HELP!
This is for my graduation project it's around SDN security, i need some insight about the set up environment and advice. If anyone can help
8 Replies
Can you elaborate? Generally the more detail, the easier it is to answer a question? Are there more parameters or criteria?
Well it's a bit complicated, the main topic is enhancing SDN against DDoS attacks precisely packetIns floods, my idea is to introduce distributed agents for real time traffic filtering at the data plane, and stopping any malicious traffic from overloading the controller or flow tables
I haven't done this, but this looks promising:
SDN
Mininet
Mininet creates a realistic virtual network, running real kernel, switch and application code, on a single machine (VM, cloud or native), in seconds, with a single command:
Because you can easily interact with your network using the Mininet CLI (and API), customize it, share it with others, or deploy it on real hardware, Mininet is useful for development, teaching, and research.
Mininet is also a great way to develop, share, and experiment with Software-Defined Networking (SDN) systems using OpenFlow and P4.
Mininet is actively developed and supported, and is released under a permissive BSD Open Source license. We encourage you to contribute code, bug reports/fixes, documentation, and anything else that can improve the system!
https://mininet.org/
For controllers:
Install Mininet and Ryu Controller
https://ernie55ernie.github.io/sdn/2019/03/25/install-mininet-and-ryu-controller.html
or
Using the POX SDN controller
https://brianlinkletter.com/2015/04/using-the-pox-sdn-controller/
Switches:
Open vSwitch: is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license. It is designed to enable massive network automation through programmatic extension, while still supporting standard management interfaces and protocols (e.g. NetFlow, sFlow, IPFIX, RSPAN, CLI, LACP, 802.1ag)
Simulated DOS
hping3, scapy, or nping
I'm not sure what you had in mind for agents. Is any of this helpful?
Yeah, I already started on mininet Ryu and openflow, the problem resides in the agent integration.
The agents should be lightweight and mobile, they must catch traffic before it gets to the controller, so I had an idea to introduce them as simple hosts, one agent/host per switch and redirect packet In flows to it directly. But that will contradict with SDN logic and am not sure if it's practical in real world deployment
ahh
ddos attacks
Best tools for me:
Ryu
eBPF
Stream-lib
Serf
Grafana
Vault for policy syncing
and for blast TRex
If you need any help with any of these tools you can pm me
I'll definitely contact you any time soon, Thanks much!
đź‘Ť
actually i had a friend who did this as their project essentially
they used P4 and they basically set up what was essentially a QoS tunnel between the clients so they would basically count up packets by IP and then after a certain amount they would drop the packet
so to test it they wrote a python script on two computers to run them between each other and basically sent packets between each other and showed that 300 packets were being sent, but only 100 went through