DDoS detection built for
IXP operators and their members.
Euro-IX Forum brings together the engineers who run European internet exchanges. If DDoS protection is on your agenda, here's a tool built for exactly your threat model — surgical FlowSpec rules that protect peering sessions without blunt-instrument blackholing, at $9.99/node/month.
Built for IX infrastructure
Flowtriq is used by operators who need precision — not blunt-instrument blocking that disrupts peering.
The pricing reality
What FastNetMon actually costs in 2026
FastNetMon's LiveView dashboard launched April 2026 at $70/user/month — billed on top of the $115+/month Advanced license. Here's the real total for a 3-person team.
Advanced license (10G): $115/month. LiveView dashboard: $70 × 3 users. Dedicated server: ~$100/month.
FastNetMon
- $115/mo base + $70/user/mo dashboard
- Dedicated server required (~$60–150/mo)
- 30–60s latency via NetFlow
- No PCAP forensics
- Automated FlowSpec unreliable due to false positives
- No L7 / HTTP flood detection
- Trial by application only
Flowtriq — $9.99/node/month
- $9.99/node/month — unlimited users, dashboard included
- No dedicated server — runs on existing hosts
- <1s detection — kernel-level, unsampled
- PCAP with pre-attack ring buffer
- Confidence-gated FlowSpec + auto-rollback
- L7 HTTP flood detection
- 7-day free trial — no card, no application
Feature comparison
FastNetMon Advanced vs Flowtriq
Every capability that matters to an IXP operator or their member networks.
| Capability | FastNetMon Advanced + LiveView | Flowtriq |
|---|---|---|
| Detection | ||
| Detection method | NetFlow / sFlow / IPFIX (sampled) | Kernel-level, unsampled |
| Detection latency | 30–60s | <1 second |
| Attack classification | Flood type only | 7 families + confidence score |
| Botnet source flagging | No | 300+ known sources |
| BGP & Mitigation | ||
| BGP RTBH blackhole | Yes | Yes |
| BGP FlowSpec | Advanced only | Included at $9.99/node |
| Automated FlowSpec | Manual (false positives block automation) | Confidence-gated + auto-rollback |
| BGP speaker support | ExaBGP, GoBGP | ExaBGP, GoBGP, BIRD 2, FRRouting |
| Detection → BGP in <2s | No | Yes |
| Forensics & Evidence | ||
| PCAP capture | Not available | Pre-attack ring buffer |
| AI incident summaries | No | Yes |
| Operations | ||
| Web dashboard | +$70/user/mo add-on | Included, unlimited users |
| REST API + Terraform | API Advanced only; no Terraform | Both included |
| Dedicated server required | Yes | No |
| Setup time | Hours | 60s: pip install ftagent |
Technical architecture
What runs under the hood
For operators who need to understand the stack before they trust it with peering traffic.
Kernel-level capture
AF_PACKET + BPF — every packet header, unsampled, at line rate. No NetFlow infrastructure. No router configuration changes.
EWMA baselines
Adaptive per-node baselines via EWMA. Auto-learns in ~5 minutes. No manual threshold setting — survives traffic spikes and diurnal patterns without false positives.
Confidence-gated FlowSpec
FlowSpec rules only fire above a confidence threshold. Auto-rollback when confidence drops post-announcement. Works with BIRD 2, FRRouting, ExaBGP, GoBGP.
PCAP ring buffer
Rolling pre-attack capture. When detection fires, the buffer is flushed and attached to the incident record — evidence from before the attack peaked.
Lightweight agent
<30 MB RAM, <0.1% CPU idle. systemd service. Any Linux kernel ≥ 3.10. No DPDK, no PF_RING, no kernel module.
Multi-tenancy
Workspace-based RBAC with per-workspace alerting. ISPs and exchanges manage member nodes under separate workspaces with isolated reporting.
Test it before Euro-IX Forum — no gatekeeping
7 days full access. No credit card. No bandwidth questionnaire. Deploy on any Linux server you already operate in 60 seconds.