Labs #1 Homework #1 Due next class Home mewor ork k #1: Policy - - PowerPoint PPT Presentation

Labs #1

Due next class

Homework #1

Home mewor

• rk

k #1: Policy licy agr greement eement

 Hard-copy, due at the beginning of class on Thursday (the rest due on

Monday)

 On a blank sheet of paper, hand-write the following statement, print

your name underneath the statement and then sign

Portland State University CS 430P/530 Internet, Web & Cloud Systems

I will neither share code or work I have produced with

• ther students nor receive code or work from others

unless explicitly allowed by the instructor. I understand that academic misconduct will result in a grade of zero and will be forwarded to the Dean of Student Life.

Home mewor

• rk

k #1: Slack ack, , Docker er Hub ub

 Slack

 Create an account and join the Slack channel at https://pdx-

cs.slack.com (#cs430_530_cloud)

 All course communications through Slack

 DM @wuchang  Use https://bit.ly/sayat-wuchang for anonymous feedback

 Docker Hub (https://hub.docker.com)

 Create a Docker Hub account  Container submission will be via upload to Docker Hub

Portland State University CS 430P/530 Internet, Web & Cloud Systems

Home mewor

• rk

k #1: Linux nux VM set setup up

 Do this for the laptop you bring to class everyday  Install a Ubuntu 18.04 VM

 From http://thefengs.com/wuchang/courses/ubuntu_virtualbox.txt

 Download desktop installation CD image (iso)

 http://releases.ubuntu.com/18.04/

Portland State University CS 430P/530 Internet, Web & Cloud Systems

 Launch VirtualBox

 Click on New and create a VM whose name is your OdinID so that it

appears in all screenshots for your lab notebook

 Name=<Your OdinID>  Type: Linux Version: Ubuntu (64-bit)  Memory size: 2048MB (if you have sufficient RAM on the host)  Create a virtual hard disk

 Create Virtual Hard Disk

 File size: 20.0 GB (Dynamically allocated VDI)

Portland State University CS 430P/530 Internet, Web & Cloud Systems

 In Settings Storage => CD drive:

 Click on CD icon =>Choose virtual optical disk Select Ubuntu ISO in Step 1

Portland State University CS 430P/530 Internet, Web & Cloud Systems

 Then, click "Start" to boot VM using the ISO as a startup disk

 Install Ubuntu=>Continue => Install Now => Continue  Set timezone to LA => Continue on keyboard layout=>Set login credentials  Restart VM

 Within VM

 Install Python packages

sudo apt-get update –y sudo apt-get install python3-pip virtualenv -y

 Install Docker packages

sudo apt-get install docker.io -y sudo usermod -a -G docker $(whoami)

Portland State University CS 430P/530 Internet, Web & Cloud Systems

 In VirtualBox menu

 Click on Devices=>"Insert Guest Additions CD image" to install them within VM

 Power down the VM

Portland State University CS 430P/530 Internet, Web & Cloud Systems

 Tweak VirtualBox General settings for your VM to enable shared

clipboard

Portland State University CS 430P/530 Internet, Web & Cloud Systems

 Tweak VirtualBox Display settings for your VM to improve graphics

performance (128MB memory and 3D acceleration)

Portland State University CS 430P/530 Internet, Web & Cloud Systems

 Ensure VT-x is enabled

Portland State University CS 430P/530 Internet, Web & Cloud Systems

Home mewor

• rk

k #1: Local cal VM set setup up

 Ensure at least 2048MB of RAM is allocated

Portland State University CS 430P/530 Internet, Web & Cloud Systems

Home mewor

• rk

k #1: Bi Bitb tbuck ucket

 Create an account on Bitbucket  Log out of all of your Google accounts  Go to https://bitbucket.org

 Use your @pdx.edu e-mail address to

"Login with Google"

 Find the + and click on it to create a new

repository

 Name your repository

 cs430-<FirstName>-<LastName>  (e.g. cs430-Wuchang-Feng)

 Then "Create repository" using default options

 Pause

 We will create a git repo on your Linux VM and

connect it up to this repository

Portland State University CS 430P/530 Internet, Web & Cloud Systems

 Install git on your Linux VM

sudo apt-get update –y sudo apt-get install git -y

 Configure git

git config --global user.name "Your Name" git config --global user.email <OdinID>@pdx.edu

 Set-up ssh key access from your Linux VM

 Set-up an ssh key by running ssh-keygen -t rsa  Copy the contents of ~/.ssh/id_rsa.pub to the clipboard  Go back to Bitbucket and access your profile

 In Settings, click "SSH keys", then "Add key"  Make sure you're adding the key to your user profile and *not* the repository!

