Ddos profile (#59)

* first version * fix alias * fix * fix * update * ddos final version * final version with doc * add ptx * fix measurements * fix typo * update version --------- Co-authored-by: door7302 <[email protected]>
door7302 · Oct 24, 2024 · 48b2aa1 · 48b2aa1
1 parent c55609e
commit 48b2aa1
Show file tree

Hide file tree

Showing 10 changed files with 1,237 additions and 1 deletion.
diff --git a/PROFILES.md b/PROFILES.md
@@ -307,3 +307,25 @@ FWF KPIs: per firewall term counters, per policer drop counter...
     (1) Select per router, per filter, per counter & policer history
     (2) PPS view – Counters are displayed as positive Y and Policer out-of-spec counters as Negative Y
     (3) BPS view – Counters are displayed as positive Y and Policer out-of-spec counters as Negative Y
+
+## DDOS profile
+
+DDOS protection KPIs: Support per MPC DDOS protection statistics
+Currently, only supported for MX & PTX
+
+### Sensor path details
+
+![ddos.png](./img/sensors/ddos.png)
+
+### Dashboard screenshots
+
+![ddos1.png](./img/profiles/ddos/ddos1.png)
+
+    (1) Filter per router, per protocol and sub protocol 
+    (2) Global Dashbord - Display for the last 15 minutes the router(s) under DDOS Policer Violation 
+    (3) Per Protocol Details for the selected router
+    (4) Current (aggregated) protocol stats (Received, Dropped & Punted to RE)
+    (5) History of received pps, per Linecard, for a given protocol and one or several sub-protocol.
+    (6) History of dropped pps, per Linecard, for a given protocol and one or several sub-protocol.
+    (7) History of punted pps, per Linecard, to the RE for a given protocol and one or several sub-protocol.
+
diff --git a/compose/.version b/compose/.version
@@ -1 +1 @@
-1.0.11
+1.0.12
diff --git a/compose/jtso/profiles/ddos.tgz b/compose/jtso/profiles/ddos.tgz
diff --git a/design_profile/ddos/all_ddos.conf b/design_profile/ddos/all_ddos.conf
@@ -0,0 +1,135 @@
+###############################################################################
+#                            SERVICE INPUT PLUGINS                            #
+###############################################################################
+[[inputs.gnmi]]
+
+  addresses = [
+    {{range .rtrs}}
+    "{{.}}",
+    {{end}}
+        ]
+  username = "{{.username}}"
+  password = "{{.password}}"
+
+  {{if .tls}}
+  ## enable client-side TLS and define CA to authenticate the device
+  enable_tls = true
+  tls_ca = "/var/cert/RootCA.crt"
+  ## Minimal TLS version to accept by the client
+  # tls_min_version = "TLS12"
+  {{if .skip}}
+  ## Use TLS but skip chain & host verification
+  insecure_skip_verify = true
+  {{end}}
+  {{if .tls_client}}
+  ## define client-side TLS certificate & key to authenticate to the device
+  tls_cert = "/var/cert/client.crt"
+  tls_key = "/var/cert/client.key"
+  {{end}}
+  {{end}}
+
+  encoding = "proto"
+  redial = "10s"
+  long_tag = true
+  check_jnpr_extension = true
+
+  [inputs.gnmi.aliases]
+    DDOS = ["/ddos-stats/group"]
+
+  [[inputs.gnmi.subscription]]
+      name = "DDOS"
+      path = "/junos/system/linecard/ddos"
+      subscription_mode = "sample"
+      sample_interval = "60s"
+
+###############################################################################
+#                            PROCESSOR PLUGINS                                #
+###############################################################################
+
+[[processors.rename]]
+  order = 4
+  namepass=["DDOS"]
+
+    [[processors.rename.replace]]
+      tag="/components/component/@name"
+      dest="component_name"
+
+    [[processors.rename.replace]]
+      tag="/components/component/name"
+      dest="component_name"
+
+    [[processors.rename.replace]]
+      tag="source"
+      dest="device"
+
+    [[processors.rename.replace]]
+      tag="/ddos-stats/group/group_name"
+      dest="protocol"
+
+    [[processors.rename.replace]]
+      tag="/ddos-stats/group/protocol-stats/protocol/protocol_name"
+      dest="sub_protocol"
+
+    [[processors.rename.replace]]
+      tag="/ddos-stats/group/protocol-stats/protocol/locale-stats/locale/location"
+      dest="location"
+
+    [[processors.rename.replace]]
+      field="protocol_stats/protocol/locale_stats/locale/dropped_aggregate_policer"
+      dest="ddos_drop"
+
+    [[processors.rename.replace]]
+      field="protocol_stats/protocol/locale_stats/locale/arrival_rate"
+      dest="ddos_received_rate"
+
+    [[processors.rename.replace]]
+      field="protocol_stats/protocol/locale_stats/locale/violation/policer_violation_count"
+      dest="ddos_viol_count"
+
+    [[processors.rename.replace]]
+      field="protocol_stats/protocol/locale_stats/locale/violation/policer_state"
+      dest="ddos_state"
+
+[[processors.strings]]
+   order = 10
+   namepass=["DDOS"]
+  [[processors.strings.lowercase]]
+    tag = "location"
+  [[processors.strings.lowercase]]
+    tag = "protocol"
+  [[processors.strings.lowercase]]
+    tag = "sub_protocol"
+
+
+[[processors.enrichment]]
+   order = 10
+   namepass=["DDOS"]
+   enrichfilepath = "/var/metadata/metadata_mx.json"
+   twolevels = false
+   refreshperiod = 1 
+   level1tagkey = "device"
+
+[[processors.rate]]
+  order =11
+  namepass=["DDOS"]
+  period = "10m"
+  suffix = "_rate"
+  factor = 1.0
+  retention = "1h"
+  delta_min = "10s"
+  fields = ["ddos_drop"]
+
+###############################################################################
+#                            OUTPUT PLUGINS                                   #
+###############################################################################
+
+[[outputs.influxdb]]
+  database="jtsdb"
+  urls = ["http://influxdb:8086"]
+  retention_policy = "autogen"
+  fieldpass=[
+        "ddos_received_rate",
+        "ddos_drop_rate",
+        "ddos_viol_count",
+        "ddos_state",
+  ]