We are excited to announce the release of NFA 24.04, which introduces significant...
Noction Flow Analyzer Overview
Noction Flow Analyzer (NFA) is a web-based network traffic analysis, monitoring and alerting tool. The product enables engineers to optimize their networks and applications performance, control bandwidth utilization, do the proper network capacity planning, perform detailed BGP peering analysis, improve security, and minimize network incidents response time.
Components Overview #
Noction Flow Analyzer contains a few fundamental components, which working together implement the main function of NFA – offer timely traffic flows information that is easy to interpret and analyze.
Collector (NFAflowd) receives, analyzes, and processes all traffic transiting a network.
Databases NFA uses two databases: MySQL (configuration) and ClickHouse (Data Mart), that act relating to the central repository which stores processing results.
NFAAPId represents a set of secure web services that collect data from Databases. A valid NFA user-id is required to access most of the API services. Access NFA’s frontend to manage users or configure external User Directories. NFA API uses an authentication mechanism based on authentication tokens. The token is passed as a query parameter for all API requests that require authentication.
NFABGPd stores and keeps all routes and adds AS Path to traffic flow.
NFApushd is used to send notifications and alerts to the end-users.
NFAaggd periodically aggregates flow data that is stored in the database and flushes data according to the configuration parameters.
NFAalertd is used to detect and generate alerts based on the alert settings set by the end-user.
Msg. Broker is used for communication between the NFA components.
Frontend represents a complex browser application that interacts with NFAAPId. It offers a comprehensive set of reports, graphs and flows information that can reflect the current and historical state of a network.
Collector #
The collector is one of NFA’s most important components. It receives, analyzes, and processes all traffic transiting the network and transfers data in a compatible mode to NFA Databases – MySQL and ClickHouse. It processes the most common types of Flow: NetFlow, sFlow, J-Flow, IPFIX, NetStream.
sFlow (6343 port) is a protocol designed for monitoring network, wireless and host devices. Developed by the sFlow. org Consortium, this protocol is supported by a wide range of network devices, as well as routing software and network solutions. sFlow, short for “sampled flow”, is an industry-standard for packet export at Layer 2 of the OSI model. It provides the means for exporting truncated packets, together with interface counters. It’s a packet sampling for an N number of packets with all required statistical information and expedited to the destination collector. The information details taken from the packet are the headers from Layer 3 and 4 and some information about the upper layers’ data only. For example, if the HTTP protocol is present, sFlow will guarantee data confidentiality since it will not extract the information from the packet and will not collect all network sessions.
NetFlow (2055 port) is an IP network statistics protocol developed by Cisco Systems, Inc. that offers the ability to collect IP session network traffic as it enters or exits an interface. By analyzing the data that is provided by NetFlow a network administrator can determine things such as the source and destination of traffic, class of service, and the cause of congestion. Juniper routers offer a similar feature called J-Flow which in its essence is the same Cisco NetFlow protocol.
Flow statistics are captured and stored in DB which NFA’s graphical interface subsequently offers to users as dashboards, charts, and reports with filtering, grouping, and aggregation functions.
Network devices should be first configured to forward Flow statistics to NFA in order for it to get the initial data to operate on. NFA listens to Flow stats on the default protocol ports. Flow ports can be changed from the Configuration Settings section of NFA’s Front End.
Note: Set the frequency of Flow exports on network devices as frequently as possible. For best results export intervals should be set to 1 min or even less. |