Powell/Johnson/Davis/Turchek/Powell, “Designing Hands-on Network Instruction Using Virtualization,” accepted for IADIS-CELDA, Freiburg im Breisgau, Germany, October 2008 – Page 1/10
DESIGNING HANDS-ON NETWORK INSTRUCTION USING VIRTUALIZATION
Valerie J. H. Powell
Computer and Information Systems, Robert Morris University
6001 University Boulevard
Moon Township, PA 15108 USA
Randall S. Johnson
Information Technology, Robert Morris University
6001 University Boulevard
Moon Township, PA 15108 USA
Christopher T. Davis
Educational Technology Center, Robert Morris University
6001 University Boulevard
Moon Township, PA 15108 USA
John C. Turchek
Computer and Information Systems, Robert Morris University
6001 University Boulevard
Moon Township, PA 15108 USA
James C. Powell
Science, Engineering and Mathematics, Robert Morris University
6001 University Boulevard
Moon Township, PA 15108 USA
ABSTRACT
This paper describes an approach to teaching networks and information security that gives the learner the opportunity to capture and document individual messages (packets) in order to gain an intuitive and technical understanding of how a network functions. Collaboration is designed into the approach so that students work together in the capture and documentation process. Students manipulate the network to obtain the results they see. By these means learners conquer the abstractions of data communication and acquire the foundations of technical skills in networking and in information security. This approach, although targeted toward advanced areas of study, draws inspiration from educational concepts as basic as those of Ausubel, Montessori, Gardner, Tomei and other educators. It uses Free and Open Source Software.
KEYWORDS
virtualization, exploratory learning, collaborative learning.
1. INTRODUCTION
This paper is the account of an exploratory approach to teaching (1) networks, and (2) information security procedures. The instructional setting was in each case a 15-week semester graduate course in an information systems curriculum, providing 45 contact hours of synchronous learning in each of two core courses. Because of the nature of the curriculum, some students may arrive in this course without a prior networking course. One example would be students with an interest in forensics for whom a technical level of involvement in network technology is important.
A virtual computer array served as a laboratory along with recognized educational strategies to enhance and accelerate learning. A major goal of the project was to produce a synthesis of practice-derived experience from in collaboration with an academic-level educator willing to approach the task from a new standpoint. This synthesis led to cognitive impact as well as information impact.
The project started in 2003 with an effort to develop an intrusion detection laboratory. When this limited initiative turned out to be successful and well-received by students, it was broadened into a project to develop not only new ways to teach information security, but also network and Internet Protocol (IP) concepts. This paper reports on five years’ experience teaching networking and security principles with virtual laboratory networks. We were determined to transcend the perceived limitations of prior network instruction.
The original goals and points of view from the practitioner side were to:
Produce a the virtual laboratory environment (eventually called VLabNet for Virtual Laboratory Network) that contained as many as possible of the concepts and configuration patterns that IT staff encounter in daily life. This goal contributed to design of the architecture in Figure 1.
Figure 1 – Advance Organizer A: VlabNet Architecture Showing Interfaces and CIDR Addressing
Show how multiple-interface devices (any real router is one!) behave. Workstations in ordinary computer laboratories don’t have more than one interface card while real routers have more than one. Virtual servers offer a way to give students experience with multiple-interface devices.
Design straightforward experiments that students could conduct to see, for example, what an OSPF router does if one of its interfaces goes down. With the VLabNet a student can see the impact of such a failure, and even capture evidence of the failure from the protocol response, which is announced by messages called Link State Advertisements (LSAs).
The goals also make it possible for students to:
See network behavior and observe how a route from one server to another is created dynamically (this process is commonly referred to as discovery or learning by the computer).
Experience that network communication (protocol packets) are produced within the computer and made visible by the Wireshark packet capture tool in the effort to examine the behavior of the routing protocols.
Understand the capabilities of the protocols, not of the specific implementations. Since the current Border Gateway Protocol (BGPv4) defines a community string, for example, in every standards-compliant implementation there must be a way to declare and use such an identifier.
Gain experience with Classless Interdomain Routing (CIDR) addresses. Too many people ("home" networkers especially – “home” networking is a common initial level of experience for our students who have an interest in network technology) only know the /24 netmask (an address that devotes 24 bits to the network prefix portion of the numeric address), or think all IPv4 addresses are in 192.168.0.0 (a common numeric IPv4 network address used for private networks and not routable in the open Internet; see Figure 2).
Figure 2: Advance Organizer B: Anatomy of an Internet Protocol Address (IPv4)
183. / 57. / 138. / 110Number from 0 to 255 / Number from 0 to 255 / Number from 0 to 255 / Number from 0 to 255
B7 / 39 / 8A / 6E
1st eight bits / 2nd eight bits / 3rd eight bits / 4th 8 bits
1st Octet / 2nd Octet / 3rd Octet / 4th Octet
Prefix: Part of the address devoted to gateway or network (16 bits) / Suffix: part of the address devoted to host
16 bits in prefix: CIDR /16 / 32-16=16 bits left for hosts
10110111 / 01010111 / 10001010 / 01101110
2. METHODOLOGY
The following observation and analysis by an experienced educational theoretician has suggested three steps in a recursive spiral for the advancement of learning. These are (1) what the teacher told the students to do, (2) what the students did with what the teacher told them to do, (3) what they observed by doing which the teacher told them to do. Powell (2008).
In this study these three aspects present themselves in terms of exploration, collaboration, and elaboration.
2.1 Exploration
In the exploration teaching paradigm, students begin with a directed experience of the fundamental principles underlying the concepts being taught. This experience is them modified systematically to demonstrate refinements of these principles. Ultimately the students can use the ways these refinements are structured to try out additional modifications on their own initiative. Tomei’s (2001) Taxonomy illustrates this process. Tomei’s Taxonomy is a widely accepted educational technology model that provides the framework for the proper use of technology in the classroom. The virtual lab technology touches on many of the levels of Tomei’s Taxonomy and provides students with valuable higher order technology experiences.
Table 1: How the design of the two courses responds to Tomei’s taxonomy:
Number / Course: / INFS6230 / INFS6760Tomei
Taxon.
Class / Course Topic / Networks, Routing Discovery / Information Security,
Intrusion Detection, OS Fingerprinting, Port Scanning
1 / Literacy, understanding technology and components / 1. How to log in.
2. How to become accustomed to command-line interface
3. How to edit configuration files
4. How to document what happens (access logs, make captures of packets)
5. How to use tools (ping, netstat, ssh, telnet)
6. How to access and use the router to verify and modify configuration
7. Use support resources provided
8. Distinguishing unicast, multicast, and broadcast addresses
9. Learns steps of preparing Quagga simulator for routing / 1. How to log in.
2. How to enter commands; become accustomed to command-line interface.
3. How to edit configurations (command-line and files)
4. How to document what happens (access logs, make captures of packets)
5. How to use tools (ping, netstat, ssh, telnet, nmap, ftester, logger)
6. Use support resources provided
2 / Communications, collaborative work, use technology to form relationships / 1. Develop and implement teamwork to capture and document packets (in class, in lab, or over phone when at home) / 1. Develop and implement teamwork on intrusion, scanning, and packet capture
2. Develop and implement teamwork on firewall testing
3 / Decision-Making,
using technology in new and concrete situations / 1. Verify routing configuration impacts
2. Modify routing configuration(s) to obtain desired routing discovery
3. Identify protocols in captured packets
4. Distinguish and Identify addresses in protocols (port numbers, IP addresses, MAC addresses)
5. Identify and classify addresses and masks / 1. Identify which ports your virtual machine has open (identify and assess vulnerability)
4 / Instruction,
formulate environment / 1. Architecture design, IP addresses, multiple interfaces with different properties
2. Routing configuration design / 1. Architecture design, IP addresses, interfaces
5 / Integration,
creating new materials / 1. Documentation for routing discovery experiences
2. Documentation for different layers of the protocol stack
3. Use tunnels (Generic Routing Encapsulation) to prevent inappropiate uses of IP technology
4. Role of IANA in BGP Autonomous System (AS) numbers / 1. Documentation for intrusion experiences
2. Learn about restriction to use intrusion tools (scans) only in controlled environment
3. Discussion of consequences of improper use of tools
4. Learn about inappropriate uses of technology through intrusion
5. Role of IANA in port numbers
6 / Acculturation,
value of technology
(Tech-ology) / 1. Use open-source software, discuss open-source concepts / 1. Discuss ethical uses of Internet technology
2. Use open-source software, discuss open-source concepts
For example, this technology aligns itself very well with the Decision-Making and Integration levels of the taxonomy. In the Decision-Making level, students must “apply electronic tools for research and problem solving”. (Tomei, 2001) Additionally, the virtual lab technology allows students and instructors to “[c]onsider the consequences of inappropriate uses of technology” and also allows them to “[a]ssimilate technology into a personal learning style”. (Tomei, 2001) These instructional activities align with the Integration level of Tomei’s Taxonomy and further reinforce the higher order technology skills that provide students with the most enriching classroom experiences.
