Virtual Square: all the virtuality you always wanted but you were afraid to ask. Renzo Davoli i Computer Science Department vol Da ALMA MATER STUDIORUM: University of Bologna o Renz eft, yl WorkShop 2007 sul Calcolo e Reti dell'INFN op C 7 Rimini, 10 maggio 2007 00 2 © re ua Sq l ua t Vir Virtual Square VIRTUAL VIRTUAL VIRTUAL SQUARED i VIRTUAL SQUARE vol Da o VIRTUAL VIRTUAL Renz eft, VIRTUAL yl VIRTUAL op C 7 00 2 VIRTUAL © re VIRTUAL ua Sq l ua t Vir VIRTUALITY today ● Virtual Machines – historical topic – lots of papers – lots of tools i vol Da – ... but something is already missing o Renz ● Virtual Networking eft, yl op – less historical C 7 00 2 – several papers © re ua Sq l ua t Vir Virtual Square Virtualization concepts and tools are disconnected. i There is a world of new applications that vol Da can be realized by interoperating, o Renz integrated virtuality eft, yl op C 7 UNIFICATION IS NEEDED 00 2 © re ua Sq l ua t Vir Virtual Square © 2007 Copyleft, Renzo Davoli Vi rtual S qu are Some Examples of VM (free software) ● Qemu: PVM or SVM, User Mode User Access (or dual-mode with KQEMU, proprietary sw). – cross emulation platform (ia32, ia64, ppc, i m68k, sparc, arm...) vol Da o – dynamic translation Renz ● eft, XEN: SVM, Native. yl op C 7 – xen uses para-virtualization (O.S. in domain0 00 2 © has the real device drivers). re ua – (xen ideas come from the Denali project: Sq l ua t SVN, Native, real virtualization). Vir Some Examples of VM (free software) ● User-Mode Linux (U-ML): SCVM, User-Mode User Access. – Same ABI/Same ISA: Linux on Linux. – Uses the debugging interface ptrace to capture i vol the system calls. Da o ● OpenVZ: Native, SVM (but all the Vms share Renz eft, the same kernel, this category is also known yl op C 7 as: Operating System Level Virtualization). 00 2 – © derived from the proprietary product Virtuozzo. re ua – Sq the kernel itself provide different resource and l ua t different permissions to virtual instances of Linux. Vir Some Other Examples ● Mac-On-Linux: (free SW, SVM, Dual) ● Vmware: (proprietary, SCVM, Dual) ● VirtualPC/Virtual Server: (proprietary, i SVM, Dual) vol Da ● o PearPC: (free, SVM, User-Mode User- Renz Access) eft, yl op ● C Solaris “zones”: proprietary, Native, SVN 7 00 2 (OSLV). © re ua Sq l ua t Vir There are other kinds of Virtuality! The “classical” definition of Virtual Machines does not catch all the possible “Virtualities”... ● Virtual Network Interfaces: – tuntap ● Virtual Networks: i vol Da – VPN, Local VN provided with Virtual Machines o Renz ● Virtual Running Environments: eft, yl op – C chroot (POSIX syscall), fakeroot utility UNIX, Linux 7 00 2 Vserver © re ● ua Virtual File Systems Sq l ua t – Fuse, UnionFS, PlasticFS (uses LD_PRELOAD) Vir Other “Virtuality” ● Environmental Subsystems. – system call conversion: e.g. Posix -> Win32 ● System Call Interposition. – i Systrace: system call access manager vol Da – o Janus, Ostia: application firewall. Renz eft, yl op C 7 00 2 © re ua Sq l ua t Vir Virtual Square Goals ● We have seen a wide (wild ;-) world of different kinds of virtuality based on different ideas, several tools ● Keyword #1: communication – different VMs must be interconnected i ● vol Keyword #2: integration Da o – Renz different VMs can be seen as special cases of eft, a broaden idea of VM yl op C 7 ● Keyword #3: extension 00 2 © – re several needs could be captured by some VM ua Sq abstraction, but there is not the specific l ua t model of VM, nor the tool! Vir Virtual Square © 2007 Copyleft, Renzo Davoli ● free S I deas, t W oo . ls... mor 2 ½ e t Years! ha n 100,000li nes o f Keyword #1: Communication ● Virtual Distributed Ethernet: – VDE clients: User-Mode Linux, Qemu, virtual tap (all appl. using tap), tuntap (in linux kernel), slirp. i – VDE appears as a Local Area Network vol Da o (Ethernet complaint) from all the connected Renz entities. eft, yl – op The machines interconnected by a VDE may C 7 be distributed on different hosts (no limits of 00 2 © “distance”, km or hops). re ua Sq l ua t Vir VDE components SWITCH SWITCH CROSS CABLE i vol Da o Renz eft, yl op C 7 VDE SWITCH VDE SWITCH 00 2 © re ua VM VDE VdeWire VDE VM TunTap Sq l plug (e.g. ssh) plug ( e.g. QEMU) (e.g. U-ML) Linux Module ua t Vir VDE: Related Work ● VPN: (OpenVPN) point2point, for real machines ● Overlay Networks: specific for application (peer to peer, Akamai). i vol ● Da VM networking: (tools provided with VM, o Renz e.g. uml-switch) specific for VM eft, yl op VDE: C 7 00 ● 2 multipoint, general mesh © re ua ● no need for root (administration) access Sq l ua t ● Vir heterogeneous VM and non VM connected VDEv2: advertisement ● VDEv2: – modular design – compatible with user-mode linux, qemu, tuntap, (bochs, plex86), umview/lwipv6 – through the vdetaplib potentially compatible any application using