Loading manifests/monitoringservice.yaml +1 −1 Original line number Diff line number Diff line Loading @@ -36,7 +36,7 @@ spec: - containerPort: 9192 env: - name: LOG_LEVEL value: "INFO" value: "DEBUG" envFrom: - secretRef: name: qdb-data Loading manifests/serviceservice.yaml +1 −1 Original line number Diff line number Diff line Loading @@ -36,7 +36,7 @@ spec: - containerPort: 9192 env: - name: LOG_LEVEL value: "INFO" value: "DEBUG" readinessProbe: exec: command: ["/bin/grpc_health_probe", "-addr=:3030"] Loading my_deploy.sh +2 −66 Original line number Diff line number Diff line #!/bin/bash # Copyright 2022-2023 ETSI TeraFlowSDN - TFS OSG (https://tfs.etsi.org/) # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # ----- TeraFlowSDN ------------------------------------------------------------ # Set the URL of the internal MicroK8s Docker registry where the images will be uploaded to. export TFS_REGISTRY_IMAGES="http://localhost:32000/tfs/" # Set the list of components, separated by spaces, you want to build images for, and deploy. export TFS_COMPONENTS="context device automation monitoring pathcomp service slice compute webui load_generator" # Set the tag you want to use for your images. export TFS_COMPONENTS="context device automation monitoring pathcomp service slice compute webui load_generator l3_attackmitigator l3_centralizedattackdetector" export TFS_IMAGE_TAG="dev" # Set the name of the Kubernetes namespace to deploy TFS to. export TFS_K8S_NAMESPACE="tfs" # Set additional manifest files to be applied after the deployment export TFS_EXTRA_MANIFESTS="manifests/nginx_ingress_http.yaml" # Set the new Grafana admin password export TFS_GRAFANA_PASSWORD="admin123+" # Disable skip-build flag to rebuild the Docker images. export TFS_SKIP_BUILD="" # ----- CockroachDB ------------------------------------------------------------ # Set the namespace where CockroackDB will be deployed. export CRDB_NAMESPACE="crdb" # Set the database username to be used by Context. export CRDB_USERNAME="tfs" # Set the database user's password to be used by Context. export CRDB_PASSWORD="tfs123" # Set the database name to be used by Context. export CRDB_DATABASE="tfs" # Set CockroachDB installation mode to 'single'. This option is convenient for development and testing. # See ./deploy/all.sh or ./deploy/crdb.sh for additional details export CRDB_DEPLOY_MODE="single" # Disable flag for dropping database, if exists. export CRDB_DROP_DATABASE_IF_EXISTS="" # Disable flag for re-deploying CockroachDB from scratch. export CRDB_REDEPLOY="" # ----- NATS ------------------------------------------------------------------- # Set the namespace where NATS will be deployed. export NATS_NAMESPACE="nats" # Disable flag for re-deploying NATS from scratch. export NATS_REDEPLOY="" # ----- QuestDB ---------------------------------------------------------------- # If not already set, set the namespace where QuestDB will be deployed. export QDB_NAMESPACE="qdb" # If not already set, set the database username to be used by Monitoring. export QDB_USERNAME="admin" # If not already set, set the database user's password to be used by Monitoring. export QDB_PASSWORD="quest" # If not already set, set the table name to be used by Monitoring. export QDB_TABLE="tfs_monitoring" ## If not already set, disable flag for dropping table if exists. #export QDB_DROP_TABLE_IF_EXISTS="" # If not already set, disable flag for re-deploying QuestDB from scratch. export QDB_REDEPLOY="" proto/l3_centralizedattackdetector.proto +9 −12 Original line number Diff line number Diff line Loading @@ -22,6 +22,9 @@ service L3Centralizedattackdetector { // Sends a batch of inputs to the ML model in the CAD component rpc SendInputBatch (L3CentralizedattackdetectorModelInput) returns (Empty) {} // DAD request of the list of features in CAD rpc SendFeatures (Empty) returns (AutoFeatures) {} } message Feature { Loading @@ -46,18 +49,7 @@ message L3CentralizedattackdetectorMetrics { repeated Feature features = 1; ConnectionMetadata connection_metadata = 2; /* string ip_o = 2; string port_o = 3; string ip_d = 4; string port_d = 5; string flow_id = 6; context.ServiceId service_id = 7; context.EndPointId endpoint_id = 8; string protocol = 9; float time_start = 10; float time_end = 11; */ } message ConnectionMetadata { Loading @@ -73,6 +65,11 @@ message ConnectionMetadata { float time_end = 10; } // Collection of int values representing ML features message AutoFeatures { repeated float autoFeatures = 1; } // Collection (batcb) of model inputs that will be sent to the model message L3CentralizedattackdetectorModelInput { repeated L3CentralizedattackdetectorMetrics metrics = 1; Loading src/device/service/DeviceServiceServicerImpl.py +3 −0 Original line number Diff line number Diff line Loading @@ -128,6 +128,9 @@ class DeviceServiceServicerImpl(DeviceServiceServicer): # TODO: use of datastores (might be virtual ones) to enable rollbacks resources_to_set, resources_to_delete = compute_rules_to_add_delete(device, request) for resource in resources_to_set: LOGGER.debug('Resource to set: %s', resource) errors = [] errors.extend(configure_rules(device, driver, resources_to_set)) errors.extend(deconfigure_rules(device, driver, resources_to_delete)) Loading Loading
