VNE

From Qontrol.nl Wiki
Jump to navigation Jump to search

UCIS VNE is a library providing components to build a Virtual Network Environment.

VNE components

VNE includes, among others, the following components:

  • Ethernet switch
  • IPv4 and IPv6 router
  • TCP/IPv4 and TCP/IPv6 stack and socket interface
  • Basic IPv6 NAT, IPv6-to-IPv4 address & protocol translation (with fragmentation support)
  • BGP router (protocol, route selection, IPv6)
  • IPv4 and IPv6 fragmentation and reassembly
  • Ethernet-IPv4 interface, including ARP and Proxy-ARP support
  • Ethernet-IPv6 interface, including Neighbor Discovery Protocol and Proxy-NDP support
  • Ethernet / IP network interfaces:
    • Windows libpcap network bridge
    • Libpcap dump file (output only)
    • QuickTun VPN tunnel support (raw, nacl0, nacltai)
    • Tun/tap device support on Windows and Linux
    • VDE switch client
  • Socks proxy server and client
  • Promiscuous TCP listener (listen on all addresses and ports)
  • slirp like address/protocol translation (including proxy support)
  • DNS encoding/decoding/rewriter

Planned features include:

  • Connection tracking NAT/NAPT (IPv4 and IPv6)
  • IPTables like rule based firewall, routing and processing
  • IPv6 PMTU discovery
  • 6in4/6to4 tunnel
  • DNS server and resolver
  • LWIPV6 support
  • VDE switch/server, connector using libvdeplug, vde_plug compatible connector

All components are implemented in pure (although sometimes 'unsafe') C# code. Most components can run on both Windows and Linux hosts and run in user space without any special privileges.

Components can be linked together with only a minimal amount of code in any language that supports the Microsoft .Net framework. All components are simply instances of classes, making it possible to, for example, deploy multiple IP routers in one application with only minimal overhead, and to interconnect them to each other, use them separately, or even use NAT mappings between them.

Example usage scenarios

  • BGP daemon for Windows
  • Interactive BGP monitor (publish updates to IRC, export routes to a web interface)
  • VPN software (Windows/Linux)
  • Isolated pure software router (user-space BGP daemon, IP stack and IP router)
  • Training and testing setups
  • Firewalled SOCKS proxy server
  • Transparent gateway to transport IP connections over SOCKS
  • slirp-like gateway ('SNAT' to host sockets)
  • Isolating applications network access (ld_preload / winsock compatible dll)
  • IPv6-to-IPv4 translator for transition
  • IPv6 NAT gateway

Known usage scenarios

  • Isolated BGP-speaking IP router, tunnels, IPv6 NAT and informative BGP web interface on Anonet (for more information, see VNE/DNRouter)
  • Real time BGP monitor (reporting updates to IRC) to investigate BGP loops and convergence (on dn42)

Downloads

The source code is available via BitBucket at https://bitbucket.org/IvoSmits/ucis.vne. The code is available for personal use, but may not be redistributed or used for commercial use without permission. Feel free to contact me to discuss licensing options.

Contact

Feel free to contact me for more information, by sending an e-mail to ivo@ufo-net.nl or visiting irc.kwaaknet.org #chat (ask for Ivo) for a live chat.