sFlow-RT DDoS Protect

Dashboard

Trend DDoS attack mitigation actions implemented using BGP Flowspec and RTBH
Last updated: 2 months ago

Downloads: 67

Reviews: 0

  • ddos-protect.png
    ddos-protect.png

sFlow-RT DDoS Protect

This dashboard trends DDoS attack mitigation actions performed by sFlow-RT analyzer running the ddos-protect application. The sFlow-RT analysis software collects streaming telemetry from industry standard sFlow Agents embedded in network devices. The ddos-protect application detects DDoS amplification and flood attacks and automatically mitigates them using BGP Flowspec and RTBH actions.

Use the sflow/ddos-protect image to run sFlow-RT using Docker:

docker run --net=host sflow/ddos-blackhole -Dddos_blackhole.router=<ip> -Dddos_blackhole.as=<ASN>

Use the following Prometheus scrape configuration to collect the metrics from sFlow-RT:

scrape_configs:
  - job_name: 'sflow-rt-analyzer'
    metrics_path: /prometheus/analyzer/txt
    static_configs:
      - targets: ['sflow-rt.mysite.org:8008']
  - job_name: 'sflow-rt-metrics'
    metrics_path: /prometheus/metrics/ALL/ALL/txt
    static_configs:
      - targets: ['sflow-rt.mysite.org:8008']
    metric_relabel_configs:
      - source_labels: ['agent', 'datasource']
        separator: ':'
        target_label: instance
  - job_name: 'sflow-rt-ddos'
    metrics_path: /sflow-rt/app/ddos-protect/scripts/ddos.js/prometheus/txt
    scheme: http
    static_configs:
      - targets: ['sflow-rt.mysite.org:8008']
Dependencies: