VDE: Virtual Distributed Ethernet Renzo Davoli∗ Department of Computer Science University of Bologna, Italy email: [email protected] Abstract permits the concurrent execution and communication of several virtual or emulated machines through an emulated The idea of VDE is very effective but straightforward network. These tools however fail in generality and distri- simple and can be applied in very many configuration to bution: in generality as they are tailored to one single kind provide several services. It is a sort of Swiss knife of em- of virtual or emulated machine, in distribution as everything ulated networks. It can be used as a general Virtual Pri- (emulate machinesand the network emulator itself) must re- vate network as well as a support technology for mobility, side and run on the same real computer. a tool for network testing, a general reconfigurable over- It is possible to create a completely virtual/emulated net- lay network, a layer for implementing privacy preserving working space by using VDE together with virtual ma- technologies and many others. A prototype VDE has been chines on a set of real (based on hardware, physical) com- implemented and released as Free Software under the GPL puters connected by a real network. This second layer licence [11]. of virtuality has been also named as Virtual Square [12]. Square has here the double meaning of squared (i.e. el- evated to the second power) and of a virtual place where 1 Introduction machines and humans can meet. The remaining if the paper is organized as follows. Sec- tion 2 presents the structure and the composing entities of The acronym VDE is self explaining: it is a Virtual net- a VDE, section 3 explains some examples of VDE apppli- work because it is built completely in software, it is Dis- cations. A section about Related Work and a section with tributed as parts of the same network can run on different final remarks and future work complete the paper. physical (real) computers and it is an Ethernet as the entire virtual software structure is able to forward, dispatch and route plain ethernet packets. The main features of VDE are 2 Structure of VDE the following: VDE has the same structure of a modern Ethernet net- • VDE is Ethernet compliant. work. The main components, in fact, are vde switches and vde cables. • VDE is general, it is a virtual infrastracture that gives connectivity to several kinds of software components: • A vde switch is the virtual couterpart of a physical emulators/virtual machines, real operating systems and Ethernet switch (or hub). A switch has several ports other connectivity tools. where users can plug in computers, routers, other ethernet-compliant equipments. • VDE is distributed. • It is also possible to interconnect two different • VDE does not need specifically administration privi- switches together by using a so called cross-cable leges to run. plugging it from a port of one switch to a port of the . Virtual ethernet network facilities have been implemented other. VDE has the virtual counterpart of the crossed as a complementary feature for some emulation or virtual cable: a VDE-cable. It is a software tool able to inter- machine software (e.g. [17],[14, 15], [22]). This feature connect two vde-switches. ∗This work was partially supported by the WebMinds FIRB project of With VDE it is also possible to integrate real comput- the Italian Ministry of University, Research and Education ers in the emulated network. When a real computer is con- VIRTUAL ONCE WORLD VIRTUAL SQUARE WORLD COMPUTER A COMPUTER A Application 1 eth0 Application 1 eth0 QEMU (Mozilla) (Mozilla) running Debian/i386 Application 2 (ssh) VDE_SWITCH Debian/i386 eth0 Ethernet Switch User−Mode LINUX eth0 running Mandrake Application 2 (ssh) Mandrake Figure 1. A simple application of VDE nected to a VDE a virtual interface (based on tuntap) is vis- tures are announced on daily base. It runs completely ible from the operating system. This virtual interface ap- at user-level and virtualizes completely the processor pears exactly as it were a hardware interface and behaves architecture. as a physical ethernet interface. This operation however • changes the network behavior of the host computer and thus Bochs [19] is an historical virtual machine. It runs on need administrative privileges to be completed. several host architectures (supported host OS: Linux, MacOS 9/X, Windows) where it is able to create com- Currently VDE supports User-Mode Linux virtual ma- plete system virtualization of an i386 architecture. It chines, qemu, Bochs and MPS. relies on standard emulation techniques thus it is quite • User-Mode Linux. [14, 15] It is a project that realizes slow when compared to modern virtual machines. a complete system virtualization through system trap- It runs completely at user-level and virtualizes com- ping. It has been released as a set of patches for the pletely the processor architecture. linux kernel that defines a new virtual ”um” hardware • MPS and uMPS (micro MPS) [21] have been designed architecture. A kernel for the ”um” architecture is just for educational purposes. Like Qemu and Bochs, MPS an executable for the host computer that include the I- is a complete virtual system of a Mips based computer O virtualization routines as well as the kernel itself. It (user-level, complete processor virtualization). It is a runs at user-level. It does not require a specific kernel workbench for computer science students to run their support in the host machine but there is patch named experimental operating systems in a real-world consis- skas mode for the 2.4 version of Linux to increase U- tent virtual computer while stripping off unnecessary ML security and performance (to reduce the number complexities. of threads and to keep the addressing space of the em- ulated kernel inaccessible by the emulated tasks). The A vde switch operates as a real switch: it is a fast bridge support for skas mode should be included in vanilla able to manage the dynamical association between hard- Linux 2.6. ware (MAC) address and port. The switch learns from the headers of the packets exchanged on the network which • Qemu. [10] Quoting its author’s web site: Qemu is a is the mapping between each MAC address and the corre- FAST! processor emulation using dynamic translation sponding port. As a real switch a vde switch implements to achieve good emulation speed. Qemu is able to run the network traffic separation that leads to a higher ag- just as a processor or as a Complete System Virtual- gregate bandwidth. Vde switch also implements the Mac izer. It is possbile to run executables compiled for dif- to Port mapping aging to allow a graceful convergence to ferent processor architectures in a linux environment a new configuration when the topology changes. When or it is possible to start a virtual machine and boot an two switches are interconnected by a vde cable, the switch- entire operating system. It runs on a number of differ- ing algorithm forwards through the cable only packets that ent hardware architectures, it is currently able to run have source and destination on the opposite sides as well i386, ppc, arm and sparc executables and provides vir- as broadcast packets and packets sent to already unknown tual machines emulating i386 and ppc based architec- destinations. There is an option for the vde switch to use tures. This project is very active: new ports and fea- it as a hub. This latter option can be useful for debugging, 2 VIRTUAL ONCE WORLD VIRTUAL SQUARE WORLD COMPUTER A COMPUTER A Application 1 Application 1 QEMU (Mozilla) (Mozilla) running Debian/i386 eth0 Standard eth0 Linux Routing Application 2 Linux IP tap0 (ssh) Routing Firewalling Debian/i386 eth0 Ethernet Switch DHCP etc. User−Mode LINUX eth0 running Mandrake VDE_SWITCH Application 2 need root privileges (ssh) Mandrake Figure 2. A VDE routed to the Internet to plug in a network traffic analyzer, or for educational pur- 3 Detailed examples Applications of VDE pose: e.g. to show the security threats that can be put in place on hub based networks. As stated in the abstract, VDE can have several applica- Vde cables are composed by three software components: tions. In this section we pass through some examples and analyze which classes of common problems can be solved • Two vde plugs, one at each end of the cable. A by using VDE. vde plug is a program that has been designed to be Figure 1 shows the simplest usage of a VDE: One or connected to a vde switch and converts all the traffic several local virtual machines can be interconnected by the to a standard stream connection. virtual network. In the example the ssh client running as an application for the Linux Debian O.S. on the Qemu vir- • An interconnection tool, that is able to bi-directionally tual machine can open a session to the Linux Mandrake ma- connect the streams of two vde plugs. chine running as a User-Mode Linux virtual machine. It is possible to run several vde switches on the same computer: An interconnection tool can be a double pipe, i.e. a bidi- each vde switch has a Unix Socket as its identificator and rectional extension to the standard pipe Unix tool to inter- its channel to communicate with the switch. It is also pos- connect commands. It is also possible to connect switches sible for several users to join the same virtual network. On running on different host computers by the joint use of a the contrary it is possible for a user to keep different virtual double pipe and a standard remote execution tool like rsh networks running.