We (AperNet) have an open-source anti-ddos flow monitor called apermon that provides some interesting capabilities. https://github.com/apernet/apermon On Wed, Oct 18, 2023 at 8:51 AM Adam Thompson <athompson@merlin.mb.ca> wrote:
Sorry for the late reply... Sightline *Insight* is the piece the sales team won't sell me, and TAC won't support me, for deployment in our private-cloud environment: it has to be hosted on one of 3 canned server configurations.
I am using Sightline/TMS virtually and it's fine there.
-Adam
Adam Thompson
Consultant, Infrastructure Services
MERLIN
100 - 135 Innovation Drive
Winnipeg, MB R3T 6A8
(204) 977-6824 or 1-800-430-6404 (MB only)
Chat with me on Teams
________________________________ From: NANOG <nanog-bounces+athompson=merlin.mb.ca@nanog.org> on behalf of Dobbins, Roland via NANOG <nanog@nanog.org> Sent: Tuesday, October 10, 2023 9:34:21 PM To: nanog@nanog.org <nanog@nanog.org> Subject: Re: FastNetMon Usage in the wild
On 11 Oct 2023, at 01:50, Adam Thompson <athompson@merlin.mb.ca> wrote:
you need to buy a moderately-expensive hardware server (they don’t let you virtualize it)
To clarify, Sightline has supported virtualization for many years, FYI.
I’m not aware of any anti-DDoS products at ISP scale that aren’t SFlow + Flowspec, possibly including “scrubbing” (diverter box);
I don’t know if it’s an in-band appliance, or a “scrubber”-on-a-stick
In addition to flow telemetry, D/RTBH, S/RTBH, and flowspec, Sightline/TMS supports intelligent DDoS mitigation directly in-line or via diversion/reinjection.
[Full disclosure: I am an employee of NETSCOUT.]