16   SCAMPI project

16.1   SCAMPI project

The SCAMPI project (IST-2001-32404) continued in 2004. CESNET is a principal contractor of the project which was originally scheduled until September 2004. However, it was decided to prolong the project until March 2005.

The main goal of the SCAMPI project is to design and develop an architecture for passive monitoring of high-speed networks up to 10 Gbps. The highest layer of the architecture contains the applications (e.g. QoS monitoring, SLS/SLA audit, DoS detection, accounting). The middle layer is a MAPI (Monitoring API), an universal interface between the applications and the hardware platform. MAPI supports three kinds of hardware: commodity NICs, DAG family cards and a specialized adapter which was developed as a task of the SCAMPI project.

16.1.1   SCAMPI progress in 2004

The review report (Amsterdam, May 2004) stated that the project continued successfully and fulfilled its goals. All deliverables were accepted and reviewers found the SCAMPI adapter and the MAPI technologically advanced and having potential for commercial utilization. We were asked to elaborate a study discussing ways of commercial production.

Project participants from CESNET and Masaryk University worked mainly on hardware and VHDL design of the adapter, drivers, libraries and the MAPI implementation. Development and testing of Phase 1 of the adapter was finished successfully and Phase 2 design was done by the end of 2004. The precise timestamp card COMBO-PTM including software is ready for use. Details about hardware and VHDL design can be found also in the Programmable hardware chapter.

We made experiments and measurement of the adapter Phase 1 version. We verified the general functionality and the ability to filter packets. COMBO-PTM card tests confirmed that the real accuracy of clock synchronization is even better than projected, i.e., the time difference between the card clock and GPS is not worse than 1 microsecond.

16.1.2   Events in year 2004

Five meetings of SCAMPI partners and a second SCAMPI workshop (Amsterdam, April 2005) took place in 2004. Five deliverables were written:

Apart from the SCAMPI workshop, we had other presentations to introduce the SCAMPI project and the SCAMPI monitoring adapter. It includes papers on the TNC-2004 TERENA conference (Rhodos, June 2004), IPS-2004 workshop (Budapest, March 2004), TPM-2004 workshop (Geneva, March 2004), and Sledování sítě a jejího provozu (Network and traffic monitoring) seminary (Prague, November 2004).

16.1.3   Plans for 2005

2005 will be the last year of the SCAMPI project. Our goal is to prepare a final review (Brno, January 2005) and to finish last deliverables in order to demonstrate advantages of the programmable monitoring adapter. We have to finish the Phase 2 tests and write a final version of the D3.4 deliverable Description of Experiment Results.

16.2   LOBSTER project

The LOBSTER project is a successor of the SCAMPI project. The result of SCAMPI is a complete passive monitoring architecture with hardware acceleration. The goal of LOBSTER is to install a European large-scale monitoring infrastructure based on SCAMPI. The project concentrates especially on security monitoring - early detection of intrusion and denial of service attacks. Such attacks can only be detected by passive monitoring, i.e., observing existing traffic, as oposed to active monitoring, which uses injected test packets. However, because passive monitoring observes user data, it is often possible only when this data is anonymized properly.

LOBSTER started in October 2004 and is scheduled until December 2006. The concorcium consists of 9 academic and industry partners from 5 European countries, together with the Endace company from New Zealand. There were two project meetings in October 2004 and January 2005. Currently we are working on gathering user requirements and on investigating design variants of low-level part of anonymization implemented in firmware of the SCAMPI monitoring adapter.

previous
contents 		next
metacentrum elearning liberouter live shows videoserver eduroam