How to Implement Network Service Chaining in NS2
To implement the Network Service Chaining (NSC) in NS2 required us to replicate a network in which the traffic flows over a series of service nodes like firewalls, NATs, load balancers and Intrusion Detection Systems (IDS) before getting its final destination. Every service node indicates a network function and the traffic must relay across these nodes in a particular sequence. The below guide will show you the essential instructions to implement NSC using ns2:
Steps for Simulating Network Service Chaining in NS2:
- Define the Nodes: State nodes signifying the client, server, and intermediate network services include firewall, IDS, NAT, or load balancer.
- Create Links: Link the nodes sequentially to replicate the service chain.
- Generate Traffic: Simulate traffic flows amongst the client and server, forcing the traffic to pass through the service chain.
- Analyze the Traffic: Observe how traffic flows through the service nodes by using trace files.
Example Scenario:
We’ll mimic traffic from a client that conveying through a firewall, an IDS, and a NAT before reaching the server. Each of these nodes denotes a network service, and the intent is to see how traffic is directed through these services.
Example TCL Script for Network Service Chaining:
# Create a new simulator instance
set ns [new Simulator]
# Define output trace file for logging events
set tracefile [open service_chain.tr w]
$ns trace-all $tracefile
# Define animation file for NAM (optional)
set namfile [open service_chain.nam w]
$ns namtrace-all $namfile
# Create nodes representing the client, firewall, IDS, NAT, and server
set client [$ns node]
set firewall [$ns node]
set ids [$ns node]
nat [$ns node]
set server [$ns node]
# Create duplex links to represent the chain of services between the client and server
$ns duplex-link $client $firewall 10Mb 20ms DropTail
$ns duplex-link $firewall $ids 10Mb 20ms DropTail
$ns duplex-link $ids $nat 10Mb 20ms DropTail
$ns duplex-link $nat $server 10Mb 20ms DropTail
# Define a TCP agent for the client (source)
set tcp_client [new Agent/TCP]
$ns attach-agent $client $tcp_client
# Define a TCP Sink agent for the server (destination)
set tcp_sink [new Agent/TCPSink]
$ns attach-agent $server $tcp_sink
# Connect the TCP agent to the TCP Sink to establish the communication link
$ns connect $tcp_client $tcp_sink
# Define an FTP application to simulate traffic from the client
set ftp [new Application/FTP]
$ftp attach-agent $tcp_client
# Start and stop the FTP traffic
$ns at 0.5 “$ftp start”
$ns at 4.0 “$ftp stop”
# Define simulation end time
$ns at 5.0 “finish”
# Finish procedure to close trace files and start NAM for visualization
proc finish {} {
global ns tracefile namfile
$ns flush-trace
close $tracefile
close $namfile
exec nam service_chain.nam &
exit 0
}
# Run the simulation
$ns run
Explanation of the Script:
- Node Setup:
- We set up five nodes: client, firewall, ids, nat, and server. These nodes indicate a sequence of services (firewall, IDS, NAT) that the traffic travels through before reaching the server.
- Link Setup:
- Each set of nodes is linked by a duplex link with 10Mb bandwidth and 20ms delay. This setup mimics the communication path, where traffic flows through the services in sequence.
- Traffic Simulation:
- A TCP agent is included to the client and a TCP Sink agent is added to the server. These agents replicate the connection amongst the client and server.
- An FTP application is used to produce traffic from the client to the server, which travels via the service chain (firewall -> IDS -> NAT).
- Traffic Scheduling:
- The FTP traffic begins at 0.5 seconds and ends at 4.0 seconds, permitting sufficient time to monitor how the traffic relay through each service.
- Simulation End:
- The simulation terminates at 5.0 seconds, and the finish procedure makes sure that all trace files are fastened, and NAM is introduced for visualization of the network behavior.
- Analyzing the Service Chain
You can assess the trace file (service_chain.tr) developed by the simulation to track the flow of packets over each service node. The trace file will offer insights into:
- Latency: How long it takes for traffic to move through the service chain.
- Packet Drops: Whether any packets are cancelled at any point in the service chain (because of congestion or queue limits).
- Throughput: The number of data successfully transmitted through the service chain.
- Adding More Advanced Features
To make the simulation more realistic, you can:
- Simulate Traffic Shaping or Prioritization: Favoured particular kinds of traffic or drop others by attaching traffic shaping rules at the firewall or NAT nodes.
- Simulate Failures: Launch failures at certain nodes or links (e.g., disconnect the IDS temporarily) to monitor how the network reacts.
- Simulate Security Policies: Include access control mechanisms at the firewall node to block specific traffic.
Example: Simulating Link Failure Between IDS and NAT
# Simulate a link failure between IDS and NAT at 3.0 seconds
$ns at 3.0 “$ns rtmodel-at 3.0 down $ids $nat”
# Re-establish the link at 4.0 seconds
$ns at 4.0 “$ns rtmodel-at 4.0 up $ids $nat”
This would imitate a temporary failure in the service chain, granting you to observe how the traffic acts when a service node is unavailable.
We have provided the step-by-step demonstration on how to implement the Network Service Chaining (NSC) using ns2 simulator tool. We also offer the sample execution that simulates traffic which passes over firewall, IDS and NAT. You will get any details about this manual in the future from us.
If you need help with Network Service Chaining in NS2, just shoot us an email with all the details, and we’ll help you get the best results.