Hello, guys! This project is being developed as part of my Ph.D. research to evaluate my proposal through a prototypical experiment. My research is currently focused on developing a novel solution based on blockchain to support the signaling of DDoS attacks across multiple domains in a distributed defense.

After an initial prototype implementing different network domains on the same host, the second step was to extend the prototype to a truly distributed approach. At this point came the idea of using these boards to develop the project. Although remaining on a smaller scale, the prototype allows evaluating with a more practical view different aspects of the system (mainly related to performance).

Although the software/applications used in the project are specific to the problem I am trying to solve, I believe that the description of the hardware/how to set up a cluster can be useful for other applications. However, let me know if you want to find out more details on the project.

Motivation

Many centralized DDoS defense systems lack hardware resources or software capabilities to detect and mitigate attacks by themselves, and as DDoS attacks become progressively sophisticated and coordinated, the defense from such attacks likewise needs distribution and coordination. Thus, coordinated and distributed defense efforts have become an attractive alternative to extend the defense capabilities of a single system.

Description

The idea of this project is to use blockchain and software-defined networking to provide such collaborative defense reducing the complexity of existing distributed protocols and architectures for gossiping DDoS attacks information. While blockchain simplifies existing approaches with an out-of-the-box distributed infrastructure to broadcast addresses without the need to build specialized registries or other distribution mechanisms/protocols, software-defined networks can optimize the management of flows in response to attacks.

Hardware

18x Tinkerboards

18x USB Cables (A - Micro)

6x Sandisk MicroSD 32 Gb Class 10 (controllers on top)

12x Sandisk MicroSD 16 Gb Class 10

3x 1Gb - D-link switch

3x 1Gb - MikroTik RB750Gr

3x 100/10 Mb - ZodiacFX SDN/OpenFlow switch

1x 1Gb - MikroTik RB962UiGS-5HACT2HNT (Wireless access + mgmt)

3x Aukey PA-T11 (6 ports USB power supply - no problems so far)

3x AC Infinity Quiet Dual Fan 80mm (USB powered)

8x Multi-pi stackable case (+ some extra screws+spacers)

20x Ethernet cables 30cm CAT6

1x Gb PoE injector (to reduce the number of power cables)

18x Pimoroni Blinkt LEDs (wanted to use as a visual load indicator)

18x GPIO extender 90 degrees (to use with the Blinkt)

As I am using gigabit switches (and worse, the fast Ethernet SDN switch to interconnect the domains), thus I have a network bottleneck. For my application, it is not a huge issue, but if you want to build a cluster exploring the full capabilities of the tinkerboard Ethernet card, consider a 10 Gbps switch.

Two crucial points are the power supply and the cooling fans.

Power Supply

A fundamental choice is the Power Supply Unit (PSU) and how you will power the tinkerboards (micro USB or GPIO). Although there are some reports of instability while powering via micro USB, I choose this option because it is the simplest. However, you need to choose a good PSU and good cables. So far I had no problems using the Aukey charger (6 outports, two with 3A and four with 2.4A).

Temperature

The tinkerboard produce lots of heat, and it gets worse when they are stacked. After seeing many reports of overheating issues, I used the AC Infinity fans (inspired by an RPi cluster project), and I also had no heating issues so far.

Images

It is still an ongoing project, and many improvements are needed, but here are some images:

Tinkerboard receiving blocks through the geth client.

* It is not possible to mine Ethereum due to the RAM (at least 4 Gb is required). Thus I used two laptops connected to the management network.

Simple CnC to simulate a flood attack to a host

* Credits: https://github.com/marcorosa/CnC-Botnet-in-Python

A host in the AS 300 (tinkerboard 18 or tkb18) is the iperf server receiving network traffic

Grafana displaying the network stastistics

Traffic data monitored by the controllers is sent to an InfluxDB endpoint in the laptop which displays the stats in Grafana. The drop in inter-domain outbound traffic shows the attack blocking.

AS 300 reporting addresses to the Blockchain

AS 200 retrieving addresses and blocking hosts in his domain