Changes between Version 1 and Version 2 of GENIExperimenter/Tutorials/NFV/Ryu/HandlingIntrusionwithRyu


Ignore:
Timestamp:
10/25/16 13:45:15 (7 years ago)
Author:
wyf@bu.edu
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GENIExperimenter/Tutorials/NFV/Ryu/HandlingIntrusionwithRyu

    v1 v2  
    33== Overview ==
    44
    5 In this experiment, we will use the Ryu controller to handle the intrusion traffic. The system is the same as the one used in [wiki:GENIExperimenter/Tutorials/NFV/Ryu/LoadBalancePIwithRyu Experiment 2], where we use a RINA distributed application to get the intrusion detection results from the VNFs (i.e., snort) as well as the load of VNFs. When an intrusion is detected by VNFs, its information will be passed to the Ryu controller via the RINA distributed application,  and then the Ryu controller  will block the intrusion traffic by updating the !OpenFlow rules on the OVS switch. 
     5In this experiment, we will use the Ryu controller to handle intrusion traffic. The system is the same as the one used in [wiki:GENIExperimenter/Tutorials/NFV/Ryu/LoadBalancePIwithRyu Experiment 2], where we use a RINA distributed application to get the intrusion detection results from the VNFs (i.e., Snort) as well as the load of the VNFs. When an intrusion is detected by VNFs, its information will be passed to the Ryu controller via the RINA distributed application,  and then the Ryu controller  will block the intrusion traffic by updating the !OpenFlow rules on the OVS switch. 
    66
    77
     
    1515== (1) RINA Distributed Application ==
    1616
    17 Same as Part (1) RINA Distributed Application in the [wiki:GENIExperimenter/Tutorials/NFV/Ryu/LoadBalancePIwithRyu Experiment 2].
     17Same as Part (1) RINA Distributed Application in [wiki:GENIExperimenter/Tutorials/NFV/Ryu/LoadBalancePIwithRyu Experiment 2].
    1818
    1919== (2) PI Controller ==
    20 Same as Part (2) PI Controller in the [wiki:GENIExperimenter/Tutorials/NFV/Ryu/LoadBalancePIwithRyu Experiment 2].
     20Same as Part (2) PI Controller in [wiki:GENIExperimenter/Tutorials/NFV/Ryu/LoadBalancePIwithRyu Experiment 2].
    2121
    2222== (3) PI-based Ryu Controller ==
    23 Same as Part (3) PI-based Ryu Controller in the [wiki:GENIExperimenter/Tutorials/NFV/Ryu/LoadBalancePIwithRyu Experiment 2]. 
     23Same as Part (3) PI-based Ryu Controller in [wiki:GENIExperimenter/Tutorials/NFV/Ryu/LoadBalancePIwithRyu Experiment 2]. 
    2424
    2525'''Note: You can see in "nfv.config" that the information of the intrusion traffic is located in the  file ''/tmp/attacker.txt'' on the controller VM, which is outputted by the RINA distributed application. Make sure the file is empty each time you run this experiment.'''
     
    2929''' Note: keep the RINA application processes, PI controller process and PI-based Ryu controller process from the previous 3 steps running in the background. '''
    3030
    31 1. We need to first install our own snort rule on snort, so that it can detect the intrusion traffic specified in our rule.
     311. We need to first install our own Snort rule on Snort, so that it can detect the intrusion traffic specified in our rule.
    3232
    33  To install our own rule and configure snort,  in separate windows for VNF1 and VNF2,   execute the following command:
     33 To install our own rule and configure Snort,  in separate windows for VNF1 and VNF2,   execute the following command:
    3434   
    3535    - ''' cd ~ '''
     
    5151   ''' Note: this command is different from [wiki:GENIExperimenter/Tutorials/NFV/Ryu/LoadBalancePIwithRyu Experiment 2], where the file ''/etc/snort/snort.conf '' specifies which rule files to load. '''
    5252
    53 When snort detects intrusion traffic, it will save the alert messages into the file '' /var/log/snort/alert ''. The RINA distributed application keeps reading this alert file, and pass the any intrusion information to the Ryu controller which will block the intrusion traffic.
     53When Snort detects intrusion traffic, it will save the alert messages into the file '' /var/log/snort/alert ''. The RINA distributed application keeps reading this alert file, and pass any intrusion information to the Ryu controller which will block the intrusion traffic.
    5454
    5555==  (5) Generate Regular and Intrusion Traffic ==
     
    8484 }}}
    8585
    86 Meanwhile, you can type messages on the netcat client side on the s1, and all messages are still able to reach destination since only ICMP messages are blocked from s1.
     86Meanwhile, you can type messages on the netcat client side on s1, and all messages are still able to reach destination since only ICMP messages are blocked from s1.
    8787 
    8888== Next ==
    8989After you are done with all experiments, close all your open windows and release your resources. In the GENI Portal, select the slice and click on the Delete button. Now you can start designing and running your own experiments!
    9090
    91 [wiki:GENIExperimenter/Tutorials/NFV/Ryu  Return to the NFV Ryu tutorial main page] '''.
     91[wiki:GENIExperimenter/Tutorials/NFV/Ryu  Return to the NFV Ryu tutorial main page] .'''