On this page you will learn about options to set custom per host thresholds for specific IPv4 or IPv6 prefixes in your networks.

By default, FastNetMon uses same thresholds for all hosts in your network. They’re configured using special hostgroup with name “global”. It’s special in a way that it includes all networks added into networks_list and you do not need to add any networks for it.

All recommendations (excluding requirement to add any hosts in networks list) on this page can be applied to “global” hostgroup.

It may be possible to use same thresholds for all hosts but in a many cases you will need to have multiple levels for different groups of hosts.

Most common cases are:

  • Business customers
  • Caches from content providers
  • NAT pools

FastNetMon allows you to creates almost unlimited number of so called hostgroups and set custom threshold values for each of them.

We do not recommend using very large number of them as it will make maintenance and configuration more complicated. We recommend keeping around 5-7 hostgroups to reflect most popular traffic generation profiles.

To create custom hostgroup you can use following command:

sudo fcli set hostgroup my_new_group

Then you need to set type for it, to reflect fact that it will apply on per-host basis only:

sudo fcli set hostgroup my_new_group calculation_method per_host

As next step you can add any number of IPv4 or IPv6 prefixes for hostgroups:

sudo fcli set hostgroup my_new_group networks 11.22.33.44/24
sudo fcli set hostgroup my_new_group networks 10.10.10.0/24
sudo fcli set hostgroup my_new_group networks beef::1/64

On this step please ensure that all these networks were added into networks_list as documented in quick start guide.

To remove some network you can use this command:

sudo fcli delete hostgroup my_new_group networks 11.22.33.44/24

After that you need to set required thresholds for incoming traffic from all available threshold types:

sudo fcli set hostgroup my_new_group ban_for_bandwidth enable
sudo fcli set hostgroup my_new_group threshold_mbps 200

To enable any attack actions (incoming or outgoing) you need to enable ban for this hostgroup globally:

sudo fcli set hostgroup my_new_group enable_ban enable

As next step you can enable incoming attack alerts for this hostgroup:

sudo fcli set hostgroup my_new_group enable_ban_incoming enable
sudo fcli commit

FastNetMon can detect outgoing attacks too and you can set outgoing thresholds separately this way:

sudo fcli set hostgroup my_new_group ban_for_bandwidth_outgoing enable
sudo fcli set hostgroup my_new_group threshold_mbps_outgoing 200
sudo fcli commit

And then enable attack detection in outgoing direction:

sudo fcli set hostgroup my_new_group enable_ban_outgoing enable
sudo fcli commit

To debug hostgroup logic we have command which returns hostgroup name for each specified IP address:

sudo fcli show ip_hostgroup 1.2.3.4

24/7 Tech Support

support@fastnetmon.com

Email Us

sales@fastnetmon.com