
A very basic Network simulation tutorial with CORE Network

CORE Network Tutorial

This is a Tutorial to get the base knowledge of CORE framework. The configuration of this Tutorial is also available for download in sources folder.

  1. Install and Run CORE Network:

    • 1.1 Please download packages or VMware image available from CORE Network official download page.
    • 1.2 Install daemon and gui packages. Hint: On ubuntu 16.04 and ubuntu 18.04 we got trusty packages to work.
    • 1.3 Run CORE daemon /etc/init.d/core-daemon start.
  2. Add a Router and rename it firewall-router, then add a physical interface to get a bridge on a real ifname on your workstation:

    • 2.1 Configure (double click) the physical interface and select an ethernet interface of your workstation;
    • 2.2 Remove ipv6 from firewall_router if you don't need it;
    • 2.3 Using link tool link firewall-router to the physical interface;
    • Hint: do not use wireless interface for bridging

    Problem: Every time you stop and start your CORE session the Bridge ifname will change on your workstation. Use a command to keep it handy.

    BRIFNAME=$(ifconfig | grep  "^b.[0-9]\{4\}.[a-z0-9]*"| awk -F' ' {'print $1'})

    To make this persistent in a CORE session, as other preferencies, go to Session -> Hooks and configure as follow in picture: Alt text

  3. Run this first test.

    • 3.1 On CORE Network window, run the emulation session clicking on the green arrow, in the left menu.
    • 3.2 Open a terminal on your workstation, check available interfaces (ifconfig or ip ad sh). You will see at least two brand new interfaces, veth* and b.*.
    • 3.3 On your Workstation run brctl show to check what interfaces is a bridge (probably b.). You will also see that veth is the interfaces linked to this bridge.

    • 3.4 On your Workstation run tcpdump -i $BRIFNAME, you will see traffic from the firewall_router like DHCP/BOOT and maybe some ARP request too. Double click on firewall_router, it will open a terminal, see network the network interfaces and check its HWaddress, it's the same you get in the tcpdump stdout.
    # on your workstation
    ***for a quickly overview of the devices is better to use " nmcli "***
    tcpdump -i $BRIFNAME
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on b.42777.a7, link-type EN10MB (Ethernet), capture size 262144 bytes
    16:53:35.441144 IP > BOOTP/DHCP, Request from 00:00:00:aa:00:00 (oui Ethernet), length 300
    16:53:44.446805 IP > BOOTP/DHCP, Request from 00:00:00:aa:00:00 (oui Ethernet), length 300
  4. Configure the LAN to link your workstation to firewall_router. Remember that $BRIFNAME is only a variable name, be sure that this will have a different value on your setup!

    • 4.1 On your Workstation configure the ip with ifconfig $BRIFNAME or ip ad ch dev $BRIFNAME
    • 4.2 On your Workstation ping (firewall_router). Good news, a working layer2 was created from your workstation to your CORE Network session.
  5. Enable supernetting, firewall_router must reach internet. All these task must be executed on your workstation.

    • 5.1 Enable ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward.
    • 5.2 NAT all the traffic from the bridge to internet using iptables. What's your ifname linked to internet? That is the output interface:
      • iptables -t nat -A POSTROUTING -s -o wlp2s0 -j MASQUERADE;
      • is the ip of firewall_router;
      • wlp2s0 is the wireless interface that I'm using on my workstation to reach internet;
    • 5.3 Configure a default gateway to firewall_router with command route add default gw
  6. Create a persistent configuration in firewall_router with CORE Network hook services.

  7. Create Collision Zones, the switched LANs in your CORE Network project.

    • 7.2 Create two nodes, one in the A LAN and another in the B LAN.
    • 7.3 In A1 and B1 configuration change services.DefaultRoute configuring the correct firewall_router ip.
    • 7.4 Run a ]tracepath` from A1 to B1 and viceversa, this is a test to check if networks are now reachable each other through the firewall_router.
  8. Add some firewall rule in firewall_router configuration:

    • 8.1 Network A must reach internet and not B.
      • 8.1.1 Enable services.firewall in firewall_router.
      • 8.1.2 Reject traffic in FORWARD chain, from A to B.
        # IMPORTANT: accept returning packets from B to A, otherwise packets from B will not be forwarded
        # this means that if B reach A the forward will works because it was previously established 
        iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
        # REJECT traffic from A to B, ip_forward will works but this rule will reject the packets
        iptables -A FORWARD -s -d -j REJECT
      • 8.1.3 Add a masquerade rule to NAT all the traffic from A to Internet.
        iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE
    • 8.2 Network B must reach Internet and also A.
      • 8.2.1 Add masquerade rule to NAT all the traffic from B to Internet
        iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE


  • Make the tasks described in 8. without iptables but using Linux Advanced Routing and blackholes.
  • Please contribute, suggest other basic use cases, opening an Issue or Pull Request.
