64 64 ------------- 65 etherws supports SSL/TLS connection. Tunnels will be encrypted and server will65 etherws supports SSL/TLS connection. Tunnels will be encrypted and server will 66 66 be verified by using following options. 67 67 … … 70 70 # etherws sw --sslkey ssl.key --sslcert ssl.crt 71 71 72 *ssl.key* is a server private key, and *ssl.crt* is a server certificate. 72 *ssl.key* is a server private key, and *ssl.crt* is a server 73 certificate. 73 74 74 75 On client side:: … … 79 80 certificate was specified. 80 81 81 Client verifies server certificate by default. So, for example, *addport* will82 Client verifies server certificate by default. So, for example, *addport* will 82 83 fail if your server uses self-signed certificate and client uses another CA 83 84 certificate. … … 93 94 Client Authentication 94 95 --------------------- 95 etherws supports HTTP Basic Authentication. Itmeans you can use etherws as96 etherws supports HTTP Basic Authentication. This means you can use etherws as 96 97 simple L2-VPN server/client. 97 98 98 99 On server side, etherws requires user informations in Apache htpasswd format 99 (and currently supports SHA-1 digest only). To create this file::100 (and currently supports SHA-1 digest only). To create this file:: 100 101 101 102 # htpasswd -s -c filename username … … 123 124 124 125 Note that you should not use HTTP Basic Authentication without SSL/TLS support, 125 because itis insecure in itself.126 because this is insecure in itself. 126 127 127 128 Advanced Usage … … 130 131 Remote Control 131 132 -------------- 132 *etherws ctl* controls *etherws sw* by JSON-RPC over HTTP. Itmeans you can133 control *etherws sw* from remote node . However, allowing remote control without134 careful consideration also allows to attack to your server or network. So 135 control URL is bound to localhost by default.133 *etherws ctl* controls *etherws sw* by JSON-RPC over HTTP. This means you can 134 control *etherws sw* from remote nodes. However, allowing remote control 135 without careful consideration also allows to attack to your server or 136 network. So control URL is bound to localhost by default. 136 137 137 138 If you just want to allow remote control, you can use following options for … … 141 142 142 143 This means allowing remote control from any nodes that can access 143 10.0.0.10:1234 TCP/IP. Of course itis very dangerous as described above.144 10.0.0.10:1234 TCP/IP. Of course this is very dangerous as described above. 144 145 145 146 Here, *etherws ctl* can control remote *etherws sw* using following option:: … … 164 165 Note: *etherws ctl* currently cannot verify SSL certificate on controller. 165 166 166 Connect Virtual Machines 167 ------------------------ 167 Virtual Machines Connection 168 --------------------------- 168 169 For example, consider creating following virtual machine network:: 169 170 … … 173 174 | | VM | | | | VM | | 174 175 | +--+--+ | | +--+--+ | 175 | | (vnet0) | | (vnet0) | | 176 | +--+--+ | | +--+--+ | 177 | | br0 | | | | br0 | | 178 | +--+--+ | | +--+--+ | 176 | (vnet0) | | (vnet0) | 179 177 | | | | | | 180 | (ethws0) (eth0) | | (eth0) (ethws0)|178 | [etherws] (eth0) | | (eth0) [etherws] | 181 179 +----||--------+---+ +----+-------||----+ 182 180 || | | || 183 || -----+-------- //--------+----- ||181 || -----+--------- // ---------+----- || 184 182 || (Physical Network) || 185 183 || || … … 187 185 (WebSocket Tunnel) 188 186 189 In this case, it will be created by following commands. 187 Existing network interfaces can also be added to *etherws sw*. 188 So in this case, this will be created by following commands. 190 189 191 190 on HypervisorA:: 192 191 193 192 # etherws sw 194 # etherws ctl addport tap ethws0 195 # brctl addbr br0 196 # brctl addif br0 vnet0 197 # brctl addif br0 ethws0 198 # ifconfig br0 up 193 # etherws ctl addport netdev vnet0 199 194 200 195 on HypervisorB:: 201 196 202 197 # etherws sw 203 # etherws ctl addport tap ethws0198 # etherws ctl addport netdev vnet0 204 199 # etherws ctl addport client ws://HypervisorA/ 205 # brctl addbr br0 206 # brctl addif br0 vnet0 207 # brctl addif br0 ethws0 208 # ifconfig br0 up 200 201 Of course, you can create the TAP port and connect these using the Linux Bridge 202 or the like. 209 203 210 204 History 211 205 ======= 206 1.1 (2013-10-10 JST) 207 - netdev (existing network interfaces) support 208 212 209 1.0 (2012-08-18 JST) 213 210 - global architecture change
Note: See TracChangeset
for help on using the changeset viewer.