1. Home
  2. June 2020, WAST, Online

June 2020, WAST, Online

 

 

High-speed Networks, Cybersecurity, and
Software-defined Networking Workshop

Monday June 15 – Friday June 19, 2020

 
Organizers
  • University of South Carolina (UofSC)
  • Western Accademy Support and Training Center (WAST)
  • University of Texas at San Antonio (UTSA)
Venue

 

 

 

Overview

This workshop provides Information Technology (IT) professionals with an introduction to tools and techniques for the administration of high-speed networks, Zeek Intrusion Detection System, and Software Defined Networks (SDN). Each attendee will have full control of equipment pods emulating internetworks and tools to learn and test TCP-related issues, Zeek-based intrusion detection, and SDNs.

 

Outcomes

By the end of this workshop, attendees will:

 
Network Tools and Protocols:
  • Use tools and techniques for measuring performance
  • Test Linux systems on emulated Wide Area Networks (WANs)
  • Measure the performance of different TCP congestion control algorithms (Reno, HTCP, BBR) on high-throughput (10 Gbps) high-latency (varying parameters) networks
  • Measure the impact of parallel streams and maximum segment size (MSS) on throughput
Software Defined Networking (SDN):
  • Describe the main differences between Legacy Networks and Software Defined Networks
  • Explain the roles of the data plane and the control plane
  • Describe the fundamental characteristics of SDN: plane separation, centralized control, and network automation
  • Explain the OpenFlow protocol used for communication between the controller and switches
Zeek:
  • Describe Zeek operations
  • Manage and automate Zeek instances
  • Instrument Zeek for network forensics
  • Develop a Zeek script for identifying and organizing specific malicious traffic events

Intended Audience

The audience of this workshop includes IT educators and professionals.

 

Award Information

This activity is supported by NSF award 1829698. Link to official webpage: NSF-1829698

 

Pre-requisites

Training activities will be conducted using NetLab. Attendees will be provided with a username and a password.

 

Virtual Machines for NTP, BGP, Zeek, and SDN Pods

The pods corresponding to the lab series “Network Tools and Protocols”, “Border Gateway Protocols”, “Zeek”, and “Software-defined Networking” consist of one virtual machine (VM) each. The VM for each pod can be downloaded and run with a hypervisor such as VMware Workstation and Virtual Box. Please see directions and URL below.

Installation guide: VirtualBox guide
Network Tools and Protocols (NTP), Border Gateway Protocol (BGP), and Zeek virtual machines: Link
Software-defined Networking (SDN) virtual machine: Link

Minimum Hardware Requirements:

Resource NTP BGP SDN Zeek
CPU 3 cores 2 cores 2 cores 2 cores
Memory 8GB 8GB 8GB 8GB
Storage 15GB 30GB 30GB 20GB

 

 

Agenda

 
DAY 1: Monday, June 15
Time Topic Presenter
09:00 - 09:15 Workshop Overview [PDF, PPT] Jorge Crichigno
09:15 - 09:45 Motivation for High Speed Networks [PDF, PPT] Jorge Crichigno
09:45 - 09:50 Overview Network Tools and Protocols Lab Series [PDF, PPT] Jorge Crichigno
09:50 - 10:00 Break  
10:00 - 10:30 Lab 1: Introduction to Mininet [PDF, PPT] Jorge Crichigno, Elie Kfoury
10:30 - 11:00 Lab 2: iPerf [PDF, PPT] Jorge Crichigno, Elie Kfoury
11:00 - 11:10 Break  
11:10 - 11:45 Lab 3: The Network Emulator (NETEM) Tool [PDF, PPT] Jorge Crichigno, Elie Kfoury
11:45 - 12:00 Summary Day 1 Jorge Crichigno
12:00 - 13:00 Lunch  
13:00 - 14:00 Office hours Jorge Crichigno
Day 1 Video Chat
 
DAY 2: Tuesday, June 16
Time Topic Presenter
09:00 - 09:15 Review Labs 1-5 NTP Lab Series [PDF, PPT] Jorge Crichigno
09:15 - 10:00 Lab 5: Token Bucket Filter [PDF, PPT] Jorge Crichigno, Elie Kfoury
10:00 - 10:10 Break  
10:10 - 10:50 Lab 8: Bandwidth-delay Product and TCP buffer [PDF, PPT] Jorge Crichigno, Elie Kfoury
10:50 - 11:00 Break  
11:00 - 11:40 Router's Bufferbloat [PDF, PPT] Jorge Crichigno, Elie Kfoury
11:40 - 12:00 Discussion other NTP Labs and Summary of Day 2 Jorge Crichigno
12:00 - 13:00 Lunch  
13:00 - 14:00 Office hours Jorge Crichigno
Day 2 Video Chat
 
DAY 3: Wednesday, June 17
Time Topic Presenter
09:00 - 09:10 Review NTP Lab Series [PDF, PPT] Jorge Crichigno
09:10 - 09:40 Introduction to Software Defined Networking (SDN) [PDF, PPT] Jorge Crichigno
09:40 - 09:50 Overview SDN Lab Series [PDF, PPT] Jorge Crichigno
09:50 - 10:00 Break  
10:00 - 10:45 Lab 2: Legacy Networks, BGP Routing [PDF, PPT] Jorge Crichigno, Ali Alsabeh
10:45 - 10:55 Break  
10:55 - 11:35 Lab 4: SDN Concepts, Controllers, Flow Tables [PDF, PPT] Jorge Crichigno, Ali Alsabeh
11:35 - 12:00 Discussion and Summary of Day 3 Jorge Crichigno
12:00 - 13:00 Lunch  
13:00 - 14:00 Office hours Jorge Crichigno
Day 3 Video Chat
 
DAY 4: Thursday, June 18
Time Topic Presenter
09:00 - 09:40 Lab 6: OpenFlow [PDF, PPT] Jorge Crichigno, Ali Alsabeh
09:40 - 09:50 Break  
09:50 - 10:30 Lab 7: Connecting Legacy Networks to SDN Networks [PDF, PPT] Jorge Crichigno, Ali Alsabeh
10:30 - 10:40 Break  
10:40 - 11:10 Introduction to Zeek Intrusion Detection System (IDS) [PDF, PPT] Elias Bou-Harb
11:10 - 11:15 Overview Zeek Lab Series [PDF, PPT] Elias Bou-Harb
11:15 - 11:55 Lab 1: Introduction to Capabilities of Zeek Elias Bou-Harb, Christelle Nader
11:55 - 12:00 Summary of Day 4 Jorge Crichigno, Elias Bou-Harb
12:00 - 13:00 Lunch  
13:00 - 14:00 Office hours Jorge Crichigno
Day 4 Video Chat
 
DAY 5: Friday, June 19
Time Topic Presenter
09:00 - 09:05 Overview Zeek Lab Series Jorge Crichigno
09:05 - 09:45 Lab 1: Introduction to Capabilities of Zeek Elias Bou-Harb, Christelle Nader
09:45 - 09:55 Break  
09:55 - 10:35 Lab 2: An Overview of Zeek Logs Elias Bou-Harb, Christelle Nader
10:35 - 10:45 Break  
10:45 - 11:25 Lab 4: Generating, Capturing and Analyzing Network Scanner Traffic Elias Bou-Harb, Christelle Nader
11:25 - 11:35 Break  
11:35 - 12:15 Lab 9: Profiling and Performance Metrics of Zeek Elias Bou-Harb, Christelle Nader
12:15 - 12:35 Final Discussion, Feedback Day 5 Jorge Crichigno
Day 5 Video Chat

 

 

