diff --git a/ansible/install_config/group_vars/rpm_version.yml b/ansible/install_config/group_vars/rpm_version.yml
index ed32e24a..094b9a4e 100644
--- a/ansible/install_config/group_vars/rpm_version.yml
+++ b/ansible/install_config/group_vars/rpm_version.yml
@@ -25,6 +25,7 @@ firewall_rpm_version:
   gtp: gtp-1.0.5.afa055c
   gtp_signaling_plug: gtp_signaling_plug-1.0.2.2dfced5
   deal_socks: deal_socks-1.0.2.379a897
+  tsg_flow_record: tsg_flow_record-1.0.2.27c1c56
 
 framework_rpm_version:
   libcjson: libcjson-1.7.10.ab2896f
@@ -41,6 +42,7 @@ framework_rpm_version:
   libWiredLB: libWiredLB-2.0.5.4629165
   libbreakpad_mini: libbreakpad_mini-1.0.4.12fee8c
   libhos-client-cpp: libhos-client-cpp-2.0.4.d775b9d
+  libMV_Sketch: libMV_Sketch-1.0.4.20210806.ca0cfa0
 
 kni_rpm_version:
   kni: kni-21.07.03.7431a68
diff --git a/ansible/roles/firewall/templates/main.conf.j2.j2 b/ansible/roles/firewall/templates/main.conf.j2.j2
index dd8b29c8..3f1bc776 100644
--- a/ansible/roles/firewall/templates/main.conf.j2.j2
+++ b/ansible/roles/firewall/templates/main.conf.j2.j2
@@ -111,6 +111,14 @@ nb_workers=60000
 classification_cache_enable=2
 basic_dpi_enable=1
 
+[TSG_FLOW_RECORD]
+debug_swtich=30
+mv_depth=4
+mv_width=1366
+timestemp=5
+thresh=0.008
+threshold=1000
+
 {% if PROFILE_ID == '9000-NPB-P01R01' %}
 [TRAFFIC_MIRROR]
 TRAFFIC_MIRROR_ENABLE=1
diff --git a/ansible/roles/sapp/templates/conflist.inf.j2.j2.7400MCN0P01R01 b/ansible/roles/sapp/templates/conflist.inf.j2.j2.7400MCN0P01R01
index 0a9cc899..6c1ac7ab 100644
--- a/ansible/roles/sapp/templates/conflist.inf.j2.j2.7400MCN0P01R01
+++ b/ansible/roles/sapp/templates/conflist.inf.j2.j2.7400MCN0P01R01
@@ -10,6 +10,9 @@
 {% if app.identify_by.builtin_app_engine == 1 %}
 ./plug/platform/app_proto_engine/app_proto_engine.inf
 {% endif %}
+{% if ddossketch.enable == 1 %}
+./plug/platform/tsg_flow_record/tsg_flow_record.inf
+{% endif %}
 {% endraw %}
 
 [protocol]
diff --git a/ansible/roles/sapp/templates/conflist.inf.j2.j2.9000NPBP01R01 b/ansible/roles/sapp/templates/conflist.inf.j2.j2.9000NPBP01R01
index fdcf77e6..5f1f49d6 100644
--- a/ansible/roles/sapp/templates/conflist.inf.j2.j2.9000NPBP01R01
+++ b/ansible/roles/sapp/templates/conflist.inf.j2.j2.9000NPBP01R01
@@ -6,6 +6,9 @@
 {% if app.identify_by.builtin_app_engine == 1 %}
 ./plug/platform/app_proto_engine/app_proto_engine.inf
 {% endif %}
+{% if ddossketch.enable == 1 %}
+./plug/platform/tsg_flow_record/tsg_flow_record.inf
+{% endif %}
 {% endraw %}
 
 [protocol]
diff --git a/ansible/roles/sapp/templates/necessary_plug_list.conf.j2 b/ansible/roles/sapp/templates/necessary_plug_list.conf.j2
index c003d024..67afa543 100644
--- a/ansible/roles/sapp/templates/necessary_plug_list.conf.j2
+++ b/ansible/roles/sapp/templates/necessary_plug_list.conf.j2
@@ -31,4 +31,5 @@
 ./plug/protocol/gtp/gtp.inf
 ./plug/business/gtp_signaling_plug/gtp_signaling_plug.inf
 ./plug/platform/app_proto_engine/app_proto_engine.inf
-./plug/business/http_healthcheck/http_healthcheck.inf
\ No newline at end of file
+./plug/business/http_healthcheck/http_healthcheck.inf
+./plug/platform/tsg_flow_record/tsg_flow_record.inf
\ No newline at end of file
diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01 b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01
index 7f201a45..b24931f9 100644
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.7400MCN0P01R01
@@ -91,6 +91,9 @@ capturepacket:
 wannat:
   enable: 0/1
 
+ddossketch:
+  enable: 0/1
+
 app:
   identify_by:
     user_defined_signature: 0/1
diff --git a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01 b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01
index 287a44f8..dca10f07 100644
--- a/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01
+++ b/ansible/roles/tsg-os-provision/files/config_sample/provision.yml.sample.9000NPBP01R01
@@ -47,6 +47,9 @@ connsketch:
 capturepacket:
   enable: 0/1
 
+ddossketch:
+  enable: 0/1
+
 app:
   identify_by:
     user_defined_signature: 0/1