Virtual Networking (1) (1).pptx

Virtual Networking through Linux
Network Namespaces and Mininet
Mayank Pandey
CSED, MNNIT Allahabad,
Prayagraj

Namespaces
• A namespace wraps a global system resource
in an abstraction which provide an illusion
– That the processes within the namespace
• have their own isolated instance of the global resource.
– Changes to the global resource are visible to other
processes that are members of the namespace
• but are invisible to other processes.
– One use of namespaces is to implement
• containers
5/11/2023 Mayank Pandey, MNNIT, Allahabad, India 2

Linux Namespaces: Types
For more information: man namespaces
• Cgroup: man cgroup_namespaces , Isolates Cgroup root directory
• IPC: man ipc_namespaces, Isolates System V IPC, POSIX message
queues
• Mount: man mount_namespaces, Isolates Mount points
• PID: man pid_namespaces , Isolates Process ids
• User: man user_namespaces, Isolates user and group ids
• Network: man network_namespaces, Isolates
– Network devices, network stack, etc.
• In particular, the network namespaces allow individual containers to have
– exclusive access to virtual network resources
– while each container can be assigned a separate network stack.

Linux Network Namespaces
• Different processes have different views of network
– Different aspects of networking isolated between processes
• Interfaces:
– different processes can connect to addresses on different interfaces.
• Routes:
– As processes see different addresses from different namespaces
– need different routes to connect to networks on those interfaces.
• Firewall rules:
– Dependent on the source or target interfaces
– may need different firewall rules in different network namespaces.
– Handling of network namespaces are done with
• ip command, which is part of the iproute2 package.

VM vs Network Name Space
• Multiple isolated network environments running on a single
physical host or VM
• Each Network Namespace has its own interfaces, forwarding
tables and routing tables etc.
• Processes can be dedicated to these network namespaces.

Linux Virtual Networking
• Virtual Network Interfaces
– Bridge: A Linux bridge behaves like a network switch. It
forwards packets between interfaces that are connected to
it.
– TAP: TAP (terminal access point) devices work at layer two
and behave very much like a real network adaptor.
• TAP devices can be part of a bridge and are commonly used in
virtualization systems to provide virtual network adaptors to
multiple guest machines.
– VETH: Virtual Ethernet interfaces are essentially a virtual
equivalent of a patch cable
• what goes in one end comes out the other.

How to do? Without Bridge
• Connecting two NS directly:
• Create namespaces
– ip netns add ns1
– ip netns add ns2
– ip link add veth1 netns ns1 type veth peer name veth2 netns ns2
• Virtual ethernet interfaces can be assigned an IP address
– ip netns exec ns1 ip addr add "10.0.0.1/24" dev veth1
– ip netns exec ns2 ip addr add "10.0.0.2/24" dev veth2
• Veth interfaces must be brought into UP state
– ip netns exec ns1 ip link set veth1 up
– ip netns exec ns2 ip link set veth2 up

How to do? Without Bridge
• Reachability check:
 ip netns exec ns1 ping -c 2 10.0.0.2
 PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
 64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.047 ms
--- 10.0.0.2 ping statistics ---
 2 packets transmitted, 2 received, 0% packet loss, time 999ms
 rtt min/avg/max/mdev = 0.047/0.049/0.052/0.007 ms
 ip netns exec ns2 ping -c 2 10.0.0.1
 PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
-- 10.0.0.1 ping statistics ---
 2 packets transmitted, 2 received, 0% packet loss, time 999ms
 rtt min/avg/max/mdev = 0.043/0.049/0.055/0.006 ms

How to do? With Bridge
• Any type of bridge can be used
– Linux bridge (using ip command of iproute2 package)
– Linux bridge (using brctl)
– Open Virtual Switch (using ovs-vsctl)
• Also can be configured remotely via OpenFlow or JSON (Java Script
Object Notation)
• Difference between Linux Bridge and OVS
– Linux bridge based on FDB and MAC table
• It learns and creates its Forwarding DataBase
– OVS based on flows (forwarding rules)
• These rules can be dynamically written by controller

Virtual Networking : Namespaces and Open Vswitch
• h1 and h2 in separate network name spaces
• Open Vswitch in root namespace
• Let’s see how we can do this…

