The Virtual Router Project - PowerPoint PPT Presentation

1 / 38
About This Presentation
Title:

The Virtual Router Project

Description:

... router (vr server must forge the source address of Ethernet ... The vr server forges source hardware addresses for all packets leaving all vr clients. ... – PowerPoint PPT presentation

Number of Views:544
Avg rating:3.0/5.0
Slides: 39
Provided by: Martin437
Category:

less

Transcript and Presenter's Notes

Title: The Virtual Router Project


1
The Virtual Router Project Stanford Networking
Seminar October 24th, 2002
Martin Casado Guida Appenzeller Vikram
Vijayaraghavan Nick McKeown
2
Outline
  • Motivation
  • System Overview
  • Example Assignments and Uses
  • Performance Characteristics
  • Conclusion

3
How do you teach internet routing?
  • Basic Internet Routing Determine the next hop in
    the network for traffic to go given a destination

A
?
B
?
?
C
4
How do you teach internet routing?
  • Hands On Allow students to implement a router
    that, given a packet, makes the decision for the
    next hop
  • Operate on real traffic Have the students route
    actual internet traffic. Example web traffic
  • But How?

5
Use a Simulator?
  • Difficult to integrate with hardware
  • Not designed to route actual traffic

How About working in the kernel?
  • Assume knowledge of kernel hacking
  • Need good kernel debugging environment
  • Requires one machine per student/group

6
Preferred Solution
  • Students should work in user space
  • Ability to support many students with minimal
    hardware
  • Ability to support complex router functions such
    as routing protocols (RIP, OSPF)
  • Extendable to other assignments such as
  • Implementing congestion control
  • Demonstrating characteristics of TCP
  • Fair queuing

7
Outline
  • Motivation
  • System Overview
  • Example Assignments and Uses
  • Performance Characteristics
  • Conclusion

8
How it works
9
How it really works
VR Client
Instructional machines
PCLinux
Firewall
Campus Network
Virtual Router Server
Web/ftp servers
10
How it works in excruciating detail
  • Firewall knows the IP of vr client and sends
    ARP request
  • VR server forwards ARP request to client
  • VR client send ARP reply to server destined to
    the firewall

A
B
Virtual Router Server
firewall
application servers
11
Why Use a Firewall?
  • Ensure packets entering system are forwarded to
    the virtual router server
  • Protect the world from packets generated by
    virtual router clients
  • Protect the virtual router system network

12
Handling Multiple Topologies
  • What we really want is the server to support
    multiple isolated topologies (one per student)

Topology per student
Web/ftp servers
13
Multiple Topologies Complication 1
  • How does the vr server know which vr client to
    send packets to?
  • Answer Each student topology is assigned
    aunique ID which is encoded in the hardware
    address used by the virtual clients

14
Enforcing topology isolation
  • We give all topologies a unique ID which we
    embed in the hardware address of the virtual
    router (vr server must forge the source address
    of Ethernet packets originating from vr clients)
  • The vr server will only forward packets on a
    particular topology (based on the hardware
    address) to the client on that topology

Application server (00E08103D096) 172.24.74.4
3
(70000100) 172.24.74.41
Firewall (00E08103FD9E) 172.24.74.17
15
Multiple Topologies Complication 2
  • How do the application servers know where
    toroute packets returning to the application
    clients?
  • AnswerSource routing at application servers

16
Handling return routes
  • Each topology must be assigned a unique subnet,
    and each application server a unique IP on that
    subnet
  • Each application server (e.g. httpd) must be
    configured to listen to multiple Ips (one for
    each topology)
  • Each application server must then choose the
    proper return route based on the source address
    of the departing packet

Application server (00E08103D096) 172.24.74.4
3
(70000101) 172.24.74.42
(70000100) 172.24.74.41
Firewall (00E08103FD9E) 172.24.74.17
Routing Decision if packet is from
172.24.74.43 forward to 172.24.74.42
17
Step by Step (again)
Application server (00E08103D096)
Virtual Router Server
Firewall (00E08103FD9E) 172.24.74.17
  • Application server is configured to source route
    packets from 172.24.74.43 to 172.24.74.42

