FastNetMon uses our own encoding to represent BGP Flow Spec rules.
Example JSON document looks like:
{ "source_prefix": "4.0.0.0/24", "destination_prefix": "127.0.0.0/24", "destination_ports": [ 80 ], "source_ports": [ 53, 5353 ], "packet_lengths": [ 777, 1122 ], "protocols": [ "tcp" ], "fragmentation_flags": [ "is-fragment", "dont-fragment" ], "tcp_flags": [ "syn" ], "action_type": "rate-limit", "action": { "rate": 1024 }, "ipv4_nexthops": ["11.22.33.44"] }
Available fields:
- source_prefix – IPv4 network in CIDR format, optional field.
- destination_prefix – IPv4 network in CIDR format, optional field.
- destination_ports – list of destination ports (from 0 to 65535), optional field.
- source_ports – list of source ports (from 0 to 65535), optional field.
- packet_lengths – list of packet sizes (from 0 to 1500), optional field.
- protocols – list of protocols (allowed options udp, tcp, icmp, gre), optional field.
- fragmentation_flags – list of fragmentation flags (allowed values: dont-fragment, is-fragment, first-fragment, last-fragment, not-a-fragment), optional field.
- tcp_flags – list of TCP flags, allowed only when TCP used in protocols list. Allowed values: syn, ack, fin, urgent, push, rst. Flags also could be mixed with “|” sign (tcp|push). Optional field.
- action_type – action type, allowed values: accept, discard and rate-limit. If you are using rate-limit you also should specify field “rate”, allowed values for it from 1 to 100000. Optional field.
- ipv4_nexthops – One or multiple IPs to forward traffic to. Optional field.