FastNetMon’s JSON representation format
Example encoded json:
{ "source_prefix": "4.0.0.0/24", "destination_prefix": "127.0.0.0/24", "destination_ports": [ 80 ], "source_ports": [ 53, 5353 ], "packet_lengths": [ 777, 1122 ], "protocols": [ "tcp" ], "fragmentation_flags": [ "is-fragment", "dont-fragment" ], "tcp_flags": [ "syn" ], "action_type": "rate-limit", "action": { "rate": 1024 } }
Field explanation:
- source_prefix – IPv4 network in CIDR format, optional field.
- destination_prefix – IPv4 network in CIDR format, optional field.
- destination_ports – list of destination ports (from 0 to 65535), optional field.
- source_ports – list of source ports (from 0 to 65535), optional field.
- packet_lengths – list of packet sizes (from 0 to 1500), optional field.
- protocols – list of protocols (allowed options udp, tcp, icmp, gre), optional field.
- fragmentation_flags – list of fragmentation flags (allowed values: dont-fragment, is-fragment, first-fragment, last-fragment, not-a-fragment), optional field.
- tcp_flags – list of TCP flags, allowed only when TCP used in protocols list. Allowed values: syn, ack, fin, urgent, push, rst. Flags also could be mixed with “|” sign (tcp|push). Optional field.
- ttls – list of TTLs for traffic matching, non RFC compliant addition
- vlans – list of vlans for traffic matching, non RFC compliant addition
- action_type – action type, allowed values: accept, discard, rate-limit, redirect, mark.
- ipv4_nexthops – list of IPs which can be used when action is set to “accept” to forward traffic to them
- source_asns – list of source ASNs, non RFC compliant addition
- destination_asns – list of destination ASNs, non RFC compliant addition
If you are using rate-limit you also should specify field “rate” in section “action”, allowed values for it from 1 to 100000. Optional field.
If you use action_type “redirect” then you should provide fields “redirect_target_as” (16 bit) and “redirect_target_value” (32 bit) in section “action”.
Example redirect action:
sudo fcli set flowspec '{ "source_prefix": "4.0.0.0/24", "destination_prefix": "127.0.0.0/24", "destination_ports": [ 80 ], "source_ports": [ 53, 5353 ], "packet_lengths": [ 777, 1122 ], "protocols": [ "tcp" ], "fragmentation_flags": [ "is-fragment", "dont-fragment" ], "tcp_flags": [ "syn" ], "action_type": "redirect", "action": { "redirect_target_as": 65000, "redirect_target_value": 666 } }'
Example of redirect to IPv4 next hop announce:
sudo fcli set flowspec '{ "source_prefix": "4.0.0.0/32", "destination_prefix": "127.0.0.0/32", "destination_ports": [ 80 ], "source_ports": [ 53, 5353 ], "packet_lengths": [ 777, 1122 ], "protocols": [ "tcp" ], "fragmentation_flags": [ "is-fragment", "dont-fragment" ], "tcp_flags": [ "syn" ], "action_type": "accept", "ipv4_nexthops": ["11.22.33.44"] }'