kentik Product Updates logo
Back to Homepage Subscribe to Updates

Product Updates

Latest features, improvements, and product updates on Kentik's Network Observability platform.

Labels

  • All Posts
  • Improvement
  • Hybrid Cloud
  • Core
  • Service Provider
  • UI/UX
  • Synthetics
  • Insights & Alerting
  • DDoS
  • New feature
  • BGP Monitoring
  • MyKentik Portal
  • Agents & Binaries
  • Kentik Map
  • API
  • BETA
  • Flow
  • SNMP
  • NMS
  • AI

Jump to Month

  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • July 2021
  • June 2021
  • May 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • October 2020
  • September 2020
  • June 2020
  • February 2020
  • August 2019
  • June 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • September 2018
  • August 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • April 2016
DDoSNew feature
6 years ago

Mitigation with BGP Flowspec

Like Remote Trigger Blackhole (RTBH), Flowspec is a means of using BGP to respond defensively to a DDoS attack. But while RTBH is a blunt instrument, dropping all traffic toward the victim's IP address, Flowspec lets you respond to attacks with surgical precision. It offers a greater range of possible mitigation actions and it’s also far more granular in terms of defining which traffic is affected by those actions.


Based on IETF RFC 5575, Flowspec works by distributing a “flow specification” that can be read by any routing system that supports MP-BGP. The Flowspec defines a filter for matching traffic based on certain packet properties (IP, ports, protocol, etc.) as well as an extended community value that specifies actions to take on matching packets (drop, forward, rate-limit, etc.).

Kentik’s support for Flowspec-based DDoS mitigation is integrated directly into our powerful anomaly detection and alerting system, enabling our customers to leverage the built-in traffic filtering capabilities of their existing network hardware. For our initial “preview” phase of Flowspec support, the following Flowspec capabilities are now implemented in Kentik Detect:

  • Manual Flowspec mitigation
  • Flowspec mitigation from alarms
  • Programmable Flowspec mitigation via “Infer From Alarm”

Flowspec Setup

The workflow for Flowspec setup is detailed in our Knowledge Base topic on Configuring Flowspec Mitigation, but here’s an overview of the process:

  • Configure devices for Flowspec
  • Enable Flowspec in Kentik device admin
  • Create a Flowspec mitigation method
  • Specify Flowspec conditions and actions
  • Create a Flowspec mitigation platform
  • Link the method to the platform

Once we’ve created a Flowspec we can use it in a couple of different ways. The most common application would be to deploy an automated Flowspec mitigation, which means that we assign the mitigation to a threshold in an alert policy (as shown above), so the mitigation is triggered when the threshold’s conditions are met. Alternatively, you can deploy the Flowspec mitigation manually as described in Start a Manual Mitigation.

For more information, please see our blog post Kentik Takes a Leap Forward in DDoS Defense and the Flowspec Mitigation Knowledge Base topic. To discuss the benefits of Flowspec, or to enable Flowspec support for your organization, please contact the team at Kentik Customer Success.

Avatar of authorJoe Reves