This project is to design and implement a software programmable router architecture based on the Linux platform with the aim to facilitate networking experiments for the research community.

Beside the normal functionality of packet forwarding and routing, our programmable router provides:

1. dynamic loading of new services or program modules;
2. light weight resource management (e.g., CPU) for competing processes, both for the kernel processes and loadable services;
3. secure communication protocol to assist module loading (via authentication) and communication between programmable routers;
4. hook-points extension to allow service addition and maintenance.

The extension framework is based on the netfilter architecture in Linux 2.4/2.5. The framework supports both kernel and user-space extension. Dynamic service loading is achieved via kernel loadable modules and shared objects. Hook-point extension is allowed and one can use these hook-points to insert processing routines at multiple locations inside a kernel protocol stack. In addition, a user-space packet queuing and de-multiplexing mechanism is implemented, which provides an alternative to extend router services in user-space.

We also enhance the CPU scheduler of the Linux kernel so as to provide proper CPU resource management. In particular, we use the Virtual Time Round Robin scheduling algorithm wherein one can specify the maximum allowable CPU resource for any given kernel or extensible service. The importance of this feature is that one can add new services to the programmable router without affecting the performance of normal packet forwarding/routing functions.

We also provide secure communication extension via a router authentication scheme. Our scheme employs the electronic certificate and digital signature technology to ensure the integrity and credibility of sensitive data during router communication.