[vde_switch] created vde_switch subdir and moved vde_switch inside it

[vde.git] / vde / README

VDE : Virtual Distributed Ethernet.

(c) 2003/2004/2005 Renzo Davoli
Based on uml-router Copyright 2002 Yon Uriarte and Jeff Dike
qemu-vde-HOWTO is (c) by Jim Brown

Notice: Virtual Distributed Ethernet is not related in any way with
www.vde.com ("Verband der Elektrotechnik, Elektronik und Informationstechnik"
i.e. the German "Association for Electrical, Electronic & Information
Technologies").

Components of the VDE architecture:
- VDE switches: virtual counterpart of ethernet switches.
- VDE cables: virtual counterpart of a crossed-cable used to connect two switches.

Using VDE:
- All units connected to the VDE see each other as they were on a real ethernet.
- A real Linux box can be connected to the VDE using a tap interface (TUNTAP)  
  (packets can be further routed using standard linux methods). 
- It is possible to join two VDE switches -- also running on different
  real conputers -- using virtual VDE cables
- UML (user-mode-linux) virtual machines can be connected to the VDE
- MPS (MIPS emulated machines (c) Morsiani/Davoli) can be connected 
to the virtual VDE.

Examples of VDE uses:
- With VDE it is possible to create a virtual network of UML machines running
on several real computer
- VDE can be used to create tunnels (even crossing masquerated networks)
- VDE can provide mobility support. Changing a VDE cable with another does not
affect the communications in place. The new VDE cable can use a completely 
different path on the real net. VDE supports also multiple concurrent VDE cables
between a pair of VDE-switches during the hand-off. This eliminates when possible
hich-ups of communications due to hand-offs.

HOWTO and command syntax:

vde-switch [ -unix control-socket ] [ -tap tuntap-device ] [ -hub ] [-daemon]
This command creates a VDE switch. 
-unix control-socket
        The control socket is the socket used for local processes to create a new
        connection. The default value is /tmp/vde.ctl.
        User-mode-linux default value is /tmp/uml.ctl, so if you want to use vde 
        with UML you can: (1) use "-unix /tmp/uml.ctl" for vde-switch (2) use 
        "eth0=daemon,,/tmp/vde.ctl" for UML 
-tap tuntap-device
        the vde-switch is connected to the specified tap interface.
        Ususally it is reserved for root as /dev/net/tun is not writable.
        (It is dangerous to have /dev/net/tun writable by ordinary users).
-hub
        the vde-switch works as a hub (all packets are broadcast on all interfaces.
-daemon
        the switch works as a daemon: it runs in background, it uses syslog 
        for error management. 

vde-plug [-g num] [socketname]
A vde-cable is composed by two vde-plug and a "cable". A vde-plug connects its
standard input and output to a switch.
socketname is the control-socket of the switch the plug must be connected to 
(default value /tmp/vde.ctl).
-g num (num > 0, num < 256) is a group number. Cables without a group number are
independent cables, cables with the same group number represent several path
for the same destination. Packet reaching a switch on a cable are never forwarded
on another cable of the same group.

dpipe cmd1 [arg1] = cmd2 [arg2]
it is the double pipe command (it is here just becouse it is not provided by
shells).
cmd1 and cmd2 are executed, the stdout of cmd1 if pipe connected to the stdin of
cmd2 and viceversa. (the symbol = is intended as a pair of communication pipes
between the two processes.

HOW TO:
- (1) SETUP A DAEMON:
(as root)
# vde_switch -tap tap0 -daemon
# ifconfig tap0 192.168.0.254
# chmod 777 /tmp/vde.ctl

if you want to have routing to the Internet you can use standard routing
commands on the host machine e.g.:
# echo "1" > /proc/sys/net/ipv4/ip_forward
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

for ipv6
# echo "1" > /proc/sys/net/ipv6/conf/eth0/forwarding 
# radvd

radvd must be configured to broadcast the correct prefix for the tap0 subnet
        
----- example of /etc/radvd.conf file
interface tap0
{
   AdvSendAdvert on;
   MaxRtrAdvInterval 120;
#put here your prefix.
   prefix 1111:2222:3333:4444::/64 
   { 
           AdvOnLink on;
           AdvAutonomous on;
           AdvRouterAddr on;
                                                               
   };
};
------ end of example

- (2) SETUP A SECOND DAEMON
(no need for root access)

% vde_switch /tmp/my.ctl

(add - daemon if you want to run it in background)

- (3) CONNECT TWO LOCAL SWITCHES TOGETHER

% dpipe vde_plug = vde_plug /tmp/my.ctl
(or
% dpipe vde_plug /tmp/my.ctl = vde_plug 
)

connects the vde_switch with ctl socket /tmp/vde.ctl with the other using
/tmp/my.ctl.

- (3) CONNECT TWO REMOTE SWITCHES TOGETHER

You need a tool to interconnect stdin stdout of two remote processes.
e.g.

% dpipe vde_plug /tmp/my.ctl = ssh remote_machine vde_plug

connects the vde_switch with ctl socket /tmp/vde.ctl on the remote_machine
with the local switch using /tmp/my.ctl.

It is possible to use other tools in place of ssh like netcat.
In this latter case the communication is not secure.

- (4) CREATION OF TUNNELS.
(it needs kernel support for policy routing)

Setup two daemon as described in (1).
In this example 192.168.0.1 is the tap0 address on the server side.
Route the traffic to the Internet on the tunnel server side.

On the tunnel client side:
        - in the example 100.200.201.202 is the IP address on eth0
        and 100.200.201.254 is the default gateway.
        - create a specific rule for the eth0 routing
                ip rule add from 100.200.201.202 table eth0-table
        (please note that eth0-table must be listed in /etc/iproute2/rt_tables)
                ip route del default via 100.200.201.254
                ip route add default via 100.200.201.254 table eth0-table
        the previous default route will be the def. route just for the
        packets originated with the eth0 inteface address.
        - connect the two vde-switch together:
                dpipe vde-plug = ssh -b 100.200.201.202 server-machine vde-plug
        - setup an appropriate IP address for tap0 interface (or get it by dhcp
                if set up on server side). (e.g. 192.168.0.10)
        - use tap0 as the default interface:
                ip route add default via 192.168.0.1

- (5) SUPPORT FOR MOBILITY

Create a tunnel like in 4 using a group number on the vde-cable:
        dpipe vde-plug -g 1 = ssh -b 100.200.201.202 server-machine vde-plug -g 1

Create a second tunnel (say on ppp0 addr. 100.100.101.102 gateway 100.100.101.254)
        # ip rule add from 100.100.101.102 table ppp0-table
        # ip route add default via 100.100.101.254 table ppp0-table

Connect the a second cable using the same group number:
        # dpipe vde-plug -g 1 = ssh -b 100.100.101.102 server-machine vde-plug -g 1
Disconnect the first cable (kill the processes of the first cable)

        All the traffic get rerouted on the new vde-cable (thus to another path
        on the rel network. Connections in place are unaffected by the change.
        Several cables of the same group can be in place during the handoff phase
        but note that this ends up in duplicated packets that can slow down
        the communication.

Please note also that the vde-switches do not manage (yet) the minimum spanning 
tree protocol thus a loop in the topology can lead to inconsistent MAC forward 
tables and to network saturation.

Copyright 2003/2004 Renzo Davoli
Acknowlegments:
Thanks to Marco Giordani, Leonardo Macchia for their useful help for debugging.
Imported code by Danny Gasparovsky, Fabrice Ballard.
Code organization, bugfixes, autotool support Mattia Belletti.