An Implementation Of A Software Defined Network Based Virtual Laboratory M.E. Bima, O.C. Inalegwu, T.A. Folorunso, I.O. Oyefolahan, S.O Etuk, B. Simeon Federal University of Technology, Minna Email: {bimamuhammad, ogbole.inalegwu, funso.taliha, o.ishaq, abiolastella}@futminna.edu.ng simeon.bala@st.futminna.edu.ng Abstract—The cost of adequately equipping laboratories This work was implemented using a cyber security practical with required laboratory equipment has been found to be session. However, it should be noted that the developed prohibitively expensive. This has made teaching of practical laboratory can be applied in a variegated range of disciplines. oriented courses very challenging in educational institutions. Virtualization is a technology that can create the impression The paper is further structured as follows: In section II of having dedicated hardware resources in place of physical detailed review of related work is presented. The description laboratory equipment thereby reducing this prohibitive cost. of the employed methodology is presented in Section III. In this paper, the development of a virtual laboratory using The results and discussion is presented in Section IV while software defined networking approach is presented. The de- Section V concludes the work. veloped system was tested using a network penetration testing laboratory session. The results derived show that the virtual II. R ELATED W ORKS laboratory has the potential of enhancing learning in practical oriented courses because of the ease of conducting practical The use of virtualization in the development of virtual sessions and the elimination of procurement cost of laboratory laboratories has gained large acceptance in academia due equipments. to the high cost of procuring laboratory equipment. A large Keywords—-virtual laboratory, SDN virtual laboratory, soft- amount of work has been done in the development of a virtual ware based virtual laboratory laboratory for educational purposes. Based on these works, I. I NTRODUCTION virtual laboratories can be classified into two namely: - Centralized and Decentralized structured virtual laboratories. Virtualization has been used for many years as a solution In the case of the centralized structure, the nodes have in many cooperate settings to ease the daily activities and a central server where all remote connections are made in provide security to equipment [1]. It involves the creating order to access the laboratory. In [5], a centralized virtual perception of having dedicated systems resources whereas, laboratory known as VNLab was developed to evaluate vir- resources are being shared [2], [3], [4]. This has brought tual laboratory based on virtualization technologies. Students great benefits to the large variation of usage involving both could access the central server by establishing a remote industry and academia. In academics, virtualization has helped to reduce the connection. An Integrated physical and virtual laboratory prohibitive cost of setting up a laboratory for teaching was developed in [6] to teach basic computer networking practical courses. Heretofore, laboratory equipment have to concepts. VMWare was used at the core of the virtualization be purchased and set up for use in the laboratory. Apart environment. from the linear increment in cost as the number of students In Decentralized structure, the nodes operate with no increase, there is also the issue of space where the equipment dependence on a central server. This creates a whole range will be placed. Furthermore, students need to be physically of advantages to the virtual laboratory development. The present in the laboratory to use the equipment. With the use use of decentralized structure is a trend among education of virtualization, these overheads and more can be eliminated. and professional fields [7]. This is obviously because of An upcoming technology in virtualization known as Soft- the great advantages derived for their usage which include ware Defined Networking promises greater flexibility [1]. reusability and flexibility of making changes. A framework With this, the layer one functionality of the network can for implementing a decentralized virtualization solution for be transformed to be purely software based. The network computer laboratory was proposed in [8]. In [9], some free tasks are further divided into two; data and control plane. The virtualization tools