<<Navigation(children)>>

Bennu Project Proposal

Author: Daniel S. Haischt <<MailTo(dsh AT apache DOT org)>>

Date: December 2007

Online version: http://wiki.apache.org/incubator/BennuProposal

Status: .

${renderedContent}

Bennu, a Router, Firewall & Wi-Fi perimeter Proposal

Abstract

Bennu, a service management abstraction layer for router, firewall & Wi-Fi perimeter implementations.

Proposal

Bennu Router, Firewall & Wi-Fi Perimeter is a modularised and extensible service management abstraction layer. Bennu allows administering BSD based router, firewall and Wi-Fi platforms through a web service or web interface. Bennu will be a continuation of the now stale m0n0wall project.

Background

For some background information about m0n0wall and the domain of firewalling and routing, please have a look at:

Some questions regarding Bennu may be as well answered in the Bennu Frequently Asked Question.

Rational

The fundamental goal of the project is to provide a modularised and extensible service management abstraction layer that allows implementing reusable and interchangeable router, firewall or Wi-Fi software management services.

Abstraction will be provided to shield the specific implementation of an underlying operating system service such as a firewall rule engine. Thus Bennu will provide an universal layer to several kinds of operating system services each having the same goal but each having a different implementation. If necessary, one system management service may be interchangeable by an equivalent system management service that exposes the same service interface (e.g. an equivalent system management service may be required that provides increased QoS constraints).

The provided system management service interfaces are not tightly coupled to the domain of firewalls and routers. Interfaces such as file system service interfaces may be provided as well with the help of the accompanying abstraction layer.

In a wider perspective the goal of the Bennu project will be to implement the principles found in service oriented architectures in general and the Service Component Architecture to mention a specific implementation of a SOA principle.

Trivia: The Bennu bird serves as the Egyptian correspondence to the phoenix, and is said to be the soul of the Sun-God Ra (Source: Wikipedia).

Initial Goals

  • Integrate the m0n0wall code donation into Bennu
  • Various m0n0wall extensions
    • Package manager
    • PHP V5
    • FreeBSD 6.3
  • Refine the currently envisioned Bennu artifacts:
    • Service Management Abstraction Layer
    • Service Management Web Service Interface
    • Service Management Web Interface (Client)
    • Central Administration Facility (Server)
    • Various Core Service Implementations
      • Implement the Package Manager as a Service
      • Firewall Rule Generation Service
  • Establish a build system for the various Bennu artifacts

Current Status

Meritocracy

Apache was chosen for an incubator for the guidance the community can provide.

Community

The Bennu community will consist of Apache committers, possibly French developers that may help us in implementing a Bennu based software management service for their authenticating firewall solution. They do have in-depth knowledge in this kind of domain. Additionally, several individuals will contribute to the project.

Users from the m0n0wall, FreeNAS and pfSense community are welcome to join the Bennu community. Special migration support to such kind of users will be provided by Bennu devs having already gained experience with m0n0wall, FreeNAS or pfSense.

Core Developers

Bennu was founded by Daniel S. Haischt because there was a tremendous need to streamline the current m0n0wall based forks and because each of them are suffering from the same software design weakness which is a rather evolutionary and monolithic and unfortunately failure-prone system.

Daniel S. Haischt has in-depth knowledge of the pfSense system. He contributed the second most amount of features during the year 2006 to the pfSense code base. Additionally he ported the complete FreeNAS system as an add-on package to pfSense and finally became a FreeNAS committer.

Mohammad Nour El-Din is a Java EE specialist and an Apache committer in the Apache OpenEJB project.

Alignment

An initial implementation will be written in C/C++ using the API provided by Apache Tuscany. The HTML GUI portions will probably be written in PHP because Apache Tuscany provides appropriate PHP bindings.

By having made the decision to use Apache Tuscany, Bennu as a SOA application may challenge Apache Tuscany in a positive way by proving its stability and maturity in a real life scenario.

On an embedded environment, programming language such as Java or CLI based languages won't be used. Because of the performance constraints which exist on embedded devices, such devices may not be able to run Java SE based application due to the lack of computing power.

However, the implementation language of the central management interface may be any kind of programming language, as it runs on a desktop, workstation or server. a workstation or a server.

Known Risks

Orphaned products

Due to its small number of committers, there is a risk of being orphaned. The main knowledge of the code base is still mainly owned by Daniel S. Haischt. Even if Daniel has no plan to leave Bennu development, this is a problem we are aware of and know that needs to be worked on so that the project becomes less dependent on an individual (taken from the Ivy example but it perfectly describes the current situation of Bennu).

