Building your own Internet Router
- 1 Building your own Internet Router
- 1.1 Introduction
- 1.2 Overview of the Virtual Network System (VNS)
- 1.3 Getting Started
- 1.3.1 Creating Your First Topology
- 1.3.2 What Topologies to Create?
- 1.3.3 Creating a routing table
- 1.3.4 Test Driving the sr Stub Code
- 1.3.5 Inspecting Packets with tcpdump
- 1.3.6 Developing Your Very Own Router Using the SR Stub Code
- 1.3.7 To Help You Get Started
- 1.3.8 Required Functionality
- 1.3.9 Deliverables
In this assignment you will implement a fully functional Internet router that routes real network traffic. The goal is to give you hands-on experience as to how a router really works. Your router will run as a user process locally, and when finished will route real packets that are flowing across the Internet to application servers located at Stanford. We’ll be giving you a skeleton, incomplete router (the “sr” or simple router) that you have to complete, and then demonstrate that it works by performing traceroutes, pings and downloading some files from a web server via your router.
Overview of the Virtual Network System (VNS)
The VNS was designed here at Stanford, for our introductory networking course CS144. It gives you hands-on experience working on projects requiring low level network access, such as routers. The VNS is comprised of two components: (1) The VNS Server which runs in our lab here at Stanford, and (2) A number of VNS Clients which connect to the server. Your router is an example of a VNS Client. The server intercepts packets on the network, forwards the packets to the clients, receives packets from the client and injects them back into the network. The physical setup of the VNS is shown in the figure.
The VNS Server
The server is a user level process running here at Stanford. The machine hosting the server is connected to a hub which is connected to two HTTP servers, referred to as application servers. The VNS Server simulates a network topology which consists of multiple links and VNS Clients. The application servers sit on the other side of the network topology. For example, a simple topology would be one with a single VNS Client and one application server, as shown below in the figure.
A client wanting access to traffic in the network connects to the server via a normal TCP socket and requests the traffic seen on links in the topology, in this case, topology 0. Assuming the traffic is not already being sent to some other user, the server accepts the request and sends the traffic on the link to the client over the TCP socket. The client would then inspect the packet, determine where the next hop in the network (which would be fairly easy in the case of topology 0) and send the packet back to the server to be injected back into the network.
The VNS Server can handle multiple (2^16) topologies simultaneously. This means that each student can have his or her own topology to connect to and route over. The VNS Server ensures that clients are only sent traffic belonging to their topology.
The VNS Client
A VNS client is any program that speaks the VNS protocol and connects to the VNS server. In the case of this assignment we provide you with the code for a basic VNS client (called
sr or Simple Router) that can connect to the VNS server. The clients are run locally by the students as regular user processes and connect to the server via normal TCP sockets. Clients, once connected to the server, are forwarded all packets that they are supposed to see in the topology. The clients can manipulate the packets in any way they wish, generate responses based on the packets, or make routing decisions for those packets and send the replies back to the server to place back onto the network. For example, on the above topology (topology 0), the VNS Server might receive a TCP SYN packet destined for vns-app-1.stanford.edu. The VNS Server sends the packet to the VNS Client which would receive the packet on interface zero, decrement the TTL, recalculate the header checksum, consult the routing table and send the packet back to the server with directions to inject it back onto the network out of interface one. What will the destination hardware address be for the packet sent back by the client? What if the client doesn’t know the hardware address for www-server-1?
In this assignment you will implement a fully functional router by extending the sr code given to you.
Packet Flow Through the System
The following scenario is a step by step explanation of how a client routes traffic on a simple topology.
Nick has just finished developing his router for programming assignment #2. He is using the hypothetical topology 42 for testing which is shown in the figure below.
To test, Nick runs his router from mycomputer.home.edu and connects to the VNS server at vns-1.stanford.edu, topology 42. The VNS server sends Nick’s router the list of interfaces and their IP addresses.
To generate traffic for routing, Nick fires up a standard web browser from his local computer pointed at the IP of the application server on topology 42. Nick’s router will now get the opportunity to route all packets between his web browser and the web server.
We’ll now walk through the first few significant steps that take place when packets flow between Nick’s web browser and the web server.
- A SYN packet leaves Nick’s machine destined to the web server’s IP and is routed to the VN Server.
- The diligent CS144 staff have arranged for Nick’s packet to be delivered to topology 42, starting with the IP address of interface zero on Nick’s client. The hop before Nick’s router sends an ARP packet requesting the hardware address of the interface with IP of interface zero on Nick’s client.
