05.09.2018

FastNetMon Advanced deployment scenarios

Introduction

FastNetMon is very flexible software and you can use almost any possible deployment option. We selected two most popular cases and explained them in details.  But if you have something more complicated, do not hesitate and contact our support team. We have number of internal cases about FastNetMon deployment.

Automatied traffic management

FastNetMon uses following protocols to manage traffic:

  • BGP v4 unicast (implements RTBH or BGP traffic diversion)
  • BGP v4 Flow Spec / RFC 5575 (selectively filters out malicious traffic)

And you need to have BGP peering session with your routers to inject rules.

Router based setup

Almost all routers provide some way to expoort information about traffic.

FastNetMon supports following protocols to receive traffic information from routers:

  • Netflow v5
  • Netflow v9
  • IPFIX
  • Netstream
  • jFlow
  • cFlow
  • sFlow v5

In this case, you can deploy FastNetMon in any place of your network. To reduce probablity of congestion, we suggest using direct connection between router and server or VM with FastNetMon.

Switch based setup

If your router does not provide any traffic visibility options or traffic information export causes CPU overload, you can export traffic information from your switch. Also, you may consider por mirror/SPAN capture too.

Switches usually support following traffic export options and FastNetMon supports all of them:

  • sFlow v5
  • Netflow v9
  • IPFIX

Mixed setup

You can use this approach as part of HA scenario and export traffic from router and from switch/traffic mirror in same time. We have dedicated aricle about HA scenario.

Distributed setup

We also support it and any FastNetMon instance can export received traffic using our secure proprietary protocol “Tera Flow”.

You may install single central instance and collect complete network visibility from central place. Meanwhile, each instance can detect DDoS independently.