@garberg fill in!!!

Brainstorm:

• Fastnetmon integration
• TMS integration

Need to have a lab setup with:

• target machine - pooor box in lab
• attacking machine - KST5-DDOS-1
• mitigation machine - KST5-DDOS-1
• flow analyzer - potentially same machine as we run mitigation on?

We'll use KST5-DDOS-1 both for running snabbddos and for sending traffic. It has a 2x10GE card so we'll send traffic from one port and snabbddos will run on the other port. For this to work we need to do VLAN encapsulation of the clean traffic, see #3

👍

@garberg / @tlundse can you confirm how KST5-DDOS-1 is wired? Are both ports connected to KST5-PEER-1 ?

One of the ports should have two VLANs, one for dirty traffic going to snabbddos and the other for clean return traffic. The dirty should not be VLAN tagged since we want to optimise for speed and stripping a VLAN tag actually takes a few CPU cycles. The clean side should have a VLAN tag and the logical interface should be in the clean VRF. You fix, yes yes? :)

braindump of things we can do:

• get going, at the end of the day we want to trigger an automatic mitigation based on flow information
  • using fastnetmon
  • using arbor?
• test performance, like send from many many sources. test fast and slow path
• Implement faster table, like patricia, dxr or similar - need C skillz - not really my kind of thang
• Statistics ( #9 )
• run on 100G box (in TeraStream lab) - problem is we need RSS on NIC to spread load over many Snabb processes and I don't think there is any support for this right now. Think RSS is enabled by registers on the NIC - a bit too low level for my taste
• implement new countermeasures, like syn proxy