Until the advent of virtualization technology, instruction in Windows® networking was a relatively simple affair. However, it was not very robust. Students could set up a client and /or a server using swappable hard drives and could do some basic network management tasks. Virtualization has revolutionized instruction and network modeling because students can now run multiple virtual machines on one physical machine and utilize virtual networks to create, configure and manage complicated networks and model complex scenarios. In this article, I will explain how we at South Puget Sound Community College have leveraged this technology to give students a robust experience complete with multiple dependencies that mimic real-world network problems.
Part of the standard Windows curriculum has been a course usually called "Infrastructure". This course introduces students to the management of network services such as routing, VPNs, DNS, NAP and DHCP. There are many dependencies among these services. Virtualization technology provided an ability to model these and other services in a complicated network environment. It also has allowed us to demonstrate these dependencies and illustrate how they interact to provide the total network environment users are accustomed to.
Virtualization Technologies
There are a number of virtualization technologies on the market today including Microsoft Virtual Server, Sun's Virtual Box and Microsoft Hyper-V. Each of these technologies allows the creation of virtual networks in addition to virtual machines. The key to modeling network infrastructure problems is the capability of hosting virtual networks. Creating virtual networks provides students the opportunity to work with a routed environment. This presents real challenges in setting up static routing, dynamic routing, Network Address Translation (NAT) and Virtual Private Networks (VPNs). Our system uses Hyper-V running on Server 2008 host operating systems. This provides fast access to the hardware and is fairly reliable and efficient. It allows for the creation of virtual networks which is critical to the setup of the system we use. Using Server 2008 as a host operating system also allows the instructor to access students' virtual machines remotely through remote desktop without disconnecting the student from the host.
Figure 1: Virtualized Infrastructure
Infrastructure Setup:
Part of the Infrastructure Course covers IP addressing, static routing, RIPv2 routing and NAT. These functions are particularly well suited to using virtual machines on multiple virtual networks. The actual setup uses three networks, the one connected to the NIC (Classroom), a virtual network called Net-1 and a second virtual network called Net-2. Net-1 and Net-2 are totally contained on the Host operating system which gives each student two of their own networks plus the classroom network. Two Server 2008 virtual machines (DC-01 & DC-02) are placed on the classroom network. One Server 2008 virtual machine (Srv-01) is multihomed on the classroom network and Net-1. There is a Vista virtual machine (Vista-01) and an empty virtual machine on Net-1. The empty virtual machine is used later to do an installation of Server Core (Srv-03) for giving students experience using command-line tools to configure IPv4 and IPv6. Another server (Srv-02) spans Net-1 and Net-2 and a second copy of Vista (Vista-02) occupies Net-2. This allows configuration of IPv4 and IPv6 on three separate networks. More importantly, it gives students a robust lesson in static routing, RIPv2 routing and NAT. In addition, it reinforces the old dictum: "In order for things to work, a whole lot of things have to be right. In order for things to fail, only one thing has to be wrong!"[i] The scenario is illustrated below:
The first task is to assign IPv4 and IPv6 static addresses to each interface in the diagram. We use 10.0.16.0 /20 as our classroom subnet ID , 172.16.XX.0 /21 for Net-1 and 192.168.XX.0 /24 for Net-2 for our IPv4 addressing scheme. XX refers to a unique octet number (and subnet ID)provided to each student. Each machine in the diagram has a specific number for its last octet which makes it easy for the instructor to help the student troubleshoot any problems. For example, the Net-1 IP address of all Srv-2s will be 172.16.XX.2 and Srv-01s will be 172.16.XX.1. A similar scheme is used for IPv6. The classroom network is FD00::/64, Net-1 is FD00:XX::/64 and Net-2 is FD00:1XX::. Once this task is complete, the lab is ready for exercises in routing and other advanced topics.
Routing:
The network infrastructure is now ready to configure routing. Static routing can be used to show the principles of router and, especially, host routing. Students install and configure routing on their Srv-01 and Srv-02. Once routing is installed, they have to configure their hosts on the classroom network to route packets back to their Net-1 network. This enables communication between DC-01, DC-02 on the classroom network and Vista-1, Srv-03 on Net-1. They also must configure routes back to Net-2, ensuring communication to Vista-2. All of these static routes are configured in IPv4 first and then in IPv6. Once students have host routing configured, they create static routes on their routers that will send packets to each other’s networks in IPv4 and IPv6. The lab creates a number of dependencies that critical to proper functioning of the system. Students are constantly using ping and tracert to confirm and test their connections during this process. Once they are successful, they show their work by providing a route trace from their DC-01 to their Vista-1 and Vista-2 and a trace from their Vista-2 to their partner’s Vista-2. The advantage of this system is it teaches students of the importance of routing as a part of operating a network, how packets travel through a network, the interconnections among systems and real life dependencies in networks. Once routing is completely operational, they are required to create a domain and join the existing computers to the domain which is only possible if the system is configured properly. The final portion is a test in which students configure static routes to the instructor’s test network. They provide a trace to show success.
Figure 2: Static Routing
Once they are finished with static routing, students get to try their hand at dynamic routing using RIPv2. Rip takes a tedious, exacting process and essentially makes it “plug and play”. Students delete all their static routes (to eliminate false positives), install RIPv2 and add the appropriate interfaces to each of their servers. Now, they get to observe the process of router table convergence, and eventually get the ability to connect to any of the networks in the classroom.
Figure 3: Dynamic Routing (RIPv2)
The last routing task students perform is to configure Network Address Translation. Students remove RIPv2 from Srv-02 and install NAT to act as if Net-2 is the public network. Once they have configured NAT, they are required to record the entries in the NAT table to see how NAT swaps IP addresses and substitutes port numbers. They are also required to perform packet captures which illustrate the process NAT uses to swap IP addresses as packets are relayed across the NAT interfaces. The final task they perform is to configure an inbound connection that lets them telnet from Vista-02 (Net-2) to a machine on the "interior" network (Net-1). This mimics using a public IP address-port combination to access machine with a private IP address placed on an interior network. Once they complete this task, they reexamine their NAT tables and report on the port translation used by the incoming connection.
This virtual system is used continuously during the course for other infrastructure functions. It is used for setting up a DHCP server which serves IP addresses out to two scopes (Net-1 and Net-2) using a DHPC relay agent. The system also constantly reinforces the importance of connections among computers and gives the students ample experiences using various network connectivity utilities such as ping, tracert, nslookup, and pathping. In addition, students are forced to use packet capturing utilities to troubleshoot network connectivity problems. Finally, we also use this same system in the Active Directory to properly train students on the concept of sites. The students create two sites, one on the classroom network and one on the Net-2 network and then configure a site link to control replication between the two sites.
Virtualization technology has been an incredible addition to our curriculum. It has provided an avenue for training that has allowed us to provide an in-depth experience to our students. In addition to the standard lessons, our students also become familiar with the virtualization software and how to configure and manage virtual machines. There is a growing use of virtualization in the networking field and these exercises provide these skills as a bonus. Virtualization has quantitatively changed how we teach networking and provided learning opportunities that simply did not exist ten years ago. It has served us and our students well.
Bibliography:
McClean, Ian. Configuring Microsoft Exchange Server. Redmond: Microsoft Press, 2008.
