1 [](https://readthedocs.org/projects/flowspy/?badge=latest)
7 Firewall on Demand applies via NETCONF, flow rules to a network
8 device. These rules are then propagated via e-bgp to peering routers.
9 Each user is authenticated against shibboleth. Authorization is
10 performed via a combination of a Shibboleth attribute and the peer
11 network address range that the user originates from. FoD is meant to
12 operate over this architecture:
14 +-----------+ +------------+ +------------+
15 | FoD | NETCONF | flowspec | ebgp | router |
16 | web app +----------> device +--------> |
17 +-----------+ +------+-----+ +------------+
26 NETCONF is chosen as the mgmt protocol to apply rules to a single
27 flowspec capable device. Rules are then propagated via igbp to all
28 flowspec capable routers. Of course FoD could apply rules directly
29 (via NETCONF always) to a router and then ibgp would do the rest. In
30 GRNET's case the flowspec capable device is an EX4200.
32 **Attention**: Make sure your FoD server has ssh access to your flowspec device.
34 ##Installation Considerations##
37 You can find the installation instructions for Debian Wheezy (64)
38 with Django 1.4.x at [Flowspy documentation](http://flowspy.readthedocs.org).
39 If upgrading from a previous version bear in mind the changes introduced in Django 1.4.
43 You can find more about FoD or raise your issues at GRNET FoD
44 repository: [GRNET repo](https://code.grnet.gr/fod) or [Github repo](https://github.com/leopoul/flowspy).
46 You can contact us directly at leopoul{at}noc[dot]grnet(.)gr
projects / flowspy / blob