1 of 11

ARTEMIS over ONOS demo

Dimitris Mavrommatis, Vasileios Kotronis, Lefteris Manassakis

#ONOSProject

2 of 11

Agenda

  • Introductory presentation
  • Demo (video)
  • Code discussion
  • Discussion of future directions
  • Questions

#ONOSProject

3 of 11

Motivation

  • BGP prefix hijacking remains a serious threat [1,2]
  • Pervasive control-plane monitors (RIPE RIS, RouteViews, etc.) and real-time streaming access frameworks (BGPmon, BGPStream) fuel approaches such as the original ARTEMIS [3]
  • Network Operating Systems (such as ONOS) enable automation of control plane actions

Implement and evaluate ARTEMIS over ONOS

[1] https://bgpmon.net/large-hijack-affects-reachability-of-high-traffic-destinations/

[2] http://dyn.com/blog/iran-leaks-censorship-via-bgp-hijacks/

[3] G. Chaviaras et al., “ARTEMIS: Real-Time Detection and Automatic Mitigation for BGP Prefix Hijacking“, Proc. of SIGCOMM (demo), 2016.

#ONOSProject

4 of 11

Open Source Tools

  • Artemis
  • ONOS / SDN-IP
  • GNS3
  • Virtualization software (Vbox)
  • Open source routers/switches (Quagga, ExaBGP, OVS)

#ONOSProject

5 of 11

BGP Prefix Hijacking

Source: G. Chaviaras, P. Gigis, P. Sermpezis, and X. Dimitropoulos, “ARTEMIS: Real-Time Detection and Automatic Mitigation for BGP Prefix Hijacking (demo)”, in ACM SIGCOMM, 2016

#ONOSProject

6 of 11

Artemis

Source: G. Chaviaras, P. Gigis, P. Sermpezis, and X. Dimitropoulos, “ARTEMIS: Real-Time Detection and Automatic Mitigation for BGP Prefix Hijacking (demo)”, in ACM SIGCOMM, 2016

#ONOSProject

7 of 11

Artemis

Source: G. Chaviaras, P. Gigis, P. Sermpezis, and X. Dimitropoulos, “ARTEMIS: Real-Time Detection and Automatic Mitigation for BGP Prefix Hijacking (demo)”, in ACM SIGCOMM, 2016

#ONOSProject

8 of 11

Artemis Extensions (Future Work)

  • MOAS (Multi-Origin AS) - “anycasting” mitigation
    • Collaborator AS help the hijacked victim
    • “Attract and relay” strategy

  • Dynamic configuration of multiple router types
    • E.g., via YANG models
    • Beyond Quagga (new BGP speakers)
    • Currently under development by the Dynamic Config Brigade

AS-1

ONOS

AS-2

AS-3

AS-5

ONOS

AS-6

AS-4

AS-7

LEGITIMATE

ANNOUNCER

HIJACKER

MOAS COLLABORATOR

ATTRACT & RELAY TRAFFIC BACK TO LEGITIMATE

HELP ME!

Research opportunities:

  • Inter-ONOS signalling protocol
  • Collaborative ARTEMIS

#ONOSProject

9 of 11

GNS3 Lab Platform - Advantages

  • Emulation – not simulation
  • Open source
  • Mature project
  • Fast
  • Small footprint (compared to similar solutions)
  • Easy to install/use
  • Aesthetics
  • Compatibility with SDN/virtualization software

#ONOSProject

10 of 11

Other tools we use with GNS3...

  • Virtualization software (Vbox)
    • General-purpose full virtualizer for x86/x64 hardware
  • Open source routers / switches
    • Quagga → open-source routing software suite (OSPF, RIP, BGP-4) for Unix
    • ExaBGP → python library for interfacing between BGP and applications
    • OVS → Open vSwitch = production quality, multilayer virtual switch, � implements SDN/OpenFlow

#ONOSProject

11 of 11

GNS3 – Demo Topology

Protected AS (ONOS-Artemis)

Intermediate ASes (Legacy)

Hijacking AS

Quagga router (BGP)

Vbox VM

Legacy L2 switch

End-host (container)

OpenvSwitch

#ONOSProject