3.10 NFA Version
NFA Version info is available to be able to manage the change and configuration of the application.
3.11 Changelog
The Changelog section is available under Maintenance > Changelog. It offers a complete list of improvements and bug fixes per each NFA version.
3.12 Billing Info
To access your billing info, go to Management > Billing. The link will redirect you to the NFA Billing page. Use the credentials you’ve specified when initially requesting an NFA license to login.
4. User Profile
The user profile helps in associating characteristics with a specific user and helps to ascertain the interactive behavior of the user along with preferences.
Users with administrative rights have access to and can edit any user profile. Users without admin rights have access to and can edit their user profile only.
User profile offers this function to:
- update a user’s attributes and preferences including name, email, date format, time format, etc.
- change the user’s password with hints regarding password strength and confirmation mismatch.
The interface color theme can be changed here as well.
Choose between the
Light,
Dark or
Auto options. When the Auto option is selected, NFA will follow your device’s default theme.
5. System Requirements
Hardware Requirements:
- x86_64 architecture
- Minimum 4x core CPU (8x core CPU recommended), SSE4.2 support
- Minimum 32GB of RAM (64GB RAM recommended; 128GB RAM – optimal)
- Minimum 250GB SSD storage (500GB SSD storage recommended) allocated to the /var partition
Software Requirements:
- Ubuntu 22.04 or Ubuntu 20.04 LTS
Please note that NFA can also be installed on a server running CentOS 7 x86_64 Minimal – Clean Install or RHEL 8 / RHEL 9. The minimum system requirements assume default configuration. Significantly increasing the flow collection rate might cause additional load on a server, thus requiring extra memory or a larger CPU.
Hardware resources depend on the amount of flows/s exported to NFA. For each additional 1,000 flows/sec, 1 GB of RAM and 0.2 of vCPU are required. An additional 2 GB of RAM and 4 vCPU are required when the BGP add-on is used. Values are directly proportional: RAM and vCPU numbers per 1,000 flows/sec.
For instance: 40,000 flows/sec will require 40 GB of RAM and 8 vCPU, plus 2 GB of RAM and 4 vCPU in case a BGP add-on is used.
6. Support
Noction support team is available 24/7. Please contact our support team by emailing support@noction.com or by calling +1 (650) 903-7028.
7. Flow export configuration on network devices
Cisco XE:
The NetFlow infrastructure is based on the configuration and use of the following maps:
- Exporter Map
- Sampler Map
- Flow Monitor Map
1. Exporter Map. To configure the Exporter map, you need to define the destination (flow collector), the source interface, the port used for exporting, the version of NetFlow, and the timeout rates.
router(config)# flow exporter-map EM
router(config-fem)# destination 10.1.1.5
router(config-fem)# source gi0/0
router(config-fem)# transport udp 2055
router(config-fem)# version v9
router(config-fem)# template data timeout 60
router(config-fem)# options interface-table timeout 60
router(config-fem)# exit
2. Sampler Map (defines the sample rate):
router(config)# sampler-map SM
router(config-sm)# random 1 out-of 1000
router(config)# exit
3. Flow Monitor Map. The Flow Monitor map defines the cache timeout values and associates the
exporter map with this map.
router(config)# flow monitor-map FMM
router(config-fmm)# record ipv4
router(config-fmm)# exporter EM
router(config-fmm)# cache timeout active 60
router(config-fmm)# cache timeout inactive 60
router(config-fmm)# exit
4. Apply the maps to the interfaces.Now that you have your maps defined, you need to apply the
Flow Monitor and Sampler maps to each of the provider interfaces:
router(config)# interface Gi0/0
router(config-if)# flow ipv4 monitor FMM sampler SM egress
router(config-if)# exit
Cisco XE:
flow exporter EXPORTER-1
destination 172.16.10.2
export-protocol netflow-v9
transport udp 2055
exit
!
flow record v4_r1
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect counter bytes long
collect counter packets long
!
flow monitor FLOW-MONITOR-1
record v4_r1
exporter EXPORTER-1
!
interface GigabitEthernet 0/0/0
ip address 172.16.6.2 255.255.255.0
ip flow monitor FLOW-MONITOR-1 input
Cisco IOS:
ip flow-export version 9
ip flow-export destination $NFA_IP 2055
interface $Interface_to_ISP1
ip flow ingress
ip flow egress
jFlow-ipfix:
chassis {
fpc 0 {
sampling-instance nfa-instance;
}
}
interfaces {
xe-0/0/0 {
unit 0 {
family inet {
sampling {
input;
output;
}
}
}
}
}
forwarding-options {
sampling {
instance {
inst1 {
input {
rate 1024;
}
family inet {
output {
flow-server X.X.X.X {
port 2055;
version-ipfix {
template {
ipfix-templatev4;
}
}
}
inline-jflow {
source-address Y.Y.Y.Y;
}
}
}
}
}
}
}
services {
flow-monitoring {
version-ipfix {
template ipfix-templatev4 {
flow-active-timeout 60;
flow-inactive-timeout 60;
template-refresh-rate {
seconds 60;
}
ipv4-template;
}
}
}
}
X.X.X.X – IP address of NFA server
Y.Y.Y.Y – source IP address of flow packets (router IP address)
jFlow-v9:
chassis {
fpc 0 {
sampling-instance nfa-instance;
}
}
interfaces {
xe-0/0/0 {
unit 0 {
family inet {
sampling {
input;
output;
}
}
}
}
}
forwarding-options {
sampling {
instance {
nfa-instance {
input {
rate 1024;
}
family inet {
output {
flow-server X.X.X.X {
port 2055;
version9 {
template {
v9-templatev4;
}
}
}
inline-jflow {
source-address Y.Y.Y.Y;
}
}
}
}
}
}
}
services {
flow-monitoring {
version9 {
template v9-templatev4 {
flow-active-timeout 60;
flow-inactive-timeout 60;
template-refresh-rate {
seconds 60;
}
ipv4-template;
}
}
}
}
X.X.X.X – IP address of NFA server
Y.Y.Y.Y – source IP address of flow packets (router IP address)
sFLOW-Arista:
!
sflow run
sflow source $SOURCE
sflow destination $DESTINATION $PORT
sflow polling-interval 10
sflow sample $SAMPLING-RATE
!
By default the global enabled sflow will export the flow from all interfaces. To disable the flow export on specific interface the #no sflow enable# is used in interface config mode #(config-if)
Mikrotik:
ip traffic-flow set interfaces=$ISP cache-entries=1M enabled=yes active-flowtimeout=5 inactive-flow-timeout=60
ip traffic-flow target set dst-address=$NFA_IP port=2055 src-address=$ROUTER_IP
version=9 v9-template-refresh=100 v9-template-timeout=300
Huawei NetStream:
1. Configure NetStream sampling
[Router] interface <$upstream_interface>
[Router-$upstream_interface] ip netstream sampler fix-packets 1200 inbound
[Router-$upstream_interface] ip netstream sampler fix-packets 1200 outbound
[Router-$upstream_interface] quit
2. Configure NetStream flow aging
[Router] ip netstream timeout active 20
[Router] ip netstream timeout inactive 100
[Router] ip netstream tcp-flag enable
3. Configure NetStream original flow statistics exporting
[Router] ip netstream export source $router_source_IP
[Router] ip netstream export host $NFA_IP 2055
4. Configure the version for the exported packets
[Router] ip netstream export version 9
5. Enable flow statistics collection on the interface
[Router] interface <$upstream_interface>
[Router-$upstream_interface] ip netstream inbound
[Router-$upstream_interface] ip netstream outbound
[Router-$upstream_interface] quit