What is OPERA?

OPERA stands for Open-source Project on Extenisble Router Architecture.

Motivation

In general, hardware routers:

• support only basic routing functions
• not allow adding extra functions
• architectures are not open for user-level programming, especially for proprietary routers

With the increasing demand for quality control and security, we need a flexible and extensible software router architecture and an associated extension framework to integrate value-added services into a router.

Design Goals

Throughout this project, we want to achieve:

• to link up the existing routing and packet processing facilities on Linux with additional modules added and construct a comprehensive software programmable router architecture
• to design a flexible architecture for transparent service support on routers
• to simplify the deployment of services on routers
• to develop some useful applications, particularly security services, for routers based on the architecture

The Router Architecture

Our router architecture is implemented on the Linux platform. Our design focuses on the performance, extensibility, security and deployment. The router architecture consists of three parts: Core, Extension and Security.

Fig.1 Overview of the design (click to enlarge)

• Routing Engine
(#)
- supports common routing protocols, listens to and advertises route information
- employs GNU's free routing software, Zebra, to facilitate the route advertisements


• Packet Classifier
(#)
- classifies different packets and flows and directs packets to further processing
- based on netfilter/iptables firewalling subsystem in the Linux 2.4.x / 2.5.x series


• Resource Kernel
(+)
- maintains an appropriate share of system resources among different packet processing routines via resource reservation
- supports CPU reservation via Virtual Time Round Robin (VTRR) scheduling algorithm to govern maximum allowable CPU resource for any given extensible service

• Extension Framework
(*)
- built on top of the netfilter architecture
- provides a unified skeleton for router extensions
- supports both kernel and user-space extension
- achieves dynamic service loading via kernel loadable modules and shared objects


• Kernel-space Extension
(*)
- provides hook-point based extension to insert processing routines at multiple locations inside a kernel protocol stack
- provides an low-level and efficient packet processing framework with low-latency for router services


• User-space Extension
(*)
- implements a user-space packet queuing and de-multiplexing mechanism, which provides an alternative to extend router services in user-space
- provides a flexible packet processing framework for user-customized router services

• Router Authentication
(=)
- provides a scheme to verify the integrity of sensitive data and credibility of the sender
- employs the widely-used electronic certificate and digital signature technology
- implemented using OpenSSL toolkits


• Authentication Scheme
(#) (=)
- a common or private certificate authority (CA) to issue router certificates
- each router has its own certificate
- sensitive data are sent with a signature attached
- sensitive data are verified with the attached signature and the public key in certificate

Fig.2 Kernel-space extension (click to enlarge)

Fig.3 User-space extension (click to enlarge)

(#) using existing software/toolkits

(+) implemented in OPERAcore

(*) implemented in OPERAext

(=) implemented in OPERAsec

More to be added...