- The VNS Server sends the raw Ethernet, ARP packet over the socket to Nick’s VNS Client which responds with an ARP reply.
- On receipt of the ARP reply, the hop before Nick’s router, then forwards the packet to the Nick’s router.
- The VNS Server intercepts the packet and sends the raw Ethernet IP packet over the socket to Nick’s VNS Client for his to route.
- Nick’s router decrements the TTL field in the IP header and recalculates the checksum.
- Nick’s router consults its routing table and determines the next hop is the ip for the web server.
- When Nick’s router has made its routing decision, it must send back to the VN Server a properly formatted Ethernet packet. This means that the client must find the Ethernet address of the next hop. To do this, the client sends an ARP, in the usual way, to find out the Ethernet address belonging to the next hop IP address.
- The next hop, which could be another client or an application server, responds to the ARP, and Nick’s client completes the Ethernet packet and sends it back to the VNS server. (The client also caches the ARP reply for future use).
- The VNS Server sends the packet out of the correct interface, and to the next hop in the topology.
- …. etc.
Creating a routing table
Your router will make routing decisions based on a fixed routing table that you will define in a text file. A sample routing table looks like this:
184.108.40.206 220.127.116.11 255.255.255.255 eth1 18.104.22.168 22.214.171.124 255.255.255.255 eth2 126.96.36.199 188.8.131.52 255.255.255.254 eth2 0.0.0.0 172.24.74.17 0.0.0.0 eth0
The format of a single line is: prefix next_hop netmask interface
Where prefix is an IPv4 base address, next_hop is the IP address of the host that is the next step in the routing sequence, netmask is a netmask telling the router how which addresses are covered by this rule, and interface is the name of an Ethernet interface on the router. So for this example, packets for 184.108.40.206 (and only 220.127.116.11) are routed directly to that host out interface eth1. Packets that do not make a longer prefix match are caught by the default rule at the bottom, which sends packets with no longer prefix match out eth0 to be forwarded by 172.24.74.17 (which happens to be the firewall).
Using the IP values for one of your topologies, create a routing table for that topology. It’s a good idea to name it something like rtable.topo42, so that you can tell which topology instance the routing table goes with.
Test Driving the sr Stub Code:
Before beginning development you should first get familiar with the sr stub code and some of the functionality it provides. Download the stub code and save it locally. As described before, it handles all of the dirty-work required for connecting and communicating with the server.
To run the code, untar the package (tar zxvf sr_stub.tar.gz) and compile it via make. You also need to create a file named “auth_key” in the folder with the stub code. This “auth_key” file should have your authentication key which lets the server know who you are. You can get this key by logging into the VNS web interface and going to “Your Profile.” Be careful to copy your authentication key exactly as it appears.
Now you can connect to the VNS server as follows:
./sr -s vns-1.stanford.edu -t <topo-id> -u <your_VNS_user_id>
for example, connecting to the server on topology 0 might look like this:
./sr -s vns-1.stanford.edu -t 0 -u dgu
(you can use ./sr -h to print a list of the accepted command line options)
After you connect successfully, the server will send you a description of the host including all the interfaces and their IP addresses. The stub code uses this to build the interface list in the router (the head of the list is member if_list for struct sr_instance). The routing table is constructed from the file rtable and by default consists of only the default route which is the firewall. The routing table format is as follows:
ip gateway mask interface a valid rtable file may look as follows:
172.24.74.213 172.24.74.213 255.255.255.255 eth1
172.24.74.228 172.24.74.228 255.255.255.255 eth2
0.0.0.0 172.24.74.17 0.0.0.0 eth0
The VN Server, on connection should return the IP addresses associated with each one of the interfaces.
To test if the router is actually receiving packets try pinging or running traceroute to the IP address of eth0 (which is connected to the firewall in the assignment topology). The sr should print out that it received a packet. What type of packet do you think this is?
What should your router do on receipt of an ARP request packet?
Inspecting Packets with tcpdump
As you work with the sr router, you will want to take a look at the packets that the router is sending and receiving. The easiest way to do this is by logging packets to a file and then displaying them using a program called
First, tell your router to log packets to a file in a format that
tcpdump can read by passing it the
-l option and a filename:
./sr -t <topo-id> -s vns-1.stanford.edu -l <logfile>
As the router runs, it will log the packets that it receives and sends (including headers) to the indicated file. After the router has run for a bit, use
tcpdump to display the packets in a readable form:
tcpdump -r <logfile> -e -vvv -x
-r switch tells
tcpdump where to look for the logfile.
tcpdump to print the headers of the packets, not just their payload.
