Statistics
| Branch: | Tag: | Revision:

root / README.txt @ c3137a54

History | View | Annotate | Download (2 kB)

1
[![Documentation Status](https://readthedocs.org/projects/flowspy/badge/?version=latest)](https://readthedocs.org/projects/flowspy/?badge=latest)
2

    
3
#Firewall on Demand#
4

    
5
##Description##
6

    
7
Firewall on Demand applies via NETCONF, flow rules to a network
8
device. These rules are then propagated via e-bgp to peering routers.
9
Each user is authenticated against shibboleth. Authorization is
10
performed via a combination of a Shibboleth attribute and the peer
11
network address range that the user originates from. FoD is meant to
12
operate over this architecture:
13

    
14
       +-----------+          +------------+        +------------+
15
       |   FoD     | NETCONF  | flowspec   | ebgp   |   router   |
16
       | web app   +----------> device     +-------->            |
17
       +-----------+          +------+-----+        +------------+
18
                                     | ebgp
19
                                     |
20
                              +------v-----+
21
                              |   router   |
22
                              |            |
23
                              +------------+
24

    
25

    
26
NETCONF is chosen as the mgmt protocol to apply rules to a single
27
flowspec capable device. Rules are then propagated via igbp to all
28
flowspec capable routers. Of course FoD could apply rules directly
29
(via NETCONF always) to a router and then ibgp would do the rest. In
30
GRNET's case the flowspec capable device is an EX4200.
31

    
32
**Attention**: Make sure your FoD server has ssh access to your flowspec device.
33

    
34
##Installation Considerations##
35

    
36

    
37
You can find the installation instructions for Debian Wheezy (64)
38
with Django 1.4.x at [Flowspy documentation](http://flowspy.readthedocs.org). 
39
If upgrading from a previous version bear in mind the changes introduced in Django 1.4. 
40

    
41
##Contact##
42

    
43
You can find more about FoD or raise your issues at GRNET FoD
44
repository: [GRNET repo](https://code.grnet.gr/fod) or [Github repo](https://github.com/leopoul/flowspy).
45

    
46
You can contact us directly at leopoul{at}noc[dot]grnet(.)gr