Changes between Version 1 and Version 2 of GENIExperimenter/Tutorials/NFV/Ryu/HandlingIntrusionwithRyu
- Timestamp:
- 10/25/16 13:45:15 (7 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
GENIExperimenter/Tutorials/NFV/Ryu/HandlingIntrusionwithRyu
v1 v2 3 3 == Overview == 4 4 5 In this experiment, we will use the Ryu controller to handle the intrusion traffic. The system is the same as the one used in [wiki:GENIExperimenter/Tutorials/NFV/Ryu/LoadBalancePIwithRyu Experiment 2], where we use a RINA distributed application to get the intrusion detection results from the VNFs (i.e., snort) as well as the load ofVNFs. When an intrusion is detected by VNFs, its information will be passed to the Ryu controller via the RINA distributed application, and then the Ryu controller will block the intrusion traffic by updating the !OpenFlow rules on the OVS switch.5 In this experiment, we will use the Ryu controller to handle intrusion traffic. The system is the same as the one used in [wiki:GENIExperimenter/Tutorials/NFV/Ryu/LoadBalancePIwithRyu Experiment 2], where we use a RINA distributed application to get the intrusion detection results from the VNFs (i.e., Snort) as well as the load of the VNFs. When an intrusion is detected by VNFs, its information will be passed to the Ryu controller via the RINA distributed application, and then the Ryu controller will block the intrusion traffic by updating the !OpenFlow rules on the OVS switch. 6 6 7 7 … … 15 15 == (1) RINA Distributed Application == 16 16 17 Same as Part (1) RINA Distributed Application in the[wiki:GENIExperimenter/Tutorials/NFV/Ryu/LoadBalancePIwithRyu Experiment 2].17 Same as Part (1) RINA Distributed Application in [wiki:GENIExperimenter/Tutorials/NFV/Ryu/LoadBalancePIwithRyu Experiment 2]. 18 18 19 19 == (2) PI Controller == 20 Same as Part (2) PI Controller in the[wiki:GENIExperimenter/Tutorials/NFV/Ryu/LoadBalancePIwithRyu Experiment 2].20 Same as Part (2) PI Controller in [wiki:GENIExperimenter/Tutorials/NFV/Ryu/LoadBalancePIwithRyu Experiment 2]. 21 21 22 22 == (3) PI-based Ryu Controller == 23 Same as Part (3) PI-based Ryu Controller in the[wiki:GENIExperimenter/Tutorials/NFV/Ryu/LoadBalancePIwithRyu Experiment 2].23 Same as Part (3) PI-based Ryu Controller in [wiki:GENIExperimenter/Tutorials/NFV/Ryu/LoadBalancePIwithRyu Experiment 2]. 24 24 25 25 '''Note: You can see in "nfv.config" that the information of the intrusion traffic is located in the file ''/tmp/attacker.txt'' on the controller VM, which is outputted by the RINA distributed application. Make sure the file is empty each time you run this experiment.''' … … 29 29 ''' Note: keep the RINA application processes, PI controller process and PI-based Ryu controller process from the previous 3 steps running in the background. ''' 30 30 31 1. We need to first install our own snort rule on snort, so that it can detect the intrusion traffic specified in our rule.31 1. We need to first install our own Snort rule on Snort, so that it can detect the intrusion traffic specified in our rule. 32 32 33 To install our own rule and configure snort, in separate windows for VNF1 and VNF2, execute the following command:33 To install our own rule and configure Snort, in separate windows for VNF1 and VNF2, execute the following command: 34 34 35 35 - ''' cd ~ ''' … … 51 51 ''' Note: this command is different from [wiki:GENIExperimenter/Tutorials/NFV/Ryu/LoadBalancePIwithRyu Experiment 2], where the file ''/etc/snort/snort.conf '' specifies which rule files to load. ''' 52 52 53 When snort detects intrusion traffic, it will save the alert messages into the file '' /var/log/snort/alert ''. The RINA distributed application keeps reading this alert file, and pass theany intrusion information to the Ryu controller which will block the intrusion traffic.53 When Snort detects intrusion traffic, it will save the alert messages into the file '' /var/log/snort/alert ''. The RINA distributed application keeps reading this alert file, and pass any intrusion information to the Ryu controller which will block the intrusion traffic. 54 54 55 55 == (5) Generate Regular and Intrusion Traffic == … … 84 84 }}} 85 85 86 Meanwhile, you can type messages on the netcat client side on thes1, and all messages are still able to reach destination since only ICMP messages are blocked from s1.86 Meanwhile, you can type messages on the netcat client side on s1, and all messages are still able to reach destination since only ICMP messages are blocked from s1. 87 87 88 88 == Next == 89 89 After you are done with all experiments, close all your open windows and release your resources. In the GENI Portal, select the slice and click on the Delete button. Now you can start designing and running your own experiments! 90 90 91 [wiki:GENIExperimenter/Tutorials/NFV/Ryu Return to the NFV Ryu tutorial main page] '''.91 [wiki:GENIExperimenter/Tutorials/NFV/Ryu Return to the NFV Ryu tutorial main page] .'''