User Tools

Site Tools



This page discusses some possible changes to the CONFINE architecture in order to adapt it to the provisioning of long-running services, besides the current support for network experiments.

To get some context on the discussion, we recommend reading Services in CONFINE, and especially section Challenges for Service Developers.

Architectural changes

From the experience of Community-Lab and CONFINE, to make Community-Lab more attractive for community members to run nodes and services in them.


  1. Application-only network access for slivers:
    1. Remove isolated interfaces, VLANResReq and VLANRes, and Sliver.isolated_vlan_tag: avoids a central consensus point



  1. Avoid centralization points:
    1. Sequential identifiers: use locally-computable identifiers (UUIDs or public/private keypairs): implies changes to Addressing in CONFINE in the management network, maybe choosing a model with private addresses derived from locally-created keys, as in CJDNS
    2. VLAN tag associated with a slice: removing them implies dropping isolated interface support
    3. Sequence numbers: allow local modifications to Node.boot_sn, Slice.expires_on, Slice.instance_sn, Sliver.instance_sn
    4. Explicit permission for node and slice managenent: removing them means that the node manager can decide who to accept slivers from (or to delegate this decision)
    5. Common prefix for the management network?
      1. Or keep a per-testbed prefix
    6. Servers: drop them, allow a node publishing multiple APIs?
    7. Group membership: make any element (user, node, slice) able to declare it, but contrast it against the group itself


  1. Allow management of nodes and slices by individual users?
    1. Or continue with one group per user workaround
  2. Multiple VMs per sliver in the same node?
    1. Specially if each VM carries a single service (like MySQL, web server, PHP…): implies redefining the sliver as a VM (and changes to the node-slice relationship), and the slice as a group of VMs
  3. Private data per VM: data blocks encrypted for the public keys of nodes in a slice, or the node in a sliver?
arch/services.txt · Last modified: 2016/12/21 17:09 by ivilata