Tutorials, Workshops and Co-Located Meetings

Speaker:

• Shannon Byrnes, Internet2

Abstract:

Your pride and joy, a functional network automation-related Python script, lives in your computer’s home directory. You might even have a cronjob for it. Ready for the next step?

Learn the basics of version control with Git, how to package (and why) your python scripts, and get a sneak peak into more advanced CI/CD tactics to automate your network with code commits.

This workshop will cover:

• Simple version control
• Github/Gitlab Basics
• CI/CD Basics and uses
• Python Packaging

Familiarity with using a Unix shell is required. Familiarity with Python is helpful for Python packaging-related content.

Speaker:

• Paul Ruth, University of North Carolina – Chapel Hill

Abstract:

If you could build the next Internet what would it look like? FABRIC is developing an advanced national network infrastructure that will help network, security and systems researchers do just that, and along the way helps make scientific discoveries faster and easier by improving the underlying complex cyberinfrastructure and algorithms. In this tutorial potential FABRIC early experimenters will enroll onto FABRIC, learn how to use the FABRIC portal and manage their credentials through the portal and create basic experiments using FABRIC Jupyter Hub. The participants will learn to use FABRIC experimenter-facing features including FABlib Python API library and FABRIC experiment measurement capabilities.

This tutorial does not require prior familiarity with FABRIC, although a basic understanding of Linux command line, the use of SSH, Jupyter Notebooks and Python are recommended. Attendees are required to bring their own laptops. They are strongly encouraged to complete FABRIC enrollment before the start of the tutorial.

Familiarity with using a Unix shell is required. Familiarity with Python is helpful for Python packaging-related content.

Speakers:

• Vasilios Vasiliadis, University of Chicago
• Rachana Ananthakrishnan, University of Chicago
• Josh Bryan, University of Chicago

Abstract:

The Globus platform enables research applications developed by research teams to leverage data and compute services across many tiers of service—from personal computers and local storage to national supercomputing centers—with minimal deployment and maintenance burden. Globus is operated by the University of Chicago and is used by nearly all R1 universities, national labs, and supercomputing centers in the United States, as well as many smaller institutions.

In this tutorial, we’ll begin by introducing the Globus Platform-as-a-Service, including how to register an application and how to access Globus APIs using our Python SDK. We will present examples of how the various Globus services, interfaces, and tools may be used to develop research applications. We will walk participants through authentication and access control with Globus’s Auth and Groups APIs; making data findable and accessible using Globus guest collections, data transfer API, and indexed Search API; and automating research with Globus’s Flows and Compute APIs. Participants will use Jupyter notebooks to experiment with these capabilities and they will also become familiar with the Globus web application.

Speaker:

• Jorge Crichigno Benitez, University of South Carolina

Abstract:

Data plane programmability with P4 has recently attracted significant attention from both the research community and the industry, permitting network engineers to run customized packet processing functions in the data plane. One of the main features of P4 switches is the real-time visibility in the data plane. This feature enables users to develop new applications that use precise measurements (up to nanosecond resolution) for performance improvements, cybersecurity, troubleshooting, per-packet analysis, and more.

The tutorial will provide Information Technology (IT) professionals and practitioners (network engineers, students, instructors) with an introduction to P4 programmable switches, followed by applications that produce and use precise network measurements. The tutorial will cover first the fundamentals of programmable switches: P4 building blocks, parser implementation, and match-action tables. Then, the tutorial will continue with network measurements and applications: monitoring the switch’s queue using standard metadata; measuring flow statistics using direct and indirect counters; measuring flow RTT, packet loss, and throughput; identifying TCP congestion control type using packet inter-arrival time; and other applications.

Attendees will have access to a virtual platform and detailed manuals that will accompany the laboratory experiments running on the virtual platform. The virtual platform will be accessible from the Internet using a regular web browser (no SSH, Telnet, or other requirements). Access to the training platform will be granted for six months.

Speaker:

• Elisa Heymann Pignolo, University of Wisconsin – Madison

Abstract:

Securing your network is not enough! Every service that you deploy is a window into your data center from the outside world, and a window that could be exploited by an attacker.

This tutorial is relevant to anyone wanting to learn about minimizing security flaws in the software they develop or manage. We share our experiences gained from performing vulnerability assessments of critical software. You will learn skills critical for software developers and analysts concerned with security.

