With thanks to the Stanford High Performance Network Group
VNS (Virtual Network System) was developed at Stanford to simplify the problem of teaching how to implement Internet routers to a large undergraduate networking class. It is designed to allow students to gain hands on experience with routing actual Internet traffic using standard Internet clients. Instead of using a simulation environment or setting up a small physical network per student, VNS emulates network topologies (virtual topologies) that can be integrated with physical networks. All traffic seen by the virtual topologies is forwarded to user-level programs written by the students which can then drop, inspect, and/or modify the packets and re-inject them back into the network. Your software router is an example of a VNS Client.
The VNS is comprised of two components.
- The VNS Server which runs in the High Performance Network Group's lab at Stanford
- A number of VNS clients which connect to the server
The VNS server is a user-level application which runs on a PC that is positioned between the Internet and a number of standard Internet servers which run basic services such as HTTP. The physical configuration of the VNS server is shown below. Here, "Elaine" and "Saga" are students connecting to the VNS system via the Internet.
The server is a user level process running at Stanford. The machine hosting the server is connected to a hub which is connected to two HTTP servers, referred to as application servers. The VNS Server simulates a network topology which consists of multiple links and VNS Clients. The application servers sit on the other side of the network topology. For example, a simple topology would be one with a single VNS Client ("Nick's VR Client") and one application server ("www-nickm"), as shown below in the figure.
The VNS Server can handle multiple (2^16) topologies simultaneously. This means that each student can have his or her own topology to connect to and route over. The VNS Server ensures that VNS clients are only sent traffic belonging to their topology.
VNS clients are programs that run in user space and connect to the VNS Server via standard TCP sockets. Each client can "reserve" a virtual host on any given topology. If the virtual host is not currently reserved, the server will forward all packets that can be seen by that host to the client. The client may, as well, inspect the packet, determine where the next hop should be, and send packets to the server to inject back into the network (while specifying which interface to send the packet out of). The client is now functioning effectively as if it were directly on the network with full access to all traffic seen by the virtual host.
VNS in Practice
The power of VNS is not demonstrated with a single topology consisting of one virtual host. Using the same physical setup as previously shown, VNS can emulate thousands of completely isolated arbitrarily complex topologies. That is, each student in a large class could connect with a VNS client to the VNS server and would only see the traffic destined to his or her topology. Multiple students may, as well, connect to different virtual hosts in the same topology. This is somewhat analogous to virtual memory, that is, using the same physical network, each virtual network is (almost completely) isolated from another and can be arbitrarily large and complex in size. The following figure shows the logical view of VNS hosting three different topologies on the same physical setup.
Generating Network Traffic
Once you have a functioning VNS client, you can easily create traffic for it by accessing the Internet servers as you would any other server. The servers at Stanford will respond to a different IP address for each topology. So, if you access the servers using that IP address, the traffic will traverse the Internet, flow through your topology in VNS, be routed to the server (assuming your client is working correctly), and the server will respond back through your topology in VNS. In this way, your VNS client is routing real network traffic between your computer and the servers at Stanford.
VNS and this documentation were produced by the Stanford University High Performance Network Group.