Recent Most Popular
This tutorial guides you how firewall works in Linux Operating system and what is IPTables in Linux? Firewall decides fate of packets ...
ETSI has come up with its new whitepaper on MEC, a much curated technology for making 5G a true application defined network. MEC wil...
We seen 3GPP attempts to ride on unlicensed horse with LTE-U, that later tuned into LAA ( a licensed assisted mechanism), with LTE adva...
White paper vindictively stress on convergence for 5G step wise growth and strategical adoption. Convergence, not only aggregation at acce...
Tuesday, 12 March 2019
Monday, 11 March 2019
Akraino Edge Stack, a Linux Foundation project initiated by AT&T and Intel, intends to develop a fully integrated edge infrastructure solution, and the project is completely focused towards Edge Computing. This open source software stack provides critical infrastructure to enable high performance, reduce latency, improve availability, lower operational overhead, provide scalability, address security needs, and improve fault management. The Akraino community will address multiple edge use cases and industry, not just Telco Industry. Akraino community intends to develop solution and support of carrier, provider, and the IoT networks.
AT&T's seed code will enable carrier-scale edge computing applications to run in virtual machines and containers. AT&T’s contributions, which will include support for 5G, IoT, and other networking edge services will enhance reliability and enable high performance.
Intel upstreamed Wind River Titanium Cloud portfolio of technologies to open source in support of additional blueprints in Akraino.
The Akraino Edge Stack Community, while embracing several existing open source projects, will continue the focus on the following Community Goal:
▪ Faster Edge Innovation - Focused group facilitating faster innovation, incorporating hardware acceleration, software-defined networking, and other emerging capabilities into a modern Edge stack.
▪ End-to-End Ecosystem - Definition and certification of H/W stacks, configurations, and Edge VNFs.
▪ User Experience - Address both operational and user use cases.
▪ Seamless Edge Cloud Interoperability- Standard to interoperate across multiple Edge Clouds.
▪ Provide End to End Stack- End to end integrated solution with demonstrable use cases.
▪ Use and Improve Existing Open Source - Maximize the use of existing industry investments while developing and up-streaming enhancements, avoiding further fragmentation of the ecosystem.
▪ Support Production-Ready Code - Security established by design and supports full life-cycle.
Akraino is a complementary opensource project, and interfaces with the existing projects namely Acumos AI, Airship, Ceph, DANOS, EdgeX Foundry, Kubernetes, LF Networking, ONAP, OpenStack, and StarlingX.
As highlighted in the Introduction section, there are several emerging technologies such as, (Refer to the picture below)
- Telco NFV Edge Infrastructure - Running cloud infrastructure at the network edge allows for the virtualization of applications key to running 5G mobility networks at a larger scale, density and lower cost using commodity hardware. In addition this infrastructure can also enable the virtualization of wireline services, Enterprise IP services and even supports the virtualization of client premises equipment. This reduces the time to provision new services for customers and even, in some cases, allows those customers to self-provision their service changes.
- Autonomous devices - Drones, Autonomous Vehicles, Industry Robots and such customer devices require a lot of compute processing power in order to support video processing, analytics and etc., Edge computing enables above-said devices to offload the computing processing to the Edge within the needed latency limit.
- Immersive Experiences - Devices like Virtual Reality (VR) headsets and Augmented Reality applications on user’s mobile devices also require extremely low levels of latency to prevent lag that would degrade their user experience. To ensure this experience is optimal, placing computing resources close to the end user to ensure the lowest latencies to and from their devices is critical.
- IoT & Analytics - Emerging technologies in the Internet of Things (IoT) demands lower latencies and accelerated processing at the edge.
To ensure timely information arrives for data-driven decisions for manufacturing and shipping businesses, edge computing is also beneficial. Receiving and processing this data at the edge allows more timely decision making leading to better business outcomes.
Network Edge - Optimal Zone for Edge Placement
The processing power demands of customer devices, namely AR/VR, Drones, and Autonomous Vehicles are ever increasing and require very low latency, typically measured in milliseconds. The place where processing takes place plays a major role with respect to quality of user experience and cost of ownership. Centralized cloud decreases the TCO, but fails to address the low latency requirement. Placement at customer premises is nearly impossible with respect to cost and infrastructure. Considering the cost, low latency, and high processing power requirements, the best available option is to utilize the existing infrastructure like Telco’s tower, central offices, and other Telco real estates. These will be the optimal zones for the edge placement.
Akraino Edge Stack
The Akraino Edge Stack is a collection of multiple blueprints. Blueprints are the declarative configuration of entire stack i.e., Cloud platform, API, and Applications. Intend of Akraino Edge Stack is to support VM, container and bare metal workloads. Akraino is a complimentary OpenSource project and it is intended to use upstream community work in addition to the software development within the Akraino community.
