In addition to option to announce /32 or /128 hosts which are under attack FastNetMon can announce whole networks where attacked host is located. It may be useful for DDoS scrubbing centre diversion or internal network policy changes (i.e. to move prefix under attack to in-house scrubbing or move it to another ISP).
We made multiple changes for BGP announces logic in subnet mode. Please ensure that you run at least 2.0.363 before starting with this guide.
First of all, you need to have BGP session up and running as documented here.
To enable prefix announces you can use following option for IPv4:
sudo fcli set main gobgp_announce_whole_subnet true
And following for IPv6:
sudo fcli set main gobgp_announce_whole_subnet_ipv6 true
Then you need to set list of one or more communities for each case. For IPv4:
sudo fcli set main gobgp_communities_subnet_ipv4 65004:445 sudo fcli set main gobgp_communities_subnet_ipv4 65004:447
For IPv6:
sudo fcli set main gobgp_communities_subnet_ipv6 65004:445 sudo fcli set main gobgp_communities_subnet_ipv6 65004:447
By default, FastNetMon will use exactly same prefix length as specified in networks_list. I.e. if you’ve specified prefix as /21 and then host from this network as attacked then it will be announced as /21.
We have an option to control scope of such announces and you can easily set it to required boundary like /24 (external DDoS Scrubbing case):
sudo fcli set main gobgp_announce_whole_subnet_force_custom_prefix_length true sudo fcli set main gobgp_announce_whole_subnet_custom_prefix_length 24
For IPv6 it will look this way:
sudo fcli set main gobgp_announce_whole_subnet_force_custom_ipv6_prefix_length true sudo fcli set main gobgp_announce_whole_subnet_custom_ipv6_prefix_length 48
Then specify next hop only for subnet announces:
sudo fcli set main gobgp_next_hop_subnet_ipv4 1.2.3.4 sudo fcli set main gobgp_next_hop_subnet_ipv6 dead::beef sudo fcli commit
As alternative option FastNetMon has capability to announce list of networks when their total traffic exceeds defined threshold value using BGP alerts for total hostgroups.
Starting from 2.0.363 you can assign custom BGP Communities for each hostgroup this way:
sudo fcli set hostgroup aaa bgp_communities_subnet_ipv4 65001:772 sudo fcli commit
Starting from 2.0.364 you can specify custom next hop for announces for each hostgroup:
sudo fcli set hostgroup aaa bgp_next_hops_subnet_ipv4 1.2.3.4 sudo fcli commit