Slide 1

Download Report

Transcript Slide 1 

VLabNet: A Virtual Laboratory
Environment for Teaching
Networking and Data
Communications
Valerie J. H. Powell, John C. Turchek,
Peter Y. Wu, Lawrence C. Franzi
Computer and Information Systems
Randall S. Johnson, Ian W. Parker
Technical Services, Information Systems
Christopher T. Davis
Educational Technology Center,
Robert Morris University
Moon Township, PA 15108 USA
VLabNet
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
1
VLabNet Software
• This project uses Debian Xen and the Quagga Routing
Suite. Xen is a Virtual Machine Monitor (VMM) originally
developed by the Systems Research Group of the
University of Cambridge Computer Laboratory, as part of
the UK-EPSRC funded XenoServers project. The
Quagga routing suite simulates the RIP, OSPF, and BGP
protocols. A Cisco 2610 router was attached to the Xen
array of virtual machines to provide some direct Cisco
router experience. Since a single rack mounted server
can deliver the array of virtual machines, no special
hardware (wiring or garage drive) is needed. Students
can access this system anywhere.
VLabNet
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
2
VLabNet Hardware
• Hardware: HP ML370G3 with a single 2.8
GHz CPU, two 36 GB SCSI disks in a
hardware-based RAID-1 mirror, and 1 GB
RAM. This server supported a lab of 19
virtual machines each with 48 MB RAM, 1
GB disk. RAM is the limiting factor,
because Xen allocates the full amount of
RAM for each virtual machine out of the
host’s physical RAM at domU startup.
VLabNet
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
3
VLabNet Design 3
• The learning environment was designed to support the
exploration of networks and subnets, switches, bridges,
routers, and of the individual host in the role of a router.
As shown in Slide 10 each host has three different
addresses, one each for the three interfaces: eth0, eth1,
and eth1:1. For example, for host 101, those would be
x.y.z.101 (x.y.z. represents the first three octets of
VLabNet’s externally routable IPv4 addresses) for
interface eth0 (an externally routable address),
10.10.10.101 for interface eth1 (non-routable externally),
and 10.10.101.2 for interface eth1:1 (also non-routable
externally. Students become accustomed to their
assigned host having multiple addresses and to using
the various addresses each for certain purposes and in
certain situations.
VLabNet
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
4
VLabNet Design 4
• A variety of addresses and corresponding masks
were designed to assure a variety of address
encounters and make it practical and necessary
to learn about classless inter-domain routing
(CIDR) addressing (see Figure 2.2, Appendix B).
• The interface identified as eth1:1 has the
property that the nodes reached by that interface
are not connected with each other and can only
be reached by the respective host to which
connected. Thus the host becomes a router to
nodes such as 10.10.101.2.
VLabNet
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
5
Learning Focus Areas
•
•
Computing Environment: Xen Linux Virtual Machines
Protocol Stack:
–
–
•
Addresses and Masks (Recognition, Classification, Bit Budgets):
–
–
–
–
–
•
MAC addresses (Data Link and Physical Layers)
IP addresses: Multicast, Loopback, Routable, Non-routable private or restricted,
Broadcast (Network Layer)
CIDR (Classless Interdomain Routing) addresses and masks
Port Numbers (Transport Layer)
Application Layer Addresses
Routing and Routing Information Protocols:
–
–
–
–
–
•
Describe Hybrid 5-layer Protocol Stack and Functions of Layers,
Recognize and Analyze Protocol Data Units and their Headers, Payloads, Trailers for
Layers (Segment, Packet, Frame)
Neighbors
Configure Static Routing and RIP and Verify Results
Configure Dynamic Routing and OSPF and Verify Results
Consult Cisco 2610 Router
Configure Border Gateway Routing (BGP) and Verify Results
Encapsulation
–
–
VLabNet
Review Encapsulation in the Protocol Stack: Message (Portion) in Segment in Packet
in Frame
Implement and Verify a Tunnel Using Generic Routing Encapsulation
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
6
Practice Strategies
–
–
–
–
–
VLabNet
Open two session instances at the same time so
you can, for example, ping in one session and
capture the results using tshark in the other session.
Teamwork: one member of team ping and the other
capture using tshark; verify if routings exist in both
directions between team’s hosts.
Use ping count parameter ping –c 1 to make
capture easier.
Routing experiments: check before during and after
setting up static routings.
Verify impact of RIP.
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
7
Practices (Routing, Fragmentation)
–
–
–
–
–
–
VLabNet
What routing is available to your host? Check
before establishing static routing.
Establish static routing and then check routes. Use
traceroute.
