Date

 

08 Mar 2017

Attendees

Goals

  • Status Updates of work items (FOD/CT)
  • Status of DDoS Detection/Mitigation WG
  • F2F-Meeting-Planning: Discussing potential locations
  • Review Open Action Points from last VC(s)
  • AOB

Discussion items

TimeItemWhoNotes
 Summary from GTS Workshop Utrecht 28.02-1.03 
  • David at GTS Workshop in Utrecht 28.02-1.03
    • Talks with Steve Yee and David Whittaker from CORSA about NSE7000 DDoS filter box
    • New potential member for DDoS D/M WG: Steven Simpson from University Lancaster
    • Talk with Pavel Benáček from CESNET, technical expert of CESNET-developed hardware filter cards
 Firewall On Demand (FOD) 
  • (info page for FOD development https://wiki.geant.org/pages/viewpage.action?pageId=63965046)
  • Evangelos has contact with the GRNET developers who originally developed FOD and continue to develop it further
    • FOD REST API discussed: edit bug found by David verified; GRNET developers will provide a fix
    • Working plugin for rule statistics/graphs in available (productive in GRNET)
    • Update to Django 1.8 (was main issue found in Secure Code Review conducted by SA2-T1)
    • Ideas to switch from NETCONF to ExaBGP
    • => desire to cooperate with T6 regarding further development of FOD
 DDoS Detection/Mitigation WG 
  • Tangui Coulouarn summarized own DDoS D/M solution developed at DEIC:
    • Not based on FOD as complexity and dependence on various third party libs/components was seen as a issue, especially regarding maintenance
    • fastnetmon at the edges
    • local DBs for storing monitored data
    • Automated (active) rule creation from events via FlowSpec (with exaBGP) to Juniper router
    • Frontend for managing rules + querying graphs of fastnetmon stored data
    • => desire to exchange experience, also share code (if suitable)
  • Tomáš, Václav and other CESNET members will be at TNC and present CESNET-developed scrubbing center (based on own hardware cards) in demo session
  • RadWare POC at CIENA in cooperation with GARR:
    • No news
  • Fastnetmon testing at GARR:
    • Silvia/Nino will work out draft scenario for multi-domain use of fastnetmon in GEANT community where fastnetmon is used at institution side and can signal to upstream for mitigation based on local decision of (in the T6 wiki)
  • A10+Flowmon DDoS Defender POC at GEANT:
    • Mitigation issue (dropping of not well-known ports) fixed
    • POC test nearly complete
    • Currently statistics export feature (important for FOD) totally missing
    • Internal statistics nice, but only during attack mitigation, after it not available any more
  • Deepfield POC at GEANT
    • DDoS detection solution
    • In preparation phase
  • Also planned POC of CORSA filter box
    • Box has been shipped, but not yet in lab
  • DDoS D/M Survey:
    • Tomáš forwarded the survey invitation to responsible person in CESNET. Waiting for answer;
    • Evangelos sent invitations to APM list and ddos@lists.geant.org
  • New Foodle for DDoS D/M VC
    • David will make new Foodle with only 4 weeks time-range
 RepShield/NERD 
  • Further work on support for periodic update of blacklists (also regarding config)
 Certificate Transparency (CT) 
  • CT Server
    • v0.10 released as planned
    • Node installed at DFN Cert
      • also all 6.2 Mill certificates in DB transferred
      • running since a week
    • v0.10.1 and v0.10.2 released as bugfix to issues found with help of DFN Cert
    • v1.0 planned
      • user/operator documentation
      • Fixing some missing aspects, e.g. related to software maintenance
  • Task-internal Demo/Presentation (user view of CT):
    • now actual presentation has to be prepared
 F2F Meeting Planning 
  • New Foodle poll for F2F meeting exists, but answer may be hard if place of meeting not know (because of unclear voyage duration)
  • So, first the potential locations have to be found. Candidates currently are:
        • Garching near Munich (LRZ)
        • Prague
        • Rome ? (Silvia/Nino have to check)
        • Stockholm
        • Cambridge (Evangelos has to check)
  • For each of these potential location everyone should check how long travel might potentially be for she/him
 Next VC 

In 2 weeks: 22.03.2017, 14:15-15:15 CE(S)T

Action items