Virtual Square: All the Virtuality You Always Wanted but You Were Afraid to Ask

Virtual Square: All the Virtuality You Always Wanted but You Were Afraid to Ask

Virtual Square: all the virtuality you always wanted but you were afraid to ask. Renzo Davoli i Computer Science Department vol Da ALMA MATER STUDIORUM: University of Bologna o Renz eft, yl WorkShop 2007 sul Calcolo e Reti dell'INFN op C 7 Rimini, 10 maggio 2007 00 2 © re ua Sq l ua t Vir Virtual Square VIRTUAL VIRTUAL VIRTUAL SQUARED i VIRTUAL SQUARE vol Da o VIRTUAL VIRTUAL Renz eft, VIRTUAL yl VIRTUAL op C 7 00 2 VIRTUAL © re VIRTUAL ua Sq l ua t Vir VIRTUALITY today ● Virtual Machines – historical topic – lots of papers – lots of tools i vol Da – ... but something is already missing o Renz ● Virtual Networking eft, yl op – less historical C 7 00 2 – several papers © re ua Sq l ua t Vir Virtual Square Virtualization concepts and tools are disconnected. i There is a world of new applications that vol Da can be realized by interoperating, o Renz integrated virtuality eft, yl op C 7 UNIFICATION IS NEEDED 00 2 © re ua Sq l ua t Vir Virtual Square © 2007 Copyleft, Renzo Davoli Vi rtual S qu are Some Examples of VM (free software) ● Qemu: PVM or SVM, User Mode User Access (or dual-mode with KQEMU, proprietary sw). – cross emulation platform (ia32, ia64, ppc, i m68k, sparc, arm...) vol Da o – dynamic translation Renz ● eft, XEN: SVM, Native. yl op C 7 – xen uses para-virtualization (O.S. in domain0 00 2 © has the real device drivers). re ua – (xen ideas come from the Denali project: Sq l ua t SVN, Native, real virtualization). Vir Some Examples of VM (free software) ● User-Mode Linux (U-ML): SCVM, User-Mode User Access. – Same ABI/Same ISA: Linux on Linux. – Uses the debugging interface ptrace to capture i vol the system calls. Da o ● OpenVZ: Native, SVM (but all the Vms share Renz eft, the same kernel, this category is also known yl op C 7 as: Operating System Level Virtualization). 00 2 – © derived from the proprietary product Virtuozzo. re ua – Sq the kernel itself provide different resource and l ua t different permissions to virtual instances of Linux. Vir Some Other Examples ● Mac-On-Linux: (free SW, SVM, Dual) ● Vmware: (proprietary, SCVM, Dual) ● VirtualPC/Virtual Server: (proprietary, i SVM, Dual) vol Da ● o PearPC: (free, SVM, User-Mode User- Renz Access) eft, yl op ● C Solaris “zones”: proprietary, Native, SVN 7 00 2 (OSLV). © re ua Sq l ua t Vir There are other kinds of Virtuality! The “classical” definition of Virtual Machines does not catch all the possible “Virtualities”... ● Virtual Network Interfaces: – tuntap ● Virtual Networks: i vol Da – VPN, Local VN provided with Virtual Machines o Renz ● Virtual Running Environments: eft, yl op – C chroot (POSIX syscall), fakeroot utility UNIX, Linux 7 00 2 Vserver © re ● ua Virtual File Systems Sq l ua t – Fuse, UnionFS, PlasticFS (uses LD_PRELOAD) Vir Other “Virtuality” ● Environmental Subsystems. – system call conversion: e.g. Posix -> Win32 ● System Call Interposition. – i Systrace: system call access manager vol Da – o Janus, Ostia: application firewall. Renz eft, yl op C 7 00 2 © re ua Sq l ua t Vir Virtual Square Goals ● We have seen a wide (wild ;-) world of different kinds of virtuality based on different ideas, several tools ● Keyword #1: communication – different VMs must be interconnected i ● vol Keyword #2: integration Da o – Renz different VMs can be seen as special cases of eft, a broaden idea of VM yl op C 7 ● Keyword #3: extension 00 2 © – re several needs could be captured by some VM ua Sq abstraction, but there is not the specific l ua t model of VM, nor the tool! Vir Virtual Square © 2007 Copyleft, Renzo Davoli ● free S I deas, t W oo . ls... mor 2 ½ e t Years! ha n 100,000li nes o f Keyword #1: Communication ● Virtual Distributed Ethernet: – VDE clients: User-Mode Linux, Qemu, virtual tap (all appl. using tap), tuntap (in linux kernel), slirp. i – VDE appears as a Local Area Network vol Da o (Ethernet complaint) from all the connected Renz entities. eft, yl – op The machines interconnected by a VDE may C 7 be distributed on different hosts (no limits of 00 2 © “distance”, km or hops). re ua Sq l ua t Vir VDE components SWITCH SWITCH CROSS CABLE i vol Da o Renz eft, yl op C 7 VDE SWITCH VDE SWITCH 00 2 © re ua VM VDE VdeWire VDE VM TunTap Sq l plug (e.g. ssh) plug ( e.g. QEMU) (e.g. U-ML) Linux Module ua t Vir VDE: Related Work ● VPN: (OpenVPN) point2point, for real machines ● Overlay Networks: specific for application (peer to peer, Akamai). i vol ● Da VM networking: (tools provided with VM, o Renz e.g. uml-switch) specific for VM eft, yl op VDE: C 7 00 ● 2 multipoint, general mesh © re ua ● no need for root (administration) access Sq l ua t ● Vir heterogeneous VM and non VM connected VDEv2: advertisement ● VDEv2: – modular design – compatible with user-mode linux, qemu, tuntap, (bochs, plex86), umview/lwipv6 – through