Product FAQ - CA Network Flow Analysis (NFA)

Document created by moksa01 Employee on Jul 5, 2012Last modified by Stuart_Weenig on Oct 20, 2014
Version 22Show Document
  • View in full screen mode
VersionProduct nameCode NameRelease dateSupported until
9.0 SP1 (9.0.118)ReporterAnalyzerRA????
9.1CA Network Flow AnalysisNFA08/06/2012??
9.1 SP1 (9.1.1)CA Network Flow AnalysisNFA??
9.1 SP2 (9.1.2)CA Network Flow AnalysisNFA04/16/2013??
9.1.3CA Network Flow AnalysisNFA08/30/2013??
9.2CA Network Flow AnalysisNFA12/11/2013??
9.3CA Network Flow AnalysisNFA????
Old version
Older version, still supported
Latest version
Future release

CA Network Flow Analysis (NFA)

Previously known as NetQoS ReporterAnalyzer
NFA (also known as ReporterAnalyzer or RA) provides traffic flow analysis of traffic from multiple vantage points across the network. It uses a technology built into most major vendor routing hardware called IPFIX. In Cisco hardware, this is also known as NetFlow. In order to gather data for this appliance, each router of interest should have IPFIX enabled and the output directed to the NFA appliance. The configuration of IPFIX varies per vendor and usually per version of the hardware and software. The best reference for enabling IPFIX can be found on the How To Enable NetFlow wiki page.

Related Pages

NetQoS Solution Run Book: Check this document for practices that should be implemented when deploying any of the NetQoS products.

How To Enable NetFlow: A list of the commands necessary to configure NetFlow by vendor and model

RA9 Change IP: Changing the IP address in RA 9

Importing Application Definitions

How to determine if a NetFlow enabled device is sending the correct fields and data using WireShark

Which NFAParser/NAST version to use

Tech Tips

Hardware Recommendations

The appliance can be run in a virtual environment as it does not require any specialized hardware. CA has only recently begun supporting NFA installed in a virtual environment; as such, there are no specific recommendations for installation in a virtual environment. The following are the hardware specifications of the hardware CA usually sells with this appliance:

  • 2.5 GHz Quad Core processor
  • 3 GB RAM
  • 300 GB hard drive space, partitioned into a C: (system) drive of at least 20 GB, the remainder into a D: (data) drive.
  • 1 Ethernet LAN port

Software Requirements

  • Windows Server 2003, 32-bit or Windows Server 2008 R2, 64-bit
  • Internet Explorer 7 or 8 (32-bit version recommended) or Mozilla Firefox version 3.5 (later versions not supported)
  • IIS v6.0
  • ASP.Net v3.0

Tips and Tricks

Make sure the Watchdog service is working: Enable SNMP from the MC to the rest of the systems.

Ports to open (firewall rules): NFA requires communication with router(s) of interest via two technologies: IPFIX and SNMP. IPFIX uses UDP port 9995 unidirectional from the router(s) to the appliance.

Default MySQL Database Passwords:

archive (port 3307)archivearchive

Once the appliance receives IPFIX flows from a router, it will attempt to poll the device via SNMP to obtain interface names, descriptions, and capacities. The names and descriptions are not required, but are very helpful. The capacities are required to perform utilization calculations. Bidirectional SNMP (UDP 161) should be allowed between the router(s) and the appliance.

The appliance should have DNS servers and an NTP server configured. DNS name resolution assists in the analysis and interpretation of reports. Internet access on the appliance is preferable to facilitate installation of the NetQoS components.

More information about the installation of NFA can be found at