marionnet-dev team mailing list archive

[jean-vincent.loddo@xxxxxxxxxxxxxxxxxxxx]

Hi Simon,

I answer the question about IPv6 firstly, re-adding the marionnet-dev 
list in CC (I suppose that you have forgot).

In order to correctly join any virtual machine, you can set up an IPv6 
network for each tun/tap interface.
Indeed, such tun/tap interfaces represent a point-to-point IPv4 (right 
now) network connecting the host with a virtual machine (eth42 on this 
side). Because the Linux kernels (host and UML) are IPv6-compliant, we 
can set up an IPv6 point-to-point network supported by the same 
pseudo-physical equipment (tap<->eth42).

Looking at the boot_parameters (on host side) or to /proc/cmdline (on 
guest side) you are able to know which is the tun/tap interface related 
to a guest virtual machine. Suppose that the name be tap123456. The 
following bash code gives you a corresponding local (fd00/8) IPv6 
64-bits prefix:

function ipv6_prefix_of_tapname {
 local A=$(printf "%08x\n" ${1#tap})
 local B=$(cut -c-4 <<<"$A")
 local C=$(cut -c5- <<<"$A")
 echo fd42:0:$B:$C   # /64
}

So, for tap123456 you obtain the prefix fd42:0:0001:e240 (/64). At this 
point, you have just to do:

host#  sudo ifconfig tap123456 inet6 add fd42:0:0001:e240::2/64

guest# unghostify eth42
(or ethghost -u eth42 for recent machines)

guest# sudo ifconfig eth42 inet6 add fd42:0:0001:e240::1/64

Then, you are able to connect to the guest:

host# ssh -6 marionnet@fd42:0:0001:e240::1
host# ssh -6 student@fd42:0:0001:e240::1
host# ssh -6 root@fd42:0:0001:e240::1

(according to the users defined on the guest).

Of course, this method must be replicated for all involved tun/tap 
interfaces.

---
Concerning Packet Tracer, I have "political" and "technical" doubts. In 
my opinion, it's not desirable that the work of a public institution, as 
an university, depends on a tool provided by a private company. 
Furthermore, PT acts as a simulator for machines, not as an emulator. In 
other words, machines are not real systems as in Marionnet (thanks to 
UML technology) but they are simulated systems able to run simple 
commands like ping, ssh etc. As far as I know, you don't have the power 
and the range of possibilities of a real GNU/Linux system. In contrast, 
PT is perfect for training students on real CISCO equipment (with the 
advantages and drawbacks). A nearest project (more interesting in my 
opinion and for my purposes) is GNS3, which is however very (too?) bound 
to CISCO (again!) and Dynamips technologies.

---
Finally, concerning X forwarding...

> Should I try to add all xauth Cookies from SERVER to M2 like
> XAUTH ADD $DISPLAY . 695F8D9AB99ED2278EE76ED81ECD4F8A

From the revno 449 (2014-05-15) committing message:
---
Fixed the problem of exporting the display in a virtual machine 
launched by a remote instance of marionnet (e.g. ssh -X $SERVER 
marionnet). Marionnet transmits now the MIT-MAGIC-COOKIE-1 to its 
virtual machines via the file /hosts/boot_parameters. The future virtual 
machines will be able to exploit this information (by the script 
`marionnet_relay'). For the old machines, it's possible to fix the 
problem manually by the following sequence of commands:
$ source /mnt/hostfs/boot_parameters
$ xauth add $DISPLAY . $mit_magic_cookie_1
---

Does this message answer to your question? Note that you can install 
the trunk version with:
marionnet_from_scratch -m trunk -A
(-A in order to not download filesystems again)
You can also try more recent machines (and kernels) downloading them 
from:
http://www.marionnet.org/download/testing/
(see the README files in each subdirectory)

