Virtual Router &Overlay Network

Sueng-Yong ParkDept. of Electronic Engineering

Yonsei Univ.

Futu

re N

etw

ork

Futu

re N

etw

ork

Futu

re N

etw

ork

Futu

re N

etw

ork

Virtualization: Xen Architecture• Xen allows users to create virtual PCs.

– Thin hypervisor encapsulates underlying HW.– Domain 0 middles between virtual PC and HW.– Virtual PCs run on user space.

2

Futu

re N

etw

ork

Futu

re N

etw

ork

DomU DomU Dom0

Driver

Frontend Frontend Backend

Hypervisor

Futu

re N

etw

ork

Futu

re N

etw

ork

Virtualization: Xen Architecture• domU userspace is a nice place to put SW router.

– Hypervisor provides modular resource managements.– Process isolation provides undisturbed experiments.– But, it also has XEN limitations.

3

Futu

re N

etw

ork

Futu

re N

etw

ork

Xen architecture

dom0userspace

domUuserspace

domUuserspace

processes processes processes

dom0 kernel

devicedrivers

domU kernel domU kernel

Xen hypervisor

Hardware

ring 3

ring 0

x86_32 : ring 1x86_64 : ring 3

We can put Software Router in user space.

Futu

re N

etw

ork

Futu

re N

etw

ork

Internals of XORP

4

Futu

re N

etw

ork

Futu

re N

etw

ork

IPCfinder

routermanager CLI SNMP

BGP4+

OSPF

RIP

IS-IS

PIM-SM

IGMP/MLD

RIB

FEA

Management Processes

Unicast Routing

Mutiicast Routing

Forwarding Engine

RIB = Routing Information BaseFEA = Forwarding Engine Abstraction

Click Elements

Standard Linux Kernel is OK.

Futu

re N

etw

ork

Futu

re N

etw

ork

Virtual Router Architecture

5

Futu

re N

etw

ork

Futu

re N

etw

ork

Dom1 Dom2 Dom3

Data plane hypervisor(Dom0)

ControlPlane

ControlPlane

ControlPlane

XEN+XORP

XEN

Intel Ethernet Device Driver

• Ethernet (hardware) + Software(XEN + XORP)

Futu

re N

etw

ork

Futu

re N

etw

ork

Virtual Router Architecture

6

Futu

re N

etw

ork

Futu

re N

etw

ork • Network mode communication is suitable because it may

provide service with less overhead.• NAT mode seems to be interesting when the experiment

include different physical interfaces, like WiFi.

VM VM• • •

• • •

NIC

　Network Mode NAT Mode　

VM VM• • •

• • •

• • •

VLAN10

VLAN##

NIC

• • •

VLAN20

VLAN10 VLAN20

NIC

Futu

re N

etw

ork

Futu

re N

etw

ork

Virtual Network Concept

7

Futu

re N

etw

ork

Futu

re N

etw

ork • Remote control & monitoring virtual router over WAN

Network/Router management

<XML-RPC> <XML-RPC>

HypervisorHypervisor

GRE Tunnel172.16.13.0/24

192.168

.12.0/24.2 .2

.1 .1

192.168.123.0/24

.1 .3

S1/1

S1/1

S1/0

S1/0

fa1/1 fa0/1

fa0/0.100 fa0/0.100

fa0/0.100fa0/0.100

172.

16.1

.0/2

4

172.

16.3

.0/2

4

.2

.1

.2

.1

VLAN 100

[SW1] [SW2]

[R1]

[PC2][PC1]

Futu

re N

etw

ork

Futu

re N

etw

ork

TEIN2(EU)CERNET

(China)

BcN Testbed

2G IX1G622M

622M

10G

Suwon

20G

10G

10G

10G

DaeGu

Daejun

10G

Pusan

Internet2(USA)

Canet*4(Canada)

KwangJu

Jeju

BcNQuality Control

Center

SeoulKREONET

1G

166M

TransPAC2 10G

JGNII(Japan)

Six Point of Presences (POPs) in Korea Interconnections between POPs are being upgraded from 2.5~5G to 10~20G.

