Remote Triggered Black Hole (RTBH) is a common DDoS mitigation technique. It uses BGP anouncements to request an ISP to drop all traffic to an IP address under a DDoS attack.
Read a blog post dedicated to this scenario.
- Linux host or VM with sudo permissions and Docker support. See some ready-to-use options below
git
andbuild-essential
packages - how to install depends on your Linux distribution- Docker
- Containerlab
- Access to the Linux host from your computer over TCP ports 22 (SSH), 8008 (DDoS Protect Dashboard) and 8080 (Graphite topology visualization)
-
Clone this repository to the Linux host where you want to run the lab. Do this only once.
git clone --recursive --single-branch https://github.com/open-traffic-generator/otg-examples.git
-
Navigate to the lab folder
cd otg-examples/clab/rtbh
Run the following only once, to build a container image where go test
command would execute. This step will pre-load all the Go modules needed by the test into the local gosnappi
image.
sudo docker build -t gosnappi:local .
sudo -E containerlab deploy -t topo.yml
As the lab is being deployed, in Containerlab output you should see a line like this:
DDoS Protect Dashboard 🛡️ http://some-ip-address:8008/app/ddos-protect/html/index.html
Open the link in the browser to see the DDoS Protect Dashboard
Execute the test by running go test
in clab-rtbh-gosnappi
container. Note, it will take some time for Golang to compile the test binary, so expect a delay before the test starts running.
DMAC=`sudo docker exec clab-rtbh-pe-router vtysh -c 'sh interface eth2 | include HWaddr' | awk "{print \\$2}"`
sudo docker exec -it clab-rtbh-gosnappi bash -c "go test -dstMac=${DMAC}"
sudo -E containerlab destroy -t topo.yml
-
If you're on Mac, an example below can be used to create an Ubuntu 20.04LTS VM
otg-demo
, using Multipass. Ubuntu 22.04 is not yet supported for this test.multipass launch 20.04 -n otg-demo -c4 -m8G -d32G multipass shell otg-demo sudo apt update && sudo apt install docker.io -y bash -c "$(curl -sL https://get.containerlab.dev)"
-
Delete the VM after testing is done
multipass stop otg-demo multipass delete otg-demo
-
Create a VM in a default VPC, with needed firewall rules and all the nessesary components
MYIP=`curl ifconfig.me` gcloud compute firewall-rules create otg-demo-allow-8008 --description="Allow tcp 8008 ingress to any instance tagged as otg-demo" --direction=INGRESS --priority=1000 --network=default --action=ALLOW --rules=tcp:8008 --source-ranges="$MYIP/32" --target-tags=otg-demo gcloud compute firewall-rules create otg-demo-allow-8080 --description="Allow tcp 8080 ingress to any instance tagged as otg-demo" --direction=INGRESS --priority=1000 --network=default --action=ALLOW --rules=tcp:8080 --source-ranges="$MYIP/32" --target-tags=otg-demo gcloud compute instances create otg-demo \ --subnet=default \ --machine-type=e2-standard-8 \ --image-family=ubuntu-2004-lts \ --image-project=ubuntu-os-cloud \ --boot-disk-size=30GB \ --boot-disk-device-name=otg-demo \ --tags=otg-demo gcloud compute ssh otg-demo sudo apt update && sudo apt install docker.io build-essential -y bash -c "$(curl -sL https://get.containerlab.dev)"
-
Delete all resources and the VM after testing is done (run them one by one, as you'll need to confirm it is OK to delete)
gcloud compute instances delete otg-demo gcloud compute firewall-rules delete otg-demo-allow-8008 gcloud compute firewall-rules delete otg-demo-allow-8080
As part of the lab topo.yml
definitions, there is a topology visualization module included, called Graphite. As the lab is being deployed, in Containerlab output you should see a line like this:
Graphite visualization 🎨 http://some-ip-address:8080/graphite
Open the link in the browser to see a graphical representation of the topology.
# pe-router
sudo docker exec -it clab-rtbh-pe-router vtysh
# ce-router
sudo docker exec -it clab-rtbh-ce-router vtysh
# ixia
sudo docker exec -it clab-rtbh-ixia sh
# controller
sudo docker exec -it clab-rtbh-controller sh
Original lab design: