Re: [9fans] Plan 9 on Routers?
2009/3/26 lu...@proxima.alt.za: I've wanted to work with somebody on Plan 9 as a routing device in networks for some time, at least in the field of packet classification. I'll be happy to help, too, if so desired, I have been playing with IPFilters in a pretty serious way for many years (and ipfw before that) and may well be able to contribute my experiences in this field. Sweet. Perhaps I'll re-implement the hookable filters into 9vx. The interface is a more difficult problem than a proof-of-concept filter (which I've implemented a few times). Maybe we should talk about ideas for rule lookups and the like off-list? I'll put it up as an idea again this year as well, and see if anybody bites. --dho ++L
Re: [9fans] Plan 9 on Routers?
On Tue, Mar 24, 2009 at 7:20 PM, erik quanstrom quans...@quanstro.net wrote: see ipconfig(8). ip/rip ... I wonder! P.S.: Thanks for all the pointers... -- Rahul Murmuria
Re: [9fans] Plan 9 on Routers?
as long as you restrict your network to plan 9 machines, it is possible to import /net from a gateway machine and avoid sticky things like packet filtering. Back to the future yet? May I suggest that the sticky packet filtering, more generally packet manipulation, has crucial applications in any packet-switched network (like... the Net) and a certain OS's current lack of facilities, out of the box, to deal with the problem does not automatically mean the problem should be thrown out. Of course, in an essentially sheltered world not having an IDS is as good as having one but, you see, that's the world of a certain OS. Other OSes have to live in the wild. P.S. This is a get-back from the NAT thread. --On Tuesday, March 24, 2009 7:20 PM -0400 erik quanstrom quans...@quanstro.net wrote: It seems that /net/iproute is where I can start. It has a complete interface for editing routes. What we need is a user space script that implements routing, like http://www.openbgp.org/ does on OpenBSD. Except that, it will only have to send add, delete and flush control messages to the iproute file. see ipconfig(8). About Packet Classification. I read that iptables is not needed on Plan 9 because its mount /net over the network concept achieved anonymity or transparency -- something along those lines. There are no logs about who is sending what, and that is a good thing. that's not strictly true. as long as you restrict your network to plan 9 machines, it is possible to import /net from a gateway machine and avoid sticky things like packet filtering. there is also ipmux (discussed in ip(3)). i don't think ipmux has enough rewriting (or state) to implement something like nat. - erik
Re: [9fans] Plan 9 on Routers?
2009/3/24 Rahul Murmuria rahul.is.a...@gmail.com: @ Devon: About Packet Classification. I read that iptables is not needed on Plan 9 because its mount /net over the network concept achieved anonymity or transparency -- something along those lines. There are no logs about who is sending what, and that is a good thing. This is a flawed argument. If using Plan 9 as an edge router instead of a bridge, it's imperative to have some sort of filtering. This doesn't just apply to NAT situations (and even then, mounting /net isn't really the same thing as NAT). There is ipmux, but as Eric says, it's not fleshed out enough to implement NAT. Eric also says: ``as long as you restrict your network to plan 9 machines, it is possible to import /net from a gateway machine and avoid sticky things like packet filtering.'' This is a good idea in theory, but in practice most machines are not Plan 9 and there's almost always a need for a heterogeneous environment. Some would solve this by porting the ability to `import /net' to other operating systems. My feeling has always been that some sort of packet filtration system should exist to make Plan 9 useful in routing in such heterogeneous networks. It's easier to do and would facilitate wider adoption (whether that's a good thing or not is always up for debate). I am not sure where exactly the packet classification idea fits in. I read in the /proc documents that /proc/net provides useful information about the network stack. There is this ip_conntrack which is used to list / track network connections. I wonder what we would need to get packet information and perform filtering. Is it desirable to get that filtering to work if it already does not exist? I believe I have a rudimentary and probably non-working (at this point) packet filter in /n/sources/contrib/dho somewhere (it was written at least 4 years ago). I think it's called ``nfil.'' I believe it is desirable. Others disagree. Its usefulness is related directly to its application, and without it, there's no way to test Plan 9 in an environment in which it would be useful. You said earlier ``I qualify for GSoC but I was planning not to apply, as from where I see it, that brings in restrictions to the independence of thought. I am open to applying though, if this is a good enough (and small enough) idea for SoC.'' -- I'm not sure why you think that the idea of the SoC project restricts independence of thought -- I've certainly never seen it as such. While creating an entire routing suite (such as Zebra/Quagga) is probably outside of the scope of a 3 month project, I think a diligent student could probably do something useful with OSPF or BGP. It's entirely possible that a 3 month project could consist of analyzing Plan 9's ability to function in this environment and making changes to facilitate the implementation of routing protocols. Or creating a packet filter. In either case, I'd personally be excited to see this suggested as a SoC project if it was well thought out. I've wanted to work with somebody on Plan 9 as a routing device in networks for some time, at least in the field of packet classification. Thank you all for replying so far! No problem :) --dho -- Rahul Murmuria
Re: [9fans] Plan 9 on Routers?
