This free hands-on workshop provides cyberinfrastructure (CI) engineers with an introduction to tools and techniques for the design, implementation, and monitoring of high-throughput networks and science demilitarized zones (Science DMZs). Each attendee will have full control of equipment pods emulating internetworks and tools (see figures below) to learn and test TCP-related issues, perfSONAR nodes distributed across networks, and Bro-based Intrusion Detection.


By the end of this workshop, attendees will:

Network Tools and Protocols:

  • Use tools and techniques for measuring performance
  • Test Linux systems on emulated Wide Area Networks (WANs)
  • Measure the performance of different TCP congestion control algorithms (Reno, HTCP, BBR) on high-throughput (10 Gbps) high-latency (varying parameters) networks
  • Measure the impact of parallel streams and maximum segment size (MSS) on throughput

Border Gateway Protocol (BGP):

  • Describe the operation of EBGP and IBGP sessions with different attributes
  • Analyze BGP authentication
  • Configure and verify Full Mesh IBGP
  • Use MP-BGP functionality with IPv4 and IPv6 addresses
  • Enable BGP reflectors
  • Understand BGP Hijacking and the mitigation techniques


  • Describe the operation of perfSONAR and use perfSONAR GUI to configure regular tests
  • Analyze perfSONAR results on a variety of scenarios with injected packet loss and latency
  • Use pScheduler’s CLI to schedule tests
  • Visualize measurement data using MaDDash
  • Understand and use the psConfig Web Administrator (PWA) to host groups and tests


  • Describe Bro operations
  • Manage and automate Bro instances
  • Instrument Bro for network forensics

Intended Audience

The audience of this workshop includes IT educators, IT professionals, CI Engineers, High-Performance computing specialists, research systems administrators, security professionals.

Award Information

This activity is supported by NSF award 1829698. Link to official webpage: NSF-1829698


Training activities will be conducted using NetLab. Attendees will be provided with a username and a password.

Virtual Machines for NTP and BGP Pods

The pods corresponding to the lab series “Network Tools and Protocols” and “Border Gateway Protocols” consist of one virtual machine (VM) each. The VM for each pod can be downloaded and run with a hypervisor such as VMware Workstation and Virtual Box. Please see directions and URL below.

Installation guide: VirtualBox guide
Network Tools and Protocols (NTP) and Border Gateway Protocol (BGP) virtual machines: Link


 DAY 1: Monday, May 4 
Time (EDT)TopicPresenter
10:00 - 11:00Science DMZ [Slides] [Video]Jason Zurawski (ESnet) [Bio]
11:00 - 11:45TCP BBR [Video]Neal Cardwell (Google) [Bio]
11:45 - 12:30 Break
12:30 - 01:00perfSONAR [Slides] [Video]Doug Southworth (Indiana University) [Bio], Scott Chevalier (Indiana University) [Bio]
01:00 - 02:00 Hands-on Session TCP and Science DMZs tools [Slides] [Video], perfSONAR [Slides] [Video]Elie Kfoury (UofSC) [Bio], Jose Gomez (UofSC) [Bio]
02:00 - 02:05 Closing Day 1Jason Zurawski, Jorge Crichigno
 DAY 2: Tuesday, May 5 
01:00 - 01:45BGP Architectures and Best Practices [Slides] [Video]Eli Dart (ESnet) [Bio], Hans Addleman (Indiana University) [Bio]
01:45 - 02:30Hands-on Session BGP I: FRR router, AS_PATH, eBGP and iBGP, Local Preference and MED [Slides] [Video]Jorge Crichigno (UofSC), Ali Alsabeh (UofSC) [Bio]
02:30 - 02:45Break
02:45 - 03:45Hands-on Session BGP II: BGP Route Reflection, Multi-protocol BGP, IP Spoofing and Mitigation Techniques, BGP Hijacking [Slides] [Video]Jorge Crichigno (UofSC), Ali Alsabeh (UofSC)
03:45 - 04:00Closing Day 2Jorge Crichigno, Jason Zurawski
 DAY 3: Wednesday, May 6 
01:00 - 01:45Utilizing Cyber Armsraces for the Good Guys [Slides] [Video]Nur Zincir-Heywood (Dalhousie University) [Bio]
01:45 - 02:45Hands-on Session Zeek/Bro [Slides] [Video]Elias Bou-Harb (UTSA) [Bio]
02:45 - 03:00Break
03:00 - 03:45Panel: Security best practices in high-speed networks [Slides] [Video]Moderator: Elias Bou-Harb, Associate Director for Cyber-Center for Security and Analytics, University of Texas San Antonio.