A typical service provider will have thousands of Edge sites. These Edge sites could be deployed at Cell tower, Central offices, and other service providers real estate such as wire centers. End-to-End Edge automation and Zero-Touch provisioning are required to minimize OPEX and meet the requirements for provisioning agility.
The Akraino Edge Stack is intended to support any type of access methodologies such as Wireless (4G/LTE, 5G), Wireline, Wi-Fi, etc.,
In order to be resilient, Akraino Edge Stack deployment intent to follow the hierarchy of deployments such as collection of central sites that deploy a collection of regional sites. The regional sites that facilitate the deployment of Edge Sites. For example, the figure below shows the central site C1 and C2 allows the management of regional sites R1, R2, R3, and R4. And regional sites allows the management of Edge Sites which are remote and closer to the users.
Regional sites serve as the controller for Edge sites in their corresponding "Edge Flock".
To promote the high availability of Edge Cloud services, Akraino regional sites are set up redundantly to overcome site failures.
Get in Details HERE
Sunday, 3 March 2019
When We, Fundarc-Comm (xgnlab), put our whitepaper on 5G, and centered it around two notion, large scale and convergence. We were convinced and thought 5G as a large scale convergence technology.
5G is about scaling and providing required flexibility to address the humongous uses cases around industry. That's not by its exclusive approach but inclusive approaches to take variety of technological advancements with a converged solution. This convergence is already taking shapes like in various open source frameworks for cloud and computing and also in connectivity and networking like through multiple access etc.
In MWC 19, Cisco CEO Mr Chuk Robbins given some interesting comments, like
"We are truly embarking on incredible times," he said. "As we think about this next phase that we're getting ready to enter into, it is going to be like no other phase we've ever seen."
"It's going to be massive scale. And this has huge implications for all, making possible the creation of new applications and bringing new opportunities for a broad range of industries, from mining through to autonomous driving."
Get details HERE
Friday, 15 February 2019
iptables firewall is used to manage packet filtering and NAT rules. IPTables comes with all Linux distributions. Understanding how to setup and configure iptables will help you manage your Linux firewall effectively.
iptables tool is used to manage the Linux firewall rules. At a first look, iptables might look complex (or even confusing). But, once you understand the basics of how iptables work and how it is structured, reading and writing iptables firewall rules will be easy.
This article is part of an ongoing iptables tutorial series. This is the 1st article in that series.
This article explains how iptables is structured, and explains the fundamentals about iptables tables, chains and rules.
On a high-level iptables might contain multiple tables. Tables might contain multiple chains. Chains can be built-in or user-defined. Chains might contain multiple rules. Rules are defined for the packets.
So, the structure is: iptables -> Tables -> Chains -> Rules. This is defined in the following diagram.
Fig: IPTables Table, Chain, and Rule Structure
Just to re-iterate, tables are bunch of chains, and chains are bunch of firewall rules.
I. IPTABLES TABLES and CHAINS
IPTables has the following 4 built-in tables.
1. Filter Table
Filter is default table for iptables. So, if you don’t define you own table, you’ll be using filter table. Iptables’s filter table has the following built-in chains.
- INPUT chain – Incoming to firewall. For packets coming to the local server.
- OUTPUT chain – Outgoing from firewall. For packets generated locally and going out of the local server.
- FORWARD chain – Packet for another NIC on the local server. For packets routed through the local server.
2. NAT table
Iptable’s NAT table has the following built-in chains.
- PREROUTING chain – Alters packets before routing. i.e Packet translation happens immediately after the packet comes to the system (and before routing). This helps to translate the destination ip address of the packets to something that matches the routing on the local server. This is used for DNAT (destination NAT).
- POSTROUTING chain – Alters packets after routing. i.e Packet translation happens when the packets are leaving the system. This helps to translate the source ip address of the packets to something that might match the routing on the desintation server. This is used for SNAT (source NAT).
- OUTPUT chain – NAT for locally generated packets on the firewall.
3. Mangle table
Iptables’s Mangle table is for specialized packet alteration. This alters QOS bits in the TCP header. Mangle table has the following built-in chains.
- PREROUTING chain
- OUTPUT chain
- FORWARD chain
- INPUT chain
- POSTROUTING chain
4. Raw table
Iptable’s Raw table is for configuration excemptions. Raw table has the following built-in chains.
- PREROUTING chain
- OUTPUT chain
The following diagram shows the three important tables in iptables.
Fig: IPTables built-in tables
II. IPTABLES RULES
Following are the key points to remember for the iptables rules.
- Rules contain a criteria and a target.
- If the criteria is matched, it goes to the rules specified in the target (or) executes the special values mentioned in the target.
- If the criteria is not matached, it moves on to the next rule.
Following are the possible special values that you can specify in the target.
- ACCEPT – Firewall will accept the packet.
- DROP – Firewall will drop the packet.
- QUEUE – Firewall will pass the packet to the userspace.
- RETURN – Firewall will stop executing the next set of rules in the current chain for this packet. The control will be returned to the calling chain.
If you do iptables –list (or) service iptables status, you’ll see all the available firewall rules on your system. The following iptable example shows that there are no firewall rules defined on this system. As you see, it displays the default input table, with the default input chain, forward chain, and output chain.
# iptables -t filter --list Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
Do the following to view the mangle table.
# iptables -t mangle --list
Do the following to view the nat table.
# iptables -t nat --list
Do the following to view the raw table.
# iptables -t raw --list
Note: If you don’t specify the -t option, it will display the default filter table. So, both of the following commands are the same.
# iptables -t filter --list (or) # iptables --list
The following iptable example shows that there are some rules defined in the input, forward, and output chain of the filter table.
# iptables --list Chain INPUT (policy ACCEPT) num target prot opt source destination 1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) num target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255 3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0 5 ACCEPT udp -- 0.0.0.0/0 220.127.116.11 udp dpt:5353 6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631 8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 10 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
The rules in the iptables –list command output contains the following fields:
- num – Rule number within the particular chain
- target – Special target variable that we discussed above
- prot – Protocols. tcp, udp, icmp, etc.,
- opt – Special options for that specific rule.
- source – Source ip-address of the packet
- destination – Destination ip-address for the packet
Monday, 11 February 2019
Tuesday, 5 February 2019
Sunday, 27 January 2019
5G is most buzzing term in telecom industry since a couple of years now. As an technologies its going to be a enabler of many things that's going to affect the economies to far larger extent.
I think while defining objective for IMT2020, even ITU-T was not prudent in sensing the power of 5G abilities that it can bring to world and impact at large.
5G seemed so far being taken as technology next to 4G, which would enhance the communication systems for more better and fast service provisioning and delivery.
But the real power of 5G capability was reckoned, probably late, and that became the point of conflict for the dominance into 5G.
As 5G, for many in ecosystem, is still on test bed and trails, vendors like Nokia is in phase of acquiring grant to do research on 5G. On the other hand Chinese vendors are far ahead and Specifically Huawei has not only taken leading position, far ahead of other, but having in the spree of dominance across the globe.
We should also be noted that 5G is not a confined technology but a notion of many advancement constructed well for delivering connectivity services of all scale.
We provided our whitepaper for that with a notion of "5G as large scale convergence", hopefully few could have understood. you may here with it (its for beginners too in 5G).
Also most interesting part of 5G is that once it settle its gonna settle for next industry evolution or revolution, like it is there for industry 4.0 and will remain at least till industry 5.0. And that's a worry some for many who reckoned 5G abilities a little bit late. So the dominance into 5G should be distributed, not from particular vendors or from a specific land or part of world.
That's all late rising community want a margin of time for many others to come forward in 5G field, and their intent is being reflected earlier through politicized game plan, but now even voices to restrain on 5G is appearing on major telecom service providers. As recently Verizon CTO spoken about to keep the 5G term reserved for future.
Among all these matter, 5G is becoming highly politicized. As per the recent news Jeremy Hunt, the British foreign minister, arrived in Washington this past week for a whirlwind of meetings dominated by a critical question: Should Britain risk its relationship with Beijing and agree to the Trump administration's request to ban Huawei.
In Poland, officials are also under pressure from the United States to bar Huawei from building its fifth generation, or 5G, network. Trump officials suggested that future deployments of US troops — including the prospect of a permanent base labeled "Fort Trump" — could hinge on Poland's decision. And a delegation of US officials showed up this spring in Germany, where most of Europe's giant fiber-optic lines connect and Huawei wants to build the switches that make the system hum.
Their message: Any economic benefit of using cheaper Chinese telecom equipment is outweighed by the security threat to the NATO alliance.
The administration contends that the world is engaged in a new arms race — one that involves technology, rather than conventional weaponry, but poses just as much danger to US national security. In an age when the most powerful weapons, short of nuclear arms, are cyber-controlled, whichever country dominates 5G will gain an economic, intelligence and military edge for much of this century.
The views are from observations and perception, expressed by Saurabh Verma, Chief Technology Consultant, fundarc Communication (xgnlab).
Some of news has been taken from HERE