310 likes | 404 Vues
Explore networking with VLabNet using Debian Xen and Quagga Suite on HP servers. Learn routing protocols and configure routers virtually.
 
                
                E N D
VLabNet: A Virtual Laboratory Environment for Teaching Networking and Data Communications Valerie J. H. Powell, John C. Turchek,Peter Y. Wu, Lawrence C. FranziComputer and Information Systems Randall S. Johnson, Ian W. ParkerTechnical Services, Information Systems Christopher T. Davis Educational Technology Center, Robert Morris UniversityMoon Township, PA 15108 USA ISECON 2007 - Sheraton Station Square, Pittsburgh - November
VLabNet Software • This project uses Debian Xen and the Quagga Routing Suite. Xen is a Virtual Machine Monitor (VMM) originally developed by the Systems Research Group of the University of Cambridge Computer Laboratory, as part of the UK-EPSRC funded XenoServers project. The Quagga routing suite simulates the RIP, OSPF, and BGP protocols. A Cisco 2610 router was attached to the Xen array of virtual machines to provide some direct Cisco router experience. Since a single rack mounted server can deliver the array of virtual machines, no special hardware (wiring or garage drive) is needed. Students can access this system anywhere. ISECON 2007 - Sheraton Station Square, Pittsburgh - November
VLabNet Hardware • Hardware: HP ML370G3 with a single 2.8 GHz CPU, two 36 GB SCSI disks in a hardware-based RAID-1 mirror, and 1 GB RAM. This server supported a lab of 19 virtual machines each with 48 MB RAM, 1 GB disk. RAM is the limiting factor, because Xen allocates the full amount of RAM for each virtual machine out of the host’s physical RAM at domU startup. ISECON 2007 - Sheraton Station Square, Pittsburgh - November
VLabNet Design 3 • The learning environment was designed to support the exploration of networks and subnets, switches, bridges, routers, and of the individual host in the role of a router. As shown in Slide 10 each host has three different addresses, one each for the three interfaces: eth0, eth1, and eth1:1. For example, for host 101, those would be x.y.z.101 (x.y.z. represents the first three octets of VLabNet’s externally routable IPv4 addresses) for interface eth0 (an externally routable address), 10.10.10.101 for interface eth1 (non-routable externally), and 10.10.101.2 for interface eth1:1 (also non-routable externally. Students become accustomed to their assigned host having multiple addresses and to using the various addresses each for certain purposes and in certain situations. ISECON 2007 - Sheraton Station Square, Pittsburgh - November
VLabNet Design 4 • A variety of addresses and corresponding masks were designed to assure a variety of address encounters and make it practical and necessary to learn about classless inter-domain routing (CIDR) addressing (see Figure 2.2, Appendix B). • The interface identified as eth1:1 has the property that the nodes reached by that interface are not connected with each other and can only be reached by the respective host to which connected. Thus the host becomes a router to nodes such as 10.10.101.2. ISECON 2007 - Sheraton Station Square, Pittsburgh - November
Learning Focus Areas • Computing Environment: Xen Linux Virtual Machines • Protocol Stack: • Describe Hybrid 5-layer Protocol Stack and Functions of Layers, • Recognize and Analyze Protocol Data Units and their Headers, Payloads, Trailers for Layers (Segment, Packet, Frame) • Addresses and Masks (Recognition, Classification, Bit Budgets): • MAC addresses (Data Link and Physical Layers) • IP addresses: Multicast, Loopback, Routable, Non-routable private or restricted, Broadcast (Network Layer) • CIDR (Classless Interdomain Routing) addresses and masks • Port Numbers (Transport Layer) • Application Layer Addresses • Routing and Routing Information Protocols: • Neighbors • Configure Static Routing and RIP and Verify Results • Configure Dynamic Routing and OSPF and Verify Results • Consult Cisco 2610 Router • Configure Border Gateway Routing (BGP) and Verify Results • Encapsulation • Review Encapsulation in the Protocol Stack: Message (Portion) in Segment in Packet in Frame • Implement and Verify a Tunnel Using Generic Routing Encapsulation ISECON 2007 - Sheraton Station Square, Pittsburgh - November
Practice Strategies • Open two session instances at the same time so you can, for example, ping in one session and capture the results using tshark in the other session. • Teamwork: one member of team ping and the other capture using tshark; verify if routings exist in both directions between team’s hosts. • Use ping count parameter ping –c 1 to make capture easier. • Routing experiments: check before during and after setting up static routings. • Verify impact of RIP. ISECON 2007 - Sheraton Station Square, Pittsburgh - November
