Time | Item | Who | Notes |
---|
| FOD | aa | - Currently investigating FOD source code and third party components/libraries used
- investigating code especially regarding port range feature
- in github https://github.com/grnet/flowspy is a newer version than on FOD test system test-fod.geant.net (v1.2 vs. v1.1.1)
- obviously this also includes a REST interface, even for adding rules (at least from first sightings in docs), while the installed one has no REST interface
- still to find out which commit the installed one actually represents
- how to proceed for the new developments:
- Evangelos will setup another test machine where the new version can be tested independently from existing test system
- add new FOD feature: redirection of strange traffic to (e.g.) a scrubbing center (i.e. to other VRF) ?
-> add as additional FOD related question to survey |
| DDoS Detection/Mitigation Approaches | | - Evangelos: Discussed potential scrubbing center solution (based on flowmon) in a short meeting with A10:
- 2 solutions: DDoS defender or Deepfield; later on more advanced and seemingly with A10 devices for mitigation
- Linus: Deepfield is used in Nordunet (for traffic metric, not DDoS D/M) which is currently trying to replace it as it seems to be more orientating towards nice business analysis views; -> better really analyze the underlying technical design of any approach to compare among them
Nino: why only testing solution from a single vendor? GARR has plans to compare solution (e.g. for washing machine) of multiple vendors, e.g. Radware, Arbor, F5; also take into account type of attacks addresses and used detection methods (e.g. netflow for port-level detection; deep packet inspection also detect application-level attacks; how to wash/redirect the traffic) as well as as needed effort -> why not perform this analysis by GARR and GEANT? Evangelos: e.g. other DDoS D/M approach from Xanataro
|
| DDoS Detection Mitigation Survey | | - Evangelos will send proposal for GEANT-specific questions
- Based on this David will propose potential further question concerning interest on FwaaS
|
| RepShield | | RepShield | | - internal name of the Software: NERD; external (project) name: RepShield
- working on automatic downloads of blacklists for NERD
- started to implement login via shibboleth (EduGain) -> maybe compare with EduGain integration of FOD (if needed)
|
| CT | | - closed a couple of bugs and moved closer towards a 0.9 release
- discussed the upcoming key and config management system a bit, so closer to a design
|
| Roadmap | | Draft | | - current FOD: v.1.1.1 installed, v1.2 in github
- FOD v2 eof 2017-04 as deliverable D8.2; including demo(s)
- new (user) functionalities: e.g. rate limiting, statistics view
- new management functionalities: internal logging
- maybe first preliminary rule proposal from RepShield
- DDoS detection/mitigation pilot (v0.5) eof 2017-07 as deliverable D8.3; including demos(s)
- FOD with automated rule proposal from RepShield
- DDoS detection/mitigation v1 eof 2018; including demos(s)
- more enhanced mitigation beyond BGP FlowSpec (FOD)
- based on SDN OF/NFV (FwaaS)
- also with integrated rule proposal from RepShield
- CT production service v1 eof 2016; in parallel to first NREN deplyments of CT server; maybe some demo how to make use of it (maybe using curl with integrated CT support)
- CT production service v2 eof 2017-10 as deliverable D8.4; including demos(s)
|
| F2F-Meeting-Planning | | Foodle to find appropriate date(s): http://foodl.org/foodle/Dste-for-potential-JRA2-T6-Kickoff-57b56 Some members already filled it. Anybody else: Please fill it! David will clarify covering of expenses for non-task members (Silvia, Albert) with Jerry |
| Next regular T6 VC | | next regular T6 VC will be 07.09.2016, 14:00-14:30 CEST |