Design and Deployment of OpenStack-SDN based

Design and Deployment of OpenStack-SDN based Test-bed for EDoS Parminder Singh1, Selvakumar Manickam2 1,2

National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia, Penang, Malaysia 1 [email protected]; [email protected] network applications design for both physical and virtualized (hypervisor-based)environments (Figure1).

Abstract: High fidelity experimental facilities play an important role in evaluating newtechnologies such as cloud computing and software defined network (SDN).In this paper, we highlight how OpenDaylight can be integrated with OpenStack to provide a powerful SDN-based networking solution for OpenStack Clouds. It provides practical application of the future network standards leveraging SDN technology. We will discuss the important elements ofdesigning and implementing OpenStack-SDN testbed for virtual networks that integrates additional capabilities compared to existing SDN testbeds. We will also provide an overview of setting up the testbed with the necessary hardware and components required to build this testbed.

SDN technologies provides clear visibility in high speed networks, adaptabilityto ever-changing Network provisioning needs, and considerably reduce management and operations complication. Use of SDN can benefit industry by providing vendor neutrality and centralized management and control of devices. Control can be automated and managed by API’s to abstract networking from orchestration and provisioning of applications and systems, which results in to network reliability and security by applying uniform policies throughout the networks.

Keywords: EDoS, SDN, DDoS, OpenStack, Test Bed

I.

INTRODUCTION

The Cloud services are provided as Pay-per-Use. Therefore the resource utilization and the processing power are charged to the customer by the provider. The DDoS attack aims to exploit the cloud resources along with legitimate users. In the absence of any appropriate defense mechanisms to counter DDoS attack the resources can be allocated to the DDoS requests. The EDoS (Economic Denial of Service) in the cloud is because of DDoS attack[1], where the service to the legitimate user is never restricted and utilization of server and network Resources are dynamically expanded to serve excess traffic. The Client who is using cloud will incur a debilitating bill by using highly elastic (auto-Scaling) capacity to serve a large amount of undesired traffic in order to maintain the QoS as per the SLA.

Fig. 1. OpenFlow Architecture

III. OPENFLOW CONTROLLER

With the adoption of SDN technology we need to facilitate the SDN lab experimentation in real world adoption scenario especially in cloud computing environment. In this paper will discuss on how to setup a test-bed with Cloud computing and SDN controller to study the impact of EDoS in production environment.

OpenFlow controller is an application which control the network flow in SDN. Generally SDN use OpenFlow protocol to manage the network, OpenFlow act as an operating system for the virtual networking. Communication between devices and applications must pass through the controller and controller will update switches, where to send data packets. OpenFlow protocol used by controller to manage network devices[4], [5] and to decide on best route to application traffic. Instead of hardware firmware, network control plane is used so that network can be managed more dynamically and with precision.

II. OPENFLOW(OF) OpenFlow[2], [3]is an open standard interface defined to provide access between the forwarding plane of a SDN controller, network switch or router, helping more refined traffic management. OpenFlow provides superior programmatic control of the network, empowering new

OpenFlow enable network administrators to control packet forwarding tables by removing, adding or modifying packet 763

2015 4th International Conference on Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions), Sep. 2-4, 2015, AIIT, Amity University Uttar Pradesh, Noida, India

matching pattern and execute actions. Therefore routing can be scheduled by controller either systematically or in improvised way and can convert actions with a defined lifetime, which can be pushed to switch flow tables, resulting in forwarding onlydesiredpacket at wire-speed. OpenFlow controller architecture[6], [7]as described below figure 2:

architectural design and growing number of companies and organizations involved in OpenStack project. OpenStack is mainly developed by U.S National Aeronautics and Space Administration (NASA) and Rackspace, an IT hosting company targeting both large and small infrastructure so that it can be deployed by any types of organizations. OpenStack uses python as a development language and the codes are licensed under Apache 2.0. Three main characteristics make OpenStack an interesting candidate among other open source solution: 1) Scalability: OpenStack is massively scalable and it is already deployed in various large distributed environments [9]. 2) Flexibility: OpenStack supports most of the existing hypervisors in order to support virtualization [11]. 3) Open source: As the code is openly distributed, therefore it can be modified and adapted according to the requirements. OpenStack architecture[11] described in figure 3.

Fig.2. OpenFlow NOX Controller Architecture

Few open source OpenFlow controller application are as mentioned in below table 1. TABLE 1: OpenFlow Controllers

Fig. 3. OpenStack conceptual architecture

V. OPENDAYLIGHT (ODL) CONTROLLER In this test-bed we used ODL as OpenFlow controller[12], [13], [14]. ODL is an open source project under Linux Foundation designed to fast track implementation of SDN and to create firm base for Network Functions Virtualization (NFV) (Figure 4). ODL provides open source platform and framework for SDN using OpenFlow Networking standards. ODL use java as a programming language and maven for build automation. Maven use Project Object Model (pom.xml) to define dependencies to load at startup. OSGI framework provide backend for ODL to dynamically load bundles, jar files and provide information exchange between the bundles. Karaf OSGI runtime provide lightweight container for various modules to load and unload.

IV. OPENSTACK OpenStack [8], [9], [10] is one of the most complete opensource cloud platforms which offers infrastructure as a service and delivers tools for creating and managing virtual machines on top of available resources. Recently it attracts interest among both academia and industry because of its potential 764

2015 4th International Conference on Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions), Sep. 2-4, 2015, AIIT, Amity University Uttar Pradesh, Noida, India

consumers to carry out their instructions. Nova compute manages the life-cycle of VMs. Message Queue handles the messages between different services and MySQL is used for storing all metadata. Nova scheduler co-ordinates all the services and makes decision about the resource placement based on different factors such as – processing load, memory, physical distance of the nodes, etc. The functions of Neutron is similar to Nova network. They are responsible for managing networks and IP addresses within the cloud platform. Dashboard provides a browser-based graphical interface for the users and administrators for efficient access and flexible management of the cloud-based resources. Commercial clouds provide information only at application, not infrastructure level. In the absence of those restrictions, measurements such as host occupancy can be taken from the physical infrastructure. Our proposed test-bed is setup using VMware server infrastructure and physical Dell Blade servers as shown in Figure 5. The description of the server’s is as below:

Fig. 4. Opendaylight Architecture

•

Dell Blade Chassis M100OC with Power Edge M 610 Server.

•

Dell M610, Dual Quad Core Processor / 16 GB / 1 TB HDD.

•

Dell 720xd, Dual Octa Core Processor/ 64GB/ 4 TB HDD

VI. EXISTINGSDN TESTBEDS OpenFlow test-beds such as GENI[15], [16], OFELIA[17], [18], COTN[19], Dot Hub[20] are available to assist scholars for execution of numerous experimentations in wide area networking. These test-beds are majorly used for both research and application testing in SDN networks. These test-beds provide a wide range of network topologies in distributed environment.Mininet[21], [22]test bed provide a simple single machine basic OpenFlow capable test-bed but it lacks the metering and monitoring capabilities. To overcome all these issues we are proposing a test-bed running OpenStack Juno as a Cloud Computing platform with OpenDaylight Helium release as a OpenFlow controller to study the impact of EDoS[1] in cloud environment. VII. OVERVIEW OF PROPOSED TEST-BED SETUP AND DESIGN OpenStack is an open source software for deploying and managing private, public or hybrid cloud infrastructure in both large scale and small scale environment. Current version of OpenStack Juno consists of mainly 9 projects[8]: 1) OpenStack Compute Service (Nova), 2) OpenStack Image Service (Glance), 3) OpenStack Identity Service (Keystone), 4) OpenStack Network Service (Neutron), 5) OpenStack Block Storage (Cinder), 6) OpenStack Object Storage (Swift), 7) OpenStack Dashboard Service (Horizon), 8) OpenStack Metering Service (Ceilometer), 9) OpenStack Orchestration service (Heat). Project Nova is the core component for building a scalable cloud platform which is mainly responsible for creating and managing clusters of virtual machines over underlying hardware. Nova API provides an interface for the

Fig. 5. Implementation Architecture

765

2015 4th International Conference on Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions), Sep. 2-4, 2015, AIIT, Amity University Uttar Pradesh, Noida, India

TABLE 2: Machine Descriptions

Number of Machines

Operating System

H/W Details

Purpose

1

Ubuntu14.04 x64

1TB HDD, Controller 16GB RAM

1

Ubuntu14.04 x64

1TB HDD, Network 16GB RAM

1

Ubuntu14.04 x64

1TB HDD, Compute-1 16GB RAM

1

Ubuntu14.04 x64

1TB HDD, Compute-2 16GB RAM

1

Ubuntu14.04 x64

1TB HDD, Compute-3 16GB RAM

1

VMware ESXi 4TB HDD Various VM 6 64GB RAM

According to Table 2, VMware host the Virtual machines running various tools like traffic generator, monitoring tools, wireshark & openflow monitoring tools. OpenStack Juno installation procedure can be found at[11], and step by step easy install can be found at[23]. Opendaylight controller integration uses neutron ML2 Plugin’s as shown in figure. Details of plugin configuration available at[24]. Once setup is complete openstack management page can be accessed at http://(Controller IP)/horizon.

Fig. 7. VM running in OpenStack

Fig. 6. OpenStack Dashboard Fig. 8. Resource Monitoring in OpenStack using Ceilometer

Spin various VM over openstack cloud using multiple network topologies and play around with various services . Detailed Monitoring Information about VM’s, relates to CPU, bandwidth, memory usage can be monitored via ceilometer interface.

For ODL and OpenStack integration, Neutron ML2 plugin drivers are used which expose the Northbound OpenStack API’s to ODL controller as shown in figure 6.

766

2015 4th International Conference on Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions), Sep. 2-4, 2015, AIIT, Amity University Uttar Pradesh, Noida, India

[2] Openflow. Available from: https://www.opennetworking.org/sdn-resources/openflow. [3] McKeown, N., Software-defined networking. INFOCOM keynote talk, 2009. 17(2): p. 30-32. [4] Specification-Version, O.S., 1.4. 0. 2013, Open Networking Foundation. [5] Kim, H. and N. Feamster, Improving network management with software defined networking. Communications Magazine, IEEE, 2013. 51(2): p. 114-119. [6] Software Defined Network. Available from: https://www.safaribooksonline.com/library/view/sdn-softwaredefined/9781449342425/ch04.html. [7] Sherwood, R., et al., Carving research slices out of your production networks with OpenFlow. ACM SIGCOMM Computer Communication Review, 2010. 40(1): p. 129-130. [8] OpenStack, A.; Available from: https://www.openstack.org/software/. [9] Pepple, K., Deploying openstack. 2011: " O'Reilly Media, Inc.". [10] Sefraoui, O., M. Aissaoui, and M. Eleuldj, OpenStack: toward an open-source solution for cloud computing. International Journal of Computer Applications, 2012. 55(3): p. 38-42. [11] OpenStack, I.; Available from: http://docs.openstack.org/. [12] OpenDaylight Technical Preview. Available from: http://www.opendaylight.org/project/technical-overview. [13] Medved, J., et al. Opendaylight: Towards a model-driven sdn controller architecture. in 2014 IEEE 15th International Symposium on. 2014. IEEE. [14] Autenrieth, A., et al. Cloud orchestration with SDN/OpenFlow in carrier transport networks. in Transparent Optical Networks (ICTON), 2013 15th International Conference on. 2013. IEEE. [15] GENI TestBed. Available from: https://www.geni.net/. [16] Berman, M., et al., GENI: A federated testbed for innovative network experiments. Computer Networks, 2014. 61: p. 5-23. [17] OFELIA Testbed Available from: http://www.fp7-ofelia.eu/. [18] Köpsel, A. and H. Woesner, OFELIA–pan-european test facility for openflow experimentation, in Towards a Service-Based Internet. 2011, Springer. p. 311-312. [19] COTN TestBed. Available from: http://cenic.org/network/cotn. [20] DotHub Testbed. Available from: http://dothub.org/. [21] Mininet. Available from: http://mininet.org/. [22] by Octopress, M.T.-P., Mininet Overview. 2014. [23] OpenStack Juno Installation. Available from: https://github.com/ChaimaGhribi/OpenStack-Juno-Installation. [24] Openstack-OpenDaylight Integration. Available from: https://wiki.opendaylight.org/view/OpenStack_and_OpenDaylig ht.

Fig. 9. OpenDaylight OpenStack Integration

VIII. CONCLUSIONS OpenStack emerge as the most favorable open source cloud computing platform in academia and industry. With increase in embracing of cloud computing especially infrastructure as service, motivate organizations to transform their present setup into a private or hybrid cloud. In this paper we have studied, the work required to integrate OpenStack in SDN environment for research and experimentation. For EDoS, testbed must provide the methods to observer and control resources and OpenStack can be observer at application, virtual machine and infrastructure level. At cloud operating system level, its notification service provides a useful source of information. With integration with SDN in cloud environment provide deep control over the network to expand the research horizon. REFERENCES [1] Singh, P., S. Manickam, and S.U. Rehman. A survey of mitigation techniques against Economic Denial of Sustainability (EDoS) attack on cloud computing architecture. in Reliability, Infocom Technologies and Optimization (ICRITO)(Trends and Future Directions), 2014 3rd International Conference on. 2014. IEEE.

767