Arbour Peakflow is probably the way to go. However if you don't want to spend a ton of money, you might want to consider using a stub router +bgp coupled with a server running the appropriate SNMP tools (perhaps cacti) to publish your desired data. It's not the most convenient solution but it should do.. Cheers. -CK On Thu, Jan 31, 2013 at 03:37:41PM +0100, Piotr wrote:
Hi,
I looking some box (vendor, model), which i can put out of the main/product network, which can analyze packets netflow,sflow,syslog from bgp router(s) and after discover some anomaly it can do some action, for example:
- Box have bgp session with bgp router and advertise attacked ip prefix with some community. Bgp router set next-hop for this prefix to /dev/null
Normal traffic via bgp router is about 1G/s in and 10G/s out
What is worth of looking and what you suggest ?
thanks for help, Piotr