Corso di Reti di Calcolatori II

Transcription

1 Corso di Reti di Calcolatori II Distributed network testbeds and network emulation systems Prof. Roberto Canonico a.a. 2007/2008 The evaluation spectrum 2 numerical models simulation emulation prototype operational system Live testing 1

2 Evaluation environments 3 Simulation + high level of control + repeatable experiments - difficult to accurately capture all aspects of the network traffic models may be incorrect interaction of protocols accuracy of protocol implementation Live Testing + very accurate model of the network + no conversion of simulated applications needed - low level of control more difficult to create reproducible results - difficult to introduce new protocol behaviour - often just a wire Emulation systems PlanetLab 2

3 What is PlanetLab 5 Planetary-scale distributed testbed for broad-coverage network services Planetlab is intended to support seamless migration of an application from an early prototype, through multiple design iterations, to a popular service that continues to evolve. PlanetLab currently consists of 832 nodes at 410 sites (Nov. 29, 2007) PlanetLab Architecture 6 Node-level Several virtual machines on each node, each running a different service Resources distributed fairly Services are isolated from each other Network-level Node managers, agents, brokers, and service managers provide interface and maintain PlanetLab 3

4 Services Run in Slices 7 PlanetLab Nodes Services Run in Slices 8 PlanetLab Nodes Virtual Machines Service / Slice A Instance of Slice A in node N is called a sliver 4

5 Services Run in Slices 9 PlanetLab Nodes Virtual Machines Service / Slice A Service / Slice B Services Run in Slices 10 PlanetLab Nodes Virtual Machines Service / Slice A Service / Slice B Service / Slice C 5

6 Slices 11 Slices 12 6

7 User Opt-in 13 Client NAT Server Per-Node View 14 Node Mgr Local Admin VM 1 VM 2 VM n Virtual Machine Monitor (VMM) 7

8 Global View 15 PLC PlanetLab Architecture 16 PlanetLab Central Princeton, NJ Site A Internet Site B Site C 8

9 PlanetLab Central 17 Database server Primary information store Sites, nodes, users, events, configuration API server Database frontend Authentication, programmatic interface Web server API frontend User GUI, administrative interface Boot server Secure software distribution Optional servers PlanetFlow, Mail, Support, Spam/AV, Monitor, DNS, Build, CVS, QA Outside the scope of the architecture Node Architecture Goals 18 Provide a virtual machine for each service running on a node Isolate virtual machines Allow maximal control over virtual machines Fair allocation of resources Network, CPU, memory, disk achieved through virtualization 9

10 One Extreme of virtualization: Software Runtime 19 e.g., Java Virtual Machine High level API Depend on OS to provide protection and resource allocation Not flexible Other Extreme of virtualization: Complete Virtual Machine 20 e.g., VMware Low level API (hardware) Maximum flexibility Excellent protection High CPU/Memory overhead Cannot share common resources among virtual machines OS, common filesystem 10

11 PlanetLab Virtualization: VServers 21 Kernel patch to mainstream OS (Linux) Gives appearance of separate kernel for each virtual machine Root privileges restricted to activities that do not affect other vservers Some modification: resource control (e.g., File handles, port numbers) and protection facilities added PlanetLab Network Architecture 22 Node manager (one per node) Create slices for service managers When service managers provide valid tickets Allocate resources for vservers Resource Monitor (one per node) Track node s available resources Tell agents about available resources 11

12 PlanetLab Network Architecture 23 Agents (centralized) Track nodes free resources Advertise resources to resource brokers Issue tickets to resource brokers Tickets may be redeemed with node managers to obtain the resource PlanetLab Network Architecture 24 Resource Broker (per service) Obtain tickets from agents on behalf of service managers Service Managers (per service) Obtain tickets from broker Redeem tickets with node managers to acquire resources If resources can be acquired, start service 12

