For this manual, you need to configure BGP peering connection from your router side and you need to know all following data:
- Peering IP for FastNetMon
- ASN for FastNetMon
- Router’s IP
- Router’s ASN
- Community number used for Blackhole (RFC 7999) at router side
As first step please enable BGP support:
sudo fcli set main gobgp enable
Enable announces about attacked host:
sudo fcli set main gobgp_announce_host enable
Then specify blackhole community used in your network (I personally encourage you to use recommended by RFC 7999 number, 666). Please use only 16 bit ASN numbers (< 65535) for communities her
sudo fcli set main gobgp_community_host 65001:666
In version 2.0.198 we’ve added option to specify multiple communities in same time:
sudo fcli set main gobgp_communities_host_ipv4 65001:666 sudo fcli set main gobgp_communities_host_ipv4 65001:667
Then we need to create new BGP peering session
sudo fcli set bgp connection_to_my_router
And configure it (if you are using different from management IP for peering you need to configure it manually for your Ubuntu instance)
sudo fcli set bgp connection_to_my_router local_asn 65001 sudo fcli set bgp connection_to_my_router remote_asn 65001 sudo fcli set bgp connection_to_my_router local_address 11.22.33.44 sudo fcli set bgp connection_to_my_router remote_address 22.33.44.55
If your server with FastNetMon connected to peer through intermediate hosts we suggest to set BGP multi-hop feature
sudo fcli set bgp connection_to_my_router multihop enable
Then enable support for IPv4 unicast for this device explicitly:
sudo fcli set bgp connection_to_my_router ipv4_unicast enable
Finally, enable this peering connection:
sudo fcli set bgp connection_to_my_router active enable
And then we need to commit changes to FastNetMon and BGP daemon configuration
You may add any reasonable number of BGP peers, just set unique name for each peering session and configure all options as for first session:
sudo fcli set bgp second_connection_to_my_router
Apply changes:
sudo fcli commit
After this it’s nice to check that we could announce IP’s correctly. We could ban some test IP for it:
sudo fcli set blackhole 11.22.33.44
You can check all active outgoing announces this way:
gobgp global rib -a ipv4
You could check status for all neighbors this way
gobgp neighbor
You can check peering session status this way:
gobgp neigh 22.33.44.55
In addition to per host announces FastNetMon can announce network which includes host under attack (was introduced in FastNetMon 2.0.198):
sudo fcli set main gobgp_communities_subnet_ipv4 65004:445 sudo fcli set main gobgp_communities_subnet_ipv4 65004:447
We have detailed BGP setup guides for following vendors: