Development of Software-Defined Mesh Network Emulator Testbed for DDoS Defence Study

摘要

This paper has proposed to develop a software-defined mesh network emulator testbed in order to study a network defense against a DDoS attack. By using SDN, virtual switches can be reprogrammed to drop attacker traffics at the earliest possible locations. This is advantageous in comparison with the current industrial practice whereby only a firewall sitting at the network domain border or a gateway can perform such dropping action. The testbed uses the GNS3 platform where OVS switches are constructed and controlled by the Opendaylight controller. A simple Linux script has been developed herein to instantiate a distributed ping attack from all possible starting switches to a victim gateway with the DDoS intention. The numerical example reported here shows TCP and UDP throughputs, round-trip time as measurable by emulated network users to demonstrate the application of SDN in resolving the attacking adverse effects.