You can use FastNetMon Advanced with VyOS routing platform. It’s open source platform and you can buy support directly from developers. In this guide we will provide detailed instructions about this process All these instructions were tested with VyOS 1.4.x dev.
VyOS has two implementations of sFlow protocol agent. One is legacy available from set system flow-accounting sflow and it does not work well with FastNetMon at all and requires manual installation of third party sFlow agent.
The new one is based on hsflowd and available as set system sflow and it works just fine.
VyOS offers Netflow and sFlow support in same time. sFlow offers faster detection and lower CPU usage what makes it more suitable for DDoS detection.
As first step, please login to VyOS over SSH using default login and password: vyos/vyos and then switch to configuration mode:
conf
Configure sFlow export (please replace 192.168.1.134 by address of server with FastNetMon installed):
set system sflow agent-address 'your-router-ip' set system sflow sampling-rate '100' set system sflow polling '30' set system sflow server 192.168.1.134 port '6343'
Then select interfaces to enable sFlow export, we recommend exporting traffic from upstream ports:
set system sflow interface 'ethX' set system sflow interface 'ethY'
We set sampling rate to 100 for testing, for ports with at least 1G of bandwidth I recommend increasing this value to 1024, for 10G you can use 2048.
After that, apply changes:
save commit