Distributed denial-of-service (DDoS) attacks can be a major threat to the availability...
Noction Flow Analyzer Installation Guide
What is Noction Flow Analyzer?
NFA is a web-based network traffic analysis, monitoring and alerting tool. The product enables engineers to optimize their networks and applications performance, control bandwidth utilization, do the proper network capacity planning, perform detailed BGP peering analysis, improve security and minimize network incidents response time.
NFA is intended for use in a production environment. The product should be installed on a dedicated server that meets the following software and hardware requirements:
Hardware Requirements:
- x86_64 architecture
- Minimum 4x core CPU (8x core CPU recommended), SSE4.2 support
- Minimum 32GB of RAM (64GB RAM recommended; 128GB RAM – optimal)
- Minimum 250GB SSD storage (500GB SSD storage recommended) allocated to the /var partition
Software Requirements:
- Ubuntu 22.04 or Ubuntu 20.04 LTS
Please note that NFA can also be installed on a server running CentOS 7 x86_64 Minimal – Clean Install or RHEL 8 / RHEL 9. The minimum system requirements assume default configuration. Significantly increasing the flow collection rate might cause additional load on a server, thus requiring extra memory or a larger CPU.
Hardware resources depend on the amount of flows/s exported to NFA. For each additional 1,000 flows/sec, 1 GB of RAM and 0.2 of vCPU are required. An additional 2 GB of RAM and 4 vCPU are required when the BGP add-on is used. Values are directly proportional: RAM and vCPU numbers per 1,000 flows/sec.
For instance: 40,000 flows/sec will require 40 GB of RAM and 8 vCPU, plus 2 GB of RAM and 4 vCPU in case a BGP add-on is used.
1.1 Installing NFA on a server running Ubuntu:
Run the below command to configure the NFA repository:
Ubuntu 20.04
wget -O /etc/apt/sources.list.d/nfa.ubuntu20.list http://repo-nfa.noction.com/ubuntu/nfa.ubuntu20.list curl -L http://repo-nfa.noction.com/repo.gpg | apt-key add -
Ubuntu 22.04
wget -O /etc/apt/sources.list.d/nfa.ubuntu22.list http://repo-nfa.noction.com/ubuntu/nfa.ubuntu22.list curl -L http://repo-nfa.noction.com/trusted.gpg | apt-key add -
Running the following command, Noction Flow Analyzer will be installed:
apt update apt install nfa
| Note: A properly configured firewall can greatly increase the security of your system. It is highly recommended that you configure a firewall for NFA. Should you need any help with this, please contact us at support@noction.com |
Please ensure that chronyd is started by default. If not, use the following command: systemctl start chronyd.
1.2 Installing NFA on a server running CentOS or RHEL 8 / RHEL 9:
Run the below command to configure the NFA repository:
For CentOS 7
rpm -Uvh http://repo-nfa.noction.com/nfa-repo-0.1.0-0.noc.noarch.rpm
For RHEL 8
rpm -Uvh http://repo-nfa.noction.com/nfa-repo-0.1.0-0.noc.noarch.rpm
For RHEL 9
wget http://repo-nfa.noction.com/nfa-el9.repo -P /etc/yum.repos.d/
SELinux
SELinux should be set to the permissive state for proper NFA components operation:
Enabling SELinux permissive state
# setenforce 0
Set SELINUX parameter must be changed to permissive in the /etc/sysconfig/selinux configuration file as well.
Change of the SELinux state in the configuration file
SELINUX=permissive
Running the following command, Noction Flow Analyzer will be installed:
yum install nfa
| Note: FirewallD is the default daemon responsible for firewall security on CentOS7. Please make sure to open HTTP/HTTPS, BGP, and Flow ports and to adjust configurations to include only IPs that should have access to your server. |
Please ensure that chronyd is started by default. If not, use the following command: systemctl
start chronyd
2. Accessing NFA Front End
Once the installation process is complete, access NFA Front End using https://yourhostname or
IP address and a combination of the default username and password – admin/admin.
The NFA frontend runs on port 443 (https). The system listens to Flow stats on the default protocol ports: NetFlow (2055 port), sFlow (6343 port). Please adjust your firewall settings accordingly.
For security purposes, we recommend that you change the default password to your account under Profile upon the first visit.
We recommend you to limit NFA frontend access to specific IPs only. To do so, go to Management > Configuration Settings.
Enable the Front-end access restriction and introduce the allowed IPs. Click the Save Changes button.
3. Licensing
NFA is a licensed product and requires users to obtain and register а license in the application.
Register with Noction at https://nfa.noction.com and request a license. The license activation key will be sent to the email address you provide during registration.
Go to Management > License. Introduce your activation key in the corresponding field and hit ACTIVATE LICENSE.
| Note: Please ensure firewall rules are adjusted for access to repo-nfa.noction.com ports 443 & 80. This is a requirement for license validation. In case inbound traffic is filtered as well, please allow ephemeral ports 32768-65535 (enables responses to the outbound traffic) to both OS and Noction repositories. |
4. Flow
Send flow to your NFA instance. For NetFlow use port 2055, for Sflow port 6343. You can modify standard ports via NFA’s Frontend by going to Management > Configuration Settings.
Alternatively, use the configuration file located at:
/etc/noction/nfa.conf
Once the flow export is configured, wait for at least 5 minutes to start seeing graphs in NFA.
5. BGP Data
For Proper BGP Add-on functionality, configure an iBGP or eBGP session between NFA and your router(s).
Next go to Management > Inventory >
Once all the details are provided on the General Settings and Location tabs, go to BGP Settings.
Fill out both OUR AS and PEER AS fields under the BGP settings tab to establish an eBGP session. With eBGP, the route-reflector does not need to be configured, and the router side just needs to be set up as though it’s a transit customer. If OUR AS field is left blank, an iBGP session will be established.
You can always edit () an existing device, fill out the required fields under the BGP Settings tab, and hit Save.
6. NFA Upgrade
To update to the latest NFA version:
Clean all cached information:
For CentOS:
#yum clean all #yum update nfa\*
For RHEL:
If your NFA is v 22.04 or older, run
#dnf module enable nodejs:14 -y
Otherwise, proceed with
#yum clean all #yum update nfa\*
For Ubuntu:
If your NFA is v 22.04 or older, run
add-apt-repository -y ppa:ubuntu-toolchain-r/test
Otherwise, proceed with
apt clean apt update apt install chrony apt upgrade nfa\*
Restart nfabgpd:
#systemctl restart nfabgpd
Verify the NFA components:
#systemctl list-dependencies nfa.target
Check if all NFA components are updated to the latest version:
#rpm -qa nfa\*
Run the below command if you’ve updated NFA to v 23.01:
apt autoremove
Should you have any questions or experience difficulties during the upgrade process, please email support@noction.com.
7. NFA best practices
Access additional information at https://www.noction.com/flow-analyzer/resources to learn more about the product and its use cases.