Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Denial-of-Service (DoS) Attacks in an SDN Environment
Contents ExperimentTaskDesign:..............................................................................................................................3
Submission:..................................................................................................................................................3
StarttheExperiment...................................................................................................................................3
ConducttheExperiment..............................................................................................................................6
Section1.1:InstallingDependencies......................................................................................................6
Section1.2:InstallingMininet................................................................................................................8
Section1.3:InstallingHping3.................................................................................................................8
Section2:RunningFloodlight.................................................................................................................9
Conclusions................................................................................................................................................15
Experiment Task Design: Inthislab,studentsareabletolaunchaDoSattackontheSDNdataplaneandexplaintheattackconsequences.Thislabprovidesstep-by-stepinstructionstoassiststudentsinsettinguptheprofile,creatingtheexperimentaltopologyandconductingtheDoSattackinthedataplaneofSDN.
Submission: Studentsshouldsubmitscreenshotsofstep1andstep2andexplaineachscreenshotinaparagraph.
Start the Experiment Clickthe“Experiments”buttonontheupper-leftcornerandchoose“StartExperiment”.
Click“ChangeProfile”toselectaproperprofileforthisexperiment.
Inthepage,searchtheprofile“DoSServer”andclickthenametoselectit.ThenClick
“SelectProfile”.
Proceedbyclick“Next”.Beforefinalizetheconfiguration,chooseacluster.E.g.,choose
“Emulab”asthecluster.
Belowistheconfigurationoftheprofileforyourreference.Youmayalsobeableto
createyourownprofilebyfollowingtheinstructionsinLab1.
Conduct the Experiment Section 1.1: Installing Dependencies Thefollowingdependenciesneedtobeinstalledontheinstantiatednode:Floodlight,Mininet,HpingMininethttps://github.com/mininet/mininetFloodlighthttps://github.com/floodlight/floodlight)withitspre-requisiteshping3(Note)TheseinstallationswillnotbesavedwhentheCloudlabExperimenthasbeenterminated.Cloudlaballowsuserstorequestadditionalleasingtimethroughofthe‘Extend’button.
1) Openanewterminal.Clicktheiconandchoose“Shell”
2) Run‘sudoapt-getupdate’3) Run‘sudoapt-getinstalldefault-jdk-y;sudoapt-getinstalldefault-jre-y’toinstalljava.4) Run‘sudoapt-getinstallbuild-essentialmavenantpython-dev’toinstallthepre-
requisitestobeabletobuildFloodlight
5) Run‘gitclonegit://github.com/floodlight/floodlight.git-bv1.2’tocloneFloodlightfromGithub
6) cdintothefloodlightdirectory‘cdfloodlight’
7) Run‘gitsubmoduleupdate’
8) Run‘ant’tobuildFloodlight.
9) Run‘sudomkdir/var/lib/floodlight’
10) Run‘sudochmod777/var/lib/floodlight’toprovideproperLinuxFileexecutionpermissionstobeabletorunFloodlightproperly
Note:Youcandownloadandrunourscript(set_floodlight.sh)toexecutetheabovecommandsautomatically.Run‘wgethttps://people.cs.clemson.edu/~hongdal/set_floodlight.sh.’todownloadthescript.Run‘sudo/bin/shset_floodlight.sh;cdfloodlight’tobuildFloodlight.Section 1.2: Installing Mininet 1) Changedirectorytoyourhomedirectorybyrunning‘cd~’2) Run‘gitclonegit://github.com/mininet/mininet’tocloneMininetfromGithub3) AftercloningMininet,cdintotheMininetdirectory
4) Run‘gittag’tolisttheavailablebranchesofMininet
5) Run‘gitcheckout-b2.2.12.2.1’toinstallMininetversion2.2.16) cdoutoftheMininetdirectoryandinstallMininetbyrunning‘mininet/util/install.sh-a’.
Choose“Yes”ifanoptionisprompted.Note:Youcandownloadandrunourscript(set_mininet.sh)toexecutetheabovecommandsautomatically.Run‘wgethttps://people.cs.clemson.edu/~hongdal/set_mininet.sh.’todownloadthescript.Run‘sudo/bin/shset_mininet.sh’toinstallMininet.Section 1.3: Installing Hping3 1) Run‘sudoapt-getinstallhping3’toinstallHping3
Section 2: Running Floodlight 1) Openanewterminal2) cdintothefloodlightdirectoryshell.
3) Run‘java-jartarget/floodlight.jar’toruntheFloodlightController
4) Openanothernewterminal
5) Run‘sudomn--controller=remote,ip=127.0.0.1,port=6653--switchovsk,
protocols=OpenFlow13’torunaMininetTopologyNote:Thecommandinstep5hasthefollowingparametersandexplanations:-2hostsarecreatedbydefault-The2hostswillbeconnectedviaanOVSbridge(Switch)-TheOVSbridgewillbeconnectedtothecontrollerbasedonthespecifiedIPaddress(127.0.0.1)
6) Run‘pingall’toconfirmthatthehost(s)arereachabletoeachother
7) Openanewterminal8) Run‘sudoovs-ofctldump-flowss1-OOpenFlow13’toprintthecurrentflow-rulesinside
theswitchTask1:Whatcanbeseenafterrunningthiscommand?Takeascreenshot.Thisscreenshotwillbeneededtorefertofurtherobservationswithoutputsinthefuturesteps.
9) OntheMininetterminal,run‘h1hping3h2-c10000-S–flood–rand-source-V’tofloodalotofpacketstoh2.
Everypacketsenttoh2willinvokeanOFPT_PACKET_INwhichwillforwardthefirstincomingpackettothecontroller.Afterreceivingthepacket-inmessage,thecontrollerthensendsanOFPT_FLOW_MODmessagetotheswitchtoinstallanewflow-rule.
10) Onaseparateterminal,checktheflowentriesinswitchS1.
Task2:Whatcanbeseenobservedintheflow-tablenowthathping3isrunning?Anynoticeabledifferencesinoutput?
11) OntheMininetterminal,stophping3byusingctrl+C.12) Pingh1fromh2.Whatcanbeobservedonhere?
13) Wait2–3minsandrepeatthepreviousstep
14) Onanemptyterminal,checktheflow-tablerulesofOVSSwitchS1
Conclusions WhentheflowtableofOVSswitchesisfull,anyadditionalflow-ruleinstallationwillbefailedduetoinsufficientspaceintheflowtable.Aswitchthatcannotinstallaflow-entrywillsendanOFPT_ERRORmessagetothecontrolleralongwithOFPFMFC_TABLE_FULL.Theswitchthendropsthepacketsinceitisunabletoreceiveinstructionstoinstallaflow-entryduetotheresourceexhaustion.ThisisaDoSattackinthedataplaneofSDN.