I believe I have a rudimentary and probably non-working (at this point) packet filter in /n/sources/contrib/dho somewhere (it was written at least 4 years ago). I think it's called ``nfil.'' I believe it is desirable. Others disagree. Its usefulness is related directly to its application, and without it, there's no way to test Plan 9 in an environment in which it would be useful. why not extend the packet filtering capabilities of the existing #I? - erik
Re: [9fans] Plan 9 on Routers?
2009/3/25 erik quanstrom quans...@quanstro.net: I believe I have a rudimentary and probably non-working (at this point) packet filter in /n/sources/contrib/dho somewhere (it was written at least 4 years ago). I think it's called ``nfil.'' I believe it is desirable. Others disagree. Its usefulness is related directly to its application, and without it, there's no way to test Plan 9 in an environment in which it would be useful. why not extend the packet filtering capabilities of the existing #I? That's what it did, if I recall correctly. --dho - erik
Re: [9fans] Plan 9 on Routers?
On Mar 25, 6:14 am, rahul.is.a...@gmail.com (Rahul Murmuria) wrote: I was poking around for what it would take to get there. I found this[1]. I am basically looking to have a way to do routing using Plan 9. You can already do that on any standard Linux using Quagga[2] based on GNU Zebra. Maybe there is a filesystem that exposes the kernel routing table to user space for certain routing algorithm scripts to hack upon? My objective is to be able to implement a new routing protocol on a router created using a standard computer with multiple NIC cards, maybe on a model P2P type network? I also would love to see what having /net on a router would enable us to do. I didn't understand IP 'till I read the Plan9 source code. In my opinion, it should replace the RFCs as the standard. If you can't implement your *new* protocol with the existing interfaces, then I suggest you should follow the linux route.
Re: [9fans] Plan 9 on Routers?
I didn't understand IP 'till I read the Plan9 source code. one can replace IP in that sentence with so many other things... i'm really glad plan9 exists.
Re: [9fans] Plan 9 on Routers?
On Wed, 25 Mar 2009 09:00:58 EDT Devon H. O'Dell devon.od...@gmail.com
wrote:
While creating an
entire routing suite (such as Zebra/Quagga) is probably outside of the
scope of a 3 month project, I think a diligent student could probably
do something useful with OSPF or BGP. It's entirely possible that a 3
month project could consist of analyzing Plan 9's ability to function
in this environment and making changes to facilitate the
implementation of routing protocols. Or creating a packet filter.
Thinking a bit more about it, extending /net/iproute to allow
routing metrics may be what is needed for porting/building
something like openospfd or openbgpd. Basically
/net/{iproute,ipifc} etc need to do more or less what a
routing socket does under *BSD (man 4 route). Of course,
there may be other things missing in the p9 IP stack that may
get in the way but now I think porting something like
openospfd in a summer is doable.
Re: [9fans] Plan 9 on Routers?
2009/3/25 Bakul Shah bakul+pl...@bitblocks.com:
On Wed, 25 Mar 2009 09:00:58 EDT Devon H. O'Dell devon.od...@gmail.com
wrote:
While creating an
entire routing suite (such as Zebra/Quagga) is probably outside of the
scope of a 3 month project, I think a diligent student could probably
do something useful with OSPF or BGP. It's entirely possible that a 3
month project could consist of analyzing Plan 9's ability to function
in this environment and making changes to facilitate the
implementation of routing protocols. Or creating a packet filter.
Thinking a bit more about it, extending /net/iproute to allow
routing metrics may be what is needed for porting/building
something like openospfd or openbgpd. Basically
/net/{iproute,ipifc} etc need to do more or less what a
routing socket does under *BSD (man 4 route). Of course,
there may be other things missing in the p9 IP stack that may
get in the way but now I think porting something like
openospfd in a summer is doable.
Yeah, that's what I meant to imply :) Thanks for clarifying that :)
--dho
Re: [9fans] Plan 9 on Routers?
