Posted in DDoS

FastNetMon, ExaBGP and BGP integration for DDoS mitigation – part 1

   Published Date: December 4, 2019

In this scenario I would like to introduce you FastNetMon, ExaBGP and BGP in order to cut DDoS attacks. FastNetMon – https://fastnetmon.com/ is a DDoS Detection tool.

The proof of concept is presented in the following picture.

The whole scenario is built on Linux environment, environment that supports all the devices described in the above picture.
The host for machine in this lxc environmet is a Ubuntu 18.04 LTS machine.

#uname -a
Linux 5.0.0-36-generic #39~18.04.1-Ubuntu SMP Tue Nov 12 11:09:50 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

We are using lxc as virtualization technology (which is nativelly integrated in Ubuntu). https://linuxcontainers.org/. Since this is not a
containerisation course we’ll not dive into the creation of the containers.

Also, I just want to stress out again, that the schema is reduced in order to accomodate all requiremenets for realization the proof of concept, but still be functional.

# lxc list
+---------+---------+-----------------------+------+------------
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | LOCATION |
+---------+---------+-----------------------+------+------------
| Quagga1 | RUNNING | 10.204.244.56 (eth0) | | PERSISTENT | 0 | U18 |
| | | 10.10.14.1 (eth0) | | | | |
| | | 10.10.13.1 (eth0) | | | | |
| | | 10.10.12.1 (eth0) | | | | |
+---------+---------+-----------------------+------+------------
| Quagga2 | RUNNING | 10.204.244.197 (eth0) | | PERSISTENT | 0 | U18 |
| | | 10.10.24.1 (eth0) | | | | |
| | | 10.10.12.2 (eth0) | | | | |
+---------+---------+-----------------------+------+------------
| Quagga3 | RUNNING | 10.204.244.111 (eth0) | | PERSISTENT | 0 | U18 |
| | | 10.10.34.1 (eth0) | | | | |
| | | 10.10.23.2 (eth0) | | | | |
| | | 10.10.13.2 (eth0) | | | | |
| | | 10.10.12.4 (eth0) | | | | |
+---------+---------+-----------------------+------+------------
| Quagga4 | RUNNING | 172.20.17.100 (eth0) | | PERSISTENT | 0 | U18 |
| | | 10.204.244.219 (eth0) | | | | |
| | | 10.10.34.2 (eth0) | | | | |
| | | 10.10.24.2 (eth0) | | | | |
| | | 10.10.14.2 (eth0) | | | | |
+---------+---------+-----------------------+------+------------
| Quagga5 | RUNNING | 10.204.244.175 (eth0) | | PERSISTENT | 0 | U18 |
| | | 10.100.100.100 (eth0) | | | | |
| | | 10.10.12.3 (eth0) | | | | |
+---------+---------+-----------------------+------+------------

Each container is running a similar image based on CentOS 7:
bash-4.2# cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)

Next – Part 2

Author: techwritter