Controller Shield: Boron: Release Plan
- Manish Kumar Barnwal
Contents
- 1 Introduction
- 2 Release Deliverables
- 3 Release Milestones
- 4 Expected Dependencies on Other Projects
- 5 Expected Incompatibilities with Other Projects
- 6 Compatibility with Previous Releases
- 7 List of Externally Consumable APIs
- 7.1 Southbound Attacks at OpenFlow Plugin
- 7.1.1 RPC APIs
- 7.1.2 Notification APIs
- 7.2 Northbound Attacks at AAA Plugin
- 7.2.1 RPC APIs
- 7.2.2 Yang Data Store APIs
- 7.2.3 Notification APIs
- 7.3 East-West Attacks at SDNinterface App Plugin
- 7.3.1 Notification APIs
- 7.3.2 RPC APIs
- 7.3.3 Yang Data Store APIs
- 7.1 Southbound Attacks at OpenFlow Plugin
- 8 Themes and Priorities
- 9 Requests from Other Projects
- 10 Test Tools Requirements
- 11 Other
Introduction
Boron Release is intended to harden the existing usecplugin and extend it to collect more security related information. Usecplugin Beryllium release collects security information related to OpenFlow plugin. In the current Boron release, usecplugin will collect information about security breach attempts via OpenDaylight's north bound interface (through AAA service) and east-west interface (through SDNi App). Moreover, Usecplugin will also check whether DDoS attack is occuring on any of its plugin ports (eg. OVSDB 6640 port, DLUX 8181 port etc.) and collect the relevant data from these ports. Also, the plugin will expose the database contents via Restconf interface for any North Bound App to add logic for programming flows to protect the controller.
Release Deliverables
Information on Failed login attempts to DLUX user interface
Information on Failed login attempt to SDNi App interface
Hardened and Improved Code for OpenFlow Plugin related attack (from Be release)
Release Milestones
Milestone | Offset 2 Date | Deliverables |
|---|---|---|
M1 | 03/24/2016 | |
M2 | 05/05/2016 | |
M3 | 06/02/2016 | |
M4 | 06/30/2016 | |
M5 | 04/08/2016 | |
RC0 | N/A | |
RC1 | N/A | |
RC2 | N/A | |
RC3 | ||
Formal Release |
Expected Dependencies on Other Projects
OpenFlow Plugin
AAA Plugin
SDNi App
Expected Incompatibilities with Other Projects
None
Compatibility with Previous Releases
List of Externally Consumable APIs
Southbound Attacks at OpenFlow Plugin
RPC APIs
Attacks from DPID - Number of OpenFlow Packet_In Attacks from Switch with DeviceID
Attacks from Host - Number of OpenFlow Packet_In Attacks from SrcIP Address
Attacks to Server - Number of OpenFlow Packet_In Attacks to DstIP Address
Attacks at Time of Day - Number of OpenFlow Packet_In Attacks at a Particular Time with a variable Window Time
Notification APIs
On Low Water Mark Breached - Notification generated on breaching Low Water Mark
Northbound Attacks at AAA Plugin
RPC APIs
Login Attempt from IP - Returns Time and Type of Attempts (Success or Failure)
Login Attempt at Time - Returns Attempter IP Address and Type of Attempts (Success or Failure)
Yang Data Store APIs
Get Login Attempts - Returns Source IP address of Attempter with Time of Attempts and Type of Attempts (Success or Failure)
Notification APIs
On Invalid Login Attempt - Notification generated on Invalid Login Attempt
East-West Attacks at SDNinterface App Plugin
Notification APIs
Unknown Peer Controller Connection Request
RPC APIs
No of Connection Requests from IP Address
Yang Data Store APIs
Time and IP Address of Connection Requests
Themes and Priorities
Requests from Other Projects
None Listed
Test Tools Requirements
Java unit and integration tests
Other
Primary Setup Contact :
Thomas Lee Sebastian (thomaslee.s@tcs.com)
Rafat Jahan (rafat.jahan@tcs.com)
Test Contact :
Rafat Jahan (rafat.jahan@tcs.com)
Document Contact :
Rafat Jahan (rafat.jahan@tcs.com)
Committers :
Thomas Lee Sebastian (thomaslee.s@tcs.com)
Rafat Jahan (rafat.jahan@tcs.com)
Deepika Gupta (gupta.deepika1@tcs.com)