Virtual Laboratory (vLabs) Experiments

Lab Network Tools and Protocols Software-defined Networking (SDN) Bro/Zeek
Lab 1 Introduction to Mininet [PDF] Introduction to Mininet [PDF] Introduction to the Capabilities of Zeek [PDF]
Lab 2 Introduction to Iperf3 [PDF] Legacy Networks: BGP Example as a Distributed System and Autonomous Forwarding Decisions [PDF] An Overview of Zeek Logs [PDF]
Lab 3 Emulating WAN with NETEM I: Latency, Jitter [PDF] Early efforts of SDN: MPLS Example of a Control Plane that Establishes Semi-static Forwarding Paths [PDF] Parsing, Reading and Organizing Zeek Log Files [PDF]
Lab 4 Emulating WAN with NETEM II: Packet Loss, Duplication, Reordering, and Corruption [PDF] Introduction to SDN [PDF] Generating, Capturing and Analyzing Network Scanner Traffic [PDF]
Lab 5 Setting WAN Bandwidth with Token Bucket Filter (TBF) [PDF] Configuring VXLAN to Provide Network Traffic Isolation [PDF] Generating, Capturing and Analyzing DoS and DDoS-centric Network Traffic [PDF]
Lab 6 Understanding Traditional TCP Congestion Control (HTCP, Cubic, Reno) [PDF] Introduction to OpenFlow [PDF] Introduction to Zeek Scripting [PDF]
Lab 7 Understanding Rate-based TCP Congestion Control (BBR) [PDF] Interconnection between Legacy Networks and SDN Networks [PDF] Introduction to Zeek Signatures [PDF]
Lab 8 Bandwidth-delay Product and TCP Buffer Size [PDF]   Advanced Zeek Scripting for Anomaly and Malicious Event Detection [PDF]
Lab 9 Enhancing TCP Throughput with Parallel Streams [PDF]   Profiling and Performance Metrics of Zeek [PDF]
Lab 10 Measuring TCP Fairness [PDF]   Application of the Zeek IDS for Real-Time Network Protection [PDF]
Lab 11 Router's Buffer Size [PDF]   Preprocessing of Zeek Output Logs for Machine Learning [PDF]
Lab 12 TCP Rate Control with Pacing [PDF]   Developing Machine Learning Classifiers for Anomaly Inference and Classification [PDF]
Lab 13 Impact of MSS on Throughput [PDF]    
Lab 14 Router's Bufferbloat [PDF]    
Lab 15 Analyzing the Impact of Hardware Offloading on TCP Performance [PDF]    
Lab 16 Random Early Detection [PDF]    
Lab 17 Stochastic Fair Queueing [PDF]    
Lab 18 Controlled Delay (CoDel) Active Queue Management [PDF]    
Lab 19 Proportional Integral Controller-Enhanced (PIE) [PDF]    
Lab 20 Classifying TCP traffic using Hierarchical Token Bucket (HTB) [PDF]    
Lab Manuals NTP Lab Series [PDF] SDN Lab Series [PDF] Zeek/Bro Lab Series [PDF]

 

 

Resources

Resource Comment URL
Mininet Virtual testbed enabling the development and testing of network tools and protocols http://mininet.org
iPerf3 Real-time network throughput measurement tool https://software.es.net/iperf
Traffic Control (TC) - NetEm, TBF, CoDel, FQ-CoDel, PIE, HTB, SFQ, RED Utility program used to configure the Linux kernel packet scheduler https://man7.org/linux/man-pages/man8/tc.8.html
Wireshark Packet analyzer used for network troubleshooting, analysis, protocol development, and education https://www.wireshark.org/
ONOS Scalable and distributed SDN controller platform https://www.opennetworking.org/onos/
FRRouting IP routing protocol suite for Linux and Unix https://frrouting.org/
Containernet Mininet fork that allows to use Docker containers as hosts in emulated networks https://containernet.github.io/
Zeek Network analysis framework primarily used in security monitoring and traffic analysis https://zeek.org/
Weka Workbench for machine learning https://www.cs.waikato.ac.nz/ml/weka/
Ostinato Network traffic generator https://ostinato.org/
TCPReplay Editing and replaying previously captured network traffic https://tcpreplay.appneta.com/
VyOS Open source network operating system based on Debian GNU/Linux https://www.vyos.io/
SDN-IP ONOS application that allows an SDN network to peer and exchange traffic with adjacent external networks using the BGP https://wiki.onosproject.org/display/ONOS/SDN-IP/