You can use FastNetMon Advanced with VyOS routing platform. It’s open source platform but you can buy support directly from developers. In this guide we will provide detailed instructions about this process All these instructions were tested with VyOS 1.2.5 LTS.
VyOS offers Netflow and sFlow support in same time. sFlow is more reactive way and more suitable for DDoS detection.
As first step, please login to VyOS over SSH using default login and password: vyos/vyos and then switch to configuration mode:
conf
Then select interfaces to enable sFlow export, we recommend exporting traffic from upstream ports (please replace ports to your specific values):
Then apply some basic configuration options:
set system flow-accounting buffer-size 64 set system flow-accounting disable-imt
Configure sFlow export (please replace 192.168.1.134 by address of server with FastNetMon installed):
set system flow-accounting sflow agent-address auto set system flow-accounting sflow sampling-rate 100 set system flow-accounting sflow server 192.168.1.134 port 6343
We set sampling rate to 100 for testing, for ports with at least 1G of bandwidth I recommend increasing this value to 1024, for 10G you can use 2048.
After that, apply changes:
save commit
Confirm correctness of configuration:
show system flow-accounting
buffer-size 64
disable-imt
interface eth0
interface eth1
sflow {
agent-address auto
sampling-rate 100
server 192.168.1.134 {
port 6343
}
}