Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

TimeItemWhoNotes
FOD 
  • Currently investigating FOD source code and third party components/libraries used
    • investigating code especially regarding port range feature
    • in github https://github.com/grnet/flowspy is a newer version than on fod FOD test system test-fod.geant.net (v1.2 vs. v1.1.1)
      • obviously this also includes a REST interface, even for adding rules (at least from first sightings in docs), while the installed one has no REST interface
      • still to find out which commit the installed one actually represents
    • how to proceed for the new developments:
    • Evangelos will setup another test machine where the new version can be tested independently from existsing existing test system

  • add new FOD feature: redirection of strange traffic to (e.g.) a scrubbing center (i.e. to other VRF) ?

->  add as additional FOD related question to survey

 DDoS Detection/Mitigation Approaches 
  • Evangelos: Discussed potential scrubbing center solution (based on flowmon) in a short meeting with A10:
    • 2 solutions: ddos DDoS defender or deepfieldDeepfield; later on more advanced and seemingly with A10 devices for mitigation
  • Linus: Deepfield is used in Nordunet (for traffic metric, not DDoS D/M) which is currently trying to replace it as it seems to be more orientating towards nice business analysis views; -> better really analyze the underlying technical design of any approach to compare among them
  • Nino: why only testing solution from a single vendor? GARR has plans to compare solution (e.g. for washing machine) of multiple vendors, e.g. RadWareRadware, Arbor, F5; also take into account type of attacks addresses and used detection methods (e.g. netflow for port-level detection; deep packet inspection also detect application-level attacks; how to wash/redirect the traffic) as well as as needed effort -> why not perform this analysis by GARR and GEANT?

  • Evangelos: other DDoS D/M approch e.g. from Xanataro

    Linus: Deepfield is used in Nordunet (for traffic metric, not

    other DDoS D/M

    ) which is currently trying to replace it as it seems to be more orientating towards nice business analysis views; -> better really analyse the underlying technical design of any approach to compare among them

    approach from Xanataro

 DDoS Detection Mitigation Survey 
  • Evangelos will send proposal for GEANT-specific questions
  • Based on this David will propose potential futher further question concerning interest on FwaaS
 RepShield 
  • internal name of the Software: NERD; external (project) name: RepShield
  • working on automatic downloads of blacklists for NERD
  • started to implement login via shibboleth (edugainEduGain) -> maybe compare with edugain EduGain integration of FOD (if needed)
 CT 
  • closed a couple of bugs and moved closer towards a 0.9 release
  • discussed the upcoming key and config management system a bit, so closer to a design
 Roadmap Draft 
  • current FOD: v.1.1.1 installed, v1.2 in github
  • FOD v2 eof 2017-04 as deliverable D8.2; including demo(s)
    • new (user) functionalities: e.g. rate limiting, statistics view
    • new management functionalities: internal logging
    • maybe first preliminary rule proposal from RepShield
  • DDoS detection/mitigation pilot (v0.5) eof 2017-07 as deliverable D8.3; including demos(s)
    •  FOD with automated rule proposal from RepShield
  • DDoS detection/mitigation v1 eof 2018; including demos(s)
    • more enhanced mitigation beyond BGP FlowSpec (FOD)
    • based on SDN OF/NFV (FwaaS)
    • also with integrated rule proposal from RepShield

  • CT production service v1 eof 2016; in parallel to first NREN deplyments of CT server; maybe some demo how to make use of it (maybe using curl with integrated CT support)
  • CT production service v2 eof 2017-10 as deliverable D8.4; including demos(s)
 F2F-Meeting-Planning 

Foodle to find appropriate date(s): http://foodl.org/foodle/Dste-for-potential-JRA2-T6-Kickoff-57b56

Some members already filled it. Anybody else: Please fill it!

David will clarify covering of expenses for non-task members (Silvia, Albert) with Jerry

 Next regular T6 VC next regular T6 VC will be 07.09.2016, 14:00-14:30 CEST

...

  •  David: will continue to investigate FOD source code and also try to get new version running on local machine (along with all needed libraries/dependencies)
  •  Evangelos: install additional FOD test machine for testing new version separately
  •  

    Evangelos: will discuss with superiors about common testing of commercial DDoS D/M solutions by GEANT and GARR (and maybe other NRENs)

  •  Anybody who likes: may distribute information/overview/diagrams about potential/proposed/planned/existing DDoS D/M approach/proof-of-concept/deployment scenario, commercial or not, to the mailing list (or to T6 wiki: DDoS Detection/Mitigation Infos and/or DDoS Detection/Mitigation Approaches/DeploymentScenarios )
  •  Evangelos: will send proposal for GEANT-specific questions in DDoS D/M survey
  •  David: Based on this David will propose potential futher further question concerning interest on FwaaS in DDoS D/M survey
  •  All: Fill foodle to find date(s) for potential F2F Kickoff Meeting
  •  David Schmitz clarify covering of expenses of potential F2F Kickoff-Meeting for non-task members (Silvia, Albert) with Jerry
  •  All: next regular task VC: Wed, 07.09.2016, 14:00-14:30 CEST

...