| | 1 | Hybrid Design is an new idea of IRIS which combines all software functions in one unit, instead of having seperate configurations for different units. |
| | 2 | |
| | 3 | Current Status: Pre-Production Testing |
| | 4 | |
| | 5 | Advantages: |
| | 6 | - More flexible software configuration. |
| | 7 | - Only one branch to maintain. |
| | 8 | - Better understanding of the different systems in use. |
| | 9 | - Using less hardware at an location. |
| | 10 | |
| | 11 | |
| | 12 | Some downsides: |
| | 13 | - Implementation is sometimes not so trivial to understand. |
| | 14 | |
| | 15 | Extra goals: |
| | 16 | - No manual configuration on the nodes anymore, all configuration flags in Gformat. |
| | 17 | - More robust setup (no full file:/var partions anymore). |
| | 18 | - Take better use of available hardware (use buildin standard daemons, instead of the light versions). |
| | 19 | |
| | 20 | |
| | 21 | |
| | 22 | |
| | 23 | |
| | 24 | Implementation details: |
| | 25 | - An Node can have services, this desides the role and daemons to run. |
| | 26 | - Firewall logic is stored in pf firewall. file:/etc/pf.*.conf |
| | 27 | - Routing table 0, reflect the main function of the machine (e.g. how clients uses the machine). |
| | 28 | - Routing table 1, is an shadow routing table with an default gateway pointing to the directly connected route. |
| | 29 | - file:/tools/check-inet-alive enables or disables services which reflects the current state of the inet connection. |
| | 30 | - Useless traffic is blocked/rejected as soon as possible. |
| | 31 | |
| | 32 | |
| | 33 | Current Roles: |
| | 34 | - service_proxy_ileiden = Outgoing NAT Router. |
| | 35 | - service_proxy_normal = Outgoing HTTP Proxy. |
| | 36 | - service_access_point = Accesspoint with Captive Portal. |
| | 37 | - service_incoming_rdr = Incoming NAT/RDR Router. |
| | 38 | |
| | 39 | To-Be-Implemented Roles: |
| | 40 | - service_openvpn_server = Incoming OpenVPN Server. |
| | 41 | - service_openvpn_client = Outgoing OpenVPN Client. |