Practices (Routing, Fragmentation) • What routing is available to your host? Check before establishing static routing. • Establish static routing and then check routes. Use traceroute. • Ping with oversized ICMP packets to get fragmentation. (Oversize = > MTU/MSS) • telnet to check TCP connection establishment/release. • ssh to check secure TCP connection establishment/release. • Use RIP to set up and verify neighbors. ISECON 2007 - Sheraton Station Square, Pittsburgh - November
Things to Note • Packets/frames marked don’t fragment: RIP, TCP SSH • MTU: verify MTU. • Fragments: check for fragment offsets 0 or > 0, more fragments flag set or not set. • Unicast or Multicast destinations in RIP frames. • Learn about ports and TCP. Use netstat –an | less to check and see which ports are open (LISTEN) and which TCP connections are established. ISECON 2007 - Sheraton Station Square, Pittsburgh - November
VLabNet Archi-tecture ISECON 2007 - Sheraton Station Square, Pittsburgh - November
VLabNet Themes 1 • Several themes follow the learning process throughout the course: layered protocol stack reference models, routing discovery, encapsulation, addressing, data units, protocol identification, bit budget (Maximum Transmission Unit (MTU; see slide 18), Maximum Segment Size (MSS). In performing the Generic Routing Encapsulation (GRE) tunneling exercise, students should notice the reduced MTU (1476) for the tunnel, due to more bits being consumed by headers in the encapsulation process. Here is an example of the “Protocols in frame” report for a captured tunnel message: eth:ip:gre:ip:icmp:data, document-ing the encapsulation. ISECON 2007 - Sheraton Station Square, Pittsburgh - November
VLabNet Perspective • Students begin the course with a naïve impression of Internet messages that transmit Web and e-mail data. Gradually their perspective develops to include all the kinds of messages necessary to support the Internet as they observe traffic using the various interfaces available in VLabNet and document the different types of messages. ISECON 2007 - Sheraton Station Square, Pittsburgh - November
Information Bits vs.Overhead Bits • Information bits: the message to be transmitted; payload • Overhead bits – everything else (the container): error control, addressing, encapsulation support, etc. (header, trailer); the concept of “tare,” comparison with transportation ISECON 2007 - Sheraton Station Square, Pittsburgh - November
Theme: Routing Discovery • The most important theme in the course is routing discovery. Students are shown how to consult routing tables at different stages in the course and are encouraged to determine how the data in routing tables develops and is maintained. To ascertain where routing comes from, students explore routing information and routing information protocols. They begin with the concepts of neighbor and neighborhood, so that they realize that the “heart” of routing information and routing discovery is always direct communication among neighbors. ISECON 2007 - Sheraton Station Square, Pittsburgh - November
Routing Discovery Progression • The sequence of exploration in the course is • (1) static routing, • (2) dynamic routing1: Routing Information Protocol (RIP, distance vector; unicast peers), • (3) dynamic routing 2: Open Shortest Path First (OSPF, link state; multicast peers), and • (4) dynamic routing 3: a Cisco 2610 Router and Cisco’s EIGRP rationale. The culmination of routing experience in the course is • (5) using generic routing encapsulation (GRE) to establish tunnels. A tunnel needs to be established in both directions between a pair of hosts before proceeding to verification. Close teamwork collaboration is required in this process • (6) path vector routing: Border Gateway Protocol (BGP) ISECON 2007 - Sheraton Station Square, Pittsburgh - November
Data Unit Components • To understand protocol data units and their components and encapsulation, they begin with the concepts of payload and “tare.” They analyze data unit components to distinguish the payload from the other parts of a PDU component. • In the process they learn about the concepts of message delineation, addressing at different protocol stack levels, differentiating types of messages, and error control information (CRC). • They learn by inspection about length and specifying length, MTUs (see Slide 18), MSSs, fixed-length elements, and variable-length elements. • They explore lengths of PDUs and PDU components by causing fragmentation (using ping to generate oversize packets) and documenting and analyzing the impacts of fragmentation. Concepts that seem very abstract in textbooks become practical exercises. ISECON 2007 - Sheraton Station Square, Pittsburgh - November
Directory Model ISECON 2007 - Sheraton Station Square, Pittsburgh - November
Packet Structure ISECON 2007 - Sheraton Station Square, Pittsburgh - November