# Create host namespaces
ip netns add h1
ip netns add h2
# Create switch
ovs-vsctl add-br s1
# Create links
ip link add h1-eth0 type veth peer name s1-eth1
ip link add h2-eth0 type veth peer name s1-eth2
ip link show

# Move host ports into namespaces
ip link set h1-eth0 netns h1
ip link set h2-eth0 netns h2
ip netns exec h1 ip link show
ip netns exec h2 ip link show
# Connect switch ports to OVS
ovs-vsctl add-port s1 s1-eth1
ovs-vsctl add-port s1 s1-eth2
ovs-vsctl show

# Configure network
ip netns exec h1 ifconfig h1-eth0 10.0.0.1
ip netns exec h1 ifconfig h1-eth0 up
ip netns exec h2 ifconfig h2-eth0 10.0.0.2
ip netns exec h2 ifconfig h2-eth0 up
ifconfig s1-eth1 up
ifconfig s1-eth2 up
# Test network
ip netns exec h1 ping 10.0.0.2
Important: After setting up maximum parameters we can also do:
ip netns exec <namespace name> bash

Mininet (Easier and User friendly Option)
• Mininet creates a realistic virtual network,
running real kernel, switch and application
code, on a single machine (VM, cloud or
native), in seconds, with a single command:
• Using Mininet CLI and API, interaction and customization of
created network becomes easy (or should I say fun)

What is Mininet?
• A virtual network environment that can run on
single PC
• Runs real kernel, switch and application code
on a single machine:
– CLI, UI, Python Interface
• Many OpenFlow Features are built in
– Useful for SDN experimentation

Why Mininet?
• Fast
• Custom topology creation possible
• Can run real programs
– Anything that can run on Linux can run on a
Mininet host.
• Programmable OpenFlow switches:
– Useful for SDN
• Open Source

Mininet: How it Works?
 Mininet is a Python based API
 Mininet API Launcher: mn utility
 The mn launcher create bash process and network
namespaces per node
 Then it crates virtual Ethernet pairs corresponding to
each network namespace
 Create an OpenFlow switch in root namespace and
connect hosts to it using veth pair.
 Instantiate controller to connect with the switch

Mininet based Virtualization
5/11/2023 Mayank Pandey, MNNIT, Allahabad, India
19

Important Classes, Methods &
Functions
• Topo: the base class for Mininet topologies
• addSwitch(): adds a switch to a topology and returns the
switch name
• addHost(): adds a host to a topology and returns the host
name
• addLink(): adds a bidirectional link to a topology (and returns
a link key, but this is not important).
• Links in Mininet are bidirectional unless noted otherwise.
• Mininet: main class to create and manage a network

Important Classes, Methods &
Functions
• start(): starts your network
• pingAll(): tests connectivity by trying to have all nodes ping
each other
• stop(): stops your network
• net.hosts: all the hosts in a network
• dumpNodeConnections(): dumps connections to/from a set
of nodes.
• setLogLevel( 'info' | 'debug' | 'output' ): set Mininet's default
output level; 'info' is recommended as it provides useful
information.

Low-Level Mininet API
The low-level API consists of the base node and link classes (such
as Host, Switch, and Link and their subclasses) which can actually
be instantiated individually and used to create a network
22
h1 = Host( 'h1' )
h2 = Host( 'h2' )
s1 = OVSSwitch( 's1', inNamespace=False )
c0 = Controller( 'c0', inNamespace=False )
Link( h1, s1 )
Link( h2, s1 )
h1.setIP( '10.1/8' )
h2.setIP( '10.2/8' )
c0.start() s1.start( [ c0 ] ) print
h1.cmd( 'ping -c1', h2.IP() )
s1.stop()
c0.stop()

Mid-Level Mininet API
The mid-level API adds the Mininet object which serves as a
container for nodes and links. It provides a number of methods (such
as addHost(), addSwitch(), and addLink()) for adding nodes and links
to a network, as well as network configuration, startup and
shutdown (notably start() and stop().)
23
class SingleSwitchTopo( Topo ):
"Single Switch Topology"
def build( self, count=1):
hosts = [ self.addHost( 'h%d' % i )
for i in range( 1, count + 1 ) ]
s1 = self.addSwitch( 's1' )
for h in hosts:
self.addLink( h, s1 )
net = Mininet( topo=SingleSwitchTopo( 3 ) )
net.start()
CLI( net )
net.stop()

