IMUNES: how to export changes made to an experiment - Part 2

Screenshot

Today I've written again from scratch the two BASH scripts to export changes made in IMUNES, this time using Python.
I've built a UI with GTK3 using Glade, and I've organized the code in a more clean and safe way.
Docker management is done via the official library docker-py.

Install

The software is available on GitHub: https://github.com/patriziotufarolo/ImunesExperimentExporter

So:

  • Clone the repository and browse it
git clone https://github.com/patriziotufarolo/ImunesExperimentExporter  
cd ImunesExperimentExporter  
  • Install dependencies through Pip
pip install -r requirements.txt  
  • Install the software by calling
sudo python2 setup.py install  
  • Enjoy the software calling it with the command
imunes-export  

You need to have Docker configured for listening on UNIX socket (at the path /var/run/docker.sock). Please note that in a normal environment this socket file is owned by root and docker group, so it could be needed to run imunes-export with root or docker group privileges.

Export a topology

You can choose to export a single container or the whole experiment.
The execution flow is the same as the last time.

  1. Draw a topology
  2. Run the experiment
  3. Make changes you want to make (e.g. configurations, your files, etc.)
  4. Use my software

IMUNES: how to export changes made to an experiment

These are two snippets I've written in BASH in the last few days to allow IMUNES users to export changes made to an experiment in runtime, on Linux.
The former allows users to export changes, the latter allows them to load changes back to Docker containers.
They will be improved day by day, so it's recommended to consult this page to get an updated version of them, especially if you encounter problems.

The execution flow to use these scripts properly is:

  1. Draw a topology
  2. Run the experiment
  3. Make changes you want to make (e.g. configurations, your files, etc.)
  4. Use the first script to export those changes to your computer's file system
  5. Stop the experiment
  6. Save the topology
  7. Close IMUNES

  1. Open IMUNES again
  2. Load the topology back
  3. Execute the experiment
  4. Use the second script to load your previously exported changes back
  5. Enjoy!

Notes:

  • Your Linux distribution needs to have the zenity package installed
  • Both scripts need to be executed with root privileges or by a user that is assigned to the docker group. Remember that if you run them with root privileges, the files created by them will be owned by root, so you could encounter permission problems.
  • You can

Some details about the network topology simulator

In my last post I told you I want to develop a network topology simulator, but I haven't given you any technical details about it, except for the fact I want to use Docker and OpenvSwitch, just like IMUNES already does.
The whole project was only on my mind, so I decided to take some notes about the components I have to build and about how I want to implement things.
Now, I'm sharing those notes with you.

To simulate a network topology I would have to reproduce the behavior of ISO/OSI's level 2 and level 3.
To implement level 2, I'd use OpenVSwitch, that is a SDN-based layer 2/3 switch. Links would be realized with Linux kernel's iproute, and associated with ports on OVS.
I also want to let the user specify some informations about the links, such as bandwidth, delay, MTU, etc.
Level 3 and above features are going to be implemented with Docker: containers can represent hosts running services and network devices (such as firewalls and routers).
To do this, I think I'd need to run Docker containers with all capabilities; this could represent a security issue, but I will address this later.
Since Docker

Dynamic multi-point VPN with OpenNHRP powered linux hub

Introduction

This post aims to explain how to configure a dynamic multi-point site-to-site VPN over IPSEC between CISCO routers and a Linux machine using the NHRP protocol.
For our deployment I used a Linux machine as hub and many Cisco 8X7 devices as spokes.
If you are reading this, I think that you already know what IPSec protocol is and how it works. If don't, go read this.

Most interesting to explain are the NHRP protocol properties.
NHRP is a protocol that can be used to improve the efficiency of the routing protocols in a NBMA network. The purpose is to permit communication between two devices using the most direct route (e.g. the route with the fewest number of hops).
It is based on a query-and-reply mechanism in which all parties cooperate to build a "network knowledge table", to be used to send packets directly to the destination devices (if the devices are on the same subnet) or to an egress router linked to it.
The benefit that the NHRP protocol provides is that it reduces the number of hops that a packet has to pass through enhancing the performance of the network.

DMVPN

A dynamic multi-point virtual private