Portland State University CS 430P/530 Internet, Web & Cloud Systems

 Add ssh key from previous step

 https://confluence.atlassian.com/bitbucket/set-up-an-ssh-key-

728138079.html

 Clone the course's source repository to see that it works

git clone ssh://git@bitbucket.org/wuchangfeng/cs430-src.git

Portland State University CS 430P/530 Internet, Web & Cloud Systems

 Then, clone repo in prior step using the ssh key added

git clone ssh://git@bitbucket.org/<bitbucket_id>/cs430- <FirstName>-<LastName>

 Example

git clone ssh://git@bitbucket.org/wuchangfeng/cs430-Wuchang-Feng

 Change directories into your repo (cd cs430-Wuchang-Feng)

 Create a file README.md with an initial message  Add it to the files you would like to commit permanently into local repository

 git add README.md

 Commit the file permanently into local repository with a short message describing

the commit

 git commit -m "First commit"

 Push the local repository onto the origin repository on the master branch

 git push -u origin master

Portland State University CS 430P/530 Internet, Web & Cloud Systems

 Go back to the new repository on Bitbucket and go to the Repository's

Settings

 Add course instructor and TA with Read access

 wuchang+courses@pdx.edu  lchoi+courses@pdx.edu

Portland State University CS 430P/530 Internet, Web & Cloud Systems

 Read the first 6 steps of https://product.hubspot.com/blog/git-and-

github-tutorial-for-beginners

 git clone

 Fetch a copy of a remote repository

 git add

 Add a new file and/or directory to local repository

 git commit

 Commit changes to local repository

 git push

 Merge changes from local repository to a remote one  Implicitly assumes "origin" (place that you retrieved repo from) and "master"

(branch)

 git pull

 Merge changes from remote repository to your local one  Implicitly assumes "origin" (place that you retrieved repo from) and "master"

(branch)

Portland State University CS 430P/530 Internet, Web & Cloud Systems

 At the top-level of the repository, create a file called .gitignore

to specify filenames that will not be added to the repository

env/ *.pyc lib __pycache__/

 Then git add the file to the local repo, git commit it to the local repo,

and then git push the local repo to the remote repo on Bitbucket

Portland State University CS 430P/530 Internet, Web & Cloud Systems

 Create a directory called hw1 within local repository (mkdir hw1)  Within the directory

 Create a markdown file called README.md that contains a colorful message to

me that shows me how much Markdown you know

 cd hw1; <editor_of_your_choice> README.md

 Create a file called dockerhub.txt called that contains only your DockerHub

username in it. For example, my username on DockerHub is wuchangfeng so…

 echo wuchangfeng > dockerhub.txt

 Add the directory and files to your repo via git add .  Commit the changes locally via git commit  Push the changes to your remote BitBucket repo via git push

Portland State University CS 430P/530 Internet, Web & Cloud Systems

Home mewor

• rk

k #1: Bi Bitb tbuck ucket

 Note: All homework submissions will use Bitbucket in combination

with D2L (for the timestamp)

 Commit changes to your repository frequently (part of rubric)  Use descriptive messages in commit messages

 Other resources

 http://rogerdudler.github.io/git-guide/  https://confluence.atlassian.com/bitbucketserver/basic-git-

commands-776639767.html

Portland State University CS 430P/530 Internet, Web & Cloud Systems

Home mewor

• rk

k #1: Go Google gle Cloud ud Platf atform rm

 Google Cloud Platform (GCP)

