Virtual Router & Overlay Network Sueng-Yong Park Dept. of Electronic Engineering Yonsei Univ.
Virtualization: Xen Architecture Xen allows users to create virtual PCs. Thin hypervisor encapsulates underlying HW. Domain 0 middles between virtual PC and HW. Virtual PCs run on user space. Hypervisor Driver DomU DomU Dom0 Frontend Frontend Backend 2
Virtualization: Xen Architecture domu userspace is a nice place to put SW router. Hypervisor provides modular resource managements. Process isolation provides undisturbed experiments. But, it also has XEN limitations. dom0 userspace Xen architecture domu userspace domu userspace processes processes processes dom0 kernel device drivers domu kernel Xen hypervisor domu kernel ring 3 x86_32 : ring 1 x86_64 : ring 3 ring 0 We can put Software Router in user space. Hardware 3
Internals of XORP IPC finder BGP4+ OSPF RIP IS-IS Unicast Routing router manager Forwarding Engine RIB FEA RIB = Routing Information Base FEA = Forwarding Engine Abstraction CLI Management Processes Click Elements SNMP PIM-SM IGMP/MLD Mutiicast Routing Standard Linux Kernel is OK. 4
Virtual Router Architecture Ethernet (hardware) + Software(XEN + XORP) XEN+XORP XEN Intel Ethernet Dom1 Dom2 Dom3 Control Plane Control Plane Data plane hypervisor(dom0) Device Driver Control Plane 5
Virtual Router Architecture Network mode communication is suitable because it may provide service with less overhead. NAT mode seems to be interesting when the experiment include different physical interfaces, like WiFi. VLAN1 0 VM Network Mode VLAN10 NIC VLAN2 0 VM VLAN20 VLAN# # VM NAT Mode NIC VM 6
Virtual Network Concept Remote control & monitoring virtual router over WAN Hypervisor <XML-RPC> Network/Router management <XML- RPC> Hypervisor 7
[R1] 192682.0/24 S1/0 S1/1 1926823.0/24 S1/0 S1/1 [SW1] [PC1] 1726.0/24 fa1/1 17263.0/24 fa0/1 GRE Tunnel.3 fa0/000 VLAN 100 fa0/000 1726.3.0/24 [SW2] fa0/000 fa0/000 [PC2]
S tatus of K OR E N T estbed Six Point of Presences (POPs) in Korea Interconnections between POPs are being upgraded from 2.5~5G to 10~20G. Construction of Network Operation Center (NOC) SW solution for NOC management Remote monitoring and management capability for research access ports. Construction of NOC. Construction of remote conference system CERN ET (China) 2G KREONE T BcN Q uality Control Center Jeju 622M 1G TEIN2 (EU) 622M Seoul 10G Suwon 10G 20G Daejun KwangJu 166M 1G 10G 10G BcN Testbed IX DaeGu Pusan Canet*4 (Canada) 10G Internet2 JGNII (USA) (Japan) TransPA C2 10G
V irtualn etw ork Topology User s view for Overlay 1 Overlay 1 Overlay 2 Overlay 3 VirtualRouter Slice ofvirtualrouter Seoul Suwon User s view for Overlay 2 VirtualRouter ControlCenter Daejon DaeGu User s view for Overlay 3 KwangJu Pusan KOREN
Future Plan: Virtual Network Management May follow openflow switch specification Test Switch for Overlay NW sw hw Secure Channel FIB XML-RPC SSL PC Source: http://cleanslate.stanford.edu
Future Plan: Router In Your Control IPC finder BGP4+ OSPF RIP IS-IS Unicast Routing router manager Forwarding Engine Your RIB RIB FEA RIB = Routing Information Base FEA = Forwarding Engine Abstraction CLI XML-RPC over Secure Link Management Processes Click Elements SNMP Your Process PIM-SM IGMP/MLD Mutiicast Routing 13
Intelligent Edge Router For a low cost edge router, dedicated external server is a good solution for intelligent operation. Usually easier to develop S/ W as the development environment is familiar. Source: http://www.cisco.com 14
10 Demo: Standard Platform 100.40.0/24 PC2_VM1.3 100.30.0/24 Cisco Router fa0/0 fa0/1 PC2_Dom0@Seoul.4.4 100.30.0/24 PC1_Dom0@Suwon 100.50.0/24 PC1_VM1.3 100.40.0/24 PC1_VM2
10 PC2_VM1 Demo: Monitoring & Control 100.40.0/24 of Overlay Network Cisco Router.3 100.30.0/24 Seoul fa0/0.4.4 fa0/1 100.30.0/24 100.50.0/24 PC1_VM1.3 Suwon 100.40.0/24 PC1_VM2 <Network Monitor>
Demo: Monitoring of ICMP Pkt 100.40.0/24 PC2_VM1.3 100.30.0/24 서 울 ATTACK Cisco Router fa0/0.4.4 fa0/1 100.30.0/24 100.50.0/24 PC1_VM1.3 수 원 100.40.0/24 PC1_VM2 <Network Monitor> <Hacker>
10 Demo: Monitoring of ICMP Pkt 100.40.0/24 PC2_VM1.3 100.30.0/24 Seoul ATTACK Cisco Router fa0/0.4.4 fa0/1 100.30.0/24 100.50.0/24 PC1_VM1.3 Suwon 100.40.0/24 PC1_VM2 <Network Monitor> <Hacker>
Q & A 19