2009/3/24 Rahul Murmuria rahul.is.a...@gmail.com: I was poking around for what it would take to get there. I found this[1]. I am basically looking to have a way to do routing using Plan 9. You can already do that on any standard Linux using Quagga[2] based on GNU Zebra. Maybe there is a filesystem that exposes the kernel routing table to user space for certain routing algorithm scripts to hack upon? My objective is to be able to implement a new routing protocol on a router created using a standard computer with multiple NIC cards, maybe on a model P2P type network? I also would love to see what having /net on a router would enable us to do. Has anyone any experience with using Plan 9 on routers? Are you a student? This kind of stuff has interested me quite a bit in Plan 9 (though more from a packet classification standpoint -- read: firewalling), and it seems like a nifty project for GSoC. As far as I'm aware, there is nothing similar to the OSPF/BGP/RIP support directly in Plan 9. I am pretty sure Charles has written a RIP daemon that is in sources somewhere. --Devon -- Rahul Murmuria [1] http://searchenterpriselinux.techtarget.com/tip/1,289483,sid39_gci1102834,00.html [2] http://www.quagga.net/docs/quagga.html#SEC3
Re: [9fans] Plan 9 on Routers?
On Tue, Mar 24, 2009 at 3:45 PM, Devon H. O'Dell devon.od...@gmail.com wrote: 2009/3/24 Rahul Murmuria rahul.is.a...@gmail.com: I was poking around for what it would take to get there. I found this[1]. I am basically looking to have a way to do routing using Plan 9. You can already do that on any standard Linux using Quagga[2] based on GNU Zebra. Maybe there is a filesystem that exposes the kernel routing table to user space for certain routing algorithm scripts to hack upon? My objective is to be able to implement a new routing protocol on a router created using a standard computer with multiple NIC cards, maybe on a model P2P type network? I also would love to see what having /net on a router would enable us to do. Has anyone any experience with using Plan 9 on routers? Are you a student? This kind of stuff has interested me quite a bit in Plan 9 (though more from a packet classification standpoint -- read: firewalling), and it seems like a nifty project for GSoC. As far as I'm aware, there is nothing similar to the OSPF/BGP/RIP support directly in Plan 9. I am pretty sure Charles has written a RIP daemon that is in sources somewhere. RIP is fairly simplistic, I wonder if Plan 9 exposes enough information via /net to actually implement OSPF. You need to know load-balancing, bandwidth and distance metrics that RIP doesn't care about. --Devon -- Rahul Murmuria [1] http://searchenterpriselinux.techtarget.com/tip/1,289483,sid39_gci1102834,00.html [2] http://www.quagga.net/docs/quagga.html#SEC3
Re: [9fans] Plan 9 on Routers?
Maybe there is a filesystem that exposes the kernel routing table to user space for certain routing algorithm scripts to hack upon? #I publishes routes in iproute, typically bound so that this appears as /net/iproute. that's probablly a good start. - erik
Re: [9fans] Plan 9 on Routers?
Hi Devon! On Tue, Mar 24, 2009 at 3:45 PM, Devon H. O'Dell devon.od...@gmail.com wrote: Are you a student? This kind of stuff has interested me quite a bit in Plan 9 (though more from a packet classification standpoint -- read: firewalling), and it seems like a nifty project for GSoC. Yes, I am a student. I qualify for GSoC but I was planning not to apply, as from where I see it, that brings in restrictions to the independence of thought. I am open to applying though, if this is a good enough (and small enough) idea for SoC. As far as I'm aware, there is nothing similar to the OSPF/BGP/RIP support directly in Plan 9. I am pretty sure Charles has written a RIP daemon that is in sources somewhere. /net on routers is something I have wanted for sometime now too. I am a member of the Glendix project (http://www.glendix.org) and have discussed the same ideas for Glendix recently. I was told that Inferno has ventured into such waters before. Are you sure there in no information on anyone trying Plan 9 on/as a Router? --Devon @ Mauro On Tue, Mar 24, 2009 at 3:51 PM, J.R. Mauro jrm8...@gmail.com wrote: RIP is fairly simplistic, I wonder if Plan 9 exposes enough information via /net to actually implement OSPF. You need to know load-balancing, bandwidth and distance metrics that RIP doesn't care about. I am willing to explore this area. Maybe if /net reaches every router, such metrics can be retrieved and exchanged between the routers like other router OSes do (or maybe better than they already do) ? I am planning to understand JUNOS using the documentation on their website, but I am not sure if I want to go though the CCNA books for Cisco IOS like you recommended. I have hardly any prior experience in the area, but initial design info finds me inclining towards JUNOS more. -- Rahul Murmuria
Re: [9fans] Plan 9 on Routers?
