root / doc / source / index.rst @ 0bf16f7f
History | View | Annotate | Download (1.9 kB)
| 1 | 51ce199a | Leonidas Poulopoulos | .. fod documentation master file, created by |
|---|---|---|---|
| 2 | 51ce199a | Leonidas Poulopoulos | sphinx-quickstart on Wed Oct 16 17:20:20 2013. |
| 3 | 51ce199a | Leonidas Poulopoulos | You can adapt this file completely to your liking, but it should at least |
| 4 | 51ce199a | Leonidas Poulopoulos | contain the root `toctree` directive. |
| 5 | 51ce199a | Leonidas Poulopoulos | |
| 6 | 51ce199a | Leonidas Poulopoulos | ****************** |
| 7 | 51ce199a | Leonidas Poulopoulos | Firewall on Demand |
| 8 | 51ce199a | Leonidas Poulopoulos | ****************** |
| 9 | 51ce199a | Leonidas Poulopoulos | |
| 10 | 51ce199a | Leonidas Poulopoulos | Description |
| 11 | 51ce199a | Leonidas Poulopoulos | =========== |
| 12 | 51ce199a | Leonidas Poulopoulos | Firewall on Demand applies, via Netconf, flow rules to a network device. These rules are then propagated via e-bgp to peering routers. Each user is authenticated against shibboleth. Authorization is performed via a combination of a Shibboleth attribute and the peer network address range that the user originates from. |
| 13 | 51ce199a | Leonidas Poulopoulos | FoD is meant to operate over this architecture:: |
| 14 | 51ce199a | Leonidas Poulopoulos | |
| 15 | 51ce199a | Leonidas Poulopoulos | +-----------+ +------------+ +------------+ |
| 16 | 51ce199a | Leonidas Poulopoulos | | FoD | NETCONF | flowspec | ebgp | router | |
| 17 | 51ce199a | Leonidas Poulopoulos | | web app +----------> device +--------> | |
| 18 | 51ce199a | Leonidas Poulopoulos | +-----------+ +------+-----+ +------------+ |
| 19 | 51ce199a | Leonidas Poulopoulos | | ebgp |
| 20 | 51ce199a | Leonidas Poulopoulos | | |
| 21 | 51ce199a | Leonidas Poulopoulos | +------v-----+ |
| 22 | 51ce199a | Leonidas Poulopoulos | | router | |
| 23 | 51ce199a | Leonidas Poulopoulos | | | |
| 24 | 51ce199a | Leonidas Poulopoulos | +------------+ |
| 25 | 51ce199a | Leonidas Poulopoulos | |
| 26 | 51ce199a | Leonidas Poulopoulos | NETCONF is chosen as the mgmt protocol to apply rules to a single flowspec capable device. Rules are then propagated via igbp to all flowspec capable routers. Of course FoD could apply rules directly (via NETCONF always) to a router and then ibgp would do the rest. |
| 27 | 51ce199a | Leonidas Poulopoulos | In GRNET's case the flowspec capable device is an EX4200. |
| 28 | 51ce199a | Leonidas Poulopoulos | |
| 29 | 51ce199a | Leonidas Poulopoulos | .. attention:: |
| 30 | 51ce199a | Leonidas Poulopoulos | Make sure your FoD server has ssh access to your flowspec device. |
| 31 | 51ce199a | Leonidas Poulopoulos | |
| 32 | b7566dcc | Leonidas Poulopoulos | .. attention:: |
| 33 | 0bf16f7f | Leonidas Poulopoulos | Installation instructions assume a clean Debian Wheezy with Django 1.4 |
| 34 | b7566dcc | Leonidas Poulopoulos | |
| 35 | 51ce199a | Leonidas Poulopoulos | Contact |
| 36 | 51ce199a | Leonidas Poulopoulos | ======= |
| 37 | 51ce199a | Leonidas Poulopoulos | You can find more about FoD or raise your issues at `GRNET FoD repository <https://code.grnet.gr/projects/flowspy>`_. |
| 38 | 51ce199a | Leonidas Poulopoulos | |
| 39 | 51ce199a | Leonidas Poulopoulos | You can contact us directly at leopoul{at}noc[dot]grnet(.)gr
|
| 40 | 51ce199a | Leonidas Poulopoulos | |
| 41 | 51ce199a | Leonidas Poulopoulos | Install |
| 42 | 51ce199a | Leonidas Poulopoulos | ======= |
| 43 | 51ce199a | Leonidas Poulopoulos | |
| 44 | 51ce199a | Leonidas Poulopoulos | .. toctree:: |
| 45 | 51ce199a | Leonidas Poulopoulos | :maxdepth: 2 |
| 46 | 51ce199a | Leonidas Poulopoulos | |
| 47 | 51ce199a | Leonidas Poulopoulos | install |
| 48 | 51ce199a | Leonidas Poulopoulos |