14.04.2019

FastNetMon BGP unicast configuration

For this manual, you need to configure BGP peering connection from your router side and you need to know all following data:

  • Peering IP for FastNetMon
  • ASN for FastNetMon
  • Router’s IP
  • Router’s ASN
  • Community number used for Blackhole at router side

As first step please enable BGP support:

Enable announces about attacked host:

Then specify blackhole community used in your network (I personally encourage you to use recommended by RFC 7999 number, 666). Please use only 16 bit ASN numbers (< 65535) for communities her

Then we need to create new BGP peering session

And configure it (if you are using different from management IP for peering you need to configure it manually for your Ubuntu instance)

If your server with FastNetMon connected to peer through intermediate hosts we suggest to set BGP multi-hop feature

Then enable support for IPv4 unicast for this device explicitly:

Finally, enable this peering connection:

And then we need to commit changes to FastNetMon and BGP daemon configuration

After this it’s nice to check that we could announce IP’s correctly. We could ban some test IP for it:

You can check all active outgoing announces this way:

You could check status for all neighbors this way

You can check peering session status this way: