You are viewing an old version of this page. View the current version .
Compare with Current
View Page History
« Previous
Version 5
Next »
Date 13 Dec 2017
Attendees Goals Discussion items Time Item Who Notes Firewall On Demand (FoD) (info page for FoD development https://wiki.geant.org/pages/viewpage.action?pageId=63965046 ) FoD v1.5 = FoD with new functionalities: rule range specification, current rule behaviour statistic graphs, multi-tenant rule control REST-API FoD v1.6 = FoD with automated rule proposal from RepShield Other FoD v1.5 pilot preparationsExisting user documentation (as presentation document) update currently in progress Pilot evaluation survey which was of used for FoD v1.1 has to be reviewed and updated for v1.5 Pilot UAT testingFix by Tomas for specifying port 0 has been provided, still has to be tested on testing machine before creating new rpm for UAT machine First UAT VC: feedback from pilot users:Allow port=0 (in list specifications it is maybe already possible e.g. "53,0" ?) Remove length-limit (=100) for port ranges Allow expiry date to be any date (not only in 10days range from rule creation) Add basic info/explanation below stats: e.g., regarding x-axis, scheduling/delay Allow to export of stats (e.g. excel, csv, text) Provider stats for longer time periods, not only than 1hour, ideally with all time since rule creation Better accuracy of relative graphs: e.g. packets/s ? FoD v1.5 production service documentsNow for the future production phase of FoD v1.5 (and all further versions) all necessary PLM documents have to be prepared, e.g. CBA, service description, service design plan Especially for the operative documents this will be done in close cooperation of Evangelos For most PLM documents, this will be done by filling the FoD service template wiki pages (https://wiki.geant.org/display/gn42jra2/Firewall-On-Demand+%28FoD%29+Service ) which David started to fill Evangelos will check the service template to get acquainted with it FoD v1.6 (with RepShield) development/testing/pilot:DDoS simulation/testing would be valuable to test viability of the approach, especially during the development/testing VM for DDoS simulation/testing to be installed in Lab still pending DDoS Detection/Mitigation (D/M) WG GARR DDoS D/M PoCs
Silvia/Nino are now working on a comprehensive Generic Multi-Domain, Multi-Tier (GEANT, NREN, institutions), Multi-Technique (RTBH, FlowSpec, Scrubbing, ...) DDoS Detection/Mitigation Architecture Proposal in combination with their diffrent PoCs (Arbor, Radware,...) they do or plan to todo (https://docs.google.com/presentation/d/1J4TRervPKm3V545uCC-LbnahOOGuEEBOQ-RvAQh4M4E/edit?usp=sharing ). From now on everything about this is to be put into T6 wiki: https://wiki.geant.org/pages/viewpage.action?pageId=94634234 , Especially time/action plan which has still to be defined in full: https://wiki.geant.org/pages/viewpage.action?pageId=94634243&src=contextnavpagetreemode Silvia/Nino will update and complement this plan until end of this year Silvia/Nino currently work on a generic excel scheme for reporting the performed tests which especially should make comparison easier T6 roadmaps update draft: (old version at end of document at https://intranet.geant.org/gn4/2/Activities/JRA2/Milestones%20Documents/Network%20Security%20Services%20Roadmap/M8.6_Network-Security_Roadmap.pdf )
FoD v1.5Strategy 03-04/2017 (end 2017-04 as deliverable D8.2) Design 05-06/2017 Development/Testing 04,5-07/2017 Pilot 07/2017-02,5/2018 (exactly 12.02.2018) To-Production 02,5-04,5/2018 Production 04,5-09/2018 FoD v1.6Strategy 06-07/2017 (end 2017-07 as deliverable D8.3) Design 08/2017-01/2018 Development/Testing 08,5/2017-02/2018 Transition-to-Pilot 03-04/2018 Pilot 03-07/2018 Transition-to-Production 08-09/2018 Production 10/2018- CT service 1.0Strategy 08-10/2017 (end 2017-10 as deliverable D8.4) Design 09/2017-01/2018 Development/Testing 11/2017-03/2018 Transition-to-Pilot 04-05/2018 Pilot 06/2018- Next VC In 4 weeks: 10.01.2018, 14:15-15:15 CE(S)T
Action items