High-speed Networks, Cybersecurity, and
Software-defined Networking Workshop
Monday June 15 – Friday June 19, 2020
Organizers
- University of South Carolina (UofSC)
- Western Accademy Support and Training Center (WAST)
- University of Texas at San Antonio (UTSA)
Venue
- Online via Zoom
- Link will be published soon
- NetLab link: https://netlab.cec.sc.edu/
Overview
This workshop provides Information Technology (IT) professionals with an introduction to tools and techniques for the administration of high-speed networks, Zeek Intrusion Detection System, and Software Defined Networks (SDN). Each attendee will have full control of equipment pods emulating internetworks and tools to learn and test TCP-related issues, Zeek-based intrusion detection, and SDNs.
Outcomes
By the end of this workshop, attendees will:
Network Tools and Protocols:
- Use tools and techniques for measuring performance
- Test Linux systems on emulated Wide Area Networks (WANs)
- Measure the performance of different TCP congestion control algorithms (Reno, HTCP, BBR) on high-throughput (10 Gbps) high-latency (varying parameters) networks
- Measure the impact of parallel streams and maximum segment size (MSS) on throughput
Software Defined Networking (SDN):
- Describe the main differences between Legacy Networks and Software Defined Networks
- Explain the roles of the data plane and the control plane
- Describe the fundamental characteristics of SDN: plane separation, centralized control, and network automation
- Explain the OpenFlow protocol used for communication between the controller and switches
Zeek:
- Describe Zeek operations
- Manage and automate Zeek instances
- Instrument Zeek for network forensics
- Develop a Zeek script for identifying and organizing specific malicious traffic events
Intended Audience
The audience of this workshop includes IT educators and professionals.
Award Information
This activity is supported by NSF award 1829698. Link to official webpage: NSF-1829698
Pre-requisites
Training activities will be conducted using NetLab. Attendees will be provided with a username and a password.
Virtual Machines for NTP, BGP, Zeek, and SDN Pods
The pods corresponding to the lab series “Network Tools and Protocols”, “Border Gateway Protocols”, “Zeek”, and “Software-defined Networking” consist of one virtual machine (VM) each. The VM for each pod can be downloaded and run with a hypervisor such as VMware Workstation and Virtual Box. Please see directions and URL below.
Installation guide: VirtualBox guide
Network Tools and Protocols (NTP), Border Gateway Protocol (BGP), and Zeek virtual machines: Link
Software-defined Networking (SDN) virtual machine: Link
Minimum Hardware Requirements:
| Resource | NTP | BGP | SDN | Zeek |
|---|---|---|---|---|
| CPU | 3 cores | 2 cores | 2 cores | 2 cores |
| Memory | 8GB | 8GB | 8GB | 8GB |
| Storage | 15GB | 30GB | 30GB | 20GB |
Agenda
DAY 1: Monday, June 15
| Time | Topic | Presenter |
|---|---|---|
| 09:00 - 09:15 | Workshop Overview [PDF, PPT] | Jorge Crichigno |
| 09:15 - 09:45 | Motivation for High Speed Networks [PDF, PPT] | Jorge Crichigno |
| 09:45 - 09:50 | Overview Network Tools and Protocols Lab Series [PDF, PPT] | Jorge Crichigno |
| 09:50 - 10:00 | Break | |
| 10:00 - 10:30 | Lab 1: Introduction to Mininet [PDF, PPT] | Jorge Crichigno, Elie Kfoury |
| 10:30 - 11:00 | Lab 2: iPerf [PDF, PPT] | Jorge Crichigno, Elie Kfoury |
| 11:00 - 11:10 | Break | |
| 11:10 - 11:45 | Lab 3: The Network Emulator (NETEM) Tool [PDF, PPT] | Jorge Crichigno, Elie Kfoury |
| 11:45 - 12:00 | Summary Day 1 | Jorge Crichigno |