13 PlanetLab Virtual Machines: VServers 25 Extend the idea of chroot(2) New vserver created by system call Descendent processes inherit vserver Unique filesystem, SYSV IPC, UID/GID space Limited root privilege Can t control host node Irreversible Scalability 26 Reduce disk footprint using copy-on-write Immutable flag provides file-level CoW Vservers share 508MB basic filesystem Each additional vserver takes 29MB Increase limits on kernel resources (e.g., file descriptors) Is the kernel designed to handle this? (inefficient data structures?) 13

14 Protected Raw Sockets 27 Services may need low-level network access Cannot allow them access to other services packets Provide protected raw sockets TCP/UDP bound to local port Incoming packets delivered only to service with corresponding port registered Outgoing packets scanned to prevent spoofing ICMP also supported 16-bit identifier placed in ICMP header Resource Limits 28 Node-wide cap on outgoing network bandwidth Protect the world from PlanetLab services Isolation between vservers: two approaches Fairness: each of N vservers gets 1/N of the resources during contention Guarantees: each slice reserves certain amount of resources (e.g., 1Mbps bandwidth, 10Mcps CPU) Left-over resources distributed fairly 14

15 Linux and CPU Resource Management 29 The scheduler in Linux provides fairness by process, not by vserver Vserver with many processes hogs CPU No current way for scheduler to provide guaranteed slices of CPU time Network emulation 15

16 What is Emulation? 31 Network emulation aims to combine the best properties of both simulation and live testing Ability to introduce the simulator into a live net Application: Allows testing real-world implementations Allows testing simulated protocols Requirements: Scheduler support Packet capture and generation capabilities Scheduler 32 A simulator operates in virtual time using eventdriven simulation Real-time scheduler Does not advance the virtual clock to next event Dispatches event at real-time 16

17 Existing Work in TCP/IP Network Emulation 33 Kernel based emulators NIST Net Linux based kernel module Supports input from applications or packet traces Dummynet Free BSD based NS2 emulator BSD based Entrapid Supports virtual kernels (currently Free BSD) Trends in Network emulation 34 To emulate large scale networks, several cluster-based emulation systems have been developed Univ. of Utah Univ. of Stuttgart Open Network Univ. of Virginia Tech. UCLA Univ. of Napoli Cluster nodes are used to emulate the behaviour of network devices and end-systems To increase scalability, physical resources are multiplexed, so to create several logical instances E.g. a single cluster node may emulate three different routers Two problems arise: node multiplexing link multiplexing These problems may be solved by means of virtualization techniques 17

18 Hardware virtualization techniques 35 The main purpose of virtualization techniques is to hide the physical characteristics of computing resources Virtualization can be applied to: single physical resources complete computing systems (Platform Virtualization) (At least) two approaches to virtualization: Full Virtualization implements in software a full virtual replica of the emulated system s hardware Full Virtualization can run an unmodified OS, at a cost of a reduced performance Paravirtualization implements a software interface that is similar but not identical to the underlying hardware Paravirtualization is more scalable but requires OS to be modified Node and link multiplexing 36 Node multiplexing is the problem of emulating more than a network node on the same physical cluster node Hardware virtualization techniques may be adopted (VMWare, Xen, Jails, VServer, OpenVZ, ) Link multiplexing is the problem of emulating multiple point-to-point connections on top of one or more shared Ethernet LANs Switched VLANS Emulate multiple point-to-point connections on top of one or more shared Ethernet LANs Virtualization techniques As long as they are able to create multiple instances of the kernel TCP/IP stack 18

19 Link multiplexing 37 Ns2 as a Network Emulator 19

20 Emulation Objects 39 Interface between ns and network traffic Network Objects Access to live network via BPF and raw sockets Tap Objects Conversion between ns and network packet formats Capture: BPF network to ns ns ns to network Inject: Raw socket Modes of Operation 40 Packet conversion leads to two modes of operation Opaque Mode Network packet fields are not interpreted Protocol Mode Network packet is interpreted TTL values reflect hop count in simulator Network packet fields are generated Ping responder, TCP application 20

21 Opaque Mode 41 Network packet is passed unmodified through simulator Extern Source Destination Size Ns packet contains a pointer to the network packet Source Destination Size Data ns Read packets Write packets Network Packet Network Protocol Mode 42 Network packet fields are generated by the simulator Source Destination Size The ns packet header is mapped onto the network packet header and visa versa. Source Destination Size Data Network Packet Host A ns TCP Agent TCP Application Host B Send/receive packets from application Network Send/receive packets from ns 21