18
Where virtual meets physicalsetting up
topologies
  • Topologies must have
  • A unique ID
  • A unique subnet from which Ips are allocated to
    the interfaces of the virtual router and to the
    application server
  • knowledge of the first hop in the network
  • Knowledge of the first hops from the application
    servers
  • Use first hop to set up firewall routing table
  • Use IP of application servers to set up virtual
    interface on application server
  • Use IP of application server and first hop of
    return route to set up application servers
    routing tables

19
Complex Topologies
  • What we really, really want is to allow
    studentsto work on topologies where multiple
    virtual clientscan work in tandem (RIP, OSPF)

Campus Network
Web/ftp servers
20
Complex Topology Complication
  • How does the vr server know which packetsan
    interface can see?
  • Answer Easy! Weve already solved this one
    (sort of). Assign each interface a unique ID
    pertopology and embed it in the hardware address
    have topology file describe connectivity
    betweenvirtual routers.

21
Hardware Addresses
  • The vr server forges source hardware addresses
    for all packets leaving all vr clients. Hardware
    addresses are created by setting the private
    bit in the Ethernet header and embedding the
    topology and interface Ids.

(700000070002)
22
On Receiving a Packet the VR Server
  • Checks to see if it has the private bit set, if
    soit is destined for a virtual client (if not,
    chuck it)
  • Uses topology ID to reference topology
    connectivity information
  • Verifies whether the destination can actually see
    the source, if so, forward the packet to the
    virtual client (if not, chuck it)

23
Topology Files
  • Written in XML
  • Specify virtual hosts which are a collection
    ofvirtual interfaces
  • Each interface lists the neighbors it can see

lttopology id7gtlthost namerouter1gt
ltvinterface id1 nameeth0
7000701 speed3000 ip172.24.74.41
neighbors2gtlt/vinterfacegt .
24
Scalable Configuration
VR clients written and run here
Instructional machines
Firewall
Multiple Virtual Router Servers Running
Web/ftp servers
25
Outline
  • Motivation
  • System Overview
  • Example Assignments and Uses
  • Performance Characteristics
  • Conclusion

26
Implement a Fully Functional IP RouterMarch
2002, 100 BS/MS students
  • Address lookup (static routing table)
  • Four network interfaces
  • TTL check and decrement
  • IP checksum check and update
  • ARP request/reply
  • ICMP enough for traceroute to work
  • Simple one hop topology

27
Other Potential Uses/Assignments
  • Implement RIP or OSPF on multi-node network
  • RED/DECbit
  • fair queuing, QOS
  • NAT
  • tunneling
  • tcp/ip stack
  • honey-net

28
Outline
  • Motivation
  • System Overview
  • Example Assignments and Uses
  • Performance Characteristics
  • Conclusion

29
1 Hop Routing Both Ways
switch
Application client
firewall
ftpd
Server client
30
VR System can handle high throughput
31
Performance With Remote Client
switch
Virtual router
ftpd
firewall
client application
Server
32
Bandwidth Limited?
33
Outline
  • Motivation
  • System Overview
  • Example Assignments and Uses
  • Performance Characteristics
  • Conclusion

34
Performance
  • Bandwidth limited
  • The server system can handle near optimal
    throughput
  • Limited on link from switch to vr server
  • Can we fix this? (not easily .. )
  • Does this mean running multiple instances of vr
    server is pointless? (perhaps )
  • Do we need high throughput? (not really ..)

35
Shortcomings
  • ARP requests from hardware to vr clients seen by
    all topologies
  • Hopelessly wed to Ethernet
  • Virtual topology will only map to simple hardware
    topology (how to mitigate bandwidth limitation?)
  • Not truly distributed (how to handle collisions?)

36
Future Work
  • Full featured, Java GUI client
  • Collection of prepackaged assignments
  • Support for dynamic topologies?

37
Status
  • Prototype V1.0 Summer 2001
  • First classroom use March 2002
  • CS244a at Stanford, Assignment 3, 100 students
  • V2.0 Summer 2002
  • Next classroom use March 2003
  • First planned release Summer 2003

38
Credits
  • Guido Apenzeller
  • Vikram Vijayaraghavan
  • Anton An
  • Giulio Galante
  • Pang Chau
  • Lei Jin
  • Yuefeng Li
  • Zhao-Ping Tang
  • Nick McKeown
Write a Comment
User Comments (0)
About PowerShow.com