Hands-On the Network: Our Experience with RouterLab

Traditionally, computer network courses focus on introducing various concepts associated with the Internet's architecture and its protocols. While such courses equip students with a theoretical foundation on how the Internet works, they often fail to cover the practical and operational aspects of operating a node on the Internet, due to limited access to hardware and Internet resources. We set out to address this gap by providing our students with an opportunity to better understand how these concepts are applied to build real-world infrastructure.

Router Lab

In the winter semester of 2024, students of Saarland University were able to attend Router Lab - a new course organised by the Max Planck Institute for Informatics (MPI-INF) that was taught by Taha Albakour, Tiago Heinrich, Q Misell and Sina Rostami, and supervised by Tobias Fiebig.

Router Lab was a block course that aimed at bringing students closer to the practical side of the concepts they learned in theoretical network courses. Over a period of two weeks, they would learn how set up their own Autonomous System on real hardware using real Internet resources.

To make this happen, we divided the students up into groups of two and gave each group a globally routable Autonomous System Number (ASN), a /24 IPv4 prefix, and a /48 IPv6 prefix. We’re very grateful to the RIPE NCC, who assigned these resources from the temporary allocation pool!

“My experience in Router Lab was really good. I learned a lot about how the Internet works. But most importantly, I learned all those working with real equipment's and real Internet. We could even work with the given equipment remotely from home, once we connected to the internet. I believe this is a lot more valuable than learning it through simulators. I loved this course.”

“I really liked networking before this course but my knowledge was limited to subnetting and how IP addresses work. This course gave me more in-depth knowledge of networking and how it works in real-world scenarios and helped me broaden and expand my horizons from just subnetting and IP addresses. To summarize my experience of this course " As traumatizing as it might have been I have loved every single bit of it". “

The students were then guided through a series of activities and tasks. Assuming that they were already familiar with fundamental Internet protocols - such as SSH, DNS, and HTTP - the tasks were designed to get them to use the concepts they already knew in order to build their own network. This meant configuring their own routers from scratch and building a network topology in which they would be able to connect their hosts to their routers and to the Internet.

We started with a very basic task that involved setting up and connecting the hardware and making a local network, introducing a basic static configuration for IPv4/IPv6, configuring static routes, and pinging within their network! From there we gradually moved on to more advanced topics, including VLANs, redundancy, routing protocols, and security.

“The Router Lab seminar was a very valuable experience for me. Before attending, I had learned about data networks through lectures and books, but working practically with the equipment gave me a much clearer understanding. Doing hands-on tasks like configuring routers, solving network issues, and observing network behavior helped me grasp concepts better than just studying theory. This seminar showed me clearly how practical work supports and improves theoretical learning. Overall, the seminar was very helpful and fun.”

The next set of tasks had the students creating redundancy between the routers by connecting two Cisco routers and the hosts to a switch. They then used the Virtual Router Redundancy Protocol (VRRP) between the routers so that a failure in one of routers will not impact hosts’ connectivity. Then they added a Juniper router, and setup Open Shortest Path First (OSPF) as the intra-AS routing protocol.

Of course, connecting to the Internet wouldn’t be complete without some paperwork. Before the students could connect their networks to the wider Internet, they needed to request allocation of an ASN and some prefixes to route.

To enable this we also setup an instance of IRRd for the students to interact with, and for them to register their person, role, and mntner objects in. We also synced objects in the IRR with an instance of Krill, simulating the RIPE NCC’s hosted RPKI CA. This allowed the students to manage ROAs and ASPAs for their network.

We also had students fill out LOAs to have datacenter staff connect their networks to the transit providers’ networks, and peering request forms to get transit.

For BGP connectivity, we had two upstream providers: AS207960 (Q Misell) and AS59645 (Tobias Fiebig). The students not only had to setup a BGP session with both upstream but they could also peer with each other, over an Internet Exchange or PNIs. The final topology looks like the following and at this point the connected hosts are able to ping the Internet and to be pinged from the Internet.

Finally, the students set up several common Internet services within their network. They set up SSH on their routers and server and protected them by enforcing key authentication and disabling password authentication. They also received a DNS zone delegation and they setup their DNS server for both forward and reverse lookups. Additionally, they got some hands on experience setting up a HTTP server, then securing it using SSL certificates. Finally, Simple Network Monitoring Protocol (SNMP) was set up on the routers and monitored by their server. In the end, they protect their internal services such as BGP and SNMP as well as SSH on the routers from being accessed from the Internet by configuring a set of Access Control Lists (ACLs) and firewall rules on the routers.

After two weeks of this practical experience, in addition to the students having improved their knowledge and applied practical concepts in practice, some differences can be noticed in our rack (10 points for guessing which is before and after).

Some more quotes from students about the course:

“The course made it possible to directly experience practical content and the functioning of the internet and to get to know the individual building blocks of the Internet in a playful way. The lecturers were able to convey their motivation and joy in the design and operation of network architecture very well.”

“On the first day, I never thought I would reach this far and make myself better equipped with network device configurations. Although the time constraints and tasks were a bit challenging, I would definitely recommend it to students interested in networking. I feel the intensive nature helped me develop my skills and learn more about the world of network security.”

“Router lab was a really nice change from the otherwise mostly theoretic uni courses. It was challenging at times but mostly just fun to configure and troubleshoot real network protocols and hardware. I learned a lot.”

Because this is a practical course relying on access to hardware and people to advise everybody, our first Router Lab was limited to a small group. We received a total of 64 applications of which we were unfortunately only able to admit 16 students. However, we plan to offer the course again next year to teach and train the next 16 network operators.

We also would like to thank all the people who helped before, during, and after the course. Special thanks to Maik Muschter, Jörg Dorchain, Michael Laise, Philipp Dressler, and Oliver Dziedzic who all helped to put the infrastructure in place to make this possible. Thanks also to iFog, AQL, Exa Networks, LWLcom, and OpenFactory who helped us get the students on the Internet, and put up with their misconfigurations.

Also a special thanks to the RIPE NCC and their registration staff for all the hard work they did to make this possible.