 IMPORTANT: Bring up a web browser in "Incognito" or "Private

Browsing" mode to set up your account

 Go to https://console.cloud.google.com and login using your

pdx.edu account to enable GCP

 If you haven't used GCP yet and you do not mind temporarily putting

your CC on the account, apply for the $300 coupon and use it to create a new billing account

 https://codelabs.developers.google.com/codelabs/cpb100-free-trial

 Or, wait for me to e-mail you the course coupon, then apply it and

create the course project

Portland State University CS 430P/530 Internet, Web & Cloud Systems

 Create a project called

 cs430-<FirstName>-<LastName>  (e.g. cs430-Wuchang-Feng)  Ensure your name appears in all screenshots for your lab notebook

 Associate the billing account to it

Portland State University CS 430P/530 Internet, Web & Cloud Systems

Home mewor

• rk

k #1: Go Google gle Cloud ud Platf atform rm

 For reference

 https://cloud.google.com/iam/docs/quickstart

Portland State University CS 430P/530 Internet, Web & Cloud Systems

Home mewor

• rk

k #1: AWS

 Visit this link

 https://www.awseducate.com/Registration?apptype=student&coursev

iew=true

 Enter Portland State University for institution name

 Menu will auto-complete entry

Portland State University CS 430P/530 Internet, Web & Cloud Systems

 Select CS 430P/530  Fill out form with your information

Portland State University CS 430P/530 Internet, Web & Cloud Systems

 Verify account via e-mail  Agree to terms and conditions  Wait for approval e-mail (10-15 min)

Portland State University CS 430P/530 Internet, Web & Cloud Systems

 Sign back into AWS Educate

https://www.awseducate.com/signin/SiteLogin

 Click "AWS Account"  Follow directions to log into your AWS Student account

Portland State University CS 430P/530 Internet, Web & Cloud Systems

 Access to AWS for the rest of the quarter

 Notify instructor immediately if you can not get to this screen

Portland State University CS 430P/530 Internet, Web & Cloud Systems

Home mewor

• rk

k #1: AWS

 https://www.awseducate.com/Registration?apptype=student&cour

seview=true

Portland State University CS 430P/530 Internet, Web & Cloud Systems

ARP

ARP P Lab #1

 On your UbuntuVM, install wireshark

 sudo apt-get update  sudo apt-get install –y wireshark

 Use the ifconfig command to find the IP address and hardware

address of the local virtual ethernet card interface

 Perform a netstat –rn to find default router's IP address  Ping the default router and use arp to find its hardware address

Portland State University CS 430P/530 Internet, Web & Cloud Systems

ARP P Lab #1

 Perform a sudo wireshark

 Use a Capture Filter to capture icmp (ICMP is the protocol used by ping)  Select your VMs virtual ethernet interface (e.g. enp0s3), then begin a capture  Then, in a separate terminal, ping www.google.com  Click on the request packet in the top window

 In the middle window, expand the data-link layer packet and click on the source and

destination hardware addresses

 Who owns the destination hardware address of the packet?  Show the bytes in the packet dump window as shown below  Repeat using with the response packet

Portland State University CS 430P/530 Internet, Web & Cloud Systems

Network

Netw etwor

• rk

k Lab #1 (Netsim etsim)

 Create an account and complete all levels of Netsim

 https://netsim.erinn.io  Show screenshot of completed list of levels  For Level #5

 Show packet before it hits modem  Show packet after it leaves modem

 For the ping and traceroute levels, ensure ICMP is capitalized when

specifying the proto field

Portland State University CS 430P/530 Internet, Web & Cloud Systems

Netw etwor

• rk

k Lab #2 (nma map)

 This lab will give you experience with Google's Compute Engine and

its offerings in Google Cloud's Marketplace as well with nmap, a standard tool for performing network security audits

 Launch a Compute Engine using the f1-micro machine type and

place it in us-west1-b

 Configure the boot disk to be Ubuntu 18.04 LTS

Portland State University CS 430P/530 Internet, Web & Cloud Systems

 Then click on "ssh" to bring up a shell session on it  Run the following to install nmap on the VM

 sudo apt update  sudo apt install nmap

 We will be using the VM to scan the Marketplace deployments that

we will be launching on Compute Engine

Portland State University CS 430P/530 Internet, Web & Cloud Systems

 Go to Marketplace on the Google Cloud Platform console

 Filter on Virtual Machines  Then on Blog & CMS  These solutions, when deployed, will bring up their software on a