were used to develop a virtual laboratory control plane decides how a given packet should be handled for educational purposes. while the data plane forwards the packet to a specified Heretofore, virtualization for educational purposes has destination. been focused mainly on Information Technology (IT) based In this paper, the development of a virtual laboratory using courses and subjects. Some of the subjects include computer a software defined networking (SDN) approach is presented. networking and cyber security. Advanced computer network 232 International Conference on Information and Communication Technology and Its Applications (ICTA 2016) [10] and VoIP [11] concepts were also taught using virtual network laboratory. A cyber security based virtual laboratory was developed in [7] with the Game Based Learning (GBL) technique employed to encourage learning among students. An intrusion detection system (IDS) virtual laboratory was developed in [12]. The system was made modular so that changes can be made for other courses without affecting Fig. 2. Block Diagram of Developed System the main operation of the virtual machine. In this study, an attempt was made to extend the earlier approaches by using 1) VIRTUAL LABORATORY: This block represents the the software defined networking (SDN) based approach. various laboratory practical sessions taken in the laboratory. For the purpose of this research, a network penetration III. S YSTEM D ESIGN laboratory session is implemented in the laboratory. This Software defined networking being an upcoming concept block will reside on the VMWare platform. Course Instructor involves the abstraction of the network functionalities. The simply modifies this to accommodate the required laboratory implication of this is that the network becomes more efficient session. and flexible in maintenance. This section expounds on the 2) VIRTUAL NETWORK: This block enables remote con- methods used in developing the SDN based virtual laboratory. nection between the user and the laboratory. Various modules of the laboratory are connected together using this block. A A. System Architecture user is further required to remotely log into laboratory to be granted access. GNS3 network emulator is used to implement The layered model show in Fig. 1 was employed in the this functionality in the design. development of the virtual laboratory. 3) COMPUTER: It is from this unit that the user connects to the laboratory. A secured login encryption is enabled using SSH to eliminate possible eavesdropping on the provided password. B. Use Case Diagram From Fig. 3, the instructor can set up all the virtual machines for the SDN. The administrator is responsible for creating virtual machines when needed, installing new software or services on the virtual machine for the purpose of laboratory practical. Fig. 1. SDN model adopted in the design Control layer defines how the network handles a given packet. Infrastructure layer involves the use of a physical or virtual network device. Application layer involves the kinds of high layer functionality expected on the network. It involves the virtualization of a designed network. Fig. 3. Use Case Diagram of proposed system In order to develop the system, two tools; VMWare and GNS3; were employed. The application layer resides on the The students of the system can perform the set laboratory VMWare while the control and infrastructure layers reside tasks. A remote connection is required to access the labo- on the GNS3 platform. The network is set up on the GNS3 ratory platform. Once login has been established, users can emulator and it is used to interface the application on the now carry out various penetration tests on the VM instance VMware platform. that has been created. A personal computer running windows 7 was used as the Host Computer (HC). On the HC, VMware workstation 11 IV. R ESULTS was installed to be used to create Virtual Machines for the This section shows the results and output from the devel- developed Virtual Laboratory. The overview of the developed oped Software Defined Network (SDN). The screen-shot of system is further depicted in Fig. 2 the designed system is shown in Fig 4. 233 International Conference on Information and Communication Technology and Its Applications (ICTA 2016) Fig. 4. Developed system on GNS3 The system was tested by implementing a Penetration Testing Lab. The details of the tests conducted are presented as follows. Fig. 7. Exploiting SQL Injection 1) Scanning of the networks. 