Developing a flexible virtual networking laboratory platform for education Catalina Álvarez Universidad de Chile catalin@uchile.cl 1 Abstract to date is expensive, and, depending on the number of students and the required courses, the time each stu- Giving hands-on networking experiences to engineer- dent can interact with the equipment is limited. ing students is important as it strengthens knowledge and it gives a better idea of the challenges they will Virtual networking laboratories come in two flavors: find in practice; it is, however, expensive and imprac- proprietary and open source. Proprietary laboratories, tical to have physical equipment for the students to such as Cisco’s, are usually paid, and mostly focused practice with. Hence, the idea to simulate complete on teaching their own technology stack, showing con- physical networking laboratories using virtualization figurations, but without theorical background (as most technology for use in networking education. There are protocols are proprietary). Open source laboratories a number of existing virtual laboratory alternatives, are varied, with a number of objectives. but all of them are limited in the machine images they Among famous open source networking laborato- can use. This work presents the main aspects of the ries, we can name Marionnet[1], Netkit[2], Mininet[3], design and implementation of a more flexible virtual GNS-3[4], among others. Each of them, however, with networking laboratory platform. its own limitations; evaluating each platform is out of the scope of this document, but it suffices to say that all current virtual laboratories are limited to a 2 Introduction set of operating system (OS) images, mostly Linux- One of the biggest challenges in teaching networking is based and some networking systems such as Cisco’s how to bridge theory and practice. It is usual for stu- IOS or some open source alternatives. dents to feel that both aspects of the area are discon- This fact is important because of two reasons: First, nected: on one side, they see protocols and algorithms, it limits the uses of the laboratories to those of a physi- on the other, machines and links that they simply use. cal testbed, meaning, they allow the creation of topolo- Hence, hands-on experience is valuable, and desirable, gies and use of the protocols already installed in the to produce well qualified professionals that will main- operating system, but does not allow changing those tain and develop technologies in the future. Moreover, protocols and recompiling the kernels. Second, as the even professionals in related areas, such as software images are fixed, one either relies on the community to engineering, can benefit from experience in practical keep the images up to date, or takes the matter into networking, allowing them to see better how the soft- their own hands and creates those images, which is ware they develop communicates. possible, but could be hard depending on one’s knowl- Laboratories are the most common way to teach edge and the laboratories documentation. hands-on networking, either using physical equipment Considering the points established previously, we or virtual versions. Both alternatives have their pros decide to design and implement an open source net- and cons: physical laboratories allow students to touch working laboratory that is flexible enough for the use and interact with the same equipment they will see on of any kernel, even custom ones, and allows the easy field, while virtual ones can be considered more ab- inclusion of new operating system images. stract, and are harder to visualize. On the other hand, constructing and maintaining a physical laboratory up 3 Related work In: Proceedings of the IV School of Systems and Networks (SSN 2018), Valdivia, Chile, October 29-31, 2018. Published Most of the existing networking laboratories can be at http://ceur-ws.org divided in two categories: • Simulators, which model network behavior but do tration harder. Xen is both a para-virtualization and not keep the internal functionalities of the hard- full-virtualization platform, which is ideal since it func- ware; among these we can name GNS-3 and OM- tions with para-virtualization with compatible kernels NeT++. In networking, simulators mostly use and full-virtualization with those that are not; how- mathematical models of traffic, channels and pro- ever, running Xen requires a compatible kernel (which tocols to predict network behavior. As they only not all Linux versions are) or the use of a commercial mimic and are unable to faithfully represent all version, such as Citrix’s Xen Server. Moreover, both aspects of networking, they are not interesting for projects based on Xen were found to be quite old and our ends. with no continued development or even available code. Next, we consider Netkit, a popular teaching lab- • Emulators, which differ from simulators in the oratory based on UML (User Mode Linux); it has a fact that they do appear, and act as, a real net- number of pre-made laboratories, which are consid- work; emulators use software to duplicate the con- ered as a base for our own, and active community ditions of the original system, fact that make them participation. However, it is not useful in protocol slower, but more realistic, than simulators. experimentation, as UML uses the same kernel as the We focus our investigation on emulators, as they host machine, which, naturally, means that all labora- give a more realistic approach to networking. We tories are bounded to the