the vdetaplib potentially compatible any application using tap i vol – VLAN (802.1Q) Da o – FST (fast spanning tree) Renz – run time maneageable via unixterm (telnet or eft, yl op web with vdetelweb) C 7 – includes slirpvde and wirefilter 00 2 – © status debug (NEW!) re ua – plugin support (NEW!) Sq l ua t Vir VDEv2 ● VDE-Switch – number of ports configurable on command line – port0 is reserved for management clients, n-1 i ports are available for connections. vol Da o – management UNIX socket for management Renz clients eft, yl op ● self-describing SMTP-like protocol C 7 00 – 2 modules: datasock (VM conn), tuntap, © re consmgmt (management) ua Sq l ua t Vir VDE cables ● VDE-plug – is a VM that converts the Ethernet packets of a VDE port into a stream connection (stdin- stdout) i ● vol VDE-wire Da o – can be any application able to give a Renz eft, stdin/stdout stream connection yl op C 7 00 2 © re ua Sq l ua t Vir Dual Pipe ● dpipe is a new (general purpose) command we have added. ● Pipe are well known abstractions. The following command prints the list of the i vol current directory: ls lpr Da o ls | lpr Renz eft, yl ● Dpipe creates a bi-irectional connection op C 7 between the processes cmd1 cmd2 00 2 © re dpipe cmd1 = cmd2 ua Sq l ua t Vir VDE cables, plugs, wires and dpipe ● dpipe is used to create VDE-cables: dpipe vde_plug = ssh vde.students.cs.unibo.it vde_plug ● this command connects by a dpipe the local vde_plug with a vde_plug running on i vol a remote host (the wire is ssh) Da o ● Renz other applications can be used as wire eft, yl (e.g.netcat) op C 7 ● 00 In the example vde_plug refers to the 2 © re default switch. It is possible to run several ua Sq l switches on the same host, an extra ua t Vir option is needed in this case. wirefilter ● wirefilter can be put on a cable (e.g. for network testing) dpipe vde_plug /tmp/s1 = wirefilter -m /tmp/m = vde_plug /tmp/s2 ● packet loss, delays, dup, speed, noise i vol figures, mtu, fifoness properties of the Da o line can be changed with command line Renz eft, options or real time via a management yl op C socket. 7 00 2 © re ua Sq l ua t Vir SlirpVDE VDE SWITCH VDE SWITCH 10.0.2.15 VDE VdeWire VDE 10.0.2.16 plug (e.g. ssh) plug VM VM i (e.g. QEMU) (e.g. U-ML) vol Da o Note: it supports Ipv4 only. Renz 10.0.2.2 Ipv6 is already eft, yl unsupported. SlirpVDE op Firefox C 7 00 http connection from slirpVDE 2 running on the hosting O.S. to © re http connection from firefox www.cs.unibo.it -> 130.136.1.110 ua running on 10.0.2.15 to Sq l w ww.cs.unibo.it -> 130.136.1.110 ua t Vir vde_cryptcab ● Coded by Daniele Lacamera (danielinux) ● A vde_cryptcab is a distributed cable manager for VDE switches. ● i Server side vol Da vde_cryptcab -s /tmp/vde2.ctl -p 2100 o Renz ● Client side eft, yl op vde_cryptcab -s /tmp/vde2.ctl -c [email protected]:2100 C 7 00 ● 2 use a blowfish channel (random key © re exchanged by scp). ua Sq l ua t Vir LWIPv6 ● It is a LWIPv4/v6 stack implemented as a library. ● Fork project from LWIP project (Adam Dunkels <[email protected]>) i vol ● Da Can be connected to any number of VDE, o Renz TUN, TAP interfaces. eft, yl ● op It is a hybrid stack (not a dual-stack). One C 7 00 single Ipv6 “engine” is able also to 2 © re manage Ipv4 packets in compatibility ua Sq l mode (130.136.1.110 is managed as ua t Vir 0::ffff:130.136.1.110). LWIPv6 ● PF_INET, PF_INET6 ● PF_PACKET for raw packet management – support for user-level network analysis tools (e.g. sniffers, ethereal) i vol – Da support for user-level dhcp clients. o ● Renz PF_NETLINK for configuration eft, yl op ● C Packet filtering 7 00 2 © re ua Sq l ua t Vir LWIPv6 interface definition API struct netif *lwip_vdeif_add(void *arg); struct netif *lwip_tapif_add(void *arg); struct netif *lwip_tunif_add(void *arg); int lwip_add_addr(struct netif *netif,struct ip_addr *ipaddr, struct ip_addr *netmask); int lwip_del_addr(struct netif *netif,struct ip_addr *ipaddr, struct ip_addr *netmask); i int lwip_add_route(struct ip_addr *addr, struct ip_addr *netmask, vol struct ip_addr *nexthop, struct netif *netif, int flags); Da o int lwip_del_route(struct ip_addr *addr, struct ip_addr *netmask, struct ip_addr *nexthop, struct netif *netif, int flags); Renz eft, yl int lwip_ifup(struct netif *netif); op int lwip_ifdown(struct netif *netif); C 7 00 2 © re ua Sq l ua t Vir LWIPv6 socket API (just put lwip_ ahead) int lwip_accept(int s, struct sockaddr *addr, socklen_t *addrlen); int lwip_bind(int s, struct sockaddr *name, socklen_t namelen); int lwip_shutdown(int s, int how); int lwip_getpeername (int s, struct sockaddr *name, socklen_t *namelen); int lwip_getsockname (int s, struct sockaddr *name, socklen_t *namelen); int lwip_getsockopt (int s, int level, int optname, void *optval, socklen_t *optlen); int lwip_setsockopt (int s,

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    83 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us