Before starting with this guide you need to establish BGP peering session between FastNetMon and your network equipment using this guide.

We made multiple changes for BGP announces logic in subnet mode. Please ensure that you run at least 2.0.360 before starting with this guide.

For this manual you need to know community number used for Blackhole (RFC 7999) at router side

Enable announces about attacked host:

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
sudo fcli set main gobgp_announce_host enable
sudo fcli set main gobgp_announce_host enable
sudo fcli set main gobgp_announce_host enable

Then specify blackhole communities used in your network (I personally encourage you to use recommended by RFC 7999 number, 666). Please use only 16 bit ASN numbers (< 65535) for communities here:

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
sudo fcli set main gobgp_communities_host_ipv4 65001:666
sudo fcli set main gobgp_communities_host_ipv4 65001:667
sudo fcli set main gobgp_communities_host_ipv4 65001:666 sudo fcli set main gobgp_communities_host_ipv4 65001:667
sudo fcli set main gobgp_communities_host_ipv4 65001:666
sudo fcli set main gobgp_communities_host_ipv4 65001:667

Then specify next hop only for host announces:

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
sudo fcli set main gobgp_next_hop_host_ipv4 1.2.3.4
sudo fcli commit
sudo fcli set main gobgp_next_hop_host_ipv4 1.2.3.4 sudo fcli commit
sudo fcli set main gobgp_next_hop_host_ipv4 1.2.3.4
sudo fcli commit

After this it’s nice to check that we could announce IP’s correctly. We could ban some test IP for it

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
sudo fcli set blackhole 11.22.33.44
sudo fcli set blackhole 11.22.33.44
sudo fcli set blackhole 11.22.33.44

You can check all active outgoing announces this way:

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
gobgp global rib -a ipv4
gobgp global rib -a ipv4
gobgp global rib -a ipv4

You could check status for all neighbours this way

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
gobgp neighbor
gobgp neighbor
gobgp neighbor

You can check peering session status this way:

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
gobgp neigh 22.33.44.55
gobgp neigh 22.33.44.55
gobgp neigh 22.33.44.55

In addition to per host announces FastNetMon can announce network which includes host under attack.

Starting from 2.0.363 you can assign custom BGP Communities for each hostgroup this way:

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
sudo fcli set hostgroup aaa bgp_communities_host_ipv4 65001:771
sudo fcli set hostgroup aaa bgp_communities_subnet_ipv4 65001:772
sudo fcli commit
sudo fcli set hostgroup aaa bgp_communities_host_ipv4 65001:771 sudo fcli set hostgroup aaa bgp_communities_subnet_ipv4 65001:772 sudo fcli commit
sudo fcli set hostgroup aaa bgp_communities_host_ipv4 65001:771
sudo fcli set hostgroup aaa bgp_communities_subnet_ipv4 65001:772
sudo fcli commit

Starting from 2.0.364 you can specify custom next hop for announces for each hostgroup:

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
sudo fcli set hostgroup aaa bgp_next_hops_host_ipv4 1.2.3.4
sudo fcli set hostgroup aaa bgp_next_hops_subnet_ipv4 5.6.7.8
sudo fcli commit
sudo fcli set hostgroup aaa bgp_next_hops_host_ipv4 1.2.3.4 sudo fcli set hostgroup aaa bgp_next_hops_subnet_ipv4 5.6.7.8 sudo fcli commit
sudo fcli set hostgroup aaa bgp_next_hops_host_ipv4 1.2.3.4
sudo fcli set hostgroup aaa bgp_next_hops_subnet_ipv4 5.6.7.8
sudo fcli commit

Starting from 2.0.367 you can specify custom AS_PATH this way:

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
sudo fcli set main gobgp_as_path_host_ipv4 12345
sudo fcli set main gobgp_as_path_host_ipv4 56789
sudo fcli commit
sudo fcli set main gobgp_as_path_host_ipv4 12345 sudo fcli set main gobgp_as_path_host_ipv4 56789 sudo fcli commit
sudo fcli set main gobgp_as_path_host_ipv4 12345
sudo fcli set main gobgp_as_path_host_ipv4 56789
sudo fcli commit

Alternatively you can provide custom AS_PATH for each hostgroup:

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
sudo fcli set hostgroup global bgp_as_path_host_ipv4 12345
sudo fcli set hostgroup global bgp_as_path_host_ipv4 56789
sudo fcli commit
sudo fcli set hostgroup global bgp_as_path_host_ipv4 12345 sudo fcli set hostgroup global bgp_as_path_host_ipv4 56789 sudo fcli commit
sudo fcli set hostgroup global bgp_as_path_host_ipv4 12345
sudo fcli set hostgroup global bgp_as_path_host_ipv4 56789
sudo fcli commit

24/7 Tech Support

support@fastnetmon.com

Email Us

sales@fastnetmon.com