Tutorial 3: Security provider net

Introduction

The goal of this tutorial is to experiment with authentication and SDU protection policies. The scenario to be setup is illustrated in the figure below. This scenario has been tested with the pristine-1.3 branch, using 3 XEN Virtual Machines running in the same Host.

Configuration

Configuration files must be copied to the stack's installation path "etc" folder (e.g. if you installed it in /usr/local/irati, config files must be in /usr/local/irati/etc).

Customer border router

Copy the following files into <installation_path>/etc. The configuration assumes that this system will communicate via the Ethernet interface "eth1", configured with VLAN "300".

• IPCM config file
• DIF (shim) 300 template
• Default DIF template
• Access DIF template
• Multi-provider DIF template
• Access DIF RSA key
• Multi-provider DIF RSA key

Provider border router 1

Copy the following files into <installation_path>/etc. The configuration assumes that this system will communicate via the Ethernet interface "eth1", configured with VLAN "300" and via the Ethernet interface "eth2", configured with VLAN 310.

• IPCM config file
• DIF (shim) 300 template
• DIF (shim) 310 template
• Default DIF template
• Access DIF template
• Regional DIF template
• Multi-provider DIF template
• Access DIF RSA key
• Multi-provider DIF RSA key

Provider border router 2

Copy the following files into <installation_path>/etc. The configuration assumes that this system will communicate via the Ethernet interface "eth1", configured with VLAN "310".

• IPCM config file
• DIF (shim) 300 template
• Default DIF template
• Regional DIF template
• Multi-provider DIF template