|Version||Product name||Code Name||Release date||Supported until|
|9.0 SP1 (9.0.118)||ReporterAnalyzer||RA||??||??|
|9.1||CA Network Flow Analysis||NFA||08/06/2012||??|
|9.1 SP1 (9.1.1)||CA Network Flow Analysis||NFA||??|
|9.1 SP2 (9.1.2)||CA Network Flow Analysis||NFA||04/16/2013||??|
|9.1.3||CA Network Flow Analysis||NFA||08/30/2013||??|
|9.2||CA Network Flow Analysis||NFA||12/11/2013||??|
|9.3||CA Network Flow Analysis||NFA||??||??|
CA Network Flow Analysis (NFA)
Previously known as NetQoS ReporterAnalyzer
NFA (also known as ReporterAnalyzer or RA) provides traffic flow analysis of traffic from multiple vantage points across the network. It uses a technology built into most major vendor routing hardware called IPFIX. In Cisco hardware, this is also known as NetFlow. In order to gather data for this appliance, each router of interest should have IPFIX enabled and the output directed to the NFA appliance. The configuration of IPFIX varies per vendor and usually per version of the hardware and software. The best reference for enabling IPFIX can be found on the How To Enable NetFlow wiki page.
NetQoS Solution Run Book: Check this document for practices that should be implemented when deploying any of the NetQoS products.
How To Enable NetFlow: A list of the commands necessary to configure NetFlow by vendor and model
RA9 Change IP: Changing the IP address in RA 9
- How to change the listening port for a harvester in NFA 9.1 (Windows and Linux): The default listening port for a Harvester in NFA is 9995, which in earlier versions could be changed in the registry. Now this setting is in the Harvester Database on the Harvesters.
- NFA 9.1 NetFlow Verification on Windows and Linux Harvesters: In NFA 9.1 if you need to verify that NetFlow data is making to your Windows Harvester, there is a Support Tool available called NASTv11.exe (NetFlow Analysis Support Tool). Many of you may remember the NFAParser tool from earlier versions of RA, and this tool works very much the same way.
- Interface enables but will not license.: In NFA 9.1 and NFA 9.1.1, there is a defect where Devices with a large ifindex (Layer 3 switch), will show up in enable interfaces, but will not license. After working with the DEV team they opened a Defect 88969.
- Flow Forensic Report, It looks like it never finishes up, “Executing”: Running the Flow Forensic Report it looks like it never finishes up it just says “Executing”. But when applying a filter, for example run it for two routers that they are coming from the one harvester, report gets done in 2 minutes and data is there. Everything looks like there is so much data and it takes forever to finish report.
- Saving or Queuing a new custom report fails with 500 Internal Server: The "500 Internal Server" error is mainly seen on Windows 2008 R2 servers with RA 9.0.161 and can be cuased by insufficient permissions for the IUSR windows account used by IIS.
- NetFlow, fields needed for device/interface to show up: Here is the list of required fields we would look for in a PCAP if we are not seeing flows from the Router
- Top Hosts View on Enterprise Overview not displaying host names.: When viewing the Enterprise Overview page in RA/NFA the "Top Hosts View" may not show host names. However when looking at Conversation Summary or Host Summary interface or custom reports the host names are shown. Also the Administration->Addresses page shows host names for these hosts.
- IPv6 in RA-NFA: Do we support IPv6 in ReporterAnalyzer / NFA?
- NFA 9.1.2 Upgrade and Installation Documentation: Please be aware that the NFA 9.1.2 (9.1 SP2) Documentation has been published on the CA Bookshelf which can be found here
- Custom Reports stay in a Queued state: Custom reports will run fine once, but once it is scheduled it will not run again. It just stays in a queued state even if you try to run it manually again it does not work.
- ReporterAnalyzer PumpLog file growing very large: The file usually located at: D:\NetQoS\reporter\logs\PumpLogYYYY-MM-DD.log. This log file is growing very large, it means that its verbosity is currently not set to its default value.
- No flow from Cisco Nexus 7000 switch (netflow v9): No flow from Cisco Nexus 7000 switch (netflow v9) gets through to Console.
- NFA 9.1.2 Severity 1 Defect: We have determined there to be a Severity 1 Defect in the DSA loader for NFA 184.108.40.206. This will cause data for interfaces from a router with a flow source IP address of greater than 127.255.255.255 to not load historical data. This applies to 3 tier installations only. If you have already installed NFA 220.127.116.11 or upgraded to NFA 18.104.22.168 with a 3-Tier configuration, please contact CA Support for the solution. If you have not yet installed, the new DSA installer will be posted shortly. If you are using a 2-tier or standalone configuration, please disregard this notice.
- NFA 9.1.x web page will not load, because the CAPC SSO service: After a fresh install of NFA 9.1, the web GUI will not load at all.
- Troubleshooting Flow Forensics Reports: Flow forensics reports fail if two are run concurrently. When the reports fail, the system stops collecting data. The only way to recover the system is to reboot the console and the harvesters.
The appliance can be run in a virtual environment as it does not require any specialized hardware. CA has only recently begun supporting NFA installed in a virtual environment; as such, there are no specific recommendations for installation in a virtual environment. The following are the hardware specifications of the hardware CA usually sells with this appliance:
- 2.5 GHz Quad Core processor
- 3 GB RAM
- 300 GB hard drive space, partitioned into a C: (system) drive of at least 20 GB, the remainder into a D: (data) drive.
- 1 Ethernet LAN port
- Windows Server 2003, 32-bit or Windows Server 2008 R2, 64-bit
- Internet Explorer 7 or 8 (32-bit version recommended) or Mozilla Firefox version 3.5 (later versions not supported)
- IIS v6.0
- ASP.Net v3.0
Tips and Tricks
Make sure the Watchdog service is working: Enable SNMP from the MC to the rest of the systems.
Ports to open (firewall rules): NFA requires communication with router(s) of interest via two technologies: IPFIX and SNMP. IPFIX uses UDP port 9995 unidirectional from the router(s) to the appliance.
Default MySQL Database Passwords:
|archive (port 3307)||archive||archive|
Once the appliance receives IPFIX flows from a router, it will attempt to poll the device via SNMP to obtain interface names, descriptions, and capacities. The names and descriptions are not required, but are very helpful. The capacities are required to perform utilization calculations. Bidirectional SNMP (UDP 161) should be allowed between the router(s) and the appliance.
The appliance should have DNS servers and an NTP server configured. DNS name resolution assists in the analysis and interpretation of reports. Internet access on the appliance is preferable to facilitate installation of the NetQoS components.
More information about the installation of NFA can be found at ftp://ftp.ca.com/pub/netqos/products/ra/9.0/sp1/RA_90sp1_installguide.pdf.