FastNetMon Advanced Flow Spec encoding format

FastNetMon uses our own encoding to represent BGP Flow Spec rules.

Example JSON document looks like:


Available fields:

  • source_prefix – IPv4 network in CIDR format, optional field.

  • destination_prefix – IPv4 network in CIDR format, optional field.

  • destination_ports – list of destination ports (from 0 to 65535), optional field.

  • source_ports –  list of source ports  (from 0 to 65535), optional field.

  • packet_lengths – list of packet sizes (from 0 to 1500), optional field.

  • protocols – list of protocols (allowed options udp, tcp, icmp, gre), optional field.

  • fragmentation_flags – list of fragmentation flags (allowed values: dont-fragment, is-fragment, first-fragment, last-fragment, not-a-fragment), optional field.

  • tcp_flags – list of TCP flags, allowed only when TCP used in protocols list. Allowed values: syn, ack, fin, urgent, push, rst. Flags also could be mixed with “|” sign (tcp|push). Optional field.

  • action_type – action type, allowed values: accept, discard and rate-limit. If you are using rate-limit you also should specify field “rate”, allowed values for it from 1 to 100000. Optional field.