manifests/monitoringservice.yaml +1 −1 Original line number Diff line number Diff line Loading @@ -36,7 +36,7 @@ spec: - containerPort: 9192 env: - name: LOG_LEVEL value: "INFO" value: "DEBUG" envFrom: - secretRef: name: qdb-data Loading
manifests/serviceservice.yaml +1 −1 Original line number Diff line number Diff line Loading @@ -36,7 +36,7 @@ spec: - containerPort: 9192 env: - name: LOG_LEVEL value: "INFO" value: "DEBUG" readinessProbe: exec: command: ["/bin/grpc_health_probe", "-addr=:3030"] Loading
my_deploy.sh +2 −66 Original line number Diff line number Diff line #!/bin/bash # Copyright 2022-2023 ETSI TeraFlowSDN - TFS OSG (https://tfs.etsi.org/) # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # ----- TeraFlowSDN ------------------------------------------------------------ # Set the URL of the internal MicroK8s Docker registry where the images will be uploaded to. export TFS_REGISTRY_IMAGES="http://localhost:32000/tfs/" # Set the list of components, separated by spaces, you want to build images for, and deploy. export TFS_COMPONENTS="context device automation monitoring pathcomp service slice compute webui load_generator" # Set the tag you want to use for your images. export TFS_COMPONENTS="context device automation monitoring pathcomp service slice compute webui load_generator l3_attackmitigator l3_centralizedattackdetector" export TFS_IMAGE_TAG="dev" # Set the name of the Kubernetes namespace to deploy TFS to. export TFS_K8S_NAMESPACE="tfs" # Set additional manifest files to be applied after the deployment export TFS_EXTRA_MANIFESTS="manifests/nginx_ingress_http.yaml" # Set the new Grafana admin password export TFS_GRAFANA_PASSWORD="admin123+" # Disable skip-build flag to rebuild the Docker images. export TFS_SKIP_BUILD="" # ----- CockroachDB ------------------------------------------------------------ # Set the namespace where CockroackDB will be deployed. export CRDB_NAMESPACE="crdb" # Set the database username to be used by Context. export CRDB_USERNAME="tfs" # Set the database user's password to be used by Context. export CRDB_PASSWORD="tfs123" # Set the database name to be used by Context. export CRDB_DATABASE="tfs" # Set CockroachDB installation mode to 'single'. This option is convenient for development and testing. # See ./deploy/all.sh or ./deploy/crdb.sh for additional details export CRDB_DEPLOY_MODE="single" # Disable flag for dropping database, if exists. export CRDB_DROP_DATABASE_IF_EXISTS="" # Disable flag for re-deploying CockroachDB from scratch. export CRDB_REDEPLOY="" # ----- NATS ------------------------------------------------------------------- # Set the namespace where NATS will be deployed. export NATS_NAMESPACE="nats" # Disable flag for re-deploying NATS from scratch. export NATS_REDEPLOY="" # ----- QuestDB ---------------------------------------------------------------- # If not already set, set the namespace where QuestDB will be deployed. export QDB_NAMESPACE="qdb" # If not already set, set the database username to be used by Monitoring. export QDB_USERNAME="admin" # If not already set, set the database user's password to be used by Monitoring. export QDB_PASSWORD="quest" # If not already set, set the table name to be used by Monitoring. export QDB_TABLE="tfs_monitoring" ## If not already set, disable flag for dropping table if exists. #export QDB_DROP_TABLE_IF_EXISTS="" # If not already set, disable flag for re-deploying QuestDB from scratch. export QDB_REDEPLOY=""
proto/l3_centralizedattackdetector.proto +9 −12 Original line number Diff line number Diff line Loading @@ -22,6 +22,9 @@ service L3Centralizedattackdetector { // Sends a batch of inputs to the ML model in the CAD component rpc SendInputBatch (L3CentralizedattackdetectorModelInput) returns (Empty) {} // DAD request of the list of features in CAD rpc SendFeatures (Empty) returns (AutoFeatures) {} } message Feature { Loading @@ -46,18 +49,7 @@ message L3CentralizedattackdetectorMetrics { repeated Feature features = 1; ConnectionMetadata connection_metadata = 2; /* string ip_o = 2; string port_o = 3; string ip_d = 4; string port_d = 5; string flow_id = 6; context.ServiceId service_id = 7; context.EndPointId endpoint_id = 8; string protocol = 9; float time_start = 10; float time_end = 11; */ } message ConnectionMetadata { Loading @@ -73,6 +65,11 @@ message ConnectionMetadata { float time_end = 10; } // Collection of int values representing ML features message AutoFeatures { repeated float autoFeatures = 1; } // Collection (batcb) of model inputs that will be sent to the model message L3CentralizedattackdetectorModelInput { repeated L3CentralizedattackdetectorMetrics metrics = 1; Loading
src/device/service/DeviceServiceServicerImpl.py +3 −0 Original line number Diff line number Diff line Loading @@ -128,6 +128,9 @@ class DeviceServiceServicerImpl(DeviceServiceServicer): # TODO: use of datastores (might be virtual ones) to enable rollbacks resources_to_set, resources_to_delete = compute_rules_to_add_delete(device, request) for resource in resources_to_set: LOGGER.debug('Resource to set: %s', resource) errors = [] errors.extend(configure_rules(device, driver, resources_to_set)) errors.extend(deconfigure_rules(device, driver, resources_to_delete)) Loading
