Proof of Concept: Virtual Home Network PoC: Parental Control using Docker Container

Introduction

Most virtualized home CPEs bring all the of the home router functions into the Service Provider’s cloud. There are valid reasons for having some network functions reside on the home gateway itself, and the majority of network functions reside in the ISP’s cloud. In the future, we will see this hybrid approach of having network functions as VHFs at multiple locations including the home gateway itself.

As a Proof of Concept, CableLabs has used a Raspberry Pi as an abstract Home Gateway to show the viability of using Docker Containers on even a small platform. The OS used on the R-Pi is Raspbian, which already supports Docker Containers. In the Docker Container, we have ‘stuffed’ a Linux open source software based Parental Control software, Dan’s Guardian, along with a web proxy and a node.js. This Docker Container exists in the Docker Cloud to give this demo even more credibility.

• Dan’s Guardian provides the filtering and blacklist(s)
• A web proxy was needed as an intermediary node
• Node.js was used to receive and send RESTful commands

We have simulated an ISP portal containing policies (Parental Control, Firewall & QoS) and also users at a residence (Dad’s work PC, Mom and Child’s iPads). An user at a residence drags the policy (Parental Control) to the device (Child’s iPad) to apply that specific policy to a specific device. A visual indictor shows the user A REST call is sent to the R-PI instructing the R-Pi to pull the Docker Container from the cloud and install it. The Docker Container is installed, including applying two interfaces to the container to act as a LAN and a WAN interface. This is somewhat novel as most applications of Docker Containers use a single interface.

Additionally, the web portal contains an area where the home user can add additional websites to the blacklist to provide a semi-custom blacklist. While this is just a PoC, it could scale and be applied to real-world applications. When a policy is no longer desired, the policy’s visual indicator on the device's name can be dragged to the virtual waste can to remove that specific policy.

Get in touch

Michael Kloberdans, Lead Architect, Home Networking, CableLabs
[email protected]