Commit 78420d30 authored by Praveen Kumar Shanmugam's avatar Praveen Kumar Shanmugam

add data loss detection effect, with whitelist, without whitelist and groundtruth

parent 4a7230fa
Small enterprise network traces from
http://digitalcorpora.org/corpora/scenarios/2009-m57-patents/net/
net-2009-11-14-09:24.pcap.gz
...@@ -14,3 +14,4 @@ input.xml ...@@ -14,3 +14,4 @@ input.xml
gr-result/* gr-result/*
mult-result/* mult-result/*
white-result/* white-result/*
alb-white-result/*
<?xml version="1.0"?>
<data>
<switch>
<name>switcha</name>
<dpid>0000000000000001</dpid>
</switch>
<switch>
<name>switchb</name>
<dpid>0000000000000002</dpid>
</switch>
<switch>
<name>switchc</name>
<dpid>0000000000000003</dpid>
</switch>
<links>
<src>0000000000000001</src>
<dst>0000000000000002</dst>
<port>3</port>
<emulabvlan>369</emulabvlan>
</links>
<links>
<src>0000000000000002</src>
<dst>0000000000000001</dst>
<port>1</port>
<emulabvlan>369</emulabvlan>
</links>
<links>
<src>0000000000000002</src>
<dst>0000000000000003</dst>
<port>3</port>
<emulabvlan>368</emulabvlan>
</links>
<links>
<src>0000000000000003</src>
<dst>0000000000000002</dst>
<port>1</port>
<emulabvlan>368</emulabvlan>
</links>
<host>
<name>h1</name>
<mac>00:00:00:00:00:21</mac>
<switch>0000000000000001</switch>
<port>1</port>
<emulabvlan>366</emulabvlan>
</host>
<host>
<name>h2</name>
<mac>00:00:00:00:00:22</mac>
<switch>0000000000000001</switch>
<port>2</port>
<emulabvlan>370</emulabvlan>
</host>
<host>
<name>h3</name>
<mac>00:00:00:00:00:23</mac>
<switch>0000000000000002</switch>
<port>2</port>
<emulabvlan>367</emulabvlan>
</host>
<localcloudgateway>
<name>switchc</name>
<switchdpid>0000000000000003</switchdpid>
<outport>2</outport>
<emulabvlan>371</emulabvlan>
</localcloudgateway>
</data>
#!/usr/bin/python
"""
Run deidtect to study the bandwdith sharing behaviour between
service traffic and tap traffic going through a common port.
Praveen Kumar Shanmugam
"""
import sys
sys.path = ['../'] + sys.path
import os
import random
import json
from time import sleep
from optparse import OptionParser
from subprocess import Popen, PIPE
import multiprocessing
from mininet.net import Mininet
from mininet.node import Controller, RemoteController, UserSwitch, CPULimitedHost
from mininet.link import TCLink, Intf
from mininet.cli import CLI
from mininet.log import setLogLevel, info, warn, error, debug
from mininet.util import custom, quietRun, run
import socket
import fcntl
import struct
def get_ip_address(ifname):
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
return socket.inet_ntoa(fcntl.ioctl(
s.fileno(),
0x8915, # SIOCGIFADDR
struct.pack('256s', ifname[:15])
)[20:24])
#Parse command line options and dump results
def parseOptions():
"Parse command line options"
parser = OptionParser()
parser.add_option( '-i', '--infile', dest='infile',
default=None, help='traffic gen input file' )
parser.add_option( '-r', '--runs', dest='runs',
type='int', default=1, help='specify number of runs of each test' )
parser.add_option( '-b', '--bw', dest='bw',
type='int', default=0, help='use bandwidth limiting' )
parser.add_option( '-c', '--cip', dest='cip',
type='string', default="localhost", help='controller IP' )
parser.add_option( '-w', '--whitelist', dest='whitelist',
default=False, action='store_true',
help='enable whitelist traffic')
parser.add_option( '-d', '--disable', dest='disable',
default=False, action='store_true',
help='disable TCP traffic from H1')
( options, args ) = parser.parse_args()
return options, args
opts, args = parseOptions()
def clean():
'''Clean any running instance of mininet and ryu'''
p = Popen("ps aux | grep 'ryu' | awk '{print $2}'",
stdout=PIPE, shell=True)
p.wait()
procs = (p.communicate()[0]).split('\n')
for pid in procs:
try:
pid = int(pid)
Popen('kill %d' % pid, shell=True).wait()
except:
pass
os.system('sudo mn -c')
#Creat a topology with 10 Mbs links except the one with the src host
#connected to the network, configure that with bw
def bandwidthTopo(bw, controllerip):
net = Mininet(controller=RemoteController, switch=UserSwitch)
c0 = net.addController('c0', ip=controllerip, port=6633 )
tcpSrcLink = custom(TCLink, bw=2); #TCP traffic
attackSrcLink = custom(TCLink, bw=1); #pcap file play
otherLink = custom(TCLink, bw=4)
"Create custom topo."
