NETWORK EMULATION AND NETKIT Gestão e Segurança de Redes / Gestão de Redes e Serviços LERC / MEIC- T 2013/14 Artur M. Arsénio & Miguel P. Correia
CLASS OBJECTIVES To understand what is meant by network virtualizaoon and emulaoon the basics of Netkit 2
VIRTUALIZATION 3
VIRTUALIZATION VirtualizaOon relates to the nooon of abstrac6on, which appears at several levers in computer science & eng. An interpreter is a virtual machine that runs programs wrizen in a certain language (e.g., Basic, Perl, JavaScript, PHP) A Java or.net virtual machine runs programs in bytecodes / CIL An operaong system provides a virtual machine for each program that runs on top of it Virtual machines provide virtualized resources each program has to some extent the illusion that the memory, CPU and I/O are used by itself only These resources look different from plain hw: memory, disk, 4
VIRTUALIZATION IN COMPUTING VirtualizaOon in this sense involves a Virtual Machine Monitor (VMM) or hypervisor Each virtual machine (VM) or guest system has the illusion that it runs on top of the hardware with its usual API Each VM can run its own operaong system! That s the difference in relaoon to what we just saw 5
VIRTUALIZATION - TYPES Type I or NaOve - VMM runs on top of the hardware ObjecOve is to share a server among several VMs, e.g., as in cloud comp. IaaS Examples: Xen, VMware vsphere, Microsoi Hyper- V, KVM Type II or Hosted - VMM runs on top of an OS ObjecOve is to allow user to run apps on top of different or encapsulated OSs Examples: Oracle VirtualBox, VMware Player 6
VIRTUALIZATION - BENEFITS Reliability: one applicaoon per VM prevents e.g. the crash of the applicaoon to affect the whole machine Security: azack against an applicaoon in a VM does not contaminate other VMs (containment) Scalability / load balancing / elasocity: applicaoon no longer azached to a physical machine so dynamic resource allocaoon for applicaoons (disk, mem, CPUs) cloud compuong CompaObility: hardware abstracoon allows running legacy applicaoons 7
USER- MODE LINUX (UML) VirtualizaOon planorm that works slightly differently Enables mulople Linux virtual machines to run as processes (i.e., in user mode) of a normal Linux Processes Processes Processes Linux Linux Linux Virtual hw Virtual hw Virtual hw Linux Hardware 8
USER- MODE LINUX (UML) Runs several virtual machines Each virtual machine runs Linux and Linux processes Distributed as patch of the Linux kernel Allows having dozens of virtual Linux machines inside a single one! Netkit is based on UML 9
NETKIT 10
NETWORK SIMULATION VS EMULATION ExperimenOng networks and their configuraoons is a common need Using a real network is oien undesirable equipment is expensive, it takes Ome to install and configure Simulators Run a model aiming at reproducing the performance of a real system (latency, bandwidth used, ); mostly used for research Emulators Aim at reproducing the funcoonality of the real components Packets are actually exchanged and there are device emulators that follow the same states of the real devices No model is used, but real (or close to real) soiware 11
NETKIT A network emulator based on UML So it reproduces funcoonality, not performance A virtual network is a set of virtual machines (VMs) interconnected They can play the role of hosts, routers, switches, Linux already has most soiware needed The virtual network can access the real network and the internet 12
VIRTUAL MACHINES Each virtual machine has: a console (a terminal window) its own memory space a filesystem (stored in a single file of the host filesystem) one or more network interfaces (NICs) Each NIC is connected to a collision domain 2 NICs connected to a collision domain à c.d. emulates a link 3 or more NICs connected to a collision domain à c.d. emulates a hub or Ethernet bus no longer used! 13
A SIMPLE VIRTUAL NETWORK 14
NODES OF A VIRTUAL NETWORK In Netkit all nodes are virtual machines with Linux; A VM can emulate: A server or a workstaoon (running Linux) A router Linux can do the rouong; Zebra/Quagga implement rouong protocols (RIP, BGP, ) A switch Linux has switching soiware (e.g., spanning tree); configured with brctl 15
WHAT IS NETKIT Commands used to set up virtual networks most commands are implemented as scripts A ready- to- use filesystem that serves as a pazern for creaong the file system of each VM Common networking tools are already installed in this filesystem (Quagga, brctl, Apache, etc.) A UML kernel that is used as hypervisor for the VMs Can be installed in Linux or run from a Live CD 16
NETKIT DETAILS 17
NETKIT COMMANDS Netkit provides users with two sets of commands vcommands (v- prefixed commands) for configuring and starong up single virtual machines lcommands (l- prefixed commands) to set up complex labs with several virtual machines 18
VCOMMANDS Allow to start up virtual machines with arbitrary configuraoons (memory, network interfaces, etc.) vstart: starts a new virtual machine vlist: lists currently running virtual machines vconfig: azaches network interfaces to running VMs vhalt: gracefully halts a virtual machine vcrash: causes a virtual machine to crash vclean: panic command to clean up all Netkit processes (including VMs) and configuraoon sewngs on the host machine 19
CREATING SIMPLE NETWORK WITH VCOMMANDS Create two PCs, boot them, open a shell for each: vstart pc1 - - eth0=a vstart pc2 - - eth0=a At each of the PCs console create a network interface (eth0): At pc1: ifconfig eth0 10.0.0.1 netmask 255.255.255.0 up At pc2: ifconfig eth0 10.0.0.2 netmask 255.255.255.0 up Ready! ping A 20
