[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference helix::vxworks

Title:VxWorks for Alpha
Notice:Support 2.*; Kits 3.*; Ordering info 8.*
Moderator:HELIX::MIANO
Created:Mon Feb 07 1994
Last Modified:Fri Jun 06 1997
Last Successful Update:Fri Jun 06 1997
Number of topics:282
Total number of notes:1289

278.0. "Multiple IP Addresses and Security" by NBOSWS::BLUNDELL () Tue Apr 29 1997 11:45

    A discussion with a potential VxWorks opportunity centres on whether
    VxWorks IP stack can support multiple IP addresses on a single Ethernet
    interface. (FWIW: D-UNIX V4.0 had this feature added to enable tunnelling 
    to work.)
    
    Reason behind the request is that customer must develop a secure
    connection between two areas of his total environment, see diagram
    below.  Machines in area A currently communicate with machines in area B
    via IP, ie A1 can talk to B2 via IP Sockets.
    Because of security concerns (area B is now accessible from the
    Internet, via a Firewall) information directed to area A must be
    filtered by an application (the security wall) which ensures that only 
    valid data is passed. Because of other constraints the existing code in
    areas A and B cannot be modified.
    
    -----------------                              ---------------------
    |               |                              |                   |
    | ----  ----    |                              | ---- ---- ----    |
    | |1 |  |2 |    |                              | |1 | |2 | |3 |    |F
    | ----  ----    |         ----------           | ---- ---- ----    |I
    |  |     |      |         |Security|           |  |    |    |      |R W
    | ------------------------------------------------------------------E A
    |  Area A LAN   |         |Wall    |           |  Area B LAN       |  L
    -----------------         ----------           ---------------------  L
    
    At 1st sight this looks like D-UNIX/Firewall Opportunity, however ruled out
    because of concerns by the customer that the lower layers of IP comms
    could be compromised by hacking a bypass around the checking code.
    
    Customer's design proposal for the security wall consists of 2 x DMCC
    with High Speed serial link interconnection. Serial link would mean
    that IP forwarding holes could not be used to bypass the application
    code.  Application code (duplicate code would run in each machine) would
    consist of the data validation routine connected via sockets to the
    respective area and via the serial link to the other machine,
    plus a background daemon which monitors status of
    system and shuts connection when anything "strange" occurs!
    
    VxWorks appears more suitable here because a minimal system can be
    configured which only runs the application code and NOTHING else. 
    However UNIX is currently customer's main environment and VxWorks could
    introduce an unacceptable lengthening of timescales.
    
    Questions:-
    1. Does VxWorks support multiple IP addresses per IP interface? If yes,
    how many?
    2. Are there any features in standard VxWorks IP stack which should be
    switched off to ensure that security cannot be compromised? 
    3. Has anyone had experience with VxWorks as a secure OS?
    
    Rgds
    
    Bill
T.RTitleUserPersonal
Name		DateLines
278.1HELIX::MIANOMy parents think I'm in collegeTue Apr 29 1997 20:2821
>    1. Does VxWorks support multiple IP addresses per IP interface? If yes,
>    how many?
    
    No. Each interface can only have one address. I'm not sure what would
    happen if you set one address and then tried to set another. The new
    address might work. However, even if it did, you'd still can only use
    one at a time.
    
    In some cases, we do support multiple interfaces. For example, you can
    put up to 4 Tulip adapters (DE435 DE450, DE500, DE520 in any
    combination) on one Alpha system. Each adapter gets a unique address
    but each can only have one.
    
>    2. Are there any features in standard VxWorks IP stack which should be
>    switched off to ensure that security cannot be compromised? 
    
    Certainly. Any of the applications can be removed -- NFS, rlogin,
    telnet, etc. However, all the low level protocols come in a single
    chunk. For example, you can't remove UDP and keep TCP.
    
    Mike
278.2ifFlagChange()ZYDECO::BODARealtime Expertise CenterWed Apr 30 1997 17:095
FWIW, there is also ifFlagChange() which can modify the network interface flags.
One has the ability to turn off the network services' recognition of
ARP broadcasts, for example.  That might be beneficial in the case of
a multi-homed VxWorks node which has multiple network interfaces or where
the VxWorks node uses Proxy ARP with the SM network.
278.3would PROXY ARP do the job?NBOSWS::BLUNDELLMon May 05 1997 07:2622
    Thanks for .2, it made me look at the manual and realise that perhaps
    Proxy ARP could do my job.
    
    Proxy ARP support suggests to me that the IP code for one interface is 
    capable of responding to more than one address on that interface,
    correct?
    
    If so, that is what I want except that I need some plumbing to get
    PROXY ARP to get the addresses from Area A to be fitted into the PROXY
    ARP table on the machine connected to Area B, and vice-versa,
     or is my thinking faulty?
    
    If my thinking is correct, then do we, DIGITAL, have access to the
    IP source to see whether this "plumbing" is possible? Or perhaps
    support from Wind Rivers?
    
    I feel unwilling to give-up currently, hope some one can help further!?
    
    Rgds
    
    Bill.
278.4HELIX::MIANOMy parents think I'm in collegeMon May 05 1997 20:4527
>    Proxy ARP support suggests to me that the IP code for one interface is 
>    capable of responding to more than one address on that interface,
>    correct?

    Not really. The Proxy Server only has one address. All it does is route
    requests for other addresses between interfaces. It allows nodes
    attached to separate interfaces to communicate in the same subnet, thus
    conserving subnets.
    
    I guess I don't understand enough about the issue. How does multiple IP
    addresses per interface solve the problem? Do they want Area A and Area
    B on separate networks? If so, Proxy ARP will allow nodes in Area B to
    communicate transparently with nodes in Area A. It seems like what they
    really want is Area A isolated from Area B except through a node which
    is on both networks and which validates the data received by Area B.
    You wouldn't want Proxy ARP. A node on both networks knows how to talk
    to each. You don't want the nodes in Area B ever to access the nodes in
    area A directly.
    
>    If my thinking is correct, then do we, DIGITAL, have access to the
>    IP source to see whether this "plumbing" is possible? Or perhaps
>    support from Wind Rivers?
    
    Whatever happens, don't count on modifying anything in the operating
    system. TCP/IP and Proxy ARP would need to be used "as is."
    
    M