Before starting with this guide you need to establish BGP peering session between FastNetMon and your network equipment using this guide.
We made multiple changes for BGP announces logic in IPv6 mode. Please ensure that you run at least 2.0.363 before starting with this guide.
For this manual you need to know community number used for Blackhole (RFC 7999) at router side
First of all, you need to enable BGP action for IPv6 traffic:
sudo fcli set main gobgp_ipv6 enable
To enable announces of attacked host (/128) use this option:
sudo fcli set main gobgp_announce_host_ipv6 enable
Then specify blackhole communities used in your network (I personally encourage you to use recommended by RFC 7999 number, 666). Please use only 16 bit ASN numbers (< 65535) for communities here:
sudo fcli set main gobgp_communities_host_ipv6 65001:666 sudo fcli set main gobgp_communities_host_ipv6 65001:667
Finally, configure next hop to required value:
sudo fcli set main gobgp_next_hop_host_ipv6 100::1
Also, you need to enable IPv6 NLRI for particular peer:
sudo fcli set bgp peer_name ipv6_unicast enable sudo flci commit
After this it’s nice to check that we could announce IP’s correctly. We could ban some test IP for it
sudo fcli set blackhole dead::beef
You can check all active outgoing announces this way:
gobgp global rib -a ipv6
You could check status for all neighbours this way
gobgp neighbor
You can check peering session status this way:
gobgp neigh 22.33.44.55
In addition to per host announces FastNetMon can announce network which includes host under attack.
Starting from 2.0.363 you can assign custom BGP Communities for each hostgroup this way:
sudo fcli set hostgroup aaa bgp_communities_host_ipv6 65001:671 sudo fcli set hostgroup aaa bgp_communities_subnet_ipv6 65001:672 sudo fcli commit
Starting from 2.0.364 you can specify custom next hop for announces for each hostgroup:
sudo fcli set hostgroup aaa bgp_next_hops_host_ipv6 ::1 sudo fcli set hostgroup aaa bgp_next_hops_subnet_ipv6 ::2 sudo fcli commit