Construction of Network Operation Center (NOC) SW solution for NOC management

Remote monitoring and management capability for research access ports.

Construction of NOC.

Construction of remote conference system

S tatus of K OR E N Testbed

User’s view for Overlay 3

User’s view for Overlay 2

User’s view for Overlay 1

User’s view for Overlay 3

User’s view for Overlay 2

Virtual Network Topology

Virtual RouterControl Center

Slice of Virtual Router

Virtual Router Overlay 1Overlay 1

Overlay 2Overlay 2

Overlay 3Overlay 3

KOREN

Seoul

Suwon

Daejon

KwangJu

DaeGu

Pusan

Test Switch for Overlay NW

FIB

SecureChannel

PCXML-RPC

SSL

hw

sw

May follow openflow switch specification

Future Plan: Virtual Network Management

Source: http://cleanslate.stanford.edu

Futu

re N

etw

ork

Futu

re N

etw

ork

Future Plan: Router In Your Control

13

Futu

re N

etw

ork

Futu

re N

etw

ork

IPCfinder

routermanager CLI SNMP

BGP4+

OSPF

RIP

IS-IS

PIM-SM

IGMP/MLD

RIB

FEA

Management Processes

Unicast Routing

Mutiicast Routing

Forwarding Engine

RIB = Routing Information BaseFEA = Forwarding Engine Abstraction

Click Elements

Your RIB

XML-RPC over Secure Link

Your Process

Intelligent Edge Router

14

• For a low cost edge router, dedicated external server is a good solution for intelligent operation.

• Usually easier to develop S/W as the development environment is familiar.

Source: http://www.cisco.com

Futu

re N

etw

ork

Futu

re N

etw

ork

Futu

re N

etw

ork

Futu

re N

etw

ork

Demo: Standard PlatformCisco Router

PC2_VM1 PC1_VM1

10.20.30.0/24

10fa0/0 fa0/1

PC1_VM2

10.10.30.0/24

10.10.40.0/24

1

0.10.5

0.0/24

.2

.1.1

.2

.3

.4.4

.3

.2

.1

PC2_Dom0@Seoul PC1_Dom0@Suwon

10.2

0.40

.0/2

4

Futu

re N

etw

ork

Futu

re N

etw

ork

Demo: Monitoring & Controlof Overlay Network

Cisco Router

PC2_VM1 PC1_VM1

10.20.30.0/24

10fa0/0 fa0/1

PC1_VM2

10.10.30.0/24

10.10.40.0/24

1

0.10.5

0.0/24

.2

.1.1

.2

.3

.4.4

.3

.2

.1

Seoul Suwon

10.2

0.40

.0/2

4

<Network Monitor>

Futu

re N

etw

ork

Futu

re N

etw

ork

Demo: Monitoring of ICMP Pkt ATTACK

Cisco Router

PC2_VM1 PC1_VM1

10.20.30.0/24

fa0/0 fa0/1

PC1_VM2

10.10.30.0/24

10.10.40.0/24

1

0.10.5

0.0/24

.2

.1.1

.2

.3

.4.4

.3

.2

.1

서 울 수 원

10.2

0.40

.0/2

4

<Network Monitor><Hacker>

Futu

re N

etw

ork

Futu

re N

etw

ork

Demo: Monitoring of ICMP Pkt ATTACK

Cisco Router

PC2_VM1 PC1_VM1

10.20.30.0/24

10fa0/0 fa0/1

PC1_VM2

10.10.30.0/24

10.10.40.0/24

1

0.10.5

0.0/24

.2

.1.1

.2

.3

.4.4

.3

.2

.1

Seoul Suwon

10.2

0.40

.0/2

4

<Network Monitor><Hacker>

Q & A

19