Status | ||||
---|---|---|---|---|
|
Table of Contents |
---|
Team
Name | Organization | Role | |
---|---|---|---|
Dimitris Mavrommatis | ONF / Foundation for Research and Technology - Hellas (FORTH), Institute of Computer Science, INSPIRE group | Lead Developer | dimitris@opennetworking.org |
Lefteris Manassakis | Foundation for Research and Technology - Hellas (FORTH), Institute of Computer Science, INSPIRE group | Engineering Supervisor / | |
Vasileios Kotronis | Foundation for Research and Technology - Hellas (FORTH), Institute of Computer Science, INSPIRE group | Research Supervisor / | vkotronis@ics.forth.gr |
...
Code Block | ||
---|---|---|
| ||
"org.onosproject.artemis" : { "artemis" : { "prefixes" : [ { "prefixmoas": : "40.0.0.0/8"[ ], "paths" : [ { "originneighbor" : 65004,[ "neighbor" : [{ { "asn": 65002, "asnneighbor" : 65002,[ "neighbor": [ 65001 ] }] ] } } ], ], "moasorigin" : [ ]65004 } ],} "frequency" : 3000, ], "prefix": "monitors" : {40.0.0.0/8" } ] }, "moas": { }, "ripemonitors": :{ [ ], "exabgp": [ "192.168.1.2:5000" 5000" ], "ripe": [] } } } |
Explanation of fields
prefixes:List consisting of prefixes with their AS-PATH information and (optionally) legitimate MOAS ASes.
prefix: a CIDR representation of the prefix that is monitored/protected.
paths: a list of dictionaries that contain the ASN of the protected AS (origin), along with a list of dictionaries for the neighbors.
neighbor: list of dictionaries that contain each neighbor's ASN and a list of ASNs for the neighbor's neighbor.
For example, in the demo topology the protected (origin) AS65004 sees the AS65002 as a first-hop neighbor, and AS65001 as a second-hop neighbor (resulting in the legitimate announced path AS65004 - AS65002 - AS65001).
Note: While the operator can supply the origin and first-hop neighbor ASNs as ground-truth in the configuration, the N-hop (N > 1) neighbor information is planned to be generated automatically by ARTEMIS in future versions of the tool, based on the received BGP updates.moas: *in-progress*
frequencymoas:Polling interval in milliseconds for the detection mechanism to check batches of BGP update messages (stored in the application cache). In the demo configuration file, it is set to check every 3s (3000ms). *in-progress*
monitors: List of the route collectors that ARTEMIS is using for monitoring. Currently it supports RIPE and ExaBGP route collectors through the socket-io interface, and is extendable to include more monitoring services/APIs.
RIPE Route Collectors have specific identifiers ("rrc17rrc18", "rrc18rrc19", "rrc19rrc20", "rrc20rrc21"). You can configure them following this example: "ripe" : ["rrc17rrc18", "rrc19"]
An ExaBGP Route Collector (RC) is implemented inside the tutorial folder (/onos/tools/tutorials/artemis/). You can host such an RC locally by running an ExaBGP instance with the exabgp.conf and server.py files provided (will require modifications in directory paths). In the demo topology we have an ExaBGP speaker running on 192.168.1.2:5000, monitoring the BGP control plane from the perspective of AS65001.
...
Code Block | ||||
---|---|---|---|---|
| ||||
$ cd ~ $ sudo apt-get install git $ git clonegit clone -b 3.4 https://github.com/Exa-Networks/exabgp $ cd exabgp; git checkout 3.4 $ echo 'export PATH=$PATH:~/exabgp/sbin' >> ~/.bashrc $ source ~/.bashrc |
...
Code Block | ||||
---|---|---|---|---|
| ||||
$ sudo apt-get install python3-pip -y $ sudo -H pip3 install -r ~/onos/tools/tutorials/artemis/requirements.txt $ nanocd ~/onos/tools/tutorials/artemis/ $ sed -i 's?/absolute/path/to/onos/tools/tutorials/artemis?'`pwd`'?' configs/exabgp.conf |
You must put verify that the run command in config file now has the absolute path at the run command, e.g., /home/user/onos/tools/tutorials/artemis/server.py.
...
Code Block | ||||
---|---|---|---|---|
| ||||
$ cd onos/tools/tutorials/artemis
$ sudo ./artemis-topo.py |
While having the two terminals open (ONOS instance and mininet), open a new terminal and load the network configuration with onos-netcfg. From this terminal, login to the ONOS CLI:
...