This guide covers FastNetMon’s ability to run BGP announces when total amount of traffic for group of hosts or networks exceeds specified threshold. This capability is called total hostgroups and well covered in this guide.
To use this guide you will need to have attack detection enabled for total hostgroups using this guide.
Please ensure that you have BGP session established using this guide.
To enable this logic you will need to set this flag:
sudo fcli set main gobgp_announce_hostgroup_networks true sudo fcli commit
As each total hostgroup may include both IPv4 and IPv6 prefixes in same time we offer separate flags to enable announce for each of them:
sudo fcli set main gobgp_announce_hostgroup_networks_ipv4 true sudo fcli set main gobgp_announce_hostgroup_networks_ipv6 true sudo fcli commit
After making these changes FastNetMon will announce all IPv4 and IPv6 prefixes listed for hostgroup via BGP.
Then you can add list of one of more communities required for each IPv4 or IPv6 announce:
sudo fcli set main gobgp_communities_hostgroup_networks_ipv4 65001:771 sudo fcli set main gobgp_communities_hostgroup_networks_ipv4 65001:772 sudo fcli set main gobgp_communities_hostgroup_networks_ipv6 65001:773 sudo fcli set main gobgp_communities_hostgroup_networks_ipv6 65001:774 sudo fcli commit
And then you can set different next hop addresses in each case:
sudo fcli set main gobgp_next_hop_hostgroup_networks_ipv4 0.0.0.0 sudo fcli set main gobgp_next_hop_hostgroup_networks_ipv6 100::1 sudo fcli commit
After that I can recommend testing this logic and confirming that all announces will propagate correctly via BGP. You can block some example hostrgroup this way:
sudo fcli set hostgroup_block example
Then check that it was blocked successfully:
sudo fcli show hostgroup_block
Then check active BGP announces on FastNetMon’s BGP daemon:
gobgp global rib -a ipv4 gobgp global rib -a ipv6
And unblock hostgroup:
sudo fcli delete hostgroup_block <uuid>
After that, check that announces disappeared:
gobgp global rib -a ipv4 gobgp global rib -a ipv6
If you have flag unban_total_hostgroup_enabled then FastNetMon will remove such BGP announces automatically for you.