When connecting to a real network using other connection types than port forwarding, Simics needs low-level access to the simulation host's Ethernet interfaces to send and receive packets. However, operating systems do not usually allow user programs low-level access to Ethernet interfaces: it requires specific configuration with administrative rights.
The access method used by Simics is called TAP; it is a virtual Ethernet interface on the simulation host. Ethernet bridging and host connections require the use of TAP, but, as stated above, port forwarding connections do not.
With TAP access Simics will connect the simulated network to a virtual Ethernet (TAP) interface provided by the operating system. Accessing the TAP interface does not require administrative privileges, so once the TAP interface has been configured, Simics can connect to the real network without administrative privileges.
The TAP interface can either be bridged to a real Ethernet interface to create an Ethernet bridging connection, or configured with an IP address to create a host connection. This section only describes the basic configuration which is required for both kinds of connections. Read section 3.2.2 for the additional steps needed for Ethernet bridging connections and 3.2.3 for the additional steps required for host connections.
The setup required for TAP access differs for simulation hosts running Linux and Windows.
Creating a TAP interface that Simics can use is done in two simple steps. These commands require administrative privileges:
Give the user running the simulation access to the /dev/net/tun device.
computer# chmod a+rw /dev/net/tun
Create the TAP interface. Here the name of the user that will be using the TAP interface is assumed to be joe and the name of the TAP interface will be sim_tap0, but it should of course be replaced with the correct user name and TAP interface.
computer# ip tuntap add sim_tap0 mode tap user joe
Bring up the interface. (Optional in some environments.)
computer# ip link set dev sim_tap0 up
To remove a TAP interface, do the following (requires administrative privileges):
computer# ip tuntap del mode tap name sim_tap0
To create a TAP interface, a TAP driver is required. One such is available from the OpenVPN project. See the Advanced Installation Options in the Installation Guide for information about how to do this.
Simics uses the MAC addresses of the simulation host's network interfaces to identify the host for licensing purposes. The licensing system does not differentiate TAP interfaces and real Ethernet interfaces. Creating or removing TAP interfaces may therefore cause a node-locked license to stop working. Renaming the TAP device so that the Local Area Connection is first will probably fix this.
Configuring a TAP interface consists of setting its name and IP address.
On Windows, TAP devices are typically created with sufficient permissions for all users to be able to access them. On Linux however, you have to be the user or belong to the group that was specified when the device was created to be able to access it . On both Windows and Linux, each device can only be opened by one application at a time. These facts can lead to problems when multiple users tries to run the same Simics configuration on the same machine, possibly even at the same time.
Let us take a closer look at how to solve the problem with having multiple users running identical configurations on the same machine, but not necessarily at the same time:
Newer versions of the Linux kernel offers the possibility to assign a group to a TAP device; any member of that group is allowed to open the tap device, and no further configuration is needed. That means that any routing table entries that has been set up on the simulation host has to be configured only once and can remain the same after that. Without the group functionality of TAP devices, each user must use its own TAP device. This means that the interface argument to connect-real-network-[host,bridge] must depend on which user that runs the command, and routes on the simulation host must be updated to match that TAP device. As has previously been said, TAP devices on Windows can typically be accessed by all users, so the choice of having one or multiple TAP devices is entirely up to the users.
If several users needs to run identical configurations at the same time with access to the same real network it gets even more complicated; the simple answer is that it is generally not possible. Even if the users run the configuration on different simulation hosts, it is generally not possible connect both simulations to the real network in a correct and working manner. The reasons are a little different between a host connection and a bridged connection, but in both cases it has to do with the fact that there are multiple target machines that have the same IP and MAC addresses on connected to the real network in some way.
When using a bridged real network connection, the simulated network will appear to be the same network as the real one. When running two identical simulations, both MAC and IP addresses will be duplicated on the same network, which will lead to unexpected behavior even if different simulation hosts are used. When using a host connection the simulation host can only route traffic to one of the simulated networks since the network addresses and TAP interface addresses has to be the same for both simulations. The only possible setup is a host connection where each simulation is running on a different machine, and the only communication is internally on the simulated network and between simulated machines and their simulation host.
The general solution to this problem is to use configurations that are not completely identical. Each simultaneously running configuration should have unique network properties, such as IP address range, MAC address range and TAP interface. Using such Simics configurations, all network configuration, including routes and TAP interfaces on the real hosts can be done in advance and does not have to be changed for every Simics configuration that is started. For example, if a bridged connection is required, several TAP interfaces and a real network interface can be bridged together to form a single bridge.
The examples below show how real network connections can be configured when running multiple almost identical Simics configurations simultaneously. For both examples, the part of the configuration that has to be done by the root user can be done once so that the user running the simulation does not need administrative privileges.
Figure 2 shows a setup with two Simics processes on the same simulation host, both using a host connection. Each Simics process connects to its own TAP device. All target machines in the Simics 0 configuration has IP addresses on the 10.10.x.0 network while the Simics 1 configuration has IP addresses on the 10.10.y.0 network. It is important that all the real hosts that the target machines needs to talk to has static routes set up for the 10.10.x.0 and 10.10.y.0 networks, using the simulation host as gateway.
Figure 3 shows a setup similar to Figure 2. In this case the target machine connect to the real network using an Ethernet bridge on the simulation host. The bridge is invisible to both the target machines and the real hosts. As all IP addresses must be on the 192.168.0.0 network, the Simics 0 configuration uses IP addresses between 192.168.0.0 and 192.168.0.9, and the Simics 1 configuration uses IP addresses between 192.168.0.10 and 192.168.0.19. Note that both sim_tap0 and sim_tap1 is part of the same Ethernet bridge, and that none of the interfaces that is a part of the bridge has any IP address. In this description the MAC addresses has been left out to not unnecessarily clutter the figure and description. These needs to be partitioned between the two Simics configurations in the same way as the IP addresses.
