root / README.md @ 3ff6f95b
History | View | Annotate | Download (2.6 kB)
1 |
[![Documentation Status](https://readthedocs.org/projects/flowspy/badge/?version=latest)](https://readthedocs.org/projects/flowspy/?badge=latest) |
---|---|
2 |
|
3 |
#Firewall on Demand# |
4 |
|
5 |
##Description## |
6 |
|
7 |
Firewall on Demand applies via NETCONF, flow rules to a network |
8 |
device. These rules are then propagated via e-bgp to peering routers. |
9 |
Each user is authenticated against shibboleth. Authorization is |
10 |
performed via a combination of a Shibboleth attribute and the peer |
11 |
network address range that the user originates from. FoD is meant to |
12 |
operate over this architecture: |
13 |
|
14 |
+-----------+ +------------+ +------------+ |
15 |
| FoD | NETCONF | flowspec | ebgp | router | |
16 |
| web app +----------> device +--------> | |
17 |
+-----------+ +------+-----+ +------------+ |
18 |
| ebgp |
19 |
| |
20 |
+------v-----+ |
21 |
| router | |
22 |
| | |
23 |
+------------+ |
24 |
|
25 |
|
26 |
NETCONF is chosen as the mgmt protocol to apply rules to a single |
27 |
flowspec capable device. Rules are then propagated via igbp to all |
28 |
flowspec capable routers. Of course FoD could apply rules directly |
29 |
(via NETCONF always) to a router and then ibgp would do the rest. In |
30 |
GRNET's case the flowspec capable device is an EX4200. |
31 |
|
32 |
**Attention**: Make sure your FoD server has ssh access to your flowspec device. |
33 |
|
34 |
##Installation Considerations## |
35 |
|
36 |
|
37 |
You can find the installation instructions for Debian Wheezy (64) |
38 |
with Django 1.4.x at [Flowspy documentation](http://flowspy.readthedocs.org). |
39 |
If upgrading from a previous version bear in mind the changes introduced in Django 1.4. |
40 |
|
41 |
##Contact## |
42 |
|
43 |
You can find more about FoD or raise your issues at GRNET FoD |
44 |
repository: [GRNET repo](https://code.grnet.gr/fod) or [Github repo](https://github.com/grnet/flowspy). |
45 |
|
46 |
You can contact us directly at noc{at}noc[dot]grnet(.)gr |
47 |
|
48 |
## Copyright and license |
49 |
|
50 |
Copyright © 2010-2014 Greek Research and Technology Network (GRNET S.A.) |
51 |
|
52 |
This program is free software: you can redistribute it and/or modify |
53 |
it under the terms of the GNU General Public License as published by |
54 |
the Free Software Foundation, either version 3 of the License, or |
55 |
(at your option) any later version. |
56 |
|
57 |
This program is distributed in the hope that it will be useful, |
58 |
but WITHOUT ANY WARRANTY; without even the implied warranty of |
59 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
60 |
GNU General Public License for more details. |
61 |
|
62 |
You should have received a copy of the GNU General Public License |
63 |
along with this program. If not, see <http://www.gnu.org/licenses/>. |