Dependency analysis tools – tools that find weaknesses in the software supply chain – are the first line of defense in assessing the security of a software project. These tools can catch flaws in the packages and libraries a program depends upon, and that affects the safety of the application. This tutorial is also relevant to anyone wanting to learn how to use these automated dependency analysis tools to minimize security flaws in the software they develop or manage.

We will provide all the required software, installed and configured, on a Virtual Machine.

The tutorial will start with some basic vocabulary presenting terms that will help the attendees focus the key concepts being taught. This will include such terms as attack surface, impact surface, vulnerability, exploit, and mitigation.

We will continue with a section on Thinking Like an Attacker (“owning the bits”) to get the attendees in the right mind set. The first major technical area of our tutorial is a presentation of the most common vulnerabilities found in middleware and services. Descriptions of each type of vulnerability will be presented with examples. The examples will show how each type of vulnerability occurs within code, pointing out how common usage patterns for system library routines, kernel calls, and common programming techniques can result in a vulnerability. The coding examples are presented in Java, C/C++, Python and Perl.

Along with the description of the vulnerabilities, we will show how the vulnerabilities can be mitigated or eliminated through the use of specific programming and design techniques. An important part of our discussion of each vulnerable technique is a description of the thought processes used by the attacker in developing an exploit.

The second technical area of our tutorial is a presentation about dependency analysis tools. Recognizing the importance of software dependences, software supply chain risk management, and generating a software “bill of materials”, we have added this new topic.  We will introduce different kind of dependency tools, describe how these tools work, and discuss their output and limitations. We will also show how different tools produce different results, and that despite what vendors say, there is no a single tool that works the best for all applications. In this tutorial we will use both open source and commercial tools.

The last part of the tutorial will be devoted to hands-on exercises.  The attendees will exploit three specific vulnerabilities on WisClick, an application we developed for teaching secure programing.  Participants will exploit the vulnerabilities, and then will identify where in the code the vulnerabilities are.  Then attendees will use three different dependency analysis tools (open source and commercial) to learn about vulnerable dependencies on the software stack of WisClick.

Speaker:

• Christos Kanellopoulos, GEANT

Abstract:

The AARC Blueprint Architecture (BPA) is a widely recognized model that offers essential primitives for designing, implementing, and communicating sophisticated Identity and Access Management (IAM) solutions within a federated access framework.

This comprehensive workshop will be divided into four distinct segments, each designed to provide participants with a thorough understanding of the AARC BPA and its practical applications.

1. AARC BPA Overview: The first segment will present an updated overview of the AARC Blueprint Architecture, delving into the fundamental primitives that it provides. This section will lay the groundwork for understanding the model’s core components and their roles in IAM solutions.
2. AARC BPA Guidelines: In the second segment, participants will explore the integral AARC BPA Guidelines that ensure seamless interoperability across various implementations. This part will provide an in-depth analysis of the guidelines, demonstrating their importance in maintaining consistency and compatibility within the federated access model.
3. Real-World Implementations: The third segment will showcase practical examples of AARC Blueprint Architecture implementations in diverse contexts. By studying these real-world scenarios, participants can gain valuable insights into how the model can be effectively utilised in different IAM solutions and applications.
4. AEGIS and AARC BPA Governance: In the final segment, the workshop will discuss AEGIS, the governance model of the AARC BPA, which oversees its development and evolution. This part will provide an understanding of how AEGIS ensures the model’s continuous improvement and alignment with evolving requirements in IAM and federated access.

Throughout the workshop, participants will have the opportunity to engage in interactive discussions and activities that will enhance their understanding of the AARC Blueprint Architecture and its practical applications in IAM solutions.

Speakers:

• Karl Newell, Internet2
• James Harr, Internet2

Abstract:

There are now a handful of organizations (ESnet and Internet2 to name a few) in the global research and education community leveraging Cisco Network Services Orchestrator as part of their network automation and orchestration platforms. This half-day workshop will provide an introduction to NSO, why you might consider using NSO, and hands-on experience with creating NSO service models and running NSO against simulated devices.

Agenda:

• The what and why of NSO [presentation]
• NSO in Docker – intro to environment [hands-on]
• Anatomy of an NSO service [presentation]
• Creating an NSO service [hands-on]
• Using your new NSO Service [hands-on]

Speaker:

• Paul Ruth, University of North Carolina – Chapel Hill

Abstract:

If you could build the next Internet what would it look like? FABRIC is developing an advanced national network infrastructure that will help network, security and systems researchers do just that, and along the way helps make scientific discoveries faster and easier by improving the underlying complex cyberinfrastructure and algorithms.

