root / doc / build / html / index.html @ 6de88ee1
History | View | Annotate | Download (6.8 kB)
| 1 |
|
|---|---|
| 2 |
|
| 3 |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
| 4 |
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
| 5 |
|
| 6 |
|
| 7 |
<html xmlns="http://www.w3.org/1999/xhtml"> |
| 8 |
<head>
|
| 9 |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> |
| 10 |
|
| 11 |
<title>Firewall on Demand — fod 1.1.0 documentation</title> |
| 12 |
|
| 13 |
<link rel="stylesheet" href="_static/default.css" type="text/css" /> |
| 14 |
<link rel="stylesheet" href="_static/pygments.css" type="text/css" /> |
| 15 |
|
| 16 |
<script type="text/javascript"> |
| 17 |
var DOCUMENTATION_OPTIONS = {
|
| 18 |
URL_ROOT: '',
|
| 19 |
VERSION: '1.1.0',
|
| 20 |
COLLAPSE_INDEX: false,
|
| 21 |
FILE_SUFFIX: '.html',
|
| 22 |
HAS_SOURCE: true
|
| 23 |
};
|
| 24 |
</script>
|
| 25 |
<script type="text/javascript" src="_static/jquery.js"></script> |
| 26 |
<script type="text/javascript" src="_static/underscore.js"></script> |
| 27 |
<script type="text/javascript" src="_static/doctools.js"></script> |
| 28 |
<link rel="top" title="fod 1.1.0 documentation" href="#" /> |
| 29 |
<link rel="next" title="Installation" href="install.html" /> |
| 30 |
</head>
|
| 31 |
<body>
|
| 32 |
<div class="related"> |
| 33 |
<h3>Navigation</h3> |
| 34 |
<ul>
|
| 35 |
<li class="right" style="margin-right: 10px"> |
| 36 |
<a href="genindex.html" title="General Index" |
| 37 |
accesskey="I">index</a></li> |
| 38 |
<li class="right" > |
| 39 |
<a href="install.html" title="Installation" |
| 40 |
accesskey="N">next</a> |</li> |
| 41 |
<li><a href="#">fod 1.1.0 documentation</a> »</li> |
| 42 |
</ul>
|
| 43 |
</div>
|
| 44 |
|
| 45 |
<div class="document"> |
| 46 |
<div class="documentwrapper"> |
| 47 |
<div class="bodywrapper"> |
| 48 |
<div class="body"> |
| 49 |
|
| 50 |
<div class="section" id="firewall-on-demand"> |
| 51 |
<h1>Firewall on Demand<a class="headerlink" href="#firewall-on-demand" title="Permalink to this headline">¶</a></h1> |
| 52 |
<div class="section" id="description"> |
| 53 |
<h2>Description<a class="headerlink" href="#description" title="Permalink to this headline">¶</a></h2> |
| 54 |
<p>Firewall on Demand applies, via Netconf, flow rules to a network device. These rules are then propagated via e-bgp to peering routers. Each user is authenticated against shibboleth. Authorization is performed via a combination of a Shibboleth attribute and the peer network address range that the user originates from.
|
| 55 |
FoD is meant to operate over this architecture:</p>
|
| 56 |
<div class="highlight-python"><pre>+-----------+ +------------+ +------------+ |
| 57 |
| FoD | NETCONF | flowspec | ebgp | router | |
| 58 |
| web app +----------> device +--------> | |
| 59 |
+-----------+ +------+-----+ +------------+ |
| 60 |
| ebgp |
| 61 |
| |
| 62 |
+------v-----+ |
| 63 |
| router | |
| 64 |
| | |
| 65 |
+------------+</pre>
|
| 66 |
</div>
|
| 67 |
<p>NETCONF is chosen as the mgmt protocol to apply rules to a single flowspec capable device. Rules are then propagated via igbp to all flowspec capable routers. Of course FoD could apply rules directly (via NETCONF always) to a router and then ibgp would do the rest.
|
| 68 |
In GRNET’s case the flowspec capable device is an EX4200.</p> |
| 69 |
<div class="admonition attention"> |
| 70 |
<p class="first admonition-title">Attention</p> |
| 71 |
<p class="last">Make sure your FoD server has ssh access to your flowspec device.</p> |
| 72 |
</div>
|
| 73 |
<div class="admonition attention"> |
| 74 |
<p class="first admonition-title">Attention</p> |
| 75 |
<p class="last">Installation instructions assume a clean Debian Wheezy with Django 1.4</p> |
| 76 |
</div>
|
| 77 |
</div>
|
| 78 |
<div class="section" id="contact"> |
| 79 |
<h2>Contact<a class="headerlink" href="#contact" title="Permalink to this headline">¶</a></h2> |
| 80 |
<p>You can find more about FoD or raise your issues at <a class="reference external" href="https://code.grnet.gr/projects/flowspy">GRNET FoD repository</a>.</p> |
| 81 |
<p>You can contact us directly at leopoul{at}noc[dot]grnet(.)gr</p> |
| 82 |
</div>
|
| 83 |
<div class="section" id="install"> |
| 84 |
<h2>Install<a class="headerlink" href="#install" title="Permalink to this headline">¶</a></h2> |
| 85 |
<div class="toctree-wrapper compound"> |
| 86 |
<ul>
|
| 87 |
<li class="toctree-l1"><a class="reference internal" href="install.html">Installation</a><ul> |
| 88 |
<li class="toctree-l2"><a class="reference internal" href="install.html#debian-wheezy-x64-django-1-4-x">Debian Wheezy (x64) - Django 1.4.x</a></li> |
| 89 |
<li class="toctree-l2"><a class="reference internal" href="install.html#application-configuration">Application configuration</a></li> |
| 90 |
<li class="toctree-l2"><a class="reference internal" href="install.html#system-configuration">System configuration</a></li> |
| 91 |
<li class="toctree-l2"><a class="reference internal" href="install.html#propagate-the-flatpages">Propagate the flatpages</a></li> |
| 92 |
<li class="toctree-l2"><a class="reference internal" href="install.html#testing-the-platform">Testing the platform</a></li> |
| 93 |
<li class="toctree-l2"><a class="reference internal" href="install.html#branding">Branding</a></li> |
| 94 |
</ul>
|
| 95 |
</li>
|
| 96 |
</ul>
|
| 97 |
</div>
|
| 98 |
</div>
|
| 99 |
</div>
|
| 100 |
|
| 101 |
|
| 102 |
</div>
|
| 103 |
</div>
|
| 104 |
</div>
|
| 105 |
<div class="sphinxsidebar"> |
| 106 |
<div class="sphinxsidebarwrapper"> |
| 107 |
<h3><a href="#">Table Of Contents</a></h3> |
| 108 |
<ul>
|
| 109 |
<li><a class="reference internal" href="#">Firewall on Demand</a><ul> |
| 110 |
<li><a class="reference internal" href="#description">Description</a></li> |
| 111 |
<li><a class="reference internal" href="#contact">Contact</a></li> |
| 112 |
<li><a class="reference internal" href="#install">Install</a><ul> |
| 113 |
</ul>
|
| 114 |
</li>
|
| 115 |
</ul>
|
| 116 |
</li>
|
| 117 |
</ul>
|
| 118 |
|
| 119 |
<h4>Next topic</h4> |
| 120 |
<p class="topless"><a href="install.html" |
| 121 |
title="next chapter">Installation</a></p> |
| 122 |
<h3>This Page</h3> |
| 123 |
<ul class="this-page-menu"> |
| 124 |
<li><a href="_sources/index.txt" |
| 125 |
rel="nofollow">Show Source</a></li> |
| 126 |
</ul>
|
| 127 |
<div id="searchbox" style="display: none"> |
| 128 |
<h3>Quick search</h3> |
| 129 |
<form class="search" action="search.html" method="get"> |
| 130 |
<input type="text" name="q" /> |
| 131 |
<input type="submit" value="Go" /> |
| 132 |
<input type="hidden" name="check_keywords" value="yes" /> |
| 133 |
<input type="hidden" name="area" value="default" /> |
| 134 |
</form>
|
| 135 |
<p class="searchtip" style="font-size: 90%"> |
| 136 |
Enter search terms or a module, class or function name. |
| 137 |
</p>
|
| 138 |
</div>
|
| 139 |
<script type="text/javascript">$('#searchbox').show(0);</script> |
| 140 |
</div>
|
| 141 |
</div>
|
| 142 |
<div class="clearer"></div> |
| 143 |
</div>
|
| 144 |
<div class="related"> |
| 145 |
<h3>Navigation</h3> |
| 146 |
<ul>
|
| 147 |
<li class="right" style="margin-right: 10px"> |
| 148 |
<a href="genindex.html" title="General Index" |
| 149 |
>index</a></li> |
| 150 |
<li class="right" > |
| 151 |
<a href="install.html" title="Installation" |
| 152 |
>next</a> |</li> |
| 153 |
<li><a href="#">fod 1.1.0 documentation</a> »</li> |
| 154 |
</ul>
|
| 155 |
</div>
|
| 156 |
<div class="footer"> |
| 157 |
© Copyright 2014, Leonidas Poulopoulos (@leopoul), GRNET S.A.
|
| 158 |
Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3. |
| 159 |
</div>
|
| 160 |
</body>
|
| 161 |
</html>
|