8 Firewall on Demand applies, via Netconf, flow rules to a network
9 device. These rules are then propagated via e-bgp to peering routers.
10 Each user is authenticated against shibboleth. Authorization is
11 performed via a combination of a Shibboleth attribute and the peer
12 network address range that the user originates from. FoD is meant to
13 operate over this architecture:
15 +-----------+ +------------+ +------------+
16 | FoD | NETCONF | flowspec | ebgp | router |
17 | web app +----------> device +--------> |
18 +-----------+ +------+-----+ +------------+
26 NETCONF is chosen as the mgmt protocol to apply rules to a single
27 flowspec capable device. Rules are then propagated via igbp to all
28 flowspec capable routers. Of course FoD could apply rules directly
29 (via NETCONF always) to a router and then ibgp would do the rest. In
30 GRNET's case the flowspec capable device is an EX4200.
32 Attention: Make sure your FoD server has ssh access to your flowspec device.
35 Installation Considerations
36 ===========================
38 You can find the installation instructions for Debian Wheezy (64)
39 with Django 1.4.x at http://flowspy.readthedocs.org.
40 If upgrading from a previous version bear in mind
41 the changes introduced in Django 1.4.
46 You can find more about FoD or raise your issues at GRNET FoD
47 repository: https://code.grnet.gr/fod.
49 You can contact us directly at leopoul{at}noc[dot]grnet(.)gr