Introduction ============ NSIS (Next Steps In Signaling) is a modular framework developed at the IETF NSIS working group. It provides means to establish and manage network control state along a data path between two nodes communicating on the Internet. NSIS builds upon the General Internet Signaling Transport (GIST) protocol. (Note: GIST was formerly known as the General Internet Messaging Protocol for Signaling (GIMPS) but was renamed in the 63th IETF meeting) GIST provides the basic transport functionality that is common to all signaling applications (e.g. signaling aware node discovery and transport layer connections). Above GIST, a number of signaling protocols, known as NSIS Signaling Layer Protocols (NSLPs), can be run. Examples are QoS NSLP and NAT/FW NSLP. The implementation provided in this release contains GIST and the so called "Ping tool", a light-weight NSLP that is able to gather information about the path taken by GIST. In addition this release ships experimental versions of QoS NSLP, NAT/FW NSLP and Diagnostics NSLP. Quick-start =========== Build the sourcecode by running: # ./configure # make This creates a number of binaries: bin/nsis, bin/nsis-ping, bin/nsis-qos, bin/nsis-qosd, bin/nsis-natfw bin/nsis-natfwd, bin/nsis-diag bin/nsis-diagd Before you can run the NSIS daemon, you need to adjust the configuration file (Default: bin/nsis.conf). In this file you specify the NSLPs that should be started together with GIST, your local IP addresses and a routing table telling the NSIS daemon the local address that should be used for outgoing messages. Check the file manual/Configuration for more information about the address configuration and a list of possible configuration switches. Before running the NSIS daemon you should have a look at the feature support that was found on your machine. Please run: # bin/nsis -i You will see which optional features your machines supports and which NSLPs where compiled into the NSIS daemon. In order to run the NSIS daemon, please use the following syntax using the root account: # bin/nsis This starts a standard nsis instance running GIST, Qos NSLP, Diagnostics NSLP and the "ping tool". After starting nsis on a set of nodes, nsis-ping can be used to test GIST. Run nsis-ping on a node running nsis and use another node as the ping target. Ping messages will traverse the network and information about the signaling path will be collected on all GIST aware nodes. # bin/nsis-ping This will run the "Ping tool" with UDP as transport. To tell GIST to use TCP or TLS use (-r and -s). -r alone, will use TCP and -r -s will use TLS. If you want to use the "Ping tool" over IPv6, use the following syntax: # bin/nsis-ping -v6 The other options (-r, -s, etc.) are also available for IPv6. You will find more information about the NSIS suite in this document, in the manual-directory and in our man pages. The man pages are installed by "make install" but you can also have a look manually by calling: # man man/nsis.8 Requirements / Building ======================= NSIS release 0.4.0 introduces a automake/autoconf based build process. It is able to adapt to different build environments. You will need to install OpenSSL (including dvelopment files likes headers) in order to compile NSIS. Some features of the NSIS suite are optional and depend on features that are not available on all systems. Due to the automake/autoconf based build process NSIS will compile on system without support for optional features. The optional features are: - IPv6 support (needs kernel support) - Basic SCTP support (needs kernel support) - Extended SCTP support (needs sctp development library installed) The NAT/FW NSLP additionally needs iptables to be installed on your system when run on an NSLP Forwarder. The release is tested to work on a number of standard linux systems. The versions we use are: Linux kernel: 2.6.8 and 2.6.11 G++: 3.3.5 (GNU)Make: 3.80 OpenSSL: 0.9.7e Other versions should work too. If you encounter any problems, please inform us. Please see the end of this README your our webpage URL. Run # ./configure --help to get information about possible switched (e.g. --disable-natfw) NAT/FW NSLP =========== The NAT/FW NSLP is compiled together with the NSIS suite. If you want to start it together with the nsis daemon, set nslp.startNatFw = yes in the nsis configuration file (nsis.conf). Alternatively you can run the NAT/FW nSLP daemon as a seperate program by calling: # bin/nsis-natfwd Please note, that the nsis daemon needs to be running too. For more information on how to use the NAT/FW NSLP see the man pages. You will find them by calling: # man man/nsis-natfw.1 # man man/nsis-natfwd.8 QoS NSLP ======== The QoS NSLP is compiled together with the NSIS suite. If you want to start it together with the nsis daemon, set nslp.startQoS = yes in the nsis configuration file (nsis.conf). Alternatively you can run the QoS NSLP daemon as a seperate program by calling: # bin/nsis-qosd Please note, that the nsis daemon needs to be running too. For more information on how to use the QoS NSLP see the man-pages. # man man/nsis-qos.1 # man man/nsis-qosd.8 Running TCP with TLS as Transport ================================= In order to use TLS, you need to create certificates. This release provides a script to create them. First of all, you need to create a (self signed) CA: # cd tools/certs # ./mkca This creates root_cert.pem and root_privkey.pem. The CA needs to be shared by the nodes that are supposed to communicate to each other over TLS. Afterwards you need to create certificates for the nodes. If your nodes have IP addresses of 10.0.0.1 and 10.0.0.2, you create the certificates with: # ./mkcert 10.0.0.1 # ./mkcert 10.0.0.2 Now you got _cert.pem and _privkey.pem. The certificates need to be copied to the certs/ directory. Each node needs root_cert.pem, _cert.pem and _privkey.pem in there. # cp root_cert.pem _cert.pem _privkey.pem ../../certs/ Now TLS should work properly. Team ==== Xiaoming Fu Christian Dickmann Bernd Schloer Henning Peters Ingo Juchem Niklas Steinleitner Hannes Tschofenig Andreas Westermaier Contributors ============ Elwyn Davies Cedric Aoun Sebastian Willert Henning Peters Ingo Juchem Julien Abeille Youssef Abibi Alexander Zrim Further information can be obtained from our website: http://user.informatik.uni-goettingen.de/~nsis/ Have fun!