22 Applications 43 Opaque Mode Cross-traffic interaction leading to drop, delay and reordering of packets End to End application testing Protocol Mode Protocol and conformance testing Evaluate effect of DDoS attacks Wireless networks Example: Setup 44 Goal: Make a ns TCP agent interact with a TCP server A B port 8000 nse TCP server Disable IP forwarding sysctl w net.inet.ip.forwarding=0 Assign and 6000 to TCP agent Switch Add route to dummy IP address route add Disable IP redirects sysctl w net.inet.ip.redirect=0 22

23 Example Script 45 set ns [new Simulator] $ns use-scheduler RealTime set entry_node [$ns node] set tcp_node [$ns node] $ns duplex-link $entry_node \ $tcp_node 10Mb 1ms DropTail set tcp [new Agent/TCP/FullTcp] $ns attach-agent $tcp_node $tcp Activate ns and Change to real-time scheduler Create topology Create TCP Agent TCP Agent TCPTap BPF tcp_node entry_node TCPTap RawSocket Example Script 46 set bpf [new Network/Pcap/Live] set dev [$bpf open readonly eth0] $bpf filter "src and src port 8000 \ and dst and dst port 6000 set capture_tap [new Agent/TCPTap] $capture_tap network $bpf $ns attach-agent $entry_node $capture_tap $ns simplex-connect $capture_tap $tcp set rawsocket [new Network/IP] $rawsocket open writeonly set inject_tap [new Agent/TCPTap] $inject_tap advertised-window 512 $inject_tap extipaddr " $inject_tap extport 8000 $inject_tap network $rawsocket $ns attach-agent $entry_node $inject_tap $ns simplex-connect $tcp $inject_tap 23

24 Example Script 47 $ns at 0.01 "$tcp advance 1" $ns at 20.0 exit 0" $ns run start nse A TCP Agent B TCP Server (8000) BPF Raw Socket Switch Further Information on ns2 as emulator 48 Scripts ~ns/emulate Opaque Mode: em.tcl Protocol Mode thrutcp.tcl pingdemo.tcl tcpemu.tcl Kevin Fall, Network Emulation in the Vint/NS Simulator, ISCC July

25 Emulab A Laboratory Is Not Enough 50 testbeds give you lots of resources but offer little help in using those resources package / distribute / configure / instrument / init / execute / monitor / stop / collect / analyze / archive / revise / repeat Emulab goal is to provide support for automatic setup of several concurrent experiments on a cluster infrastructure Emulab has been created at Univ. of Utah (US) 25

26 Emulab: two emulation goals Accurate: Provide artifact-free environment 2. Universal: Run arbitrary workload: any OS, any code on routers, any program, for any user Therefore, Emulab s default resource allocation policy is conservative: Allocate full real node and link: no multiplexing Assume maximum possible traffic Emulab: experiment 52 Acts as central operational entity Represents Network configuration, including nodes and links Node state, including OS images Database entries, including event lists Lasts minutes to days, to weeks, to forever! 26

27 Experiment Life Cycle 53 Specification Parsing Global resource allocation Node self-configuration Experiment control Preemption and swapping Classic Experiments 54 topology + SW (by reference) + events expt. DB 27

28 Experiment Life Cycle 55 Global Node Experiment Specification Resource Self-Configuration Parsing Swap Out InControl Allocation $ns duplex-link $A $B 1.5Mbps 20ms A B DB A BA B ns Specification 56 ns: de-facto standard in network simulation, built on Tcl Important features: Graceful transition for ns users Power of general-purpose programming language Other means of specification: Java GUI Standard topology generators 28

29 assign: Mapping Local Cluster Resources 57 Maps virtual resources to local nodes and VLANs General combinatorial optimization approach to NP-complete problem Based on simulated annealing Minimizes inter-switch links & number of switches & other constraints All experiments mapped in less than 3 secs [100 nodes] Riferimenti