Forrest
Website System Engineers and Architects June 2004
This article explores the use of VMware to simulate multiple computers on one computer, and achieves multiple analog machines in a more complex network environment, and uses Zebra Routing Software and IPv6 as an example to test and instructions.
Why do you want this test? Use VMware for software developers and network maintenance personnel, very meaningful. It is not only that it can easily simulate a virtual machine environment for work, but also to operate some operations such as network attacks, destructive experiments, etc., if VMware will be very safe, because virtual The impact of the environment is just the impact on a data file, which does not really generate other problems with the Host host hardware device software program. The system adjustment above the production system has not been tested data, and the direct launch of the risks will impose a huge risk. If software development or system management uses VMware, it will be ideal for this type of testing and research.
In addition, many network environments test and experiments, we must use switches (or HUB), a bunch of network cables, multiple test equipment. When the author is online experiment from the 25-series router with Cisco, 5 Cisco routers and a bunch of network cables are not small, and this experiment is expensive.
VMware Workstation Version is virtual computer software developed by VMware for desktop users under stand-alone criteria. With this software, users can customize multiple virtual computers simultaneously under a real operational platform and a complex network environment. In some cases, you can abandon the big pile of network equipment!
Another point, there are currently a lot of information on a single system using VMware, but the information that pays attention to the virtual network environment is not very common, here you can want to throw the jade.
What is VMware? VMware is a powerful virtual machine software (http://www.vmware.com) for VMware INC. It has multiple versions, with GSX, ESX versions for the server, and Workstation versions for desktop users. A very complete Ethernet environment can be provided in VMware, even 9 virtual switches in VMware are available! For more information, please see his online manual.
The experimental environmental router is a core device in the network, and the test learning and research of the router in the actual network environment is reality, and a more complex router environment is consumer. With Linux's powerful router software Zebra, with VMware's Virtual Network, we can build your own router experimental environment and can continue to expand according to your needs. In addition, IPv6 and other tests must use multiple network devices and analyze the network analysis tools to better understand and learn.
1. Environmental Preparation: Experimental Environment:
1) IBM ThinkPad R40e laptop (CPU P4 2.0G, 256M memory, 30gdisk)
2) WINDOWNS XP Home Edition SP1
3) VMware Workstation 4.0.5 Build-6030 30DAYS LICENSE
2. Change the network configuration: After installed VMware, first I change the VMware's network environment (find Virtual Network Setting in VMware's EDIT menu). Proceed as follows:
1) Point EDIT under Virtual Network Setting ..., pop up the Virtual Network Editor dialog;
2) In the Virtual Network Editor dialog, the button "...", "...", "...", then pop up the Subnet, then set the subnet; 3) Subnet1 set to 192.168.1.0/255.25555.0 MNET2, VMNET3, VMNET4, VMNet8, VMNet9 subnets were 192.168.0, 192.168.3.555.455.255.455.4.0, 192.255.255.45.255.8.555.255.255.8.0, 192.168.9.0 / 255.255.255.0.
4) Other VMNets are idle, up to 9 subnets, can be set as needed.
3, Network Custom Optimization: 1) Since the default installation VMware is obtained by the IP address, I have disabled VMware's DHCPD service after installation, and then disabled the use of DHCP to obtain IP.
2) If in order to access the virtual machine to access the external network, you should set a VMNET to access the external network using the NAT service, and the default VMNET8 can access the external network through NAT. The default gateway of this subnet segment is set to 192.168.8.2 and make sure the NAT Service service starts.
3) Confirm that Automatic BridGing's Automatic Bridge's Automatic Bridge is selected.
4. Virtual Machine Tailor Optimization In order to run multiple virtual machines on a machine, it is best to do some optimization of each virtual machine. Depending on the experience of use, the demand for memory is much larger than the Utilization of the CPU in the virtual machine that operates in the virtual machine. As a result, we install these five virtual machines in the DEBIAN GNU / Linux, and it is recommended to optimize the KERNEL of each virtual machine to reduce system overhead for actual machines. Personal practices are as follows:
1) The simplest installation of virtual system Debian 3, install the target folder and the virtual machine is named R1;
2) Increase the necessary virtual machine hardware, such as NIC, etc .;
3) Software tools compiling BIN in other debian Linux virtual machine environments, get the R1 virtual machine through SCP or FTP, etc., and do related configurations. Here I have installed some network tools such as Iputils, iProute2, Tcpdump, SSHD, ZEBRA, etc.
