DETER Project Web Page:http://www.isi.edu/deter/ DETER Testbed Web Page:http://www.deterlab.net/User Support: testbed-ops@isi.deterlab.net

DETER at a GlanceDETER is an open community-based facility available

to academic, indust r ia l , and government

organizations for researching, testing, and evaluating

computer network security.

Feb-2010 QuarterlyNew Technology in DETER: Incorporating NetFPGA into the DETER testbed by Young Cho of USC/ISI NetFPGA (www.netfpga.org) boards are being integrated into DETER. The CentOS Linux Operating System and drivers are being upgraded to support the Dell T105 servers that host these reconfigurable hardware appliances.. NetFPGA has proved to be a useful tool for networking researchers. It comprises of a PCI card that contains a large Xilinx FPGA, 4 Gigabit Ethernet ports, Static RAM (SRAM), Double-Data Rate (DDR2) Dynamic RAM (DRAM).

This new capability on DETER will allow users to configure and build high performance custom networks and appliances. They can build, launch and test custom systems such as network intrusion detection systems, high performance routers and other advanced network appliances.

Currently, the NetFPGA platforms on the DETER testbed have been configured with a custom hardware-accelerated string pattern matching module. Once integration is completed, the system will be tested under more realistic scenarios using the capabilities provided by DETER. Young Cho and other researchers at USC/ISI plan to extend the pattern matching system to build and stress-test devices and systems such as routers with built-in hardware-accelerated intrusion detection/prevention capabilities and hardware-accelerated VOIP transcription systems.

For more information please contact Young Cho at youngcho AT ISI . EDU.

Profile of a DETER User: Lanier WatkinsSystems Engineer at AT&T, and affiliated with Georgia State UniversityQ: What are you using the testbed for?**We use the DETER testbed to demonstrate the applicability of our passive resource discovery method to cluster grid environments.

Q: What kinds of experiments are you running? .**Our experiments have ranged from 5 to 50 nodes. We have used DETER to emulate nodes on a cluster grid communicating with each other to solve parallel computing problems. Our method only uses the network traffic emitted by these nodes to infer their CPU or Memory load, and then classifies the individual nodes as either available or unavailable to process more jobs. Since our passive method requires the use of tcpdump, DETER has allowed us packet level access to network traffic that administrators on production grids will not allow.

Q: What kinds of resources are you using?**We primarily use the tcpdump application, 5-50 nodes, gigabit Ethernet links connected to Cisco switches in our experiments.

Q: Any positive remarks about the testbed? Things we need to improve for users such as you?**We love the ability to have semi-root level access (sudo) to use tcpdump, and the flexibility of choosing an OS, node type, and switch type. Without the flexibility provided by DETER, we would have to incur the cost (money and time) of building, configuring and operating our own clusters. In the future, we would like to be able to easily reserve and secure much larger networks (100s of nodes), even if only for an hour or so.

Information about the DETER project at: http://www.isi.edu/deter Page 1

Worms, malware, intrusions

Performance testing

Comprehensive security

DDoS

Building testbeds

Security classes

Routing, DNS, infrastructure

Botnets

Overlays

Wireless security

Traceback

Privacy

Spoofing

Spam

Multicast

Watermarking

Trust

Metrics

Forensics

Security for Cloud Computing INSI

DE:

Where Is DETER Used?

Page 1

Incorporating NetFPGA into the DETER testbed Profile of a DETER User: Lanier Watkins

Page 2

Types of DETER Projects

Useful Links

Cloud computing security is an emerging field and a major barrier for realizing the economic benefits of cloud computing. There is insufficient knowledge about novel threats or how established vulnerabilities translate to the new cloud computing environment. The DETER testbed proves to be a potent tool for assisting research in cloud security. It enables controlled and rigorous cloud security experiments without exposure to the unpredictability and non-transparency associated with experiments in a commercial cloud computing environment such as EC2.

Our particular research focuses on "TCP Incast," (http://radlab.cs.berkeley.edu/wiki/Incast) a pathology observed for distributed systems with large network data transfers, such as distributed file systems, or computation frameworks like MapReduce. Its impacts extend beyond merely a performance penalty for existing systems. In cloud computing environments, subverters could create the TCP Incast traffic pattern and severely impact the performance of other users of the cloud. Our work seeks to measure the effects of this pathology, understand its causes, and experiment with potential solutions.

We use up to 48 DETER nodes for our experiments. This allow us to create MapReduce clusters comparable in size to the majority of real life MapReduce production clusters. However, the largest MapReduce clusters at the handful of large Internet service providers still dwarf ours by several orders of magnitude. We have been experimenting with simple topologies (single switch topologies) and are moving towards experiments on more complex topologies (multi-switch topologies) on the DETER testbed.

DETER's unique capabilities have been central to all of our key findings.

First, the controlled laboratory environment allowed us to take rigorous and repeated measurements to quantify the TCP Incast performance impact on MapReduce. We could not obtain this data from shared clusters or commercial clouds like EC2, because the variabil ity in those environments, coupled with inherent performance variability in MapReduce, led to statistically insignificant comparisons. Due to these reasons, previous studies doubted that TCP Incast hurts systems such as MapReduce. Our data from the quality testbed - DETER - reverses this view.

Second, our access to dedicated machines on DETER enabled us to analyze network traffic across the cluster and understand the primary causes of TCP Incast. Shared clusters and commercial clouds often lack sufficient monitoring tools. Even if the tools exist, few environments could provide dedicated machines or guarantee that the network traffic we observe exclusively originated from our experiments.

Third, our ability to place custom-made operating systems on DETER enabled us to experiment with potential solutions implemented in the TCP stack. This represents a major methodological advance over the state-of-the-art, in which transport protocol experiments mostly take place in network simulators like ns-2, and the findings do not immediately translate to a "real life" protocol implementation. In contrast, we begin with a "real life" implementation, and quantify the improvements.

Thanks to DETER, we now have a firm understanding of TCP Incast in a single-switch topology. However, since most cloud computing environments have multi-layer switch topologies, we still have a long way to go towards a comprehensive solution. We have on-going experiments in DETER, and we are confident that DETER will continue to be an invaluable tool.

[Acknowledgements]

The authors would like to thank Jon Kuroda (RAD Lab support), Keith Sklower, Jason Shupe and members of DETER Ops Team for their help and support. This research is supported in part by gifts from Sun Microsystems, Google, Microsoft, Amazon Web Services, Cisco Systems, Cloudera, eBay, Facebook, Fujitsu, Hewlett-Packard, Intel, Network Appliance, SAP, VMWare and Yahoo! and by matching funds from the State of California's MICRO program (grants 06-152, 07-010, 06-148, 07-012, 06-146, 07-009, 06-147, 07-013, 06-149, 06-150, and 07-008), the National Science Foundation (grant #CNS-0509559), and the University of California Industry/University Cooperative Research Program (UC Discovery) grant COM07-10240.

For more information on this work, please contact Rean Griffith (rean AT EECS . berkeley .EDU) or Yanpei Chen (ychen2 AT EECS . berkeley . EDU).

Information about the DETER project at: http://www.isi.edu/deter Page 2

Security for Cloud Computing-DETER project of the quarterby Yanpei Chen, Rean Griffith, Anthony Joseph and Randy Katz of UC Berkeley