FastNetMon Flow is FastNetMon’s own format for very efficient flow representation, which includes many improvements over existing flow protocols, with the main target to improve developer experience and cross-language integration.
FastNetMon uses this format to export and receive data to/from other instances of FastNetMon. You can find a detailed format description here.
This logic supports multiple protocols. Please keep in mind that TCP and UDP transports do not offer any encryption and cannot be used via public networks.
If you transport telemetry traffic over the Internet, please use TLS. TLS mode uses TLS 1.3, which is the most secure version of the TLS protocol.
FastNetMon can receive traffic telemetry in our format or can export it to a remote machine. Your own applications can send traffic in this format to FastNetMon.
To configure FastNetMon in client mode, you need to apply the following changes.
To use this capability, please upgrade to version 2.0.353.
Enable plugin:
sudo fcli set main tera_flow enable
Then specify addresses to listen using URL-based configuration:
sudo fcli set main tera_flow_local_addresses tcp://[::0]:8104 sudo fcli set main tera_flow_local_addresses udp://0.0.0.0:8104 sudo fcli set main tera_flow_local_addresses tls://0.0.0.0:8104 sudo fcli commit
To use TLS mode, you need to specify paths to your TLS certificates:
sudo fcli set main tera_flow_tls_certificate_path /etc/ssl/certs/ssl-cert-snakeoil.pem sudo fcli set main tera_flow_tls_private_key_path /etc/ssl/private/ssl-cert-snakeoil.key sudo fcli commit
You can use Let’s encrypt issues certificates or certificates issued by any other CA. Self-signed certificates are not supported for security reasons.
If you have a chain of certificates specified, you need to enable chain mode:
sudo fcli set main tera_flow_tls_certificate_chain true sudo fcli commit
You can confirm that FastNetMon receives traffic from remote end using the following command:
sudo fcli show system_counters |grep total_simple_packets_processed
You can check different per-protocol counters that way:
sudo fcli show system_counters|grep fastnetmon_flow fastnetmon_flow_udp_packets 0 fastnetmon_flow_tcp_packets 0 fastnetmon_flow_tls_packets 582987
In addition to receiving mode, FastNetMon can export traffic to the remote side using Tera Flow protocol too.
To enable export capability, you can use the following commands.
Enable plug-in:
sudo fcli set main flow_forwarder true
Specify remote host and port:
sudo fcli set main flow_forwarder_remote_addresses udp://[aaff::beef]:8104
You can use UDP, TCP or TLS as protocols. In addition to using IPv4 or IPv6 addresses, you can use hostnames, and FastNetMon will resolve them automatically for you. For TLS mode, we support only hostnames as they’re required for TLS certificate validation.
If you use traffic capture from mirror / SPAN, you can enable sampling to reduce the load and amount of telemetry traffic:
sudo fcli set main flow_forwarder_sampling_rate 512
And apply changes:
sudo fcli commit
To debug issues with traffic export, you can use this command:
sudo fcli show system_counters | grep flow_forwarder
It will show you multiple metrics about any issues that happened during export:
flow_forwarder_errors 0 flow_forwarder_pushed_messages 40864 flow_forwarder_sampler_seen_packets 0 flow_forwarder_sampler_selected_packets 0
For both TCP and TLS modes, FastNetMon has reconnection logic in place, which checks the connection status and reconnects in 60 seconds after the first failure is detected.