Objective:

Using the Openflow 1.3 Meter feature, Limiting the bandwidth of the FLOW.
This helps to mitigate the DOS.

Installation :
Ubuntu 14.04 machine is used for installation
1. Install the KaanalNet (Ref: Wiki)
2. Install the ofofswitch13
Ref:
http://tocai.dia.uniroma3.it/compunet-wiki/index.php/Installing_and_setting_up_OpenFlow_tools
Section : Installing OpenFlow 1.3 software switch (CPqD)
3. Install the hping3 in the nodeimg as below,
1. lxc-start -n nodeimg -d
2. lxc-ls --fancy
3. ssh ubuntu@<ip of nodeimg>
4. sudo -i
5. apt-get install hping3

Setup:
Prerequisties:
KaanalNet experience is must, for topology creation and usage.
Topology Creation:
1. Start the KaanalNet:
command : sudo npm start
Ex:
suresh@snmp:~/node_modules/kaanalnet$ sudo npm start
2. Create a Test Topology in the kaanalNet using the below Post data (Refer KannalNet WIKI)
Topology POST Data:
{
"name":"topology1",
"switches":[
{ "name":"switch1","type":"lan"}
],

"nodes":[
{ "name":"server","type":"host"},
{ "name":"client","type":"host"},
{ "name":"hacker","type":"host"}
],
"links":[
{
"type":"lan",
"switches":[
{"name":"switch1","connected_nodes":[{"name":"server"},{"name":"client"},
{"name":"hacker"}]}
]
}
]
}

Connect the Topology with ofofswitch13

1. List the bridge interfaces
cmd: brctl show
output:
bridge name bridge id
lxcbr0
8000.fe39f2688e2b
switch1

STP enabled interfaces

no
veth4FXKUI
vethJLBLMF
vethUXKDP0
8000.fe8473d08adf no
client_veth1
hacker_veth1
server_veth1

2. Delete the switch as below,

root@snmp:~# ifconfig switch1 down
root@snmp:~# brctl delbr switch1
root@snmp:~# brctl show
bridge name bridge id
STP enabled interfaces
lxcbr0
8000.fe39f2688e2b no
veth4FXKUI
vethJLBLMF
vethUXKDP0
root@snmp:~#
ofswitch13 tutorials are available in this link
https://github.com/CPqD/ofsoftswitch13/wiki/OpenFlow-1.3-Tutorial
https://github.com/CPqD/ofsoftswitch13/wiki/Dpctl-Documentation
3. Create a ofswitch Data path and add the veth ports

ofdatapath --datapath-id=000000000001 --interfaces=server_veth1,client_veth1,hacker_veth1

ptcp:6680 -D
4. collect the port connection status
dpctl tcp:127.0.0.1:6680 port-desc
root@snmp:~# dpctl tcp:127.0.0.1:6680 port-desc
SENDING (xid=0xF0FF00F0):
stat_req{type="port-desc", flags="0x0"}
RECEIVED (xid=0xF0FF00F0):
stat_repl{type="port-desc", flags="0x0"{no="1", hw_addr="fe:aa:6b:bf:fb:1f",
name="server_veth1", config="0x0", state="0x4", curr="0x840", adv="0x0", supp="0x0",
peer="0x0", curr_spd="10485760kbps", max_spd="0kbps"},
{no="2", hw_addr="fe:84:73:d0:8a:df", name="client_veth1", config="0x0", state="0x4",
curr="0x840", adv="0x0", supp="0x0", peer="0x0", curr_spd="10485760kbps",
max_spd="0kbps"},
{no="3", hw_addr="fe:dc:64:c7:0a:8b", name="hacker_veth1", config="0x0", state="0x4",
curr="0x840", adv="0x0", supp="0x0", peer="0x0", curr_spd="10485760kbps",
max_spd="0kbps"},
{no="local", hw_addr="00:00:00:00:00:01", name="tap:", config="0x0", state="0x4",
curr="0x802", adv="0x0", supp="0x0", peer="0x0", curr_spd="10240kbps", max_spd="0kbps"}}}
This shows as,
port1 - server_veth1
port2 - client_veth1
port3 - hacker_veth1
5. Collect the MAC &IP statististcs.
Command: Sudo lxc-ls fancy
Login to each machine and note the IP & MAC Address.

server : 10.10.10.2 - mac (00:00:00:00:00:14) - server_veth1 - port1

client : 10.10.10.3 - mac (00:00:00:00:00:15) - client_veth1 port2
hacker : 10.10.10.4 - mac (00:00:00:00:00:16) - hacker_veth1 - port3

6. Add static ARP entry in the host machines. This will avoid the ARP Requests trigger.
client:

arp -s 10.10.10.2 00:00:00:00:00:14

arp -s 10.10.10.4 00:00:00:00:00:16
server:
arp -s 10.10.10.4 00:00:00:00:00:16
arp -s 10.10.10.3 00:00:00:00:00:15
hacker
arp -s 10.10.10.2 00:00:00:00:00:14
arp -s 10.10.10.3 00:00:00:00:00:15
arp -a ---To display the status

7. Now Lets add the flow without meter:

dpctl tcp:127.0.0.1:6680 flow-mod cmd=add,table=0
eth_src=00:00:00:00:00:15,eth_dst=00:00:00:00:00:14 apply:output=1
dpctl tcp:127.0.0.1:6680 flow-mod cmd=add,table=0
eth_src=00:00:00:00:00:16,eth_dst=00:00:00:00:00:14 apply:output=1
dpctl tcp:127.0.0.1:6680 flow-mod cmd=add,table=0
eth_src=00:00:00:00:00:14,eth_dst=00:00:00:00:00:15 apply:output=2
dpctl tcp:127.0.0.1:6680 flow-mod cmd=add,table=0
eth_src=00:00:00:00:00:16,eth_dst=00:00:00:00:00:15 apply:output=2
dpctl tcp:127.0.0.1:6680 flow-mod cmd=add,table=0
eth_src=00:00:00:00:00:14,eth_dst=00:00:00:00:00:16 apply:output=3
dpctl tcp:127.0.0.1:6680 flow-mod cmd=add,table=0
eth_src=00:00:00:00:00:15,eth_dst=00:00:00:00:00:16 apply:output=3

9. Run the Traffic (DOS) Test:

Any one attack as mentioned in the last section.
And Run the geneniue ping/tcp test from client to server in parallel. (Refer kaanalnet Wiki)

Now With Mitigation:

10 Apply the Meter configuration:
dpctl tcp:127.0.0.1:6680 meter-mod cmd=add,flags=1,meter=1 drop:rate=10
dpctl tcp:127.0.0.1:6680 flow-mod cmd=del,table=0

eth_src=00:00:00:00:00:16,eth_dst=00:00:00:00:00:14 apply:output=1
dpctl tcp:127.0.0.1:6680 flow-mod cmd=add,table=0
eth_src=00:00:00:00:00:16,eth_dst=00:00:00:00:00:14 meter:1 apply:output=1
Run the test again

TRAFFIC TEST
1. Ping flood/ Ping of Death
ping -s 65000 10.10.10.2 -f
hping .... command
hping3 --icmp -d 100 --flood 10.10.10.2
2. TCP Syn flood
hping3 -S -d 1400 -p 5000 --flood 10.10.10.2
3. UDP flood
hping3 -q -n -a 10.0.0.1 --udp -s 53 --keep -p 68 --flood 192.168.0.2