Date

Attendees

Goals

  • Status Updates of work items (FOD/RepShield/CT)
    • FoD v1.5 pilot preparations
    • Deliverable FoD v1.6 (with automated rule proposal from RepShield)
    • FoD v1.6 pilot
  • Status of DDoS Detection/Mitigation WG
  • F2F-Meeting-Planning:
      • location: Prague
      • => Discussing potential date
  • GEANT Symposium, 03-04.10.2017, Budapest
  • Review Open Action Points from last VC(s)
  • AOB

Discussion items

TimeItemWhoNotes

Firewall On Demand (FoD)
  • (info page for FoD development https://wiki.geant.org/pages/viewpage.action?pageId=63965046)
  • FoD v1.5 = FoD with new functionalities: rule range specification, current rule behavior statistic graphs, multi-tenant rule control REST-API
  • FoD v1.6 = FoD with automated rule proposal from RepShield

  • FoD v1.5 pilot installation
      • Puppet Engineer Michael Haller is progressing with setting up Puppet for installing FoD v1.5 (including python support environment) so that full automated installation/maintenance of v1.5 will be in place
  • Other FoD v1.5 pilot preparations
      • Existing user documentation (as presentation document) has to be updated; Evangelos will distribute it to the mailing list;
      • Excel sheet for pilot acceptance criteria has to be reviewed and finalized
      • Pilot evaluation survey which was of used for FoD v1.1 has to be reviewed and updated for v1.5
      • Finally, Evangelos will prepare an introduction mail for designated pilot users
  • FoD v1.5 production service documents
      • Now for the future production phase of FoD v1.5 (and all further versions) all necessary PLM documents have to be prepared, e.g. CBA, service description, service design plan
      • Especially for the operative documents this will be done in close cooperation of Evangelos
      • For most PLM documents, this will be done by filling the FoD service template Wiki pages (https://wiki.geant.org/display/gn42jra2/Firewall-On-Demand+%28FoD%29+Service) which David started to fill
      • Evangelos will check the service template to get acquainted with it
  • FoD v1.6 (with RepShield) development/testing/pilot:
      • Evangelos provided new VM with more disk space and CentOS 7 to Václav to install Warden/RepShield for FoD v1.6 pilot; Václav started already to install it
      • Evangelos also installed test version of FlowMon for FoD v1.6 pilot which will run the Warden connector

DDoS Detection/Mitigation (D/M) WG

GARR DDoS D/M PoC

  • GARR is progressing with DDoS D/M PoC based on FlowMon
  • T6 will have to also investigate how the proposal by GARR can be extended/adapted to be usable also for other NRENs or even how it can be applied more in a Multi-Domain manner.
  • So, Silvia/Nino will think about this and as a first step add a section to their PoC proposal document about this

FlowMonfor DDoS detection

  • GARR is interested in FlowMon for DDoS detection
  • => Evangelos will provide some information, e.g. in about 2 weeks the combined GÉANT DDoS D/M PoC Demo with FlowMon DDoS Defender and A10 should be ready

Certificate Transparency (CT)

Reference documentation for CT server v1.0 is progressing

  • part of it, i.e. coverage of config options is generated in automated manner (as ascii doc)
  • some description parts (e.g. of the config options) are already filled manually
  • => Linus/Magnus will provide a draft of it

CT server development

  • Improvement of key management, especially for HSM updates/failovers (short downtimes)

New CT log server in NORDUnet supposed to be official productive GEANT service in future

  • More automation involving NORDUnet/SUNET NoC has been put in place

Deliverable M8.4 "CT Production Service"


F2F Meeting Planning
  • Location: Prague is to be used (thanks to Tomáš and Václav)
  • So everybody can check required travel time
  • Foodl (https://foodl.org/foodle/T6-F2F-Meeting-596f1) was filled by mostly anybody
  • => date will be 21-22.11.2017 (2 half days meeting)
  • Linus will check whether the date is ok for him and also ask Magnus regarding this

GEANT Symposium, 02-05.10.2017, Budapest
  • Everybody in T6 is invited to come there
  • Time is 03-04.10.2017
  • Registration at https://eventr.geant.org/events/2564
  • There will be a "Network Monitoring and Management" session where
          • Evangelos will present about NSHaRP and FoD (15min)
          • David will present about other parts of T6, i.e., mainly RepShield and CT (15min)
          • Afterwards a 15-min discussion will follow

Next VC

In 2 weeks: 06.09.2017, 14:15-15:15 CE(S)T

Action items

  • David: Wait for Puppet config to be set up on final pilot server user by Michael Haller
  • Evangelos will distribute existing FoD user documentation presentation to the mailing list
  • David/Evangelos: update of user documentation presentation for FoD v1.5
  • David/Evangelos: review/update of sheet for pilot acceptance criteria
  • David/Evangelos: review/update existing pilot evaluation survey
  • Evangelos: check the FoD service template (https://wiki.geant.org/display/gn42jra2/Firewall-On-Demand+%28FoD%29+Service) to get acquainted with it
  • Evangelos will prepare an pilot phase introduction mail for the FoD v1.5 pilot users when everything else for FoD v1.5 pilot is ready
  • Tomáš/Václav: install Repshield for FoD v1.6 pilot on new VM
  • Linus/Magnus: provide draft of CT reference documentation
  • Linus/Magnus: check draft of deliverable sent via mail
  • Linus/Magnus: check the CT service template (https://wiki.geant.org/display/gn42jra2/Certificate+Transparency+%28CT%29+Service) to get acquainted with it
  • Silvia/Nino: think about NREN-generic/Multi-Domain use-cases for DDoS PoC; add a section to their PoC proposal document about this
  • all: Register for GEANT Symposium (03-04.10.2017) at https://eventr.geant.org/events/2564
  • all: Next regular T6 VC: 06.09.2017, 14:15-15:15 CE(S)T


  • No labels