4) In order to do IPv6 testing, compiling a KERNEL that supports IPv6 in other environments also gets the R1 virtual;
5) Prepare for Zebra: Change the .sample file as conf file under / usr / local / zebra / etc;
6) Confirm that the R1 virtual machine is ready to turn off the R1 virtual machine;
7) Then place this installation system's data folder as a permanent backup, copy 4 copies, named R2, R3, R4, R5, respectively;
8) Then "Open Existing Virtual Machines" in VMware opens this newly added 4 virtual machines and changes their respective Vitrual Machine Names in Option to R2, R3, R4, R5, respectively;
9) Change the corresponding settings of R2, R3, R4, R5, and change the IP address / IPv6 address, etc., respectively.
5. Build the following network topology map:
Network configuration:
6. Test: Start the virtual machine of R1 to R5, and check the Unicom of the virtual network. Check other virtual machines of the unique network segment in each virtual machine to do related tests as the R1. If you want to have more deep observation about the communication process of the network, open TCPDUMP in the second console interface of R1, check the information you want to observe at any time. 1) Detect NIC address ifconfig or IP command:
R1: ~ # ip a
1: Eth0:
LINK / Ether 00: 0C: 29: AE: A1: 59 BRD FF: FF: FF: FF: FF: FF
inet 192.168.8.11/24 brd 192.168.8.255 Scope global eth0
INET6 Fe80 :: 20c: 29ff: Feae: a159 / 64 Scope Link
2: Eth1:
LINK / Ether 00: 0C: 29: AE: A1: 63 BRD FF: FF: FF: FF: FF: FF
inet 192.168.1.11/24 brd 192.168.1.255 scope global eth1
INET6 Fe80 :: 20c: 29ff: Feae: a163 / 64 Scope Link
3: Eth2:
Link / ether 00: 0c: 29: AE: A1: 6D BRD FF: FF: FF: FF: FF: FF
inet 192.168.2.11/24 brd 192.168.2.255 Scope global eth2
INET6 Fe80 :: 20c: 29ff: Feae: A16D / 64 Scope Link
4: Lo:
Link / loopBack 00: 00: 00: 00: 00: 00: 00: 00: 00: 00:
INET 127.0.0.1/8 Scope Host LO
INET6 :: 1/128 Scope Host
5: SIT0:
LINK / SIT 0.0.0.0 BRD 0.0.0.0
2) Network Unicom PING or PING6 or ARPING command:
R1: ~ # ping 192.168.8.12
Ping 192.168.8.12 (192.168.8.12): 56 Data Bytes
64 bytes from 192.168.8.12: ICMP_SEQ = 0 TTL = 64 TIME = 14.0 MS
64 bytes from 192.168.8.12: ICMP_SEQ = 1 TTL = 64 TIME = 1.9 ms
--- 192.168.8.12 ping statistics ---
4 Packets Transmitted, 4 Packets Received, 0% Packet LOSS
Round-Trip Min / Avg / Max = 1.9 / 5.0 / 14.0 ms
Zebra Routing Software Use 1) to start zebra in the run of Daemon, Zebra begins to listen to the local 2602 port, and the DAEMON process of each routing protocol monitors different service ports (RIPD monitors TCP 2602 and UDP520 ports, OSPFD monitors TCP 2604 port, BGPD monitors the 2606 port of TCP179 port and 2605 port, OSPF6D listening TCP (IPv4 and IPv6)). 2) From the ZEBRA service of Telnet to R1 from the PC machine, the username password is Zebra by default, and the interface is not as little as Cisco's router. :)
3) Use R2, R3, R4, and R5 to do routing experiments. Note that this is not only possible to use the DEBUG of the various routing software of Zebra to observe the working process of the routing protocol, and can also take more detailed observations using Linux TCPDUMP.
4) Start the Zebrad and related routing protocol process services (for better experiments, each routing protocol);
5) Open the dynamic routing discovery, see if all routers are discovered for a while? :)
The virtual machine network environment is represented by router mode:
6) We can make full imagination, using so many "routers" experiments, various routes. If you have more ideas, such as using serial ports, parallel communication can also be tried. :)
7) Zebra More detailed use, please read Zebra's manual and other information.
IPv6 software Test Environment IPv6 is the next version of the IP protocol, and with the development of network technology, it is increasingly entering everyone's sight. Here is a simple IPv6 test to verify the newly established network with VMware. It is recommended to open TCPDUMP-6 detailed observation of the IPv6 protocol work in detail in other Console interfaces of the test virtual machine.
1) IPv6 test preparation: IPROUTE and IPUTILS have been installed when installing the system, which can be tested for IPv6, and the part of the Linux version is not loaded with the IPv6 support module by default. Please load it at each.
R1: ~ # modprobe ipv6 && lsmod | grep ipv6
If you successfully load the IPv6 module, please do the following
R1: ~ # ip -6 a s
1: eth0:
INET6 Fe80 :: 20c: 29ff: Feae: a159 / 64 Scope Link
2: Eth1:
INET6 Fe80 :: 20c: 29ff: Feae: a163 / 64 Scope Link
3: Eth2:
INET6 Fe80 :: 20c: 29ff: Feae: A16D / 64 Scope Link
4: LO:
INET6 :: 1/128 Scope Host
2) Discover other IPv6 devices on the network:
The IPv6 protocol will no longer support the ARP protocol, so other IPv6 devices on the network can be used in IPv6 to use the following:
R1: ~ # ping6 -i eth0 ff02 :: 1
Ping ff02 :: 1 (ff02 :: 1) from Fe80 :: 20c: 29ff: Feae: a159 eth0: 56 data bytes
64 BYTES from :: 1: ICMP_SEQ = 1 TTL = 64 TIME = 0.200 ms
64 bytes from Fe80 :: 20c: 29ff: Fe07: 1B34: ICMP_SEQ = 1 TTL = 64 TIME = 6.22 MS (DUP!) 64 BYTES from Fe80 :: 20c: 29ff: Fe94: 1776: ICMP_SEQ = 2 TTL = 64 TIME = 1.56 ms (DUP!)
Here, the Link-Local Multicast Address ff02 :: 1 is found in IPv6 to find other IPv6 devices on the network. The Fe80 :: 20c: 29ff: Fe07: 1B34 and Fe80: FE07: 29FF: Fe94: 1776 belongs to the IPv6 address of the Eth0 of R2 and the Eth0 address of R3. (Since R4 does not open IPv6, the corresponding IPv6 address of R4 will not be seen)
R1: ~ # ping6 -i eth0 Fe80 :: 20c: 29ff: Fe07: 1B34
Ping Fe80 :: 20c: 29ff: Fe07: 1B34 (Fe80 :: 20c: 29ff: fe07: 1b34) from Fe80 :: 20c: 29ff: Feae: a159 eth0: 56 da bytes
64 bytes from Fe80 :: 20c: 29ff: Fe07: 1b34: ICMP_SEQ = 1 TTL = 64 TIME = 6.10 ms
64 bytes from Fe80 :: 20c: 29ff: Fe07: 1B34: ICMP_SEQ = 2 TTL = 64 TIME = 89.1 MS
--- Fe80 :: 20c: 29ff: Fe07: 1B34 ping statistics ---
3 Packets Transmitted, 3 Received, 0% Packet Loss, Time 2003ms
RTT min / avg / max / mdev = 1.835 / 32.373 / 89.185 / 40.209 ms
The ping command in IPv6 is the ping6 command in the IPUTIL toolkit. It must be noted because there are multiple NIC interfaces that must be used to specify which network card interface.
3) Discover IPv6 routing:
The IPv6 routing table in the default route is as follows:
R1: ~ # ip -6 r
Fe80 :: / 64 dev eth0 metric 256 MTU 1500 Advms 1440
Fe80 :: / 64 Dev Eth1 Metric 256 MTU 1500 Advms 1440
Fe80 :: / 64 dev eth2 metric 256 MTU 1500 Advms 1440
FF00 :: / 8 Dev Eth0 Metric 256 MTU 1500 Advmss 1440
FF00 :: / 8 Dev Eth1 Metric 256 MTU 1500 Advmss 1440
FF00 :: / 8 Dev Eth2 Metric 256 MTU 1500 Advmss 1440
Default dev eth0 proto kernel metric 256 MTU 1500 Advms 1440
Default dev eth1 proto kernel metric 256 MTU 1500 Advms 1440
Default dev eth2 proto kernel metric 256 MTU 1500 Advms 1440
Unreachable default dev lo proto none metric -1 error -101
4) Test the local IPv6 service
The Linux system currently supports IPv6 server software has been very large, common software such as OpenSshd / Sshd, Apache, Bind, Telnetd, Iptables-IPv6, NMAP, etc. Here is a test with SSHD. R1: ~ # ssh-6 :: 1
Host Key Not Found from Database.
