A result of this approach is that the behavior of a Cumulus Linux VX virtual appliance is the same as Cumulus Linux running on a hardware switch. This is the only setting required in the case where routers support the sFlow extended_gateway feature.Ī key feature of Cumulus Linux is the use of the Linux kernel as the authoritative repository of network state. Dddos_protect.udp_amplification.threshold=5000The ddos_protect.bgpgroup setting enables the automatic classification of traffic sources / destinations using the BGP data. Dddos_protect.udp_amplification.action=filter \ Dddos_protect.router.0.agent=$AGENT -Dddos_= \ Dddos_=yes -Dddos_protect.bgpgroup=local \ Sflow/ddos-protect -Dddos_protect.router=$GW -Dddos_protect.as=65001 \ ExaBGP connects to the sFlow-RT analytics software and displays BGP RTBH / Flowspec controls sent by sFlow-RT:ĭocker run -rm -name=exabgp sflow/exabgpĪGENT=`docker exec host-sflow awk -F = '/agentIP/ '`ĭocker run -rm -p 6343:6343/udp -p 8008:8008 -p 1179:1179 -name=sflow-rt \ Start ExaBGP using the pre-built sflow/exabgp image. net=host -v /var/run/docker.sock:/var/run/docker.sock:ro \ Start a Host sFlow agent using the pre-built sflow/host-sflow image: docker run -rm -d -e "COLLECTOR=" -e "SAMPLING=10" \ Test Running 192.168.64.2 Ubuntu 18.04 LTSįind the IP address of the mininet virtual machine we just created ( 192.168.64.2). Multipass commands can easily be scripted to automate the creation and configuration of virtual machines. Run the above commands in a terminal to create the virtual machine. sflow-rt/get-app.sh sflow-rt mininet-dashboard Multipass exec mininet - sudo apt -y install default-jre python-requests hping3 Multipass exec mininet - sudo apt -y install mininet python-ryu This article demonstrates how to use Multipass to quickly build a virtual machine to run Mininet network emulation software. However, not all software is amenable to running in containers, and so the ability to quickly create and configure virtual machines is a useful complement. Once the Flowspec driver integration is complete, the white box switch hardware supported by these network operation systems will provide a cost effective method of mitigating DDoS attacks - combining the real-time visibility of sFlow with the real-time control capabilities of Flowspec.ĭocker testbed and Docker DDoS testbed describe how to use containers to experiment with network visibility and control. The rule isn't installed in the policy based routing (PBR) table since the current version of FRRouting doesn't include the necessary Netfilter driver.įRRouting software is widely used in open source network operating systems such as SONiC, OpenSwitch, and DENT. The following rule was sent to the router: BGP flowspec entry: (flags 0x418) Now run the following command to see the Flowspec rule: docker exec frr vtysh -c "show bgp ipv4 flowspec detail" Simulate a DDoS attack as describes in Docker DDoS testbed. Neighbor 192.168.65.2 route-map ALLOW-ALL out Neighbor 192.168.65.2 route-map ALLOW-ALL in Run the following command to show the router configuration:ĭocker exec frr vtysh -c "show running-config"The results will be displayed: Docker run -rm -d -privileged -name frr sflow/frr
0 Comments
Leave a Reply. |