On Feb 2, 2021, at 00:34, Douglas Fischer <fischerdoug...@gmail.com> wrote:
Or even know if already there is a solution to that and I'm trying to invent the wheel. Many flow telemetry export implementations on routers/layer3 switches report both passed & dropped traffic on a continuous basis for DDoS detection/classification/traceback. It's also possible to combine the detection/classification/traceback & flowspec trigger functions. [Full disclosure: I work for a vendor of such systems.] -------------------------------------------- Roland Dobbins <roland.dobb...@netscout.com>