attacker = net.addHost( 'h1', mac='00:00:00:00:00:21')
brosys = net.addHost( 'h2', mac='00:00:00:00:00:22')
brosys2 = net.addHost( 'h3', mac='00:00:00:00:00:23')
topSwitch = net.addSwitch( 's1' )
bottomSwitch = net.addSwitch( 's2' )
lvl2Switch = net.addSwitch( 's3' )
# Add links
tcpSrcLink( attacker, topSwitch )
attackSrcLink( topSwitch, brosys )
otherLink( topSwitch, bottomSwitch)
otherLink( bottomSwitch, brosys2 )
otherLink( bottomSwitch, lvl2Switch )
intf = Intf('s3-eth2', node=lvl2Switch)
net.build()
c0.start()
topSwitch.start([c0])
bottomSwitch.start([c0])
lvl2Switch.start([c0])
ryu_c = Popen("./ryu_init.sh %s %d 1> ryu.out 2> ryu.out" % (controllerip, 3), shell=True)
print "wait 5 sec for controller to connect"
sleep(5)
return net, ryu_c
def hostArray( net ):
"Return array[1..N] of net.hosts"
try:
host_array = sorted(net.hosts, key=lambda x: int(x.name))
except:
host_array = sorted(net.hosts, key=lambda x: x.name)
return host_array
def monitor_devs_ifstat(fname="rate.csv"):
if_cmd = 'ifstat -a -t > %s &' % (fname)
print if_cmd
Popen(if_cmd, shell=True).wait()
def monitor_devs_ng(fname="txrate.csv" , interval_sec=0.01):
"""Uses bwm-ng tool to collect iface tx rate stats. Very reliable."""
cmd = ("sleep 1; bwm-ng -t %s -o csv "
"-u bytes -T rate -C ',' > %s" %
(interval_sec * 1000, fname))
Popen(cmd, shell=True).wait()
def monitorInterfacesInit(net, outfile):
monitors = []
#monitors.append(multiprocessing.Process(target=monitor_devs_ifstat,
# args=("rate.csv",)))
os.system("rm -f %s" % outfile)
monitors.append(multiprocessing.Process(target=monitor_devs_ng,
args=(outfile, 1,)))
return monitors
def bandwidthTest(bw=5, controllerip="localhost"):
print bw
print controllerip
net, ryu_c = bandwidthTopo(bw,controllerip)
hosts = hostArray(net)
#for h in hosts:
# print "Host : %s\n" % (h.name)
h1 = net.getNodeByName('h1')
print h1.name
h2 = net.getNodeByName('h2')
print h2.name
h3 = net.getNodeByName('h3')
print h3.name
s1 = net.getNodeByName('s1')
s1.cmd("ifconfig s1-eth1 mtu 900")
s2 = net.getNodeByName('s2')
s3 = net.getNodeByName('s3')
print s1.name
s_h1h2cmd=[]
s_h1h2cmd.append("dpctl unix:/tmp/s1 flow-mod cmd=add,table=0 in_port=2 apply:output=3")
s_h2h1cmd=[]
s_h2h1cmd.append("dpctl unix:/tmp/s2 flow-mod cmd=add,table=0 in_port=1 apply:output=2")
for cmd in s_h1h2cmd:
s1.cmd(cmd)
sleep(1)
for cmd in s_h2h1cmd:
s2.cmd(cmd)
sleep(1)
#populate l3 routes
net.pingAll();
#bandwidth = net.iperf( [ h1, h3], udpBw='%sM' % bw, seconds=5 )
#print bandwidth
outfile="txrate%s.csv" % bw
monitors = monitorInterfacesInit(net,outfile);
for m in monitors:
m.start();
#start the traffic generation wait for 5 seconds (H1->H3)
h2_tg_cmd = 'bittwist -i h2-eth0 -m 0 -r 1 -s 800 ../pcap/net-2009-11-14-09-24.pcap &'
print "iperf server @H3"
h3.cmd("iperf -s &")
h1_tg_cmd='iperf -c 10.0.0.3 -t 200 &'
h1.cmd('sudo ethtool -K h1-eth0 tso off')
h1.cmd("ifconfig h1-eth0 mtu 900")
h2.cmd('sudo ethtool -K h2-eth0 tso off')
h2.cmd("ifconfig h2-eth0 mtu 900")
h3.cmd('sudo ethtool -K h3-eth0 tso off')
h3.cmd("ifconfig h3-eth0 mtu 900")
print "wait for configs to take effect 5s delay"
sleep(5)
if opts.disable == False:
print "Traffic generation from H1 -> H3 started"
print h1_tg_cmd
h1.cmd(h1_tg_cmd)
sleep_time = 20
print "Sleeping for %d seconds before TAP is applied" % sleep_time
sleep(sleep_time)
p = Popen(("./bwTestAlbWhiteListTapFlow.sh %s" % controllerip), shell=True, stdout=PIPE, stderr=PIPE)
out, err = p.communicate()
print out
print err
print "TAP create complete.."
#CLI(net)
sleep_time = 80
if opts.whitelist == True:
print "Sleeping for %d seconds before Whitelisting TCP traffic between H1->H3" % sleep_time
sleep(sleep_time)
p = Popen(("./bwSimAlbWhiteListFlow.sh %s" % controllerip), shell=True, stdout=PIPE, stderr=PIPE)
out, err = p.communicate()
print out
print err
print "Whitelist Flow create complete.."
else:
print" Sleeping for %d seconds to warmup the ALB rate-limiting" % sleep_time
sleep(sleep_time)
sleep_time = 10
print "Sleeping for %d seconds before playing the traffic trace" % sleep_time
sleep(sleep_time)
print "Playing the trace file"
print h2_tg_cmd
h2.cmd(h2_tg_cmd)
sleep_time = 150
i = 10;
while ( i < sleep_time):
print "[%d] Sleep for %d seconds to show the effect of whitelist of H1->H3 [IP]" \
% (sleep_time/i,i)
print s1.cmd('dpctl unix:/tmp/s2 meter-config')
sleep(i)
sleep_time=sleep_time - i;
#stop the traffic generation
h2.cmd('killall bittwist')
print "Stopped traffic generation"
#generate the graph
for m in monitors:
m.terminate();
Popen("killall bwm-ng", shell=True).wait();
net.stop();
return
def drawGraph(directory, infile):
Popen(("mkdir -p alb-white-result/bw/%s" % directory), shell=True).wait() ;
Popen(("cp -v ../graphScripts/drawBwGraph.sh drawBwGraph.sh"),
shell=True).wait();
Popen(("cp -v ../graphScripts/gnu_deidtect_bw.scr gnu_deidtect_bw.scr"),
shell=True).wait();
Popen(("./drawBwGraph.sh %s" % infile), shell=True).wait();
Popen(("mv -v *.pdf alb-white-result/bw/%s/" % directory), shell=True).wait();
Popen(("rm -v drawBwGraph.sh gnu_deidtect_bw.scr"), shell=True).wait();
print "Graph Generated for BW = %d " % directory
def setupGreTunnelPort():
Popen(("./localGreInit.sh"), shell=True).wait();
print "GRE port initialised.."
def DEIDtectBWTest(opts):
bw = opts.bw
controllerip=get_ip_address('eth0')
Popen('cp -vf alb-wl-detection-test-input.xml input.xml', shell=True).wait()
print "Rollback to known state"
clean();
setupGreTunnelPort();
bandwidthTest(bw=bw,controllerip=controllerip)
print "Cleanup the process"
clean();
infile="txrate%s.csv" % bw
drawGraph(bw, infile);
if __name__ == '__main__':
#global opts
DEIDtectBWTest(opts);
#!/bin/sh -x
if [ $# -eq 1 ]
then
HOST="$1";
else
HOST="localhost"
fi
curl -d "{\
'dpid':'0000000000000002',\
'ipv4_src':'10.0.0.1',\
'ipv4_dst':'10.0.0.3'
}" http://$HOST:8080/v1.0/nettopo/whitelist
#!/bin/sh -x
if [ $# -eq 1 ]
then
HOST="$1";
else
HOST="localhost"
fi
CMD="add"
TAPID=3
curl -d "{\
'dpid':'0000000000000002',\
'output':2,\
'vlan_id':100,\
'tapID': $TAPID \
}" http://$HOST:8080/policy/tap/e2etunnel/{$CMD}
>== Total === 2015-08-18-21-17-00 - 2015-08-18-21-19-20
- Bytes 98.5k - Payload 80.9k - Pkts 628.0 - Frags 0.0% - MBit/s 0.0 -
Ports | Sources | Destinations | Services | Protocols |
138 104.5% | 192.168.1.103 30.4% | 192.168.1.255 86.6% | 100.0% | 17 100.0% | |
137 68.8% | 192.168.1.102 29.3% | 192.168.1.1 5.9% | | | |
65432 8.8% | 192.168.1.104 27.2% | 207.46.232.182 1.4% | | | |
53 8.8% | 192.168.1.50 13.1% | 192.101.21.1 1.4% | | | |
4234 4.3% | | 192.43.244.18 1.4% | | | |
123 4.3% | | 4.2.2.4 1.4% | | | |
68 0.3% | | 4.2.2.3 1.4% | | | |
67 0.3% | | 255.255.255.255 0.3% | | | |
| | | | | |
| | | | | |
This source diff could not be displayed because it is too large. You can view the blob instead.
>== Total === 2015-08-18-21-02-21 - 2015-08-18-21-04-41
- Bytes 91.8k - Payload 75.4k - Pkts 585.0 - Frags 0.0% - MBit/s 0.0 -
Ports | Sources | Destinations | Services | Protocols |
138 104.6% | 192.168.1.103 30.1% | 192.168.1.255 85.6% | 100.0% | 17 100.0% | |
137 66.7% | 192.168.1.102 28.7% | 192.168.1.1 6.3% | | | |
65432 9.4% | 192.168.1.104 27.2% | 207.46.232.182 1.5% | | | |
53 9.4% | 192.168.1.50 14.0% | 192.101.21.1 1.5% | | | |
4234 4.6% | | 192.43.244.18 1.5% | | | |
123 4.6% | | 4.2.2.4 1.5% | | | |
68 0.3% | | 4.2.2.3 1.5% | | | |
67 0.3% | | 255.255.255.255 0.3% | | | |
| | | | | |
| | | | | |
This source diff could not be displayed because it is too large. You can view the blob instead.
>== Total === 2015-08-18-20-26-51 - 2015-08-18-20-29-11
- Bytes 76.5k - Payload 64.0k - Pkts 446.0 - Frags 0.0% - MBit/s 0.0 -
Ports | Sources | Destinations | Services | Protocols |
138 120.2% | 192.168.1.102 34.1% | 192.168.1.255 99.6% | 100.0% | 17 100.0% | |
137 78.9% | 192.168.1.103 33.9% | 255.255.255.255 0.4% | | | |
68 0.4% | 192.168.1.104 32.1% | | | | |
67 0.4% | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
This source diff could not be displayed because it is too large. You can view the blob instead.
diff --git a/Code/ryu/ryu/app/cnac_rest.py b/Code/ryu/ryu/app/cnac_rest.py
index b7a9246..c47d8dc 100644
--- a/Code/ryu/ryu/app/cnac_rest.py
+++ b/Code/ryu/ryu/app/cnac_rest.py
@@ -238,7 +238,8 @@ class TapPolicyController(ControllerBase):
LOG.debug("vlan_id : %d", vlan_id)
#set it to 50% of the bw
- rate = 80 * 1 #80 Kbps -> 10 KBps
+ #rate = 80 * 1 #80 Kbps -> 10 KBps
+ rate = 10000 * 1 #80 Kbps -> 10 KBps
rateKBps = round(rate /8); #Kbps -> KBps
diff --git a/Code/ryu/ryu/app/dynamic_rate_limiter.py b/Code/ryu/ryu/app/dynamic_rate_limiter.py
index 13ddf7a..3e8deb1 100644
--- a/Code/ryu/ryu/app/dynamic_rate_limiter.py
+++ b/Code/ryu/ryu/app/dynamic_rate_limiter.py
@@ -43,7 +43,7 @@ class dynamicRateLimiter(simple_switch_13.SimpleSwitch13):
del self.datapaths[datapath.id]
def _monitor(self):
- while True:
+ while False:
tapList = tapDB.getAllTapMeters();
for tap in tapList:
print tap;
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment