You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Date

Attendees

Goals

  • Status Updates of work items (FOD/RepShield), especially:
        • FoD v1.5 transition to production
        • FoD v1.6 pilot
            • Enhancement of FoD rule API
            • Extended FoD rule concept
            • Firewall-Rule-Updater script
            • DDoS-Testing
            • TNC Demo
  • Status of DDoS Detection/Mitigation WG,:
        • GARR PoCs
  • Review Open Action Points from last VC(s)
  • Code on Github Issue solved (Tomas/Vaclav)
  • GDPR compliance
  • AOB
      • PSNC FoD Installation Issue

Discussion items

TimeItemWhoNotes

Firewall On Demand (FoD)
  • (info page for FoD development https://wiki.geant.org/pages/viewpage.action?pageId=63965046)
  • FoD v1.5 = FoD with new functionalities: rule range specification, current rule behaviour statistic graphs, multi-tenant rule control REST-API
  • FoD v1.6 = FoD with automated rule proposal from RepShield
  • FoD v1.5 transition to production
      • Evangelos has updated the service template; additions need to be reviewed by David
      • Some improvement/ bug fixes by David for FoD v1.5
          • Running SNMP updates no longer blocking update of FoD rules, can now run in parallel
          • Found and solved issues of statistics not shown for rules which used fields "source ports" and "destination ports" together
  • FoD v1.6 development
      • Introduction to new more general rule FoD concept
            • Tomáš is in progress to adapt FoD rule internals and corresponding REST API to introduce a new complex rule structure which allows multiple source prefixes to be associated to a single rule in FoD
      • Václav has improved FlowMon Warden collector script, e.g., swapping source and destination fields to correctly reflect attacker and victim of a (D)DoS attack
      • David is working on enhancing FoD rule API to make it fully useful for FRU
            • Creation of rules in INACTIVE state is possible
            • Possibility to fully delete rules via REST API instead of only light-weight delete by settings to INACTIVE
            • Listing of all rules via REST API a user is authorized to edit instead of only those which he created
      • David is preparing TNC demo, including REST API examples and FRU prototype

Next VC

In 4 weeks (because of TNC in 2 weeks): 27.06.2018, 14:15-15:15 CE(S)T

Action items


  • No labels