Statistics
| Branch: | Tag: | Revision:

root / doc / source / index.rst @ 1c9bea54

History | View | Annotate | Download (2 kB)

1 1c9bea54 Leonidas Poulopoulos
.. fod documentation master file, created by
2 1c9bea54 Leonidas Poulopoulos
   sphinx-quickstart on Wed Oct 16 17:20:20 2013.
3 1c9bea54 Leonidas Poulopoulos
   You can adapt this file completely to your liking, but it should at least
4 1c9bea54 Leonidas Poulopoulos
   contain the root `toctree` directive.
5 1c9bea54 Leonidas Poulopoulos
6 1c9bea54 Leonidas Poulopoulos
******************
7 1c9bea54 Leonidas Poulopoulos
Firewall on Demand
8 1c9bea54 Leonidas Poulopoulos
******************
9 1c9bea54 Leonidas Poulopoulos
10 1c9bea54 Leonidas Poulopoulos
Description
11 1c9bea54 Leonidas Poulopoulos
===========
12 1c9bea54 Leonidas Poulopoulos
Firewall on Demand applies, via Netconf, flow rules to a network device. These rules are then propagated via e-bgp to peering routers. Each user is authenticated against shibboleth. Authorization is performed via a combination of a Shibboleth attribute and the peer network address range that the user originates from.
13 1c9bea54 Leonidas Poulopoulos
FoD is meant to operate over this architecture::
14 1c9bea54 Leonidas Poulopoulos
15 1c9bea54 Leonidas Poulopoulos
          +-----------+          +------------+        +------------+
16 1c9bea54 Leonidas Poulopoulos
          |   FoD     | NETCONF  | flowspec   | ebgp   |   router   |
17 1c9bea54 Leonidas Poulopoulos
          | web app   +----------> device     +-------->            |
18 1c9bea54 Leonidas Poulopoulos
          +-----------+          +------+-----+        +------------+
19 1c9bea54 Leonidas Poulopoulos
                                        | ebgp
20 1c9bea54 Leonidas Poulopoulos
                                        |
21 1c9bea54 Leonidas Poulopoulos
                                 +------v-----+
22 1c9bea54 Leonidas Poulopoulos
                                 |   router   |
23 1c9bea54 Leonidas Poulopoulos
                                 |            |
24 1c9bea54 Leonidas Poulopoulos
                                 +------------+
25 1c9bea54 Leonidas Poulopoulos
26 1c9bea54 Leonidas Poulopoulos
NETCONF is chosen as the mgmt protocol to apply rules to a single flowspec capable device. Rules are then propagated via igbp to all flowspec capable routers. Of course FoD could apply rules directly (via NETCONF always) to a router and then ibgp would do the rest.
27 1c9bea54 Leonidas Poulopoulos
In GRNET's case the flowspec capable device is an EX4200.
28 1c9bea54 Leonidas Poulopoulos
29 1c9bea54 Leonidas Poulopoulos
.. attention::
30 1c9bea54 Leonidas Poulopoulos
	Make sure your FoD server has ssh access to your flowspec device.
31 1c9bea54 Leonidas Poulopoulos
32 1c9bea54 Leonidas Poulopoulos
.. attention::
33 1c9bea54 Leonidas Poulopoulos
   Installation instructions assume a clean Debian Wheezy with Django 1.4
34 1c9bea54 Leonidas Poulopoulos
   
35 1c9bea54 Leonidas Poulopoulos
Contact
36 1c9bea54 Leonidas Poulopoulos
=======
37 1c9bea54 Leonidas Poulopoulos
You can find more about FoD or raise your issues at `GRNET FoD repository <https://code.grnet.gr/projects/flowspy>`_ or `GRNET FoD Github repo <https://github.com/grnet/flowspy>`_ .
38 1c9bea54 Leonidas Poulopoulos
39 1c9bea54 Leonidas Poulopoulos
You can contact us directly at grnet{at}noc[dot]grnet(.)gr
40 1c9bea54 Leonidas Poulopoulos
41 1c9bea54 Leonidas Poulopoulos
Install
42 1c9bea54 Leonidas Poulopoulos
=======
43 1c9bea54 Leonidas Poulopoulos
44 1c9bea54 Leonidas Poulopoulos
.. toctree::
45 1c9bea54 Leonidas Poulopoulos
   :maxdepth: 2
46 1c9bea54 Leonidas Poulopoulos
47 1c9bea54 Leonidas Poulopoulos
   install
48 1c9bea54 Leonidas Poulopoulos