The Bit Budget Concept All computer storage is finite. FIXED BIT BUDGETS: • Understanding the bit allocation in software or hardware as a bit budget: with a bit budget of n bits, any one of 2n different values can be stored (range from 0 through 2n-1). In other words, n bits makes 2n unique different addresses possible. • For example, with a bit budget of 12, 4096different unique numbers or addresses (bit combinations, from zero through 4095) can be stored (in registers or protocol fields). • For example, with a bit budget of 4, I can support enough unique addresses for 14 subnets (CIDR addressing, 2n-2 subnets (for subnets, always subtract the 2 addresses consisting of all 1s (broadcast) and all 0s (current environment); 24 = 16; 16–2 = 14). • If I need to store 4096 different numbers or store any number or address greater/higher than 4095, my budget is not adequate and I need a larger budget. • A bit budget can be established for a register, an address, a bus, or a protocol field. Fixed bit budgets are established for particular technologies (address fields in data communications and networking protocols, registers in processors). Bit budgets have to be calculated in applications such as DVDs, where the bit requirement of a particular DVD is determined for that DVD. • Bit budgets are associated with different ($, £, ¥, €) costs for different size registers, address operands for commands, message header address components, or buses. • A register that can hold 32 bits has a bit budget of 32; a network protocol address field that can hold 3 bits has a bit budget of 3. • Underlying bit budgets determine the maximum size of identifiers and values in standard programming and database languages. ISECON 2007 - Sheraton Station Square, Pittsburgh - November
BIT BUDGETS AND LARGEST NUMBERS/HIGHEST ADDRESSES • How many different numbers (addresses, bit patterns, or bit combinations) can be stored with a bit budget of… ?2, 3, 4, 5, 6, 7, 8, 16, 32, 64, or 128 bits • What is the largest number or highest address (hint: 1 less than number of different bit combinations based on bit budget allocation) that can be stored with this bit budget?2, 3, 4, 5, 6, 7, 8, 16, 32, 64, or 128 bits: ISECON 2007 - Sheraton Station Square, Pittsburgh - November
ESTABLISHED BIT BUDGETS for PARTICULAR (standardized or proprietary) TECHNOLOGIES: What are the bit budgets for… ? • an ASCII byte • an EBCDIC byte • a UCS/Unicode character • an octet • Bluetooth “active slave” address (INFS3230, INFS6230) • MAC address OUI octets (Organization Unique Identifier) • Ethernet address • Port Number (UDP or TCP, Internet) • an IPv4 address • an IPv6 address • registers in Burd Ch. 4 (INFS2210, INFS6210) • IEEE 802.1Q VLAN identification tag for frame (INFS4410, INFS6230) • IEEE 802.1p bits in IEEE 801.1Q header to assign Class of Service (CoS) (INFS4410, INFS6230) • Differential Services Code Point (DSCP) prioritization using bits from IP header Type of Service (ToS) octet (INFS4410, INFS6230) • “Kind of Option” field in TCP header options (INFS6230) What is the maximum number of options supported? • “Maximum Segment Size” length field in TCP header MSS option (INFS6230) What is the highest maximum segment size supported? ISECON 2007 - Sheraton Station Square, Pittsburgh - November
Support for Learning CIDR ISECON 2007 - Sheraton Station Square, Pittsburgh - November
Educational Strategies • The use of real-time simulations in the classroom is strongly supported by educational theory as a productive and effective pedagogical practice. Major theories that support the use of this technology include, Bloom’s Taxonomy, Tomei’s Taxonomy, and Gardener’s theory of Multiple Intelligences. ISECON 2007 - Sheraton Station Square, Pittsburgh - November
ProtocolStackModel ISECON 2007 - Sheraton Station Square, Pittsburgh - November
Neighborhood Graph Model ISECON 2007 - Sheraton Station Square, Pittsburgh - November
SpanningTreeModel ISECON 2007 - Sheraton Station Square, Pittsburgh - November
GRE Model ISECON 2007 - Sheraton Station Square, Pittsburgh - November
Important Resources 1 • Schmied (2005). Schmied, G. Integrated Cisco and UNIX Network Architectures (Cisco Press, 2005). • Tomei (2001). Tomei, L.A.,. Teaching digitally: A guide for integrating technology into the classroom. Christopher-Gordon Publishers, Inc., 2001 ISECON 2007 - Sheraton Station Square, Pittsburgh - November
Important Resources 2 • Tanenbaum (2003). Tanenbaum, Andrew S., Computer Networks, 4th ed. (Prentice Hall PTR, 2003.) • Sanders (2007). Sanders, Chris, Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems, (No Starch Press, 2007). ISECON 2007 - Sheraton Station Square, Pittsburgh - November
Important Resources 3 • Odom and McDonald (2006). Odom, Wendell, and McDonald, Rick, Router and Routing Basics: CCNA 2 Companion Guide, Cisco Press, 2006). • Orebaugh et al. (2007). Orebaugh, Angela, Ramirez, Gilbert, Burke, Josh, Morris, Greg, Pesce, Larry, and Wright, Joshua, Wireshark & Ethereal: Network Protocol Analyzer Kit (Syngress, 2007). ISECON 2007 - Sheraton Station Square, Pittsburgh - November
VLabNet Links • General introduction: entry point: http://www.infroref.org/VLabNetIntro.htm • Entry point for students in INFS6230 (Networking): http://infroref.org/i6230vlabnet.htm • Entry point for students in INFS6760 (Information Security): http://infroref.org/i6760vlabnetis.htm ISECON 2007 - Sheraton Station Square, Pittsburgh - November