Home Noction Flow Analyzer Noction Flow Analyzer Installation Guide

Noction Flow Analyzer Installation Guide

Noction Flow Analyser Installation Guide

What is Noction Flow Analyzer?

NFA is a web-based network traffic analysis, monitoring and alerting tool. The product enables engineers to optimize their networks and applications performance, control bandwidth utilization, do the proper network capacity planning, perform detailed BGP peering analysis, improve security and minimize network incidents response time.
NFA is intended for use in a production environment. The product should be installed on a dedicated server that meets the following software and hardware requirements:

Hardware Requirements:

  • x86_64 architecture
  • Minimum 4x core CPU (8x core CPU recommended), SSE4.2 support
  • Minimum 32GB of RAM (64GB RAM recommended; 128GB RAM – optimal)
  • Minimum 250GB SSD storage (500GB SSD storage recommended) allocated to the /var partition

Software Requirements:

  • Ubuntu 20.04 LTS

Please note that NFA can also be installed on a server running CentOS 7 x86_64 Minimal – Clean Install or RHEL 8. The minimum system requirements assume default configuration. Significantly increasing the flow collection rate might cause additional load on a server, thus requiring extra memory or a larger CPU.

1.1 Installing NFA on a server running Ubuntu:

Run the below command to configure the NFA repository:

curl -sLO http://repo-nfa.noction.com/ubuntu/nfa-repo_0.1.0-noc.deb && \
dpkg -i nfa-repo_0.1.0-noc.deb && \
curl -L http://repo-nfa.noction.com/repo.gpg | apt-key add -

Running the following command, Noction Flow Analyzer will be installed:

apt update
apt install nfa
Note: A properly configured firewall can greatly increase the security of your system. It is highly recommended that you configure a firewall for NFA. Should you need any help with this, please contact us at support@noction.com

Please ensure that ntp is started by default. If not, use the timedatectl set-ntp on command to enable time synchronization.

1.2 Installing NFA on a server running CentOS or RHEL 8:

Run the below command to configure the NFA repository:

rpm -Uvh http://repo-nfa.noction.com/nfa-repo-0.1.0-0.noc.noarch.rpm

SELinux

SELinux should be set to the permissive state for proper NFA components operation:

Enabling SELinux permissive state

# setenforce 0

Set SELINUX parameter must be changed to permissive in the /etc/sysconfig/selinux configuration file as well.

Change of the SELinux state in the configuration file

SELINUX=permissive

Running the following command, Noction Flow Analyzer will be installed:

yum install nfa
Note: FirewallD is the default daemon responsible for firewall security on CentOS7. Please make sure to open HTTP/HTTPS, BGP, and Flow ports and to adjust configurations to include only IPs that should have access to your server.

Please ensure that chronyd is started by default. If not, use the following command: systemctl
start chronyd

2. Accessing NFA Front End

Once the installation process is complete, access NFA Front End using https://yourhostname or
IP address and a combination of the default username and password – admin/admin.

The NFA frontend runs on port 443 (https). The system listens to Flow stats on the default protocol ports: NetFlow (2055 port), sFlow (6343 port). Please adjust your firewall settings accordingly.

nfa installation

For security purposes, we recommend that you change the default password to your account under Profile upon the first visit.

instal flow analyzer

We recommend you to limit NFA frontend access to specific IPs only. To do so, go to Management > Configuration Settings.

Enable the Front-end access restriction and introduce the allowed IPs. Click the Save Changes button.

activate license

3. Licensing

NFA is a licensed product and requires users to obtain and register а license in the application.

Register with Noction at https://nfa.noction.com and request a license. The license activation key will be sent to the email address you provide during registration.

Go to Management > License. Introduce your activation key in the corresponding field and hit ACTIVATE LICENSE.

netflow bgp data

4. Flow

Send flow to your NFA instance. For NetFlow use port 2055, for Sflow port 6343. You can modify standard ports via NFA’s Frontend by going to Management > Configuration Settings.

flow

Alternatively, use the configuration file located at:

/etc/noction/nfa.conf

Once the flow export is configured, wait for at least 5 minutes to start seeing graphs in NFA.

5. BGP Data

For Proper BGP Add-on functionality, configure an iBGP or eBGP session between NFA and your router(s).

Next go to Management > Inventory > Add device.

Once all the details are provided on the General Settings and Location tabs, go to BGP Settings.

Fill out both OUR AS and PEER AS fields under the BGP settings tab to establish an eBGP session. With eBGP, the route-reflector does not need to be configured, and the router side just needs to be set up as though it’s a transit customer. If OUR AS field is left blank, an iBGP session will be established.

xiBGP and eBGP

You can always edit () an existing device, fill out the required fields under the BGP Settings tab, and hit Save.

6. NFA Upgrade

To update to the latest NFA version:

  Clean all cached information:

For CentOS and RHEL 8:

#yum clean all
#yum update nfa\*

For Ubuntu:

apt clean
apt update
apt install nfa
 
  Restart nfabgpd:
#systemctl restart nfabgpd
  Verify the NFA components:
#systemctl list-dependencies nfa.target
  Check if all NFA components are updated to the latest version:
#rpm -qa nfa\*

Should you have any questions or experience difficulties during the upgrade process, please email support@noction.com.

7. NFA best practices

Access additional information at https://www.noction.com/flow-analyzer/resources to learn more about the product and its use cases.