Mitigation Platforms
The management of mitigation platforms in Kentik Detect is covered in the following topics:
- Platforms Page UI
- Mitigation Platforms List
- Platform Status Dialog
- Mitigation Platform Dialogs
- Mitigation Platform Settings
- Add or Edit Mitigation Platform
Notes:
- For a high-level overview of mitigation, see About Mitigation.
- For information on mitigation methods, see Mitigation Methods.
- For information on assigning mitigations in an alert policy, see Threshold Mitigations.
- For information on how mitigations are shown in alert dashboards (Active page and History page), see Alert Dashboards.
- For information on initiating mitigation manually, see Manual Mitigation.
Platforms Page UI
A mitigation platform is the platform on which a mitigation will run, which could be Flowspec, Remotely Triggered Black-Hole routing (RTBH), or a third party system like Radware DefensePro, Cloudflare Magic Transit, or A10 Thunder TPS. Mitigation platforms are managed on the Alerting » Platforms page, which includes the following UI elements:
- Filter field: Filters the Mitigation Platforms List to show only rows containing the entered text in one of the following fields: ID, Name, Platform Type.
- Add Mitigation Platform: A button that opens the Add Mitigation Platform dialog (see Mitigation Platform Dialogs).
- Mitigation Platforms List: A list of your organization’s existing mitigation platforms (see Mitigation Platforms List).
Mitigation Platforms List
The Mitigation Platforms List is a table that lists all of the mitigation platforms that have been created by users in your organization. The table includes the following columns:
- ID: System-assigned unique ID (numeric) for the mitigation platform.
- Name: User-assigned name for the mitigation platform.
- Platform Type: The type of mitigation platform (e.g. RTBH, Radware, etc.).
- Methods: The mitigation methods (from the Mitigation Methods List) that have been associated with this platform.
- Status: Opens the Platform Status Dialog.
Platform Status Dialog
The Platform Status dialog contains information, presented as JSON, that is used only for internal troubleshooting by Kentik support.
Mitigation Platform Dialogs
Adding or editing a mitigation platform via the Kentik portal involves specifying information in the fields of the mitigation platform dialogs, which are covered in the following topics.
Note: In addition to configuring a mitigation platform and method in Kentik, you must also whitelist the IP range 209.50.158.0/23 on 3rd-party mitigation platforms (e.g. Radware or A10) as well as on devices that will be used for flowspec or RTBH mitigations.
About Mitigation Platform Dialogs
The Kentik portal uses the mitigation platform dialogs to enable management of mitigation platform settings. The settings are entered into the fields of either of the following dialogs:
- Add Mitigation Platform when registering a new platform with Kentik Detect.
- Edit Mitigation Platform when editing an already registered platform.
Mitigation Platform Dialogs UI
The Add Mitigation Platform and Edit Mitigation Platform dialogs share the same layout and the following common UI elements:
- Close button: Click the X in the upper right corner to close the dialog. All elements will be restored to their values at the time the dialog was opened.
- Remove button (Edit Mitigation Platform dialog only): Remove the platform from your organization’s collection of mitigation platforms.
- Cancel button: Cancel the add platform or edit platform operation and exit the dialog. All elements will be restored to their values at the time the dialog was opened.
- Add Mitigation Platform button (Add Mitigation Platform dialog only): Save settings for the new platform and exit the dialog.
- Save button (Edit Mitigation Platform dialog only): Save changes to platform settings and exit the dialog.
Mitigation Platform Settings
The settings and controls of the mitigation platform dialogs (Add Mitigation Platform and Edit Mitigation Platform) are covered in the following topics:
Common Platform Settings
The following settings are common to all mitigation platform types:
- Name: User-specified name for the mitigation platform.
- Description: Optional user-provided description text.
- Mitigation Type: A drop-down menu for choosing the type of the mitigation platform from the various platform types supported by Kentik Detect (e.g. Radware, Cloudflare Magic Transit, RTBH, A10 TPS, or Flowspec).
Notes:
- This list includes all supported types, which may include types to which your organization does not actually have access (i.e. if you do not have a Radware, Cloudflare, or A10 mitigation system). Kentik Detect does not automatically verify your choice of mitigation type.
- Cloudflare applies Magic Transit mitigation only when traffic volume exceeds protocol-dependent minimums (100K pps for TCP or UDP; 60K pps for ICMP or GRE). Assigning Cloudflare MT to a Kentik alert policy threshold whose traffic volume is below these minimums may result in Kentik indicating mitigation as active even when Cloudflare isn’t actually mitigating. For lower-volume thresholds, assign an alternative mitigation type (RTBH, Flowspec, etc.). - Mitigation Methods: Click to add methods that have already been created on the Methods page (see Adding a Mitigation Method).