Best regards,
Jean-Vincent

On Wed, 29 Apr 2015 16:10:41 -0400, Simon Baev wrote:
> Hi Jean-Vincent,
>
> It is sad to hear that Marionnet is not a multi-instance software
> because our main objective was to run it in LTSP-based (single Ubuntu
> 14.04 server virtualized in Vmware ESXi) classroom environment. We 
> are
> facing end of semester now and today we had the last class meeting. 
> We
> were able to run 6 instances of Marionnet while each one spanned 4
> routers and 4 hosts. I didn't observe any lags or performance issues.
>
> Next time I plan to use it in Spring 2016 and maybe by that time
> something will change. I would definitely appreciate if you could
> share the IP6-based technique so I could give it a try in a
> meanwhile. 
>
> I was told by several people who have learned about our Marionnet
> setup, that Cisco offers PACKET TRACER network simulator, and for me
> it sounded attractive. I didn't have a chance to look at it and I'm
> not writing this to make any wrong-sounding statements... I just want
> to hear your opinion.  Have you heard about PT? Is it somewhat
> similar (in terms of functionality) to Marionnet? 
>
> One more thing... A while back I was writing to this mailing list 
> with
> a problem of accessing X applications, running on Marionnet VMs (i.e.
> wireshark) in LTSP. I failed to come up with any working solution by
> that time, and recently I re-visited our email exchange. I tried all
> my best again but failed. Then I decided just to run Marionnet by
> forwarding X session in SSH:< /div>
>
> I started SSH -X LTSP (where ltsp is a Ubuntu server with installed
> Marionnet) and started Marionnet from the from the prompt. It started
> well but I cannot run any X application from Marionnet VM. Here are
> some details:
>
> SERVER: is a HOST where Marionnet installed (referred as ltsp above)
> M2: is a Debian VM within Marionnet (it is bound to 172.23.0.2)
> HOST: another Linux host that I use as a console to connect to SERVER
> via SSH while forwarding X (run command "ssh -X server")
>
> 1) CHECKING VALUE OF $DISPLAY
> --
> M2:~# echo $DISPLAY
>
> 172.23.0.254:0 [5]
>
> SERVER:~$ echo $DISPLAY
> (nothing)
>
> HOST:~$ echo $DISPLAY
> :0.0
>
> 2) CHECKING LIST OF AUTH COOKIES:
> --
> M2:~# xauth list
>
> xauth:  creating new authority file /root/.Xauthority
> (nothing else)
>
> SERVER:~$ xauth list
>
> ltsp/unix:16  MIT-MAGIC-COOKIE-1  695f8d9ab99ed2278ee76ed81ecd4f8a
>
> ltsp/unix:17  MIT-MAGIC-COOKIE-1  695f8d9ab99ed2278ee76ed81ecd4f8a
> ltsp/unix:14  MIT-MAGIC-COOKIE-1  34ebb57496fc461e99e0d0d30a4238fc
>
> ltsp/unix:15  MIT-MAGIC-COOKIE-1  34ebb57496fc461e99e0d0d30a4238fc
> ltsp/unix:12  MIT-MAGIC-COOKIE-1  77ecbcf98d6e4cf6cdbe32ce8daefb9d
> ltsp/ unix:13  MIT-MAGIC-COOKIE-1  0f53a570d1499edf0f8777c299a95369
>
> ltsp/unix:50  MIT-MAGIC-COOKIE-1  ea7e0299729566aede7ade6c5c94859d
> ltsp:50  MIT-MAGIC-COOKIE-1  ea7e0299729566aede7ade6c5c94859d
> ltsp/unix:24  MIT-MAGIC-COOKIE-1  7a18ccd0b2e88344286d06e9681ef346
> ltsp/unix:25  MIT-MAGIC-COOKIE-1  7a18ccd0b2e88344286d06e9681ef346
> ltsp/unix:54  MIT-MAGIC-COOKIE-1  593da679ac715a40028df6eddbd51a48
>
> ltsp:54  MIT-MAGIC-COOKIE-1  593da679ac715a40028df6eddbd51a48
> ltsp/unix:11  MIT-MAGIC-COOKIE-1  81d7ede1f50ef3b093fab239f9f285bc
> ltsp/unix:20  MIT-MAGIC-COOKIE-1  0bd64507c5b919da420a0ba7d1607c18
> ltsp/unix:21  MIT-MAGIC-COOKIE-1  0bd64507c5b919da420a0ba7d1607c18
>
> ltsp/unix:10  MIT-MAGIC-COOKIE-1  0b6772528a420dfbb8640a46095a64e3
>
> COMMENT: LTSP is a _hostname_ of the SERVER
>
> HOST:~$ xauth list
>
> studio/unix:10  MIT-MAGIC-COOKIE-1  63b66ad625f7668e550694f0a7830f1a
> studio/unix:50  MIT-MAGIC-COOKIE-1  c12edf2c3d30e048313bcb8c6ed5e207
> studio.gswcm.local:50  MIT-MAGIC-COOKIE-1
>  c12edf2c3d30e048313bcb8c6ed5e207
> studio/unix:51  MIT-MAGIC-COOKIE-1  f058367486942fa228e47da570d85948
> studio.gswcm.local:51  MIT-MAGIC-COOKIE-1
>  f058367486942fa228e47da570d85948
> studio/unix:0  MIT-MAGIC-COOKIE-1  1c3b09a4d455cbe50dc9aea206b8d6cd
>
> COMMENT: STUDIO is a _hostname_ of the HOST
>
> I am surprised not to see any AUTH cookies on M2... is it normal?
> From my previous experience there must be one that matches a Cookie
> from the SERVER.
>
> Should I try to add all xauth Cookies from SERVER to M2 like
> XAUTH ADD $DISPLAY . 695F8D9AB99ED2278EE76ED81ECD4F8A
>
> and so on?
>
> Thank you.
>
> --
> Simon
>
> On Wed, Apr 29, 2015 at 2:14 PM,  wrote:
>
> > Hi Simon,
> >
> > in the original project we had the idea of supporting several
> > Marionnet instances on the same host. But this idea was rapidly
> > forgot when we have observed the number of concurrent processes
> > running for a single instance. So, the design of Marionnet reflects
> > some ideas in this direction but the feature isn't completely
> > supported.
> >
> > > Is there any way to insure that assignment of IP addresses to
> > > Marionnet hosts will be unique?
> >
> > Not in the current status of code, even if the patch seems not so
> > hard to implement. If you really want, I can plan it in the TODO
> > list, but in my opinion there are many critical points to analyse
> > and test to be sure that the feature is really implemented. You have
> > found a problem but it is probably not the only problem.
> >
> > However, I believe that there exists a workaround for you,
> > exploiting the IPv6 adressing (and routing, because your problem is
> > about routing). If you are really interested and not discouraged by
> > my previous speech, I can explain this idea in details.
> >
> > Best regards,
> > Jean-Vincent Loddo
> >
> > _______________________________________________
> > Mailing list: https://launchpad.net/~marionnet-dev [1]
> > Post to     : marionnet-dev@xxxxxxxxxxxxxxxxxxx [2]
> > Unsubscribe : https://launchpad.net/~marionnet-dev [3]
> > More help   : https://help.launchpad.net/ListHelp [4]