Scribd
Upload
4 views2 pages

A10 Setup Information

The document provides setup instructions for configuring an A10 TPS to work with Kentik, including steps for creating zones, templates, and an admin user with aXAPI access. It outlines the necessary configurations for the mitigation platform and method, emphasizing the importance of using the correct naming conventions and settings. Additionally, it mentions that self-signed certificates are acceptable for security purposes.

Uploaded by

Aluizio Augusto
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
4 views2 pages

A10 Setup Information

The document provides setup instructions for configuring an A10 TPS to work with Kentik, including steps for creating zones, templates, and an admin user with aXAPI access. It outlines the necessary configurations for the mitigation platform and method, emphasizing the importance of using the correct naming conventions and settings. Additionally, it mentions that self-signed certificates are acceptable for security purposes.

Uploaded by

Aluizio Augusto
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Customer Success › Support › Mitigation Support

A10 TPS Setup Information


Note: There isn't any way for us to verify this without messing around with an actual A10. A10
themselves typically help with user setup. Ask the customer to reach out to A10 - then go
from there.

This is from a PPT file presenting information on how to setup an A10 TPS correctly to work with
Kentik.

Outline:
1. Configure in Symmetric Proactive Mode
2. Create a zone with name startingwith KP-
3. Create all the necessary templates and bind to the zone
4. Create an admin user with aXAPIaccess
5. Kentik Setup Device
1. Platform
2. Method

Configure Zones and Mode:


Plain Text

system ddos-attack log !vlan 2004 untagged ethernet 1 router-interface ve 2004 name ToRTR1 !hostname
kentik-tps1 !timezone America/New_York !ntp server 10.22.0.51 !interface management ip address dhcp !interface
ethernet 1 enable !interface ethernet 2 !interface ethernet 3 !interface ve 2004 ip address 10.20.4.2 255.255.255.0
ddos outside ddos inside !!ddos zone-template icmp-v4 ICMP_v4_Basic type 0 dst rate 100 type 5
action-list Drop !ddos zone-template dns DNS_UDP_Intermediate any-check action-list Drop
dns-udp-authentication retry timeout 5 dns-udp-authentication retry min-delay 3 dst rate-limit request type A 50000
dst rate-limit request action-list Drop malformed-query-check extended-header-check action-list Drop !ddos dst
zone KP-Example_Zone description ”Kentik Example Config" operational-mode monitor log enable periodic
ip-proto icmp-v4 drop-frag-pkt max-dynamic-entry-count 10000 apply-policy-on-overflow detection-enable
level 0 zone-escalation-score 10 src-escalation-score 10 indicator pkt-rate score 20
src-threshold 100 zone-threshold 8000 level 1 zone-template icmp-v4 ICMP_v4_Basic indicator
pkt-rate src-threshold 100 src-violation-actions Blacklist_Source dynamic-entry-overflow-policy
configuration ip-proto icmp-v6 deny port 53 dns-udp detection-enable level 0 zone-escalation-score 10
src-escalation-score 10 indicator pkt-drop-ratio score 20 zone-threshold 0.8 indicator
pkt-rate score 20 src-threshold 5000 zone-threshold 500000 level 1 src-escalation-score 10
zone-template dns DNS_UDP_Intermediate indicator pkt-rate score 20 src-threshold
5000

Setup TPS Admin User


1. Must create a TPS administrator that Kentik will use to access TPS
2. Administrator must have write privileges through the aXAPI

Kentik Setup - Mitigation Platform (Device)


1. Create a mitigation Platform Admin > Alerting > Platforms.
2. Provide a name for this A10 Platform and select 'A10' as the device type.
3. Enter the IP URL (Port can be included) for the aXAPI interface of the TPS
4. Provide the API login and password that we just created for Kentik to use with the TPS

Kentik Setup Method - Mitigation Method (A10 Parameters)


1. Enter a name
2. Set the grace period to 5 mins
3. Select ‘A10 TPS’ as the platform
4. Make the A10 Mode ‘Dynamic Configuration’
5. Type in the Zone Name that was created earlier, omitting the ‘KP-’ prefix
6. Click ‘Submit’ to finish
7. Next to the Mitigation Platform you created, click ‘Link mitigation method’ and select the
method you just created

Certificate / Security Considerations:


● Self-Signed Certs are acceptable to Kentik for both A10 and Radware platforms

See also:
1. M itigation Platform Commands
2. Mitigation Options
3. Troubleshooting Mitigations

Users who viewed this Card also viewed:

● Sample A10 Configuration

You might also like