Friday, December 24, 2010

FreeBSD: High Performance Packet Capture

I'm not sure how many of you have heard about this project, however I found FreeBSD ringmap implementation when I was googling and it seems to be interesting to me, I suggest you visit the link and read up the documentation/presentation.

I'm going to try it out whenever possible, right now it is ported to FreeBSD 8.1 stable, you can actually download the source code and test it out yourself.

http://code.google.com/p/ringmap/

You can also find a lot of information about high performance packet capture from the link below as well, I usually use the setting that is recommended over there for my FreeBSD sensor setup.

http://www.net.t-labs.tu-berlin.de/research/hppc/

By the way, FreeBSD already has zero copy bpf implemented, thanks to Robert Watson for that since he has done a lot of background works on it. To know more about zero copy bpf you can check the presentation slide here -

http://www.watson.org/~robert/freebsd/2007asiabsdcon/20070309-devsummit-zerocopybpf.pdf

Cheers (;])

FreeBSD: Virtual Network Switch

In the previous post, I have mentioned about I'm going to cover Open vSwitch and Vde implementation. However I think it is also interesting to cover how you can setup virtual switch with FreeBSD native system. As we all know bridging is actually software switching, therefore we can make use of bridge interface to achieve this. I will explain the 6 ports virtual network switch setup that is illustrated in the diagram below -


shell>ifconfig bridge0 create

shell>ifconfig tap0 create

shell>ifconfig tap1 create

shell>ifconfig tap2 create

shell>ifconfig tap3 create

shell>ifconfig tap4 create

shell>ifconfig tap5 create

shell>ifconfig bridge0 addm tap0 addm tap1 addm tap3 addm tap4 addm tap5 up

By now you have exact setup like what is shown in the diagram above, to make it permanent/persistent you need to add the following lines to /etc/rc.conf -

cloned_interfaces="bridge0 tap0 tap1 tap2 tap3 tap4 tap5"
ifconfig_bridge0="addm tap0 addm tap1 addm tap2 addm tap3 addm tap4 addm tap5 up"

Also add the following lines to /etc/sysctl.conf -

net.link.tap.up_on_open=1
net.link.tap.user_open=1

Once you have everything done, you can check if it is setup properly -

shell>ifconfig bridge0
bridge0: flags=8843 metric 0 mtu 1500
ether 0e:a5:28:73:f9:3b
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: tap5 flags=143
ifmaxaddr 0 port 9 priority 128 path cost 2000000
member: tap4 flags=143
ifmaxaddr 0 port 8 priority 128 path cost 2000000
member: tap3 flags=143
ifmaxaddr 0 port 7 priority 128 path cost 2000000
member: tap2 flags=143
ifmaxaddr 0 port 6 priority 128 path cost 2000000
member: tap1 flags=143
ifmaxaddr 0 port 5 priority 128 path cost 2000000
member: tap0 flags=143
ifmaxaddr 0 port 4 priority 128 path cost 2000000

To undo everything, just run

shell>ifconfig bridge0 deletem tap0 deletem tap1 deletem tap2 deletem tap3 deletem tap4 deletem tap5

shell>ifconfig tap0 destroy

shell>ifconfig tap1 destroy

shell>ifconfig tap2 destroy

shell>ifconfig tap3 destroy

shell>ifconfig tap4 destroy

shell>ifconfig tap5 destroy

The setup is complete, in the next blog post, I will talk about how you can setup similar virtual switch using FreeBSD ng_bridge implementation. Plus releasing the FreeBSD VM for you to try out the setup yourself.

Enjoy (;])

Friday, December 17, 2010

Virtual Network Switch


Many people have talked about hypervisor, and playing around with virtual machines. There are many solutions available today, either open source or commercial one. We have VMware, Xen, Virtualbox, Qemu, KVM, Parallel, Virtual PC, and others that I may not know.

What I would like to discuss here is virtual network switching, many of us have used a piece of hardware call network switch, which allows the end point to talk to each other. For the hardware network switch, we have many companies that are producing it, for example Cisco, Juniper, 3Com, DLink, NetGear and etc.

The virtual machine lives inside single operating system, which means we can have many virtual machines running inside a piece of hardware, so with virtual network switch we also can run many network switches inside a piece of hardware, and using them to connect virtual machines, and get them to talk to each other.

However, how many solutions are there for virtual network switch? As far as I know, not many. Cisco has produced one which is called Cisco Nexus 1000 Series. If you do know any other commercial solution, please comment.

How about open source solution for that? Yes, here are two that I found very interesting, again if you know any other open source solution, please let me know.

- Open vSwitch
- Vde

This is just simple writeup for what I'm going to cover in the future which I will discuss about how you can setup virtual network switch, and leverage on them. Most of my posts will be discussing about both Open vSwitch and Vde while Virtualbox and Qemu will be used to connect to the switch.

Enjoy (;])

Thursday, December 16, 2010

Virtualization Insanity

I have been poking around with virtualization technologies, and this is one of the screenshot I have taken when multiple qemu vm talking to multiple virtualbox vm.


I will cover a lot about this topic soon, for my own note, and also for sharing purpose.

Cheers ;]

Wednesday, December 15, 2010

4REN6 VM Mirror

Thanks to Digital Forensics Framework(DFF) team to provide mirror for 4REN6 vm where you can find here -

http://ftp.digital-forensic.org/mirror/4ren6.radiobandit.org/


I'm still looking for more download mirrors, please let me know if you can host it.

Enjoy ;]

Cloud Technology

I need to tag this post as it contains the list of Cloud solutions so I can check them out whenever necessary -

http://slash4.de/tutorials/Cloud_computing_technologies_overview_and_comparison


Cheers ;]

Tuesday, December 14, 2010

Virtualization tools

I mentioned about ovftool in my previous post, and I also found xenconvert here -

http://www.citrix.com/lang/English/lp/lp_1688624.asp

By the way another fun tool to mention is imvirt which you can find here -

http://micky.ibh.net/~liske/imvirt.html


Enjoy ;]

Good Reference For Linux /dev

I came across this link while playing around with tun/tap device in Linux, and it's worth sharing -

http://www.lanana.org/docs/device-list/devices-2.6+.txt


You can use mknod to play around with the /dev on Linux, for tun/tap you can use tunctl or openvpn to create them.

Enjoy ;]

sFlow Resources

I need to keep track of what I have read and tested, currently I'm looking into sFlow stuffs for network visibility. If you are interested about sFlow as well, feel free to check out the links below -

http://www.ietf.org/rfc/rfc3176.txt

http://www.sflow.org/SFLOW-DATAGRAM5.txt

http://www.juniper.net/techpubs/en_US/junos9.3/topics/example/sflow-configuring-ex-series.html


If you have more sFlow stuffs to share, feel free to comment.

Cheers ;]

Wednesday, December 08, 2010

VMware ovftool

I just found out this tool and want to keep track of it, it's best to just post in my blog so that I can search through it next time, basically it is a command-line utility that allows you to import and export OVF packages to and from a wide variety of VMware platform products.

http://www.vmware.com/support/developer/ovf/

Cheers ;]