search

cablelabs / transparent-security

Transparent Security is a solution for identify the source devices of a DDoS attack and mitigates the attack in the customer premises or the access network. This solution leverages a P4 based programmable data plane for add in-band network telemetry (INT) for device identification and in-band mitigation.
https://www.cablelabs.com/vaccinate-your-network-to-prevent-the-spread-of-ddos-attacks
Apache License 2.0
32 stars 4 forks source link

Convert Siddhi AE to run in K8s #405

Open spisarski opened 2 years ago

spisarski commented 2 years ago

Deploy minikube with the siddhi-operator to deploy TPS AE scripts to AE vm in the lab_trial scenario.

spisarski commented 2 years ago

See the k8s-siddhi-operator-ae branch for WIP. Having problems getting the drop telemetry reports routed or jammed into the AE when running in K8s. The branch also has some iptables forwarding logic for the packet telemetry reports taking all of the core-tun1 packets and jamming them into a docker bridge which is a total hack. Minikube does not support true public IP load balancing so we may simply have to leverage the CRDs developed here and deploy the Siddhi & Redis operators as well as our TPS AE SiddhiProcess CRDs onto a real K8s cluster.

Needless to say, if we want the TPS K8s AE running in the AWS CI, fixing the routing of the TRPT packets will not be a trivial task.