Introduction ============ NSIS (Next Steps In Signaling) is a modular framework developed at the IETF NSIS working group. It provides means to establish and manage network control state along a data path between two nodes communicating on the Internet. NSIS builds upon the General Internet Messaging Protocol for Signaling (GIMPS). GIMPS provides the basic transport functionality that is common to all signaling applications (e.g. signaling aware node discovery and transport layer connections). Above GIMPS, a number of signaling protocols, known as NSIS Signaling Layer Protocols (NSLPs), can be run. Examples are QoS NSLP and NAT/FW NSLP. The implementation provided in this release contains GIMPS and the so called Ping tool", a light-weight NSLP that is able to gather information about the path taken by GIMPS. Quick-start =========== Build the sourcecode by running: # make # make ping This creates two binaries: nsis and gimpsPing In order to run the NSIS daemon, please use the following syntax using the root account: # ./nsis -a -ping This starts a standard nsis instance using the provided IP and running the "Ping tool". After starting nsis on a set of nodes, gimpsPing can be used to test GIMPS. Run gimpsPing on a node running nsis and use another node as the ping target. Ping messages will traverse the network and information about the signaling path will be collected on all GIMPS aware nodes. # ./gimpsPing This will run the "Ping tool" with UDP as transport. To tell GIMPS to use TCP or TLS use (-r and -s). -r alone, will use TCP and -r -s will use TLS. Requirements ============ Currently there is no automake or other mechanisms in place to adapt the build process to different build environments. The release is tested to work on a number of standard linux systems. The versions we use are: Linux kernel: 2.6.8 and 2.6.11 G++: 3.3.5 (GNU)Make: 3.80 OpenSSL: 0.9.7e Other versions should work too. Running TCP with TLS as Transport ================================= In order to use TLS, you need to create certificates. This release provides a script to create them. First of all, you need to create a (self signed) CA: # cd tools/certs # ./mkca This creates root_cert.pem and root_privkey.pem. The CA needs to be shared by the nodes that are supposed to communicate to each other over TLS. Afterwards you need to create certificates for the nodes. If your nodes have IP addresses of 10.0.0.1 and 10.0.0.2, you create the certificates with: # ./mkcert 10.0.0.1 # ./mkcert 10.0.0.2 Now you got cert.pem and privkey.pem. The certificates need to be copied to the certs/ directory. Each node needs root_cert.pem, cert.pem and privkey.pem in there. # cp root_cert.pem cert.pem privkey.pem ../../certs/ Now TLS should work properly. Configuration ============= The current implementation can be configured by changing the constants.h file and recompiling afterwards. Configuration switches include refreshrates, certificate paths and debug output. Team ==== Bernd Schloer Christian Dickmann Xiaoming Fu Andreas Westermaier Hannes Tschofenig Contributors ============ Elwyn Davies Cedric Aoun Sebastian Willert Henning Peters Ingo Juchem Julien Abeille Youssef Abibi Alexander Zrim Further information can be obtained from our website: http://user.informatik.uni-goettingen.de/~nsis/ Have fun!