-vvv makes the output very verbose, and
-x puts the packets in a hex format that is usually easier to read than ASCII. You may want to specify the
-xx option instead of
-x to print the link-level (Ethernet) header in hex as well.
Developing Your Very Own Router Using the SR Stub Code
Data Structures You Should Know About
- The Router (sr_router.h):
The full context of the router is housed in the struct sr_instance (sr_router.h). sr_instance contains information about topology the router is routing for as well as the routing table and the list of interfaces.
- Interfaces (sr_if.c/h):
After connecting, the server will send the client the hardware information for that host. The stub code uses this to create a linked list of interfaces in the router instance at member if_list. Utility methods for handling the interface list can be found at sr_if.h/c.
- The Routing Table (sr_rt.c/h):
The routing table in the stub code is read on from a file (default filename “rtable”, can be set with command line option -r ) and stored in a linked list of routing entries in the current routing instance (member routing_table).
The First Methods to Get Acquainted With
The two most important methods for developers to get familiar with are:
void sr_handlepacket(struct sr_instance* sr, uint8_t * packet/* lent */, unsigned int len, char* interface/* lent */)
This method, located in
sr_router.c, is called by the router each time a packet is received. The “packet” argument points to the packet buffer which contains the full packet including the ethernet header. The name of the receiving interface is passed into the method as well.
int sr_send_packet(struct sr_instance* sr /* borrowed */, uint8_t* buf /* borrowed */, unsigned int len, const char* iface /* borrowed */)
This method, located in
sr_vns_comm.c, will send an arbitrary packet of length,
len, to the network out of the interface specified by
Dealing with Protocol Headers
Within the sr framework you will be dealing directly with raw Ethernet packets. There are a number of resources which describe the protocol headers in detail, including Stevens UNP, www.networksorcery.com and the Internet RFC’s for ARP (RFC826), IP (RFC791), and ICMP (RFC792). The stub code itself provides some data structures in
sr_protocols.h which you may use to manipulate headers. There is no requirement that you use the provided data structures, you may prefer to write your own or use standard system includes.
To Help You Get Started
Tracerouting to the application servers should look something like this:
[casado@yuba ~]$ /usr/sbin/traceroute 18.104.22.168 traceroute to 22.214.171.124 (126.96.36.199), 30 hops max, 38 byte packets 1 Gates-rtr (188.8.131.52) 0.546 ms 0.329 ms 0.287 ms 2 vns-firewall (172.24.74.11) 0.393 ms 0.302 ms 0.285 ms 3 184.108.40.206 (220.127.116.11) 2.332 ms 1.165 ms 1.435 ms 4 18.104.22.168 (22.214.171.124) 3.243 ms 2.098 ms 2.094 ms
We will declare that your router is functioning correctly if and only if:
- The router can successfully route packets between the firewall and the application servers.
- The router correctly handles ARP requests and replies.
- The router correctly handles traceroutes through it (where it is not the end host) and to it (where it is the end host).
- The router responds correctly to ICMP echo requests.
- The router handles TCP/UDP packets sent to one of its interfaces. In this case the router should respond with an ICMP port unreachable.
- The router maintains an ARP cache whose entries are invalidated after a timeout period (timeouts should be on the order of 15 seconds).
- The router queues all packets waiting for outstanding ARP replies. If a host does not respond to 5 ARP requests, the queued packet is dropped and an ICMP host unreachable message is sent back to the source of the queued packet.
- The router does not needlessly drop packets (for example when waiting for an ARP reply)
- The router enforces guarantees on timeouts- that is, if an ARP request is not responded to within a fixed period of time, the ICMP host unreachable message is generated even if no more packets arrive at the router. Currently the stub code is event based. That is, code is executed each time a packet is received. This makes it hard to correctly enforce timeouts. For example, if the router is waiting for an ARP request that doesn’t come, it will have to wait for another packet to arrive before it can handle the timeout. Of course, if a packet never arrives, the timeout will never be serviced. You should implement a method of timing out ARP requests and ARP cache entries that can be guaranteed to function within a (relatively) fixed period, even if no more packets arrive at the router.
- The source code for your router. You may add files to those provided with the stub code; be sure to update your Makefile if you do.
- Your README file describing design decisions that you made, and any trade offs that you encountered in the design.