Getting Started With Noction Flow Analyzer

To get started with Noction Flow Analyzer, you can sign up for a free trial. The trial is fully featured, and allows you to see how NFA can fit in your network environment. After you sign up, you’ll receive an email with instructions for how to install, license, and configure NFA.

To make the full use of all NFA features, we recommend using the trial in a production environment. NFA should be installed on a dedicated server (physical or virtual) that meets the following software and hardware requirements:

Hardware Requirements:

• x86_64 architecture
• Minimum 4x core CPU (8x core CPU recommended), SSE4.2 support
• Minimum 32GB of RAM (64GB RAM recommended; 128GB RAM – optimal)
• Minimum 250GB SSD storage (500GB SSD storage recommended) allocated to the /var partition

Software Requirements:

• Ubuntu 22.04 or Ubuntu 20.04 LTS

Please note that NFA can also be installed on a server running RHEL 8 / RHEL 9. The minimum system requirements assume default configuration. Significantly increasing the flow collection rate might cause additional load on a server, thus requiring extra memory or a larger CPU.

Hardware resources depend on the amount of flows/s exported to NFA. For each additional 1,000 flows/sec, 1 GB of RAM and 0.2 of vCPU are required. An additional 2 GB of RAM and 4 vCPU are required when the BGP add-on is used. Values are directly proportional: RAM and vCPU numbers per 1,000 flows/sec.

For instance: 40,000 flows/sec will require 40 GB of RAM and 8 vCPU, plus 2 GB of RAM and 4 vCPU in case a BGP add-on is used.

Installing NFA

There are different installation instructions based on which operating system you choose.

Installing NFA on a server running Ubuntu:

Run the below command to configure the NFA repository:

Ubuntu 20.04

wget -O /etc/apt/sources.list.d/nfa.ubuntu20.list http://repo-nfa.noction.com/ubuntu/nfa.ubuntu20.list
   curl -L  http://repo-nfa.noction.com/repo.gpg | apt-key add -

Ubuntu 22.04

wget -O /etc/apt/sources.list.d/nfa.ubuntu22.list http://repo-nfa.noction.com/ubuntu/nfa.ubuntu22.list
   curl -L http://repo-nfa.noction.com/trusted.gpg | apt-key add -

Running the following command, Noction Flow Analyzer will be installed:

apt update
DEBIAN_FRONTEND=noninteractive apt install nfa

Please ensure that chronyd is started by default. If not, use the following command: systemctl start chronyd.

Installing NFA on a server running RHEL 8 / RHEL 9:

Run the below command to configure the NFA repository:

For RHEL 8

rpm -Uvh http://repo-nfa.noction.com/nfa-repo-0.1.0-0.noc.noarch.rpm

For RHEL 9

wget http://repo-nfa.noction.com/nfa-el9.repo -P /etc/yum.repos.d/

SELinux

SELinux should be set to the permissive state for proper NFA components operation:

Enabling SELinux permissive state

setenforce 0

Set SELINUX parameter must be changed to permissive in the /etc/sysconfig/selinux configuration file as well.

Change of the SELinux state in the configuration file

SELINUX=permissive

Running the following command, Noction Flow Analyzer will be installed:

yum --disablerepo=\* --enablerepo=baseos,appstream,nfa install nfa

Please ensure that chronyd is started by default. If not, use the following command: systemctl
start chronyd

Accessing the NFA Front End

Once the installation is complete, the NFA Front End will be available at the hostname of your device. The NFA frontend runs on port 443 (https). To access it, open a web browser to https://yourhostname or IP address. The default username and password is admin/admin. For security purposes, we recommend that you change the default password to your account under your profile settings upon the first visit.

We also recommend you to limit NFA frontend access to specific IPs only.
– Go to Management -> Configuration
– Enable the Front-end Access Restriction setting
– Specify which IP addresses you want to allow
– Save your changes

Getting Started with Flow Analyzer

The final step is to start sending flow records to the server. You will need to configure your network devices to send records to your NFA server. If you have Cisco Catalyst 9000 series switches, you can refer to our sample configuration. For other devices, refer to the manufacturers’ documentation for how to configure NetFlow record exporting.

