DETER stands for cyber-DEfense Technology Experimental Research. It is a computer network testbed. Think of it as a room full of computers that can be remotely wired up in ad-hoc subsets and combinations to produce arbitrary-topology networks for experimentation. Doing so is practically equivalent to assembling and wiring a network from physical components. DETER's components are physical in fact. Here they are:

They are merely rearranged to suit, in place, using software and switch technology. Once created, a DETER network can be saved and restored as often as desired. DETER manages networks like operating systems manage memory. Just as operating systems allocate, deallocate, and reallocate from a limited pool of memory to an unlimited pool of processes, so DETER combines, decombines, and recombines from a limited pool of computers (about 300) to an unlimited pool of experimental networks.

We want to employ DETER in CS530L by trying a future lab on its hardware, as opposed to our lab's. Part of our motive is to take advantage of expanded possibilities. On DETER, we can do more. Our lab has fixed wiring-- all the computers in a single LAN. We can't change it. If we wanted to split the machines into subnets for example, converting some into intermediate routers to fashion an internetwork--not an extravagant objective-- we can't. Experiments that wouldn't be possible in the lab become feasible with DETER. It's flexible. Secondly, DETER is interesting to us in its own right. It's a powerful piece of infrastructure for easy experimentation and, because also well contained and isolated from the outside world (even though remotely accessibile), it's particularly well suited for security research which often demands quarantine. Security research is what it was designed for.

If we're going to do future labs in DETER you'll need to get used to it. In this exercise you will create/use/destroy a working network solely for that reason. We don't care about the particular network itself for any further purposes.

DETER staff will batch-generate accounts for our class, with names resembling sc530aa, sc530ab,...,sc530ez. One of them will be assigned to you.

1. ~~supply me a working email address if instructed to do so (alternatively I'll get them from University records without your involvement)~~
2. receive a message at that address from DETER staff, which will provide your account name and password credentials
3. use those credentials to log in
4. edit your profile
    a. choose "Profile" tab
    b. choose "Edit profile" menu option
    c. replace any default contents in the 2 fields shown with your actual name and working phone number
    d. click "Submit"

1. visit the DETER lab home page
2. click the "Log in" button
3. supply your username and password
4. press the "Login" button

The raw material for creating it is the network specification file firstnet.ns. Network specification files express networks (number of computers, how they are connected and addressed, what operating systems they run). Here is a printout of firstnet.ns:

# Generated by NetlabClient

set ns [new Simulator]
source tb_compat.tcl

# Nodes
set node0 [$ns node]
tb-set-node-os $node0 FC6-STD
set node1 [$ns node]
tb-set-node-os $node1 FBSD-STD
set node2 [$ns node]
tb-set-node-os $node2 WINXP-UPDATE

# Lans
set lan0 [$ns make-lan "$node0 $node1 $node2" 100000.0kb 0.0ms]

$ns rtproto Static
$ns run

# NetlabClient generated file ends here.
# Finished at: 10/6/08 1:13 PM

1. download firstnet.ns to a local medium
(Beware Windows mischief. This file's size is 413 bytes. Windows software may perform line terminator alteration within the file during download. An altered file won't work on DETER. My altered/bad file's size was 433 bytes. There is a Unix utility called dos2unix to revert files like that to Unix format. I found an online version at http://www.dos2unix.org/. Alternatively, the correct 413-byte file inside a firstnet.zip compressed file can be downloaded reliably then unzipped, giving you the right firstnet.ns.)
2. visit the DETER lab home page
3. log in, if not logged in already
4. choose the "Experimentation" option from the horizontal menu
5. choose "Begin an Experiment" from the resulting drop-down menu
6. fill out the form
    - for "Select Project" choose USCCSci530
    - for "Name" give "firstnet-xxx" where xxx is some suffix, likely unique (eg, your initials), to avoid name conflict with other students' experiments
    - for "Your NS file" browse to firstnet.ns on your computer
    - for "Idle-Swap" change the interval from 4 hours to 1 hour
7. press the "Submit" button and wait a while for an "experiment successfully created" screen message or similar advisory email
8. choose the "My DETERlab" option from the horizontal menu
9. click on your experiment's name (EID) "firstnet" to see its page
10. explore the tabs "Settings" "Visualization" "NS File" "Details"

Your experimental network is now defined, and the webpage you are exploring is its blueprint. By default, it the actual implemented network shown in the blueprint has not been constructed-- "swapped in" in DETER parlance. To build your network in real hardware:

11. choose the "My DETERlab" option from the horizontal menu
12. click on your experiment's name "firstnet-xxx" in the EID column of the Current Experiments table
13. click on the "Swap Experiment In" option of the Experiment Options menu
14. click on the "Confirm" button in response to "Are you sure you want to swapin experiment 'firstnet-xxx?'
15. follow the on-screen progress report messages about host acquisition until swapin is complete ("Swap Success!" message appears).

Now physical resources have been allocated to your experiment, so you can use it. When you finish you will swap it out. But until you "terminate" it, the blueprint remains and you can swap it back in and resume usage at any time.

You can get console or graphical access to your 3 nodes. To do so you must go through a special intermediate machine that is not only remotely accessible to you and also able to access your nodes. That machine is users.isi.deterlab.net. You need an ssh client. You probably have a character mode client installed if you are on a Unix platform. You probably don't if you are on Windows, for which there is a good character mode client called OpenSSH and a good GUI client called PuTTY. Get one. The instructions below assume a character client. For PuTTY, adapt command 1 below:

1. ssh <your DETER account name>@users.isi.deterlab.net
   A command prompt results. It is users.isi.deterlab.net's command prompt.
2. ssh node0.firstnet.USCCSci530.isi.deterlab.net    <<<------ replace "firstnet" with your modified "firstnet-xxx" per step 6 above
   A command prompt results. It is node0's command prompt.
3. ping -c 1 node1 (or 10.1.1.3)
   Get a response from node1. node0 and node1 can talk.
4. ping -c 1 node2 (or 10.1.1.4)
   Get a response from node2. Same for node2. You are now operating in the experimental network you created.
5. ping 4.2.2.2
   Get a response from an internet node. You can't. Your network is isolated.
6. exit
   Exit from node1 back to users.isi.deterlab.net.
7. exit
   Exit from users.isi.deterlab.net back to your local machine.

1. click on "Swap Experiment Out" in the "Experiment Options" menu
2. wait a while for "Swap success!" screen message or advisory email
At this point you could swap in and return to your experiment tomorrow. It is stored.
3. return to firstnet's webpage ("My DETERlab", click on "firstnet" EID)
4. click on "Terminate Experiment" in the "Experiment Options" menu
5. wait a while for "Experiment... has been successfully terminated" screen message or advisory email
At this point you could no longer swap in and return to your experiment tomorrow. It is deleted.

The University of Southern California does not screen or control the content on this website and thus does not guarantee the accuracy, integrity, or quality of such content. All content on this website is provided by and is the sole responsibility of the person from which such content originated, and such content does not necessarily reflect the opinions of the University administration or the Board of Trustees