5G Slicing Using OVS For Secure Banking Edge
Secured Banking Slice Demo
.png)
hIntroduction:
This project showcases the implementation of 5G slicing through SDN,
enhancing the security of the banking edge server and restricting access
to only those individuals within the designated slice, even when they
are connected to the same 5G core.
Requirements:
This experiment has been performed by 5G use case lab (5GUCL) IDRBT.
Requirements: USRP B210, PC with 16GB RAM and a hexa-core processor.
Requirements: USRP B210, PC with 16GB RAM and a hexa-core processor.
Download Docker, Docker-compose.
Clone the Repo: https://github.com/5g-ucl-idrbt/5G-ovs-integration.git
Follow the instructions.
You can perform the experiment in both simulated and physical environment.
Prerequisites:
Before you run for your personalized requirement you have to change :
- the port number as well as IP addreses in the RYU code.
- the port number as well as IP addreses in the RYU code.
The path is "5G-ovs-integration/docker-compose/ryuctrlr
/automac_UEbind.py"
/automac_UEbind.py"
Change the UE Ip accordingly which you want in the slice & change the port according to the servers hosted port
Line 80: if (pkt.get_protocol(tcp.tcp) and pkt.get_protocol(tcp.tcp).dst_port == 9999 and pkt.get_protocol(ipv4.ipv4).src=="12.1.1.2"):
#### change the UE Ip accordingly which you want in the slice & change the port according to the servers hosted port ####
Change the IP of the server (you also have to change the ip in the run.sh file)
Line 91: parser.OFPActionSetField(ipv4_dst="10.0.0.2"),
Change the IP of the server (you also have to change the ip in the run.sh file)
Line 91: parser.OFPActionSetField(ipv4_dst="10.0.0.2"),
### change the IP of the server (you also have to change the ip in the run.sh file) ###
Change the port according to the servers hosted port
Line 98: elif (pkt.get_protocol(tcp.tcp) and pkt.get_protocol(tcp.tcp).src_port == 9999): ### change the port according to the servers hosted port ###
Change the IP of the router (you also have to change the ip in the run.sh file)
Line 108: parser.OFPActionSetField(ipv4_src="10.0.0.3"),
Change the port according to the servers hosted port
Line 98: elif (pkt.get_protocol(tcp.tcp) and pkt.get_protocol(tcp.tcp).src_port == 9999): ### change the port according to the servers hosted port ###
Change the IP of the router (you also have to change the ip in the run.sh file)
Line 108: parser.OFPActionSetField(ipv4_src="10.0.0.3"),
### change the IP of the router (you also have to change the ip in the run.sh file) ###
Change the port according to the servers hosted port
```
Line 115: elif (pkt.get_protocol(tcp.tcp) and pkt.get_protocol(tcp.tcp).src_port != 9999 and pkt.get_protocol(tcp.tcp).dst_port != 9999): ### change the port according to the servers hosted port ###
Make sure you have built the banking-app image using the docker file present in the "/dockerfiles" folder
Change the port according to the servers hosted port
```
Line 115: elif (pkt.get_protocol(tcp.tcp) and pkt.get_protocol(tcp.tcp).src_port != 9999 and pkt.get_protocol(tcp.tcp).dst_port != 9999): ### change the port according to the servers hosted port ###
Make sure you have built the banking-app image using the docker file present in the "/dockerfiles" folder
- run the scenario
cd 5G-ovs-integration/docker-compose
sudo docker compose -f docker-compose-slicing-bank-nrf.yaml up -d
```
- Run the slicing setup script
```cd oai-cn5g-fed/docker-compose
chmod +x run.sh
sudo ./run.sh
```
- Run the slicing code in the RYU controller
```sudo docker exec ryu ryu-manager --observe-links ryu/ryu/app/ryucode.py
```
- In a new tab observe the AMF logs To check if the devices are connected to core
```sudo docker logs --follow oai-amf
```
- Commmands to be executed in Core VM in order to connect to the gNB
```sudo sysctl net.ipv4.ip_forward=1
sudo iptables -P FORWARD ACCEPT
sudo ip route add 192.168.71.194 via <GNB Baremetal IP>
sudo ip route add 12.1.1.0/24 via 192.168.70.134 # Forward packets to Mobiles from external sources
```
- Setting up gNB in a diffrent PC
Clone this repo and follow the instructions ref: https://github.com/5g-ucl-idrbt/oai-gnodeb-b210- Commands to be executed in gNB
Plug in the USRP B210 in USB 3.0 port```
sudo sysctl net.ipv4.ip_forward=1
sudo iptables -P FORWARD ACCEPT
sudo ip route add 192.168.70.128/26 via <Bridge IP of Core VM>
```
- To run the gNB docker
```cd ci-scripts/yaml_files/sa_b200_gnb/
sudo docker-compose up -d
```
- To get into the gNB shell
```sudo docker exec -it sa-b200-gnb bash
```
- Execute the commands to run the gNB
```bash bin/entrypoint.sh
/opt/oai-gnb/bin/nr-softmodem -O /opt/oai-gnb/etc/gnb.conf $USE_ADDITIONAL_OPTIONS
```
Testing The Slice
- Now the very first UE device which latches to the network will latch to the banking security slice. It can be configured at ```5G-ovs-integration/docker-compose/ryuctrlr/automac_UEbind.py``` at ```LINE:80```- On the first UE device open a browser and go the url http://10.0.0.3:3000 you will be able to get the website and you can use the credentials to check account number: ```123456``` and password: ```password123```
- Now connect the 2nd UE to the network and try to go to the same url, you will see that the 2nd UE will not fetch the website.
- Due to slicing we have isolated the 1st UE with the access to the banking portal website
Observation
Even if the server is being hosted on 10.0.0.2:3000 the UE is able to access the server via 10.0.0.3:3000 which is the ip of the router which is going towards the internet. Here, we have isolated the server on the network layer level.To down the setup
In Core pc```
cd 5G-ovs-integration/docker-compose
sudo docker compose -f docker-compose-slicing-bank-nrf.yaml down
```
In gNB PC
```
cd ci-scripts/yaml_files/sa_b200_gnb/
sudo docker-compose down
```
by :
V Abhishek Raj (vabhishekraj@idrbt.ac.in)
Anshul Kumar (anshulkumar@idrbt.ac.in)
Project supported by 5G Use case lab & Networking lab - IDRBT
Comments
Post a Comment