In addition to the capability which calculates bandwidth and packet rate of specific types of packets, FastNetMon Advanced provides a very special counter which counts bandwidth and packet rate for discarded packets.
The main application of this logic is to understand the amount of traffic filtered by BGP Flow Spec when FastNetMon works in BGP Flow Spec mitigation mode.
We export these counters via CLI and API from the endpoint:
sudo fcli show single_host_counters 10.1.2.3 sudo fcli show single_host_counters_v6 beef::1
Example output:
dropped_in_bytes 1000 dropped_in_packets 720000 dropped_out_bytes 0 dropped_out_packets 0
In addition, we export this counter to both InfluxDB and Clickhouse.
We support the capability to track discarded or dropped traffic for the following protocols:
- sFlow v5
- Netflow v9
- IPFIX
Unfortunately, this capability is very vendor-specific and your vendor may not implement it at all or may implement it in a non-RFC-compliant way.
For Juniper MX routers, you need to enable special flags on the router side, which were added in JunOS OS 15.1F7 and are still in use. We did a review for JunOS 22.2R3, and this option is still available.
Example configuration change:
inline-services {
report-zero-oif-gw-on-discard;
}
After that, you need to enable special logic to handle it on FastNetMon side:
sudo fcli set main netflow_mark_zero_next_hop_and_zero_output_as_dropped true sudo fcli commit
We require this flag because this approach does not use standardised IPFIX / Netflow v9 element forwardingStatus, elementID 89.
We did a review of IPFIX elements exported by JunOS 21.4R3-S2.3, and the forwardingStatus field is still missing.
We can confirm that Cisco ASR 9000 and Nokia SR routers use RFC RFC-compliant field to report this information, and FastNetMon can decode it.
Unfortunately, forwardingStatus field does not provide options to distinguish traffic discarded by ACL and traffic discarded by BGP Flow Spec, as it has only a few options documented in RFC7270:
- 00b Unknown
- 01b Forwarded
- 10b Dropped
- 11b Consumed
As a consequence, we cannot distinguish them and provide a metric which includes both of them