modeling networks and services with virtualbox...oracle vm virtualbox runs on linux*, windows,...

Modeling NetworksAnd

Services with VirtualBox

Alan WhineryU. Hawaii ITS

Personal Network Modeling● I'm ignoring VMWare, Microsoft, etc, not

because they aren't great things● But because they require money and

paperwork● You can do a lot with cost-free virtualization● VirtualBox is feature-rich, and easy to use● There are many options, free and otherwise●

VirtualizationVirtualization

Free-of-charge Virtualization (x86,x86-64)● VirtualBox – Innotek/Sun/Oracle (Guests: Various)

● Hosts: Linux, Windows MacOS X+,Solaris● Xen (Guests: Various)

● Hosts: NetBSD, Linux, Solaris● KVM (Guests: Linux)

● Hosts: FreeBSD, Linux, Solaris, Windows● QEMU (Unices, Windowses)

● Hosts: Linux, FreeBSD, OpenBSD, Solaris, Windows● DosBox (DOS)

● Linux, Windows, Mac OS classic, Mac OS X, BeOS, FreeBSD, OpenBSD, Solaris, QNX, IRIX, MorphOS, AmigaOS, Maemo, Symbian

● Many Others

Alternatives● “Peaceful Co-existence” Schemes

● FreeBSD Jail● Linux vServer● User Mode Linux

● Complete Emulation● Pear PC (PowerPC Emulation)

– Guests:Mac OS X, Darwin, Linux– Hosts: Linux/Windows

Oracle VM VirtualBox● Originally Start-Up Innotek

● Bought by Sun– Bought by Oracle

● Originally came in Open Source and Non-Open-Source versions● Now comes in one version; closed source stuff in

“extension pack”● Extension Pack Includes

– USB 2.0– Remote Desktop Protocol– PXE (Boot from network)– PCI pass-through (Linux only)

Oracle VM Virtualbox● Runs On Linux*, Windows, Solaris, Mac OSX● Reasonably fast● Reasonably efficient/lightweight● Versatile beyond the GUI (which is not needed)● Easy way to try Live-CD images from ISO files● Install from ISO images

● To virtual hard drive or physical● Boot from existing hard drives or partitions● Or other VM's virtual drive images (VMWare,

*Vbox Linux Driver Declared Tainted● ~ October 11th 2011, Linux Kernel developers

marked VirtualBox Linux module as “tainted_crap”, because of the number of issues reported

● I used it daily for 8 months last year on my office desktop to keep a Windows XP guest running on my Ubuntu Desktop, and didn't have any problems

● YMMV● This has no reported relevance to Vbox use on

a Windows, Mac OS X or Solaris host

*Vbox Linux Driver Declared Tainted● If you want to set up virtual servers on a

Hypervisor and control them with Linux, use Xen

● If you want to build a cloud, use Xen● Xen is not (yet) the on-the-desktop tool for our

scenario● If you want to try VBox on Linux, you may or

may not have problems● Otherwise, KVM and Qemu offer alternative

paths to enlightenment

LiveCD VMs● Many LiveCD instances (Knoppix, Slax) allow

you to keep persistent changes on USB or hard drive

● Useful if HDD space is short, and RAM is plentiful (the opposite of normal)

● LiveCDs can have slower performance than installed systems, but offer low impact trials of useful “appliance” style systems

Some LiveCD VM Suggestions● Ubuntu 11.10 (or whatever you have)

● Offers “Install” versus “Try” (LiveCD Mode)● Good if you just need a GUI Desktop for a browser test

● BackTrack● Security-oriented Linux

– KDE based LiveDVD ISO– Gnome based VMWare image (which you can import)

● Slax – Modular, custom LiveCD● slackware based

● Internet2 Network Performance Toolkit ● Knoppix – The Mother Of Most Linux LiveCDs● http://en.wikipedia.org/wiki/Comparison_of_Linux_distributions#Live_media

● http://en.wikipedia.org/wiki/List_of_live_CDs

Terms: Network Address Translation(NAT)

● A “NAT device” translates addresses in packets that travel through it

● Common “one-to-many” NAT obscures the presence of multiple devices on a network, making them appear as one IP address from the point of view of “the Internet”

● NAT is often used as a way of using several computers with a single “real” IP address

Terms: Network Address Translation(NAT)

Simple VNet

VirtualBox Networking Modes● Bridged● NAT● Host-Only● Internal● Generic

VBox Networking: NAT● Default mode

● Virtual Machine has an interface connected to a virtual NAT, which is a service on your host system

● Addressing, routing, DNS taken care of, IF the VMOS is configured for DHCP (most will be)

● Two concurrently running VMs are on different NATs, and cannot communicate with one another

● VMs cannot communicate with the Host machine● Useful/Easy in the single VM universe● Capability for port-forwarding● Can't add routes; internal net is one layer deep

Vbox Networking: Bridged● Uses a physical interface on the physical box● Appears as a separate host on the real network● If your local segment has DHCP, it can use real

DHCP, and access the Internet as a regular host

● Does not require physical interface to be configured for IP, or have an address