Compute Engine instance

Portland State University CS 430P/530 Internet, Web & Cloud Systems

Netw etwor

• rk

k Lab #2 (nma map)

 Bring up 3 solutions from the Blog & CMS category with the

following settings

 Zone: us-west1-b  Machine type: micro  Select "Allow HTTP traffic"  Deselect “Allow HTTPS traffic”  Show the landing page for each VM to ensure it has been deployed

properly

 Go back to the Compute Engine console

 Note the “Internal IP address” of each instance

Portland State University CS 430P/530 Internet, Web & Cloud Systems

Netw etwor

• rk

k Lab #2 (nma map)

 Then, go the VM you installed nmap on

 If you've logged out, click on SSH to log back into it  Run nmap on the internal subnet the instances have been placed on  nmap 10.x.y.z/24  Show the output for the scan

 Shutdown all 4 instances

Portland State University CS 430P/530 Internet, Web & Cloud Systems

Netw etwor

• rk

k Lab #3: Sub ubne nets ts in th the e cloud ud

 Link to lab at end of walkthrough

Portland State University CS 430P/530 Internet, Web & Cloud Systems

Netw etwor

• rk

k Lab #3: Sub ubne nets ts in th the e cloud ud

 Bring up the console and click on Cloud Shell  Set region/zone to Europe

 Note: you will be creating sub-networks in other zones and regions, so

for this lab only, use the lab's zones/regions verbatim

 Note: If you are following along in the codelab linked at the end of

this lab, we are skipping Step 5 (Legacy) and going to Step 6

Portland State University CS 430P/530 Internet, Web & Cloud Systems

$ gcloud config set compute/zone europe-west1-c $ gcloud config set compute/region europe-west1

Usi sing ng def efault ault reg egional

• nal su

subnetw twor

• rks

ks

 List default networks  List default subnetworks per-region

 New instances in region placed in default regional subnetworks unless

• therwise specified

 Create two instances in two different regions  See which internal subnetwork each one is brought up in by

inspecting the internal IP address given

Portland State University CS 430P/530 Internet, Web & Cloud Systems

$ gcloud compute instances list $ gcloud compute networks list $ gcloud compute networks subnets list $ gcloud compute instances create instance-1 --zone us-east1-b $ gcloud compute instances create instance-2 --zone us-central1-c

Creati eating ng cus ustom m netw etwor

• rks

ks

 Create a custom network spanning your regions  Create two custom subnetworks within it in two regions us-central1

and europe-west1)

 List subnetworks

Portland State University CS 430P/530 Internet, Web & Cloud Systems

$ gcloud compute networks create custom-network1 --subnet-mode custom $ gcloud compute networks subnets create subnet-us-central-192 \

• -network custom-network1 \
• -region us-central1 \
• -range 192.168.1.0/24

$ gcloud compute networks subnets create subnet-europe-west-192 \

• -network custom-network1 \
• -region europe-west1 \
• -range 192.168.5.0/24

$ gcloud compute networks subnets listr

 Create two more instances and place one each in the custom

subnetworks created previously

 Note: Machines in different subnetworks are not able to communicate

by default for security purposes

 Network filtering rules can be defined to explicitly enable this  A lab will cover this later…

 From the web console, show the VM instances and the subnetworks

created (VPC Network)

Portland State University CS 430P/530 Internet, Web & Cloud Systems

$ gcloud compute instances create instance-3 \

• -zone us-central1-a \
• -subnet subnet-us-central-192

$ gcloud compute instances create instance-4 \

• -zone europe-west1-d \
• -subnet subnet-europe-west-192

Netw etwor

• rk

k Lab #3

 https://codelabs.developers.google.com/codelabs/cloud-

subnetworks

Portland State University CS 430P/530 Internet, Web & Cloud Systems

Transport

Transp anspor

• rt

t Lab #1: nets etstat tat, , nc nc

 On your Ubuntu VM, identify what default network services are exposed

 Perform a netstat –l –t -4 to find all listening sockets on the

machine (those accepting incoming connections)

 The command flags specify sockets listening on TCP ports on IPv4 interfaces

 If the -4 flag does not work, omit it (you are on an IPv4-only machine)  Note that as a superuser, you can add a –p flag to determine the program that owns

each socket

 Examine the "Local Address" field

 Servers such as ssh and nginx typically listen on "0.0.0.0" to accept connections

from on any interface (INADDR_ANY when specifying socket)

 Servers intended for local access listen only on the loopback interface

"localhost…" (INADDR_LOOPBACK) (described via man 7 ip)

 For named services



(e.g. tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN )

 Identify those listening on all interfaces  Identify those listening only for local connections  Then, look up their descriptions in /etc/services to find out what they are  Note: netstat *should* provide the same information as an external nmap scan from

the previous lab unless malware has been installed to hide itself locally on the machine  Repeat the exercise on linux.cs.pdx.edu

Portland State University CS 430P/530 Internet, Web & Cloud Systems

Transp anspor

• rt

t Lab #1: nets etstat tat, , nc nc

 On linux.cs.pdx.edu

 Use ifconfig to find the IP address of the machine  netcat (nc) is a program that can connect to arbitrary ports on a server

 For example, the following command connects up to the web server (port 80) of

131.252.220.66

• nc 131.252.220.66 80

 Using the IP address of the machine, use nc to connect up to the ssh port in order to

identify the version of ssh that is being used on linuxlab machines (Control-c to exit)

Portland State University CS 430P/530 Internet, Web & Cloud Systems

Transp anspor

• rt

t Lab #2: iperf and d TCP P pe performance

• rmance

 In this lab, we'll look at TCP throughput to different parts of the world  On GCP

, go to Compute Engine and create 3 VMs

 Zone: one in us-west1-b, one in Australia, and one in Europe  Machine type: micro  Boot disk: Ubuntu 18.04  Allow HTTP on each

 ssh into each and install iperf sudo apt update sudo apt install iperf  For each VM

 Start the iperf server on HTTP port (80)  Note the external IP address of each instance  On each server, perform the following and leave the command running and the

window open sudo iperf –s –p 80

Portland State University CS 430P/530 Internet, Web & Cloud Systems

 On your Ubuntu 18.04 VM

 Perform the following to install iperf sudo apt update sudo apt install iperf  Then, for each VM created previously, perform an iperf multiple

times to determine the approximate bandwidth available between your VM and each of the 3 VMs

 iperf -c <IP address> -p 80

 Explain the relative differences (or lack thereof) of the results

 Exit out of all VMs and take down all instances when complete

Portland State University CS 430P/530 Internet, Web & Cloud Systems

HTTP

HTTP TP Lab #1: HTTP TP hea eader ders, s, De DevTools

• ols

 HTTP headers  Install Chrome (either on your Desktop or UbuntuVM)

 For Ubuntu

 sudo apt-get install -y gdebi  wget https://dl.google.com/linux/direct/google-chrome-

stable_current_amd64.deb

 sudo gdebi google-chrome-stable_current_amd64.deb

 Bring up the Chrome Developer Tools

 Visit natas0.natas.labs.overthewire.org  Find the HTTP request and response headers  List the initial authenticate response header  Authenticate with natas0:natas0  List the subsequent authorization request header

 Repeat using Wireshark

 Show the initial authenticate response header and the authorization request

header in packet payloads as well as the other HTTP headers that are included

HTTP TP Lab #2: QU QUIC/HTT /HTTP2 P2

 On a linuxlab machine

 Open google-chrome  Open chrome://flags

 Find and enable the QUIC protocol

 Open chrome://net-export/  Open https://netlog-viewer.appspot.com  Stream video for a short time from vimeo.com and youtube.com, load

the video file into netlog-viewer

 Show whether HTTP/2 and/or QUIC are used and for which sites

 On your UbuntuVM, open up Wireshark and perform the same

process but only for youtube.com

 Show the QUIC transport being used within Wireshark's packet trace

DNS

DN DNS S Lab #1: Ba Basi sics cs

 DNS reconnaissance

 On a linux.cs.pdx.edu, cat /etc/resolv.conf to find the local

DNS server for the client resolver

 Run dig with no arguments to list all root DNS servers  Lookup the A record of www.pdx.edu and the MX record of pdx.edu

using the appropriate type flag for dig

 What do these records explain about how PSU's web/mail services are run?

