Virtual Active Network (VAN) Architecture Prototype Implementation Version 0.2 (Linux only) Thank you for using VAN prototype implementation. Please note that this is still very experimental software and is not meant to be used in a production environment. Please also read the COPYRIGHT carefully before using the software. Version 0.2 implementation follows the architecture outlined in the VAN paper "van.pdf" in the "doc" subdirectory and is almost a complete rewrite from version 0.1. Version 0.2 incorporates as many as possible existing kernel mechanisms to carry out many of its operations; it is also laid on top of an extensible design that allows new functions to be added to the archi- tecture without having to rewrite much of the architecture itself. Version 0.2 also instruments tight security measure (through SSL) to allow it to be used in a real world setting. 1. Installation First make sure you have the following tools and kernel capabilities on your Linux system: * Tools: (1) Enhanced IP routing and network device configuration tools. For your convenience, a source RPM iproute-2.2.4-2.src.rpm is provided in the "misc" subdirectory. (2) OpenSSL toolkit. For your convenience, a source RPM openssl-0.9.5a-1.src.rpm is provided in the "misc" subdirectory. * Kernel: Your Linux kernel must be 2.2 and newer. It must have the following capabilities built in (or as loadable module): CONFIG_NETLINK This driver allows for two-way communication between certain parts of the kernel or modules and user processes. CONFIG_NET_IPGRE This tunneling driver implements GRE (Generic Routing Encapsulation). * Compilation Installation of the software should be relatively effortless as currently only Linux on x86 platform (although Linux on other architectures should also work, I don't have machines with those configuration to test it on) is supported and GNU autoconf is used to figure out certain specifics of the local environment. To build the binaries (assuming you are in the top-level directory where vanos-0.1.tar.gz is unpacked), cd src ./configure make This will produce the binaries in the src directory, vds: VAN Domain Server daemon vlm: VAN Local Manager daemon libvutil.so: VAN utility routine library libvan.so: VAN application API routine library For simplicity, it is recommanded that these files be kept in the same directory. Apart from the standard autoconf options, the following options are also recognized by "configure", --enable-debug: Enable, at compile time, terse output of debugging message of the VAN daemon; you will still need to specify "-v" option at runtime to see the messages. This option is enabled by default. 2. A Quick Start For those impatient, here is a quick procedure to test if the build is successful and the programs work on your system. The following procedure will create a VAN with two virtual nodes (VN), one on HostA, one on HostB; a virtual interface (VIF) will be created, configured and attached to each VN and a virtual link (VL) will then be created connecting the two VIFs. Schematically, +-----+ +------ | VN |VIF(10.0.0.1) (10.0.0.2)VIF| VN | client----| on =-----------------------------------= on |----server |HostA| VL |HostB| +-----+ +-----+ Once setup, a conventional client (e.g., a browser) on HostA can access a conventional server (e.g., httpd) by addressing the server with the virtual IP address, e.g., 10.0.0.2 in the diagram. In the procedure below, substitute HostA, HostB, and HostC, etc., with valid IP host names. The procedure: (1) Compile and link the test VN provided in the distribution. This VN does nothing except sitting in a loop and prints out, every 5 seconds, all active network interfaces. A more realistic VN would perform application specific packet processing such as caching, or forwarding based on URL, etc. make vntest or gcc -o vntest vntest.c -Wl,-rpath . -L. -lvan (note that "-Wl,-rpath ." records the path to libvan.so in the vntest binary so you don't have to use LD_LIBRARY_PATH if libvan.so is not installed in a standard search path) (2) On both HostA and HostB, run (as root, required) LD_PRELOAD=/usr/lib/libpthread.so ./vlm -v -n ("-v" turns on verbose mode; "-n" disables SSL which requires other setup we don't want to do now. Consult vlm.1 in the "man" subdirectory for the detailed usage of vlm) (3) On HostC, which can be either HostA or HostB or a third machine, run (root not required) ./vds -v -n ("-v" turns on verbose mode; "-n" disables SSL which requires other setup we don't want to do now. Consult vds.1 in the "man" subdirectory for the detailed usage of vds) (4) Write a simple program apitest.c using the VAN application API as follows: #include #include "vanapi.h" main() { int i; struct van_spec van_spec; struct vn_spec vn_spec; struct vif_spec vif_spec; struct vl_spec vl_spec; /* * Create a VAN namespace. VDS assumed to be local. */ van_spec.key = 0L; van_spec.ctx = NULL; if (vanmap("demo", &van_spec) == -1) perror2("vanmap"); else printf("vanmap: van_spec.key = %lu\n", van_spec.key); /* * Create a VN (vn1) on HostA */ vn_spec.key = van_spec.key; vn_spec.ctx = NULL; vn_spec.vn_loc = "HostA"; vn_spec.vn_eng = "./vntest"; vn_spec.vn_opt = NULL; if (vnfork("demo/vn1", &vn_spec) == -1) perror2("vnfork"); else printf("vnfork: success\n"); /* * Create a VN (vn2) on HostB. */ vn_spec.key = van_spec.key; vn_spec.ctx = NULL; vn_spec.vn_loc = "HostB"; vn_spec.vn_eng = "./vntest"; vn_spec.vn_opt = NULL; if (vnfork("demo/vn2", &vn_spec) == -1) perror2("vnfork"); else printf("vnfork: success\n"); /* * Plug a VIF (vif1) into vn1. */ vif_spec.key = van_spec.key; vif_spec.ctx = NULL; vif_spec.vif_type = "eth"; if (vifplug("demo/vn1/vif1", &vif_spec) == -1) perror2("vifplug"); else printf("vifplug: success\n"); /* * Configure the vif1. */ vif_spec.key = van_spec.key; vif_spec.ctx = NULL; vif_spec.vif_conf = "inet 10.0.0.2"; if (vifconfig("demo/vn1/vif1", &vif_spec) == -1) perror2("vifconfig"); else printf("vifconfig: success\n"); /* * Plug a VIF (vif2) into vn2. */ vif_spec.key = van_spec.key; vif_spec.ctx = NULL; vif_spec.vif_type = "eth"; if (vifplug("demo/vn2/vif2", &vif_spec) == -1) perror2("vifplug"); else printf("vifplug: success\n"); /* * Configure the vif2. */ vif_spec.key = van_spec.key; vif_spec.ctx = NULL; vif_spec.vif_conf = "inet 11.0.0.2"; if (vifconfig("demo/vn2/vif2", &vif_spec) == -1) perror2("vifconfig"); else printf("vifconfig: success\n"); /* * Create a vl1 connecting the vif1 and the vif2. */ vl_spec.key = van_spec.key; vl_spec.ctx = NULL; if (vlopen("demo/vn1/vif1", "demo/vn2/vif2", &vl_spec) == -1) perror2("vlop en"); else printf("vlopen: success\n"); } Compile and run the program on the same host where the VDS was run. Be sure to set the environment variable VANSECURE to false or no before running the program. gcc -g -o apitest apitest.c -Wl,-rpath . -L. -lvan After running the program, you should have a (very simple) VAN described above setup on HostA and HostB. "vntest" on HostA and HostB should print out the VIFs in addition to the conventional ones you normally see. 3. More Info Please consult documents under the doc subdirectory. All comments and suggestions are most welcome and appreciated. Flames will be "> /dev/null". Gong Su (gongsu@cs.columbia.edu) http://www.cs.columbia.edu/~gongsu Sept. 2000.