VBox Networking: Internal Net● Can create multiple segments● No connectivity to the Host Machine● VMs can communicate on Internal segments● Solely for inter-VM communication● A third party observer on an Internal segment

sees everything, as it would on a hub, or coax segment

VBox Networking: Host-Only● Can create multiple segments● Each has an interface on the Host Machine● VBox will supply a DHCP service per segment● VMs can communicate on H-O segments

● With each other● With Host Machine

● A third party sniffer on an H-O segment sees multicast/broadcast only

Vbox Networking: Generic● Seldom used● UDP Tunnel (Linux Host only)● VDE (Virtual Distributed Ethernet)

● Need to compile VBox from source● (GRE) – alternative to Generic for direct peering

between VMs on different Hosts● If they're on the same segment, just use

Ethernet

Vbox Net Modes

Creating A VM

Creating A VM

Creating A VM

VM Attributes

Cloning

Cloning

Cloning

>>

Cloning● For the Ubuntu 11 server case –● To make Ethernets start over at “eth0”

● /etc/udev/rules.d/70-persistent-net.rules● Delete all Ethernet entries

● Edit /etc/hostname● Regenerate OpenSSH keys

● /bin/rm /etc/ssh/ssh_host_*● dpkg-reconfigure openssh-server

● Reboot

Cloning● The Cloning Process is essentially the same

thing as:● Copying the VDI file that holds the VHardDisk● Creating a new VM ● Choosing “use existing disk” and specifying the

copy● Just in case you want to move a copy to a new

machine● You can also export machines, which is

probably better to share them with others

Indexing Your MAC AddressesHere I set the last 4 digits (or 2 bytes) of Routie3's “net01” interface to “0301”

Windows Interface Names

Terms: Routing● Refers to information kept by every device on the

Internet, about where to send packets● 99.9999999% of devices have two routes:

– The connected IP “subnet” (automatic if interface is up)– “Default route”, or “everything else is that-away” (DHCP,Manual)

● 0.0000001% need more– Biology net is down the hall to the right– Engineering net is the other way, downstairs, and left

● DHCP normally installs a default route for you.● In manual addressing, you have to type it in, in the

form of a “gateway” IP address

Terms: Routing● A NAT device interrupts routing, and tells its

internal and external nets what they need to hear to get the job done

● NAT may introduce difficulties if your VNet needs to be part of the Internet

● NAT can work well, if you only need Internet access for package/update management

Making A Router● Step-by-step process to make a Linux instance into

a router:1) echo 1 > /proc/sys/net/ipv4/ip_forward2)echo 1 >/proc/sys/net/ipv6/conf/all/forwarding

● The rest of what “real routers” do is all about obtaining and maintaining a list of routes

● Unless you're specifically interested in the operation of routing protocols, and dynamic re-routing, and stuff like that, you should probably just set static routes

● Your OS will set a route for each of its attached networks automatically

● DHCP clients will almost always get a default route via DHCP

How To View/Set/Delete Routes● Linux/MacOS/BSD/Solaris

routie1:~$ sudo route add -net 192.168.2.0 netmask 255.255.255.0 gw 172.25.1.1routie1:~$ route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface0.0.0.0 128.171.6.5 0.0.0.0 UG 100 0 0 eth0128.171.6.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0172.25.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2192.168.2.0 172.25.1.1 255.255.255.0 UG 0 0 0 eth2192.168.56.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1

Routie1:~$ sudo route del -net 192.168.2.0 netmask 255.255.255.0 gw 172.25.1.1

Changing Default:

sudo route add -net 0.0.0.0 netmask 0.0.0.0 gw 172.25.1.1ORsudo route add -net default gw 172.25.1.1

How To View/Set/Delete Routes● Linux(probably others) ipv6

routie01:~$ route -A inet6 -nKernel IPv6 routing tableDestination Next Hop Flag Met Ref Use If2607:f278:4101:11::/64 :: UAe 256 0 8 eth0fe80::/64 :: U 256 0 0 eth1fe80::/64 :: U 256 0 0 eth0fe80::/64 :: U 256 0 0 eth2::/0 fe80::222:55ff:fe49:d2c1 UGDAe 1024 0 1 eth0::/0 :: !n -1 1 14 lo::1/128 :: Un 0 1 7 lo2607:f278:4101:11:a00:27ff:fe2a:9712/128 :: Un 0 1 0 lofe80::a00:27ff:fe00:102/128 :: Un 0 1 0 lofe80::a00:27ff:fe00:103/128 :: Un 0 1 0 lofe80::a00:27ff:fe2a:9712/128 :: Un 0 1 2 loff00::/8 :: U 256 0 0 eth1ff00::/8 :: U 256 0 0 eth0ff00::/8 :: U 256 0 0 eth2::/0 :: !n -1 1 14 lo

Routie01:~$ sudo route -A inet6 add 3ffe::/32 gw 2607:f278:4101:11:21e:68ff:fe57:acd3

