Feature #2201
closed
Remote prefix registration test scenario
100%
Description
Develop an integration test for remote prefix registration.
Topology¶
A---B
IPv4 UDP tunnel is used.
Steps¶
- generate certificates on A for these identities, in RIB daemon's KeyChain:
- ndn:/Z/A self-signed
- ndn:/Z/A/nrd signed by ndn:/Z/A
- ndn:/Z/A/B/C signed by ndn:/Z/A
- ndn:/Z/A/B/C/D/E/nrd signed by ndn:/Z/A/B/C
- ndn:/Z/F self-signed
- configure NFD on A:
- enable remote prefix registration
- set remote registration refreshing time to 15 seconds
- configure NFD on B:
- set UDP face timeout to 35 seconds
- enable acceptance of prefix registration using
ndn:/localhop/nfd/ribcommand prefix - make ndn:/Z/A a trust anchor for prefix registration using
ndn:/localhop/nfd/ribcommand prefix - set broadcast strategy for ndn:/
- start NFD (including RIB Daemon) on A,B
- start
repo-ngon A to listen onndn:/prefix, and put all certificates generated in step 1 into this repo via TCP bulk insert protocol - start
nfd-autoreg --prefix=/Zon B - execute nfdc on A to create a face toward B over UDP
- start ndnpingserver for ndn:/Z/A/G on A, defer 5 seconds
- inspect RIB on B, fail the test case if Route for ndn:/Z/A toward A exists
- execute nfdc on A to register a Route for ndn:/localhop/nfd on the face created in step 7
- defer 5 seconds
- inspect RIB on B, fail the test case if Route for ndn:/Z/A toward A does not exist
- start ndnpingserver for ndn:/Z/A/H on A, defer 5 seconds
- inspect RIB on B, fail the test case if Route for ndn:/Z/A toward A does not exist
- stop ndnpingserver from step 8, defer 5 seconds
- inspect RIB on B, fail the test case if Route for ndn:/Z/A toward A does not exist
- stop ndnpingserver from step 13, defer 5 seconds
- inspect RIB on B, fail the test case if Route for ndn:/Z/A toward A exists
- start ndnpingserver for ndn:/Z/A/B/C/D on A, defer 5 seconds
- inspect RIB on B, fail the test case if Route for ndn:/Z/A toward A exists, fail the test case if Route for ndn:/Z/A/B/C toward A does not exist
- stop ndnpingserver from step 19
- start ndnpingserver for ndn:/Z/A/B/C/D/E on A, defer 5 seconds
- inspect RIB on B, fail the test case if Route for ndn:/Z/A toward A exists, fail the test case if Route for ndn:/Z/A/B/C toward A exists, fail the test case if Route for ndn:/Z/A/B/C/D/E toward A does not exist
- defer 80 seconds
- inspect RIB on B, fail the test case if Route for ndn:/Z/A/B/C/D/E toward A does not exist
- start ndnpingserver for ndn:/Z/F/I on A, defer 5 seconds
- inspect RIB on B, fail the test case if Route for ndn:/Z/F toward A exists
Files
Updated by Junxiao Shi almost 10 years ago
- Blocked by Feature #2056: nrd: remote prefix registration added
Updated by Junxiao Shi almost 10 years ago
- Assignee set to Junxiao Shi
I'll write the design after I have better understanding of the mechanism.
After the design is ready, this Task needs to be reassigned for implementation.
Updated by Junxiao Shi almost 10 years ago
- Description updated (diff)
- Assignee deleted (
Junxiao Shi)
Updated by Junxiao Shi almost 10 years ago
- Blocked by Feature #2237: Remote prefix registration: fetch certificates from requester added
Updated by Junxiao Shi almost 10 years ago
- Blocked by deleted (Feature #2237: Remote prefix registration: fetch certificates from requester)
Updated by Junxiao Shi almost 10 years ago
- Assignee set to Junxiao Shi
I'll update the spec so that it uses nfd-autoreg instead of relying on #2237.
Updated by Alex Afanasyev almost 10 years ago
Which strategies should be used on prefixes and which router flags autoreg should use? I think there could be some issues here.
