root / doc / source / index.rst @ 1c9bea54
History | View | Annotate | Download (2 kB)
1 |
.. fod documentation master file, created by |
---|---|
2 |
sphinx-quickstart on Wed Oct 16 17:20:20 2013. |
3 |
You can adapt this file completely to your liking, but it should at least |
4 |
contain the root `toctree` directive. |
5 |
|
6 |
****************** |
7 |
Firewall on Demand |
8 |
****************** |
9 |
|
10 |
Description |
11 |
=========== |
12 |
Firewall on Demand applies, via Netconf, flow rules to a network device. These rules are then propagated via e-bgp to peering routers. Each user is authenticated against shibboleth. Authorization is performed via a combination of a Shibboleth attribute and the peer network address range that the user originates from. |
13 |
FoD is meant to operate over this architecture:: |
14 |
|
15 |
+-----------+ +------------+ +------------+ |
16 |
| FoD | NETCONF | flowspec | ebgp | router | |
17 |
| web app +----------> device +--------> | |
18 |
+-----------+ +------+-----+ +------------+ |
19 |
| ebgp |
20 |
| |
21 |
+------v-----+ |
22 |
| router | |
23 |
| | |
24 |
+------------+ |
25 |
|
26 |
NETCONF is chosen as the mgmt protocol to apply rules to a single flowspec capable device. Rules are then propagated via igbp to all flowspec capable routers. Of course FoD could apply rules directly (via NETCONF always) to a router and then ibgp would do the rest. |
27 |
In GRNET's case the flowspec capable device is an EX4200. |
28 |
|
29 |
.. attention:: |
30 |
Make sure your FoD server has ssh access to your flowspec device. |
31 |
|
32 |
.. attention:: |
33 |
Installation instructions assume a clean Debian Wheezy with Django 1.4 |
34 |
|
35 |
Contact |
36 |
======= |
37 |
You can find more about FoD or raise your issues at `GRNET FoD repository <https://code.grnet.gr/projects/flowspy>`_ or `GRNET FoD Github repo <https://github.com/grnet/flowspy>`_ . |
38 |
|
39 |
You can contact us directly at grnet{at}noc[dot]grnet(.)gr |
40 |
|
41 |
Install |
42 |
======= |
43 |
|
44 |
.. toctree:: |
45 |
:maxdepth: 2 |
46 |
|
47 |
install |
48 |
|
49 |
|