Originally written for the APNIC Blog
The Internet is a large network of networks that is managed by thousands of people around the globe. Despite the rather simple concepts on which it is based, operating the Internet requires complex distributed operations that often turn out to be quite challenging.
Unfortunately, the current network curriculum does not teach how to perform these operations and misses many of the issues that arise in the daily life of a network operator. For example, dealing with poor visibility or collaborating with neighbouring networks to detect and (hopefully) mitigate remote connectivity problems require skills that people too often learn on the spot when they are confronted with the situation, which reinforces the fragility of the Internet.
To integrate these concepts in our introduction lecture to communication networks at ETH Zürich, we built a virtual mini-Internet infrastructure composed of hundreds of routers and dozens of Autonomous Systems (ASes), and let each student group operate their own AS.
By putting them into the shoes of a network operator, our students gain a much deeper understanding of the various Internet mechanisms alongside their pitfalls. In particular, they understand that operating a network on the Internet goes beyond configuring some protocols, and devote a lot of time in monitoring and solving connectivity problems together.
Clearly, the fact that all of the students need to cooperate for the entire Internet to work is empowering.
Our virtual Internet infrastructure mimics the real one
The mini-Internet we built has 60 ASes and each of them has several routers (FRRouting), switches (Open vSwitches) and hosts.
As depicted in Figure 1 and 2, our mini-Internet topology exhibits the same properties as the real one: there are Tier 1, stub and transit ASes that are interconnected via peer-2-peer and provider-customer links as well as Internet Exchange Points (IXPs).
Our mini-Internet also comes with monitoring and debugging tools similar to the ones used in practice by network operators. For example, the routing table of every router is periodically uploaded on our website and we also provide a measurement platform that students can use to run traceroutes from different vantage points.
Last but not least, from an operator perspective, managing an AS also means cooperation, agreements and meetings. We also mimic these aspects during the project.
First, students can talk with other students on a dedicated Slack workspace — like actual network operators communicating on a Network Operators Group (NOG) mailing list.
Second, we organize a Hackathon in the middle of the project where all the students gather around some snacks to set up their eBGP sessions enabling Internet-wide connectivity — we have our own little NOG Beer ‘n Gear session!
We turn our students into network operators
When the project starts, we give to each student group (normally three students) an IP prefix and one of the transit ASes in the mini-Internet. Their goal: enabling Internet-wide connectivity.
To enable connectivity, the students configure various routing protocols used in the Internet (for example, STP, OSPF and BGP). More precisely, they:
- Separate different types of hosts in VLANs
- Do traffic-engineering to improve performance (for example, they use OSPF weights to load-balance the traffic over paths with a high bandwidth)
- Implement routing policies with BGP (for example, with the local preferences as well as the exportation rules).
They also learn how to monitor and debug a network, and understand that routing decisions are driven by business agreements.
During the project, students cooperate with each other to enable Internet-wide connectivity — especially so during the Hackathon where they try to establish eBGP sessions with their neighbours. In doing so, the students do not only learn that Internet-wide connectivity is a collective effort, but they also realize that the Internet is relatively fragile.
Every year at least one group accidentally performs a BGP hijack due to misconfigurations or completely blocks their own BGP prefix from being advertised therefore losing connectivity with all other ASes. Yet, in 2019, our students managed to reach overall connectivity of 96%! And some eager students went even further, by automating the generation of their device configurations.
An open platform for the community
As the mini-Internet project works well in our communication networks class and our students like it, we decided to make it available to the community. Get all our code along with our assignments via GitHub.
Our platform makes it easy to set up a 60-AS mini-Internet. First, adapt the various configuration files to generate L2, L3 and AS-level topologies matching your teaching objectives. Then, execute a simple command and wait a few hours.
Students access and configure their virtual devices remotely via SSH. This makes the platform suitable for online or remote classes, something particularly useful at this time.
Recently, several other universities have started to use the platform for their networking classes. Motivated by the positive feedback we have received so far, we will continue to improve the platform. For instance, we would like to use the platform to explore RPKI deployment in a network-wide fashion, and we are also designing a visualization framework. Stay tuned!
Other contributors: Tobias Bühler and Laurent Vanbever.