New network back-end to replace uBridge

[grossmj]

The back-end would be written in Python and leverage Linux bridges with VXLAN to create communication channel between nodes. OVS support could be added down the line as well.

Pyroute2 (Netlink library) can be used to create the network configuration on Linux: https://briantsaunders.github.io/posts/2019/05/creating-vxlan-tunnel-in-linux-with-python/

One concern is to restrict the permissions needed. Pyroute2 requires the CAP_NET_ADMIN capability.

One option is the capability is given to an user: https://adil.medium.com/run-your-applications-with-necessary-privileges-linux-capabilities-428e2c402f0b

or we could use ambient capabilities. This can be done by leveraging a small helper binary that sets up ambient capabilities and exec()'s into Python interpreter as explained in https://stackoverflow.com/questions/36215201/python-scapy-sniff-without-root

Also, the communication between the GNS3 server and this new back-end (aka uBridge-NG) could be done over Unix domain sockets with SO_PEERCRED for additional security. FastAPI could also be used to create a proper API that the GNS3 server can use.

[julien-duponchelle]

Oh that's great!

[grossmj]

Oh that's great!

Yes this is something I am really excited about :)

[H-Dynamite]

Great, you can consider using openVSwitch. I am currently studying the communication principles of GNS3 network. I have already used openVSwitch+openVPN to communicate with other VMs (such as Docker, VPC), and implemented device communication through VXLAN, proving that this is a feasible solution. It feels like it can replace uBridge, and OVS technology is universal. If it can be integrated, it will seamlessly integrate with cloud computing platforms

[grossmj]

@H-Dynamite thanks for your comment, indeed we are thinking about using OVS as well 👍