networking implementations present a summary of the evaluated emulators, but found in Linux kernels, which, as mentioned before, is first we present a small comment on virtualization not what we are looking for. technologies, relevant to virtual laboratories. There Third, we explore Mininet, a network emulator fo- are several virtualization platforms and techniques, cused on SDN and Open Flow learning with an active but they all can be roughly divided in two categories: community and a number of fork projects. It uses net- full-virtualization platforms and para-virtualization work namespaces (a containerization mechanism of the ones. Para-virtualization allows the guest machine to Linux kernel that provides a way to copy the network use portions of the host machine’s kernel, including stack of the Linux kernel) and process based emula- I/O, thread and memory management, among oth- tion, so it only has as many tools as the Linux ker- ers, instead of emulating these operations via soft- nel on top of which it is running, without support for ware; on the other hand, full-virtualization engines any stack based on Windows, BSD, or any other OS; emulate the entirety of the guest machine kernel, in- Mininet is a good alternative, because of its commu- cluding costly operations such as the previously men- nity support, but if we want a laboratory able to em- tioned, making this technique considerably more re- ulate all different equipment found in real networks, source intensive and the guests, slower. There are, we need an alternative more flexible in what operating however, several advantages to full-virtualization, such systems it supports. as the fact that it can virtualize all OS, with no Finally, we find Nemu[6], based on QEMU and with modifications whatsoever; on the other hand to par- mobile simulation capabilities; it is evaluated favor- avirtualize an OS it must be explicitly ported to the ably, but presented two problems that we find pivotal para-API, which makes standard OS unable to run on in the decision of developing a new networking labo- top of para-virtualization platforms. Moreover, para- ratory: First, its development was halted midway and virtualization, as it uses portions of the host kernel, is much of the functionality is unstable or poorly doc- not able to emulate a different hardware architecture; umented; moreover, it is basically impossible to run, this point is critical as a number of networking equip- and even its website was put down during our develop- ment, such as routers, switches and firewalls, do not ment, implying that the work has been halted or can- use the x86 architecture commonly found in personal celed. Second, as the previous emulators, uses fixed computers. Hence, we decide to use full-virtualization, pre-configured virtual machine images, which do not because we desire to be able to emulate as much types have the flexibility desired. of network equipment as possible, without being re- We conclude from our investigation that, in order stricted by the architecture or the need to port the to allow our students to experiment with all types of para-virtualization API. network equipment (including those which operating Continuing with our related work investigation; system is not based on Unix platforms) we should de- first, we explore Xen Worlds[5] and NVLab[7], both velop our own virtual laboratory platform. based on Xen server, the technology used in Amazon Web Service; all emulators based on Xen are discarded 4 Development of the platform due to the fact that Xen is a bare-metal hyper-visor, meaning, it runs directly on hardware, with no host op- The platform is open-source and available for down- erating system, which makes virtual machine adminis- load in https://github.com/niclabs/VirtualLabs. We decide to use QEMU/KVM for virtualization clude the concept of a “laboratory”, which is a network for a number of reasons: first, in combination, they topology plus all the virtual machines with some con- are a full-virtualization platform that allows custom figurations. The network topology is represented by kernels and can emulate different architectures. Sec- an XML file, which details the network elements, in- ond, differently from Xen Server, QEMU/KVM work cluding name, type of element (terminal, router, etc.), on top of a Linux-based operating system, which al- template the machine is based on, number of network lows for easier administration of the virtual machines. interface cards (which can either be named or referred This way, the virtual laboratory platform can be run by a numerical index). The XML file also details the on almost any host machine (the laboratory “server”), links between the elements, using the network interface as long as it has a Linux-based OS and supports vir- cards defined in each element as the two endpoints; tualization. it is possible to add shaping properties to each of the The most extensive part of the design stage was de- links, such as delay, jitter, limited bandwidth and loss, ciding how the different elements in a network topology which are added to the bridge that models the link. To would be modeled; in particular, we decide to model add connection to the internet, a special type of link the most common elements find in a network: termi- is included, called an “external link”, with only one nals (end users), switches, routers and the links that endpoint, which, in turn, connects to a bridge that connect them. At this stage of the development, we is also associated to the physical interface of