Virtual Pacific

Kevin Yoshimoto
Yasha Yakhnis
Shawn Khalighi
6-18-2022
CST311

Programming Assignment 4 Writeup

1. Network Diagram

R3-etho1
R5-eth1
192.168.1.1
192.168.2.2
r3 r4 r5
R4-etho0 R4-etho1

R3-etho0 192.168.1.2 192.168.2.1 R5-etho0

10.0.1.1 10.0.1.2

s1-eth3
s2-eth3
s2: lo
s1: lo

127.0.0.1
127.0.0.1
s1-eth1 s1 s2 s2-eth2

s1-eth2
s2-eth1

h2-eth0 127.0.0.1:6633
h1-eth0 h3-eth0 h4-eth0

10.0.1.3
10.0.1.2 10.0.2.2 10.0.2.3

h1 h2 c0 h3 h4
2. Screenshot of Test Run
3. Screenshot of Pingall

4. List of Alterations to the Script

The following changes were made to legacy_router.py, in top-down order.
1. Lines 18-19: makeTerm (from mininet) and time functions were imported, as the
program launches xterm windows and pauses after launching the chat server xterm
window.
2. Line 24 was altered to allow for custom IP addresses.
3. Lines 35-36: While these lines were not altered in terms of content, their placement was
altered. The instantiation of the switches downstream of the routers caused a build error.
To correct that, their instantiation was placed prior to the routers.
4. Lines 39-45: A custom IP address specification was added for each router.
5. Lines 49-52: The IP address of each host was customized appropriately, as derived from
the subnet address, while a default route was specified for each host. h1 and h2 are
directed to the IP address of r3, while h3 and h4 are directed to the IP address of r5.
6. Lines 62-65: Interface names as well as an associated IP address are specified for all
router interfaces that connect to the links between the routers. Link r3-r4 connects to the
 “right” interface of r3 and the “left” interface of r4, while link r4-r5 connects to the
“right” interface of r4 and the “left” interface of r5. It is necessary to specify a name and
IP address for all four of these interfaces.
7. Lines 68-73: These lines are completely new. They declare static routes, which is
necessary in order for the two subnets to communicate with each other. The purpose of
static routes is to map each router (by its IP address) to the entry ports on the other
routers (two, in this case) to which it can send packets. Given that there are only three
routes in this network, two static routes are defined for each router, as each router has two
other routers with which it can communicate.
8. Lines 89-93 are completely new. These statements launch xterm windows for the chat
server and the TLS-enabled web server. Four xterm windows are necessary as in addition
to the two server windows, there are two client windows for the chat server. There is a
0.5-second pause after the chat server is initiated, to ensure that the server is ready when
the chat clients are initiated.
5. Answers to the following Questions
1. What were any interesting findings and lessons learned?

Probably the greatest takeaway from this assignment was the complexity of networks. This
was only a simple exercise in software defined networking. In the real world, there are
numerous routers. In this simulation, r4 was used to represent the entire internet. As we
learned in this assignment, static routes must be defined. In the real world this would be an
innumerable amount of paths. The formula to determine how many static routes are
necessary is n(n-1), where n = the number of routers. This is in the order of n 2. In this case,
with only 3 routers, n(n – 1) is just 6. In the case of 10 routers, however, that is 10 * 9, which
is 90. Thus, as n increases, the number of static routes asymptotically approaches n 2.

Another takeaway from this assignment is how easily a python program can be corrupted or
broken, due to Python’s sensitivity to indentation. Yasha commented out several lines,
namely the static routes, to intentionally break the program, using the multiline string
approach. When he reinstated the commented-out section, the program was still broken, and
he found no way to restore it to its former state, even though it seemed as though nothing else
was changed. The only solution was to resort to recovering a previous version of the
program.

Lastly, we gained some experience with Bash programming. One thing we found is that
certain Linux terminal commands do not work as expected in a bash script as in the terminal
itself. For example, toggling between root mode within a bash script, using “sudo su,” does
not work to its desired effect if called within a Bash script, as it interrupts execution of the
script and returns to the terminal. It is necessary to switch to root mode prior to running a
Bash script that executes commands that require root privileges. Beyond that, we learned
how to properly translate openssl statements into a Bash script. We learned the proper syntax
to allow openssl commands to accept input parameters in order to deal with the password and
other fields (country, state, etc.) automatically rather than prompting the user for manual
input. Lastly, we learned how to use Bash scripts to edit existing files on the system.

2. Why didn’t the original program forward packets between the hosts?

In the original network, hosts in the same subnet were able to forward packets between each
other, but not hosts in different subnets. The original network lacked several features that are
necessary in order for different subnets to forward packets between each other. The first
feature it lacked was defined routes between the hosts and the routers as well as between the
routers themselves. Each host must be assigned a default route, which is defined by the IP
address of the router interface to which hosts in a given subnet are connected. Secondly, the
routers themselves must be assigned unique IP address. Their original addresses were just
0.0.0.0. Thirdly, each individual router interface (not to be confused with the router as a
whole) must be assigned a unique IP address, as well as an interface name. Router interfaces
and associated IP addresses were initially not defined at all. Lastly, static routes were not
defined in the original script.

3. Is the line ‘ r3.cmd('sysctl -w net.ipv4.ip_forward=1') ’ required?

Failure to include this line causes pingall to fail, with a 38% drop rate. Therefore, one must
conclude that this line is necessary. Moreover, equivalent lines applied to the other two
routers is equally necessary. If all three such lines were omitted, the drop rate would be 61%.
Without these lines, routers are not capable of forwarding packets to non-adjacent entities
(hosts or routers) in the network, and packets can only travel between the router in question
and adjacent entities. Thus, r3 could still send packets to h1, h2, and r4, but not to r5, h3, and
h4.

4. Intentionally break your working program, e.g.: change a subnet length, IP address,
or default route for a host. Explain why your change caused the network to break.

There are many ways to break the network. One such way is to have an incorrect subnet
mask for one or more of the hosts, or for the entire subnet. The subnet mask for each host
address is the same as the subnet mask for the subnet address itself. However, an incorrect
subnet mask does not in all circumstances break the network. A subnet with a mask of /24 is
a 254-host network, as it supports 256 IP addresses, 0-255, but two of those 256 addresses
are already taken (the network address and the broadcast address). So, in this case, we have 2
host addresses as there are currently 2 hosts, but we also have the network address and the
broadcast address, so that is a total of 4 IP addresses currently. In order to support at least 4
IP addresses (2 hosts), the subnet mask must not be greater than 29 (3 bits equals 7 in
decimal). A subnet mask of 30 can support 3 IP addresses (2 bits equals 3 in decimal), which
means only 1 host. If the subnet mask of any one host is set to 30 or greater, that host will be
 completely shut down, and will not be able to ping any other host or receive a ping from any
other host. Similarly, if the subnet mask of the entire subnet were changed to 30 or greater,
the entire network would be neutralized. If the router interface associated with the subnet
were assigned a subnet mask too great to support the current network, then not only would it
neutralize the network (i.e., causing ping to fail), but it would result in a runtime error.

6. Screenshots of Chat Session

7. Screenshot of wget of web server
8. Screenshot of decrypted web server certificate

Note: The Bash script to create the CA and issue the server certificate requires root privileges
and must be run in root mode (i.e. “sudo su” must be called prior to launching the script).