High-Level Mininet API
The high-level API adds a topology template abstraction, the Topo
class, which provides the ability to create reusable, parameterized
topology templates. These templates can be passed to the mn
command (via the --custom option) and used from the command
line.
24
net = Mininet()
h1 = net.addHost( 'h1' )
h2 = net.addHost( 'h2' )
s1 = net.addSwitch( 's1' )
c0 = net.addController( 'c0' )
net.addLink( h1, s1 )
net.addLink( h2, s1 )
net.start()
print h1.cmd( 'ping -c1', h2.IP() )
CLI( net )
net.stop()

Performance modeling in
Mininet
# Use performance-modeling link and host classes
net = Mininet(link=TCLink, host=CPULimitedHost)
# Limit link bandwidth and add delay
net.addLink(h2, s1, bw=10, delay='50ms')
# Limit CPU bandwidth
net.addHost('h1', cpu=.2)
25

Running Mininet from CLI
Most important options for running Mininet:
 --topo=TOPO represents the topology of the virtual network, where
TOPO could be:
 minimal - this is the default topology with 1 switch and 2 hosts
 single,X - a single switch with X hosts attached to it
 linear,X - creates X switches connected in a linear/daisy-chain
fashion, each switch with one host attached
 tree,X - a tree topology with X fanout
 --switch=SWITCH creates different type of switches, such as:
 ovsk - this is the default Open vSwitch that comes preinstalled in the
VM
 user - this is a switch running in software namespace (much slower)
26

Running Mininet from CLI
 --controller=CONTROLLER where CONTROLLER
can be:
 ovsc - this creates the default OVS Controller that
comes preinstalled in the VM
 nox - this creates the well-known NOX controller
 remote - does not create a controller but instead listens
for connections from external controllers
 --mac set easy-to-read MAC addresses for the
devices
27

Mininet CLI Examples
 Start a minimal topology
sudo mn
 Start a minimal topology using a remote controller
sudo mn --controller=remote,ip=[IP_ADDDR],port=[port]
 Start a custom topology
sudo mn --custom [topo_script_path] --topo=[topo_name]
•
28

Mininet CLI Examples
 Start a minimal topology
 sudo mn
 Start a minimal topology using a remote controller
 sudo mn --controller=remote,ip=[IP_ADDDR],port=[port]
 Start a custom topology
 sudo mn --custom [topo_script_path] --topo=[topo_name]

OVS Command
 ovs-vsctl : Used for configuring the ovs-vswitchd
configuration database (known as ovs-db)
 ovs-ofctl : A command line tool for monitoring and
administering OpenFlow switches

OVS-VSCTL
 ovs-vsctl –V : Prints the current version of openvswitch.
 ovs-vsctl show : Prints a brief overview of the switch
database configuration.
 ovs-vsctl list-br : Prints a list of configured bridges
 ovs-vsctl list-ports <bridge> : Prints a list of ports on a
specific bridge.
 ovs-vsctl list interface : Prints a list of interfaces.
 ovs-vsctl add-br <bridge> : Creates a bridge in the switch
database.

OVS-OFCTL
 ovs-ofctl show <bridge> : Shows OpenFlow features and
port descriptions.
 ovs-ofctl dump-flows <bridge> <flow> : Prints flow entries of
specified bridge. With the flow specified, only the matching
flow will be printed to console. If the flow is omitted, all flow
entries of the bridge will be printed.
 ovs-ofctl dump-ports-desc <bridge> : Prints port statistics.
This will show detailed information about interfaces in this
bridge, include the state, peer, and speed information.

OVS-OFCTL
 ovs-ofctl dump-tables-desc <bridge> : Similar to
above but prints the descriptions of tables
belonging to the stated bridge.
 ovs-ofctl add-flow <bridge> <flow> : Add a static
flow to the specified bridge. Useful in defining
conditions for a flow (i.e. prioritize, drop, etc).
 ovs-ofctl del-flows <bridge> <flow> : Delete the
flow entries from flow table of stated bridge. If the
flow is omitted, all flows in specified bridge will be
deleted.

Virtual Networking (1) (1).pptx

Recommended

Recommended

More Related Content

Similar to Virtual Networking (1) (1).pptx

Similar to Virtual Networking (1) (1).pptx (20)

Recently uploaded

Recently uploaded (20)

Virtual Networking (1) (1).pptx