You can use FastNetMon Advanced with the VyOS routing platform. It is an open source platform, and you can buy support directly from developers. In this guide, we will provide detailed instructions about this process. All these instructions were tested with VyOS 1.4.x dev.
VyOS has two implementations of sFlow protocol agent. One is legacy available from set system flow-accounting sflow, and it does not work well with FastNetMon, and requires manual installation of third party sFlow agent.
The newer one is based on hsflowd, and is available as set system sflow, and it works well for this purpose.
VyOS offers Netflow and sFlow support in same time. sFlow offers faster detection and lower CPU usage, which makes it more suitable for DDoS detection.
As the first step, log in to VyOS over SSH using the default login and password: vyos/vyos and then switch to configuration mode:
conf
Configure sFlow export (please replace 192.168.1.134 with the address of the server with FastNetMon installed):
set system sflow agent-address 'your-router-ip' set system sflow sampling-rate '100' set system sflow polling '30' set system sflow server 192.168.1.134 port '6343'
After this, select interfaces to enable sFlow export. We recommend exporting traffic from upstream ports:
set system sflow interface 'ethX' set system sflow interface 'ethY'
We set the sampling rate to 100 for testing. For ports with at least 1G of bandwidth, I recommend increasing this value to 1024; for 10G, you can use 2048.
After this, apply changes:
save commit