VNS information
From Comp519
With thanks to the Stanford High Performance Network Group at http://yuba.stanford.edu/vns.
Contents |
Introduction
VNS was developed at Stanford to simplify the problem of teaching how to implement Internet routers to a large undergraduate networking class. It is designed to allow students to gain hands on experience with routing actual Internet traffic using standard Internet clients. Instead of using a simulation environment or setting up a small physical network per student, they developed VNS which emulates network topologies (virtual topologies) that can be integrated with physical networks. All traffic seen by the virtual topologies is forwarded to user-level programs written by the students which can then drop, inspect, and/or modify the packets and re-inject them back into the network.
The VNS is comprised of two components.
- The VNS Server which runs in the High Performance Network Group's lab at Stanford
- A number of VNS clients which connect to the server
VNS Server
The VNS server is a user-level application which runs on a PC that is positioned between the Internet and a number of standard Internet servers which run basic internet services such as HTTP, ftp and ssh. The physical configuration of the VNS server is shown below.
The server is configured to emulate one or more (up to 216) topologies. Each topology consists of one or more virtual hosts (each with one or more virtual interfaces) and their connectivity to each other and to the physical network. A simple topology with a single virtual host is shown below.
The virtual host has three interfaces, each one "connected" to a physical interface on the network. The VNS intercepts all traffic between the firewall (Internet) and the application servers. If, by inspecting the source/destination of the packet, the VNS determines the packet can be seen by the virtual host, it will forward the packet to a VNS client (if one exists for this host) over a standard TCP socket so that the client may handle it in user space.
VNS Client
VNS clients are programs that run in user space and connect to the VNS Server via standard TCP sockets. Each client can "reserve" a virtual host on any given topology. If the virtual host is not currently reserved, the server will forward all packets that can be seen by that host to the client. The client may, as well, send packets to the server to inject back into the network specifying which interface to send the packet out of. The client is now functioning effectively as if it were directly on the network with full access to all traffic seen by the virtual host.
VNS in Practice
The power of VNS is not demonstrated with a single topology consisting of one virtual host. Using the same physical setup as previously shown, VNS can emulate thousands of completely isolated arbitrarily complex topologies. That is, each student in a large class could connect with a VNS client to the VNS server and would only see the traffic destined to his or her topology. Multiple students may, as well, connect to different virtual hosts in the same topology. This is somewhat analogous to virtual memory, that is, using the same physical network, each virtual network is (almost completely) isolated from another and can be arbitrarily large and complex in size. The following figure shows the logical view of VNS hosting three different topologies on the same physical setup.
Generating Network Traffic
Once you have a functioning VNS client, you can easily create traffic for it by accessing the Internet servers as you would any other server. The servers at Stanford will respond to a different IP address for each topology. So, if you access the servers using that IP address, the traffic will traverse the Internet, flow through your topology in VNS, be routed to the server (assuming your client is working correctly), and the server will respond back through your topology in VNS. In this way, your VNS client is routing real network traffic between your computer and the servers at Stanford.
VNS and this documentation were produced by the Stanford University High Performance Network Group.