Key fingerprint:
XOBIT-PIHUZ-GYPEK-LOKAD-LELIZ-HUPIM-PAVEK-PYVEM-CANAM-Nefaf-Laxax
You Can Get a public key's fingerprint by running
% ssh-keygen -f publickey.pub
On the keyfile.
Are you sure you want to continche connecting (yes / no)?
5) IPv6-in-ipv4 tunnel test
Since IPv4 has already achieved many years in the network, and the development of the Internet has more prompted IPv4 development, the actual situation of IPv6 in the network is IPv6 like an ocean surrounded by IPv4, and each IPv6 network needs to pass IPv4 network. In practice, there are commonly known IPv6-In-IPv4 tunnels. This virtual environment is used to perform an experiment (R1-R2) of the IPv6-In-IPv4 Tunnel (R1-R2).
On the R1 machine:
IP -6 AddR Add 3ffe: 3200 :: 1/24 Dev Eth0 # Set a local IPv6 address to the ETH0, take the CERNET's test IPv6 address as an example
IP Tunnel Add 6to4 Mode Sit Remote 192.168.8.12 Local 192.168.8.11 # Add a 6TO4 channel
IP Link Set DEV 6TO4 UP # Activate 6to4 Channel
IP -6 AddR Add 3ffe: 3200 :: 1/24 DEV 6TO4 # Add local IPv6 address to channels
IP-6 R Add 3ffe: 3200 :: 2/24 DEV 6TO4 # Add to use the channel device's IPv6 route, due to the test of the point-to-point point, the destination network is the peer IPv6 address.
On the R2 machine:
IP -6 AddR Add 3ffe: 3200 :: 2/24 dev eth0
IP Tunnel Add 6to4 Mode Sit Remote 192.168.8.11 Local 192.168.8.12
IP Link Set DEV 6TO4 UP
IP -6 AddR Add 3ffe: 3200 :: 2/24 DEV 6TO4
IP-6 R Add 3ffe: 3200 :: 1/24 DEV 6TO4
IPv6 Tunnels of R3, R4, R5 can also be added for more complex testing.
On the R1 and R2 devices, use the ping6 command to view the peer IPv6 address to arrive;
On the R1 and R2 devices, use the SSH-6 IPv6 address via the IPv6 Tunnel login point to other IPv6 devices;
R1: ~ # ssh -6 3ffe: 3200 :: 2
Host Key Not Found from Database.
Key fingerprint:
XOBIT-PIHUZ-GYPEK-LOKAD-LELIZ-HUPIM-PAVEK-PYVEM-CANAM-Nefaf-Laxax
You Can Get a public key's fingerprint by running
% ssh-keygen -f publickey.pub
On the keyfile.
Are you sure you want to turnue connecting (yes / no)? Yeshost Key Saved to /Root/.ssh2/hostkeys/key_22_3ffe:3200::1.pub
Host Key for 3ffe: 3200 :: 1, ACCEPTED by Root Wed Mar 31 2004 19:12:51 0800
Root's Password:
Authentication surcessful.
R2: ~ # w
08:16:21 Up 3:02, 3 Users, Load average: 0.00, 0.01, 0.00
User Tty from login @ idle jcpu pcpu what
Root PTS / 7 3ffe: 3200 :: 11 08:16 0.00S 0.13S 0.04S W
R2: ~ #
OK, we have seen the IPv6-in-IPv4 Tunnel to see we log in to another device using the IPv6 address!