 Find the authoritative server (NS record type) for

mashimaro.cs.pdx.edu and then query that server for the A record of mashimaro.cs.pdx.edu

 Find the authoritative server for thefengs.com and then query that

server for the A record of thefengs.com

 When a web request hits port 80 of 131.252.220.66, how does the

server know which site to serve from? (i.e. what protocol header)

Portland State University CS 430P/530 Internet, Web & Cloud Systems

DN DNS S Lab #2: Itera erativ tive e lookup up

 On linux.cs.pdx.edu, simulate the operation of a Local DNS server

 Choose a DNS name containing at least 4 parts (e.g. www.cs.pdx.edu ,

console.cloud.google.com , www.unsw.edu.au , www.amazon.co.uk )

 Start your iterative querying at the F root server

 Use the +norecurse flag to specify iterative queries  Use the +tcp flag to specify queries over TCP

 Required on any MCECS network or machine due to UDP DNS filters  Not required on other networks

 Use the @ prefix to specify IP address of each DNS server to query  Use the appropriate DNS record type to identify authoritative servers

Portland State University CS 430P/530 Internet, Web & Cloud Systems

DN DNS S Lab #2: Aliases iases and nd rever erse se look

• kups

ups

 Shell (bash) preliminaries (do on linux.cs.pdx.edu)

 Perform the following commands and examine the output to understand

what egrep, awk, and the pipes (|) are doing

 ls -l /dev  ls -l /dev | egrep vcs  ls -l /dev | egrep vcs | awk '{print $10}'

 You can save the standard output of a command and use it in subsequent

command-line arguments. One way is to save it to an environment variable using back-ticks or $( )

 X=`ls -l /dev | egrep sda | awk '{print $10}'`  echo $X  X=$(ls -l /dev | egrep sda | awk '{print $10}')  echo $X

 Then, you can use a for loop in bash (or a foreach loop in zsh) to iterate

• ver each value that is returned

for i in `echo $X` do file /dev/$i done

Portland State University CS 430P/530 Internet, Web & Cloud Systems

DN DNS S Lab #2

 Finding aliases with dig and bash

 On linux.cs.pdx.edu, use a single command line with

commands dig, egrep, and awk, to list all IPv4 addresses that linuxlab.cs.pdx.edu points to

 Then, take that list and iterate over it in order to do a reverse lookup of

each IP address

The command to perform a reverse-lookup given an IP address is dig –x

Portland State University CS 430P/530 Internet, Web & Cloud Systems

DN DNS S Lab #3: Names mes of host sts s on a su subne net

 In the shell, integer ranges specified via {<num1>..<num2>}  Perform the following two commands to see how it works

echo {0..2}{0..9} for i in {1..20} do

echo $i

done

 Using this mechanism, perform a reverse DNS lookup for each IP

address on the 131.252.220.0/24 subnet

 After the "done" keyword, before hitting return, pipe the standard

• utput of the loop to egrep to list just the names of the hosts, and

then redirect it to file called 220hosts.txt

 Obtain the hosts between .30 and .50

 head -50 220hosts.txt | tail -20  Numbers may be slightly off since some names will not resolve

 Then, obtain the hosts between 58 and 70

Portland State University CS 430P/530 Internet, Web & Cloud Systems

Netw etwor

• rk

k Rec ecap ap Lab #1: Ful ull l tr trace ace analy nalysis sis

 Use ifconfig to find the IP address of the VM and the name of the

local virtual ethernet interface

 Use netstat to find the IP address of the default router  Temporarily change the default DNS server

 sudo vim /etc/resolv.conf  Change to point to 1.1.1.1  Will be overwritten upon next DHCP renew  Perform a reverse DNS lookup on the DNS server to find its name

Portland State University CS 430P/530 Internet, Web & Cloud Systems

Netw etwor

• rk

k Rec ecap ap Lab #1

 Parse the output arp -a using awk with specified delimiters

 Type arp -a to see the format of its output  Then

 arp -a | awk -F'[()]' '{print $2}' > arp_entries  -F flag sets the delimiter to use, the square brackets specify a regexp that matches

eith parentheses character for a delimiter, then the command prints out the 2nd field (the IP address) and outputs the result a file (arp_entries)

 Then, sudo wireshark

 Begin capture on the virtual ethernet interface found earlier  Delete all arp entries using a for loop in the shell and then immediately

retrieve http://<OdinId>.oregonctf.org

for i in $(cat arp_entries) do sudo arp -d $i done ; wget http://<OdinId>.oregonctf.org

Portland State University CS 430P/530 Internet, Web & Cloud Systems

Netw etwor

• rk

k Rec ecap ap Lab #1

 Stop the packet capture and inspect it

 Ensure the arp packets and DNS request and response packet s for the

request show up in the trace.

