LISTSERV 16.0 - MICE-DISCUSS Archives

Kentik looked rather useful. We've been browsing in this space quite a bit
for the last year. We've consistently struggled with the size of the
attacks we are seeing, routinely hitting our upstreams at 2-4x our total
uplink size.

Has anyone set up any automated triggers with tools like Kentik?

Does anyone have any experience with FastNetMon? (
https://github.com/pavel-odintsov/fastnetmon) It seemed to potentially be a
useful roll your own type of solution.




Ben Wiechman
Network Engineer IV | Arvig
Direct: 320.256.0184
Cell: 320.247.3224
Office: 320.256.7471
[log in to unmask]

On Mon, Aug 1, 2016 at 8:48 AM, Andrew Hoyos <[log in to unmask]> wrote:

> We’ve had great luck with Kentik (https://www.kentik.com/) as a general
> netflow tool to at least identity DDoS sources/targets (not to mention a
> very well rounded tool for analyzing flow data coupled with BGP info/sankey
> diagrams, as well).
>
> From a mitigation perspective, hopefully your upstream providers support
> D/RTBH at a minimum. If they don’t, vote with your wallet and go somewhere
> that does.
>
> Set up your IBGP mesh with a blackhole community and local null routing,
> with respective policies and communities on your transit edges matching
> their blackhole communities. In theory, you should be able to add a null
> route anywhere in your ibgp mesh, and have network wide black holing that
> also triggers upstream blackholing as well. Ideally, you’d have some sort
> of standalone trigger router with OOB access that you can use to originate
> those routes into BGP.
>
> Bonus points for automating that process, or giving tech actionable alert
> to copy/paste into a router.
>
> --
> Andrew Hoyos
> [log in to unmask]
>
>
>
> > On Jul 30, 2016, at 4:35 PM, Dave Williams <[log in to unmask]> wrote:
> >
> > Hi all – I know this isn’t a MICE specific question, but I can’t think
> of a better group of people to ask!  I was wondering if anyone could share
> their strategy for DDoS detection and mitigation?  We randomly have
> troubles with it and as you can imagine it’s quite the pain!
> > Thanks in advance!
> > d
> >
> > Dave Williams
> > Founder / Visionary
> > Revelation Network Management, Inc.
> > O: 763.367.6161
> > C: 763.670.5558
> >
> >
> > To unsubscribe from the MICE-DISCUSS list, click the following link:
> > http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1
> >
>