Ping with oversized ICMP packets to get
fragmentation. (Oversize = > MTU/MSS)
telnet to check TCP connection
establishment/release.
ssh to check secure TCP connection
establishment/release.
Use RIP to set up and verify neighbors.
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
8
Things to Note
–
–
–
–
–
VLabNet
Packets/frames marked don’t fragment: RIP, TCP
SSH
MTU: verify MTU.
Fragments: check for fragment offsets 0 or > 0,
more fragments flag set or not set.
Unicast or Multicast destinations in RIP frames.
Learn about ports and TCP. Use netstat –an | less
to check and see which ports are open (LISTEN)
and which TCP connections are established.
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
9
VLabNet Architecture
RMU C&IS INFS6230
Model
Alcatel Switch
x.y.z.97
Internet
x.y.z.96/27
255.255.255.224
255.255.255.0
10.10.n.0/29
br 0
10.10.10.101
10.
Dom 102
10.
e th
1 :1
x.y.z.102
101
.2
10.10.10.n/27
x.y.z.96/27
eth1
VLabNet
Architecture
eth0
Dom101
x.y.z.101
10.10.10.102
10.
e th
1 :1
...
10.
102
.2
... ...
Dom117
x.y.z.117
10.10.10.117
10.
10.
e th
1 :1
117
.2
10.10.10.100/27
255.255.255.224
br 1
x.y.z. = first three octets of assigned
routable network addresses for INFS6230
n. = unique number assigned to host
(x(x101) (x117))
Using Debian  Xen 
Open Source Technology
VLabNet
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
10.10.10.100
10.10.10.99
Cisco 2610
10.11.0.0/16 255.255.0.0
virtual network to discover
a route to (loopback)
10
VLabNet Themes 1
• Several themes follow the learning process throughout
the course: layered protocol stack reference models,
routing discovery, encapsulation, addressing, data
units, protocol identification, bit budget (Maximum
Transmission Unit (MTU; see slide 18), Maximum
Segment Size (MSS). In performing the Generic Routing
Encapsulation (GRE) tunneling exercise, students
should notice the reduced MTU (1476) for the tunnel,
due to more bits being consumed by headers in the
encapsulation process. Here is an example of the
“Protocols in frame” report for a captured tunnel
message: eth:ip:gre:ip:icmp:data, document-ing the
encapsulation.
VLabNet
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
11
VLabNet Perspective
• Students begin the course with a naïve
impression of Internet messages that
transmit Web and e-mail data. Gradually
their perspective develops to include all
the kinds of messages necessary to
support the Internet as they observe traffic
using the various interfaces available in
VLabNet and document the different types
of messages.
VLabNet
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
12
Information Bits vs.
Overhead Bits
• Information bits: the message to be
transmitted; payload
• Overhead bits – everything else (the
container): error control, addressing,
encapsulation support, etc. (header,
trailer); the concept of “tare,” comparison
with transportation
VLabNet
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
13
Theme: Routing Discovery
• The most important theme in the course is
routing discovery. Students are shown how to
consult routing tables at different stages in the
course and are encouraged to determine how
the data in routing tables develops and is
maintained. To ascertain where routing comes
from, students explore routing information and
routing information protocols. They begin with
the concepts of neighbor and neighborhood, so
that they realize that the “heart” of routing
information and routing discovery is always
direct communication among neighbors.
VLabNet
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
14
Routing Discovery Progression
• The sequence of exploration in the course is
• (1) static routing,
• (2) dynamic routing 1: Routing Information Protocol (RIP, distance
vector; unicast peers),
• (3) dynamic routing 2: Open Shortest Path First (OSPF, link state;
multicast peers), and
• (4) dynamic routing 3: a Cisco 2610 Router and Cisco’s EIGRP
rationale. The culmination of routing experience in the course is
• (5) using generic routing encapsulation (GRE) to establish
tunnels. A tunnel needs to be established in both directions between
a pair of hosts before proceeding to verification. Close teamwork
collaboration is required in this process
• (6) path vector routing: Border Gateway Protocol (BGP)
VLabNet
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
15
Data Unit Components
• To understand protocol data units and their components and
encapsulation, they begin with the concepts of payload and “tare.”
They analyze data unit components to distinguish the payload from
the other parts of a PDU component.
• In the process they learn about the concepts of message
delineation, addressing at different protocol stack levels,
differentiating types of messages, and error control information
(CRC).
• They learn by inspection about length and specifying length, MTUs
(see Slide 18), MSSs, fixed-length elements, and variable-length
elements.
• They explore lengths of PDUs and PDU components by causing
fragmentation (using ping to generate oversize packets) and
documenting and analyzing the impacts of fragmentation. Concepts
that seem very abstract in textbooks become practical exercises.
VLabNet
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
16
Directory Model
/
ROOT directory
/etc
directory
/usr
directory
/var
directory
syslog.conf
/etc/quagga
directory
/usr/lib
directory
/var/run
directory
/var/log
directory
auth.log
/usr/lib/quagga
directory
/var/run/quagga
directory
ospfd.pid
ripd.pid
/var/log/quagga
directory
ripd.log
ripd.conf
zebra.conf
ospf.conf
Directory model (selected subdirectories) for RMU
Virtual Laboratory Network (VLabNet) Hosts
VLabNet
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
17
Packet Structure
IP Header = 40
Data Segment = 1460
MTU = 1500
IP Header = 40
Data Segment = 536
MTU = 576
VLabNet
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
18
The Bit Budget Concept
All computer storage is finite.
FIXED BIT BUDGETS:
•
Understanding the bit allocation in software or hardware as a bit budget: with a bit budget of n
bits, any one of 2n different values can be stored (range from 0 through 2n-1). In other
words, n bits makes 2n unique different addresses possible.
•
For example, with a bit budget of 12, 4096 different unique numbers or addresses (bit
combinations, from zero through 4095) can be stored (in registers or protocol fields).
•
For example, with a bit budget of 4, I can support enough unique addresses for 14 subnets
(CIDR addressing, 2n-2 subnets (for subnets, always subtract the 2 addresses consisting of all
1s (broadcast) and all 0s (current environment); 24 = 16; 16–2 = 14).
•
If I need to store 4096 different numbers or store any number or address greater/higher than
4095, my budget is not adequate and I need a larger budget.
•
A bit budget can be established for a register, an address, a bus, or a protocol field. Fixed bit
budgets are established for particular technologies (address fields in data communications and
networking protocols, registers in processors). Bit budgets have to be calculated in
applications such as DVDs, where the bit requirement of a particular DVD is determined for
that DVD.
•
Bit budgets are associated with different ($, £, ¥, €) costs for different size registers, address
operands for commands, message header address components, or buses.
•
A register that can hold 32 bits has a bit budget of 32; a network protocol address field that can
hold 3 bits has a bit budget of 3.
•
Underlying bit budgets determine the maximum size of identifiers and values in standard
programming and database languages.
VLabNet
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
19
BIT BUDGETS AND LARGEST
NUMBERS/HIGHEST
ADDRESSES
• How many different numbers (addresses, bit
patterns, or bit combinations) can be stored with
a bit budget of… ?
2, 3, 4, 5, 6, 7, 8, 16, 32, 64, or 128 bits
• What is the largest number or highest
address (hint: 1 less than number of different bit
combinations based on bit budget allocation)
that can be stored with this bit budget?
2, 3, 4, 5, 6, 7, 8, 16, 32, 64, or 128 bits:
VLabNet
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
20
ESTABLISHED BIT BUDGETS for
PARTICULAR (standardized or
proprietary) TECHNOLOGIES:
What are the bit budgets for… ?
•
an ASCII byte
•
an EBCDIC byte
•
a UCS/Unicode character
•
an octet
•
Bluetooth “active slave” address (INFS3230, INFS6230)
•
MAC address OUI octets (Organization Unique Identifier)
•
Ethernet address
•
Port Number (UDP or TCP, Internet)
•
an IPv4 address
•
an IPv6 address
•
registers in Burd Ch. 4 (INFS2210, INFS6210)
•
IEEE 802.1Q VLAN identification tag for frame (INFS4410, INFS6230)
•
IEEE 802.1p bits in IEEE 801.1Q header to assign Class of Service (CoS) (INFS4410, INFS6230)
•
Differential Services Code Point (DSCP) prioritization using bits from IP header Type of Service
(ToS) octet (INFS4410, INFS6230)
•
“Kind of Option” field in TCP header options (INFS6230) What is the maximum number of options
supported?
•
“Maximum Segment Size” length field in TCP header MSS option (INFS6230) What is the highest
maximum segment size supported?
VLabNet
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
21
Support for Learning CIDR
subnet
mask
x.y.z.96/27
255.255.255.224
10.10.n.0/29
255.255.255.0
10.10.10.100/27
255.255.255.224
10.10.10.n/27
255.255.255.224
10.11.0.0/16
255.255.0.0
VLabNet
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
22
Educational Strategies
• The use of real-time simulations in the
classroom is strongly supported by
educational theory as a productive and
effective pedagogical practice. Major
theories that support the use of this
technology include, Bloom’s Taxonomy,
Tomei’s Taxonomy, and Gardener’s theory
of Multiple Intelligences.