tap i vol – VLAN (802.1Q) Da o – FST (fast spanning tree) Renz – run time maneageable via unixterm (telnet or eft, yl op web with vdetelweb) C 7 – includes slirpvde and wirefilter 00 2 – © status debug (NEW!) re ua – plugin support (NEW!) Sq l ua t Vir VDEv2 ● VDE-Switch – number of ports configurable on command line – port0 is reserved for management clients, n-1 i ports are available for connections. vol Da o – management UNIX socket for management Renz clients eft, yl op ● self-describing SMTP-like protocol C 7 00 – 2 modules: datasock (VM conn), tuntap, © re consmgmt (management) ua Sq l ua t Vir VDE cables ● VDE-plug – is a VM that converts the Ethernet packets of a VDE port into a stream connection (stdin- stdout) i ● vol VDE-wire Da o – can be any application able to give a Renz eft, stdin/stdout stream connection yl op C 7 00 2 © re ua Sq l ua t Vir Dual Pipe ● dpipe is a new (general purpose) command we have added. ● Pipe are well known abstractions. The following command prints the list of the i vol current directory: ls lpr Da o ls | lpr Renz eft, yl ● Dpipe creates a bi-irectional connection op C 7 between the processes cmd1 cmd2 00 2 © re dpipe cmd1 = cmd2 ua Sq l ua t Vir VDE cables, plugs, wires and dpipe ● dpipe is used to create VDE-cables: dpipe vde_plug = ssh vde.students.cs.unibo.it vde_plug ● this command connects by a dpipe the local vde_plug with a vde_plug running on i vol a remote host (the wire is ssh) Da o ● Renz other applications can be used as wire eft, yl (e.g.netcat) op C 7 ● 00 In the example vde_plug refers to the 2 © re default switch. It is possible to run several ua Sq l switches on the same host, an extra ua t Vir option is needed in this case. wirefilter ● wirefilter can be put on a cable (e.g. for network testing) dpipe vde_plug /tmp/s1 = wirefilter -m /tmp/m = vde_plug /tmp/s2 ● packet loss, delays, dup, speed, noise i vol figures, mtu, fifoness properties of the Da o line can be changed with command line Renz eft, options or real time via a management yl op C socket. 7 00 2 © re ua Sq l ua t Vir SlirpVDE VDE SWITCH VDE SWITCH 10.0.2.15 VDE VdeWire VDE 10.0.2.16 plug (e.g. ssh) plug VM VM i (e.g. QEMU) (e.g. U-ML) vol Da o Note: it supports Ipv4 only. Renz 10.0.2.2 Ipv6 is already eft, yl unsupported. SlirpVDE op Firefox C 7 00 http connection from slirpVDE 2 running on the hosting O.S. to © re http connection from firefox www.cs.unibo.it -> 130.136.1.110 ua running on 10.0.2.15 to Sq l w ww.cs.unibo.it -> 130.136.1.110 ua t Vir vde_cryptcab ● Coded by Daniele Lacamera (danielinux) ● A vde_cryptcab is a distributed cable manager for VDE switches. ● i Server side vol Da vde_cryptcab -s /tmp/vde2.ctl -p 2100 o Renz ● Client side eft, yl op vde_cryptcab -s /tmp/vde2.ctl -c [email protected]:2100 C 7 00 ● 2 use a blowfish channel (random key © re exchanged by scp). ua Sq l ua t Vir LWIPv6 ● It is a LWIPv4/v6 stack implemented as a library. ● Fork project from LWIP project (Adam Dunkels <[email protected]>) i vol ● Da Can be connected to any number of VDE, o Renz TUN, TAP interfaces. eft, yl ● op It is a hybrid stack (not a dual-stack). One C 7 00 single Ipv6 “engine” is able also to 2 © re manage Ipv4 packets in compatibility ua Sq l mode (130.136.1.110 is managed as ua t Vir 0::ffff:130.136.1.110). LWIPv6 ● PF_INET, PF_INET6 ● PF_PACKET for raw packet management – support for user-level network analysis tools (e.g. sniffers, ethereal) i vol – Da support for user-level dhcp clients. o ● Renz PF_NETLINK for configuration eft, yl op ● C Packet filtering 7 00 2 © re ua Sq l ua t Vir LWIPv6 interface definition API struct netif *lwip_vdeif_add(void *arg); struct netif *lwip_tapif_add(void *arg); struct netif *lwip_tunif_add(void *arg); int lwip_add_addr(struct netif *netif,struct ip_addr *ipaddr, struct ip_addr *netmask); int lwip_del_addr(struct netif *netif,struct ip_addr *ipaddr, struct ip_addr *netmask); i int lwip_add_route(struct ip_addr *addr, struct ip_addr *netmask, vol struct ip_addr *nexthop, struct netif *netif, int flags); Da o int lwip_del_route(struct ip_addr *addr, struct ip_addr *netmask, struct ip_addr *nexthop, struct netif *netif, int flags); Renz eft, yl int lwip_ifup(struct netif *netif); op int lwip_ifdown(struct netif *netif); C 7 00 2 © re ua Sq l ua t Vir LWIPv6 socket API (just put lwip_ ahead) int lwip_accept(int s, struct sockaddr *addr, socklen_t *addrlen); int lwip_bind(int s, struct sockaddr *name, socklen_t namelen); int lwip_shutdown(int s, int how); int lwip_getpeername (int s, struct sockaddr *name, socklen_t *namelen); int lwip_getsockname (int s, struct sockaddr *name, socklen_t *namelen); int lwip_getsockopt (int s, int level, int optname, void *optval, socklen_t *optlen); int lwip_setsockopt (int s,
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages83 Page
-
File Size-