Relying on RARE for DDoS Attack Protection

(Timezone - Europe/Berlin)

Relying on RARE for DDoS Attack Protection - Demonstrating RARE Integration with GÉANT DDoS Attack Protection Services (FoD and NeMo Use Cases)

Firewall-On-Demand (FoD) is a  DDoS mitigation software developed and well-established as a service in GÉANT to enable the NREN NoC admins as users of the service to mitigate DDoS attacks through the GÉANT core towards their connected networks by FlowSpec rules controlled on their own without need to contact the GÉANT NoC.

The NeMo-DDoS software is a powerful tool for Netflow-based DDoS and traffic anomaly detection and analysis. It was originally developed to address NREN-specific network analysis needs and has been enhanced ever since. The software can be obtained and installed locally by GÉANT-associated NRENs to enhance backbone traffic visibility and enable DDoS workflows.

This infoshare will present the efforts of the RARE team on integrating FreeRtr with well-established GÉANT services used for the detection and mitigation of DDoS attacks, i.e. Firewall on Demand (FoD) and NeMo. Specifically, the challenges of integrating these services with FreeRtr will be discussed and brief demonstrations of the whole DDoS protection process will be made.

For more information contact

This event was recorded and is available at


  • benjamin lajoie
  • Bertrand LEMAITRE
  • Carolina Fernández
  • Florian LE TOUMELIN
  • Jarosław Wieczorek
  • Julien VALIENTE
  • Karol Beyrowski
  • Loris PROUTEAU
  • Ludovic AUXEPAULES
  • Mingyuan Zang
  • Miroslav Goldgamer
  • Pavle Vuletić
  • Petri Schroderus
  • Zenon Mousmoulas
  • +37
    • 2:00 PM 2:05 PM
    • 2:05 PM 2:30 PM
      David Schmitz: Automated Demonstration of DDoS Mitigation with FoD and Freertr using Docker Compose or Containerlab

      After a short introduction of FoD in general, an automated demo-ing of DDoS mitigation with BGP FlowSpec using Firewall-On-Demand (FoD) in a virtual network environment created by freeRTR is presented.
      The virtual network is comprising an attacker host and a victim host which are interconnected with a BGP FlowSpec-capable freeRTR router BGP peering with FoD.
      Two execution alternatives for the same automated FoD mitigation demo are demonstrated, one based on Docker Compose and one based on Containerlab (

    • 2:30 PM 2:55 PM
      Nikos Kostopoulos: Walkthrough of NeMo Integration with RARE for DDoS Attack Detection and Mitigation

      We will present our efforts on integrating FreeRtr with DFN NeMo for the detection and mitigation of DDoS attacks. The presentation will briefly discuss basic concepts of NeMo, describe the components of our protection mechanism and explain the most important steps of the FreeRtr integration with NeMo. Our presentation will conclude with a demonstration of the protection system.

    • 2:55 PM 3:15 PM