In addition to option to announce /32 or /128 hosts which are under attack FastNetMon can announce whole networks where attacked host is located. It may be useful for DDoS scrubbing centre diversion or internal network policy changes (i.e. to move prefix under attack to in-house scrubbing or move it to another ISP).

First of all, you need to have BGP session up and running as documented here.

To enable prefix announces you can use following option for IPv4:

sudo fcli set main gobgp_announce_whole_subnet true

And following for IPv6:

sudo fcli set main gobgp_announce_whole_subnet_ipv6 true

Then you need to set list of one or more communities for each case. For IPv4:

sudo fcli set main gobgp_communities_subnet_ipv4 65004:445
sudo fcli set main gobgp_communities_subnet_ipv4 65004:447

For IPv6:

sudo fcli set main gobgp_communities_subnet_ipv6 65004:445
sudo fcli set main gobgp_communities_subnet_ipv6 65004:447

By default, FastNetMon will use exactly same prefix length as specified in networks_list. I.e. if you’ve specified prefix as /21 and then host from this network as attacked then it will be announced as /21.

We have an option to control scope of such announces and you can easily set it to required boundary like /24 (external DDoS Scrubbing case):

sudo fcli set main gobgp_announce_whole_subnet_force_custom_prefix_length true 
sudo fcli set main gobgp_announce_whole_subnet_custom_prefix_length 24

For IPv6 it will look this way:

sudo fcli set main gobgp_announce_whole_subnet_force_custom_ipv6_prefix_length true
sudo fcli set main gobgp_announce_whole_subnet_custom_ipv6_prefix_length 48

Next hop setup is shared with standard blackhole announces and can be set this way:

sudo fcli set main gobgp_next_hop 1.2.3.4
sudo fcli set main gobgp_next_hop_ipv6 100::1
sudo fcli commit

24/7 Tech Support

support@fastnetmon.com

Email Us

sales@fastnetmon.com