 All right, we're ready to start our next session. Again, this will be a short 25 minute session. Presenting about modular VDE plug is Professor Renzo Davali from the University of Bologna. Okay, I don't think so. Thank you, sir. Presenting this talk, trying to get your update about the new developments of the Virtual Square tools and concepts, especially in the part regarding the networking. It's a very common line seminar, so these lives are VI's lives. So, the main event of this seminar tonight is a tool, which is quite used and known to create a bit of a significant difference. The main sense is that there are virtual switches, which are processes that work as physical switches, so you can plug the virtual machines. Now, we're designing all the tools, and we'll start with the VDE plug. The VDE plug is a tool and a ladder. It's the ladder that many common virtual machines and other tools use to connect with VDE. And it's a tool to connect several networks. We have designed this to a many point of view. First of all, we have created a new syntax to name the VDE networks. It's similar to a URL, and you can say which technology you're using and specifications. And it's playable, so you can add your own implementation of the network. If you want to use a technology to say full, you just have to create a VDE plug, the underscore full, that I saw. And you'll be able to use that kind of implementation. We have implemented the connection with the latest VDE switches. But this is not interesting. We're going to pass through. We can join top VDE interfaces with the PPP and so on. But this is just a new point in dimension of flexibility. But there is much more. I'm back to this slide. I'm in a hurry to show you this. The next VDE, I am living through this. This is a way to create a local data cloud. Instead of connecting a virtual machine to a local switch, you connect the local virtual machine or as you can see in a moment, your main space to a local cloud. This local cloud is identified by multicast IP addresses. So you can have so many local cloud relays, as many IP multicast addresses you have. And the usage is slightly larger, because you just put a VDE specification. That strengthens and you have connected with an entire data center. But I have the Raspberry Pi on the table, and so I have a spoke at the center, composed by my laptop and the Raspberry Pi, which are just on the same run. There are no processors running. And I can start the virtual machine on a laptop. I'm going to play a KVM. Extend these canvases. Let's start with the common, you can say, on the top. I just have one more specification. You can say it's wrapped around the virtual machine, interfacing it with the cursor. Now my default cloud is on the Wi-Fi. So I have to say that I want to use multicast or on itchament there. I can start this. I can show you another tool. I can here, again, you get your own u2. That was okay. Log in to my Raspberry Pi. It's an app work. In space, VDNS, which creates a username space that is connected to VD. So VDN in space, I can say VX, VDN in space. I just use a null taxes, not capabilities. And here, I can press the VDN. It can insert the VDN app on the virtual machine, which runs on my laptop. I pay at the 10 VDN. That's valuable. Two for one. There is an error in configuration. That's 80 edge there. IP address. That is okay here. I've seen a mistake. There is not the mask. So I have to delete those and add the mask. Add the mask slash 24 otherwise it's not working. One. That's working. So the idea is I have to do that way. You can have so many hosts, imagine at the center, connected to the laptop. And then you can start any kind of VN namespace. VXVD creates a VCDN switch on the laptop. It's implemented. What is that? The MIDI plug library, which is on H2, is IP multicast to send all the one packets, broadcast, unknown recipients, and multicast packets. So if you're sending an app packet, the app packet is a packet, and send to a multicast address. So everybody is receiving, and that multicast group is sending the packet. But in the same time, it gets the IP address and port of the sender. So like a switch, this new plug learns that the IP address and port of this is the sender of the packet. So like a normal switch, an IP address and port have the same meaning for this particular switch as a port and a physical switch. So from now on, this will be a plug, and send just the IP packets, the multicast packets back. It is similar to what happens when it meets LAN. But to meet LAN meets what is called a Wittep, a kind of switch, which is a switch that has to be configured on its physical host. Instead, it is completely resiluted. We don't need any configuration. Just use the same multicast address and you get a network. And you can leave the name space and plug it to the network. So we can create a network of namespaces. So you can create namespaces and plug together as a network, and decide that a number of tools have been done as soon as they are working on the same network, even if these tools are working on different hosts. Let me recall that if now you want to migrate the latest machine to another host, you don't need any reconfiguration. Now you're on the host, and now the switches. And it is as fast as meets LAN. So you can have some everything costs, but the traffic is just a unique cost, just with 50 bytes per packet of the envelope. It's the same of Witt's LAN. So it works on any network. It puts that if your network supports jumbo packets or big giants. So more than 1500 bytes per packet if you are able to reach 22,000 bytes about per packet. But one more factor