cexyryne
cexyryne•6d ago

HELP!

This is for my graduation project it's around SDN security, i need some insight about the set up environment and advice. If anyone can help
8 Replies
_null
_null•6d ago
Can you elaborate? Generally the more detail, the easier it is to answer a question? Are there more parameters or criteria?
cexyryne
cexyryneOP•6d ago
Well it's a bit complicated, the main topic is enhancing SDN against DDoS attacks precisely packetIns floods, my idea is to introduce distributed agents for real time traffic filtering at the data plane, and stopping any malicious traffic from overloading the controller or flow tables
_null
_null•6d ago
I haven't done this, but this looks promising: SDN Mininet Mininet creates a realistic virtual network, running real kernel, switch and application code, on a single machine (VM, cloud or native), in seconds, with a single command: Because you can easily interact with your network using the Mininet CLI (and API), customize it, share it with others, or deploy it on real hardware, Mininet is useful for development, teaching, and research. Mininet is also a great way to develop, share, and experiment with Software-Defined Networking (SDN) systems using OpenFlow and P4. Mininet is actively developed and supported, and is released under a permissive BSD Open Source license. We encourage you to contribute code, bug reports/fixes, documentation, and anything else that can improve the system! https://mininet.org/ For controllers: Install Mininet and Ryu Controller https://ernie55ernie.github.io/sdn/2019/03/25/install-mininet-and-ryu-controller.html or Using the POX SDN controller https://brianlinkletter.com/2015/04/using-the-pox-sdn-controller/ Switches: Open vSwitch: is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license. It is designed to enable massive network automation through programmatic extension, while still supporting standard management interfaces and protocols (e.g. NetFlow, sFlow, IPFIX, RSPAN, CLI, LACP, 802.1ag) Simulated DOS hping3, scapy, or nping I'm not sure what you had in mind for agents. Is any of this helpful?
cexyryne
cexyryneOP•5d ago
Yeah, I already started on mininet Ryu and openflow, the problem resides in the agent integration. The agents should be lightweight and mobile, they must catch traffic before it gets to the controller, so I had an idea to introduce them as simple hosts, one agent/host per switch and redirect packet In flows to it directly. But that will contradict with SDN logic and am not sure if it's practical in real world deployment
! Smokey
! Smokey•4d ago
ahh ddos attacks Best tools for me: Ryu eBPF Stream-lib Serf Grafana Vault for policy syncing and for blast TRex If you need any help with any of these tools you can pm me
cexyryne
cexyryneOP•4d ago
I'll definitely contact you any time soon, Thanks much!
! Smokey
! Smokey•4d ago
👍
smartest guys in the guninvalid
actually i had a friend who did this as their project essentially they used P4 and they basically set up what was essentially a QoS tunnel between the clients so they would basically count up packets by IP and then after a certain amount they would drop the packet so to test it they wrote a python script on two computers to run them between each other and basically sent packets between each other and showed that 300 packets were being sent, but only 100 went through

Did you find this page helpful?