Hybrid Design is an new idea of IRIS which combines all software functions in one unit, instead of having seperate configurations for different units.
Current Status: Pre-Production Testing
Advantages:
- More flexible software configuration.
- Only one branch to maintain.
- Better understanding of the different systems in use.
- Using less hardware at an location.
Some downsides:
- Implementation is sometimes not so trivial to understand.
Extra goals:
- No manual configuration on the nodes anymore, all configuration flags in Gformat.
- More robust setup (no full file:/var partions anymore).
- Take better use of available hardware (use buildin standard daemons, instead of the light versions).
Implementation details:
- An Node can have services, this desides the role and daemons to run.
- Firewall logic is stored in pf firewall. file:/etc/pf.*.conf
- Routing table 0, reflect the main function of the machine (e.g. how clients uses the machine).
- Routing table 1, is an shadow routing table with an default gateway pointing to the directly connected route.
- file:/tools/check-inet-alive enables or disables services which reflects the current state of the inet connection.
- Useless traffic is blocked/rejected as soon as possible.
Current Roles:
- service_proxy_ileiden = Outgoing NAT Router.
- service_proxy_normal = Outgoing HTTP Proxy.
- service_access_point = Accesspoint with Captive Portal.
- service_incoming_rdr = Incoming NAT/RDR Router.
To-Be-Implemented Roles:
- service_openvpn_server = Incoming OpenVPN Server.
- service_openvpn_client = Outgoing OpenVPN Client.
Last modified
13 years ago
Last modified on May 13, 2012, 9:19:51 PM
Note:
See TracWiki
for help on using the wiki.