Firewall on Demand

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

    <title>Firewall on Demand &mdash; fod 1.1.0 documentation</title>

    <link rel="stylesheet" href="_static/default.css" type="text/css" />

    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />

    <script type="text/javascript">

      var DOCUMENTATION_OPTIONS = {

        URL_ROOT:    '',

        VERSION:     '1.1.0',

        COLLAPSE_INDEX: false,

        FILE_SUFFIX: '.html',

        HAS_SOURCE:  true

      };

    </script>

    <script type="text/javascript" src="_static/jquery.js"></script>

    <script type="text/javascript" src="_static/underscore.js"></script>

    <script type="text/javascript" src="_static/doctools.js"></script>

    <link rel="top" title="fod 1.1.0 documentation" href="#" />

    <link rel="next" title="Installation" href="install.html" /> 

  </head>

  <body>

    <div class="related">

      <h3>Navigation</h3>

      <ul>

        <li class="right" style="margin-right: 10px">

          <a href="genindex.html" title="General Index"

             accesskey="I">index</a></li>

        <li class="right" >

          <a href="install.html" title="Installation"

             accesskey="N">next</a> |</li>

        <li><a href="#">fod 1.1.0 documentation</a> &raquo;</li> 

      </ul>

    </div>  

    <div class="document">

      <div class="documentwrapper">

        <div class="bodywrapper">

          <div class="body">

  <div class="section" id="firewall-on-demand">

<h1>Firewall on Demand<a class="headerlink" href="#firewall-on-demand" title="Permalink to this headline">¶</a></h1>

<div class="section" id="description">

<h2>Description<a class="headerlink" href="#description" title="Permalink to this headline">¶</a></h2>

<p>Firewall on Demand applies, via Netconf, flow rules to a network device. These rules are then propagated via e-bgp to peering routers. Each user is authenticated against shibboleth. Authorization is performed via a combination of a Shibboleth attribute and the peer network address range that the user originates from.

FoD is meant to operate over this architecture:</p>

<div class="highlight-python"><pre>+-----------+          +------------+        +------------+

|   FoD     | NETCONF  | flowspec   | ebgp   |   router   |

| web app   +----------> device     +-------->            |

+-----------+          +------+-----+        +------------+

                              | ebgp

                              |

                       +------v-----+

                       |   router   |

                       |            |

                       +------------+</pre>

</div>

<p>NETCONF is chosen as the mgmt protocol to apply rules to a single flowspec capable device. Rules are then propagated via igbp to all flowspec capable routers. Of course FoD could apply rules directly (via NETCONF always) to a router and then ibgp would do the rest.

In GRNET&#8217;s case the flowspec capable device is an EX4200.</p>

<div class="admonition attention">

<p class="first admonition-title">Attention</p>

<p class="last">Make sure your FoD server has ssh access to your flowspec device.</p>

</div>

<div class="admonition attention">

<p class="first admonition-title">Attention</p>

<p class="last">Installation instructions assume a clean Debian Wheezy with Django 1.4</p>

</div>

</div>

<div class="section" id="contact">

<h2>Contact<a class="headerlink" href="#contact" title="Permalink to this headline">¶</a></h2>

<p>You can find more about FoD or raise your issues at <a class="reference external" href="https://code.grnet.gr/projects/flowspy">GRNET FoD repository</a>.</p>

<p>You can contact us directly at leopoul{at}noc[dot]grnet(.)gr</p>

</div>

<div class="section" id="install">

<h2>Install<a class="headerlink" href="#install" title="Permalink to this headline">¶</a></h2>

<div class="toctree-wrapper compound">

<ul>

<li class="toctree-l1"><a class="reference internal" href="install.html">Installation</a><ul>

<li class="toctree-l2"><a class="reference internal" href="install.html#debian-wheezy-x64-django-1-4-x">Debian Wheezy (x64) - Django 1.4.x</a></li>

<li class="toctree-l2"><a class="reference internal" href="install.html#application-configuration">Application configuration</a></li>

<li class="toctree-l2"><a class="reference internal" href="install.html#system-configuration">System configuration</a></li>

<li class="toctree-l2"><a class="reference internal" href="install.html#propagate-the-flatpages">Propagate the flatpages</a></li>

<li class="toctree-l2"><a class="reference internal" href="install.html#testing-the-platform">Testing the platform</a></li>

<li class="toctree-l2"><a class="reference internal" href="install.html#branding">Branding</a></li>

</ul>

</li>

</ul>

</div>

</div>

</div>

          </div>

        </div>

      </div>

      <div class="sphinxsidebar">

        <div class="sphinxsidebarwrapper">

  <h3><a href="#">Table Of Contents</a></h3>

  <ul>

<li><a class="reference internal" href="#">Firewall on Demand</a><ul>

<li><a class="reference internal" href="#description">Description</a></li>

<li><a class="reference internal" href="#contact">Contact</a></li>

<li><a class="reference internal" href="#install">Install</a><ul>

</ul>

</li>

</ul>

</li>

</ul>

  <h4>Next topic</h4>

  <p class="topless"><a href="install.html"

                        title="next chapter">Installation</a></p>

  <h3>This Page</h3>

  <ul class="this-page-menu">

    <li><a href="_sources/index.txt"

           rel="nofollow">Show Source</a></li>

  </ul>

<div id="searchbox" style="display: none">

  <h3>Quick search</h3>

    <form class="search" action="search.html" method="get">

      <input type="text" name="q" />

      <input type="submit" value="Go" />

      <input type="hidden" name="check_keywords" value="yes" />

      <input type="hidden" name="area" value="default" />

    </form>

    <p class="searchtip" style="font-size: 90%">

    Enter search terms or a module, class or function name.

    </p>

</div>

<script type="text/javascript">$('#searchbox').show(0);</script>

        </div>

      </div>

      <div class="clearer"></div>

    </div>

    <div class="related">

      <h3>Navigation</h3>

      <ul>

        <li class="right" style="margin-right: 10px">

          <a href="genindex.html" title="General Index"

             >index</a></li>

        <li class="right" >

          <a href="install.html" title="Installation"

             >next</a> |</li>

        <li><a href="#">fod 1.1.0 documentation</a> &raquo;</li> 

      </ul>

    </div>

    <div class="footer">

        © Copyright 2014, Leonidas Poulopoulos (@leopoul), GRNET S.A.

      Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3.

    </div>

  </body>

</html>