In addition to capability which calculates bandwidth and packet rate of specific type of packets FastNetMon Advanced provides very special counter which counts bandwidth and packet rate for discarded packets.
The main application of this logic to understand amount of traffic filtered by BGP Flow Spec when FastNetMon works in BGP Flow Spec mitigation mode.
We export these counters via CLI and API from endpoint:
sudo fcli show single_host_counters 10.1.2.3 sudo fcli show single_host_counters_v6 beef::1
Example output:
dropped_in_bytes 1000 dropped_in_packets 720000 dropped_out_bytes 0 dropped_out_packets 0
In addition we export this counter to both InfluxDB and Clickhouse.
We support capability to track discarded or dropped traffic for following protocols:
- sFlow v5
- Netflow v9
- IPFIX
Unfortunately, this capability is very vendor specific and your vendor may not implement it at all or may implement it some non RFC compliant way.
For Juniper MX routers you need to enable special flags on router side which was added in JunOS OS 15.1F7 and still in use. We did review for JunOS 22.2R3 and this option is still available.
Example configuration change:
inline-services {
report-zero-oif-gw-on-discard;
}
After that you need to enable special logic to handle it on FastNetMon side:
sudo fcli set main netflow_mark_zero_next_hop_and_zero_output_as_dropped true sudo fcli commit
We require this flag because this approach does not use standardized IPFIX / Netflow v9 element forwardingStatus, elementID 89.
We did review of IPFIX elements exported by JunOS 21.4R3-S2.3 and forwardingStatus field is still missing.
We can confirm that Cisco ASR 9000 and Nokia SR routers use RFC compliant field to report this information and FastNetMon can decode it.
Unfortunately, forwardingStatus field does not provide options to distinguish traffic discarded by ACL and traffic discarded by BGP Flow Spec as it has only few options documented in RFC7270:
- 00b Unknown
- 01b Forwarded
- 10b Dropped
- 11b Consumed
As consequence we cannot distinguish them and provide metric which includes both of them