 If not, you are using a cached lookup. Run the lab again using random

characters to the DNS name you are fetching

 Within Wireshark, annotate the packets in the trace to explain the

purpose of each of the packets being exchanged

 Answer the following questions

 How many DNS requests are made?  How many TCP connections does the browser initiate simultaneously to

the site?

 How many HTTP GET requests are there for embedded objects?  Some helpful display filters include dns, tcp.flags.syn, and http.request

Portland State University CS 430P/530 Internet, Web & Cloud Systems

CDN

CDN DN Lab b #1: Ge Geogra graphic phic DN DNS

 Based on the location of the local name server performing a name

resolution, most sites served by a CDN attempt to resolve their names to the IP address of the nearest server that hosts it

 Using dig, we will resolve www.google.com from different local name

servers to see how resolution differs from different locations

 Lookup geographic locations of the following DNS servers via

https://www.iplocation.net/

 131.252.208.53 (PSU)  198.82.247.66 (Virginia Tech)

 Then, using dig, resolve www.google.com from each of the DNS servers and

record each result

 Note: Use the +tcp flag to specify queries over TCP if you are on an MCECS network or

• n linux.cs.pdx.edu

 Lookup up geographic locations for each that do not give Google's Mountain

View headquarters as the result

 What is the geographic distance between the DNS server and web server?

 Perform a traceroute to each of the addresses

 Do the routes reveal any information on the accuracy of the geographic locations given?

Answer might be no.

Portland State University CS 430P/530 Internet, Web & Cloud Systems

CDN DN Lab b #2: HTTP TP load ad balancing lancing

 Scaling and deploying a load balanced web site

 In under an hour!

Portland State University CS 430P/530 Internet, Web & Cloud Systems

via checkboxes!

CDN DN Lab b #2: HTTP TP load ad balancing lancing

 Scaling and deploying a load balanced web site  Skip intro steps if not needed, use exact naming  Launch Cloud Shell and copy files from lab's bucket on Google Cloud

Storage (similar to AWS S3 buckets)

 Cloud Deployment Manager

 Allows one to specify and deploy collections of VMs  For lab, configuration include in files copied via

YAML and Jinja files (more on Jinja later)

Portland State University CS 430P/530 Internet, Web & Cloud Systems

mkdir networking101 cd networking101 gsutil cp gs://networking101/* . # compute-engine-template.jinja

• name: w2-vm

type: vm-template.jinja properties: machineType: n1-standard-1 zone: us-west1-b network: {{ NETWORK_NAME }} subnetwork: us-west1-s2 ip: 10.11.0.100 # networking-lab.yaml resources:

• name: compute-engine-setup

type: compute-engine-template.jinja

CDN DN Lab b #2: HTTP TP load ad balancing lancing

 Launch the configuration to instantiate the network on GCP

 Will need to enable the Deployment Manager API  Grab some coffee (takes a while to instantiate)

Portland State University CS 430P/530 Internet, Web & Cloud Systems

gcloud deployment-manager deployments create networking101 \

• -config networking-lab.yaml

CDN DN Lab b #2: HTTP TP load ad balancing lancing

 Show the machines running within Cloud Shell and Compute Engine

UI

 Note: If ssh works on Step 3, you may skip Step 4 (read through it

anyway just for fun)

 Launch an ssh session on each VM to perform Step 5 and 6

 For Step 6, repeat the pair-wise ping table from the various VMs  Pinging external hosts step optional

 Step 8: Set up network to allow HTTP traffic to all instances (name

the rule http-server)

 Done either via gcloud command-line or via Console UI  Note: "Networking" via the Menu is now labeled "VPC Network"

