NeMo DDoS software

Helping NRENs with DDoS and network anomaly detection

The NeMo-DDoS software is a powerful tool for Netflow-based DDoS and traffic anomaly detection & analysis. It was originally developed to address NREN-specific network analysis needs and has been enhanced ever since. The software can be obtained and installed locally by GÉANT-associated NRENs to enhance backbone traffic visibility and enable DDoS workflows.

NeMo’s key features are:

  • Royality-free Open Source Software without any volume-based license-fees
  • High-performance Netflow analysis, able to handle NREN traffic patterns and to model complex backbone architectures
  • Low software requirements: NeMo can run under most current Linux systems, either in containers, or native.
  • sensitive data will stay local, no need for external data processing.

NeMo is able to handle several Netflow-based formats including Netflow v5/v9 and IPFIX). Perspectively, NeMo also can be used for DDoS mitigation depending on the local router environment. This is powered by standards-based flowspec technology as specified in RFC 5575 as well as offramping to additional Linux-based VMs.

The NeMo-software has been originally developed for use within the DFN-network only, and has been generalized and translated beginning with the GN-4-3 GÉANT project phase. It now can be obtained from GÉANT’s gitlab upon request to the project task, which will also assist with installation and configuration support.

For information about deploying NeMo in your own network, please email nemo@lists.geant.org

NeMo within GÉANT itself

Currently, work is ongoing to place a NeMo installation within the GÉANT network itself, supplementing the DDoS Mitigation services currently available. Upon finalization, NRENs will be able to gain access to a login which will enable NREN personnel to analyze their traffic within GÉANT, including the effects of any active Firewall on Demand rules which they might have put into place.

Registration details for this service will be published here upon completion.

Skip to content