        - Chris Griffin [Bio] (Chief Network Architect at Florida Lambda Rail)
        - Guy Walsh [Bio] (Executive Director National Security Collaboration Center, University of Texas San Antonio)
        - Ken Miller [Bio] (Energy Science Network - ESnet)
        - Chadi Assi [Bio] (Full Professor and IEEE Fellow, Concordia University)
03:45 - 04:00Closing RemarksJason Zurawski, Jorge Crichigno

Virtual Laboratory (vLabs) Experiments

LabNetwork Tools and ProtocolsBorder Gateway Protocol (BGP)perfSONARBro/Zeek
Lab 1Introduction to Mininet [PDF]Introduction to Mininet [PDF] Configuring Administrative Information Using perfSONAR Toolkit GUI [PDF] Introduction to the Capabilities of Zeek [PDF]
Lab 2Introduction to Iperf3 [PDF]Introduction to Free Range Routing (FRR) [PDF] PerfSONAR Metrics and Tools [PDF] An Overview of Zeek Logs [PDF]
Lab 3Emulating WAN with NETEM I: Latency, Jitter [PDF]Introduction to BGP [PDF] Configuring Regular Tests Using perfSONAR GUI [PDF] Parsing, Reading and Organizing Zeek [PDF]
Lab 4Emulating WAN with NETEM II: Packet Loss, Duplication, Reordering, and Corruption [PDF]Configure and verify EBGP [PDF] Configuring Regular Tests Using pScheduler CLI Part I [PDF] Generating, Capturing and Analyzing Network Scanner Traffic [PDF]
Lab 5Setting WAN Bandwidth with Token Bucket Filter (TBF) [PDF]BGP Authentication [PDF] Configuring Regular Tests Using pScheduler CLI Part II [PDF] Generating, Capturing and Analyzing DoS and DDoS-centric Network Traffic [PDF]
Lab 6Understanding Traditional TCP Congestion Control (HTCP, Cubic, Reno) [PDF]Configure BGP with Default Route [PDF] Bandwidth-delay Product and TCP Buffer Size [PDF] Introduction to Zeek Scripting [PDF]
Lab 7Understanding Rate-based TCP Congestion Control (BBR) [PDF]Using AS_PATH BGP Attribute [PDF] Configuring Regular Tests Using a pSConfig Template [PDF] Advanced Zeek Scripting for Anomaly and Malicious Event Detection [PDF]
Lab 8Bandwidth-delay Product and TCP Buffer Size [PDF]Configuring IBGP and EBGP Sessions, Local Preference, and MED [PDF] perfSONAR Monitoring and Debugging Dashboard [PDF] Preprocessing of Zeek Output Logs for Machine Learning [PDF]
Lab 9Enhancing TCP Throughput with Parallel Streams [PDF]IBGP, Next Hop and Full Mesh Topology [PDF] pSConfig Web Administrator [PDF] Developing Machine Learning Classifiers for Anomaly Inference and Classification [PDF]
Lab 10Measuring TCP Fairness [PDF]BGP Route Reflection [PDF] Configuring pScheduler Limits [PDF] Profiling and Performance Metrics of Zeek [PDF]
Lab 11Router's Buffer Size [PDF]Configuring Multiprotocol BGP [PDF]
Lab 12TCP Rate Control with Pacing [PDF]IP Spoofing and Mitigation Techniques [PDF]
Lab 13Impact of MSS on Throughput [PDF]BGP Hijacking [PDF]  
Lab 14Router's Bufferbloat [PDF] 
Lab 15Analyzing the Impact of Hardware Offloading on TCP Performance [PDF] 
Lab 16Random Early Detection [PDF] 
Lab 17Stochastic Fair Queueing [PDF] 
Lab 18Controlled Delay (CoDel) Active Queue Management [PDF] 
Lab 19Proportional Integral Controller-Enhanced (PIE) [PDF] 
Lab 20Classifying TCP traffic using Hierarchical Token Bucket (HTB) [PDF] 
Lab ManualsNTP Lab Series [PDF]BGP Lab Series [PDF]perfSONAR Lab Series [PDF]Zeek/Bro Lab Series [PDF]