is a palm model, two palm models actually, that can give users their own networking environment or even no environment. So I have a laptop named Renzo Monetta. The name says all. So if I SSH Renzo Monetta at the local host try to write the right password. There is no label in the presentation. Now, I have no network at all. So you can create, but these will be not very useful. Maybe you can give somebody just the possessive power of the host so without the ability to create further connections. But it would like these people to have the ability to create their own cloud, local cloud. In a way that the local cloud of a user cannot in any way send us to another matter in the natural cause for somebody else. So we want these users to be able to reach maybe x extended, which is a combination of the cloud tool and a kernel module. This kernel module provides the user with the ability just to send packets to network not to other hosts. And all the packets sent on the network by this link I can say that they are orthogonal one to the others. So the network of user A as a specific point in the header an ID with a network ID and the kernel module is able to let the user send only packets with that ID. And if, by arrow, by on purpose a packet is received with the wrong ID, it's just discovered. So there is no way from one user to interface with the other. So which is the point? All of them. Which is the point? And maybe you have a data center. So you have a set of hosts and you have a set of users that want to do their own job. So now if you give your users as a data center owner if you give your user just the ability to run virtual machines you can force your user to do just the right things by limiting the ability to configure the virtual machine. What we can do now is to give the ability to use it to have full shell access and at the same time they are limited to just their own local island working. A lot of local island cloud networking. Not nothing more. So standard users there is no way to limit the access to the internet or standard users there is no way to limit the access to the local island network because open a socket open a socket buy a socket to not trust others and so on. You could write a long and voting IP tables filter to say that user can do that. Instead the models provide a different address family which is not an internet which is another family in which the only operation permitted other tools which permit to create the local island network of the user which is the point security is always so my laptop is safe it depends if somebody is able to top the system bus of my laptop it is possible to read passwords to enter the memory and whatever which is this level of security in the center which indicates that my user must be able to top the real line and no user a part of the system administrator should have a limited chance if other users enter the system using a laptop they can add they can add links, links, networks and can create their own problem in a safe way there is a network and there is stuff Linux mobile 12 similar tools each one is doing its job in the best way they can and then you can combine all these tools to have services more powerful services one tool we are creating is Kali it's like SUV but at the capability layer it's not directly related to networking but we made it to provide if we want users with just the capability they need there is a Kali that calls for 255 and you can say that this user, that user can help this and that capability ZIP ZIP is a famous piece of software which is any virtual machine it's in the camera in the KVM obviously in Linux in Microsoft it creates IP methods that are simple to and permit to with the machine to the internet as if it were connected by a masquerade or not the new model for the from KMO we have taken the code from KMO exactly as it is we have just added three lines to add so we can follow the evolution of KMO of KMO of KMO and we can use it as a implementation so if you need to slept in your product now there is a library that provides work facilities so for example I can create living in space like this this living in space is real but there is a tunnel The main space is in Bologna. I can show it to the configurator. The main space is at the ACP. And now I can run the ice raiser for them. What is my address? OK, we are in Bologna, Italy. But just as this space has been moved in, and I have no little access in Bologna. In Bologna there is just one process that is for moving my ACP traffic as if it were a router. From the internet point of view, all the traffic that I'm generating here, it seems to be generated by my Austin Bologna. Somebody is telling me that the time is over. Unfortunately, I will tell you a bunch of more things to tell you. So if you have a part of it, there is a problem with identification. If you have questions, make a question, please. Now questions? Pause in there. I don't know if it's a positive or negative. It's not neutral. Hi, I'm from the Boston Network. Very close. So how is the state of the tools from production? So to use it in a real-life center, is it very near? We are going to, very soon, we are going to create packs for the distributions and to release to the general public. We have other stuff which is undergoing the self-generation of the ACP, the six addresses by hash, so that we can just give a name to each process and the address will be generated in an out-of-marched way. And there will be an ACP server able to ask the DNS server which of the addresses that the host must be. We are going to do both the work and also a resolution. OK, thank you very much.