root / README.txt @ 0bf16f7f
History | View | Annotate | Download (1.7 kB)
1 | 93fc8356 | Leonidas Poulopoulos | |
---|---|---|---|
2 | 51ce199a | Leonidas Poulopoulos | Firewall on Demand |
3 | 51ce199a | Leonidas Poulopoulos | ****************** |
4 | 93fc8356 | Leonidas Poulopoulos | |
5 | 93fc8356 | Leonidas Poulopoulos | |
6 | 51ce199a | Leonidas Poulopoulos | Description |
7 | 93fc8356 | Leonidas Poulopoulos | =========== |
8 | 9f54980a | Leonidas Poulopoulos | |
9 | 51ce199a | Leonidas Poulopoulos | Firewall on Demand applies, via Netconf, flow rules to a network |
10 | 51ce199a | Leonidas Poulopoulos | device. These rules are then propagated via e-bgp to peering routers. |
11 | 51ce199a | Leonidas Poulopoulos | Each user is authenticated against shibboleth. Authorization is |
12 | 51ce199a | Leonidas Poulopoulos | performed via a combination of a Shibboleth attribute and the peer |
13 | 51ce199a | Leonidas Poulopoulos | network address range that the user originates from. FoD is meant to |
14 | 51ce199a | Leonidas Poulopoulos | operate over this architecture: |
15 | 51ce199a | Leonidas Poulopoulos | |
16 | 51ce199a | Leonidas Poulopoulos | +-----------+ +------------+ +------------+ |
17 | 51ce199a | Leonidas Poulopoulos | | FoD | NETCONF | flowspec | ebgp | router | |
18 | 51ce199a | Leonidas Poulopoulos | | web app +----------> device +--------> | |
19 | 51ce199a | Leonidas Poulopoulos | +-----------+ +------+-----+ +------------+ |
20 | 51ce199a | Leonidas Poulopoulos | | ebgp |
21 | 51ce199a | Leonidas Poulopoulos | | |
22 | 51ce199a | Leonidas Poulopoulos | +------v-----+ |
23 | 51ce199a | Leonidas Poulopoulos | | router | |
24 | 51ce199a | Leonidas Poulopoulos | | | |
25 | 51ce199a | Leonidas Poulopoulos | +------------+ |
26 | 51ce199a | Leonidas Poulopoulos | |
27 | 51ce199a | Leonidas Poulopoulos | NETCONF is chosen as the mgmt protocol to apply rules to a single |
28 | 51ce199a | Leonidas Poulopoulos | flowspec capable device. Rules are then propagated via igbp to all |
29 | 51ce199a | Leonidas Poulopoulos | flowspec capable routers. Of course FoD could apply rules directly |
30 | 51ce199a | Leonidas Poulopoulos | (via NETCONF always) to a router and then ibgp would do the rest. In |
31 | 51ce199a | Leonidas Poulopoulos | GRNET's case the flowspec capable device is an EX4200. |
32 | 51ce199a | Leonidas Poulopoulos | |
33 | 51ce199a | Leonidas Poulopoulos | Attention: Make sure your FoD server has ssh access to your flowspec device. |
34 | 51ce199a | Leonidas Poulopoulos | |
35 | 51ce199a | Leonidas Poulopoulos | |
36 | 51ce199a | Leonidas Poulopoulos | Installation Considerations |
37 | 51ce199a | Leonidas Poulopoulos | =========================== |
38 | 51ce199a | Leonidas Poulopoulos | |
39 | 1b39b805 | Leonidas Poulopoulos | You can find the installation instructions for Debian Wheezy (64) |
40 | 1b39b805 | Leonidas Poulopoulos | with Django 1.4.x at http://flowspy.readthedocs.org. |
41 | 1b39b805 | Leonidas Poulopoulos | If upgrading from a previous version bear in mind |
42 | 1b39b805 | Leonidas Poulopoulos | the changes introduced in Django 1.4. |
43 | 51ce199a | Leonidas Poulopoulos | |
44 | 51ce199a | Leonidas Poulopoulos | Contact |
45 | 51ce199a | Leonidas Poulopoulos | ======= |
46 | 51ce199a | Leonidas Poulopoulos | |
47 | 51ce199a | Leonidas Poulopoulos | You can find more about FoD or raise your issues at GRNET FoD |
48 | 51ce199a | Leonidas Poulopoulos | repository: https://code.grnet.gr/fod. |
49 | 51ce199a | Leonidas Poulopoulos | |
50 | 1b39b805 | Leonidas Poulopoulos | You can contact us directly at leopoul{at}noc[dot]grnet(.)gr |