Forrestrun
Website System Engineers and Architects
June 2004
This article discusses how to use VMware to simulate multiple computers on a single computer and achieve the networking of multiple simulated machines in a complex network environment, the following uses zebra routing software and IPv6 as an example to test and describe it.
Why is this test required?
VMware makes sense for software developers and network maintenance personnel. It is not only because it can easily and concisely simulate a virtual machine environment for work, but also in operations that have an impact on the OS, such as network attacks and destructive experiments, if VMware is used, it will be very secure, because the impact of the virtual environment is only on a data file, and will not really cause other problems to the host hardware equipment software program. The system adjustment in the production system is not proven by test data, and the direct launch of the system rashly implies great risks, if software developers or system administrators use VMWare, such tests and research will be well suited.
In addition, many network environment tests and experiments require the use of switches (or hubs), a bunch of Network cables, and multiple test devices. When I used to conduct a network experiment with a Cisco router of the 25 series, the workload of Connecting Five Cisco routers and a bunch of Network cables was not small, and this experiment was expensive.
VMware Workstation is a virtual computer software developed by VMWare for desktop users on a single machine. With this software, you can customize multiple virtual computers to run on a real operating platform and a complex network environment based on the local conditions. Under some circumstances, you can discard the many network devices!
Another point is that there are a lot of materials to use VMWare for a single system, but the materials that focus on the virtual network environment are not very common. Here we hope to introduce them.
What is VMware?
VMware is a powerful Virtual Machine Software (http://www.vmware.com) for VMware Inc ). It has multiple versions, including gsx and ESX for servers and workstation for desktop users. We can provide a complete Ethernet environment in VMware, and even have nine vswitches available for us! For more information, see his online manual.
Lab Environment
Vro is the core device in the network. It is realistic to test and study the vro in the actual network environment. Building a complicated vro environment is costly. Using the powerful router software zebra in Linux and VMWare's virtual network, we can build our own router experiment environment and continue to expand as needed. In addition, IPv6 and other tests must use multiple network devices and use network analysis tools for analysis to better understand and learn.
1. Environment preparation:
Lab environment:
1) IBM ThinkPad r40e laptop (CPU P4 2.0g, M memory, 30 gdisk)
2) windowns XP Home Edition + SP1
3) vmware workstation 4.0.5 build-6030 + 30 days license
2. Change the Network Configuration:
After installing VMWare, I first changed the network environment of VMware (find virtual network setting in the edit menu of VMware ). The procedure is as follows:
1) Click Edit under virtual network setting... , The virtual network editor dialog box is displayed;
2) In the virtual network editor dialog box, click the button after vmnet1 in host virtual network mapping "... ", Click subnet in the pop-up menu, and then set the subnet;
3) subnet1 is set to 192.168.1.0/255.255.255.0; mnet2, vmnet3, vmnet4, vmnet8, and vmnet9 subnets are 192.168.2.0/subnet, 192.168.3.0/255.255.255.0, 192.168.4.0/255.255.255.0, 192.168.8.0/255.255.255.0, 192.168.9.0/255.255.255.0.
4) Other vmnet instances are idle. A maximum of nine subnets can be set.
3. Network customization optimization:
1) because the default installation of VMware uses IP addresses obtained through DHCP, I disabled VMware's DHCPD service after installation, and then disabled subnets to use DHCP to obtain IP addresses.
2) to allow the virtual machine to access the external network, you should set a vmnet that can use the NAT service for external access. By default, vmnet8 can access the external network through NAT. The default gateway for this subnet segment is 192.168.8.2, And the NAT service is enabled.
3) Confirm that the automatically choose an available physical network adapter to bridge to vmnet0 option of the Enable Automatic Bridge of the automatic bridging is selected.
4. Virtual Machine customization Optimization
To run multiple virtual machines on one machine, it is best to optimize each virtual machine. Based on experience, memory usage is much higher than CPU usage on virtual machines with few tasks. Therefore, we have installed the five virtual machines, namely R1, R2, R3, R4, and R5, which are based on Debian GNU/Linux. We recommend that you optimize the kernel of each virtual machine, to reduce the system overhead on the actual machine. The individual's practice is as follows:
1) Debian 3 is the simplest virtual system installed. Both the target folder and the virtual machine are named R1;
2) Add required virtual machine hardware, such as NICs;
3) Compile the bin software tool in other Debian Linux Virtual Machine environments, obtain the R1 virtual machine through SCP or FTP, and perform related configuration. I have installed some network tools such as iputils, iproute2, tcpdump, sshd, and zebra;
4) To perform IPv6 testing, compile an IPv6-supported kernel in other environments and obtain the R1 virtual;
5) Prepare for zebra: Change the. sample file to the conf file under/usr/local/ZEBRA/etc;
6) After confirming that the R1 virtual machine is ready, shut down the R1 virtual machine;
7) back up the data folder of the installation system as a permanent backup, and copy four copies named R2, R3, R4, and R5 respectively;
8) then, "Open existing virtual machines" in VMware, open the newly added four virtual machines, and change their respective vitrual machine names in option to R2, R3, respectively, r4, R5;
9) change the corresponding settings and hostname of R2, R3, R4, and R5 respectively, and change the IP address/IPv6 address accordingly.
