Associated Students Of Information Technology
Small Scale Internet on OpenStack - Printable Version

+- Associated Students Of Information Technology (http://corvallisitclub.com)
+-- Forum: The Lounge (http://corvallisitclub.com/forumdisplay.php?fid=13)
+--- Forum: General On Topic (http://corvallisitclub.com/forumdisplay.php?fid=24)
+--- Thread: Small Scale Internet on OpenStack (/showthread.php?tid=104)



Small Scale Internet on OpenStack - ITZach - 02-05-2018

I talked about creating a small scale version of the internet as a sweet project to learn more about how the internet works in a previous post here, but now I've actually got it set up on our OpenStack servers. The really awesome thing about this is that you all can participate pretty easily if you want to. Right now we have two routers creating our "internet" and one or two hosts living behind them. I have done some network-fu to even get a solid path from our small network out to the real internet so you can still do things like download updates or install packages from a network in OpenStack that isn't the provider network. So this is pretty cool! This will also be a good dry run for our up coming WAN party that seeks to do exactly this only with live hardware instead of on virtual space.

For those who want to participate there are a few steps that need to be done and we'll split them up into categories. The categories in order are: Administrative Details, Router Setup and Configuration, Handshake and Peering.

And if you don't really want to read all this stuff, there's a TL;DR at the bottom!

Administrative Details

In order to exist as a routing entity on the real internet you need: a router, a layer 1 connection to other autonomous systems, at least one autonomous system number (ASN), a block of IP addresses (v4 or v6), and at least one other autonomous system that is willing to peer with you. Some of these terms won't mean anything to you at the moment. Either go and google them now or hold on a hot minute and I'll explain them shortly. A good portion of that list is actually a little tricky to acquire in the real world. To get an ASN and an IP block you have to buy them and register them with a number authority (usually ARIN). In our case we the IT Club will act as that numbering authority to keep track of who is using what. The router hardware and the layer 1 connection will be facilitated by virtual machines and networks on OpenStack so those are not a problem. However to find another autonomous system (AS) to peer with you'll have to actually attempt to socialize for other club members, GASP!

But in this part of the process all you need to do is contact one of the officers of the club and ask for an ASN and an IP block. Since we're nice guys and this is a learning experiment we will simply give you one of each and make a note that you have them. Once those are registered to you through some system we will likely have to develop, other participants will be able to see that you are in fact the registered "owner" of those numbers and will then be able to agree to peer with you. You will then be able to move on to the next category.

Router Setup and Config

When working with real hardware this part should be a snap, but unfortunately OpenStack throws a few wrenches in the wheels. The basic steps of this section are to create any networks and subnets you need, create a port with a static IP for the gateway address for each of your subnets, launch a VyOS instance with the appropriate networks and fixed IP ports, disable port security on each port attached to your router (took me forever to figure that part out, real hardware goes so much smoother), and then actually do the router config for each network and to set your ASN for BGP. I'm not actually going to talk about configuring VyOS in this thread, but it's actually very simple and at some point a tutorial will get posted in the tutorials section.

Handshake and Peering

This is where the interesting bits of the internet actually happen. The internet isn't actually formed by some automated system that automatically detects new routers and adds them to the internet. It actually takes two people (or corporate entities) communicating that they want to establish a link between their systems. They must actually come to some sort of agreement about how they will connect and likely what routes they will advertise and subnets they will use. Once they have agreed and shaken hands then they actually have to initiate the connection. With BGP the connection must be established manually on both ends of the link. The actual establishment of the connection is done in about one command, but it still takes a network admin to run that command.

This part will be a big part of this project. While we have a primary transit router running that participants can peer with, we highly suggest trying to find another club member to peer with. The further disconnected your routers are to our primary router, the better this will emulate the internet. In reality everyone could simply connect to our router, but that really kinda defeats the purpose of even running your own router.

TL;DR

To participate you need to:
  • Learn at least the basics of networking and routing
  • Learn how to setup and configure BGP on your choice of router (VyOS is really easy!)
  • Request an ASN and a block of IP addresses from us
  • Find someone else (or multiple someones) to peer with you
  • Set up your networks and your router
  • Initiate the peer connection
  • ????????
  • Profit