Versions Compared

Old Version 2

changes.mady.by.user David Schmitz

Saved on

compared with

New Version Current

changes.mady.by.user David Schmitz

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Date

Attendees

...

  • Status Updates of work items (FOD/RepShield), especially:
        • FoD v1.5 transition to production
          • rpm update
          • mailing list fod@lists.geant.org
              • future support mail contact
              • update of service template
        • FoD v1.6 pilot
            • extended FoD rule concept
            • new Warden connector installation
            • CentOS
  • Review Open Action Points from last VC(s)
  • Code on Github Issue solved (Tomas/Vaclav)
  • GDPR compliance
  • AOB
      • PSNC FoD Installation Issue
      • ACONET FoD EDUgain issue

Discussion items

TimeItemWhoNotes

Firewall On Demand (FoD)
  • (info page for FoD development https://wiki.geant.org/pages/viewpage.action?pageId=63965046)
  • FoD v1.5 = FoD with new functionalities: rule range specification, current rule behaviour statistic graphs, multi-tenant rule control REST-API
  • FoD v1.6 = FoD with automated rule proposal from RepShield
  • New support mailing list fod@lists.geant.org: David will ask Tryfon/Tobi to announce it
  • FoD v1.5 transition to production
  • FoD v1.6 development
      • New FoD extended rule concept: a rule can have multiple BGP FlowSpec routes (corresponding to multiple attacker IP prefixes)
          • Tomáš: working on UI part for editing/adding rules; needs to be merged with David's changes; updates of dashboard and overview UI pages
          • David: NETCONF deletion of routes with new rule concept works reliably (race condition fixed)
          • David: route SNMP statistics are now correctly mapped to FoD routes and rule in FoD DB according to new rule concept
      • FRU (Firewall Rule Updater)
      • : working with new rule concept: can create rules with multiple routes out of NShaRP DDoS events
  • OS of fod-test-lab server will be updated to newer CentOS version
  • Warden collector script on test FlowMon machine should be updated to new version by Václav
  • Evangelos will check status of ACONET's issue of accessing FoD in combination with IPv6/EDUgain

DDoS Detection/Mitigation (D/M) WG

GARR DDoS D/M PoCs/Testing Framework

      • Silvia and Nino defined draft of index for white paper reporting the findings to share knowledge with community
      • White paper writing will be started soon
      • An extract of the white paper might be used for an article in one of the upcoming issues of Connect Magazine
HolidayAs far as already known provide the time of your holiday's for better planning at https://wiki.geant.org/display/gn42jra2/JRA2T6+Holiday+periods+of+members

Next VC

In 2 weeks: 19.09.2018, 14:15-15:15 CE(S)T

Action items

  •  Evangelos: check status of ACONET's issue of accessing FoD in combination with IPv6/EDUgain
  •  Tomáš/David: continue to work on FoD v1.6 improved rule design
  •  David: test DDos testing tool provided by Tomáš
  •  Silvia, Ivana, Nino, David: agree on index for white paper about GARR DDoS Testing results/experience
  •  all: next regular T6 VC: 19.09.2018, 14:15-15:15 CE(S)T

...