14.04.2019

FastNetMon BGP unicast configuration

For this manual, you need to configure BGP peering connection from your router side and you need to know all following data:

  • Peering IP for FastNetMon
  • ASN for FastNetMon
  • Router’s IP
  • Router’s ASN
  • Community number used for Blackhole at router side

As first step please enable BGP support:

sudo fcli set main gobgp enable

Enable announces about attacked host:

sudo fcli set main gobgp_announce_host enable

Then specify blackhole community used in your network (I personally encourage you to use recommended by RFC 7999 number, 666). Please use only 16 bit ASN numbers (< 65535) for communities her

sudo fcli set main gobgp_community_host 65001:666

Then we need to create new BGP peering session

 sudo fcli set bgp connection_to_my_router

And configure it (if you are using different from management IP for peering you need to configure it manually for your Ubuntu instance)

sudo fcli set bgp connection_to_my_router local_asn 65001
sudo fcli set bgp connection_to_my_router remote_asn 65001
sudo fcli set bgp connection_to_my_router local_address 11.22.33.44
sudo fcli set bgp connection_to_my_router remote_address 22.33.44.55 

If your server with FastNetMon connected to peer through intermediate hosts we suggest to set BGP multi-hop feature

sudo fcli set bgp connection_to_my_router multihop enable

Then enable support for IPv4 unicast for this device explicitly:

sudo fcli set bgp connection_to_my_router ipv4_unicast enable

Finally, enable this peering connection:

sudo fcli set bgp connection_to_my_router active enable

And then we need to commit changes to FastNetMon and BGP daemon configuration

You may add any reasonable number of BGP peers, just set unique name for each peering session and configure all options as for first session:

sudo fcli set bgp second_connection_to_my_router

Apply changes:

sudo fcli commit

After this it’s nice to check that we could announce IP’s correctly. We could ban some test IP for it:

sudo fcli set blackhole 11.22.33.44

You can check all active outgoing announces this way:

gobgp global rib -a ipv4

You could check status for all neighbors this way

gobgp neighbor

You can check peering session status this way:

gobgp neigh 22.33.44.55