Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

Flowmon DDOS report mechanics

 

Information

 

Summary:

How are calculated values in the DDOS defender pdf reports

Environment:

Product:Flowmon DDOS

Version:5.x

Platform: All

Question/Problem Description:

What is a correlation between All traffic chart and partial statistics graphs in the Flowmon DDoS Defender pdf report?

Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause:  
Resolution:

Flowmon DDOS defender use two different types of visualization.

1. Traffic graph - provides characteristics for overall long term traffic levels (bps, pps). Use rrd based database with 30s granularity. (Similar to a data in FMC)

2. Statistics visualization - provides time visualization for partial statistics. Use stream in memory processing during attack. Results are stored in Defender database.

Graph part:

Each of triggered method (All, TCP_SYN, etc.) use traffic graph type, shows info related to wider time frame around the attack. Bit/s are for all traffic which match Segment definition.

Data for graph chart are available from time of flows are collected.

Statistics part:

In this section you can find partial statistics with related charts for all different characteristics. This part uses the Statistics visualization. Statistics part contains table of calculated values which is in TopN format. This calculation starts after attack triggering and computing of the attack signature. Because for correct calculation it requires several definitions from the beginning of the attack.

Statistics with port definition

Statistics are aggregated as average value.

Value accuracy:

Statistics data calculations contains internal performance optimization required for long time and complex DDoS attacks. It may cause lower level of values for very short attacks (less than 60 seconds). This behavior is expected, and it is given by difference of attack trigger and possible calculation start.

Goal of this is not show live value traffic but primary level of the attack to considering.

Workaround:  
Notes: Zendesk links or other external links that could help with this.  Full URL.

 


Was this article helpful?
0 out of 0 found this helpful

Comments