In addition to option to announce /32 or /128 hosts which are under attack FastNetMon can announce whole networks where attacked host is located. It may be useful for DDoS scrubbing centre diversion or internal network policy changes (i.e. to move prefix under attack to in-house scrubbing or move it to another ISP).

We made multiple changes for BGP announces logic in subnet mode. Please ensure that you run at least 2.0.363 before starting with this guide.

First of all, you need to have BGP session up and running as documented here.

To enable prefix announces you can use following option for IPv4:

sudo fcli set main gobgp_announce_whole_subnet true

And following for IPv6:

sudo fcli set main gobgp_announce_whole_subnet_ipv6 true

Then you need to set list of one or more communities for each case. For IPv4:

sudo fcli set main gobgp_communities_subnet_ipv4 65004:445
sudo fcli set main gobgp_communities_subnet_ipv4 65004:447

For IPv6:

sudo fcli set main gobgp_communities_subnet_ipv6 65004:445
sudo fcli set main gobgp_communities_subnet_ipv6 65004:447

By default, FastNetMon will use exactly same prefix length as specified in networks_list. I.e. if you’ve specified prefix as /21 and then host from this network as attacked then it will be announced as /21.

We have an option to control scope of such announces and you can easily set it to required boundary like /24 (external DDoS Scrubbing case):

sudo fcli set main gobgp_announce_whole_subnet_force_custom_prefix_length true 
sudo fcli set main gobgp_announce_whole_subnet_custom_prefix_length 24

For IPv6 it will look this way:

sudo fcli set main gobgp_announce_whole_subnet_force_custom_ipv6_prefix_length true
sudo fcli set main gobgp_announce_whole_subnet_custom_ipv6_prefix_length 48

Then specify next hop only for subnet announces:

sudo fcli set main gobgp_next_hop_subnet_ipv4 1.2.3.4
sudo fcli set main gobgp_next_hop_subnet_ipv6 dead::beef
sudo fcli commit

As alternative option FastNetMon has capability to announce list of networks when their total traffic exceeds defined threshold value using BGP alerts for total hostgroups.

Starting from 2.0.363 you can assign custom BGP Communities for each hostgroup this way:

sudo fcli set hostgroup aaa bgp_communities_subnet_ipv4 65001:772
sudo fcli commit

Starting from 2.0.364 you can specify custom next hop for announces for each hostgroup:

sudo fcli set hostgroup aaa bgp_next_hops_subnet_ipv4 1.2.3.4
sudo fcli commit

Starting from 2.0.367 you can specify custom AS_PATH this way:

sudo fcli set main gobgp_as_path_subnet_ipv4 12345
sudo fcli set main gobgp_as_path_subnet_ipv4 56789
sudo fcli commit

Alternatively you can provide custom AS_PATH for each hostgroup:

sudo fcli set hostgroup global bgp_as_path_subnet_ipv4 12345
sudo fcli set hostgroup global bgp_as_path_subnet_ipv4 56789
sudo fcli commit

24/7 Tech Support

support@fastnetmon.com

Email Us

sales@fastnetmon.com