NETKIT LCOMMANDS Simplify sewng up complex labs consisong of several virtual machines (preferred) lstart: starts a Netkit lab (described in a file) lhalt: gracefully halts all VMs of a lab lcrash: causes all the VMs of a lab to crash lclean: removes temporary files from a lab directory linfo: provides informaoon about a lab without starong it ltest: allows to run tests to check lab is working properly 21
NETKIT LABS A Netkit lab is a set of preconfigured virtual machines that can be started and halted together It is launched by running lstart 22
NETKIT LABS USING LCOMMANDS a standard Netkit lab is a directory tree containing: a lab.conf file describing the network topology a set of subdirectories that contain configuraoon sewngs for each VM.startup and.shutdown files that describe acoons performed by VMs when they are started or halted [opoonally] a lab.dep file describing dependency relaoonships on the startup order of virtual machines [opoonally] a _test directory containing scripts for tesong that the lab is working correctly Many examples available in the Netkit web site 23
LAB.CONF Equivalent to physical configuraoon of the network lab.conf describes some sewngs of the VMs that make up a lab the topology of the network 24
LAB SUBDIRECTORIES Netkit starts a VM for each subdirectory gives each the name of the subdirectory itself unless lab.conf contains a machines= statement the contents of subdirectory VM are mapped into the root (/) of the VM s filesystem for example, vm/foo/file.txt is copied to /foo/file.txt inside the virtual machine VM this only happens the 1 st Ome the VM is started; in order to force the mapping again you have to remove the VM filesystem (.disk file next slide) 25
VM FILESYSTEM When a VM is executed for the first Ome a filesystem image is created file vm_name.disk This image contains: The Netkit filesystem (the one that is used as pazern) Plus whatever is in the subdirectory VM Furthermore, during the execuoon of the system the user can install more soiware, create files, etc. This is kept in vm_name.disk DeleOng vm_name.disk cleans this cleans the filesystem! Note: these files can grow big but zip/rar compress them much 26
STARTUP AND SHUTDOWN FILES shell scripts that tell virtual machines what to do when starong up or shuwng down they are executed inside virtual machines shared.startup and shared.shutdown affect all the virtual machines upon startup, a VM named vm_name runs shared.startup vm_name.startup upon shutdown, a VM named vm_name runs vm_name.shutdown shared.shutdown 27
STARTUP AND SHUTDOWN FILES a typical usage of a.startup file is to configure network interfaces and/or start network services example content of vm_name.startup: ifconfig eth0 10.0.0.1 netmask 255.255.255.0 up (the MAC address is assigned automaocally) 28
LAB.DEP lstart boots VMs in some order This order can be defined by establishing dependencies e.g., pc3 can only boot aier pc2 and pc1 are up and running A lab.dep file inside the lab directory describes these dependencies file format is similar to that of a Makefile example pc3: pc1 pc2 29
LAUNCHING/STOPPING A LAB lcommand - d <lab_directory> [machine...] or enter the lab directory (cd lab_directory) and: lstart, to start the lab lhalt, to gracefully shut down the virtual machines of a lab lcrash, to suddenly crash the virtual machines of a lab opoonally, a list of machine names can be given on the command line only those machines will be affected by the command example: lcrash pc3 30
GETTING INFORMATION ABOUT A LAB linfo prints summary informaoon about a lab without running it opoon - m allows to create a sketch of the link- level topology of the lab requires the GraphViz library to be installed 31
ACCESSING THE OUTSIDE WORLD Can be done in two ways: FROM A VM The directory /hosthome inside a VM points to the home directory of the current user on the real host read/write access is allowed so it is possible to transfer files in/out of a VM vstart can automaocally configure tunnels ( tap interfaces ) by which a virtual machine can access an external network 32
ACCESSING THE INTERNET To access internet create tap, a virtual (soiware) hub tap is a Linux mechanism Done by adding to lab.conf: vm[1]=tap,11.0.0.1,11.0.0.2 vm is the VM name, 1 is for eth1 The 2 IPs must be in the same /24 subnet The subnet can t be otherwise used in the lab 1 st IP is seen from the host; 2 nd IP is seen inside the VM Then configure DNS In the host, copy /etc/resolv.conf to vm/etc/resolv.conf 33
INSTALLING SOFTWARE INSIDE A VM (access to the internet is needed, previous slide) The same as installing soiware in Ubuntu or Debian: apt- get update - refresh the list of available packages apt- get install package_name - install the package If not root, sudo must be used runs the tool with superuser privileges This use to be complicated but current sysadmins have life simplified: apt- get solves conflicts and installs all that is needed 34
TEXT MODE Netkit runs in text mode => no graphical interfaces For instance, no normal browser can be executed Just a text mode browser 35
WHY NETKIT? We can implement a reasonably complex network without much hardware (e.g., ~30 nodes) We can take the network configuraoon in a memory sock Very pracocal! 36
SUMMARY VIRTUALIZATION EMULATION VS SIMULATION NETKIT 37
INSTALLING NETKIT It s easy. Just follow the instrucoons at Netkit website - hzp://wiki.netkit.org/ OpOons: Install it on Linux Install it on a Linux virtual machine, running e.g. on VirtualBox or VMware Run it from a Live CD (not recommended) Run a Live CD image as a virtual machine (not recommended) 38
BIBLIOGRAPHY Netkit website - hzp://wiki.netkit.org/ Netkit official labs - hzp://wiki.netkit.org/index.php/labs_official Secondary: M. Correia, P. Sousa, Segurança no Soiware, FCA, 2010 (chapter about virtualizaoon) The slides contain material @Computer Networks Research Group Roma Tre 39