Updated by Junxiao Shi almost 10 years ago
- Description updated (diff)
- Assignee changed from Junxiao Shi to Yanbiao Li
Changes made to the spec:
- nfd-autoreg is used to allow B retrieve certificates from A
- repo-ng is running on A to serve certificates; after #1529 is complete, this shall change to PIB service
- broadcast strategy is used, to eliminate any possible failures due to strategy
ndn:/Z/A/B/Cidentity is acceptable by A to sign prefix registration commands: according to TR draft,ribidentity suffix is optional
This Task is now assigned to @Yanbiao for implementation.
Updated by Junxiao Shi almost 10 years ago
- Description updated (diff)
20150126 conference call decides to use ndns instead of repo-ng to publish certificates, until PIB service is ready.
Updated by Yanbiao Li over 9 years ago
There is a issue that blocks the implementation.
For current implementation of NDNS, to start a zone /Z, two prefixes /Z/KEY and /Z/NDNS are registered to the local RIB.
To ensure the cert of /Z/A/B/C can be fetched from the NDNS, we should start zone /Z/A. /Z/A/KEY and /Z/A/NDNS are registered to the local RIB. In this case, step 18 will fail because /Z/A/KEY and /Z/A/NDNS still exit in A's RIB, which prevent the unregistration of /Z/A from B's RIB.
We may have 3 solutions:
1\ change the design of integration test so that the name sever will run on another machine (e.g. C).
2\ change the implementation of RemoteRegistrator such that locally registered prefixes ends by /KEY or /NDNS will not trigger remote registration.
3\ change the implementation of NDNS such that we can publish the certs under the root zone /Z and can fetch them through NFD (e.g. registering /Z to the local RIB instead of /Z/KEY and /Z/NDNS).
We should make a decision or find another solution.
Updated by Junxiao Shi over 9 years ago
All three solutions in note-12 are bad.
This exposes a deeper problem that may continue when certificates are published by PIB service:
http://www.lists.cs.ucla.edu/pipermail/nfd-dev/2015-April/001056.html
Please wait for a conclusion from that discussion before continuing with this Task.
Updated by Junxiao Shi over 9 years ago
- Description updated (diff)
- Target version changed from v0.3 to v0.4
The scenario is changed back to publishing certificates with repo-ng in order to get around the problem in note-12.
This change has been approved in 20150506 conference call, but certificate publishing with repo-ng is specifically for this test, and it's not a recommendation for general usage.
Updated by Junxiao Shi over 9 years ago
- File result_2049,1.tar result_2049,1.tar added
Updated by Junxiao Shi over 9 years ago
- File result_2049,2.tar result_2049,2.tar added
Updated by Junxiao Shi over 9 years ago
- File result_2049,3.tar result_2049,3.tar added
Updated by Junxiao Shi over 9 years ago
- Blocked by Feature #2964: infoedit: configuration editor added
Updated by Junxiao Shi over 9 years ago
- Status changed from Code review to Feedback
In integration-tests:commit:3c4e70310100bbb3bde1b75272c8679e60a60f3d, the shell script code for editing the configuration file is unreadable.
This part needs to be rewritten with infoedit.
Updated by Junxiao Shi about 9 years ago
Yanbiao reveals at 20150819 conference call that he won't work on changing this to use infoedit until #2107 is complete.
Updated by Junxiao Shi about 9 years ago
- File 20150916133511.tgz 20150916133511.tgz added
Updated by Junxiao Shi about 9 years ago
- File 20150916194551.tgz 20150916194551.tgz added
Updated by Junxiao Shi about 9 years ago
- File 20150917060121-1.tgz 20150917060121-1.tgz added
- File 20150917060201-1.tgz 20150917060201-1.tgz added
Updated by Junxiao Shi about 9 years ago
- File 20150917190008.tgz 20150917190008.tgz added
Updated by Junxiao Shi about 9 years ago
- Status changed from Feedback to Closed
- % Done changed from 90 to 100
Updated by Junxiao Shi about 9 years ago
- Blocks Feature #3218: Automatic prefix propagation test scenario added