CableLabs Micronets

Developer documentation for CableLabs Micronets

The Micronets Gateway

Abstract/What it does

The Micronets Gateway incorporates a number of components necessary for creating and managing Micronets on the gateway - and for enforcing the Micronets policy. For example, when the Micronets Manager creates a Micronet and provisions a device on it using the Gateway Service API, the gateway on-boards the device onto the wireless network, provides the device its IP address when it joins the network, and ensures the device can only communicate according to the device-level and Micronet-level policy.

For instance, if the Micronets Manager provisions a device to only communicate with particular Micronets, particular devices, or Internet endpoints/networks - by assigning policy to the Micronet and/or the device - the Gateway will enforce the policy by only allowing packets associated with the permitted Micronets, devices, and Internet hosts to flow through OpenVSwitch.

How is it instantiated

The Gateway has a number of components that are installed on a Linux system via Debian package.

The Micronets Gateway Service and dependent components start when the Gateway boots and immediately connects to its peer Micronets Manager instance via the Micronets Websocket Proxy. If the Gateway Service isn’t able to connect to its peer Micronets Manager, and if/when the connection is interrupted, the Gateway Service will continuously attempt to re-establish the connection to try and ensure that the Manager is able to manage the Gateway. When the Micronets Manager can’t be reached, the Gateway will operate with the last settings it applied.

The gateway currently utilizes dnsmasq for DHCP lease management, openvswitch for packet switching and control, hostapd for wireless client communication/authentication, and ifupdown hooks to configure openvswitch.

What else does it communicate with

The Micronets Gateway is controlled via Micronets Manager and interacts with OpenVSwitch and the Linux networking facilities to setup and maintain the Micronets, a DHCP server (DnsMasq) to setup device-to-address mappings and receive lease notifications, and uses the Micronets Websocket Proxy to maintain a control connection with the Micronets Manager and perform asynchronous notifications.

What APIs it provides

The Micronets Gateway provide a REST API that can be invoked directly or via the REST-over-websocket protocol defined in the Micronets Websocket Proxy.

Currently the API allows subnets/Micronets to be defined and allows devices to be added to the subnets. Device- and network-level restrictions (allow/deny rules) can be specified for any device. The DHCP and OpenVSwitch subsystems are configured according to the subnet/Micronet definitions provided in the Micronets Gateway Service API.

Instructions for running/building the Micronet’s Gateway Service and building the installable image from source can be found in the Micronet’s Gateway source repository.

The Debian installer (and its dependancies) are in the Cablelabs Artifactory.

For Ubuntu 16.04 LTS, the following dependent packages should be installed:

Note that for Debian releases newer than 16.04, the Python 3.6 packages should not be required.

The Debian package with the Micronets Gateway components can be downloaded from:

Note that support for installation via an apt repository is in-progress. In the meantime, each of the above packages can be downloaded via curl or wget and installed via dpkg. e.g.

wget https://community.cablelabs.com/mvn/micronets-dpkg/pool/micronets-gw-current.deb
dpkg -i micronets-gw-current.deb

After installation of the gateway packages, the gateway’s /etc/network/interfaces file needs to be configured according to the gateway’s connectivity and installed network interfaces. An example /etc/network/interfaces file can be found in the Micronet Gateway source repository.

After the interfaces file is configured, the gateway should be rebooted for the changes to take effect.

The Micronet’s Gateway Service API is currently documented in the gateway source repository.