the host focus on open-source solutions, so we choose Linux- machine that has internet connection. based OS for the terminals, LISA (Linux Switching The machines of a laboratory are copied from a tem- Appliance[8]) for switches, VyOS (a fork of the Vy- plate, but can be latter accessed to and modified; they atta project) for routing, and standard Linux bridges have an explanatory name (a combination of the lab- for links. oratory name and the name of the element itself) and It is important to mention that we are extremely are kept in the hard drive of the host machine, so the conscious throughout the modeling stage, and later the laboratory can be started and paused several times. implementation, that we must avoid the main pitfall A possible extension to the platform is the inclusion found in current virtual laboratories, their restrictive- of start-up scripts with the machines configuration, ness, so we design the system so that it is easy to in- which would make keeping the machines unnecessary, clude new networking elements such as load balancers, as each time one starts the laboratory new machines firewalls, NAT servers, etc. would be created from a template, and then configured Once we define how the different elements involved as required. are modeled, we design how these models are to be implemented; in particular, how we will create the el- 5 Conclusions ements of the network, meaning, the virtual machines that are to be terminals, switches and routers. A first We present the problem of hands-on experience in net- approach would be to simply keep an iso image for working teaching, particularly related to the bridge each operating system, but installing a virtual ma- between theory and practice, and then briefly describe chine from scratch each time one needs a terminal is why current solutions do not suffice for all ends. Then, simply too time consuming. Luckily, KVM provides we present some of the current alternatives, further “templates”, virtual machines with an installed oper- detailing their characteristics and why they are dis- ating system which can be “cloned“ as many times as carded; exploring this alternatives has the double pur- necessary; machines created from the same template pose of focusing our objectives and serve as inspiration do not share configurations nor disk, so they are, in in the design and implementation of our virtual labora- essence, different machines. Using these templates, tory. We present a summary of the steps taken during we can provide a number of ready to use base ter- development, detailing the tools used, how we choose minals, switches and routers, which can be copied as to model the problem and some details of the imple- many times as necessary; moreover, including new el- mentation, including a summary of the most relevant ements to our laboratories is just a matter of creating concepts require understanding the use of the virtual new template images. The virtual machines communi- laboratory platform. cate with each other using Linux bridges defined in the host machine, virtual network interfaces which the ma- chines associate to using the bridged networking mode 6 Future work included in KVM. Finally, to interact with the virtual In the future, we have three concrete objectives: machines, we take advantage of KVM, which provides a VNC server to all virtualized machines. • Design a number of pre-made laboratories with Besides the networking elements themselves, we in- different teaching objectives in mind. We think Netkit’s approach to laboratories is interesting, and expect to follow similar guidelines. • Test the virtual laboratory, using the previous laboratory experiences, in a networking course, and continue refining it depending on the stu- dent’s feedback. We plan to focus in an undergrad course since the students usually come with little or no networking background; hence we theorize that the students would most benefit from prac- tical laboratory experience when compared with graduate students. • Design and implement a GUI for the creation, administration and interaction with the labora- tories, since, as commented previously, for now we rely on VNC to interact with the virtual ma- chines. References [1] Loddo J, Saiu L. Marionnet: a virtual network laboratory and simulation tool. First International Conference on Simulation Tools and Techniques for Communications, Networks and Systems. 2008. [2] Pizzonia M, Rimondini M. Netkit: network emu- lation for education. Software: Practice and Expe- rience, 46(2), 133-165. 2016. [3] Huang T, Jeyakumar V, Lantz B, Feamster N, Winstein K, Sivaraman A. Teaching computer net- working with mininet. ACM SIGCOMM. 2014. [4] Peng C, Liu B. Application of GNS3 at Computer Network Teaching. Theory Research, 20, 136. 2016. [5] Anderson B, Joines A, Daniels T. Xen worlds: leveraging virtualization in distance education. ACM SIGCSE Bulletin (Vol. 41, No. 3, pp. 293- 297). 2009. [6] Autefage V, Magoni D. Network emulator: a net- work virtualization testbed for overlay experimen- tations. Computer Aided Modeling and Design of Communication Links and Networks (CAMAD), 2012 IEEE 17th International Workshop on (pp. 266-270). 2012. [7] Wannous M, Nakano H. NVLab, a networking vir- tual web-based laboratory that implements virtual- ization and virtual network computing technologies. IEEE Transactions on Learning Technologies, 3(2), 129-138. 2010. [8] Rendec R, Nicu I, Purdila O. Linux multilayer switching with LiSA. Proceedings of the 5th RoE- duNet IEEE International Conference. 2006.