Date
Attendees
- Simona Venuti
- Tomáš Čejka
- Václav Bartoš
- Linus Nordberg
- Evangelos Spatharas
- Albert Hankel
Goals
• Status Updates of work items (FOD/SecEventProcessing/CT)
• Status of DDoS Detection/Mitigation WG
Announcement Mail about DDoS Survey to CERT/CSIRT mailing lists
• GN Best Practice Guide for Virtual Meetings and TCP (-> Documents)
@All: Please read the documents (3 attachments) and think about how the information in it may be applied to our task to improve it.
• Holiday periods of members
@All: Please update information about potential holiday plans at
JRA2T6 Holiday periods of members
• F2F-Meeting-Planning
• Review Open Action Points from last VC(s)
• AOB
Discussion items
Time | Item | Who | Notes |
---|---|---|---|
FOD (refocus of current development activities in T6) | (info page for FOD development JRA2T6 Work Items / Firewall On Demand) Tomas and Vaclav agreed to provide their development man power in next months and help to get FOD (new version) running and tested and help implement needed features Evangelos added accounts for Tomas and Vaclav on FOD testing machines. Issues with missing sudo right for Tomas/Vaclav on both FOD test machines, Evangelos will fix this. Issues with access to the FOD web GUI, Evangelos will add local accounts within FOD on both test machines to handle this. In Progress: First target is to get known to FOD code and installation by investigating about what todo for port range feature After that (or in parallel as far as possible) then to get new (github) version running on second FOD test machine and test its RESTAPI - Tomas sent detailed mail about his investigation/development before the meeting: - Currently he is working on the GUI and the internal part of FOD for the port range feature - Next steps will include investigate and check about the celeryd part which actually installs BGP FlowSpec rules via NETCONF - Basically, it turned out that GEANT core routers do not support port range feature with BGP FlowSpec directly at all - -> a rule with a port range will have to be translated to a list of rules (for each port in the range) - -> enforce a limit on the size of ranges which can be specified: e.g. 100 - plan to have port range feature working on start of January 2017, if possible also find about running new version (depending on difficulty) | ||
DDoS D/M WG | Nino is today busy with testing of Radware installation at GARR. fastnetmon testing by GARR:
DDoS D/M Survey Evangelos prepared nice announcement/invitation mail for the survey. | ||
RepShield | - lots of internal changes | ||
CT | v0.9 was released at end of November: Feature complete version planned for January 2017. v1.0 planned for 2017Q1. | ||
GN Best Practice Guide for Virtual Meetings and TCP | Currently, best practices in Best Practice Guide for Virtual Meetings
regarding team communication plan (TCP): | ||
F2FMtg Planning | Create new foodle next year for it. | ||
Next VC | In 4 weeks, as in David is on holiday from 15-31.12.2016: 04.01.2017, 14:15-14:45 CET |
Action items
- Evangelos: fix sudo rights for Tomas/Vaclav on FOD test machines
- Evangelos: add FOD local accounts for Tomas/Vaclav on both FOD test machines (for acces to FOD we GUI)
- Tomas: investigate/develop port range feature (planned for start of January) while continuing to investigate FOD code and installation of new version
- Nino: if possible, provide first intermediate testing results of fastnetmon on wiki in fastnetmon testing
- Nino: check what to put about Radware DDoS solution info wiki area DDoS Detection/Mitigation Infos
- Evangelos: sent out announcement/invitation mail for DDoS survey
- David: Create new foodle for DDoS D/M WG
- David: Create new foodle for F2F meeting in 2017
- all: Next regular T6 VC: 04.01.2017, 14:15-14:45 CE(S)T