root / doc / build / html / _sources / index.txt @ 6de88ee1
History | View | Annotate | Download (1.9 kB)
1 | 6de88ee1 | Stauros Kroustouris | .. fod documentation master file, created by |
---|---|---|---|
2 | 6de88ee1 | Stauros Kroustouris | sphinx-quickstart on Wed Oct 16 17:20:20 2013. |
3 | 6de88ee1 | Stauros Kroustouris | You can adapt this file completely to your liking, but it should at least |
4 | 6de88ee1 | Stauros Kroustouris | contain the root `toctree` directive. |
5 | 6de88ee1 | Stauros Kroustouris | |
6 | 6de88ee1 | Stauros Kroustouris | ****************** |
7 | 6de88ee1 | Stauros Kroustouris | Firewall on Demand |
8 | 6de88ee1 | Stauros Kroustouris | ****************** |
9 | 6de88ee1 | Stauros Kroustouris | |
10 | 6de88ee1 | Stauros Kroustouris | Description |
11 | 6de88ee1 | Stauros Kroustouris | =========== |
12 | 6de88ee1 | Stauros Kroustouris | Firewall on Demand applies, via Netconf, flow rules to a network device. These rules are then propagated via e-bgp to peering routers. Each user is authenticated against shibboleth. Authorization is performed via a combination of a Shibboleth attribute and the peer network address range that the user originates from. |
13 | 6de88ee1 | Stauros Kroustouris | FoD is meant to operate over this architecture:: |
14 | 6de88ee1 | Stauros Kroustouris | |
15 | 6de88ee1 | Stauros Kroustouris | +-----------+ +------------+ +------------+ |
16 | 6de88ee1 | Stauros Kroustouris | | FoD | NETCONF | flowspec | ebgp | router | |
17 | 6de88ee1 | Stauros Kroustouris | | web app +----------> device +--------> | |
18 | 6de88ee1 | Stauros Kroustouris | +-----------+ +------+-----+ +------------+ |
19 | 6de88ee1 | Stauros Kroustouris | | ebgp |
20 | 6de88ee1 | Stauros Kroustouris | | |
21 | 6de88ee1 | Stauros Kroustouris | +------v-----+ |
22 | 6de88ee1 | Stauros Kroustouris | | router | |
23 | 6de88ee1 | Stauros Kroustouris | | | |
24 | 6de88ee1 | Stauros Kroustouris | +------------+ |
25 | 6de88ee1 | Stauros Kroustouris | |
26 | 6de88ee1 | Stauros Kroustouris | NETCONF is chosen as the mgmt protocol to apply rules to a single flowspec capable device. Rules are then propagated via igbp to all flowspec capable routers. Of course FoD could apply rules directly (via NETCONF always) to a router and then ibgp would do the rest. |
27 | 6de88ee1 | Stauros Kroustouris | In GRNET's case the flowspec capable device is an EX4200. |
28 | 6de88ee1 | Stauros Kroustouris | |
29 | 6de88ee1 | Stauros Kroustouris | .. attention:: |
30 | 6de88ee1 | Stauros Kroustouris | Make sure your FoD server has ssh access to your flowspec device. |
31 | 6de88ee1 | Stauros Kroustouris | |
32 | 6de88ee1 | Stauros Kroustouris | .. attention:: |
33 | 6de88ee1 | Stauros Kroustouris | Installation instructions assume a clean Debian Wheezy with Django 1.4 |
34 | 6de88ee1 | Stauros Kroustouris | |
35 | 6de88ee1 | Stauros Kroustouris | Contact |
36 | 6de88ee1 | Stauros Kroustouris | ======= |
37 | 6de88ee1 | Stauros Kroustouris | You can find more about FoD or raise your issues at `GRNET FoD repository <https://code.grnet.gr/projects/flowspy>`_. |
38 | 6de88ee1 | Stauros Kroustouris | |
39 | 6de88ee1 | Stauros Kroustouris | You can contact us directly at leopoul{at}noc[dot]grnet(.)gr |
40 | 6de88ee1 | Stauros Kroustouris | |
41 | 6de88ee1 | Stauros Kroustouris | Install |
42 | 6de88ee1 | Stauros Kroustouris | ======= |
43 | 6de88ee1 | Stauros Kroustouris | |
44 | 6de88ee1 | Stauros Kroustouris | .. toctree:: |
45 | 6de88ee1 | Stauros Kroustouris | :maxdepth: 2 |
46 | 6de88ee1 | Stauros Kroustouris | |
47 | 6de88ee1 | Stauros Kroustouris | install |
48 | 6de88ee1 | Stauros Kroustouris |