• Course Central > CMPT 471 > contacts

    CMPT 471: Networking II
    SPRING 2012 (DRAFT ONLY)

    Using the Virtual Networking Lab


    Acquiring sufficient knowledge to become competent in the GNU/Linux and X Window System environment is an integral part of the course. For many of you the learning curve will be steep, particularly if you have confined yourself within the limits of the Microsoft Windows environment. Be prepared to spend a significant amount of time on this task in the first few weeks of the course. Below you will find useful information to get you started. Additional links to specific useful information can be found along with the class notes and assignment information.

    The Virtual Networking Laboratory

    (Much of this section is a revised and/or expanded version of Lou Hafer's Virtual Lab Instructions)

    There is a lot of useful information about the virtual lab and how to use it on the CSIL FAQ page

    For many years, Cmpt 471 was taught using a lab facility comprised of about 20 ancient PCs connected in an internetwork, physically isolated from the rest of the world. In 2008, the lab went virtual. This note explains how to access the Virtual Network Lab (VNL) and how to work efficiently on the network of virtual machines.

    The first instantiation of the VNL replicates the logical structure of the old physical lab using 20 virtual machines running on a server under VMware. To see the setup of this VNL click on the following link VNL NETWORK MAP. You will use this virtual lab setup for Assingments 3 to 6 this term. For your first two assignments you will also be using a smaller virtual network lab designed specifically for assignments 1 and 2 (LAB1VNL). There are two copies of the LAB1VNL so more students can work on thier assignments at the same time.. The configuration of LAB1VNL COPYA NETWORK MAP and LAB1VNL COPYB NETWORK MAP will be described in detail in the description in lab 1 posted on the assignment scheule page. Specialized setups, like LAB1VNL, are made possible by using the virtual technology and will provide more flexibility for the lab portion of CMPT 471 in the future.

    The VNL lab includes several networks. First there is an administrative network through which you will be able to connect to any of the network lab virtual workstations. This network has network ID 192.168.0.0 and includes ip addresses from 192.168.0.1 to 192.168.0.255. All workstations that are part of the VNL (or a LAB1VNL) are connected to this network though thier eth0 interfaces. Logically, in the VNL there are four additional Ethernets which are to be used for your experiments. Each of these other Ethernets is assigned a IP network ID. All virtual workstations in the VNL are connected to one of these four Ethernets. The Ethernets have network ID's 172.16.0.0, 172.17.0.0, 172.18.0.0, 172.19.0.0. Four of the multi-interface workstations are connected to two of these networks and route packets between the networks to which they are connected. (december, january, february, march). the diagram of the network indicates which workstations are on each of the four additional networks, . This diagram includes the IP addresses of each workstation on each network. This configuration provides a very flexible internet which looks like four separate networks connected by routers and contains multiple paths between many pairs of machines.

    The heart of the VNL are the four ‘routers’ and 16 testbed workstations connected to the network segments net16 (172.16.0.0), net17 (172.17.0.0), net18 (172.18.0.0), and net19 (172.19.0.0). The ‘routers’ are not really routers — they’re actually multi-homed workstations with packet forwarding enabled — but they’ll nicely do for our purposes. Over the course of the semester, you will be working with the testbed workstations for assignments and using the wireshark protocol analyser to capture frames on net16, . . ., net19. The advantage of this structure is that all of the normal network trafific generated by remote logins, X protocol, and network dæmons of several sorts is confined to net0. The testbed network segments net16, . . ., net19 have only a small amount of traffic other than the frames that you generate as part of your work.

    It's important to keep in mind that the network lab configuration summarized above is the default configuration. There may be deliberate changes in the configuration to suit a given assignment. Almost certainly there will be inadvertent changes to the configuration. One purpose of the course is to give you experience in the art of diagnosing and correcting network problems. Inadvertent changes and changes your fellow students have forgotten to undo will provide you with opportunities to practice diagnosing problems.

    If you cannot figure out the problem you can reimage any virtual workstation (except seasons) and correct many problems (remember to backup your files to seasons server before you reimage your workstation). When you reimage a workstation all student home directories are erased. Please remember to copy your work to seasons before you reimage a workstation. Instructions on how to reimage a workstation are given below and on the CSIL FAQ page

    Access to the VNL is through the gateway workstation cs-vnl.csil.sfu.ca. On cs-vnl, everyone is a normal user. cs-vnl provides secure home directories where you can keep your work over the course of the semester. A second server, seasons, provides DNS and NIS (formerly YP) services for the VNL. From cs-vnl, you can log in to the testbed workstations over the net0 (192.168.0.0) subnet. Detailed explanations of how to connect to the virtual network lab are given below and on the CSIL FAQ page.

    When using the network lab you will have root privilege on all workstations within the network lab, except on the gateway cs-vnl and the server seasons. Because everyone has root access, you have no privacy or security on any of these workstations The only secure disk space available to you within the network lab is your home directory on cs-vnl. It is advisable to copy all your working files from any network lab virtual workstations to your home directory on cs-vnl and then remove them from your home directory on the network lab workstations at the end of each session working in the network lab. This will maintain maximal privacy and security for your files. It is possible that your files on the network workstations will not be there when you return to the network lab (someone may have reimaged the workstation). To assure that you do not lose your work back up your files to your home directory on cs-vnl at the end of each session. You can copy files between machines in the network lab using the command scp.

    The workstations in the Networking Lab use the Linux operating system. Linux is a version of the Unix operating system kernel originally written by Linus Torvald's and now maintained and enhanced by a community of professionals and volunteers around the world. The operating system in the virtual networking laboratory to the Ubuntu Linux distribution.

    Using The Virtual Networking Laboratory

    STEP 1 Getting Ready

    Your SFU campus account will not work in the Network Lab. This is because both the 471 Lab Virtual Network machines are not part of the campus Active Directory domain, and so cannot use the campus authentication services. Therefore, the first you will need to do is obtain your password for the virtual lab. To get your password for the virtual lab
    • 1. Login to the MySFU site
    • 2. Go to my courses and select cmpt471 to view your password
    To use the VNL from outside of the Burnaby CSIL lab, you must use either ssh or rdesktop to connect to the front-end host, cs-vnl.csil.sfu.ca. The best way to connect is to use the remote desktop protocol. The Remote Desktop Protocol (RDP) was originally developed by Microsoft in order to allow the sort of remote computing that’s native to X Windows. It provides a way to export the (Microsoft) Windows desktop from a server to a client. The Windows client is the Microsoft Terminal Server Client, mstsc. (The icon you see on your desktop may be labelled ‘Remote Desktop’.) The opensource community has developed its own RDP client, rdesktop, which will display a remote desktop on an X display.

    You will propably want to use a remote desktop client to connect to the virtual lab. This is the preferrd method of access because it provides graphical support. The alternate approch (using ssh) may not provide graphical support because X forwarding may be disabled by SFU. The Remote Desktop Client on your personal computer may not work to access the virtual lab. The software supporting the virtual lab is only compatible with an older version for the remote desktop. Unless you are running Windows 7 (64bit edition) you can download and install and use the older correct version of mstsc using the links below
    Window Remote Desktop (correct version)
    Linux Remote Desktop (correct version 1.6.0)
    Mac v1.0.3
    If you are running Windows 7 64 bit edition you will find that even if you install the older verision your OS will always revert to the newest edition of mstsc causing a "Because of a protocol error this session will be discontinued" error when you try to connect to cs-vnl using mstsc. In this case the workaround is to use the default version of mstsc (remote desktop connection on your accessories menu) to connect to leto.csil.sfu.ca (the windows remote gateway). Then on leto select run and type mstsc into the run window, then press ok. This will get you to the first window illustrated below. This is the window you would otherwise expect to obtain by running mstsc on your own machine.

    STEP 2 Connecting to the Virtual Network Lab

    To connect from a Windows system, click on the Remote Desktop icon or otherwise run the remote desktop software, then follow the prompts. As an example I have described the connection process for windows in detail below. I have pointed out a few differences I know of for Mac (since I don't have a Mac I can't give all the differences).
    Click on the Remote Desktop icon to start. On a windows machine you can also run mstsc.exe (mstsc cs-vnl.csil.sfu.ca) from the run command or from a command window. On a linux machine or you could also run rdesk from the command line instead of clicking on the icon. Starting the remote desktop will open a window that will request the name of the server you wish to log into. If necessary type cs-vnl.csil.sfu.cainto the window. Then press the connect button. For windows the connect window is illustrated below.
    host_screen

    On a window's machine pressing the connect button will bring up a login box. Type in your normal username and your password for the virtual lab (see below). Then press OK. On a Mac you may have to to open the options drop down box then enter your password and id and login.
    login_box

    If your login is successful you will eventually see the desktop screen for cs-vnl. You may see a progress screen that tells you what is happening while your are logging in first. It looks like the one below (but will show progress messages instead of login failed).
    progress_Screen

    Just wait for the login to complete and then this screen will dissapear and the desktop for cs-vnl will appear (see image below). The server, cs-vnl, will provide access to the network lab.
    x

    If your login is not successful you will be presented with the login screen below. Enter your id and network lab password again and you should then see the progress window followed by the desktop screen for cs-vnl.
    login_error

    STEP 3: Using a network lab virtual machine

    In the upper right corner of the desktop I have placed a shortcut for a command line window (terminal), you may also want to do this. Either click on your shortcut or use the desktop's menuing system to find and open a command line interface window. You desktop should now have a command window like the one below.
    login_screen

    The terminal window can be used to attach to any of the virtual workstations in the network lab. In the example above the virtual workstation july is chosen. The command ssh -Y july will connect you to the virtual workstation july. The first time you connect to any virtual workstation in the network lab you will be asked to verify the RSA fingerprint. To login you must say "yes" to continue connecting. To complete login you must supply your network lab password.

