Add support for Junos Inline Monitoring IPFIX
complete
F
FastNetMon
You can find more details here: https://www.juniper.net/documentation/us/en/software/junos/flow-monitoring/topics/topic-map/inline-monitoring-services-configuration.html#id-understanding-inline-monitoring-services__d64291e41
This telemetry protocol offers all best capabilities required for DDoS detection and need to be added.
F
FastNetMon
We've published official guide: https://fastnetmon.com/docs-fnm-advanced/netflow-lite-and-ipfix-inline-monitoring-services/
F
FastNetMon
complete
F
FastNetMon
We've released this logic in 2.0.310: https://github.com/FastNetMon/fastnetmon-advanced-releases/releases/tag/v2.0.310
F
FastNetMon
You may use reference configuration like this:
set services inline-monitoring template FastNetMonInlineTemplate template-refresh-rate 30
set services inline-monitoring template FastNetMonInlineTemplate option-template-refresh-rate 100
set services inline-monitoring template FastNetMonInlineTemplate observation-domain-id 1
set services inline-monitoring instance FastNetMon-instance template-name FastNetMonInlineTemplate
set services inline-monitoring instance FastNetMon-instance maximum-clip-length 126
set services inline-monitoring instance FastNetMon-instance collector FastNetMon-collector source-address 10.20.30.40
set services inline-monitoring instance FastNetMon-instance collector FastNetMon-collector destination-address 10.10.10.10
set services inline-monitoring instance FastNetMon-instance collector FastNetMon-collector destination-port 2025
set services inline-monitoring instance FastNetMon-instance collector FastNetMon-collector sampling-rate 1000
set interfaces xe-1/0/7 unit 0 family inet filter input FastNetMon-filter
set firewall family inet filter FastNetMon-filter term 1 then inline-monitoring-instance FastNetMon-instance
set firewall family inet filter FastNetMon-filter term 1 then accept
F
FastNetMon
Hello! We've added it and it works in our lab. To try this feature you will need to install build: https://storage.googleapis.com/fastnetmon_advanced_packages_unstable/fastnetmon_2.0.309_amd64_7b7862772d84bff07b803bde506a52031b3107e4.deb
Installation can be done:
sudo dpkg -i fastnetmon_2.0.309_amd64_7b7862772d84bff07b803bde506a52031b3107e4.deb
And then enable this flag:
sudo fcli set main netflow_ipfix_inline true
sudo fcli commit
In case of any issues with data parser you can track counters using ipfix_inline_header_parser_error from sudo fcli show system_counters