sFlow-RT DDoS Protect
This dashboard trends DDoS attack mitigation actions performed by sFlow-RT analyzer running the ddos-protect application. The sFlow-RT analysis software collects streaming telemetry from industry standard sFlow Agents embedded in network devices. The ddos-protect application detects DDoS amplification and flood attacks and automatically mitigates them using BGP Flowspec and RTBH actions.
Use the sflow/ddos-protect image to run sFlow-RT using Docker:
docker run --net=host sflow/ddos-blackhole -Dddos_blackhole.router=<ip> -Dddos_blackhole.as=<ASN>
Use the following Prometheus scrape configuration to collect the metrics from sFlow-RT:
scrape_configs: - job_name: 'sflow-rt-analyzer' metrics_path: /prometheus/analyzer/txt static_configs: - targets: ['sflow-rt.mysite.org:8008'] - job_name: 'sflow-rt-metrics' metrics_path: /prometheus/metrics/ALL/ALL/txt static_configs: - targets: ['sflow-rt.mysite.org:8008'] metric_relabel_configs: - source_labels: ['agent', 'datasource'] separator: ':' target_label: instance - job_name: 'sflow-rt-ddos' metrics_path: /sflow-rt/app/ddos-protect/scripts/ddos.js/prometheus/txt scheme: http static_configs: - targets: ['sflow-rt.mysite.org:8008']