By default, your NetFlow records should be sent to port 2055, and your sFlow records to port 6343.

– If needed, you can modify the standard ports via NFA’s Frontend under Management -> Configuration Settings.

– Alternatively, you can edit your configuration file from the command line. The NFA configuration file located at: /etc/noction/nfa.conf

Once you have flow exporting configured on your network, wait for at least 5 minutes to start seeing graphs in NFA. From there, you will be able to customize your dashboard, configure custom alerts, and explore all the benefits of the Noction Flow Analyzer. For more information on customizing the dashboard and how to make the most of NFA, refer to our NFA Resources page.

Adding BGP Functionality

If you want to add on BGP functionality, first configure an iBGP session between your router(s) and NFA. Then, in the NFA dashboard go to Management -> Inventory -> Add device, and fill out the required fields on the General Settings and Location tabs. On the BGP Settings tab, provide the Peer AS and Peer Address (your router’s address) and then click Submit.

Licensing NFA

NFA is a licensed product and requires you to register your license in the application. You will receive your trial key in an email, and that key will allow you to get started. Copy the key from the email and log in to your NFA front end. Under Management -> License, paste your activation key, and hit Activate License. The trial key will be applied and allow you to evaluate NFA in your environment. When you switch over to a paid subscription, you will need to replace this trial key.

To avoid possible licensing issues, please ensure the correct hardware clock configuration. The best practice is to have the Hardware clock set in UTC and do the required time-zone changes on OS.

Noction Flow Analyzer is priced per license at $299/month with no limitations in terms of network devices, interfaces, or sites. Convenient annual subscription options are available. The optional BGP add-on is available at $199/month.

NFA Documentation and Support

If you’re interested, you can always access the NFA Resources page to learn more about the product and its use cases. If you have any difficulties during the installation or configuration, contact us at support@noction.com

Noction Flow Analyzer is a flow-based monitoring and reporting software tool that collects, stores, and presents traffic data across an entire network. NFA enables engineers to optimize their networks and applications performance, control bandwidth utilization, and perform network capacity planning. It also allows for detailed BGP peering analysis, provides insights into potential security issues, and allows engineers to minimize network incident response time. NFA supports NetFlow, J-Flow, sFlow, IPFIX, and NetStream. It has customizable reporting, alerting, and support for 400 days worth of level 3 data aggregation by default.

To get started with Noction Flow Analyzer, you can sign up for a free trial. The trial is fully featured, and allows you to see how NFA can fit in your network environment. After you sign up, you’ll receive an email with instructions for how to install, license, and configure NFA.

To make the full use of all NFA features, we recommend using the trial in a production environment. NFA should be installed on a dedicated server (physical or virtual) that meets the following software and hardware requirements:

Hardware Requirements:

• x86_64 architecture
• Minimum 4x core CPU (8x core CPU recommended), SSE4.2 support
• Minimum 32GB of RAM (64GB RAM recommended; 128GB RAM – optimal)
• Minimum 250GB SSD storage (500GB SSD storage recommended) allocated to the /var partition

Software Requirements:

• Ubuntu 22.04 or Ubuntu 20.04 LTS

Please note that NFA can also be installed on a server running RHEL 8 / RHEL 9. The minimum system requirements assume default configuration. Significantly increasing the flow collection rate might cause additional load on a server, thus requiring extra memory or a larger CPU.

Hardware resources depend on the amount of flows/s exported to NFA. For each additional 1,000 flows/sec, 1 GB of RAM and 0.2 of vCPU are required. An additional 2 GB of RAM and 4 vCPU are required when the BGP add-on is used. Values are directly proportional: RAM and vCPU numbers per 1,000 flows/sec.

For instance: 40,000 flows/sec will require 40 GB of RAM and 8 vCPU, plus 2 GB of RAM and 4 vCPU in case a BGP add-on is used.

Installing NFA

There are different installation instructions based on which operating system you choose.

