Some details about the network topology simulator

In my last post I told you I want to develop a network topology simulator, but I haven't given you any technical details about it, except for the fact I want to use Docker and OpenvSwitch, just like IMUNES already does.
The whole project was only on my mind, so I decided to take some notes about the components I have to build and about how I want to implement things.
Now, I'm sharing those notes with you.

To simulate a network topology I would have to reproduce the behavior of ISO/OSI's level 2 and level 3.
To implement level 2, I'd use OpenVSwitch, that is a SDN-based layer 2/3 switch. Links would be realized with Linux kernel's iproute, and associated with ports on OVS.
I also want to let the user specify some informations about the links, such as bandwidth, delay, MTU, etc.
Level 3 and above features are going to be implemented with Docker: containers can represent hosts running services and network devices (such as firewalls and routers).
To do this, I think I'd need to run Docker containers with all capabilities; this could represent a security issue, but I will address this later.
Since Docker

Dynamic multi-point VPN with OpenNHRP powered linux hub


This post aims to explain how to configure a dynamic multi-point site-to-site VPN over IPSEC between CISCO routers and a Linux machine using the NHRP protocol.
For our deployment I used a Linux machine as hub and many Cisco 8X7 devices as spokes.
If you are reading this, I think that you already know what IPSec protocol is and how it works. If don't, go read this.

Most interesting to explain are the NHRP protocol properties.
NHRP is a protocol that can be used to improve the efficiency of the routing protocols in a NBMA network. The purpose is to permit communication between two devices using the most direct route (e.g. the route with the fewest number of hops).
It is based on a query-and-reply mechanism in which all parties cooperate to build a "network knowledge table", to be used to send packets directly to the destination devices (if the devices are on the same subnet) or to an egress router linked to it.
The benefit that the NHRP protocol provides is that it reduces the number of hops that a packet has to pass through enhancing the performance of the network.


A dynamic multi-point