Skip to content
Snippets Groups Projects
Select Git revision
  • feature/exabgp_support2.bgpextcommunity
  • feature/exabgp_support2.django4.2
  • feature/exabgp_support2
  • fix/existingcheck_honor_fragtype
  • feature/python3-authz_netmask
  • feature/authz_netmask
  • python3 default protected
  • fix/wrong_ratelimit_stats
  • feature/requirements_version_update2024-01
  • feature/split_celery
  • feature/improved-warning-mails
  • fix/reenable_expireset_via_restapi
  • feature/admin_user_delete_with_owned_rule_reassigning1
  • feature/admin_user_delete_with_owned_rule_reassigning
  • feature/branded_doc
  • fix/forked_snmp_polling_worker_exit_issue
  • fix/false_user_activation_error
  • feature/exabgp_with_docker-compose
  • fix/prefix_overlap_handling
  • fix/js_security_issues-a
  • save1
  • rpm-1.5-7
  • working1
  • myv1.6
  • t12b1
  • v1.5_newnew2
  • merged_final
  • v1.5_newnew
  • startstop_old
  • myadd2
  • tomas3
  • merge_jra2t6_and_RESTAPI
  • mytomas2
  • mynew1
  • new_jra2t6
  • v1.5_final
  • fod16_ruleroutes-merged_old
  • merged_new
  • v1.6_new_old
  • v1.5_new_old_follower
40 results
Compare
user avatar
fix/wrong_ratelimit_stats: update of...
David Schmitz authored 
fix/wrong_ratelimit_stats: update of ./doc/development/format_of_snmp_json_db_file.txt to reflect new distinct matched and dropped stat values
893a1a00
History
user avatar 893a1a00
History
Name Last commit Last update
..
administration_and_usage
api
configuration
development
installation
prerequisites
.gitignore
index.md
route-states-usage.dia
route-states-usage.svg
index.md

Description

Firewall on Demand applies, via Netconf, flow rules to a network device. These rules are then propagated via e-bgp to peering routers. Each user is authenticated against shibboleth. Authorization is performed via a combination of a Shibboleth attribute and the peer network address range that the user originates from. FoD is meant to operate over this architecture:

    +-----------+          +------------+        +------------+  
    |   FoD     | NETCONF  | flowspec   | ebgp   |   router   |  
    | web app   +----------> device     +-------->            |  
    +-----------+          +------+-----+        +------------+  
                                  | ebgp  
                                  |  
                           +------v-----+  
                           |   router   |  
                           |            |  
                           +------------+

NETCONF is chosen as the mgmt protocol to apply rules to a single flowspec capable device. Rules are then propagated via igbp to all flowspec capable routers. Of course FoD could apply rules directly (via NETCONF always) to a router and then ibgp would do the rest. In GRNET’s case the flowspec capable device is an EX4200.

** Attention **

Make sure your FoD server has SSH access to your flowspec device.

Index

Contact

You can find more about FoD or raise your issues at [Github FoD repository].

You can contact us directly at fod{at}lists[dot]geant(.)org

GRNET Contact

You can find more about FoD or raise your issues at [Github FoD repository].

You can contact GRNET at dev{at}noc[dot]grnet(.)gr

Repositories

Copyright and license

Copyright © 2017-2023 GÈANT GN4-2/GN4-3/GN5-1 Project

Copyright © 2010-2017 Greek Research and Technology Network (GRNET S.A.)

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.