How to ping ipv6● Linux (and similar Unices)routie@routie01:~$ ping6 www.google.comPING www.google.com(pw-in-x67.1e100.net) 56 data bytes64 bytes from pw-in-x67.1e100.net: icmp_seq=1 ttl=53 time=75.4 ms64 bytes from pw-in-x67.1e100.net: icmp_seq=2 ttl=53 time=70.4 ms64 bytes from pw-in-x67.1e100.net: icmp_seq=3 ttl=53 time=71.0 ms^C--- www.google.com ping statistics ---3 packets transmitted, 3 received, 0% packet loss, time 2003msrtt min/avg/max/mdev = 70.493/72.328/75.400/2.207 ms

● Also: traceroute6

How to ping ipv6● WindowsC:\Users\Whinery>ping www.google.com

Pinging www.l.google.com [2001:4860:8004::67] with 32 bytes of data:Reply from 2001:4860:8004::67: time=71msReply from 2001:4860:8004::67: time=70msReply from 2001:4860:8004::67: time=70msReply from 2001:4860:8004::67: time=70ms

Ping statistics for 2001:4860:8004::67: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 70ms, Maximum = 71ms, Average = 70ms

● You can force v6 by using “ping -6 www.google.com”

C:\Users\Whinery>route print===========================================================================Interface List 10...8c 89 a5 32 33 01 ......Realtek PCIe GBE Family Controller 18...08 00 27 00 dc 1f ......VirtualBox Host-Only Ethernet Adapter 1...........................Software Loopback Interface 1 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2===========================================================================

IPv4 Route Table===========================================================================Active Routes:Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.3.5 192.168.3.172 20 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.3.0 255.255.255.0 On-link 192.168.3.172 276 192.168.3.172 255.255.255.255 On-link 192.168.3.172 276 192.168.3.255 255.255.255.255 On-link 192.168.3.172 276 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.56.1 276 224.0.0.0 240.0.0.0 On-link 192.168.3.172 276 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.56.1 276 255.255.255.255 255.255.255.255 On-link 192.168.3.172 276===========================================================================

How To View/Set/Delete Routes● Windows

How To View/Set/Delete Routes● Windows (cont'd) Persistent Routes:

NoneIPv6 Route Table===========================================================================Active Routes: If Metric Network Destination Gateway 10 276 ::/0 fe80::222:55ff:fe49:d2c1 1 306 ::1/128 On-link 10 28 2607:f278:4101:11::/64 On-link 10 276 2607:f278:4101:11:c8e4:ef3b:3458:ac05/128 On-link 10 276 2607:f278:4101:11:e158:ed19:e90a:5791/128 On-link 18 276 fe80::/64 On-link 10 276 fe80::/64 On-link 18 276 fe80::a128:cf4d:377:db78/128 On-link 10 276 fe80::e158:ed19:e90a:5791/128 On-link 1 306 ff00::/8 On-link 18 276 ff00::/8 On-link 10 276 ff00::/8 On-link===========================================================================Persistent Routes: NoneC:\Users\Whinery>

How To View/Set/Delete Routes● Windows (cont'd)

Type “route” to get adequate help on the Windows “route” command

route add 192.168.2.0 mask 255.255.255.0 192.168.3.45route delete 192.168.2.0 mask 255.255.255.0 192.168.3.45route change 192.168.2.0 mask 255.255.255.0 192.168.3.45route add 0.0.0.0 mask 0.0.0.0 192.168.3.45route add 3ffe::/32 3ffe::1

An Oneiric Linux Building Block● Arbitrary choice for Linux-based block● Ubuntu “Server” is lighter than “Desktop”● Ubuntu Server 11.10 “Oneiric Ocelot”

● DHCPd (apt-get install isc-dhcp-server)● Apache server (apt-get install apache2)● Squid web cache/proxy (apt-get install squid)

– AdZapper– Etc

● Ubuntu tastes a lot like Debian● If you have time invested in an RHEL or Fedora,

you may like CENTOS

How to set up a Linux router with OSPF/RIP/RIPng/BGP/ISIS

● Quagga (a fork/continuation of Zebra)● sudo apt-get install quagga

● Quagga.net● Adequate treatment of this would take a whole

'nother BrownBags● Offers sort-of-like-Cisco CLI● No, you can't peer with our OSPF or BGP

Open vSwitch● Virtual Switch that runs in Linux● Implements OpenFlow switching control language● Uses “virtual” and “physical” interfaces

● Including ““physical”” interfaces on VMs. ● If you want to play with it, download the OpenFlow

demo VM and perhaps do the OpenFlow Tutorial:● http://www.openflow.org/wk/index.php/OpenFlow_Tutorial● Several commercial physical switches are OpenFlow

compatible

Really Interesting Things To Do● Move a running instance from one Vbox to

another across the network (Teleporting)● Run a VM with a real disk

● Windows requires run VBox as Administrator● Add 4 more Ethernets for total of 8

● With VBoxManage ● Incarnate A Virtual Host● Virtualize a Physical host● Use VMWare/MS VHD/ disks

Virtual Gateway for Real Host