Portland State University CS 430P/530 Internet, Web & Cloud Systems

gcloud compute firewall-rules create nw101-allow-http \

• -allow tcp:80 --network networking101 --source-ranges 0.0.0.0/0 \
• -target-tags http-server

CDN DN Lab b #2: HTTP TP load ad balancing lancing

 Step 9: Managed Instance Groups

 In Compute Engine, "Instance Templates" are recipes for creating

identical VMs in a group (Instance Groups)

 Group is managed by a policy

 e.g. Maximum 5, Minimum 1, add a node when avg load > 0.8, subtract a node

when avg load < 0.8  Creation via command line with a startup script taken from a different

bucket

 Example template creation command for machines residing in us-east1 (Sets subnet

and region, associate http-server tag to allow HTTP traffic)

 Run startup script at gs://networking101-lab/startup.sh

Portland State University CS 430P/530 Internet, Web & Cloud Systems

# Create template for machines residing in us-east1 # Set subnet and region, associate with http-server tag to allow HTTP gcloud compute instance-templates create "us-east1-template" \

• -subnet "us-east1" \
• -metadata "startup-script-url=gs://networking101-lab/startup.sh" \
• -region "us-east1" \
• -tags "http-server"

CDN DN Lab b #2: HTTP TP load ad balancing lancing

 Startup script installs Apache2 and PHP

, then updates index files to list region

 Recall awk, $(), `` from previous lab  sed : Unix stream editor for filtering and transforming text (via regexp)

• substitutes the string "region-here" with environment variable set in previous

commands

Portland State University CS 430P/530 Internet, Web & Cloud Systems

#! /bin/bash apt-get update apt-get install -y apache2 php cd /var/www/html rm index.html -f rm index.php -f wget https://storage.googleapis.com/networking101-lab/index.php META_REGION_STRING=\ $(curl "http://metadata.google.internal/computeMetadata/v1/instance/zone" \

• H "Metadata-Flavor: Google")

REGION=`echo "$META_REGION_STRING" | awk -F/ '{print $4}'` sed -i "s|region-here|$REGION|" index.php

CDN DN Lab b #2: HTTP TP load ad balancing lancing

 In Console UI, instantiate managed instance group from templates for

both regions (note the configurations are different)

 us-east-1 dynamic from 1 to 5 nodes  europe-west1 static 3 nodes

Portland State University CS 430P/530 Internet, Web & Cloud Systems

Portland State University CS 430P/530 Internet, Web & Cloud Systems

CDN DN Lab b #2: HTTP TP load ad balancing lancing

 Hit the web page of one of the instance http://<Instance_IP>

 If request fails, you may need to check your HTTP firewall rule and restart

instances with the traffic enabled  Step 10: Now at Network Services => Load balancing

 Start configuration and specify an HTTP(S), Internet-facing only load balancer  Specify backend configuration (e.g. a backend service implemented via the VMs in

the instance groups)

Portland State University CS 430P/530 Internet, Web & Cloud Systems

 Go through *entire* configuration and then Create

Portland State University CS 430P/530 Internet, Web & Cloud Systems

Res esult ult

Portland State University CS 430P/530 Internet, Web & Cloud Systems

CDN DN Lab b #2: HTTP TP load ad balancing lancing

 Step 11

 Show site via IP address assigned to load balancer (the Anycast IP

address)

 Which instance group did the request go to?

Portland State University CS 430P/530 Internet, Web & Cloud Systems

CDN DN Lab b #2: HTTP TP load ad balancing lancing

 Place the site under siege, from w1-vm  Show the autoscaling turning on for us-east1 instance group

Portland State University CS 430P/530 Internet, Web & Cloud Systems

siege -c 250 http://<http-loadbalancer-ip>

CDN DN Lab b #2: HTTP TP load ad balancing lancing

 Perform steps 12-13

 Perform traceroutes from VMs to pdx.edu  Skip MTR section

 Skip 14 (iperf)  Make sure to cleanup!

Portland State University CS 430P/530 Internet, Web & Cloud Systems

CDN DN Lab b #2: HTTP TP load ad balancing lancing

 Ensure no Compute Engine instances are running from the lab

 https://codelabs.developers.google.com/codelabs/cloud-

networking-101

Portland State University CS 430P/530 Internet, Web & Cloud Systems