VLabNet
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
23
The Hybrid 5-Layer Protocol Stack: A Model
5. Application Layer - M essage Generated by/through Application; Addressed to Recipient
om
orp.c
The audit reports for your department will be sent by noon on Monday.
xyzc
Address
Resolution
ary@
To m
m
p.co
zcor
The audit reports for your department will be sent by noon on Monday.
y
x
ary@
To m
Sent connectionless (UDP)
or connection-oriented (TCP)
s for your department will
in this case TCP
Port #
Application Identified
" s for your department will"
Payload
on
" s for your department will"
1. Physical Layer - Physical Transmission of Frame over M edium
(Guided or Radiated), using local network technology, such as
IEEE 802.3 (Ethernet), IEEE 802.11 (Wireless LAN), etc.
M AC
Ad d r
IP
M
AC
Add
Ad d r
Po r t
#
" you r
r
IP
Add
r
Po
rt
#
"y
ou
r de
pa
rtm
en
t wi
ll
be
depar tmen t
will
b e"
CRC
CRC
twisted pair
coaxial cable
optical fiber
2. Data Link Layer (M AC/LLC) - Frame - Interface to/from Physical Layer
Payload
To Host in Local
M AC Addr
IP Addr
Port #
" s for your department will"
Network
rd
in e t e
fo c t
i
Port #
ro
IP Addr
To Next Node in Internet
Payload
er
3. Network Layer - Packet - Routing
ARP resolves
IP address to
local MAC
(such as Ethernet)
address
Protocol
Stack
Model
DNS resolves
application layer address
to numeric
IP Address
4. Transport Layer - Segment - Packetizing
"
CR
C
(wireless access point)
VLabNet
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
24
Graph G
b
a
c
h
g
Neighborhood
Graph Model
d
f
e
Vertices h and b are adjacent (path hb has a
path length of 1) and are
therefore neighbors.
So are h and f, h and c.
N(h), the neighborhood of h, is shown by
vertices that have black fill; the vertices not in
the neighborhood of h have no fill.
Note the use of the concept of neighbors in
building link state packets for link state routing or
in distance vector routing algorithms.
VLabNet
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
25
b
c
Graph G of
Network
a
d
Note cycle
a,b,e,f,a
(Many other
cycles can be
found in G)
e
Spanning
Tree
Model
f
b
c
a
d
e
f
b
Graph G of
Network with
Spanning Tree T
Superimposed;
Tree T is a
spanning
subgraph of G
c
Tree T
a
d
f
VLabNet
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
e
Connects all
vertices of G
(spanning);
start vertex b
26
GRE Model
RMU VLabNet Generic Routing Encapsulation Exercise
10.10.121.2
eth1:1
eth1:1
10.10.10.121
10.10.10.122
172.16.121.2
Tunnel Endpoint
VLabNet
10.10.122.2
172.16.122.2
Static Tunnel
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
Tunnel Endpoint
27
Important Resources 1
• Schmied (2005). Schmied, G. Integrated
Cisco and UNIX Network Architectures
(Cisco Press, 2005).
• Tomei (2001). Tomei, L.A.,. Teaching
digitally: A guide for integrating technology
into the classroom. Christopher-Gordon
Publishers, Inc., 2001
VLabNet
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
28
Important Resources 2
• Tanenbaum (2003). Tanenbaum, Andrew
S., Computer Networks, 4th ed. (Prentice
Hall PTR, 2003.)
• Sanders (2007). Sanders, Chris, Practical
Packet Analysis: Using Wireshark to Solve
Real-World Network Problems, (No Starch
Press, 2007).
VLabNet
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
29
Important Resources 3
• Odom and McDonald (2006). Odom,
Wendell, and McDonald, Rick, Router and
Routing Basics: CCNA 2 Companion
Guide, Cisco Press, 2006).
• Orebaugh et al. (2007). Orebaugh, Angela,
Ramirez, Gilbert, Burke, Josh, Morris,
Greg, Pesce, Larry, and Wright, Joshua,
Wireshark & Ethereal: Network Protocol
Analyzer Kit (Syngress, 2007).
VLabNet
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
30
VLabNet Links
• General introduction: entry point:
http://www.infroref.org/VLabNetIntro.htm
• Entry point for students in INFS6230
(Networking):
http://infroref.org/i6230vlabnet.htm
• Entry point for students in INFS6760
(Information Security):
http://infroref.org/i6760vlabnetis.htm
VLabNet
ISECON 2007 - Sheraton Station
Square, Pittsburgh - November
31