HARNET-2: Infrastructure

HARNET-2 is an Internet infrastructure consisting of a network of routers. The routers, called Intrusion Detection Routers (IDRs), are equipped with security measures that can detect various intrusion attacks. In particular DDoS attack/detection will be tested since it is expected that DDoS will be one of the greatest threats in future e-commerce.An initial set up consists of two IDRs together with a portion of the network in each of the three AoE Universities. The IDRs are connected via the existing connection as well as the INTERNET-2. An attack center will be set up in HKU, with some machines distributed in CU and HKUST.

infrastructure setup
The project involves building an Internet in a lab environment. Hutchison high speed network is used to connect the AoE Universities. Right now in HKU we have a network consisting of 80 nodes. We plan to scale up the number to around 300, with around 80 nodes in CU, 80 nodes in HKUST, and extra 80 nodes in HKU. This results in a more realistic, large scale network.

In order to monitor and control the network, a Network Control Center (NCC) will be set up in HKU. The NCC will be equipped with network monitoring software and tools to measure performance of various parts of the network. This is extremely useful for collecting statistics on experiments that perform on the network.

We shall also create a set of hacking machines to generate various kinds of attacks. The hacking machines will form part of the Internet structure. Using the hacking machines, we can launch attacks to test the capability of the intrusion detection, reaction and investigation functions.

HARNET-2 Infrastructure (Click to enlarge the diagram)

HARNET-2 Diagram

PC Cluster at a site (Click to enlarge the diagrams)

Cluster

Cluster