2016-11-16 VC notes

• As it is more appropriate for Silvia, Nino and Marco it was agreed that from now in future our regular T6 VCs should start 15 minutes later, i.e. at 14:15 CE(S)T
• Anyone who may have a problem with this, please tell

• It was decided with Jerry that in future in upcoming months the development activities (except CT development) have to be refocusing on FOD, i.e. making tangible progress on features in FOD
   which are directly visible and useful to the FOD users (i.e. NREN NOCs for now):

• These features/functionalities are (ordered by priority, with most priority being on top):

  1. REST API for rule creation/change/deletion (in the new version on github): get it running and tested, and if needed enhancing it

  2. Replace the current NETCONF communication to the routers by direct BGP (e.g. using exabgp)

  3. Rule statistics monitoring: to visualize how many packets an active rule is actually dropping/rate-limiting to enable a FOD user (= NREN NOC member) to see the effect of a rule over time (e.g. to answer when did an mitigated attack actually stopped ?)

  4. Implement logging of FOD user activities, i.e. rules created/changed/deleted, especially regarding the automated rule change (1.)

• David created a initial wiki page for development information of FOD which currently contains the link to (new) github version: JRA2T6 Work Items / Firewall On Demand

• Tomáš agreed that he and Václav will provide development man power in next months and help so to get the new FOD version running, tested and will help to implement needed features

• For this, David will liaise with Evangelos to get ssh accounts for Tomáš and Václav on FOD testing machines (both will provide ssh keys for this purpose)

• First goals are to get known to FOD code and installation (of new version) and then to test its REST API

• no progress regarding trial to get old FOD running with python2.7 on second testing machine

Status of RepShield development (Václav) 

• Reimplemented user database (this was necessary to allow implementation of API)
• Installed and started to learn to work with PostgreSQL. The user database in now implemented in it and it is planned o use it for other parts of NERD in the future as well.
• A few minor tweaks and bugfixes
  
  

CERT of local ISP/Data Center (in Czech repulic) has started to use Nerd productive (Tomáš)

• They like it and use it as a query interface for abuse handling (e.g. spam handling, infected servers) which has done previously only via e-mail
• Idea: learn from their experience regarding proposing of DDoS mitigation rules for FOD

Tomáš was on CNSM2016 conference where NEMEA and evidence capture monitoring probe (developed in hardware by CESNET) for realizing DDoS washing machine by CESNET have been discussed and ideas how to continue in research regarding this.

Tomáš already has proposed to give a presentation of this DDoS detection/mitigation system to give in next DDoS D/M WG VC, maybe next week on Wednesday; this has still to be planned, but will be announced via the mailing list.

Testing fastnetmon by Nino

• Already mirroring GARR netflow data to fastnetmon
• Still have to tune exporter parameters (of production routers), as non production-influencing method for this is investigated
• Nino may provide first intermediate testing results of fastnetmon on wiki in fastnetmon testing if possible
  
  

DDoS Survey

• David will Ask Evangelos how to distribute the survey in coordinated and polite way to the mailing lists provided by Simona (maybe ask Nicole Harris)
  
  

Anyone may edit DDoS Detection/Mitigation Infos (or create sub page under it) for information about DDoS D/M solutions/approaches/products/installations

-> especially Albert / Nino may think what to put there regarding Radware resp. old/new washing machine at Surfnet

• Release plan will be updated in jira: have two releases, v0.9 and v1.0alpha, before eof year
• DFN Cert installed inofficial v0.9: provided info and feedback
• bootstrapping trust via VCs and PGP keys (Web of Trust) complete for future key/configuration distribution

"GN Best Practice Guide for Virtual Meetings" and

"Team Communication Plan (TCP)"

• everyone may check the respective documents (attached to the mails of the invitation to this meeting and the mail announcing these minutes) and may think about how we may use the recommendations to improve our future meetings and the task communication in general

• In 4 weeks, as in 2 weeks David is on another GEANT meeting, i.e. 14.12.2016, 14:15-14:45 CE(S)T

• David will individually contact all members about status before this one in 2 weeks