Other than continuing to work (yeah, I know), I learned how to integrate OpenVirtualSwitch (OVS) and Docker, so that I could create an architecture that a professor has desired for the better part of a year.
Basically, I combined OVS, Docker, and Guacamole, so that each of 30 students could have a 3-node architecture consisting of a SSH host and a web server, with a VyOS firewall in between, and two virtual switches connecting everything together. I managed to pull it off on a machine with one CPU, consuming less than 10 GB of HD space and about 5 GB of memory. I imagine that one vCPU won't be able to keep up with stresses generated by 30 concurrently online students but so far, they've only been online 1 or 2 at a time. I can always add one (or more) on the fly.
The more I read about OVS, the more I like it. The next lab project will involve setting up an IDS environment, with two end points (one running tcpreplay) connected with a single virtual switch, which allows for port mirroring to a Snort container. Like the other project, Guacamole will run on top of this project (goal is to not require the student to have anything other than a browser).
I've not yet learned about SDN controllers but did manage to write a series of Perl scripts to do things like: deploy the containers, deploy the switches, connect the switches to the containers and connect them to Guacamole, and associate the Guacamole user accounts with the containers. Once the requisite software is installed and the Docker images are created, deployment of 30 private architectures only takes a few minutes (much quicker than cloning VMs).
If things go wrong and a student cannot correct their mistakes, the scripts are written so that a single student's architecture can be destroyed and redeployed. Additional scripts were written to check that all containers and switches are operating as they should.
The hard part was getting the three containers tweaked "just so". Such required making changes to a container, committing it to new container, destroying the old architecture, and redeploying the whole thing, using the new image. Scripting the process made it super easy.
Just in time for finals. Sorry guys!
No comments:
Post a Comment