The Virtual Router Project

1
The Virtual Router Project Stanford Networking
Seminar October 24th, 2002
Martin Casado Guida Appenzeller Vikram
Vijayaraghavan Nick McKeown
2
Outline

• Motivation
• System Overview
• Example Assignments and Uses
• Performance Characteristics
• Conclusion

3
How do you teach internet routing?

• Basic Internet Routing Determine the next hop in
  the network for traffic to go given a destination

A
?
B
?
?
C
4
How do you teach internet routing?

• Hands On Allow students to implement a router
  that, given a packet, makes the decision for the
  next hop
• Operate on real traffic Have the students route
  actual internet traffic. Example web traffic
• But How?

5
Use a Simulator?

• Difficult to integrate with hardware
• Not designed to route actual traffic

How About working in the kernel?

• Assume knowledge of kernel hacking
• Need good kernel debugging environment
• Requires one machine per student/group

6
Preferred Solution

• Students should work in user space
• Ability to support many students with minimal
  hardware
• Ability to support complex router functions such
  as routing protocols (RIP, OSPF)
• Extendable to other assignments such as
• Implementing congestion control
• Demonstrating characteristics of TCP
• Fair queuing

7
Outline

• Motivation
• System Overview
• Example Assignments and Uses
• Performance Characteristics
• Conclusion

8
How it works
9
How it really works
VR Client
Instructional machines
PCLinux
Firewall
Campus Network
Virtual Router Server
Web/ftp servers
10
How it works in excruciating detail

• Firewall knows the IP of vr client and sends
  ARP request

• VR server forwards ARP request to client

• VR client send ARP reply to server destined to
  the firewall

A
B
Virtual Router Server
firewall
application servers
11
Why Use a Firewall?

• Ensure packets entering system are forwarded to
  the virtual router server
• Protect the world from packets generated by
  virtual router clients
• Protect the virtual router system network

12
Handling Multiple Topologies

• What we really want is the server to support
  multiple isolated topologies (one per student)

Topology per student
Web/ftp servers
13
Multiple Topologies Complication 1

• How does the vr server know which vr client to
  send packets to?

• Answer Each student topology is assigned
  aunique ID which is encoded in the hardware
  address used by the virtual clients

14
Enforcing topology isolation

• We give all topologies a unique ID which we
  embed in the hardware address of the virtual
  router (vr server must forge the source address
  of Ethernet packets originating from vr clients)
• The vr server will only forward packets on a
  particular topology (based on the hardware
  address) to the client on that topology

Application server (00E08103D096) 172.24.74.4
3
(70000100) 172.24.74.41
Firewall (00E08103FD9E) 172.24.74.17
15
Multiple Topologies Complication 2

• How do the application servers know where
  toroute packets returning to the application
  clients?

• AnswerSource routing at application servers

16
Handling return routes

• Each topology must be assigned a unique subnet,
  and each application server a unique IP on that
  subnet
• Each application server (e.g. httpd) must be
  configured to listen to multiple Ips (one for
  each topology)
• Each application server must then choose the
  proper return route based on the source address
  of the departing packet

Application server (00E08103D096) 172.24.74.4
3
(70000101) 172.24.74.42
(70000100) 172.24.74.41
Firewall (00E08103FD9E) 172.24.74.17
Routing Decision if packet is from
172.24.74.43 forward to 172.24.74.42
17
Step by Step (again)
Application server (00E08103D096)
Virtual Router Server
Firewall (00E08103FD9E) 172.24.74.17

• Application server is configured to source route
  packets from 172.24.74.43 to 172.24.74.42

18
Where virtual meets physicalsetting up
topologies

• Topologies must have
• A unique ID
• A unique subnet from which Ips are allocated to
  the interfaces of the virtual router and to the
  application server
• knowledge of the first hop in the network
• Knowledge of the first hops from the application
  servers
• Use first hop to set up firewall routing table
• Use IP of application servers to set up virtual
  interface on application server
• Use IP of application server and first hop of
  return route to set up application servers
  routing tables

19
Complex Topologies

• What we really, really want is to allow
  studentsto work on topologies where multiple
  virtual clientscan work in tandem (RIP, OSPF)

Campus Network
Web/ftp servers
20
Complex Topology Complication

• How does the vr server know which packetsan
  interface can see?

• Answer Easy! Weve already solved this one
  (sort of). Assign each interface a unique ID
  pertopology and embed it in the hardware address
  have topology file describe connectivity
  betweenvirtual routers.

21
Hardware Addresses

• The vr server forges source hardware addresses
  for all packets leaving all vr clients. Hardware
  addresses are created by setting the private
  bit in the Ethernet header and embedding the
  topology and interface Ids.

(700000070002)
22
On Receiving a Packet the VR Server

• Checks to see if it has the private bit set, if
  soit is destined for a virtual client (if not,
  chuck it)
• Uses topology ID to reference topology
  connectivity information
• Verifies whether the destination can actually see
  the source, if so, forward the packet to the
  virtual client (if not, chuck it)

23
Topology Files

• Written in XML
• Specify virtual hosts which are a collection
  ofvirtual interfaces
• Each interface lists the neighbors it can see

lttopology id7gtlthost namerouter1gt
ltvinterface id1 nameeth0
7000701 speed3000 ip172.24.74.41
neighbors2gtlt/vinterfacegt .
24
Scalable Configuration
VR clients written and run here
Instructional machines
Firewall
Multiple Virtual Router Servers Running
Web/ftp servers
25
Outline

• Motivation
• System Overview
• Example Assignments and Uses
• Performance Characteristics
• Conclusion

26
Implement a Fully Functional IP RouterMarch
2002, 100 BS/MS students

• Address lookup (static routing table)
• Four network interfaces
• TTL check and decrement
• IP checksum check and update
• ARP request/reply
• ICMP enough for traceroute to work
• Simple one hop topology

27
Other Potential Uses/Assignments

• Implement RIP or OSPF on multi-node network
• RED/DECbit
• fair queuing, QOS
• NAT
• tunneling
• tcp/ip stack
• honey-net

28
Outline

• Motivation
• System Overview
• Example Assignments and Uses
• Performance Characteristics
• Conclusion

29
1 Hop Routing Both Ways
switch
Application client
firewall
ftpd
Server client
30
VR System can handle high throughput
31
Performance With Remote Client
switch
Virtual router
ftpd
firewall
client application
Server
32
Bandwidth Limited?
33
Outline

• Motivation
• System Overview
• Example Assignments and Uses
• Performance Characteristics
• Conclusion

34
Performance

• Bandwidth limited
• The server system can handle near optimal
  throughput
• Limited on link from switch to vr server
• Can we fix this? (not easily .. )
• Does this mean running multiple instances of vr
  server is pointless? (perhaps )
• Do we need high throughput? (not really ..)

35
Shortcomings

• ARP requests from hardware to vr clients seen by
  all topologies
• Hopelessly wed to Ethernet
• Virtual topology will only map to simple hardware
  topology (how to mitigate bandwidth limitation?)
• Not truly distributed (how to handle collisions?)

36
Future Work

• Full featured, Java GUI client
• Collection of prepackaged assignments
• Support for dynamic topologies?

37
Status

• Prototype V1.0 Summer 2001
• First classroom use March 2002
• CS244a at Stanford, Assignment 3, 100 students
• V2.0 Summer 2002
• Next classroom use March 2003
• First planned release Summer 2003

38
Credits

• Guido Apenzeller
• Vikram Vijayaraghavan
• Anton An
• Giulio Galante
• Pang Chau
• Lei Jin
• Yuefeng Li
• Zhao-Ping Tang
• Nick McKeown