Students submit (or email in), as an assignment, a copy of the captured message (the “object”). Students show spontaneous excitement with success in capturing the assigned “object” and they are eager to show they have correctly identified it. In the Montessori method, the training of senses focuses on quantitative properties of objects, such as length and thickness. In this case, messages have length (in number of bytes). It is an important part of technical knowledge in networking to understand the properties of length.
The general principle is analogous to that of routing loaded trucks (lorries) on the highway system, where a routing is sought that has tunnels with enough clearance space and bridges with sufficient weight limits to permit the truck to pass. Where the truck (lorry) can not pass, its load must be off-loaded onto smaller vehicles with significant added effort, in this case we are dealing with virtual manipulatives instead of material ones.
Figure 3 – VlabNet Communication Model
The learning environment was designed to support the exploration of networks and subnets, switches, bridges, routers, and of the individual hosts in the role of routers. As shown in Figure 1, each host has three different addresses, one each for the three interfaces: eth0, eth1, and eth1:1. For example, for host 101, those would be x.y.z.101 (x.y.z. represents the first three octets of VLabNet’s externally routable IPv4 addresses, and 101 represents the fourth octet of a student’s assigned machine) for interface eth0 (an externally routable address), 10.10.10.101 for interface eth1 (non-routable externally), and 10.10.101.2 for interface eth1:1 (also non-routable externally. Students become accustomed to their assigned host having multiple addresses and to using the various addresses each for certain purposes and in certain situations.
A variety of addresses and corresponding masks were designed to assure a variety of address encounters and make it practical and necessary to learn about classless inter-domain routing (CIDR) addressing. The interface identified as eth1:1 has the property that the nodes reached by that interface are not connected with each other and can only be reached by the respective host to which connected. Thus the host becomes a router to nodes such as 10.10.101.2.
Students can explore the difference between the traffic on interfaces eth0 and eth1. In contrast to the information security course, where the emphasis is on eth0 traffic, in the networking course emphasis is on eth1 and eth1:1 traffic. They also work with the difference between the externally routable eth0 addresses and the internally routable addresses on the other two interfaces.
2.2 Collaboration in Networking and in Information Security
The arrival of virtualization technology, through which students could have access to individual hosts running a desired operating system, such as Linux, for which much open-source software is available, offers an unprecedented opportunity to improve the teaching of networks in data communications and information security course, unencumbered by clumsy hardware common in the past, such as the common limitation to a single physical interface, garage drives, and unconstrained by proprietary specialized hardware and software.
A packet is like a container. The computer recognizes the box and the designated receiver recognizes the information in the box. Computer only has to know where box goes, not what is in the box. Learning how to identify parts of packets is a beneficial experience.
What are the weaknesses of network technology courses in the past? Students complain textbooks are too technical, the material is too abstract.
What looked to the students like a simple task – sending ping messages to each others in pairs. Reveal the ways in which computers communicate with each other. However, what you had them demonstrate to each other in a directed experience, using virtual machines, a clear understanding of how computers communicate with each other. This was the advance organizer (Ausubel, 1963) that makes it possible to learn from experience all the fundamental concepts of network technology.
Team activities are vital to accelerating learning in the VLabNet environment. Students paired in teams can work effectively together in class, in the lab, or at home, communicating with each other by e-mail and telephone. Teamwork reduces anxiety about the technical learning process and helps assure students will succeed. Teamwork is convenient and practical in the documentation process and all the way up to testing GRE tunnels. Since failure to advertise routing information properly can be caused by a unilateral failure in configuration, teams compare configuration files and current configuration reports to make sure they have symmetric configurations. Time is spent helping students learn to work in pairs to document impacts and success. They learn to synchronize actions and captures, sometimes even using this technique at home while communicating in pairs by telephone. Students report that they can work effectively at home in this manner.