Some details about the network topology simulator

In my last post I told you I want to develop a network topology simulator, but I haven't given you any technical details about it, except for the fact I want to use Docker and OpenvSwitch, just like IMUNES already does.
The whole project was only on my mind, so I decided to take some notes about the components I have to build and about how I want to implement things.
Now, I'm sharing those notes with you.

To simulate a network topology I would have to reproduce the behavior of ISO/OSI's level 2 and level 3.
To implement level 2, I'd use OpenVSwitch, that is a SDN-based layer 2/3 switch. Links would be realized with Linux kernel's iproute, and associated with ports on OVS.
I also want to let the user specify some informations about the links, such as bandwidth, delay, MTU, etc.
Level 3 and above features are going to be implemented with Docker: containers can represent hosts running services and network devices (such as firewalls and routers).
To do this, I think I'd need to run Docker containers with all capabilities; this could represent a security issue, but I will address this later.
Since Docker

New project: SDN-based network topology simulator

Next week I'm going to start a tutoring for the Networking laboratory class at University of Milan, in Crema.
One of the most difficult tasks I had to accomplish, has been to find the right appliance to be used to teach networking concepts to students.
For the moment I've decided to use IMUNES, a software that builds network topologies on top of Docker containers and OpenvSwitch.
IMUNES is a great software, but it lacks of some functionalities I need to use (such as VLAN tagging on OpenvSwitch ports, trunking, and storage persistence for Docker containers running services), and even if it can be set up easily, its deployment required some effort due to some our environmental characteristics.
The result is that I decided to start a new project: my own network topology simulator, built on the same technologies as IMUNES, web based, multi-user and cloud ready.
I want to develop a software that developers, organizations and universities can use for testing, research, experiments and teaching purposes; it has to be elastic, scalable (cause it's cool too say to someone "my software scales well dude!"), as-a-service and obviously open-source.
Maybe I will fail, maybe it won't never work, maybe the project

Living Lab - University of Milan

As of this year I will take part at Living Lab, a pre-incubation project started at the Computer Science department of University of Milan.
The project I am currently working at is iCertify, an innovative platform that offers to professionals the opportunity to collect and share their certified competences and to headhunters the possibility to implement a certification-aware hiring process.
You can find more informations about the project here, and this is my personal page on Living Lab's website.

Dynamic multi-point VPN with OpenNHRP powered linux hub


This post aims to explain how to configure a dynamic multi-point site-to-site VPN over IPSEC between CISCO routers and a Linux machine using the NHRP protocol.
For our deployment I used a Linux machine as hub and many Cisco 8X7 devices as spokes.
If you are reading this, I think that you already know what IPSec protocol is and how it works. If don't, go read this.

Most interesting to explain are the NHRP protocol properties.
NHRP is a protocol that can be used to improve the efficiency of the routing protocols in a NBMA network. The purpose is to permit communication between two devices using the most direct route (e.g. the route with the fewest number of hops).
It is based on a query-and-reply mechanism in which all parties cooperate to build a "network knowledge table", to be used to send packets directly to the destination devices (if the devices are on the same subnet) or to an egress router linked to it.
The benefit that the NHRP protocol provides is that it reduces the number of hops that a packet has to pass through enhancing the performance of the network.


A dynamic multi-point virtual private