    Notice, in the example above, that there are two messages in the login. First, you are warned that the data for X-11 forwarding does not exist(No xauth data), this is because the data cannot be saved in your home directory because you do not yet have a home directory. Second, you cannot be moved into your home directory at the end of the login procedure because you do not yet have a home directory. Clearly, the next thing to do is to make yourself a home directory. It is only necessary to make your home directory the first time you log into a workstation, or the first time you login to a workstation after it has been reverted to the original image (snapshot) by you or some other user.

    To create a home directory for yourself (say your userid is myID) do each of the following steps:
    • You need to be root to create a directory on the /home partition. To become root the command is sudo sh. This command creates a new interactive sh shell with root privilege. To start up the new root shell you will be asked for your password again.
    • Go to the home directory by using the change directory command cd /home.
    • Use the make directory command to create your home directory mkdir myID. The name of your home directory must be the same as your userid.
    • Now your home directory exists, but is owned by root, not by you. Change the ownership of the directory using the change ownership command chown myID.myID myID.
    • Now you have a home directory. Exit the shell exit
    • Log off.
    Please note that after making your home directory you should log out then log back in before you begin using the virtual workstation. You must also remember to use the -Y when you ssh to log into one of the virtual workstations from cs-vnl. If you do not log out after creating your home directory,then log back using ssh -Y, you will not be able to use wireshark or any other application that requires graphics.

    When you login (with an existing home directory) you are ready to begin working. One of the first things you will want to do is experiment with capturing packets and viewing captured packets. The packet sniffer you will use to capture packets is wireshark. To capture packets using wireshark you must be root (not yourself), and you must be using a graphics enable connection (ssh with -Y). To use wireshark remember the following:
    • As yourself execute the command sudo wireshark. You will be asked for your password (not the root password) and then wireshark will be started.
    • If you see the confirmation window below click OK to make wireshark active.
    • If wireshark's menu's do not respond to your clicks it is probably because the confirmation window (shown below) has appeared under the wireshark window. If this happens you need to bring the confirmation window to the front and click OK. Then wireshark will become active
    • Return to the command window in which you started wireshark and type CNTR-Z followed by enter
    • Enter the command bg then press enter to put wireshark into the background and let you use your command window for other things

    login_error

    Next let's look at using wireshark once we have the application open.
    loginr

    First, you will want to select the correct interface for your experiment. You need to decide which interface or interfaces you wish to collect packets from. You can use the command route to see the routing table for the virtual machine. The routing table will tell use which network is attached to which physical interface on the virtual workstation. The ouput from the command ifconfig will also give you lots of additional information about the configuration of each interface. Using this information you can decide which interfaces you wish to watch.
    Selecting a particular interface allows you to view all packets that travel along the network connected to that interface. You will see packets destined for the machine running wireshark and for all other machines on the same network. You can also select the interface lo to see the packets being sent from one process to another within the same virtual workstation.
    You can select your interface in at least two ways. First you can select interfaces from the capture menu show above, then you can begin a capture on any interface by pressing the start button next to the interface you want on the menu that will appear when you select interfaces (shown below).
    x
    Second you can select options from the capture menu shown above. This will bring up the options window shown below. At the top of the options window is a pull down menu that allows you to select the interface you want. Using the options window has the advantage that it allows you to choose other options at the same time. In particular you may want to specify a capture filter.
    x

    The capture filter will be very useful. There are very large numbers of packets travelling down each internet so you will want to capture only a subset of them. For each particular assignment/experiment you can select only the packets you want by designing the appropriate capture filter. Instructions on how the capture filters work (and the options available) are given in the online documentation on the internet (see www.wireshark.org, http://wiki.wireshark.org/). As examples you can select packets for a particular protocol, or packets travelling to or from a particular ip address or port. A couple of additional suggestions to make the use of the network easier:
    • First a warning: be patient a remote system does not respond as fast as a local system
    • If you are unable to move your cursor outside of a particular area of the screen CNTR ALT will free the cursor to move over the entire screen
    • If you have difficulty because some windows appear off your page and you cannot access them reset the resolution of your ubuntu linux desktop (lower)
    • If you wish to move between full screen and window use CNTR ALT ENTER

    Root privileges and sudo

    As mentioned elsewhere, you have no privacy on the VNL workstations. All students have access to root privileges on all workstations except cs-vnl and seasons. Do not leave your work lying around on the workstations when you're not working.

