Kentik looked rather useful. We've been browsing in this space quite a bit for the last year. We've consistently struggled with the size of the attacks we are seeing, routinely hitting our upstreams at 2-4x our total uplink size. Has anyone set up any automated triggers with tools like Kentik? Does anyone have any experience with FastNetMon? ( https://github.com/pavel-odintsov/fastnetmon) It seemed to potentially be a useful roll your own type of solution. Ben Wiechman Network Engineer IV | Arvig Direct: 320.256.0184 Cell: 320.247.3224 Office: 320.256.7471 [log in to unmask] On Mon, Aug 1, 2016 at 8:48 AM, Andrew Hoyos <[log in to unmask]> wrote: > We’ve had great luck with Kentik (https://www.kentik.com/) as a general > netflow tool to at least identity DDoS sources/targets (not to mention a > very well rounded tool for analyzing flow data coupled with BGP info/sankey > diagrams, as well). > > From a mitigation perspective, hopefully your upstream providers support > D/RTBH at a minimum. If they don’t, vote with your wallet and go somewhere > that does. > > Set up your IBGP mesh with a blackhole community and local null routing, > with respective policies and communities on your transit edges matching > their blackhole communities. In theory, you should be able to add a null > route anywhere in your ibgp mesh, and have network wide black holing that > also triggers upstream blackholing as well. Ideally, you’d have some sort > of standalone trigger router with OOB access that you can use to originate > those routes into BGP. > > Bonus points for automating that process, or giving tech actionable alert > to copy/paste into a router. > > -- > Andrew Hoyos > [log in to unmask] > > > > > On Jul 30, 2016, at 4:35 PM, Dave Williams <[log in to unmask]> wrote: > > > > Hi all – I know this isn’t a MICE specific question, but I can’t think > of a better group of people to ask! I was wondering if anyone could share > their strategy for DDoS detection and mitigation? We randomly have > troubles with it and as you can imagine it’s quite the pain! > > Thanks in advance! > > d > > > > Dave Williams > > Founder / Visionary > > Revelation Network Management, Inc. > > O: 763.367.6161 > > C: 763.670.5558 > > > > > > To unsubscribe from the MICE-DISCUSS list, click the following link: > > http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1 > > >