This Intermediate/Advanced session is suited for existing FABRIC users, including new users who just completed the Intro tutorial. Attendees are required to bring their own laptops. They are strongly encouraged to complete FABRIC enrollment before the start of the tutorial.

Speakers:

• Vasilios Vasiliadis, University of Chicago
• Rachana Ananthakrishnan, Globus
• Josh Bryan, Globus

Abstract:

With the advent of the Globus Compute service, researchers are now able to run their code at all scales—from a laptop, to a cloud cluster, and even a supercomputer—without the hassle of managing multiple, complex execution environments. If you can write a Python function, you can take advantage of diverse computing resources using the “fire-and-forget” model that has made Globus the de facto data management platform at research institutions around the world.

In this tutorial, we will provide an overview of the Globus Compute service, configure various different compute platforms to participate in a functions-as-a-service (FaaS) ecosystem, and run various codes on each platform to demonstrate the ease of use and portability that the service enables. We will provide Jupyter notebooks for attendees to participate in hands-on exercises, and we also encourage attendees to bring their own code and see how it can leverage the Globus platform.

Speaker:

• Jorge Crichigno Benitez, University of South Carolina

Abstract:

Recently, data plane programmability has attracted significant attention, permitting network engineers to run customized packet processing functions using the P4 language. Security is one of the key areas using the capabilities of programmable switches. Moreover, applications can be reconfigured in the field without additional hardware upgrades, facilitating the deployment of new defenses against unforeseen attacks and vulnerabilities.

This tutorial will provide Information Technology (IT) professionals and practitioners (network engineers, students, instructors) with an introduction to P4 programmable data plane switches, followed by security applications that rely on the unique visibility provided by these devices. The tutorial will cover first the fundamentals of programmable switches: understanding P4 building blocks, implementing a customized packet parser, and programming match-action tables. Then, the tutorial will continue with security applications: implementing stateless and stateful packet filters using arbitrary fields, detecting and mitigating SYN flood attacks using customized thresholds, detecting and mitigating DNS amplification attacks, extracting features at line rate for machine learning models, identifying DDoS volumetric attacks using Count-Min Sketches (CMSs), and implementing a simple URL filter in the data plane.

Attendees will have access to a virtual platform and detailed manuals that will accompany the laboratory experiments running on the virtual platform. The virtual platform will be accessible from the Internet using a regular web browser (no SSH, Telnet, or other requirements). Access to the training platform will be granted for six months.

Speaker:

• Christian Michael, Google

Abstract:

In this game you will learn to build a BI dashboard with Data Studio as the front end, powered by BigQuery on the back end, learn to use BigQuery to find data, build a time series model to forecast demand of multiple products using BigQuery ML, and learn how to connect Google Data Studio to Google BigQuery.

• How to Build a BI Dashboard Using Google Data Studio and BigQuery
• Exploring Your Ecommerce Dataset with SQL in Google BigQuery
• Building Demand Forecasting with BigQuery ML
• Explore and Create Reports with Data Studio

Speaker:

• Sara Jeanes, Internet2

Abstract:

Mobility Day is a semi-regular event, covering topics including eduroam, 5G, WiFi 6e/7, Internet of Things, Passpoint/Hotspot 2.0 and other mobility related topics.

Getting started with Network Orchestration is a daunting task that requires a lot of forethought and domain knowledge. Join this interactive full-day technical workshop to benefit from ESnet and SURF network and software engineers who have already gone through this process and are ready to share their knowledge.

A development environment will be provided, you just need to bring a laptop with a working docker setup and an IDE (preferably PyCharm or VSCode). The workshop will begin with introductions to product and workflow modeling with the Workflow Orchestrator and then move to interactive development sessions, finally ending with an open discussion around tailoring the orchestrator to your use-cases.

More information on how sign up for this session is coming soon.

Netguru is a longstanding in-person roundtable meeting of individuals that nominally think of themselves as campus network architects. Topics of interest are curated and then moderated and discussed in a round-table fashion. Participation is first-come, first-served and is limited to 1-2 individuals from each institution with a soft limit of 30 people in order to keep the roundtable format feasible.