Using GENI to Teach Cloud Security

——————————————————————————————————————————————————————————————-

Short overview of the module

This module begins with an introduction to GENI (Global Environment for Network Innovations) through a set of slides. This is followed by a demonstration experiment on GENI – this is a first, simple experiment on GENI useful for familiarizing new experimenters with GENI and the tools for using GENI.

We then provide a hands-on tutorial using GENI resources: (i) to run an OpenFlow firewall, and (ii) build a router for a network with a private address space – one-to-many NAT.

This module could be used in a junior-level class, such as Operating Systems or Networking. It is designed as a self-contained module that could be used as is, slides and all. It could also be modified to fit into the course you are teaching. If you decide to use this module, we would highly appreciate if you could simply send us an email letting us know in what course you plan to use this module. Any suggestions for improvement are also very welcome. And if you wish to share your own modified version of this module with other instructors, we could host your module on our site (with due credit to you of course).

Required background / Target students

This module is designed for students who are in an undergraduate class that teaches Operating Systems or Networking, within a curriculum in Computer Science or Computer Engineering. It assumes the student is already familiar with basic concepts of operating systems or networking.

Learning goals

After this module is taught as part of a Computer Science Systems course, the student will:

• understand the purpose and fundamental principles of OpenFlow;
• be able to explain in broad terms what Network Function Virtualization is;
• be familiar with GENI as a free and valuable resource for experimentation;
• be able to run an experiment on a GENI testbed;
• know how to setup a router to handle Network Address Translation using GENI.

 Reading:

• Network Functions Virtualization (White Paper #3 – Network Operators Perspective)
• OpenFlow-enabled SDN and Network Functions Virtualization (Open Networking Foundation, Feb 2014)

Slidesets

• Introduction to GENI [pptx] [pdf]
• GENI Terminology [pptx] [pdf]
• Introduction to OpenFlow [pptx] [pdf]

 Your First Experiment on GENI

• LabZero: A First Experiment Using GENI and Jacks Tool [web] [pdf]
• Lab Zero Worksheet [pdf]

Tutorial / Assignment – OpenFlow and Network Address Translation (NAT)

• OpenFlow Firewall and NAT Devices [web] [pdf]

Resources

• Original NFV White Paper, October 2012
• NFV ISG Published Documents
• NFV White Paper Update, October 2013
• NFV ISG Draft Documents
• NFV ISG PoC Framework
• NFV ISG PoCs in Progress
• Main OpenFlow Homepage

 Related software

• Click: http://read.cs.ucla.edu/click/click
• Firewalls & NAT:
  iptables: http://www.netfilter.org/
• Proxy & Load balancer:
  Squid: http://www.squid-cache.org/
  Balance: http://www.inlab.de/balance.html
  HAproxy: http://www.haproxy.org
• Monitor & Intrusion Detection System:
  Bro: https://www.bro.org/
  Snort: https://www.snort.org/
  Prads: http://gamelinux.github.io/prads/