/README.txt - Annotate - Firewall on Demand - Greek Research and Technology Network's projects

root / README.txt @ 0bf16f7f

History | View | Annotate | Download (1.7 kB)

1	93fc8356	Leonidas Poulopoulos
2	51ce199a	Leonidas Poulopoulos	Firewall on Demand
3	51ce199a	Leonidas Poulopoulos	******************
4	93fc8356	Leonidas Poulopoulos
5	93fc8356	Leonidas Poulopoulos
6	51ce199a	Leonidas Poulopoulos	Description
7	93fc8356	Leonidas Poulopoulos	===========
8	9f54980a	Leonidas Poulopoulos
9	51ce199a	Leonidas Poulopoulos	Firewall on Demand applies, via Netconf, flow rules to a network
10	51ce199a	Leonidas Poulopoulos	device. These rules are then propagated via e-bgp to peering routers.
11	51ce199a	Leonidas Poulopoulos	Each user is authenticated against shibboleth. Authorization is
12	51ce199a	Leonidas Poulopoulos	performed via a combination of a Shibboleth attribute and the peer
13	51ce199a	Leonidas Poulopoulos	network address range that the user originates from. FoD is meant to
14	51ce199a	Leonidas Poulopoulos	operate over this architecture:
15	51ce199a	Leonidas Poulopoulos
16	51ce199a	Leonidas Poulopoulos	+-----------+ +------------+ +------------+
17	51ce199a	Leonidas Poulopoulos	\| FoD \| NETCONF \| flowspec \| ebgp \| router \|
18	51ce199a	Leonidas Poulopoulos	\| web app +----------> device +--------> \|
19	51ce199a	Leonidas Poulopoulos	+-----------+ +------+-----+ +------------+
20	51ce199a	Leonidas Poulopoulos	\| ebgp
21	51ce199a	Leonidas Poulopoulos	\|
22	51ce199a	Leonidas Poulopoulos	+------v-----+
23	51ce199a	Leonidas Poulopoulos	\| router \|
24	51ce199a	Leonidas Poulopoulos	\| \|
25	51ce199a	Leonidas Poulopoulos	+------------+
26	51ce199a	Leonidas Poulopoulos
27	51ce199a	Leonidas Poulopoulos	NETCONF is chosen as the mgmt protocol to apply rules to a single
28	51ce199a	Leonidas Poulopoulos	flowspec capable device. Rules are then propagated via igbp to all
29	51ce199a	Leonidas Poulopoulos	flowspec capable routers. Of course FoD could apply rules directly
30	51ce199a	Leonidas Poulopoulos	(via NETCONF always) to a router and then ibgp would do the rest. In
31	51ce199a	Leonidas Poulopoulos	GRNET's case the flowspec capable device is an EX4200.
32	51ce199a	Leonidas Poulopoulos
33	51ce199a	Leonidas Poulopoulos	Attention: Make sure your FoD server has ssh access to your flowspec device.
34	51ce199a	Leonidas Poulopoulos
35	51ce199a	Leonidas Poulopoulos
36	51ce199a	Leonidas Poulopoulos	Installation Considerations
37	51ce199a	Leonidas Poulopoulos	===========================
38	51ce199a	Leonidas Poulopoulos
39	1b39b805	Leonidas Poulopoulos	You can find the installation instructions for Debian Wheezy (64)
40	1b39b805	Leonidas Poulopoulos	with Django 1.4.x at http://flowspy.readthedocs.org.
41	1b39b805	Leonidas Poulopoulos	If upgrading from a previous version bear in mind
42	1b39b805	Leonidas Poulopoulos	the changes introduced in Django 1.4.
43	51ce199a	Leonidas Poulopoulos
44	51ce199a	Leonidas Poulopoulos	Contact
45	51ce199a	Leonidas Poulopoulos	=======
46	51ce199a	Leonidas Poulopoulos
47	51ce199a	Leonidas Poulopoulos	You can find more about FoD or raise your issues at GRNET FoD
48	51ce199a	Leonidas Poulopoulos	repository: https://code.grnet.gr/fod.
49	51ce199a	Leonidas Poulopoulos
50	1b39b805	Leonidas Poulopoulos	You can contact us directly at leopoul{at}noc[dot]grnet(.)gr