On this page you will learn about options to set custom per host thresholds for specific IPv4 or IPv6 prefixes in your networks.
By default, FastNetMon uses same thresholds for all hosts in your network. They’re configured using special hostgroup with name “global”. It’s special in a way that it includes all networks added into networks_list and you do not need to add any networks for it.
All recommendations (excluding requirement to add any hosts in networks list) on this page can be applied to “global” hostgroup.
It may be possible to use same thresholds for all hosts but in a many cases you will need to have multiple levels for different groups of hosts.
Most common cases are:
- Business customers
- Caches from content providers
- NAT pools
FastNetMon allows you to creates almost unlimited number of so called hostgroups and set custom threshold values for each of them.
We do not recommend using very large number of them as it will make maintenance and configuration more complicated. We recommend keeping around 5-7 hostgroups to reflect most popular traffic generation profiles.
To create custom hostgroup you can use following command:
sudo fcli set hostgroup my_new_group
Then you need to set type for it, to reflect fact that it will apply on per-host basis only:
sudo fcli set hostgroup my_new_group calculation_method per_host
As next step you can add any number of IPv4 or IPv6 prefixes for hostgroups:
sudo fcli set hostgroup my_new_group networks 220.127.116.11/24 sudo fcli set hostgroup my_new_group networks 10.10.10.0/24 sudo fcli set hostgroup my_new_group networks beef::1/64
On this step please ensure that all these networks were added into networks_list as documented in quick start guide.
To remove some network you can use this command:
sudo fcli delete hostgroup my_new_group networks 18.104.22.168/24
After that you need to set required thresholds for incoming traffic from all available threshold types:
sudo fcli set hostgroup my_new_group ban_for_bandwidth enable sudo fcli set hostgroup my_new_group threshold_mbps 200
To enable any attack actions (incoming or outgoing) you need to enable ban for this hostgroup globally:
sudo fcli set hostgroup my_new_group enable_ban enable
As next step you can enable incoming attack alerts for this hostgroup:
sudo fcli set hostgroup my_new_group enable_ban_incoming enable sudo fcli commit
FastNetMon can detect outgoing attacks too and you can set outgoing thresholds separately this way:
sudo fcli set hostgroup my_new_group ban_for_bandwidth_outgoing enable sudo fcli set hostgroup my_new_group threshold_mbps_outgoing 200 sudo fcli commit
And then enable attack detection in outgoing direction:
sudo fcli set hostgroup my_new_group enable_ban_outgoing enable sudo fcli commit
To debug hostgroup logic we have command which returns hostgroup name for each specified IP address:
sudo fcli show ip_hostgroup 22.214.171.124