Statistics
| Branch: | Tag: | Revision:

root / README.md @ 0492a5b5

History | View | Annotate | Download (2.6 kB)

1 
[![Documentation Status](https://readthedocs.org/projects/flowspy/badge/?version=latest)](https://readthedocs.org/projects/flowspy/?badge=latest)
2 

    		
  

  

  

    
      3
    
    
      
#Firewall on Demand#


    		
  

  

  

    
      4
    
    
      

    		
  

  

  

    
      5
    
    
      
##Description##


    		
  

  

  

    
      6
    
    
      

    		
  

  

  

    
      7
    
    
      
Firewall on Demand applies via NETCONF, flow rules to a network


    		
  

  

  

    
      8
    
    
      
device. These rules are then propagated via e-bgp to peering routers.


    		
  

  

  

    
      9
    
    
      
Each user is authenticated against shibboleth. Authorization is


    		
  

  

  

    
      10
    
    
      
performed via a combination of a Shibboleth attribute and the peer


    		
  

  

  

    
      11
    
    
      
network address range that the user originates from. FoD is meant to


    		
  

  

  

    
      12
    
    
      
operate over this architecture:


    		
  

  

  

    
      13
    
    
      

    		
  

  

  

    
      14
    
    
      
       +-----------+          +------------+        +------------+


    		
  

  

  

    
      15
    
    
      
       |   FoD     | NETCONF  | flowspec   | ebgp   |   router   |


    		
  

  

  

    
      16
    
    
      
       | web app   +----------> device     +-------->            |


    		
  

  

  

    
      17
    
    
      
       +-----------+          +------+-----+        +------------+


    		
  

  

  

    
      18
    
    
      
                                     | ebgp


    		
  

  

  

    
      19
    
    
      
                                     |


    		
  

  

  

    
      20
    
    
      
                              +------v-----+


    		
  

  

  

    
      21
    
    
      
                              |   router   |


    		
  

  

  

    
      22
    
    
      
                              |            |


    		
  

  

  

    
      23
    
    
      
                              +------------+


    		
  

  

  

    
      24
    
    
      

    		
  

  

  

    
      25
    
    
      

    		
  

  

  

    
      26
    
    
      
NETCONF is chosen as the mgmt protocol to apply rules to a single


    		
  

  

  

    
      27
    
    
      
flowspec capable device. Rules are then propagated via igbp to all


    		
  

  

  

    
      28
    
    
      
flowspec capable routers. Of course FoD could apply rules directly


    		
  

  

  

    
      29
    
    
      
(via NETCONF always) to a router and then ibgp would do the rest. In


    		
  

  

  

    
      30
    
    
      
GRNET's case the flowspec capable device is an EX4200.


    		
  

  

  

    
      31
    
    
      

    		
  

  

  

    
      32
    
    
      
**Attention**: Make sure your FoD server has ssh access to your flowspec device.


    		
  

  

  

    
      33
    
    
      

    		
  

  

  

    
      34
    
    
      
##Installation Considerations##


    		
  

  

  

    
      35
    
    
      

    		
  

  

  

    
      36
    
    
      

    		
  

  

  

    
      37
    
    
      
You can find the installation instructions for Debian Wheezy (64)


    		
  

  

  

    
      38
    
    
      
with Django 1.4.x at [Flowspy documentation](http://flowspy.readthedocs.org). 


    		
  

  

  

    
      39
    
    
      
If upgrading from a previous version bear in mind the changes introduced in Django 1.4. 


    		
  

  

  

    
      40
    
    
      

    		
  

  

  

    
      41
    
    
      
##Contact##


    		
  

  

  

    
      42
    
    
      

    		
  

  

  

    
      43
    
    
      
You can find more about FoD or raise your issues at GRNET FoD


    		
  

  

  

    
      44
    
    
      
repository: [GRNET repo](https://code.grnet.gr/fod) or [Github repo](https://github.com/grnet/flowspy).


    		
  

  

  

    
      45
    
    
      

    		
  

  

  

    
      46
    
    
      
You can contact us directly at noc{at}noc[dot]grnet(.)gr


    		
  

  

  

    
      47
    
    
      

    		
  

  

  

    
      48
    
    
      
## Copyright and license


    		
  

  

  

    
      49
    
    
      

    		
  

  

  

    
      50
    
    
      
Copyright © 2010-2014 Greek Research and Technology Network (GRNET S.A.)


    		
  

  

  

    
      51
    
    
      

    		
  

  

  

    
      52
    
    
      
This program is free software: you can redistribute it and/or modify


    		
  

  

  

    
      53
    
    
      
it under the terms of the GNU General Public License as published by


    		
  

  

  

    
      54
    
    
      
the Free Software Foundation, either version 3 of the License, or


    		
  

  

  

    
      55
    
    
      
(at your option) any later version.


    		
  

  

  

    
      56
    
    
      

    		
  

  

  

    
      57
    
    
      
This program is distributed in the hope that it will be useful,


    		
  

  

  

    
      58
    
    
      
but WITHOUT ANY WARRANTY; without even the implied warranty of


    		
  

  

  

    
      59
    
    
      
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the


    		
  

  

  

    
      60
    
    
      
GNU General Public License for more details.


    		
  

  

  

    
      61
    
    
      

    		
  

  

  

    
      62
    
    
      
You should have received a copy of the GNU General Public License


    		
  

  

  

    
      63
    
    
      
along with this program.  If not, see <http://www.gnu.org/licenses/>.