| 12:00 - 13:00 | Lunch | |
| 13:00 - 14:00 | Office hours | Jorge Crichigno |
| Day 1 | Video | Chat |
DAY 2: Tuesday, June 16
| Time | Topic | Presenter |
|---|---|---|
| 09:00 - 09:15 | Review Labs 1-5 NTP Lab Series [PDF, PPT] | Jorge Crichigno |
| 09:15 - 10:00 | Lab 5: Token Bucket Filter [PDF, PPT] | Jorge Crichigno, Elie Kfoury |
| 10:00 - 10:10 | Break | |
| 10:10 - 10:50 | Lab 8: Bandwidth-delay Product and TCP buffer [PDF, PPT] | Jorge Crichigno, Elie Kfoury |
| 10:50 - 11:00 | Break | |
| 11:00 - 11:40 | Router's Bufferbloat [PDF, PPT] | Jorge Crichigno, Elie Kfoury |
| 11:40 - 12:00 | Discussion other NTP Labs and Summary of Day 2 | Jorge Crichigno |
| 12:00 - 13:00 | Lunch | |
| 13:00 - 14:00 | Office hours | Jorge Crichigno |
| Day 2 | Video | Chat |
DAY 3: Wednesday, June 17
| Time | Topic | Presenter |
|---|---|---|
| 09:00 - 09:10 | Review NTP Lab Series [PDF, PPT] | Jorge Crichigno |
| 09:10 - 09:40 | Introduction to Software Defined Networking (SDN) [PDF, PPT] | Jorge Crichigno |
| 09:40 - 09:50 | Overview SDN Lab Series [PDF, PPT] | Jorge Crichigno |
| 09:50 - 10:00 | Break | |
| 10:00 - 10:45 | Lab 2: Legacy Networks, BGP Routing [PDF, PPT] | Jorge Crichigno, Ali Alsabeh |
| 10:45 - 10:55 | Break | |
| 10:55 - 11:35 | Lab 4: SDN Concepts, Controllers, Flow Tables [PDF, PPT] | Jorge Crichigno, Ali Alsabeh |
| 11:35 - 12:00 | Discussion and Summary of Day 3 | Jorge Crichigno |
| 12:00 - 13:00 | Lunch | |
| 13:00 - 14:00 | Office hours | Jorge Crichigno |
| Day 3 | Video | Chat |
DAY 4: Thursday, June 18
| Time | Topic | Presenter |
|---|---|---|
| 09:00 - 09:40 | Lab 6: OpenFlow [PDF, PPT] | Jorge Crichigno, Ali Alsabeh |
| 09:40 - 09:50 | Break | |
| 09:50 - 10:30 | Lab 7: Connecting Legacy Networks to SDN Networks [PDF, PPT] | Jorge Crichigno, Ali Alsabeh |
| 10:30 - 10:40 | Break | |
| 10:40 - 11:10 | Introduction to Zeek Intrusion Detection System (IDS) [PDF, PPT] | Elias Bou-Harb |
| 11:10 - 11:15 | Overview Zeek Lab Series [PDF, PPT] | Elias Bou-Harb |
| 11:15 - 11:55 | Lab 1: Introduction to Capabilities of Zeek | Elias Bou-Harb, Christelle Nader |
| 11:55 - 12:00 | Summary of Day 4 | Jorge Crichigno, Elias Bou-Harb |
| 12:00 - 13:00 | Lunch | |
| 13:00 - 14:00 | Office hours | Jorge Crichigno |
| Day 4 | Video | Chat |
DAY 5: Friday, June 19
| Time | Topic | Presenter |
|---|---|---|
| 09:00 - 09:05 | Overview Zeek Lab Series | Jorge Crichigno |
| 09:05 - 09:45 | Lab 1: Introduction to Capabilities of Zeek | Elias Bou-Harb, Christelle Nader |
| 09:45 - 09:55 | Break | |
| 09:55 - 10:35 | Lab 2: An Overview of Zeek Logs | Elias Bou-Harb, Christelle Nader |
| 10:35 - 10:45 | Break | |
| 10:45 - 11:25 | Lab 4: Generating, Capturing and Analyzing Network Scanner Traffic | Elias Bou-Harb, Christelle Nader |
| 11:25 - 11:35 | Break | |
| 11:35 - 12:15 | Lab 9: Profiling and Performance Metrics of Zeek | Elias Bou-Harb, Christelle Nader |
| 12:15 - 12:35 | Final Discussion, Feedback Day 5 | Jorge Crichigno |
| Day 5 | Video | Chat |
Virtual Laboratory (vLabs) Experiments
| Lab | Network Tools and Protocols | Software-defined Networking (SDN) | Bro/Zeek |
|---|---|---|---|
| Lab 1 | Introduction to Mininet [PDF] | Introduction to Mininet [PDF] | Introduction to the Capabilities of Zeek [PDF] |
| Lab 2 | Introduction to Iperf3 [PDF] | Legacy Networks: BGP Example as a Distributed System and Autonomous Forwarding Decisions [PDF] | An Overview of Zeek Logs [PDF] |
| Lab 3 | Emulating WAN with NETEM I: Latency, Jitter [PDF] | Early efforts of SDN: MPLS Example of a Control Plane that Establishes Semi-static Forwarding Paths [PDF] | Parsing, Reading and Organizing Zeek Log Files [PDF] |