2) Test for SQL injection vulnerability on webserver. sqlitest.txt will be used by sqlmap to exploit the database. 3) Perform SQL injection on the web server The process of exploitation is shown in Fig. 7. A. Scanning V. C ONCLUSION Zenmap, a GUI scanning tool is used to scan the in- ternal and external networks which are 10.10.10.1/24 and A virtual laboratory was designed, implemented and tested 192.168.10.1/24 respectively. The results of the scanning are using virtualization and SDN technologies. It was designed shown in Fig. 5 using GNS3 and VMware workstation. Network penetration test was conducted to determine the efficiency of the devel- oped system. It can be concluded from the results that the virtual laboratory has the potential of enhancing learning in practical oriented courses because of the ease of conducting practical sessions and the elimination of procurement cost of laboratory equipments. R EFERENCES [1] D. Kreutz, F. M. V. Ramos, P. Verissimo, C. E. Rothenberg, S. Azodol- molky, S. Member, and S. Uhlig, “Software-Defined Networking : A Comprehensive Survey,” Proceedings of the IEEE, vol. 103, no. 1, pp. 14 – 76, 2015. [2] J. Ma and J. V. Nickerson, “Hands-on, simulated, and remote labora- tories,” ACM Computing Surveys, vol. 38, no. 3, pp. 7–es, 2006. [3] R. J. Ross, C. M. Boroni, F. W. Goosey, M. Grinder, and P. Wis- senbach, “WebLab! A universal and interactive teaching, learning, and laboratory environment for the World Wide Web,” SIGCSE Bulletin, vol. 29, pp. 199–203, 1997. [4] L. Winer, M. Chomienne, and J. Vazquez-Abad, “A distributed collab- orative science learning laboratory on the internet,” American Journal of Distance Education, vol. 14, no. 1, pp. 47–62, 2000. [5] D. M. Dobrilovic, V. Z. Jevtic, and B. Odadzic, “Expanding Usability of Virtual Network Laboratory in IT Engineering Education,” Interna- Fig. 5. Result of Network Scanning tional Journal of Online Engineering (iJOE), vol. 9, pp. 26–32, feb 2013. [6] K. C. Chan and M. Martin, “An integrated virtual and physical network B. Testing for SQL Injection infrastructure for a networking laboratory,” in 2012 7th International Conference on Computer Science & Education (ICCSE), no. Iccse, A single quote (‘) or ‘or 1 = 1 – was submitted to the pp. 1433–1436, IEEE, jul 2012. webserver to test for SQL injection vulnerability. An error [7] J. Cano, R. Hernandez, S. Ros, and L. Tobarra, “A distributed labora- being generated afterwards indicates the presence of such tory architecture for game based learning in cybersecurity and critical infrastructures,” in 2016 13th International Conference on Remote vulnerability as shown in Fig. 6 Engineering and Virtual Instrumentation (REV), no. February, pp. 183– 185, IEEE, feb 2016. C. Exploiting SQL Injection [8] H. Frederik and A. Buitendag, “Presenting a Framework for using Full Decentralized Virtualization on Desktop Computers in an Educational Burpsuite proxy is used to intercept the request and the Laboratory Environment,” in IST-Africa Conference and Exhibition request is sent to SQLMAP, a database exploitation tool. To (IST-Africa), 2013, (Nairobi), pp. 1–8, IEEE, 2013. run burpsuite, “burpsuite &” command is sent to the shell. On [9] A. Gonzalez, C. R. Garcia, and S. Candela, “Providing learning computing laboratories using hosting and virtualization technologies,” default, burpsuite intercepts the request sent to the database in 2011 IEEE Global Engineering Education Conference (EDUCON), and it is saved in a file. All request information saved in pp. 252–259, IEEE, apr 2011. 234 International Conference on Information and Communication Technology and Its Applications (ICTA 2016) Fig. 6. Result from SQL Injection Test [10] A. Ruiz-Martinez, F. Pereguez-Garcia, R. Marin-Lopez, P. M. Ruiz- Martinez, and A. F. Skarmeta-Gmez, “Teaching Advanced Concepts in Computer Networks: VNUML-UM Virtualization Tool,” IEEE Trans- actions on Learning Technologies, vol. 6, pp. 85–96, jan 2013. [11] G. V. Iana and V. M. Ionescu, “Virtualization of VoIP laboratories,” in 2015 14th RoEduNet International Conference - Networking in Education and Research (RoEduNet NER), pp. 115–120, IEEE, sep 2015. [12] P. Li and T. Mohammed, “Integration of virtualization technology into network security laboratory,” in 2008 38th Annual Frontiers in Education Conference, no. Vmm, pp. S2A–7–S2A–12, IEEE, oct 2008. 235