FastNetMon BGP Flow Spec RFC 5575 JSON representation

FastNetMon’s JSON representation format

Example encoded json:

{ "source_prefix": "4.0.0.0/24", "destination_prefix": "127.0.0.0/24", "destination_ports": [ 80 ], "source_ports": [ 53, 5353 ], "packet_lengths": [ 777, 1122 ], "protocols": [ "tcp" ], "fragmentation_flags": [ "is-fragment", "dont-fragment" ], "tcp_flags": [ "syn" ], "action_type": "rate-limit", "action": { "rate": 1024 } }

Field explanation:

• source_prefix – IPv4 network in CIDR format, optional field.
• destination_prefix – IPv4 network in CIDR format, optional field.
• destination_ports – list of destination ports (from 0 to 65535), optional field.
• source_ports – list of source ports (from 0 to 65535), optional field.
• packet_lengths – list of packet sizes (from 0 to 1500), optional field.
• protocols – list of protocols (allowed options udp, tcp, icmp, gre), optional field.
• fragmentation_flags – list of fragmentation flags (allowed values: dont-fragment, is-fragment, first-fragment, last-fragment, not-a-fragment), optional field.
• tcp_flags – list of TCP flags, allowed only when TCP used in protocols list. Allowed values: syn, ack, fin, urgent, push, rst. Flags also could be mixed with “|” sign (tcp|push). Optional field.
• action_type – action type, allowed values: accept, discard, rate-limit, redirect, mark.
• ipv4_nexthops – list of IPs which can be used when action is set to “accept” to forward traffic to them

If you are using rate-limit you also should specify field “rate” in section “action”, allowed values for it from 1 to 100000. Optional field.

If you use action_type “redirect” then you should provide fields “redirect_target_as” (16 bit) and “redirect_target_value” (32 bit) in section “action”.

Example redirect action:

sudo fcli set flowspec '{ "source_prefix": "4.0.0.0/24", "destination_prefix": "127.0.0.0/24", "destination_ports": [ 80 ], "source_ports": [ 53, 5353 ], "packet_lengths": [ 777, 1122 ], "protocols": [ "tcp" ], "fragmentation_flags": [ "is-fragment", "dont-fragment" ], "tcp_flags": [ "syn" ], "action_type": "redirect", "action": { "redirect_target_as": 65000, "redirect_target_value": 666 } }'

Example of redirect to IPv4 next hop announce:

sudo fcli set flowspec '{ "source_prefix": "4.0.0.0/32", "destination_prefix": "127.0.0.0/32", "destination_ports": [ 80 ], "source_ports": [ 53, 5353 ], "packet_lengths": [ 777, 1122 ], "protocols": [ "tcp" ], "fragmentation_flags": [ "is-fragment", "dont-fragment" ], "tcp_flags": [ "syn" ], "action_type": "accept", "ipv4_nexthops": ["11.22.33.44"] }'