Simple Network

Access Control (SNAC)


SNAC is an OpenFlow controller, which uses a web-based policy manager to manage the network. It incorporates a flexible policy definition language, and a user-friendly interface to configure devices and monitor events. Following is a screenshot of the SNAC interface.

As shown in the screen above, functions in the Policy Manager are grouped into high-level categories, which are available through icons in the top pane. These include Monitors, Policy, Settings, and Help. Each of these groupings includes multiple pages that can be reached from links displayed in the left side-bar.

Briefly, the Monitors section contains a collection of pages for most day-to-day management tasks such as reviewing the system status and managing network principals. The Policy section provides a comprehensive interface to the network security policy. The Settings section is used to configure the Policy Manager for a particular network setting.

All pages in the Policy Manager are bookmarkable allowing for quick access to any page within the system. Most pages update automatically to keep displayed information consistent with the internal state of the Policy Manager. In addition, all pages have a progress indicator which indicates whether a page is loading, and on mouse-over the progress until the loading is complete (shown below).

Installation/Configuration

SNAC Controller

Undertake the following steps to install SNAC backend:

  1. Install pre-requisite packets (these packages are for Debian Lenny and Ubuntsu) 
    $ apt-get install openssl libboost-test1.34.1 libboost-filesystem1.34.1 \
    libboost-serialization1.34.1 libxerces-c28 python2.5 python-twisted \
    python-simplejson python-mako python-openssl tmpreaper  \
    python-sphinx libldap2-dev
  2. Download the SNAC binary on the dedicated server to be used as the network controller. SNAC binary requires that you have a Debian or Ubuntu system (The packages were built on Debian stable lenny).
  3. After download, unzip and Install the binaries in /opt/nox/ (snac will automatically start). If you have already installed SNAC, make backup of /opt/nox/var/lib/snac.cdb
    4. $ tar xvfz snac_packages.tar.gz
$ cd snac_packages
$ sudo dpkg -i *.deb
  4. You will see snac is running by the following command 
    $ ps -Af |grep nox_core
  5. (We fixed this. No need to do step 5 and 6 anymore). By the default setting, SNAC listen to SSL connection from the switch, which is currently not supported by most of the commercial OpenFlow switches. So we change it to use normal TCP connection. Edit  /etc/default/noxcore to modify these lines (here we assume OpenFlow switches point to the port 6633 for the control channel)
    6. OF_LISTEN="-i ptcp:6633"
WWW_LISTEN_PORT="80"
  6. Restart SNAC by running command “sudo /etc/init.d/noxcore restart”.

SNAC Policy Manager

The following steps are necessary for a basic configuration of the Policy Manager.

  1. Visit https://controller-IP -address/ and login as “admin” with passwd “admin”.
  2. At least one switch must be registered at the Policy Manager. All new switches that appear in the list of switches as “unregistered” must be registered by clicking on “Register Switch”

  3. By default, the Policy Manager is configured with a self-signed certificate which is used both for the management interface and the captive web portal. We recommend replacing it with a valid root-signed cert.
  4. Hosts that are required for core network operation (such as DNS servers or directory servers) should be registered with the Policy Manager and added to correct host groups. This allows for default connectivity required for host and user authentication.
  5. To authenticate users over HTTP, the captive web portal must be configured with the domain name of the Policy Controller.
  6. Finally, hosts can be registered manually or as they are discovered and placed into groups for the policy.

For further information, refer to the “Help” category, on the left-side bar, of your SNAC UI installation, or go to snacsource.org.  For support, contact info@bigswitch.com or post on the mailing list, snac-users@noxrepo.org.

License

Copyright (c) 2010 Nicira Networks, Inc.

Nicira Networks, Inc. is making the SNAC binaries and associated documentation (Software) available for university, corporate labs and corporate testing use and benefit with the expectation that it will be used by these parties for its benefit. However, since we would like to make the Software available with as few restrictions as possible permission is hereby granted, free of charge, to any person obtaining a copy of this Software to deal in the Software under the copyrights without restriction, including without limitation the rights to use the Software in their respective university environment, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. The name and trademarks of copyright holder(s) may NOT be used in advertising or publicity pertaining to the Software or any derivatives without specific, written prior permission.