Note: At least one method is required in order to save a platform.
RTBH Platform Settings
If the mitigation platform is set to RTBH, the dialog will also include a Devices field. Clicking the field opens a Selected Devices dialog (see Device Selector with Columns). Use the dialog to choose one or more devices on which to implement RTBH Mitigation.
The dialog will show only the devices in your organization for which the drop-down BGP Type setting is Peer with Device in the BGP tab of the Add Devices or Edit Devices dialog in Admin » Devices (see Device BGP Settings).
Notes:
- For information about RTBH method configuration, see RTBH Mitigation Methods.
- For general information about RTBH, see RTBH Mitigation.
Flowspec Platform Settings
If the mitigation platform is set to Flowspec, the dialog will also include a Devices field. Clicking the field opens a Selected Devices dialog (see Device Selector with Columns). Use the dialog to choose one or more devices on which to implement flowspec mitigation, meaning that the devices will receive flowspec rules via MP-BGP (see Flowspec Mitigation).
The dialog will show only the devices in your organization that have the following settings in the BGP tab of the Add Devices or Edit Devices dialog in Admin » Devices (see Device BGP Settings):
- The drop-down BGP Type setting is Peer with Device.
- The BGP Flowspec Compatibile switch is turned on.
Notes:
- For information about flowspec method configuration, see Flowspec Mitigation Methods.
- For general information about flowspec, see Flowspec Mitigation.
Third-party Platform Settings
If the Mitigation Type is set to a third-party mitigation system (e.g. Cloudflare, A10, or Radware), the following additional fields (which vary depending on the chosen type) will be shown in the modal:
- IP Address (A10) or Vision IP Address (Radware): The IP address or URL (https://ip or ip or https://name or name) of the management interface of the third-party mitigation device.
- API login (Cloudflare or A10) or Vision API login (Radware): User name from the credentials for the third-party mitigation system.
- API password (Cloudflare or A10) or Vision API password (Radware): Password for the third-party mitigation system.
- Cloudflare Account ID (Cloudflare): The ID of your Magic Transit account with Cloudflare.
Note: Cloudflare applies Magic Transit mitigation only when traffic volume exceeds protocol-dependent minimums (100K pps for TCP or UDP; 60K pps for ICMP or GRE). Assigning Cloudflare MT to a Kentik alert policy threshold whose traffic volume is below these minimums may result in Kentik indicating mitigation as active even when Cloudflare isn’t actually mitigating. For lower-volume thresholds, assign an alternative mitigation platform (RTBH, Flowspec, etc.). - Delete IP (Radware or A10): Kentik Detect continually compares its internal list of mitigations with the third-party mitigation system’s list of resources utilized by Kentik-defined mitigations. This switch determines what happens when Kentik finds resources on the third-party system for mitigations that have been deleted from Kentik Detect:
- If the switch is on, Kentik will relay to the third-party mitigation system a list of these resources so that they can be deleted.
- If the switch is off, Kentik will not notify the third-party system about the resources.
Notes:
- Kentik Detect does not automatically verify the provided login username or password. Providing incorrect login information for your third-party mitigation system will cause mitigations based on this mitigation platform to fail.
- For information about third-party method configuration, see Third-party Mitigation Methods.
- For general information about third-party mitigation, see Third-party Mitigation.
Add or Edit Mitigation Platform
Platforms are added and edited via the Platforms page of the Kentik Detect portal (choose Alerting from the Kentik navbar, then Platforms from the sidebar at left). Adding and editing platforms is covered in the following sections:
Adding a Mitigation Platform
To add a new mitigation platform:
- Open the Platforms page (choose Alerting from the Kentik navbar, then Platforms from the sidebar at left).
- Click the Add Mitigation Platform button to open the Add Mitigation Platform dialog.
- Specify the values of the fields in the dialog (see Mitigation Platform Settings).
- Save the new platform by clicking the Add Mitigation Platform button (lower right).
Editing a Mitigation Platform
To edit the settings for an existing mitigation platform:
- In the Mitigation Platforms List, click in the row of the platform that you’d like to edit. The Edit Mitigation Platform dialog will open.
- Edit the platform’s settings by changing any fields that you’d like to modify (see Mitigation Platform Settings).
- To save changes, click the Save button (lower right).
To remove the platform from your organization’s collection of mitigation platforms, click Remove (lower left).