Status Updates of work items (FOD/SecEventProcessing/CT
Status of DDoS Detection/Mitigation WG
Concerning GEANT-operations-specfic part:
add question(s) about interest on potential service for outsourcing Firewall/DDoS D/M functionalities (even) to campuses/institutions (maybe based on own SDN developments in future: FwaaS) ?
F2F-Meeting-Planning
AOB
Discussion items
Time
Item
Who
Notes
FOD
Currently investigating FOD source code and third party components/libraries used
investigating code especially regarding port range feature
in github is a newer version than on fod test system test-fod.geant.net (v1.2 vs v1.1.1)
obviously this also includes a REST interface, even for adding rules (at least from first sightings in docs), while the installed one has no REST interface
still to find out which commit the installed one actually represents
how to proceed for the new developments:
Evangelos will setup another test machine where the new version can be tested independently from existsing test system
add new FOD feature: redirection of strange traffic to (e.g.) a scrubbing center (i.e. to other VRF) ?
-> add as additional FOD related question to survey
DDoS Detection/Mitigation Approaches
DDoS Detection Mitigation Survey
RepShield
internal name of the Software: NERD; external (project) name: RepShield
working on automatic downloads of blacklists for NERD
started to implement login via shibboleth (edugain) -> maybe compare with edugain integration of FOD (if needed)
CT
closed a couple of bugs and moved closer towards a 0.9 release
discussed the upcoming key and config management system a bit, so closer to a design
Roadmap Draft
current FOD: v.1.1.1 installed, v1.2 in github
FOD v2 eof 2017-04 as deliverable D8.2; including demo(s)
new (user) functionalities: e.g. rate limiting, statistics view
new management functionalities: internal logging
maybe first preliminary rule proposal from RepShield
DDoS detection/mitigation pilot (v0.5) eof 2017-07 as deliverable D8.3; including demos(s)
FOD with automated rule proposal from RepShield
DDoS detection/mitigation v1 eof 2018; including demos(s)
more enhanced mitigation beyond BGP FlowSpec (FOD)
based on SDN OF/NFV (FwaaS)
also with integrated rule proposal from RepShield
CT production service v1 eof 2016; in parallel to first NREN deplyments of CT server; maybe some demo how to make use of it (maybe using curl with integrated CT support)
CT production service v2 eof 2017-10 as deliverable D8.4; including demos(s)
Some members already filled it. Anybody else: Please fill it!
David will clarify covering of expenses for non-task members (Silvia, Albert) with Jerry
Next regular T6 VC
next regular T6 VC will be 07.09.2016, 14:00-14:30 CEST
Action items
David: will continue to investigate FOD source code and also try to get new version running on local machine (along with all needed libraries/dependencies)
Evangelos: install additional FOD test machine for testing new version separately
All: Fill foodle to find date(s) for potential F2F Kickoff Meeting
David Schmitz clarify covering of expenses of potential F2F Kickoff-Meeting for non-task members (Silvia, Albert) with Jerry
All: next regular task VC: Wed, 07.09.2016, 14:00-14:30 CEST