Date
05 Sep 2018
Attendees
2018-09-05 VC notes
Nino Ciurleo
Tomáš Čejka
Václav Bartoš
user-02146
David Schmitz
Goals
Status Updates of work items (FOD/RepShield), especially:
FoD v1.5 transition to production
rpm update
mailing list fod@lists.geant.org
future support mail contact
update of service template
FoD v1.6 pilot
extended FoD rule concept
new Warden connector installation
CentOS
Review Open Action Points from last VC(s)
Code on Github Issue solved (Tomas/Vaclav)
GDPR compliance
AOB
PSNC FoD Installation Issue
ACONET FoD EDUgain issue
Discussion items
Time
Item
Who
Notes
Firewall On Demand (FoD)
(info page for FoD development
https://wiki.geant.org/pages/viewpage.action?pageId=63965046
)
FoD v1.5 = FoD with new functionalities: rule range specification, current rule behaviour statistic graphs, multi-tenant rule control REST-API
FoD v1.6 = FoD with automated rule proposal from RepShield
New support mailing list fod@lists.geant.org: David will ask Tryfon/Tobi to announce it
FoD v1.5 transition to production
Plan who to perform the update of production FoD from v1.1 to v1.5 defined on 11th and 12th this month
Regarding the FoD Service Template it has still to be decided what processed to describe there; Examples of processes of other services:
https://wiki.geant.org/display/timops/Business+Process%3A+Order-to-Payment
https://wiki.geant.org/display/timops/Business+Process%3A+Problem-to-Solution
)
FoD v1.6 development
New FoD extended rule concept: a rule can have multiple BGP FlowSpec routes (corresponding to multiple attacker IP prefixes)
Tomáš: working on UI part for editing/adding rules; needs to be merged with David's changes; updates of dashboard and overview UI pages
David: NETCONF deletion of routes with new rule concept works reliably (race condition fixed)
David: route SNMP statistics are now correctly mapped to FoD routes and rule in FoD DB according to new rule concept
FRU (Firewall Rule Updater): working with new rule concept: can create rules with multiple routes out of NShaRP DDoS events
OS of fod-test-lab server will be updated to newer CentOS version
Warden collector script on test FlowMon machine should be updated to new version by Václav
Evangelos will check status of ACONET's issue of accessing FoD in combination with IPv6/EDUgain
DDoS Detection/Mitigation (D/M) WG
GARR DDoS D/M PoCs/Testing Framework
Silvia and Nino defined draft of index for white paper reporting the findings to share knowledge with community
White paper writing will be started soon
An extract of the white paper might be used for an article in one of the upcoming issues of Connect Magazine
Next VC
In 2 weeks: 19.09.2018, 14:15-15:15 CE(S)T
Action items
Evangelos: check status of ACONET's issue of accessing FoD in combination with IPv6/EDUgain
Tomáš/David: continue to work on FoD v1.6 improved rule design
David: test DDos testing tool provided by Tomáš
Silvia, Ivana, Nino, David: agree on index for white paper about GARR DDoS Testing results/experience
all: next regular T6 VC: 19.09.2018, 14:15-15:15 CE(S)T