In recent years, the concepts of Artificial Intelligence (AI) and Machine Learning (ML)...
1.1 NFA Components Overview
Noction Flow Analyzer contains a few fundamental components, which working together implement the main function of NFA – offer timely traffic flows information that is easy to interpret and analyze.
Collector (NFAflowd) receives, decodes, and processes all exported flow feeds. It supports flow data formats : NetFlow v9/IPFIX, sFlow, jFlow(Juniper),NetStream(Huawei) from a variety of different devices that can export flow in the supported format.
Databases NFA uses two databases: MySQL (widgets, dashboards, filters, devices, alerts, users etc…. ) and ClickHouse (Data Mart – live and aggregate data), that act relating to the central repository which stores processing results.
NFAAPId represents API processor for all API queries received from NFA UI or 3rd-party software. Requires a valid token in API queries.
NFANAPId represents a set of secure web services which proxies requests to NFAAPId and interacts with frontend. It is mainly used for management aspects: configuration management, authentication and authorization.
Frontend represents a user-friendly web interface that interacts with NFANAPId. It offers a comprehensive set of reports, graphs and flows information that can reflect the current and historical state of a network.
NFApushd is used to send notifications and alerts to the end-users. Supported channels for notifications are: Email, Slack, Mattermost, Microsoft Teams, Telegram. It helps Receiving instant push notifications about important network events, alerts, and updates directly to preferred devices, ensuring timely awareness and response to critical network situations.
NFABGPd manages iBGP/eBGP sessions, receives and stores RIB IN FW routing table, acts as a source of the BGP NLRI attributes(as_path, next_hop, communities, localpref, MED) of the outbound destinations extracted from incoming flows feeds.
NFAAggd aggregates received raw flow data based on data granularity parameters, by default (1, 5,10) min that is stored in the Clickhouse DB and flushes data according to the data keep time parameters, by default (1,8,400) days. providing a unified view of network activity: current and historical, trends, and performance metrics for informed decision-making and strategic planning.
NFAAlertd is used to detect and generate alerts based on the alert settings set by the end-user. The alerting system keeps informed the client about potential network issues, anomalies, and threshold breaches, enabling to take prompt action and maintain network reliability.
NFADNSd interacts with DNS servers(private, public) to query A/AAAA for FQDN filtering and PTR records for received IPv4/IPv6 sources/destinations addresses extracted from flow.
NFASNMPd requests IN/OUT octets counters direct from device interfaces as well as interface name, description, alias providing additional point of view about the traffic statistics on the interfaces.
Msg. Broker is used for communication between the components. NFA uses NATS Messaging System which offers lightweight, scalable, and secure communication, supporting both publish-subscribe and request-reply messaging patterns.