5. Build the following network topology:
Network Configuration:
6. test:
Start the virtual machines R1 to R5 respectively, and check the connectivity of the virtual network. Check the unique virtual machine with the same network segment on each virtual machine. Take R1 as an example to perform related tests. If you want to observe the network communication process in depth, open tcpdump on the second console interface of R1 to view the information you want to observe at any time.
1) Check the NIC address ifconfig or ip command:
R1:~# ip a1: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0c:29:ae:a1:59 brd ff:ff:ff:ff:ff:ff inet 192.168.8.11/24 brd 192.168.8.255 scope global eth0 inet6 fe80::20c:29ff:feae:a159/64 scope link2: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0c:29:ae:a1:63 brd ff:ff:ff:ff:ff:ff inet 192.168.1.11/24 brd 192.168.1.255 scope global eth1 inet6 fe80::20c:29ff:feae:a163/64 scope link3: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0c:29:ae:a1:6d brd ff:ff:ff:ff:ff:ff inet 192.168.2.11/24 brd 192.168.2.255 scope global eth2 inet6 fe80::20c:29ff:feae:a16d/64 scope link4: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host5: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0
|
2) network connectivity Ping, ping6, or arping command:
R1:~# ping 192.168.8.12PING 192.168.8.12 (192.168.8.12): 56 data bytes64 bytes from 192.168.8.12: icmp_seq=0 ttl=64 time=14.0 ms64 bytes from 192.168.8.12: icmp_seq=1 ttl=64 time=1.9 ms--- 192.168.8.12 ping statistics ---4 packets transmitted, 4 packets received, 0% packet lossround-trip min/avg/max = 1.9/5.0/14.0 ms
|
Use of zebra routing software
1) Start zebra in the mode of running daemon, and zebra starts to listen to the local port 2602. The daemon processes of other routing protocols listen to different service ports (ripd listens to TCP port 2602 and udp520 respectively, ospfd listens on TCP 2604, bgpd listens on tcp179 and 2605, and ospf6d listens on TCP (IPv4 and IPv6) 2606 ).
2) Telnet from the PC machine to the zebra service of R1. the username and password are all zebra by default. Check whether the interface is as imaginary as the Cisco router. :)
3) Use R2, R3, R4, and R5 for routing experiments. Note: here we can not only use DEBUG of various routing software of zebra to observe the working process of the routing protocol, but also use tcpdump of Linux for more detailed observation.
4) Start zebrad and related Routing Protocol process services for each Virtual Machine (for better experiments, test each routing protocol separately );
5) Enable dynamic route discovery to see if all routers will be discovered in a moment?
In the vro mode, the network environment of the virtual machine is shown as follows:
6) We can make full use of our imagination to experiment with various routing protocols using so many "routers. If you have more ideas, such as serial port and parallel port communication, you can try again. :)
7) for more detailed use of zebra, please read the zebra manual and other materials.
Test environment of IPv6 Software
IPv6 is the next version of the IP protocol. With the development of network technology, IPv6 is becoming increasingly popular. Here is a simple IPv6 test to test the use of the new network established by VMware. We recommend that you open tcpdump-6 on the other console interfaces of the virtual machine to observe the IPv6 protocol.
1) IPv6 test preparation:
When installing the system, iproute and iputils are both tools that can test IPv6. In other Linux versions, IPv6 support modules are not loaded by default. Load each tool.
R1:~# modprobe ipv6 && lsmod |grep ipv6
|
If the IPv6 module is successfully loaded, perform the following steps:
R1:~# ip -6 a s1: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qlen 1000 inet6 fe80::20c:29ff:feae:a159/64 scope link2: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qlen 1000 inet6 fe80::20c:29ff:feae:a163/64 scope link3: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qlen 1000 inet6 fe80::20c:29ff:feae:a16d/64 scope link4: lo: <LOOPBACK,UP> mtu 16436inet6 ::1/128 scope host
|
2) find other IPv6 devices on the network:
IPv6 no longer supports arp. Therefore, you can use the following method to find other IPv6 devices on the network in IPv6:
R1:~# ping6 -I eth0 ff02::1PING ff02::1(ff02::1) from fe80::20c:29ff:feae:a159 eth0: 56 data bytes64 bytes from ::1: icmp_seq=1 ttl=64 time=0.200 ms64 bytes from fe80::20c:29ff:fe07:1b34: icmp_seq=1 ttl=64 time=6.22 ms (DUP!)64 bytes from fe80::20c:29ff:fe94:1776: icmp_seq=2 ttl=64 time=1.56 ms (DUP!)
