Pilot 3 CCIPS controller component
© Mattin Antartiko Elorza Forcada
The CCIPS controller is developed in go using the go-netconf-client library.
-
Endpoint:
/ccips -
Method:
POST -
Summary: Create an IPsec tunnel.
-
Description: Creates an I2NSF IPsec tunnel using the provided configuration.
-
Request Body (JSON):
-
Responses:
-
200 OK: Tunnel created successfully with details. -
500 Internal Server Error: An error occurred while creating the tunnel.
- Endpoint:
/ccips/{uuid} - Method:
GET - Summary: Retrieve the status of an IPsec tunnel.
- Description: Fetches the current status of the IPsec tunnel identified by its UUID.
- Path Parameters:
uuid(string, required): The unique identifier of the IPsec tunnel.- Responses:
200 OK: Tunnel status retrieved successfully.400 Bad Request: Invalid request or UUID.
- Endpoint:
/ccips/{uuid} - Method:
DELETE - Summary: Delete an IPsec tunnel.
- Description: Deletes the I2NSF IPsec tunnel identified by its UUID.
- Path Parameters:
uuid(string, required): The unique identifier of the IPsec tunnel.- Responses:
200 OK: Tunnel deleted successfully.404 Not Found: Tunnel not found.500 Internal Server Error: An error occurred while deleting the tunnel.
- Endpoint:
/forwardqkd - Method:
POST - Summary: Choose PQC algorithm, hybridization method and use of QKD.
- Description: Add hybridization and PQC config parameters in parallel to RFC9061.
- Path Parameters:
uuid(string, required): The unique identifier of the IPsec tunnel.- Responses:
200 OK: Parameters added successfully.500 Internal Server Error: An error occurred while adding the parameters to the tunnel.
If you are running the CCIPS Controller, directly using the code, you need to first install golang using the instructions from here.
Then inside the directory of the CCIPS Controller run
go mod tidy
This will automatically download all the needed dependencies.
To launch the controller you can go to the folder ./cmd/server/ and run the following command
go run main.go
It will prompt the following message INFO: 2023/10/23 15:24:19 main.go:12: HTTP server started
First build the controller
docker build -t ccips_controller .To run it, by default it runs at port 5000, so you can run the docker image as follows:
docker run -it --rm -p 5000:5000 ccips_controllerIt will prompt the following message INFO: 2025/04/09 09:24:19 main.go:12: HTTP server started
curl -X POST http://192.168.159.239:5000/forwardqkd \
-H "Content-Type: application/json" \
-d '{
"use-qkd": "yes",
"pqc-algorithm": "kyber-512,
"hybridization-method": “xor”,
"endpoint1": "192.168.159.35”,
"endpoint2": "192.168.159.21”
}'- Nodes: Information of the nodes with the following:
- ipData: IP with which the other agent is going to see it and the one it is going to use to raise the tunnel.
- ipControl: IP that it has in the control network.
- ipDMZ: Agent's private IP. (G2G)
- networkInternal: Private subnet. (G2G)
- encAlg: Algorithm used by the tunnel to encrypt. supports:
- des
- 3des
- aes
- intAlg: Algorithm used by the tunnel to check the integrity of the packets. supports:
- hmac-md5-96
- hmac-md5-128
- hmac-sha1-96
- hmac-sha1-160
- hmac-sha2-256
- softLifeTime: Time for initialising the rekey process.
- hardLifeTime: Time in which if the rekey has not been performed, it throws the ipsec link.
curl -X 'POST' \
'http://192.168.159.239:5000/ccips' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-d '{
"nodes": [
{
"ipData": "10.0.0.11",
"ipControl": "192.168.159.35"
},
{
"ipData": "10.0.0.20",
"ipControl": "192.168.159.21"
}
],
"encAlg": [
"aes-cbc"
],
"intAlg": [
"sha2-256"
],
"softLifetime": {
"nTime": 1500
},
"hardLifetime": {
"nTime": 3000
}
}'