9 Firewall on Demand applies, via Netconf, flow rules to a network
10 device. These rules are then propagated via e-bgp to peering routers.
11 Each user is authenticated against shibboleth. Authorization is
12 performed via a combination of a Shibboleth attribute and the peer
13 network address range that the user originates from. FoD is meant to
14 operate over this architecture:
16 +-----------+ +------------+ +------------+
17 | FoD | NETCONF | flowspec | ebgp | router |
18 | web app +----------> device +--------> |
19 +-----------+ +------+-----+ +------------+
27 NETCONF is chosen as the mgmt protocol to apply rules to a single
28 flowspec capable device. Rules are then propagated via igbp to all
29 flowspec capable routers. Of course FoD could apply rules directly
30 (via NETCONF always) to a router and then ibgp would do the rest. In
31 GRNET's case the flowspec capable device is an EX4200.
33 Attention: Make sure your FoD server has ssh access to your flowspec device.
36 Installation Considerations
37 ===========================
39 You can find the installation instructions for Debian Wheezy (64)
40 with Django 1.4.x at http://flowspy.readthedocs.org.
41 If upgrading from a previous version bear in mind
42 the changes introduced in Django 1.4.
47 You can find more about FoD or raise your issues at GRNET FoD
48 repository: https://code.grnet.gr/fod.
50 You can contact us directly at leopoul{at}noc[dot]grnet(.)gr