root / README.md @ master
History | View | Annotate | Download (2.6 kB)
| 1 | 79884583 | Leonidas Poulopoulos | [](https://readthedocs.org/projects/flowspy/?badge=latest) |
|---|---|---|---|
| 2 | 79884583 | Leonidas Poulopoulos | |
| 3 | 79884583 | Leonidas Poulopoulos | #Firewall on Demand# |
| 4 | 79884583 | Leonidas Poulopoulos | |
| 5 | 79884583 | Leonidas Poulopoulos | ##Description## |
| 6 | 79884583 | Leonidas Poulopoulos | |
| 7 | 79884583 | Leonidas Poulopoulos | Firewall on Demand applies via NETCONF, flow rules to a network |
| 8 | 79884583 | Leonidas Poulopoulos | device. These rules are then propagated via e-bgp to peering routers. |
| 9 | 79884583 | Leonidas Poulopoulos | Each user is authenticated against shibboleth. Authorization is |
| 10 | 79884583 | Leonidas Poulopoulos | performed via a combination of a Shibboleth attribute and the peer |
| 11 | 79884583 | Leonidas Poulopoulos | network address range that the user originates from. FoD is meant to |
| 12 | 79884583 | Leonidas Poulopoulos | operate over this architecture: |
| 13 | 79884583 | Leonidas Poulopoulos | |
| 14 | 79884583 | Leonidas Poulopoulos | +-----------+ +------------+ +------------+ |
| 15 | 79884583 | Leonidas Poulopoulos | | FoD | NETCONF | flowspec | ebgp | router | |
| 16 | 79884583 | Leonidas Poulopoulos | | web app +----------> device +--------> | |
| 17 | 79884583 | Leonidas Poulopoulos | +-----------+ +------+-----+ +------------+ |
| 18 | 79884583 | Leonidas Poulopoulos | | ebgp |
| 19 | 79884583 | Leonidas Poulopoulos | | |
| 20 | 79884583 | Leonidas Poulopoulos | +------v-----+ |
| 21 | 79884583 | Leonidas Poulopoulos | | router | |
| 22 | 79884583 | Leonidas Poulopoulos | | | |
| 23 | 79884583 | Leonidas Poulopoulos | +------------+ |
| 24 | 79884583 | Leonidas Poulopoulos | |
| 25 | 79884583 | Leonidas Poulopoulos | |
| 26 | 79884583 | Leonidas Poulopoulos | NETCONF is chosen as the mgmt protocol to apply rules to a single |
| 27 | 79884583 | Leonidas Poulopoulos | flowspec capable device. Rules are then propagated via igbp to all |
| 28 | 79884583 | Leonidas Poulopoulos | flowspec capable routers. Of course FoD could apply rules directly |
| 29 | 79884583 | Leonidas Poulopoulos | (via NETCONF always) to a router and then ibgp would do the rest. In |
| 30 | 79884583 | Leonidas Poulopoulos | GRNET's case the flowspec capable device is an EX4200. |
| 31 | 79884583 | Leonidas Poulopoulos | |
| 32 | 79884583 | Leonidas Poulopoulos | **Attention**: Make sure your FoD server has ssh access to your flowspec device. |
| 33 | 79884583 | Leonidas Poulopoulos | |
| 34 | 79884583 | Leonidas Poulopoulos | ##Installation Considerations## |
| 35 | 79884583 | Leonidas Poulopoulos | |
| 36 | 79884583 | Leonidas Poulopoulos | |
| 37 | 79884583 | Leonidas Poulopoulos | You can find the installation instructions for Debian Wheezy (64) |
| 38 | 054dc0a6 | Stauros Kroustouris | with Django 1.4.x at [Flowspy documentation](http://flowspy.readthedocs.org). |
| 39 | 054dc0a6 | Stauros Kroustouris | If upgrading from a previous version bear in mind the changes introduced in Django 1.4. |
| 40 | 79884583 | Leonidas Poulopoulos | |
| 41 | 79884583 | Leonidas Poulopoulos | ##Contact## |
| 42 | 79884583 | Leonidas Poulopoulos | |
| 43 | 79884583 | Leonidas Poulopoulos | You can find more about FoD or raise your issues at GRNET FoD |
| 44 | 054dc0a6 | Stauros Kroustouris | repository: [GRNET repo](https://code.grnet.gr/fod) or [Github repo](https://github.com/grnet/flowspy). |
| 45 | 79884583 | Leonidas Poulopoulos | |
| 46 | 3ff6f95b | Leonidas Poulopoulos | You can contact us directly at noc{at}noc[dot]grnet(.)gr
|
| 47 | 3ff6f95b | Leonidas Poulopoulos | |
| 48 | 3ff6f95b | Leonidas Poulopoulos | ## Copyright and license |
| 49 | 3ff6f95b | Leonidas Poulopoulos | |
| 50 | 3ff6f95b | Leonidas Poulopoulos | Copyright © 2010-2014 Greek Research and Technology Network (GRNET S.A.) |
| 51 | 3ff6f95b | Leonidas Poulopoulos | |
| 52 | 3ff6f95b | Leonidas Poulopoulos | This program is free software: you can redistribute it and/or modify |
| 53 | 3ff6f95b | Leonidas Poulopoulos | it under the terms of the GNU General Public License as published by |
| 54 | 3ff6f95b | Leonidas Poulopoulos | the Free Software Foundation, either version 3 of the License, or |
| 55 | 3ff6f95b | Leonidas Poulopoulos | (at your option) any later version. |
| 56 | 3ff6f95b | Leonidas Poulopoulos | |
| 57 | 3ff6f95b | Leonidas Poulopoulos | This program is distributed in the hope that it will be useful, |
| 58 | 3ff6f95b | Leonidas Poulopoulos | but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 59 | 3ff6f95b | Leonidas Poulopoulos | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 60 | 3ff6f95b | Leonidas Poulopoulos | GNU General Public License for more details. |
| 61 | 3ff6f95b | Leonidas Poulopoulos | |
| 62 | 3ff6f95b | Leonidas Poulopoulos | You should have received a copy of the GNU General Public License |
| 63 | 3ff6f95b | Leonidas Poulopoulos | along with this program. If not, see <http://www.gnu.org/licenses/>. |