Experimental Network

This page describes the experimental network for use in the SE/IT program's networking classes. First, be aware that there are VTSU LAN segments that connect into the SE/IT program's dedicated computer labs in BLP-210 (Williston) and CON-106 (Randolph). Those LAN segments are part of the normal VTSU infrastructure with network addresses of 155.42.107.0/24 (Williston) and 155.42.113.0/24 (Randolph). The SE/IT program has some special privileges over those LAN segments, but they are still part of the VTSU network overall. I will call those networks the lab networks.

However, this document describes a network that is physically located in BLP-210 on the Williston campus, but entirely contained in several racks of donated equipment. It is not directly connected to the VTSU LAN, although there are gateway machines. I call this specialized network the experimental network, or XNetwork. Using the XNetwork, experiments can be performed that do not disrupt normal VTSU traffic or other SE/IT users working on other classes in the labs.

The XNetwork has two sections. One section, called Techland, contains devices with one-of-a-kind configurations. The gateway systems are all directly connected to Techland. The other section, called Shangri-La, contains six student-hackable router/switch pairs, along with the infrastructure needed to reach them remotely. As a student, you can "check out" one of the Shangri-La router/switches for your own experimentation or for doing assignments. Currently, this check-out process is very manual, but in the future it might be possible to use a web application.

Usage Note

The XNetwork is intended for experimentation. However, it is also a shared resource. When using the XNetwork, please follow all relevant instructions and observe any rules and limitations imposed by your instructor. Remember to remove any files you create on the gateway systems, and to restore the configurations of the network infrastructure devices to their original states when you are done with them. Do not save any configuration changes to the startup configuration. Restore the devices to their predefined status using the reload command.

Gateway Systems

There are currently three gateway systems connected to the XNetwork. The systems Alpha and Beta are both running Ubuntu Linux 22.04. They have direct connections to the VTSU LAN for convenient access, but they also have a second network interface connected to the XNetwork. They can be used as victim machines or for generating normal network traffic over the XNetwork.

The gateway system Mu is running Kali Linux and contains various "hacking tools" and monitoring tools. Using these tools on VTSU networks is normally a violation of Policy 502 and can result in sanctions. The XNetwork is an exception to this, as its purpose is educational. However, because it is a shared resource, and because it is intended to support multiple classes, please exercise caution and consideration when using the various tools against devices on that network. If in doubt, contact your instructor to discuss your plans and to find a time when you might be able to execute them that won't disrupt other users.

Since Mu is also connected to the VTSU LAN, it is technically possible for you to use the tools on that system to attack machines on the 155.42.107.0/24 subnetwork in the BLP-210 lab. That subnetwork has a special exception to Policy 502 since it is controlled by the SE/IT program. However, that network also contains systems, such as lab machines, Lemuria, and others, that should work reliably. Do not attack the systems on 155.42.107.0/24 without special instructions from one of the SE/IT faculty.

The Network

• Here is a Packet Tracer model of the XNetwork. Note that Packet Tracer version 8.2.1 or later is needed to open the model file.
• Here is a document that describes how to use the console server to access the student-configurable routers and switches.
• Here are the precise commands used to configure the XNetwork infrastructure devices to their baseline configurations. These commands have also been used in the Packet Tracer model (approximately... Packet Tracer does not faithfully simulate the precise behavior of the physical devices).
• IPv6 tunnel configuration between Lemuria in Williston and Twilight in Randolph.
• Lemuria's network configuration (Twilight is similar).

Access

Remote Access

Remote access to the XNetwork is done via one of the gateway machines Alpha (alpha.cis.vermontstate.edu), Beta (beta.cis.vermontstate.edu), or Mu (mu.cis.vermontstate.edu). All three machines have a 'student' account with the usual password. Use an SSH client to connect to the gateway systems. Note that there is no direct external (i.e., off-campus) access to gateways. However, if you have an account on Lemuria (lemuria.cis.vermontstate.edu), you can SSH to that system first and from there to one of the XNetwork gateway machines.

Mu has three network interfaces:

• eth0 is the interface connected to the VTSU LAN. It should not normally be used for monitoring or for launching attacks.
• eth1 is the "normal" interface connected to the XNetwork. It can be used to access the network infrastructure devices on the XNetwork or to launch attacks on those devices.
• eth2 is connected to the monitoring port on switch S0. It can be used to capture traffic using, for example, tshark or snort, to observe what is happening on the 192.168.0.0/24 subnetwork.

Physical Access

Physical access to the experimental network can be had in the BLP-210 lab. The devices, along with their cables and connections, are readily accessible. Also, the gateway systems are physically located in that lab.

IPv6

The VTSU network does not route IPv6, and there is no IPv6 access to the Internet. However, the SE/IT labs do support IPv6 locally using the prefix FD25:F376:7B60::/48. This prefix was self-assigned by the SE/IT faculty following RFC-4193 for globally unique local addresses (ULA). The following subnetworks are defined:

• FD25:F376:7B60:1::/64. This subnetwork is in WIL-210 and corresponds to the IPv4 subnetwork of 155.42.107.0/24.
• FD25:F376:7B60:2::/64. This subnetwork is in CON-106 and corresponds to the IPv4 subnetwork of 155.42.113.0/24.
• FD25:F376:7B60:10::/64. This subnetwork connects Lemuria to the cluster nodes. It corresponds to the private IPv4 network of 10.0.0.0/24 that is used for the cluster network.
• FD25:F376:7B60:1000::/52. This subnetwork is reserved for the experimental network. The precise distribution of addresses is shown in the Packet Tracer model for the XNetwork.
• FD25:F376:7B60:FFFF::/64. This subnetwork is an IPv6-in-IPv4 tunnel connecting Lemuria (in Williston) and Twilight (in Randolph). It allows IPv6 traffic to flow between the two CIS labs over the IPv4-only infrastructure of VTSU. The tunnel is named "wormhole". The tunnel is not fully configured at this time.

Lemuria and Twilight are configured as IPv6 routers and are sending router advertisement messages on their links. This means the machines in BLP-210 and CON-106 are autoconfiguring with IPv6 addresses using the appropriate prefix.

The XNetwork is not (yet) fully configured to use IPv6. When it is, Mu could potentially become an IPv6 router which would allow IPv6 traffic to flow between the lab networks and the experimental network freely, without the need for you to explicitly log into one of the gateway systems. This is an area for future work.

Last Revised: 2024-04-22
© Copyright 2024 by Peter Chapin <peter.chapin@vermontstate.edu>