14.04.2019

FastNetMon BGP Flow spec configuration

For this step, you need to have working BGP unicast configuration. Please enable flow spec AFI on router’s side and then we could start!

Enable flow spec for your peering connection

sudo fcli set bgp connection_to_my_router ipv4_flowspec enable

Enable flow spec globally:

sudo fcli set main gobgp_flow_spec_announces enable

We could specify action type for FastNetMon’s announces (accept, discard or rate-limit):

set main gobgp_flow_spec_default_action discard

For rate-limit you could specify actual rate (usually “bytes per second” but please check with your network vendor):

sudo fcli set main gobgp_flow_spec_rate_limit_value 1000

Apply changes:

sudo fcli commit

Then we could prepare custom announce (please replace our example addresses here by your real addresses specified in networks list)

sudo fcli set flowspec  '{ "source_prefix": "4.0.0.0/32", "destination_prefix": "127.0.0.0/32", "destination_ports": [ 80 ], "source_ports": [ 53, 5353 ], "packet_lengths": [ 777, 1122 ], "protocols": [ "tcp" ], "fragmentation_flags": [ "is-fragment", "dont-fragment" ], "tcp_flags": [ "syn" ], "action_type": "rate-limit", "action": { "rate": 1024 } }'

And check BGP daemon output:

gobgp global rib -a ipv4-flow

Output should be like this:

Network                                                                                                            Next Hop             AS_PATH              Age        Attrs *>  [destination:127.0.0.0/24][source:4.0.0.0/24][protocol: tcp][destination-port: =80][source-port: =53 =5353][tcp-flags: syn][packet-length: =777 =1122][fragment: is-fragment dont-fragment]fictitious                                00:01:36   [{Origin: ?} {Extcomms: [discard]}]

To configure BGP Flow spec on router side you can use our official guides for flowing vendors: