This free hands-on workshop provides cyberinfrastructure (CI) engineers with an introduction to tools and techniques for the design, implementation, and monitoring of high-throughput networks and science demilitarized zones (Science DMZs). Each attendee will have full control of equipment pods emulating internetworks and tools (see figures below) to learn and test TCP-related issues, perfSONAR nodes distributed across networks, and Bro-based Intrusion Detection.


By the end of this workshop, attendees will:

Network Tools and Protocols:

  • Use tools and techniques for measuring performance
  • Test Linux systems on emulated Wide Area Networks (WANs)
  • Measure the performance of different TCP congestion control algorithms (Reno, HTCP, BBR) on high-throughput (10 Gbps) high-latency (varying parameters) networks
  • Measure the impact of parallel streams and maximum segment size (MSS) on throughput


  • Describe Bro operations
  • Manage and automate Bro instances
  • Instrument Bro for network forensics


  • Describe the operation of perfSONAR and use perfSONAR GUI to configure regular tests
  • Analyze perfSONAR results on a variety of scenarios with injected packet loss and latency
  • Use pScheduler’s CLI to schedule tests
  • Visualize measurement data using MaDDash
  • Understand and use the psConfig Web Administrator (PWA) to host groups and tests

Lodging Information

The closest hotel to the workshop site is Courtyard Marriot (630 Assembly St, Columbia, SC 29201, https://www.marriott.com/hotels/travel/caecd-courtyard-columbia-downtown-at-usc/"), 5-minute walking distance. Another option includes The Inn at USC (1619 Pendleton St, Columbia, SC 29201, http://www.innatusc.com ), which provides shuttle services to campus.

Intended Audience

The audience of this workshop includes IT educators, IT professionals, CI Engineers, High-Performance computing specialists, research systems administrators, security professionals.

Award Information

This activity is supported by NSF awards 1829698 and 1822567. Link to Official Webpage: NSF-1829698 and NSF-1822567


Attendees are required to bring their own laptops.


 DAY 1: Monday, July 22 - University of South Carolina 
8:00 - 8:30Breakfast 
8:30 - 8:40Welcome (PDF) Jorge Crichigno (University of South Carolina - UofSC), Jason Zurawski (ESnet)
8:40 - 9:10Importance of Cyberinfrastructure for Scientific Discovery (PDF)F. Alex Feltus (Clemson)
9:10 - 9:45Cyberinfrastructure for Big Science Flows: Science DMZs (PDF) Jason Zurawski (ESnet)
9:45 - 10:15Break 
10:15 - 10:45End devices in Science DMZs: DTNs (PDF)Jason Zurawski (ESnet)
10:45 - 12:00Hands-on vLabs: WAN emulation and performance tools (PDF)Jorge Crichigno (UofSC), Elie Kfoury (UofSC)
12:00 - 1:00Lunch 
1:00 - 1:30Role of TCP in large data transfers (PDF)Jorge Crichigno (UofSC)
1:30 - 2:30Hands-on vLabs: TCP best practices; congestion control, buffers, parallel streams, MSS, pacing (PDF)Jorge Crichigno (UofSC), Elie Kfoury (UofSC)
2:30 - 2:45Break 
2:45 - 3:15Monitoring end-to-end systems: perfSONAR (PDF)Jason Zurawski (ESnet)
3:15 - 4:15Hands-on vLabs: measuring metrics in multi-domain networks with perfSONAR (PDF)Jorge Crichigno (UofSC), Jose Gomez (UofSC)
4:15 - 4:45Panel: Best practices, DTNs, research networks, perfSONARModerator: Nasir Ghani (University of South Florida - USF). Panel: Paul Sagona (UofSC), Damian Clarke (Alabama A&M), F. Alex Feltus (Clemson), Jason Boryk (UofSC)
4:45 - 5:00Questions, wrap-up day oneJorge Crichigno (UofSC), Jason Zurawski (ESnet)
 DAY 2: Tuesday, July 23 - University of South Carolina 
8:00 - 8:30Breakfast 
8:30 - 9:00The Cyberinfrastructure at National Laboratories (PDF)Steve Tibrea (Savannah River National Laboratory - SRNL)
9:00 - 9:20Monitoring end-to-end systems: perfSONAR's MaDDash (PDF)Jason Zurawski (ESnet), Andrew Lake (ESnet)
9:20 - 10:00Hands-on vLabs: measuring and visualizing RTT, throughput, packet loss with MaDDash (PDF)Jorge Crichigno (UofSC), Jose Gomez (UofSC)
10:00 - 10:30Break
10:30 - 11:10Security aspects of Science DMZs, high-throughput high-latency networks (PDF)Von Welch (Center for Applied Cybersecurity Research - CACR)
11:10 - 11:45Bro Intrusion Detection System (IDS) (PDF)Elias Bou-Harb (Florida Atlantic University - FAU)
11:45 - 12:45Lunch 
12:45 - 2:00Hands-on vLabs: Bro IDS (PDF)Elias Bou-Harb (FAU), Antonio Mangino (FAU)
2:00 - 2:45Panel: Security aspects and best practices in high-speed networksModerator: Nasir Ghani (USF). Panel: Elias Bou-Harb (FAU), Von Welch (CACR), Damian Clarke (Alabama A&M), Jason Zurawski (ESnet)
2:45 - 3:00Questions, wrap-up day twoJorge Crichigno (UofSC), Jason Zurawski (ESnet)

Virtual Laboratory (vLabs) Experiments

LabNetwork Tools and ProtocolsperfSONARBro/Zeek
Lab 1Introduction to MininetConfiguring Administrative Information Using perfSONAR Toolkit GUIIntroduction to the Capabilities of Zeek
Lab 2Introduction to Iperf3PerfSONAR Metrics and ToolsAn Overview of Zeek Logs
Lab 3Emulating WAN with NETEM I: Latency, JitterConfiguring Regular Tests Using perfSONAR GUIParsing, Reading and Organizing Zeek
Lab 4Emulating WAN with NETEM II: Packet Loss, Duplication, Reordering, and CorruptionConfiguring Regular Tests Using pScheduler CLI Part IGenerating, Capturing and Analyzing Network Scanner Traffic
Lab 5Setting WAN Bandwidth with Token Bucket Filter (TBF)Configuring Regular Tests Using pScheduler CLI Part IIGenerating, Capturing and Analyzing DoS and DDoS-centric Network Traffic
Lab 6Understanding Traditional TCP Congestion Control (HTCP, Cubic, Reno)Bandwidth-delay Product and TCP Buffer SizeIntroduction to Zeek Scripting
Lab 7Understanding Rate-based TCP Congestion Control (BBR)Configuring Regular Tests Using a pSConfig TemplateIntroduction to Zeek Signatures
Lab 8Bandwidth-delay Product and TCP Buffer SizeperfSONAR Monitoring and Debugging DashboardAdvanced Zeek Scripting for Anomaly and Malicious Event Detection
Lab 9Enhancing TCP Throughput with Parallel StreamspSConfig Web AdministratorProfiling and Performance Metrics of Zeek
Lab 10Measuring TCP FairnessConfiguring pScheduler LimitsApplication of the Zeek IDS for Real-Time Advanced IDS Protection
Lab 11Router's Buffer Size Preprocessing of Zeek Output Logs for Machine Learning
Lab 12TCP Rate Control with Pacing Developing Machine Learning Classifiers for Anomaly Inference and Classification
Lab 13Impact of MSS on Throughput  
Lab 14Router's Bufferbloat 
Lab ManualsNTP Lab Series (PDF)perfSONAR Lab Series (PDF)Zeek/Bro Lab Series (PDF)