Master's Thesis

Containerization of Network Simulator 3 Project with Support for External Devices and Network Security

Final Thesis 2.78 MB

Author of thesis: Ing. Dorinda Bassey, BSC.

Acad. year: 2024/2025

Supervisor: Ing. Jan Benedikt

Reviewer: Ing. Minh Tran

Abstract:

Network Simulation is an important aspect of computer and wireless networking. It is useful in the simulation of real computer networks. Over the years, the increasing usage of containerization technologies, such as Docker and Podman, has changed the way network simulations are being deployed and managed.

The goal of this master's thesis is to design and implement a containerized NS-3 project within a Podman container environment that focuses on the interaction and network analysis between an external device and the containerized NS-3 project. The NS-3 simulator project aims to implement a simulated network containing multiple subnets, UDP traffic type, different NS-3 modules - tap-bridge, internet, P2P, CSMA, and how the different testing scenarios introduce collision in the network to observe their impact on the network functionality. In order to analyze network communication and performance, the following tools were used: ICMP ping, NetAnim to display the network nodes and the animation of the packet flows.

Furthermore, this project delves into the details of implementation and challenges of the containerized network solution.
Two variants of the network setup are proposed to achieve the integration of external physical devices into a simulated containerized network. The first variant is a setup of a container running the NS-3 simulated project that interacts with an external device that is setup on the host machine. The second variant is a setup of the NS-3 simulator running in a container that interacts directly with the external device in another container. The containerized NS-3 project is achieved by designing a simulated network with one subnet and another simulated network with multiple subnets. The containerized NS-3 project interacts with the external device using the UDP protocol.

In the security section of this paper, we will focus on how security is implemented in the network devices of the simulator and the container security. We will discuss how specific nodes and specific ports can be used to communicate with the external device, which is achieved through traffic control management, implementation of firewall and packet filtering.
The final result of this thesis project is a containerized network simulator that interacts with an external device with the implementation of security features.

Keywords:

NS-3, UDP, Container, Virtualization, Containerized, External device, NetAnim, Tap
Device, Simulation, Network, Simulated, Node, Podman, Docker, NetAnim, Bridge,
Security, Firewall, Seccomp, traffic control, queueing discipline, qdisc, packet filtering,
FqCoDel, port.

Date of defence

09.06.2025

Result of the defence

Defended (thesis was successfully defended)

znamkaAznamka

Grading

A

Process of defence

Student presented the results of her thesis and the committee got familiar with reviewer's report. Student defended her Diploma Thesis and answered the questions from the members of the committee and the reviewer

Language of thesis

English

Faculty

Fakulta elektrotechniky a komunikačních technologií

Department

Department of Telecommunications

Study programme

Communications and Networking (Double-Degree) (MPAD-CAN)

Composition of Committee

doc. Ing. Jan Jeřábek, Ph.D. (místopředseda)
M.Sc. Sara Ricci, Ph.D. (člen)
Ing. Martin Štůsek, Ph.D. (člen)
Ing. Pavel Paluřík (člen)
Ing. Willi Lazarov (člen)
prof. Ing. Miroslav Vozňák, Ph.D. (předseda)

Supervisor’s report
Ing. Jan Benedikt

EN: The aim of the thesis was to design and implement a system for connecting an external device to a simulation within the Network Simulator 3 framework, to secure the network, and to containerize the entire solution in accordance with current standards. The student approached the work conscientiously and regularly consulted her progress with the thesis supervisor. The thesis is well-structured and meets all formal requirements. The supervisor considers all defined objectives to have been successfully achieved. The developed solution is available on GitHub as open-source. The final grade was reduced due to the use of non-academic sources (e.g., Wikipedia).
---
CZ: Studentka měla za úkol navrhnout a implementovat systém připojení externího zařízení do simulace ve frameworku Network-Simulator 3, dále měla síť zabezpečit a celé řešení kontejnerizovat dle současných standardů. Studentka přistupovala k práci svědomitě a pravidelně své výsledky konzultovala s vedoucím práce. Práce je dobře strukturovaná a splňuje všechny formální náležitosti. Vedoucí práce považuje všechny stanovené cíle za splněné. Vytvořené řešení je dostupné na portálu GitHub ve formě open-source. Bodové hodnocení bylo sníženo za použití neakademických zdrojů (Wikipedia). Points proposed by supervisor: 95

Grade proposed by supervisor: A

Reviewer’s report
Ing. Minh Tran

The thesis comprehensively addresses the task of containerizing the Network Simulator 3 application, enabling integration with external physical devices, and implementing network security features. The author methodically explores and documents several network design variants, ultimately achieving reliable communication between the containerized NS-3 simulation and external devices through both host and container setups. Security is handled with the implementation of traffic control, firewall mechanisms, and container hardening. All main objectives, including performance analysis, network interaction, and security, are fully met and demonstrated with practical results and detailed configuration scripts. All of the resource code is openly available on GitHub.
From the perspective of the formatting and language of the thesis. The text is mostly clear and professional, with a logical structure and well-organized chapters. There are minor consistency issues and occasional informal expressions, but these do not significantly detract from the overall readability. Regarding information resources, the thesis relies heavily on online documentation, manuals, and technical guides, with few references to scientific papers. As a result, there is limited discussion of the state of the art or comparison with related academic research. But that is understandable given the nature of this thesis.
Overall, the strengths of this thesis include thorough documentation, reproducibility, and a high level of technical integration. The thesis fulfills its goals with a solid, professional, and practical solution. On the other hand, there could have been more scientific depth and engagement with academic literature. Topics for thesis defence:
  1. How would your solution scale if you needed to integrate multiple external devices or run more complex topologies?
  2. How did you validate that your security mechanisms (e.g., traffic control, firewall mechanisms, and container hardening) are effective in practice?
Points proposed by reviewer: 88

Grade proposed by reviewer: B

Responsibility: Mgr. et Mgr. Hana Odstrčilová