This process is tcpdump results on R2:
08: 23: 35.833428 3ffe: 3200 :: 2.1047> 3ffe: 3200 :: 1.ssh: s 2462930696: 2462930696 (0) WIN 5760
08: 23: 35.8.12> 192.168.8.11: 3ffe: 3200 :: 1.Ssh> 3ffe: 3200 :: 2.1047: S 1730732585: 1730732585 (0) ACK 2462930697 WIN 5632
08: 23: 35.860756 3ffe: 3200 :: 2.1047> 3ffe: 3200 :: 1.ssh:. ACK 1 WIN 5760
08: 23: 35.8.12> 192.168.8.11: 3ffe: 3200 :: 1.ssh> 3ffe: 3200 :: 2.1047: P 1:50 (49) ACK 1 WIN 5632
08: 23: 35.925164 3ffe: 3200 :: 2.1047> 3ffe: 3200 :: 1.ssh:. ACK 50 WIN 5760
08: 23: 35.925193 3ffe: 3200 :: 2.1047> 3ffe: 3200 :: 1.ssh: p 1:50 (49) ACK 50 WIN 5760
08: 23: 35.8.12> 192.168.8.11: 3ffe: 3200 :: 1.SSH> 3ffe: 3200 :: 2.1047:. ACK 50 WIN 5632
08: 23: 35.8.12> 192.168.8.11: 3ffe: 3200 :: 1.ssH> 3ffe: 3200 :: 2.1047: P 50: 538 (488) ACK 50 WIN 5632
08: 23: 3200 :: 2.1047> 3FFE: 3200 :: 1.Ssh: P 50: 546 (496) ACK 538 WIN 6432
08: 23: 35.995267 3ffe: 3200 :: 2.1047> 3ffe: 3200 :: 1.Ssh: P 546: 706 (160) ACK 538 WIN 6432
08: 23: 35.8.12> 192.168.8.11: 3ffe: 3200 :: 1.SSH> 3ffe: 3200 :: 2.1047:. ACK 706 WIN 6432
08: 23: 36.11: 3FFE: 3200 :: 1.Ssh> 3ffe: 3200 :: 2.1047: P 538: 1578 (1040) ACK 706 WIN 6432
08: 23: 36.127435 3ffe: 3200 :: 2.1047> 3ffe: 3200 :: 1.ssh:. ACK 1578 WIN 8320
08: 23: 36.12> 192.168.8.11: 3ffe: 3200 :: 1.Ssh> 3ffe: 3200 :: 2.1047: P 1578: 1610 (32) ACK 706 WIN 6432
08: 23: 36.137272 3ffe: 3200 :: 2.1047> 3ffe: 3200 :: 1.ssh:. ACK 1610 WIN 8320
08: 23: 3200 :: 2.1047> 3FFE: 3200 :: 1.Ssh: P 706: 738 (32) ACK 1610 WIN 8320
08: 23: 36.14> 192.168.8.12> 192.168.8.11: 3ffe: 3200 :: 1.ssh> 3ffe: 3200 :: 2.1047:. ACK 738 WIN 6432
08: 23: 3200 :: 2.1047> 3FFE: 3200 :: 1.Ssh: P 738: 826 (88) ACK 1610 WIN 8320
08: 23: 36.11: 3ffe: 3200 :: 1.Ssh> 3ffe: 3200 :: 2.1047:. ACK 826 WIN 6432
08: 23: 36.11: 3FFE: 3200 :: 1.Ssh> 3ffe: 3200 :: 2.1047: P 1610: 1698 (88) ACK 826 WIN 6432
08: 23: 3200 :: 2.1047> 3FFE: 3200 :: 1.Ssh: P 826: 1922 (1096) ACK 1698 WIN 8320
08: 23: 36.11: 3ffe: 3200 :: 1.Ssh> 3ffe: 3200 :: 2.1047: P 1698: 2810 (1112) ACK 1922 WIN 8768
08: 23: 3200 :: 2.1047> 3FFE: 3200 :: 1.Ssh: P 19200: 3018 (1096) ACK 2810 WIN 11120
08: 23: 36.11: 3FFE: 3200 :: 1.SSH> 3ffe: 3200 :: 2.1047: P 2810: 3922 (1112) ACK 3018 WIN 10960
08: 23: 36.234615 3ffe: 3200 :: 2.1047> 3ffe: 3200 :: 1.ssh:. ACK 3922 WIN 13344
Summary VMware is not only an analog machine, but the network environment it provides is also a truly real network, with a variety of network tools, our network will be more easier to implement.
Reference
http://www.zebra.com/ http://www.ipv6.org http://www.ipv6.net.edu.cn/ LDP IPv6-Linux-Howto DeveloperWorks Linux Article "Build Network Routers on Linux "
Regarding the author forrestrun, engaged in network teaching and participating in large network projects, currently paying attention to TCP / IP technology, Linux and Cisco network technology for a famous website system engineer and architect. You can contact him via forrestrun@163.com.