This project is a research collaboration between UNM, SNL and few other organizations. The goals of the project are to:
- virtualize the EV charging PKI environment using phenix-minimega
- answer some research questions:
- What’s the scalability of certificate generation/distribution?
- What’s the anticipated network load?
- Are there issues with key generation, distribution, and registration?
- How will revocation mechanisms scale?
- Will failback operating modes work when, e.g., the Root-CA is un-reachable?
- Are there interoperability issues with mixed ISO 15118-2, ISO 15118-20, SAE PKI Vehicles and EVSE?
- ISO 15118. Python Implementation of the ISO 15118 -2 and -20 protocols.
- phenix. Orchestration tool for minimega which can virtualize the PKI environment.
Clear instruction is given in the repository readme file. Please follow this.
Instruction is given in the repository readme file and also in the project website. But a more straight forward instruction is given below:
- Install Docker and Docker Compose.
- Clone the phenix git repository.
- From a terminal, change into the phenix/docker directory.
- Run
sudo docker-compose build(this can take a while depending on your system). - Run
sudo mkdir /phenixto create the phenix installation folder. - Run
sudo docker-compose up -d phenix. - Browse to http://localhost:3000 to access the phenix UI.
To restart phenix:
- From a terminal, change into the phenix/docker directory.
- Run
sudo docker-compose down. - Run
sudo rm -rf /etc/phenix. - Run
sudo docker-compose up -d phenix.
- Enble root user by running
sudo su. - Add an alias to the system for phenix by running
alias phenix="docker exec -it phenix phenix". - Export existing image config from phenix by running
phenix config get image/miniccc > /phenix/switchev-iso15118.yml. Here 'switchev-iso15118.yml' is the name of the downloaded image config file. - Add necessary packages and scripts to the newly exported image config file.
- Change the name field in the image config file by giving it a unique name.
- Remove the overlays field from the image config file. See the Image Config folder for a prepared file with all the necessary packages.
- Import the image config file by running
phenix config create /phenix/switchev-iso15118.yml. - Finally, build the image by running
phenix image build -x -c -o /phenix/vmdb switchev-iso15118.
- Browse to http://localhost:3000 to access the phenix UI.
- Create or import a network topology using the Configs tab. Visit the phenix website to learn how to create topologies. Check the Topology folder for some prepared examples.
- Go to the Experiments tab to create a new experiment. Select the correct topology.
- Run the experiment by clicking the red 'stopped' button. If everything is okay, the experiment will run and the button will turn to a green 'started' button. Stopping the experiment follows the similar process.
- Click on the name of the experiment to open the experiment panel.
- Click on the screenshot of a VM to access it. A new tab will be created for each VM.
If you want to ping the VMs from the host machine or vice versa, it will not work. The VMs do get virtual interfaces created but they are isolated on the OVS bridge they're connected to. The easiest way to access the VMs is to "tap" the bridge with an addressable interface on the host. Here are the steps:
- Clone the minimega git repository.
- Open the terminal. Enble root user by running
sudo su. - Add the minimega bin folder to the PATH variable.
- Check the vlan name from the phenix experiment panel (not the experiment tab). It should be under the network column. Ignore the number in the parenthesis. For exmaple, if the entry under the network tab is "lan (101)", the vlan name is "lan".
- Check the bridge name using
ifconfigin the host machine. It should be "phenix". - Check the ipv4 subnet of the VMs. Choose an ip address within the subnet excluding the already used ones. It will be used as the ip address for the tap interface. For example, if the ip of the VMs are 10.1.2.101-110, you can choose 10.1.2.1/24 or 10.1.2.254/24 as the ip address for the tap.
- Execute this to create the tap:
minimega -e tap create "vlan name" bridge "bridge name" ip "ip address" "tap name". Choose a tap name of your choice. For example, the complete command can be:minimega -e tap create lan bridge phenix ip 10.1.2.254/24 nat0 - The VMs and the host will be able to communicate with each other now. Test by pinging.
By default, the VMs will not be able to access the internet. Test by pinging www.google.com. To enable access to the internet, on the host side, we will have to enable ip forwarding and configure the iptable. On the VM side, we need to add the host ip as the default gateway and configure the DNS. The steps are as follows:
- Create a tap interface following the instruction in the previous section.
- Execute this to enable ip forwarding in the host machine:
sysctl -w net.ipv4.ip_forward=1. - Execute the following 5 commands in order. You may need to change
eth0to match the interface on the host machine with Internet access. Also, You may need to changenat0to match the name of the tap interface you have just created.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A INPUT -i nat0 -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -j ACCEPT
iptables --policy FORWARD ACCEPT
- Login as root.
- Check if the defalut gateway is set to the tap interface ip address of the host machine.
- If not, use
ip route delete defaultto delete the wrong default gateway. - Now execute
ip route add default via 10.1.2.254to set the correct default gateway. Here, 10.1.2.254 is the tap interface ip address of the host machine. - Check if you can ping google.
- If not, edit
/etc/resolv.confby adding the address of google public DNS (8.8.8.8 and/or 8.8.4.4) or any other DNS. The entry should look like this:
nameserver 8.8.8.8
nameserver 8.8.4.4 - Test by pinging google.