| Time | Item | Who | Notes |
|---|
| Firewall On Demand (FoD) |
| - (info page for FoD development https://wiki.geant.org/pages/viewpage.action?pageId=63965046)
- FoD v1.5 = FoD with new functionalities: rule range specification, current rule behaviour statistic graphs, multi-tenant rule control REST-API
- FoD v1.6 = FoD with automated rule proposal from RepShield
- Other FoD v1.5 pilot preparations
- Existing user documentation (as presentation document) update currently in progress
- Pilot evaluation survey which was of used for FoD v1.1 has to be reviewed and updated for v1.5
- Pilot UAT testing
- Fix by Tomas for specifying port 0 has been provided, still has to be tested on testing machine before creating new rpm for UAT machine
- First UAT VC: feedback from pilot users:
- Allow port=0 (in list specifications it is maybe already possible e.g. "53,0" ?)
- Remove length-limit (=100) for port ranges
- Allow expiry date to be any date (not only in 10days range from rule creation)
- Add basic info/explanation below stats: e.g., regarding x-axis, scheduling/delay
- Allow to export of stats (e.g. excel, csv, text)
- Provider stats for longer time periods, not only than 1hour, ideally with all time since rule creation
- Better accuracy of relative graphs: e.g. packets/s ?
- FoD v1.5 production service documents
- Now for the future production phase of FoD v1.5 (and all further versions) all necessary PLM documents have to be prepared, e.g. CBA, service description, service design plan
- Especially for the operative documents this will be done in close cooperation of Evangelos
- For most PLM documents, this will be done by filling the FoD service template wiki pages (https://wiki.geant.org/display/gn42jra2/Firewall-On-Demand+%28FoD%29+Service) which David started to fill
- Evangelos will check the service template to get acquainted with it
- FoD v1.6 (with RepShield) development/testing/pilot:
- DDoS simulation/testing would be valuable to test viability of the approach, especially during the development/testing
- VM for DDoS simulation/testing to be installed in Lab still pending
|
| DDoS Detection/Mitigation (D/M) WG |
| GARR DDoS D/M PoCs - Silvia/Nino are now working on a comprehensive Generic Multi-Domain, Multi-Tier (GEANT, NREN, institutions), Multi-Technique (RTBH, FlowSpec, Scrubbing, ...) DDoS Detection/Mitigation Architecture Proposal in combination with their diffrent PoCs (Arbor, Radware,...) they do or plan to todo (https://docs.google.com/presentation/d/1J4TRervPKm3V545uCC-LbnahOOGuEEBOQ-RvAQh4M4E/edit?usp=sharing).
- From now on everything about this is to be put into T6 wiki: https://wiki.geant.org/pages/viewpage.action?pageId=94634234 ,
- Especially time/action plan which has still to be defined in full: https://wiki.geant.org/pages/viewpage.action?pageId=94634243&src=contextnavpagetreemode
- Silvia/Nino will update and complement this plan until end of this year
- Silvia/Nino currently work on a generic excel scheme for reporting the performed tests which especially should make comparison easier
|
| T6 roadmaps update draft: |
| (old version at end of document at https://intranet.geant.org/gn4/2/Activities/JRA2/Milestones%20Documents/Network%20Security%20Services%20Roadmap/M8.6_Network-Security_Roadmap.pdf) - FoD v1.5
- Strategy 03-04/2017 (end 2017-04 as deliverable D8.2)
- Design 05-06/2017
- Development/Testing 04,5-07/2017
- Pilot 07/2017-02,5/2018 (exactly 12.02.2018)
- To-Production 02,5-04,5/2018
- Production 04,5-09/2018
- FoD v1.6
- Strategy 06-07/2017 (end 2017-07 as deliverable D8.3)
- Design 08/2017-01/2018
- Development/Testing 08,5/2017-02/2018
- Transition-to-Pilot 03-04/2018
- Pilot 03-07/2018
- Transition-to-Production 08-09/2018
- Production 10/2018-
- CT service 1.0
- Strategy 08-10/2017 (end 2017-10 as deliverable D8.4)
- Design 09/2017-01/2018
- Development/Testing 11/2017-03/2018
- Transition-to-Pilot 04-05/2018
- Pilot 06/2018-
|
| Next VC |
| In 4 weeks: 10.01.2018, 14:15-15:15 CE(S)T
|
