Hi! You've found the place where I leave tutorial-style notes for various projects and rant about broken computers and how they fail.

© Copyright A. Custura 2017 Analog

monroe-cli 1.0.1 released!

Oct 03, 2017

Mobile broadbands are a big part of Internet today, and the ubiquity of mobile devices shapes the way we get online. The mobile broadband infrastructure provides its own challenges, from to heterogeneous access technologies to traffic shapers and firewalls buried under layers of NAT.

The MONROE project, Measuring Mobile Broadband Networks in Europe, provides a distributed infrastructure for experimenting on mobile broadband networks. At the time of writing, the platform comprises over 300 measurement servers, or nodes, in Sweden, Norway, UK, Greece, Spain and Italy.

All of the nodes within the MONROE platform are made available to researchers on an Experiment-as-a-Service basis, via a scheduling interface with client-side authentication, which looks like this:

The MONROE scheduler is feature rich, allowing users to customize experiments in a variety of ways. The experiments run on nodes in the platform in Docker containers.

monroe-cli provides both a library and a command-line tool for interacting with the scheduler, without the point and click required by the web front end. It supports all the features of the scheduler, such as experiment recurrence parameters, country selection, start time, and optional experiment parameters. It also allows users check node availability and view, cancel and delete experiments, as well as download experiment results.

Over the last few days I’ve worked on monroe-cli version 1.0.1. This version follows the changes in the API, and implements new features. Here are the highlights:

Support for node models and number of network interfaces

As the project has moved on to the second generation of MONROE nodes featuring apu2d boards, both the library and the CLI now support setting up experiments on either new models of nodes or nodes with a specific number of mobile operators. These options can be set as follows:

monroe create <experiment> --new --ifcount 2

Library support for low priority queue experiments (LPQ)

The library now supports low-priority queue experiments, a new feature which allows users to submit experiments without a given start time. These are deployed on-the-fly when the selected nodes are up and free for enough time to run an experiment. Usage example:

from monroe.core import *
s = Scheduler('clientcert.pem','clientkey.pem')
exp = s.new_experiment()

In order to use this feature in the CLI, the '--start' argument should be set to -1.

Cleaner command line client with better default options

The initial command line syntax had a few unnecessary optional arguments. The default node type when creating an experiment is now ‘testing’, which is what most researchers are expected to use. Also, creating an experiment now submits it by default, instead of relying on --submit. When downloading or deleting experiments, the experiment ID is now a positional argument: monroe delete --exp <exp-id> becomes monroe delete <exp-id>.

The same applies for setting up client certificates, which can now be done using command monroe setup <client-cert.pkcs12>.

Perhaps the most important syntax change is the --script argument, which indicates the experiment’s Docker container, which is now a positional argument as well: monroe create acustura/monroe will submit a new experiment using Docker container acustura/monroe.


Instructions on how to install the tool, and usage examples for the library and the CLI have been added to the project, hopefully making it more accessible to everyone.


The one outstanding issue is that, currently, the client certificates required to authenticate are md5 signed.

This means it is impossible to use python-requests, which relies on OpenSSL, and instead the library uses to not-so-graceful calls to wget. OpenSSL disabled support for certificates signed with md5 as of version 1.1.0, so the CLI tool only works (that I know of) on Debian machines, where wget is compiled against GnuTLS.

If you want to check, here’s how:

ldd /usr/bin/wget | egrep "(tls|ssl)"

As md5 is phased out from digital certificate signing, this is a temporary workaround. Here’s a paper from 2008 (!) that points out md5 is harmful. More recent research describes various attacks involving RSA-MD5 signatures, pointing out that keeping legacy crypto in current protocols weakens them.

If you’d like to check out monroe-cli, visit the github page. The work is funded under EU Horizon 2020, agreement number 644399 . This support does not imply endorsement.