3.10 Threat Mitigation

The Threat Mitigation feature can be specifically used to better understand and automatically mitigate the effects of the Distributed Denial of Service (DDoS) attacks. The feature uses standard telemetry and control (NetFlow/sFlow and BGP) capabilities of routers to automatically block disruptive volumetric denial of service attacks. The solution leverages standard features of modern routing hardware to scale easily to large high-traffic networks. It employs a set of threshold-based user-defined rules for potential attack detection as well as the use of FlowSpec and Blackholing mechanisms to mitigate the detected attack.