Date

Attendees

Goals

  • Status Updates of work items (FOD/RepShield), especially:
        • FoD v1.6 pilot
            • extended FoD rule concept / FRU and RepShield:
                  • FoD rules: add taglist attribute for grouping, e.g. NSHaRP proposal for a single NSHaRP event
                  • Proposed FoD rules: possible for users to delete them
                  • user settings regarding rule proposal
            • Deliverable
            • Pilot: Testing
            • git/github: new history
  • Review Open Action Points from last VC(s)
  • AOB
      • PSNC FoD Installation Issue
      • DeIC FoD Installation Issue
      • ACONET FoD EDUgain issue

Discussion items

TimeItemWhoNotes

Firewall On Demand (FoD)
  • (info page for FoD development https://wiki.geant.org/pages/viewpage.action?pageId=63965046)
  • FoD v1.5 = FoD with new functionalities: rule range specification, current rule behaviour statistic graphs, multi-tenant rule control REST-API
  • FoD v1.6 = FoD with automated rule proposal from RepShield
  • FoD v1.5 production
  • FoD v1.6 development
      • Václav updated FRU to propose different types of mitigation rules per NShaRP DDoS event, 2 based on Repshield
      • Pilot testing of FoD v1.6 (with Warden, Repshield, FRU):
          • Already done by David: all works fine
          • Improvement ideas resulting from this:
                  • Allow to display rules in groups in the UI, e.g. group of all rules created by FRU for a particular event
                  • Introduce general tag mechanism for rules to allow flexible grouping, editable by the user
                  • More clearly indicate a rule proposed by FRU as such in UI, allow user to delete (or ignore in UI) the rule explicitly if is is never activated by him
          • Improvement ideas from Evangelos: Introduce user's settings in UI to configure proposal of rules, e.g., allow disabling it completely
          • Hands-On during VC: Václav tested FoD v1.6: all works fine;
          • Václav has some further enhancement proposals regarding usability regarding FoD v1.6 rule-proposal in particular:
                  • Auto-Delete proposed rules untouched by the user after some interval, e.g., default 1 week
                  • Add user setting for configuring interval to auto deleted untouched proposed rules
                  • Improve the name of auto-generated rules: Václav will make a proposal
                  • In rule Add/Edit form: add notes that rate-limit applied to multiple destination IP prefixes will apply separately for each prefix
                  • Improve rule comment and info mail to more clearly indicate that it was proposed automatically by FRU
          • Václav has some further enhancement proposals regarding usability regarding FoD in general:
                  • Allow characters beyond letters, numbers and underscore in rule names
                  • For rules which have no graphs as they were never activated add notes so to increase user understanding about this
                  • In rule Add/Edit form: explain what is the unit of drop-limit, e.g. 10k, 100k, 1000k: packets or bytes?

DDoS Detection/Mitigation (D/M) WG

GARR DDoS D/M PoCs/Testing Framework

      • White paper writing mostly finished
      • First draft to be distributed next Monday
      • The results of the white paper will be presented in next SIG NOC meeting

Next VC

In 2 weeks: 31.10.2018, 14:15-15:15 CE(S)T

Action items

  • Evangelos: check status of ACONET's issue of accessing FoD in combination with IPv6/EDUgain
  • David: test DDos testing tool provided by Tomáš
  • Silvia, Nino: publish draft of white paper
  • all: next regular T6 VC: 31.10.2018, 14:15-15:15 CE(S)T


  • No labels