FastNetMon Flow is FastNetMon’s own format for very efficient flow representation which includes many improvements over existing flow protocols with main target to improve developer experience and cross language integration.
FastNetMon uses this format to export and receive data to/from other instance of FastNetMon. You can find detailed format description here.
This logic supports multiple protocols, please keep in mind that TCP and UDP transports do not offer any encryption and cannot be used via public networks.
If you transport telemetry traffic over the Internet please use TLS. TLS mode uses TLS 1.3 which is the most secure version of TLS protocol.
FastNetMon can receive traffic telemetry in our format or can export it to remote machine. Your own applications can send traffic in this format to FastNetMon.
To configure FastNetMon in client mode you need to apply following changes.
To use this capability please upgrade to 2.0.353.
Enable plugin:
sudo fcli set main tera_flow enable
Then specify addresses to listen using URL based configuration:
sudo fcli set main tera_flow_local_addresses tcp://[::0]:8104 sudo fcli set main tera_flow_local_addresses udp://0.0.0.0:8104 sudo fcli set main tera_flow_local_addresses tls://0.0.0.0:8104 sudo fcli commit
To use TLS mode you need to specify paths to your TLS certificates:
sudo fcli set main tera_flow_tls_certificate_path /etc/ssl/certs/ssl-cert-snakeoil.pem sudo fcli set main tera_flow_tls_private_key_path /etc/ssl/private/ssl-cert-snakeoil.key sudo fcli commit
You can use Let’s encrypt issues certificates or certificates issued by any other CA. Self signed certificates are not supported for security reasons.
If you have chain of certificates specified you need to enable chain mode:
sudo fcli set main tera_flow_tls_certificate_chain true sudo fcli commit
You can confirm that FastNetMon receives traffic from remote end using following command:
sudo fcli show system_counters |grep total_simple_packets_processed
You can check different per protocol counters that way:
sudo fcli show system_counters|grep fastnetmon_flow fastnetmon_flow_udp_packets 0 fastnetmon_flow_tcp_packets 0 fastnetmon_flow_tls_packets 582987
In addition to receive mode FastNetMon can export traffic to remote side using Tera Flow protocol too.
To enable export capability, you can use following commands.
Enable plug-in:
sudo fcli set main flow_forwarder true
Specify remote host and port:
sudo fcli set main flow_forwarder_remote_addresses udp://[aaff::beef]:8104
You can use udp, tcp or tls as protocols. In addition to using IPv4 or IPv6 addresses your can use hostnames and FastNetMon will resolve them automatically for you. For TLS mode we support only hostnames as they’re required for TLS certificate validation.
If you use traffic capture from mirror / SPAN you can enable sampling to reduce load and mount of telemetry traffic:
sudo fcli set main flow_forwarder_sampling_rate 512
And apply changes:
sudo fcli commit
To debug issues with traffic export you can use this command:
sudo fcli show system_counters | grep flow_forwarder
It will show you multiple metrics about any issues happened during export:
flow_forwarder_errors 0 flow_forwarder_pushed_messages 40864 flow_forwarder_sampler_seen_packets 0 flow_forwarder_sampler_selected_packets 0
For both TCP and TLS modes FastNetMon has reconnection logic in place which checks connection status and reconnects in 60 second after first failure was detected.