You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Date

Attendees

  • Evangelos Spatharas
  • Nino Ciurleo
  • Silvia d'Ambrosio
  • Václav Bartoš

  • Linus Nordberg
  • David Schmitz

Goals

  • Status Updates of work items (FOD/SecEventProcessing/CT

  • Status of DDoS Detection/Mitigation WG

       Concerning GEANT-operations-specfic part:

         add question(s) about interest on potential service for outsourcing Firewall/DDoS D/M functionalities (even) to campuses/institutions (maybe based on own SDN developments in future: FwaaS) ?

  •  F2F-Meeting-Planning

  •  AOB

     

Discussion items

TimeItemWhoNotes
FOD 
  • Currently investigating FOD source code and third party components/libraries used
    • investigating code especially regarding port range feature
    • in github is a newer version than on fod test system test-fod.geant.net (v1.2 vs v1.1.1)
      • obviously this also includes a REST interface, even for adding rules (at least from first sightings in docs), while the installed one has no REST interface
      • still to find out which commit the installed one actually represents
    • how to proceed for the new developments:
    • Evangelos will setup another test machine where the new version can be tested independently from existsing test system

  • add new FOD feature: redirection of strange traffic to (e.g.) a scrubbing center (i.e. to other VRF) ?

->  add as additional FOD related question to survey

 DDoS Detection/Mitigation Approaches  
 DDoS Detection Mitigation Survey  
 RepShield 
  • internal name of the Software: NERD; external (project) name: RepShield
  • working on automatic downloads of blacklists for NERD
  • started to implement login via shibboleth (edugain) -> maybe compare with edugain integration of FOD (if needed)
 CT 
  • closed a couple of bugs and moved closer towards a 0.9 release
  • discussed the upcoming key and config management system a bit, so closer to a design
 Roadmap Draft 
  • current FOD: v.1.1.1 installed, v1.2 in github
  • FOD v2 eof 2017-04 as deliverable D8.2; including demo(s)
    • new (user) functionalities: e.g. rate limiting, statistics view
    • new management functionalities: internal logging
    • maybe first preliminary rule proposal from RepShield
  • DDoS detection/mitigation pilot (v0.5) eof 2017-07 as deliverable D8.3; including demos(s)
    •  FOD with automated rule proposal from RepShield
  • DDoS detection/mitigation v1 eof 2018; including demos(s)
    • more enhanced mitigation beyond BGP FlowSpec (FOD)
    • based on SDN OF/NFV (FwaaS)
    • also with integrated rule proposal from RepShield

  • CT production service v1 eof 2016; in parallel to first NREN deplyments of CT server; maybe some demo how to make use of it (maybe using curl with integrated CT support)
  • CT production service v2 eof 2017-10 as deliverable D8.4; including demos(s)
 F2F-Meeting-Planning 

Foodle to find appropriate date(s): http://foodl.org/foodle/Dste-for-potential-JRA2-T6-Kickoff-57b56

Some members already filled it. Anybody else: Please fill it!

David will clarify covering of expenses for non-task members (Silvia, Albert) with Jerry

 Next regular T6 VC next regular T6 VC will be 07.09.2016, 14:00-14:30 CEST

Action items

  • David: will continue to investigate FOD source code and also try to get new version running on local machine (along with all needed libraries/dependencies)
  • Evangelos: install additional FOD test machine for testing new version separately
  • All: Fill foodle to find date(s) for potential F2F Kickoff Meeting
  • David Schmitz clarify covering of expenses of potential F2F Kickoff-Meeting for non-task members (Silvia, Albert) with Jerry
  • All: next regular task VC: Wed, 07.09.2016, 14:00-14:30 CEST
  • No labels