On Tue, Mar 24, 2009 at 4:05 PM, Rahul Murmuria rahul.is.a...@gmail.com wrote: Hi Devon! On Tue, Mar 24, 2009 at 3:45 PM, Devon H. O'Dell devon.od...@gmail.com wrote: Are you a student? This kind of stuff has interested me quite a bit in Plan 9 (though more from a packet classification standpoint -- read: firewalling), and it seems like a nifty project for GSoC. Yes, I am a student. I qualify for GSoC but I was planning not to apply, as from where I see it, that brings in restrictions to the independence of thought. I am open to applying though, if this is a good enough (and small enough) idea for SoC. As far as I'm aware, there is nothing similar to the OSPF/BGP/RIP support directly in Plan 9. I am pretty sure Charles has written a RIP daemon that is in sources somewhere. /net on routers is something I have wanted for sometime now too. I am a member of the Glendix project (http://www.glendix.org) and have discussed the same ideas for Glendix recently. I was told that Inferno has ventured into such waters before. Are you sure there in no information on anyone trying Plan 9 on/as a Router? --Devon @ Mauro On Tue, Mar 24, 2009 at 3:51 PM, J.R. Mauro jrm8...@gmail.com wrote: RIP is fairly simplistic, I wonder if Plan 9 exposes enough information via /net to actually implement OSPF. You need to know load-balancing, bandwidth and distance metrics that RIP doesn't care about. I am willing to explore this area. Maybe if /net reaches every router, such metrics can be retrieved and exchanged between the routers like other router OSes do (or maybe better than they already do) ? I am planning to understand JUNOS using the documentation on their website, but I am not sure if I want to go though the CCNA books for Cisco IOS like you recommended. I have hardly any prior experience in the area, but initial design info finds me inclining towards JUNOS more. As long as you understand what you need to implement the protocols, the rest will fall into place. OSPF's spec is freely available, as is RIP and BGP. There are some Cisco protocols that AFAIK are closed, but I doubt you would need them. -- Rahul Murmuria
Re: [9fans] Plan 9 on Routers?
On Tue, 24 Mar 2009 16:05:08 EDT Rahul Murmuria rahul.is.a...@gmail.com wrote: I am willing to explore this area. Maybe if /net reaches every router, such metrics can be retrieved and exchanged between the routers like other router OSes do (or maybe better than they already do) ? I am planning to understand JUNOS using the documentation on their website, but I am not sure if I want to go though the CCNA books for Cisco IOS like you recommended. I have hardly any prior experience in the area, but initial design info finds me inclining towards JUNOS more. OSPF and BGP are not exactly SoC projects but one place to start may be openospfd and openbgpd from www.openbgp.org. For any serious work you will need more than what JUNOS documentation can give you.
Re: [9fans] Plan 9 on Routers?
So, the bottom line is no one has really explored Plan 9 on routers. It seems that /net/iproute is where I can start. It has a complete interface for editing routes. What we need is a user space script that implements routing, like http://www.openbgp.org/ does on OpenBSD. Except that, it will only have to send add, delete and flush control messages to the iproute file. This is not quite as powerful as most routers do. I remember Mauro mentioning that Cisco IOS provides, among other things, a more fine-grained control over passwords and information-hiding to the per-interface level. I wonder how that would be incorporated into Plan 9. Could namespaces come into picture here? @ Devon: About Packet Classification. I read that iptables is not needed on Plan 9 because its mount /net over the network concept achieved anonymity or transparency -- something along those lines. There are no logs about who is sending what, and that is a good thing. I am not sure where exactly the packet classification idea fits in. I read in the /proc documents that /proc/net provides useful information about the network stack. There is this ip_conntrack which is used to list / track network connections. I wonder what we would need to get packet information and perform filtering. Is it desirable to get that filtering to work if it already does not exist? Thank you all for replying so far! -- Rahul Murmuria
Re: [9fans] Plan 9 on Routers?
It seems that /net/iproute is where I can start. It has a complete interface for editing routes. What we need is a user space script that implements routing, like http://www.openbgp.org/ does on OpenBSD. Except that, it will only have to send add, delete and flush control messages to the iproute file. see ipconfig(8). About Packet Classification. I read that iptables is not needed on Plan 9 because its mount /net over the network concept achieved anonymity or transparency -- something along those lines. There are no logs about who is sending what, and that is a good thing. that's not strictly true. as long as you restrict your network to plan 9 machines, it is possible to import /net from a gateway machine and avoid sticky things like packet filtering. there is also ipmux (discussed in ip(3)). i don't think ipmux has enough rewriting (or state) to implement something like nat. - erik
