DDoS mitigation using Peakflow

• Click in the e-mail of the DDoS report on the

url.
• If you want to mitigate/blackhole the
client/ip, click the mitigate button to start the
process of null routing the ip
• Choose blackhole as the format
 Fill in the form
• Offramp prefix should be the ip of the cusomter
(including /32)
• Select Null route as nexthop
• Select both core routers (do so by selecting them and
click the black down arrow) (see sheet 6)
• Enter communities if you want traffic in upstream
provider to be dropped (Hit the set community group
to set communities) (see sheet 7 and see sheet 8 vor
when to set them)
• Choose a timeout (for now 2 hours should do it, or if
choose more minutes if you want a good night sleep)
 Start the magic
• Hit the start button to null route!
How to add routers
Add communities
 When to null route upstream?
• Check the affected routes section in the DoS
report (next sheet is an example)
• Per port the impact can be seen. If one port of
the upstream provider (JointTransit 1x20G,
Cogent 2x10G, EUtransit 2x20G)is potentially
saturated
When to null route upstream?