Denial-of-Service (DoS) Attacks in an SDN Environment

Contents ExperimentTaskDesign:..............................................................................................................................3

Submission:..................................................................................................................................................3

StarttheExperiment...................................................................................................................................3

ConducttheExperiment..............................................................................................................................6

Section1.1:InstallingDependencies......................................................................................................6

Section1.2:InstallingMininet................................................................................................................8

Section1.3:InstallingHping3.................................................................................................................8

Section2:RunningFloodlight.................................................................................................................9

Conclusions................................................................................................................................................15

Experiment Task Design: Inthislab,studentsareabletolaunchaDoSattackontheSDNdataplaneandexplaintheattackconsequences.Thislabprovidesstep-by-stepinstructionstoassiststudentsinsettinguptheprofile,creatingtheexperimentaltopologyandconductingtheDoSattackinthedataplaneofSDN.

Submission: Studentsshouldsubmitscreenshotsofstep1andstep2andexplaineachscreenshotinaparagraph.

Start the Experiment Clickthe“Experiments”buttonontheupper-leftcornerandchoose“StartExperiment”.

Click“ChangeProfile”toselectaproperprofileforthisexperiment.

Inthepage,searchtheprofile“DoSServer”andclickthenametoselectit.ThenClick

“SelectProfile”.

Proceedbyclick“Next”.Beforefinalizetheconfiguration,chooseacluster.E.g.,choose

“Emulab”asthecluster.

Belowistheconfigurationoftheprofileforyourreference.Youmayalsobeableto

createyourownprofilebyfollowingtheinstructionsinLab1.

Conduct the Experiment Section 1.1: Installing Dependencies Thefollowingdependenciesneedtobeinstalledontheinstantiatednode:Floodlight,Mininet,HpingMininethttps://github.com/mininet/mininetFloodlighthttps://github.com/floodlight/floodlight)withitspre-requisiteshping3(Note)TheseinstallationswillnotbesavedwhentheCloudlabExperimenthasbeenterminated.Cloudlaballowsuserstorequestadditionalleasingtimethroughofthe‘Extend’button.

1) Openanewterminal.Clicktheiconandchoose“Shell”

2) Run‘sudoapt-getupdate’3) Run‘sudoapt-getinstalldefault-jdk-y;sudoapt-getinstalldefault-jre-y’toinstalljava.4) Run‘sudoapt-getinstallbuild-essentialmavenantpython-dev’toinstallthepre-

requisitestobeabletobuildFloodlight

5) Run‘gitclonegit://github.com/floodlight/floodlight.git-bv1.2’tocloneFloodlightfromGithub

6) cdintothefloodlightdirectory‘cdfloodlight’

7) Run‘gitsubmoduleupdate’

8) Run‘ant’tobuildFloodlight.

9) Run‘sudomkdir/var/lib/floodlight’

10) Run‘sudochmod777/var/lib/floodlight’toprovideproperLinuxFileexecutionpermissionstobeabletorunFloodlightproperly

Note:Youcandownloadandrunourscript(set_floodlight.sh)toexecutetheabovecommandsautomatically.Run‘wgethttps://people.cs.clemson.edu/~hongdal/set_floodlight.sh.’todownloadthescript.Run‘sudo/bin/shset_floodlight.sh;cdfloodlight’tobuildFloodlight.Section 1.2: Installing Mininet 1) Changedirectorytoyourhomedirectorybyrunning‘cd~’2) Run‘gitclonegit://github.com/mininet/mininet’tocloneMininetfromGithub3) AftercloningMininet,cdintotheMininetdirectory

4) Run‘gittag’tolisttheavailablebranchesofMininet

5) Run‘gitcheckout-b2.2.12.2.1’toinstallMininetversion2.2.16) cdoutoftheMininetdirectoryandinstallMininetbyrunning‘mininet/util/install.sh-a’.

Choose“Yes”ifanoptionisprompted.Note:Youcandownloadandrunourscript(set_mininet.sh)toexecutetheabovecommandsautomatically.Run‘wgethttps://people.cs.clemson.edu/~hongdal/set_mininet.sh.’todownloadthescript.Run‘sudo/bin/shset_mininet.sh’toinstallMininet.Section 1.3: Installing Hping3 1) Run‘sudoapt-getinstallhping3’toinstallHping3

Section 2: Running Floodlight 1) Openanewterminal2) cdintothefloodlightdirectoryshell.

3) Run‘java-jartarget/floodlight.jar’toruntheFloodlightController

4) Openanothernewterminal

5) Run‘sudomn--controller=remote,ip=127.0.0.1,port=6653--switchovsk,

protocols=OpenFlow13’torunaMininetTopologyNote:Thecommandinstep5hasthefollowingparametersandexplanations:-2hostsarecreatedbydefault-The2hostswillbeconnectedviaanOVSbridge(Switch)-TheOVSbridgewillbeconnectedtothecontrollerbasedonthespecifiedIPaddress(127.0.0.1)

6) Run‘pingall’toconfirmthatthehost(s)arereachabletoeachother

7) Openanewterminal8) Run‘sudoovs-ofctldump-flowss1-OOpenFlow13’toprintthecurrentflow-rulesinside

theswitchTask1:Whatcanbeseenafterrunningthiscommand?Takeascreenshot.Thisscreenshotwillbeneededtorefertofurtherobservationswithoutputsinthefuturesteps.

9) OntheMininetterminal,run‘h1hping3h2-c10000-S–flood–rand-source-V’tofloodalotofpacketstoh2.

Everypacketsenttoh2willinvokeanOFPT_PACKET_INwhichwillforwardthefirstincomingpackettothecontroller.Afterreceivingthepacket-inmessage,thecontrollerthensendsanOFPT_FLOW_MODmessagetotheswitchtoinstallanewflow-rule.

10) Onaseparateterminal,checktheflowentriesinswitchS1.

Task2:Whatcanbeseenobservedintheflow-tablenowthathping3isrunning?Anynoticeabledifferencesinoutput?

11) OntheMininetterminal,stophping3byusingctrl+C.12) Pingh1fromh2.Whatcanbeobservedonhere?

13) Wait2–3minsandrepeatthepreviousstep

14) Onanemptyterminal,checktheflow-tablerulesofOVSSwitchS1

Conclusions WhentheflowtableofOVSswitchesisfull,anyadditionalflow-ruleinstallationwillbefailedduetoinsufficientspaceintheflowtable.Aswitchthatcannotinstallaflow-entrywillsendanOFPT_ERRORmessagetothecontrolleralongwithOFPFMFC_TABLE_FULL.Theswitchthendropsthepacketsinceitisunabletoreceiveinstructionstoinstallaflow-entryduetotheresourceexhaustion.ThisisaDoSattackinthedataplaneofSDN.