This work is a result of project ECTICS (PID2019-105257RB-C21), funded by:
This project provides a comprehensive simulation environment for a Secure Access Service Edge (SASE) scenario, integrating Software-Defined Wide Area Network (SD-WAN) technologies and remote work models. Built using the Virtual Networks over Linux (VNX) framework, it enables the deployment and testing of advanced network configurations, including virtualized network functions, edge computing, and integrated security services.
- SD-WAN Simulation: Demonstrates the setup and management of a software-defined wide area network, offering insights into network optimization, application routing, and bandwidth management.
- SASE Model Integration: Integrates Secure Access Service Edge components, blending network and security functions to support dynamic, secure access to organizational resources.
- Remote Work Connectivity: Simulates remote work scenarios, showcasing how employees can securely connect to corporate resources from any location.
- Advanced Network Configurations: Utilizes Open vSwitch and VXLAN for network virtualization, alongside detailed routing and NAT configurations for realistic network topology simulation.
- Linux environment with support for LXC (Linux Containers).
- VNX Framework installed and properly configured (VNX Installation Guide).
- Basic understanding of networking concepts, SD-WAN, and SASE architectures.
-
Clone the Repository:
git clone [repository-url]
- Navigate to the project directory:
cd [project-directory]
-
Load the Scenario:
- Ensure the VNX daemon is running:
sudo vnx -v --daemon
- Load the scenario:
sudo vnx -f [scenario-file].xml --create
- Ensure the VNX daemon is running:
-
Start the Simulation:
- Execute the start command:
sudo vnx -f [scenario-file].xml --start
- Execute the start command:
This scenario includes multiple components:
- LAN and WAN Networks: Configured as virtual bridges and veth pairs for interconnectivity.
- Host VMs (h11, h21, etc.): Simulate end-user devices within the network.
- Router VMs (r1, r2, etc.): Facilitate routing between different network segments.
- SD-WAN Edge Devices (sdedge1, sdedge2, etc.): Implement SD-WAN functionalities.
- NAT Devices (nat1, nat2, etc.): Provide Internet connectivity and simulate external network access.
- ISP: Simulates Internet Service Provider for the scenario.
Once the scenario is loaded and started, you can interact with each component using VNX commands or directly accessing the Linux Containers via lxc-attach
. For specific interactions or to simulate network changes, refer to the VNX documentation.
- Ensure all prerequisites are met and that VNX is correctly installed.
- Verify network configurations and interconnectivity between VMs if you encounter connectivity issues.
- Consult the VNX documentation for common issues and troubleshooting tips.
Contributions to enhance the scenario or documentation are welcome. Please submit pull requests or open issues with your suggestions and feedback.
TFG Developed by Iñigo Valenzuela Nuñez with Carlos Mariano Lentisco Sánchez based on an SD-WAN practice scenario developed within the Communications Networking and within the Research Group on Networking and Virtualisation of Communication Services (GIROS) of the Department of Telematic Systems Engineering of the UPM
Virtualized installaion of SD-WAN Edge devices leveraging OpenFlow for network management.
This virtual lab scenario demonstrates the integration of SD-WAN Edge devices within a network, aiming to encapsulate corporate traffic over a public IP network using SD-WAN technologies. The practice environment is built using VNX to deploy advanced network scenarios on Linux systems.
- VirtualBox: Free virtualization software for Linux, Windows, and macOS. Download here
- VNXSDNNFVLAB2020-v2.ova: A pre-configured Virtual Machine (VM) for the SD-WAN practice. Download link
- Download and install VirtualBox from the official website.
- Install the VM VirtualBox Extension Pack for additional features.
- Download the VNXSDNNFVLAB2020-v2.ova file to your local system.
- In VirtualBox, go to File > Import Appliance. Select the downloaded
.ova
file and follow the prompts to import.
- Once imported, select the VM in VirtualBox and click Start.
- Inside the VM, you'll find shortcuts to essential tools such as a terminal, Firefox, and Wireshark on the desktop.
- Use Firefox within the VM to download the SD-WAN scenario package: sdw-p1.tgz.
- Extract it to the desktop for easy access.
- In the shared folder copy all the files that are in this repository.
- Open a terminal in the VM.
- Gain root access:
sudo su
. - Navigate to the scenario directory:
cd /home/upm/Desktop/sdw-p1
. - Start the VNX scenario:
vnx -f sase_tfg.xml -t
.
- Open each SDEDGE console.
- Access the console with the credentials.
- Excute the ./ryu-XX.sh (shell script in each machine).
- Start the VNX scenario:
vnx -f sase_tfg.xml -t
. - Configure the Snort by opening a new sdedge0 terminal an executing the available
./snort-50.sh
and in other console thesudo -i
and./iniciaSnort.sh
To release the scenario and clean up resources, run: vnx -f sase_tfg.xml -P
.