| Lab 4 | Emulating WAN with NETEM II: Packet Loss, Duplication, Reordering, and Corruption [PDF] | Introduction to SDN [PDF] | Generating, Capturing and Analyzing Network Scanner Traffic [PDF] |
| Lab 5 | Setting WAN Bandwidth with Token Bucket Filter (TBF) [PDF] | Configuring VXLAN to Provide Network Traffic Isolation [PDF] | Generating, Capturing and Analyzing DoS and DDoS-centric Network Traffic [PDF] |
| Lab 6 | Understanding Traditional TCP Congestion Control (HTCP, Cubic, Reno) [PDF] | Introduction to OpenFlow [PDF] | Introduction to Zeek Scripting [PDF] |
| Lab 7 | Understanding Rate-based TCP Congestion Control (BBR) [PDF] | Interconnection between Legacy Networks and SDN Networks [PDF] | Introduction to Zeek Signatures [PDF] |
| Lab 8 | Bandwidth-delay Product and TCP Buffer Size [PDF] | Advanced Zeek Scripting for Anomaly and Malicious Event Detection [PDF] | |
| Lab 9 | Enhancing TCP Throughput with Parallel Streams [PDF] | Profiling and Performance Metrics of Zeek [PDF] | |
| Lab 10 | Measuring TCP Fairness [PDF] | Application of the Zeek IDS for Real-Time Network Protection [PDF] | |
| Lab 11 | Router's Buffer Size [PDF] | Preprocessing of Zeek Output Logs for Machine Learning [PDF] | |
| Lab 12 | TCP Rate Control with Pacing [PDF] | Developing Machine Learning Classifiers for Anomaly Inference and Classification [PDF] | |
| Lab 13 | Impact of MSS on Throughput [PDF] | ||
| Lab 14 | Router's Bufferbloat [PDF] | ||
| Lab 15 | Analyzing the Impact of Hardware Offloading on TCP Performance [PDF] | ||
| Lab 16 | Random Early Detection [PDF] | ||
| Lab 17 | Stochastic Fair Queueing [PDF] | ||
| Lab 18 | Controlled Delay (CoDel) Active Queue Management [PDF] | ||
| Lab 19 | Proportional Integral Controller-Enhanced (PIE) [PDF] | ||
| Lab 20 | Classifying TCP traffic using Hierarchical Token Bucket (HTB) [PDF] | ||
| Lab Manuals | NTP Lab Series [PDF] | SDN Lab Series [PDF] | Zeek/Bro Lab Series [PDF] |
Resources
| Resource | Comment | URL |
|---|---|---|
| Mininet | Virtual testbed enabling the development and testing of network tools and protocols | http://mininet.org |
| iPerf3 | Real-time network throughput measurement tool | https://software.es.net/iperf |
| Traffic Control (TC) - NetEm, TBF, CoDel, FQ-CoDel, PIE, HTB, SFQ, RED | Utility program used to configure the Linux kernel packet scheduler | https://man7.org/linux/man-pages/man8/tc.8.html |
| Wireshark | Packet analyzer used for network troubleshooting, analysis, protocol development, and education | https://www.wireshark.org/ |
| ONOS | Scalable and distributed SDN controller platform | https://www.opennetworking.org/onos/ |
| FRRouting | IP routing protocol suite for Linux and Unix | https://frrouting.org/ |
| Containernet | Mininet fork that allows to use Docker containers as hosts in emulated networks | https://containernet.github.io/ |
| Zeek | Network analysis framework primarily used in security monitoring and traffic analysis | https://zeek.org/ |
| Weka | Workbench for machine learning | https://www.cs.waikato.ac.nz/ml/weka/ |
| Ostinato | Network traffic generator | https://ostinato.org/ |
| TCPReplay | Editing and replaying previously captured network traffic | https://tcpreplay.appneta.com/ |
| VyOS | Open source network operating system based on Debian GNU/Linux | https://www.vyos.io/ |
| SDN-IP | ONOS application that allows an SDN network to peer and exchange traffic with adjacent external networks using the BGP | https://wiki.onosproject.org/display/ONOS/SDN-IP/ |