Inexperience with open source

All of the Bennu developers are familiar with open source. They are or have been committers to several mid or large scale open source projects like OpenEJB, for example. In-depth knowledge of challenges and risks coming along with open source in general and legal issues specific to open source exists.

Homogeneous developers

The current list of committers includes developers from several different companies plus independent volunteers. The committers are currently geographically distributed across Europe and Africa. They are experienced with working in a distributed environment.

Reliance on salaried developers

Developers work on a volunteer basis. The project does not rely on salaried developers.

Relationships with Other Apache Products
  • Apache Tuscany: Service Management Abstraction Layer
  • Apache Tuscany: Service Management Web Service Interface
  • Apache Ant: Build system
An Excessive Fascination with the Apache Brand

The committers are intent on developing a strong open source community. We believe that the Apache Software Foundation's emphasis on community development makes it the most suitable choice.

Documentation

Bennu Related Resources

Operating System and Firewalling Related Resources

m0n0wall Related Resources (including forks)

Hardware Related Resources

Initial Source

The initial source for the project was originally written by Manuel Kasper. He will be donating the current code base to the Apache Software Foundation. A snapshot of the initial source is available at http://people.apache.org/~dsh/m0n0/

Source and Intellectual Property Submission Plan

The current m0n0wall code base is BSD licensed (new BSD license as it can be found in FreeBSD). The following people contributed to m0n0wall where Manuel Kasper is the project lead and wrote the majority of the m0n0wall code base.

  • Chris Buechler (cbuechler) <<MailTo(cbuechler AT gmail DOT com)>>
    • Documentation
  • Dinesh Nair (dinesh) <<MailTo(dinesh AT alphaque DOT com)>>
  • Jonathan de Graeve (jdegraeve) <<MailTo(Jonathan DOT De DOT Graeve AT imelda DOT be)>>
    • Captive portal
  • Manuel Kasper (mkasper) <<MailTo(mk AT neon1 DOT net)>>
  • Paul Taylor (ptaylor) <<MailTo(PaulTaylor AT winn DASH dixie DOT com)>>
  • Michael Iedema (michael.iedema) <<MailTo(michael AT askozia DOT com)>>
  • Marcel Wiget (mwiget) <<MailTo(mwiget AT gmail DOT com)>>

The complete list of m0n0wall contributors can be found at the m0n0wall web site:

Manuel Kasper will be donating the complete m0n0wall code base to the ASF and will provide assistance (answering questions and so on) during the IP clearance process. Manuel sent the software grant form to the ASF via facsimile on 28th of November 2007.

External Dependencies

The core dependencies all have Apache compatible licenses. These include BSD, CDDL, CPL, MPL and MIT licensed dependencies.

  • Servlet Container: Jetty (central management facility)
  • Service Management Web Interface (Client): lighttpd
  • Hosting operating system: FreeBSD
  • SCA/SDO implementation: PECL (PHP extension)

Scope of the sub projects

The below artifacts are being proposed to make up the initial core Bennu system (See: 4. Initials Goals as well).

  • Bennu mediation core (i.e. the service management abstraction layer)
  • Management Web service
  • HTML based management interface (Ajax/RIA based)
  • Various Core Service Implementations
  • Central administration facility (may reassemble parts of the HTML GUI)

Cryptography

Cryptographic software such as OpenSSL, which will be provided by the operating system, may be utilised by Bennu (i.e. Bennu source code may link against OpenSSL libraries).

Required Resources

mailing list(s)

  • <<MailTo(bennu-dev AT incubator DOT apache DOT org)>>
  • <<MailTo(bennu-commits AT incubator DOT apache DOT org)>>
  • <<MailTo(bennu-user AT incubator DOT apache DOT org)>>

Subversion repository

Issue Tracking

  • JIRA Bennu (BENNU)

Initial Committers

  • Daniel S. Haischt <<MailTo(dsh AT apache DOT org)>> (**)
  • Mohammad Nour El-Din <<MailTo(mnour AT apache DOT org)>> (**)

Affiliations

  • Daniel S. Haischt - an IBM Employee and OpenEJB Committer
  • Mohammad Nour El-Din - an IBM Employee and OpenEJB Committer

Sponsors

Champion

Nominated Mentors

Sponsoring Entity

  • The Apache Incubator PMC

Annotations

(*) CLA filed. (**) CLA acknowledged.

  • No labels