The management of mitigation platforms in Kentik Detect is covered in the following topics:
- For a high-level overview of mitigation, see About Mitigation.
- For information on mitigation methods, see Mitigation Methods.
- For information on assigning mitigations in an alert policy, see Threshold Mitigations.
- For information on how mitigations are shown in alert dashboards (Active page and History page), see Alert Dashboards.
- For information on initiating mitigation manually, see Manual Mitigation.
A mitigation platform is the platform on which a mitigation will run, which could be Flowspec, Remotely Triggered Black-Hole routing (RTBH), or a third party system like Radware DefensePro or A10 Thunder TPS. Mitigation platforms are managed on the Alerting » Platforms page, which includes the following UI elements:
- Filter field: Filters the Mitigation Platforms List to show only rows containing the entered text in one of the following fields: ID, Name, Platform Type.
- Add Mitigation Platform: A button that opens the Add Mitigation Platform dialog (see Mitigation Platform Dialogs).
- Mitigation Platforms List: A list of your organization’s existing mitigation platforms (see Mitigation Platforms List).
The Mitigation Platforms List is a table that lists all of the mitigation platforms that have been created by users in your organization. The table includes the following columns:
- ID: System-assigned unique ID (numeric) for the mitigation platform.
- Name: User-assigned name for the mitigation platform.
- Platform Type: The type of mitigation platform (e.g. RTBH, A10, or Radware).
- Methods: The mitigation methods (from the Mitigation Methods List) that have been associated with this platform.
- Status: Opens the Platform Status Dialog.
The Platform Status dialog contains information, presented as JSON, that is used only for internal troubleshooting by Kentik support.
Adding or editing a mitigation platform via the Kentik portal involves specifying information in the fields of the mitigation platform dialogs, which are covered in the following topics.
Note: In addition to configuring a mitigation platform and method in Kentik Detect, you must also whitelist the IP range 126.96.36.199/23 on 3rd-party mitigation platforms (e.g. Radware or A10) as well as on devices that will be used for flowspec or RTBH mitigations.
The Kentik portal uses the mitigation platform dialogs to enable management of mitigation platform settings. The settings are entered into the fields of either of the following dialogs:
- Add Mitigation Platform when registering a new platform with Kentik Detect.
- Edit Mitigation Platform when editing an already registered platform.
The Add Mitigation Platform and Edit Mitigation Platform dialogs share the same layout and the following common UI elements:
- Close button: Click the X in the upper right corner to close the dialog. All elements will be restored to their values at the time the dialog was opened.
- Remove button (Edit Mitigation Platform dialog only): Remove the platform from your organization’s collection of mitigation platforms.
- Cancel button: Cancel the add platform or edit platform operation and exit the dialog. All elements will be restored to their values at the time the dialog was opened.
- Add Mitigation Platform button (Add Mitigation Platform dialog only): Save settings for the new platform and exit the dialog.
- Save button (Edit Mitigation Platform dialog only): Save changes to platform settings and exit the dialog.
The settings and controls of the mitigation platform dialogs (Add Mitigation Platform and Edit Mitigation Platform) are covered in the following topics:
The following settings are common to all mitigation platform types:
- Name: User-specified name for the mitigation platform.
- Description: Optional user-provided description text.
- Platform: A drop-down menu for choosing the type of the mitigation platform from the various platform types supported by Kentik Detect (e.g. RTBH, A10, or Radware).
Note: This list includes all supported types, which may include types to which your organization does not actually have access (i.e. if you do not have an A10 or Radware mitigation system). Kentik Detect does not automatically verify your choice of mitigation type.
- Mitigation Methods: Click to add methods that have already been created on the Methods page (see Adding a Mitigation Method).
Note: If the method you want to use with this platform doesn’t already exist you can come back to this setting after the method is created.
If the mitigation platform is set to RTBH, the dialog will also include a Devices field. Clicking the field opens a Selected Devices dialog (see Device Selector with Columns). Use the dialog to choose one or more devices on which to implement RTBH Mitigation.
The dialog will show only the devices in your organization for which the drop-down BGP Type setting is Peer with Device in the BGP tab of the Add Devices or Edit Devices dialog in Admin » Devices (see Device BGP Settings).
- For information about RTBH method configuration, see RTBH Mitigation Methods.
- For general information about RTBH, see RTBH Mitigation.
If the mitigation platform is set to Flowspec, the dialog will also include a Devices field. Clicking the field opens a Selected Devices dialog (see Device Selector with Columns). Use the dialog to choose one or more devices on which to implement flowspec mitigation, meaning that the devices will receive flowspec rules via MP-BGP (see Flowspec Mitigation).
The dialog will show only the devices in your organization that have the following settings in the BGP tab of the Add Devices or Edit Devices dialog in Admin » Devices (see Device BGP Settings):
- The drop-down BGP Type setting is Peer with Device.
- The BGP Flowspec Compatibile switch is turned on.
- For information about flowspec method configuration, see Flowspec Mitigation Methods.
- For general information about flowspec, see Flowspec Mitigation.
If the mitigation type is set to a third-party mitigation system (e.g. A10 or Radware), the following additional fields will be shown in the modal:
- IP Address (A10) or Vision IP Address (Radware): The IP address or URL (https://ip or ip or https://name or name) of the management interface of the third-party mitigation device.
- API login (A10) or Vision API login (Radware): User name from the credentials for the third-party mitigation system.
- API password (A10) or Vision API password (Radware): Password for the third-party mitigation system.
- Delete IP: Kentik Detect continually compares its internal list of mitigations with the third-party mitigation system’s list of resources utilized by Kentik-defined mitigations. This switch determines what happens when Kentik finds resources on the third-party system for mitigations that have been deleted from Kentik Detect:
- If the switch is on, Kentik will relay to the third-party mitigation system a list of these resources so that they can be deleted.
- If the switch is off, Kentik will not notify the third-party system about the resources.
- Kentik Detect does not automatically verify the provided login username or password. Providing incorrect login information for your third-party mitigation system will cause mitigations based on this mitigation platform to fail.
- For information about third-party method configuration, see Third-party Mitigation Methods.
- For general information about third-party mitigation, see Third-party Mitigation.
Platforms are added and edited via the Platforms page of the Kentik Detect portal (choose Alerting from the Kentik navbar, then Platforms from the sidebar at left). Adding and editing platforms is covered in the following sections:
To add a new mitigation platform:
- Open the Platforms page (choose Alerting from the Kentik navbar, then Platforms from the sidebar at left).
- Click the Add Mitigation Platform button to open the Add Mitigation Platform dialog.
- Specify the values of the fields in the dialog (see Mitigation Platform Settings).
- Save the new platform by clicking the Add Mitigation Platform button (lower right).
To edit the settings for an existing mitigation platform:
- In the Mitigation Platforms List, click in the row of the platform that you’d like to edit. The Edit Mitigation Platform dialog will open.
- Edit the platform’s settings by changing any fields that you’d like to modify (see Mitigation Platform Settings).
- To save changes, click the Save button (lower right).
To remove the platform from your organization’s collection of mitigation platforms, click Remove (lower left).