Installing NFA on a server running Ubuntu:

Run the below command to configure the NFA repository:

Ubuntu 20.04

wget -O /etc/apt/sources.list.d/nfa.ubuntu20.list http://repo-nfa.noction.com/ubuntu/nfa.ubuntu20.list
   curl -L  http://repo-nfa.noction.com/repo.gpg | apt-key add -

Ubuntu 22.04

wget -O /etc/apt/sources.list.d/nfa.ubuntu22.list http://repo-nfa.noction.com/ubuntu/nfa.ubuntu22.list
   curl -L http://repo-nfa.noction.com/trusted.gpg | apt-key add -

Running the following command, Noction Flow Analyzer will be installed:

apt update
DEBIAN_FRONTEND=noninteractive apt install nfa

Please ensure that chronyd is started by default. If not, use the following command: systemctl start chronyd.

Installing NFA on a server running RHEL 8 / RHEL 9:

Run the below command to configure the NFA repository:

For RHEL 8

rpm -Uvh http://repo-nfa.noction.com/nfa-repo-0.1.0-0.noc.noarch.rpm

For RHEL 9

wget http://repo-nfa.noction.com/nfa-el9.repo -P /etc/yum.repos.d/

SELinux

SELinux should be set to the permissive state for proper NFA components operation:

Enabling SELinux permissive state

setenforce 0

Set SELINUX parameter must be changed to permissive in the /etc/sysconfig/selinux configuration file as well.

Change of the SELinux state in the configuration file

SELINUX=permissive

Running the following command, Noction Flow Analyzer will be installed:

yum --disablerepo=\* --enablerepo=baseos,appstream,nfa install nfa

Please ensure that chronyd is started by default. If not, use the following command: systemctl
start chronyd

Accessing the NFA Front End

Once the installation is complete, the NFA Front End will be available at the hostname of your device. The NFA frontend runs on port 443 (https). To access it, open a web browser to https://yourhostname or IP address. The default username and password is admin/admin. For security purposes, we recommend that you change the default password to your account under your profile settings upon the first visit.

We also recommend you to limit NFA frontend access to specific IPs only.
– Go to Management -> Configuration
– Enable the Front-end Access Restriction setting
– Specify which IP addresses you want to allow
– Save your changes

Getting Started with Flow Analyzer

The final step is to start sending flow records to the server. You will need to configure your network devices to send records to your NFA server. If you have Cisco Catalyst 9000 series switches, you can refer to our sample configuration. For other devices, refer to the manufacturers’ documentation for how to configure NetFlow record exporting.

By default, your NetFlow records should be sent to port 2055, and your sFlow records to port 6343.

– If needed, you can modify the standard ports via NFA’s Frontend under Management -> Configuration Settings.

– Alternatively, you can edit your configuration file from the command line. The NFA configuration file located at: /etc/noction/nfa.conf

Once you have flow exporting configured on your network, wait for at least 5 minutes to start seeing graphs in NFA. From there, you will be able to customize your dashboard, configure custom alerts, and explore all the benefits of the Noction Flow Analyzer. For more information on customizing the dashboard and how to make the most of NFA, refer to our NFA Resources page.

Adding BGP Functionality

If you want to add on BGP functionality, first configure an iBGP session between your router(s) and NFA. Then, in the NFA dashboard go to Management -> Inventory -> Add device, and fill out the required fields on the General Settings and Location tabs. On the BGP Settings tab, provide the Peer AS and Peer Address (your router’s address) and then click Submit.

Licensing NFA

NFA is a licensed product and requires you to register your license in the application. You will receive your trial key in an email, and that key will allow you to get started. Copy the key from the email and log in to your NFA front end. Under Management -> License, paste your activation key, and hit Activate License. The trial key will be applied and allow you to evaluate NFA in your environment. When you switch over to a paid subscription, you will need to replace this trial key.

To avoid possible licensing issues, please ensure the correct hardware clock configuration. The best practice is to have the Hardware clock set in UTC and do the required time-zone changes on OS.

Noction Flow Analyzer is priced per license at $299/month with no limitations in terms of network devices, interfaces, or sites. Convenient annual subscription options are available. The optional BGP add-on is available at $199/month.

NFA Documentation and Support

If you’re interested, you can always access the NFA Resources page to learn more about the product and its use cases. If you have any difficulties during the installation or configuration, contact us at support@noction.com