Helping NRENs with DDoS and network anomaly detection
The NeMo-DDoS software is a powerful tool for Netflow-based DDoS and traffic anomaly detection and analysis. It was originally developed to address NREN-specific network analysis needs and has been enhanced ever since. The software can be obtained and installed locally by GÉANT-associated NRENs to enhance backbone traffic visibility and enable DDoS workflows.
NeMo’s key features are:
- Royality-free Open Source Software without any volume-based license-fees.
- High-performance Netflow analysis, capable to handle NREN traffic patterns and to model complex backbone architectures.
- Low software requirements: NeMo can run under most current Linux systems, either in containers or native.
- Sensitive data will stay local, no need for external data processing.
NeMo is able to handle several Netflow-based formats including Netflow v5/v9 and IPFIX). Perspectively, NeMo also can be used for DDoS mitigation depending on the local router environment. This is powered by standards-based flowspec technology as specified in RFC 5575 as well as offramping to additional Linux-based VMs.
The NeMo-software has been originally developed for use within the DFN-network only, and has been generalised and translated starting with the GN-4-3 GÉANT project phase. It now can be obtained from GÉANT’s gitlab upon request to the project task, which will also assist with installation and configuration support.
For information about deploying NeMo in your own network, please email nemo@lists.geant.org
NeMo and the GÉANT network
Currently, work is ongoing to place a NeMo installation within the GÉANT network itself, supplementing the DDoS Mitigation services currently available. Upon completion, NRENs will be able to gain access to a login which will enable their personnel to analyse their traffic within GÉANT, including the effects of any active Firewall on Demand rules which they might have put into place.
Registration details for this service will be published on this page upon completion.