System Recommendations and Requirements

This section describes the hardware and operating system recommendations and requirements for the component servers. Configure and secure the operating system as described here.
nfa1000
This section describes the hardware and operating system recommendations and requirements for the
Network Flow Analysis
component servers. Configure and secure the operating system as described here.
We tested the product with the following hardware configuration. Your requirements might vary depending on the characteristics and volume of interfaces, applications, and operators in your network.
  • The recommended specifications described here apply to both physical and virtual deployments. The specifications represent an optimal configuration. You can run
    Network Flow Analysis
    successfully on configurations that do not meet these specifications, although your performance might vary.
  • Performance is improved by running the software and the operating system on separate drives. However, it is possible to install and run the software and operating system on the same drive.
  • For the following per harvester recommendations, the Autonomous System (AS) is set to 50 and Type of Service (TOS) is set to 50 for the flow data (Flows per minute, Interfaces, Routers). For high variability of AS and TOS numbers Flows per minute has to be reduced.
Large Scale Environments
An example of a large scale environment:
  • 100 million or greater flows (NetFlow v9**)
  • 70,000 interfaces sending flows
  • 1,000 or greater routers sending flows
  • 24 harvesters
**This is based on v9 NetFlows, which included the following data:
(
srcaddr
,
srcport
,
dstaddr
,
dstport
,
port
,
input
,
output
,
dpkts
,
doctets
,
duration
,
tos
,
TCP_FLAGS
,
SRC_MASK
,
DST_MAST
,
IN_SRC_MAC
,
OUT_SRC_MAC
,
IN_DST_MAC
,
OUT_DST_MAC
,
icmp_type
,
SRC_VLAN
,
DST_VLAN
,
mpls_label_1
,
mpls_label_1
,
mpls_top_label_type
,
mpls_top_label_ip_addr
,
mpls_label_10
,
nexthop
,
src_as
,
dst_as
)
Architecture - 2 Tier
High-level Recommendations for Harvesters
  • Windows 2016
  • Windows 2012R2
  • SSD storage - especially for Harvesters with greater than 4 million flows / 5000 interfaces / 50 routers
  • 8 CPUs (2 quad-core CPUs) - 2.8 GHz
  • Reserved resources (CPU and memory) in VM environment
  • Max Disk Read / Write latency kept to < 10 ms
  • Do not install
    Network Flow Analysis
    on the operating system drive (for example, on
    Windows
    , not on
    C:
    )
Per Harvester recommendations, based on Flow Rate, Interfaces, Routers
Flows per minute
Interfaces
Routers
Memory
Disk Read IOPS needed
Disk Write IOPS needed
Disk Space needed***
9000000
500
5
16 GB
approx. 300
approx. 200
1.5 TB
8000000
1000
10
16 GB
approx. 300
approx. 200
1.5 TB
7000000
2000
20
16 GB
approx. 300
approx. 200
1.5 TB
4000000
5000
50
12 GB
approx. 100
approx. 200
1.0 TB
3000000
5000
100
12 GB
approx. 50
approx. 150
750 GB
2000000
5000
100
12 GB
approx. 50
approx. 150
750 GB
Linux supports 9000000 flows per minute for IPv4 and 8000000 flows per minute for IPv6.
***This includes default values to limit data retention
  • Raw NFA file storage - 24 hours
  • 1-minute data - 30 days
  • 15-minute data - 365 days
High-level Recommendations for Console
  • Windows 2016
  • Windows 2012R2
  • 4 CPUs - 2.8 GHz
  • 8 GB memory
  • Reserved resources (CPU and memory) in VM environment
  • Do not install
    Network Flow Analysis
    on the operating system drive (for example, on
    Windows
    , not on
    C:
    )
Medium Scale Environments
An example of a medium scale environment:
  • 16 million flows (NetFlow v9**)
  • 20,000 interfaces sending flows
  • 200 routers sending flows
  • 4 harvesters
**This is based on v9 NetFlows, which included the following data:
(
srcaddr
,
srcport
,
dstaddr
,
dstport
,
port
,
input
,
output
,
dpkts
,
doctets
,
duration
,
tos
,
TCP_FLAGS
,
SRC_MASK
,
DST_MAST
,
IN_SRC_MAC
,
OUT_SRC_MAC
,
IN_DST_MAC
,
OUT_DST_MAC
,
icmp_type
,
SRC_VLAN
,
DST_VLAN
,
mpls_label_1
,
mpls_label_1
,
mpls_top_label_type
,
mpls_top_label_ip_addr
,
mpls_label_10
,
nexthop
,
src_as
,
dst_as
)
Architecture - 2 Tier
High-level Recommendations for Harvesters
  • Windows 2016
  • Windows 2012R2
  • 8 CPUs (2 quad core CPUs) - 2.8 GHz
  • Reserved resources (CPU and memory) in VM environment
  • Max Disk Read / Write latency kept to < 10 ms
  • Do not install
    Network Flow Analysis
    on the operating system drive (for example, on
    Windows
    , not on
    C:
    )
Per Harvester recommendations, based on Flow Rate, Interfaces, Routers
Flows per minute
Interfaces
Routers
Memory
Disk Read IOPS needed
Disk Write IOPS needed
Disk Space needed***
4000000
5000
50
12 GB
approx. 100
approx. 200
1.0 TB
3000000
5000
100
12GB
approx. 50
approx. 150
750 GB
2000000
5000
100
12 GB
approx. 50
approx. 150
750 GB
***This includes default values to limit data retention
  • Raw NFA file storage - 24 hours
  • 1-minute data - 30 days
  • 15-minute data - 365 days
High-level Recommendations for Console
  • Windows 2016
  • Windows 2012R2
  • 4 CPUs - 2.8 GHz
  • 8 GB memory
  • Reserved resources (CPU and memory) in VM environment
  • Do not install
    Network Flow Analysis
    on the operating system drive (for example, on
    Windows
    , not on
    C:
    )
Small Scale Single Box Environments
An example of a small scale environment:
  • 2 million flows (NetFlow v9)
  • 5,000 interfaces sending flows
  • 100 routers sending flows
Architecture - Stand-Alone (Single Box)
High-level Recommendations for Stand-Alone (Single Box)
  • Windows 2016
  • Windows 2012R2
  • 4 CPUs - 2.8 GHz
  • 16 GB memory
  • Reserved resources (CPU and memory) in VM environment
  • Max Disk Read / Write latency kept to < 10 ms
  • Do not install
    Network Flow Analysis
    on the operating system drive (for example, on
    Windows
    , not on
    C:
    )
Single Box recommendations, based on Flow Rate, Interfaces, Routers (includes the Console)
Flows per minute
Interfaces
Routers
Memory
Disk Read IOPS needed
Disk Write IOPS needed
Disk Space needed***
2000000
5000
100
16 GB
approx. 50
approx. 150
1 TB
***This includes default values to limit data retention
  • Raw NFA file storage - 24 hours
  • 1-minute data - 30 days
  • 15-minute data - 365 days
More information: