sFlow-RT DDoS Protect

Trend DDoS attack mitigation actions implemented using BGP Flowspec and RTBH

sFlow-RT DDoS Protect screenshot 1

sFlow-RT DDoS Protect

This dashboard trends DDoS attack mitigation actions performed by sFlow-RT analyzer running the ddos-protect application. The sFlow-RT analysis software collects streaming telemetry from industry standard sFlow Agents embedded in network devices. The ddos-protect application detects DDoS amplification and flood attacks and automatically mitigates them using BGP Flowspec and RTBH actions.

Use the sflow/ddos-protect image to run sFlow-RT using Docker:

console
docker run --net=host sflow/ddos-protect -Dddos_protect.router=<ip> -Dddos_protect.as=<ASN>

Use the following Prometheus scrape configuration to collect the metrics from sFlow-RT:

console
scrape_configs:
  - job_name: 'sflow-rt-analyzer'
    metrics_path: /prometheus/analyzer/txt
    static_configs:
      - targets: ['sflow-rt.mysite.org:8008']
  - job_name: 'sflow-rt-metrics'
    metrics_path: /prometheus/metrics/ALL/ALL/txt
    static_configs:
      - targets: ['sflow-rt.mysite.org:8008']
    metric_relabel_configs:
      - source_labels: ['agent', 'datasource']
        separator: ':'
        target_label: instance
  - job_name: 'sflow-rt-ddos'
    metrics_path: /app/ddos-protect/scripts/ddos.js/prometheus/txt
    scheme: http
    static_configs:
      - targets: ['sflow-rt.mysite.org:8008']
Revisions
RevisionDescriptionCreated

Get this dashboard

Import the dashboard template

or

Download JSON

Datasource
Dependencies