|
Here, we use the local connection multicast address (Link-local multicast address) ff02: 1 in IPv6 to find other IPv6 devices on the same network. Fe80: 20c: 29ff: fe07: 1b34 and fe80: 20c: 29ff: fe94: 1776 belong to the IPv6 address of eth0 of R2 and eth0 of R3 respectively. (Because IPv6 is not enabled for R4, the corresponding IPv6 address of R4 cannot be seen)
R1:~# ping6 -I eth0 fe80::20c:29ff:fe07:1b34PING fe80::20c:29ff:fe07:1b34(fe80::20c:29ff:fe07:1b34) from fe80::20c:29ff:feae:a159 eth0: 56 da bytes64 bytes from fe80::20c:29ff:fe07:1b34: icmp_seq=1 ttl=64 time=6.10 ms64 bytes from fe80::20c:29ff:fe07:1b34: icmp_seq=2 ttl=64 time=89.1 ms--- fe80::20c:29ff:fe07:1b34 ping statistics ---3 packets transmitted, 3 received, 0% packet loss, time 2003msrtt min/avg/max/mdev = 1.835/32.373/89.185/40.209 ms
|
The Ping Command in IPv6 is the ping6 command in the iputil toolkit. Note that because there are multiple Nic interfaces, you must use-I to specify which Nic interface to use.
3) IPv6 routing discovered:
The IPv6 route table in the default route is as follows:
R1:~# ip -6 rfe80::/64 dev eth0 metric 256 mtu 1500 advmss 1440fe80::/64 dev eth1 metric 256 mtu 1500 advmss 1440fe80::/64 dev eth2 metric 256 mtu 1500 advmss 1440ff00::/8 dev eth0 metric 256 mtu 1500 advmss 1440ff00::/8 dev eth1 metric 256 mtu 1500 advmss 1440ff00::/8 dev eth2 metric 256 mtu 1500 advmss 1440default dev eth0 proto kernel metric 256 mtu 1500 advmss 1440default dev eth1 proto kernel metric 256 mtu 1500 advmss 1440default dev eth2 proto kernel metric 256 mtu 1500 advmss 1440unreachable default dev lo proto none metric -1 error -101
|
4) Test the local IPv6 Service
Linux system currently supports IPv6 server software has been a lot, commonly used software such as opensshd/sshd, Apache, bind, telnetd, iptables-ipv6, NMAP and so on. Here we use sshd as a test.
R1:~# ssh -6 ::1Host key not found from database.Key fingerprint:xobit-pihuz-gypek-lokad-leliz-hupim-pavek-pyvem-canam-nefaf-laxaxYou can get a public key's fingerprint by running% ssh-keygen -F publickey.pubon the keyfile.Are you sure you want to continue connecting (yes/no)?
|
5) ipv6-in-ipv4 Tunnel Test
Because Ipv4 has been in the network for many years, and the development of the Internet has promoted the development of IPv4, the actual situation of IPv6 in the network is that IPv6 is like an island surrounded by the IPv4 ocean, each IPv6 network connection also needs to pass through IPv4 network, the actual common has ipv6-in-ipv4 tunnel and so on. Here we use this virtual environment for a point-to-point IPv6-in-IPv4 Tunnel Experiment (R1-R2 ).
On the R1 machine:
IP-6 ADDR add 3ffe: 3200: 1/24 Dev eth0 # Set a local IPv6 address for eth0, take the test IPv6 address of CERNET as an example: IP Tunnel add 6to4 mode sit remote 192.168.8.12 local 192.168.8.11 # Add a 6to4 channel IP link set Dev 6to4 up # activate 6to4 channel IP-6 ADDR add 3ffe: 3200: 1/24 Dev 6to4 # Add a local IPv6 IP address to the channel-6 r add 3ffe: 3200: 2/24 Dev 6to4 # Add an IPv6 route using the channel device, because of the point-to-point test, the destination network is the peer IPv6 address.
|
On the R2 machine:
ip -6 addr add 3ffe:3200::2/24 dev eth0ip tunnel add 6to4 mode sit remote 192.168.8.11 local 192.168.8.12ip link set dev 6to4 upip -6 addr add 3ffe:3200::2/24 dev 6to4ip -6 r add 3ffe:3200::1/24 dev 6to4
|
You can also add IPv6 tunnel for R3, R4, and R5 for more complex tests.
On the R1 and R2 devices, run the ping6 command to view the IPv6 address of the Peer device;
On R1 and R2 devices, use the ssh-6 IPv6 address to log on to other IPv6 devices connected to point-to-point through IPv6 tunnel;
R1:~# ssh -6 3ffe:3200::2Host key not found from database.Key fingerprint:xobit-pihuz-gypek-lokad-leliz-hupim-pavek-pyvem-canam-nefaf-laxaxYou can get a public key's fingerprint by running% ssh-keygen -F publickey.pubon the keyfile.Are you sure you want to continue connecting (yes/no)? yesHost key saved to /root/.ssh2/hostkeys/key_22_3ffe:3200::1.pubhost key for 3ffe:3200::1, accepted by root Wed Mar 31 2004 19:12:51 +0800root's password:Authentication successful.R2:~# w08:16:21 up 3:02, 3 users, load average: 0.00, 0.01, 0.00USER TTY FROM LOGIN@ IDLE JCPU PCPU WHATroot pts/7 3ffe:3200::11 08:16 0.00s 0.13s 0.04s wR2:~#
|
OK, we have seen through ipv6-in-ipv4 tunnel that we have logged on to another device with an IPv6 address!
The tcpdump result of this process on R2:
08:23:35.833428 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: S 2462930696:2462930696(0) win 5760 <mss 1440,sackOK,timestamp 19066103 0,nop,wscale 0>08:23:35.835364 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047: S 1730732585:1730732585(0) ack 2462930697 win 5632 <mss[|tcp]> (encap)08:23:35.860756 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: . ack 1 win 5760 <nop,nop,timestamp 19066109 11103448>08:23:35.919035 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047: P 1:50(49) ack 1 win 5632 <nop,nop,[|tcp]> (encap)08:23:35.925164 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: . ack 50 win 5760 <nop,nop,timestamp 19066127 11103532>08:23:35.925193 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: P 1:50(49) ack 50 win 5760 <nop,nop,timestamp 19066135 11103532>08:23:35.926647 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047: . ack 50 win 5632 <nop,nop,[|tcp]> (encap)08:23:35.936087 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047: P 50:538(488) ack 50 win 5632 <nop,nop,[|tcp]> (encap)08:23:35.954300 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: P 50:546(496) ack 538 win 6432 <nop,nop,timestamp 19066165 11103549>08:23:35.994265 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047: . ack 546 win 6432 <nop,nop,[|tcp]> (encap)08:23:35.995267 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: P 546:706(160) ack 538 win 6432 <nop,nop,timestamp 19066204 11103607>08:23:35.995479 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047: . ack 706 win 6432 <nop,nop,[|tcp]> (encap)08:23:36.117795 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047: P 538:1578(1040) ack 706 win 6432 <nop,nop,[|tcp]> (encap)08:23:36.127435 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: . ack 1578 win 8320 <nop,nop,timestamp 19066260 11103731>08:23:36.127761 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047: P 1578:1610(32) ack 706 win 6432 <nop,nop,[|tcp]> (encap)08:23:36.137272 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: . ack 1610 win 8320 <nop,nop,timestamp 19066311 11103740>08:23:36.145247 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: P 706:738(32) ack 1610 win 8320 <nop,nop,timestamp 19066382 11103740>08:23:36.147153 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047: . ack 738 win 6432 <nop,nop,[|tcp]> (encap)08:23:36.151282 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: P 738:826(88) ack 1610 win 8320 <nop,nop,timestamp 19066385 11103760>08:23:36.156464 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047: . ack 826 win 6432 <nop,nop,[|tcp]> (encap)08:23:36.157473 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047: P 1610:1698(88) ack 826 win 6432 <nop,nop,[|tcp]> (encap)08:23:36.163413 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: . ack 1698 win 8320 <nop,nop,timestamp 19066396 11103770>08:23:36.163446 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: P 826:1922(1096) ack 1698 win 8320 <nop,nop,timestamp 19066399 11103770>08:23:36.178682 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047: P 1698:2810(1112) ack 1922 win 8768 <nop,nop,[|tcp]> (encap)08:23:36.182715 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: P 1922:3018(1096) ack 2810 win 11120 <nop,nop,timestamp 19066432 11103791>08:23:36.188978 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047: P 2810:3922(1112) ack 3018 win 10960 <nop,nop,[|tcp]> (encap)08:23:36.234615 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: . ack 3922 win 13344 <nop,nop,timestamp 19066491 11103802>
|
Summary
VMware is not just a simulated machine, but the network environment it provides is also a commendable real network. In combination with a variety of network tools, we will be able to implement the network you imagine more easily.
References
- Http://www.vmware.com/
- Http://www.zebra.org
- Http://www.ipv6.net.edu.cn/
- IPv6-Linux-Howto of LDP
- Developerworks Linux article "Building a network router on Linux"
About the author Forrestrun has been engaged in network teaching and has participated in many large-scale network projects. Currently, he is a well-known website system engineer and architect in China. He has been paying attention to TCP/IP, Linux, and Cisco network technologies. You can contact him through the forrestrun@163.com. |