    If you've worked with unix systems in the past, then you're probably familiar with the su (set user) command. (Contrary to popular belief, su did not start as an abbreviation for `super user', but everyone thinks of it that way today.) The su command actually allows you to become any user, as long as you know the proper password; this is something you should keep in mind. In the VNL, however, su does not work. If you try to use it, the command will hang and you'll need to open a new login to the workstation and use ps to find and kill the process. Instead, you'll be using the sudo command. The sudo command gives you the privileges of the root ID, but provides a bit more control. You use your own password (which is not the password of the root account) and the transition from normal user privileges to root privileges is recorded. One consequence of this is that you cannot simply log in as root. This is a feature. In general, you should execute commands with root privileges only when you must. It's far too easy to do a lot of damage when you're working with root privileges; a moment's carelessness can remove or damage large chunks of the computer's file system or render networking inoperable.

    The intended use for sudo is to run a single command with root privileges. So, for example, sudo wireshark will run the wireshark protocol analyser with root privileges. The command sudo bash also runs one command, but the command just happens to be the bash command shell. This allows you to wield the full power of a command shell, with root privileges. Be careful! Also, notice that once you've used sudo to acquire a root shell, you can use the `-u' option of sudo to set your user ID to any user ID known to the system, without needing to know the password for the ID. Not to belabour the point, but you have no privacy on the VNL workstations. It should have occurred to you by this point that you have no protection from your fellow students on the VNL workstations. Be polite! `Do unto others as you would have them do unto you' is a really good rule to remember when working in the VNL.

    Saving and Recreating Your Work Environment

    Each workstation in the VNL has an independent file system. A separate file system means that system configuration changes that you will make for assignments are confined to a single workstation1. It also means that files that you create on one workstation will not exist on other workstations unless you copy them there. You should also keep in mind that all students in the class have root access on the VNL workstations. You have no privacy on the VNL workstations. Do not leave completed work, or partially completed work, on the file systems of the VNL workstations for others to browse. The sole exception is cs-vnl, where you are restricted to normal user privileges and your home directory permissions will not allow others to see the contents. For these reasons, you will want to know how to efificiently save a copy of your work environment to cs-vnl or some other location outside of the VNL.

    The most common reason for wanting to save and recreate your work environment is that you’ve been developing the solution to an assignment on one workstation and need to leave to do something else. You’ll want to be able to save your work and then restore it on some other free workstation, perhaps one you’ve never used before, when you return to the Lab. Another common reason is that you were experimenting with your environment on a workstation or on cs-vnl and now want to quickly restore it to the state it was in before you started to experiment. Less often, you may need to recreate your work environment because you (or someone else) made an unrecoverable error and had to recreate a virtual workstation from a backup image. You should not be afraid to do this — if it doesn’t happen to you once or twice over the course of the semester, you’re not experimenting as much as you should. Just be prepared to recover.

    A tar archive (vid. 2.4) is probably the most convenient way to save and restore any directory tree on a unix system. A alternative is the secure copy command, scp. You’ll need to use the ‘-r’ flag to copy entire directory trees; see the scp man page for further information.

    Making and Using a tar Archive

    The tar program is convenient to use to do bulk file save and restore operations on unix systems. tar is a rather old program (the name is short for ‘tape archive’), but it’s been well-maintained and extended over the years. It does the job nicely, and it’s not limited to tapes. It will copy an entire directory tree into a single archive file, which can be easily copied from one place to another and then unpacked to recreate the original directory tree.

    To make a tar archive, the simplest form of the command is ‘tar cvf tarfile directory’, where tarfile is the name for the archive file and directory is the directory you want to archive. Everything in the directory (i.e., all files and subdirectories, including hidden files and subdirectories whose names start with ‘.’) will be included in the tarfile. You can copy tarfile from one place to another in your file system just as you would any other file, and you can transfer it from one machine to another using scp. To unpack a tar archive, use the command ‘tar xvf tarfile’.

    One approach is to keep one tar archive file which contains all the configuration files which make up your working environment, and additional tar files which contain directory trees for your current assignment or project. There are many more things you can do to manipulate a tar archive file; consult the info or man documentation for details and examples.

    If your file system is getting large and you’d like to compress the archive, you can use gzip to compress the archive and then use gunzip to decompress it when you’ve moved the archive to its destination. The compressed tar archive is often called a ‘tarball’. The GNU implementation of tar used by Linux provides a convenient command line option for compression and decompression.

    Changing Your Password and Login Shell

    User account information, including the account password and login shell, is kept in a database on seasons. Individual workstations use NIS (Network Information Service, formerly Yellow Pages) to get this information from seasons. This means that if you want to change your password or login shell, you must use a NIS-aware command. The proper commands are yppasswd to change your password, and ypchsh to change your login shell.
    * CMPT 471 Information Page * Course Central * Computing Science Home *
    Janice Regan, last modified December 29, 2011.