15.02.2018

FastNetMon Advanced IPv6 support

FastNetMon Advanced has support for IPv6 protocol. You need to install FastNetMon 2.0.175 version to use features mentioned in this guide.

Current IPv6 support limitations:

  • BGP option gobgp_announce_whole_subnet_ipv6 is not implemented yet, it can announce only host (/128)
  • IPv6 attack detection works only in “blackhole mode”. When FastNetMon blocks host completely. It does not support selective BGP Flow Spec based filtering.
  • IPv6 mode does not use host groups. It uses thresholds only from global host group (we’ve added this option in 2.0.177 and you can do it)

By default, FastNetMon does not work with IPv6 traffic. You need to enable this feature explicitly:

sudo fcli set main process_ipv6_traffic enable
sudo fcli commit

If you use Netflow v9 or IPFIX, please enable IPv6 for it explicitly (it’s not required after 2.0.175):

sudo fcli set main netflow_ipv6 enable
sudo fcli commit

You also need to add all your IPv6 network for monitoring:

sudo fcli set main networks_list 0000::1/128
sudo fcli commit

Please enable IPv6 traffic metrics on network equipment side. You can use following commands to check amount of IPv6 traffic captured by FastNetMon:

sudo fcli show total_traffic_counters_v6 
sudo fcli show network_counters_v6 
sudo fcli show host_counters_v6
sudo fcli show system_counters | grep total_ipv6_packets

Also, we added support for IPv6 in fastnetmon_client tool:

sudo fastnetmon_client -ipv6

To enable ban actions for IPv6 traffic, please execute following:

sudo fcli set main enable_ban_ipv6 enable
sudo fcli commit

You can check blocked hosts using same approach as for IPv4:

sudo fcli show blackhole

To read more about IPv6 specific options for BGP, please check this page.