Netify for Ubuntu

Requirements

If you have network switches with port mirroring capabilities, you can connect the port to a standalone Netify agent. You can install the agent on Ubuntu on a baremetal appliance or inside a virtual machine.
Netify with Port Mirroring

You will need to install Ubuntu on a system with at least 2 network cards:

  • Network Interface #1: used to access the operation system and Netify
  • Network Interface #2: used to ingest port mirror traffic

Netify should have a route to the Internet in order to send metadata to our Netify cloud engine.

Installation

Ubuntu 16.04/18.04

Up-to-date Netify packages are maintained in our Ubuntu repository. To install the package, run:

sudo sh -c 'echo "deb http://download.netify.ai/netify/ubuntu/`lsb_release -cs` /" > /etc/apt/sources.list.d/netify.list'
wget --quiet -O - http://download.netify.ai/netify/ubuntu/apt-gpg-key-netify.asc | sudo apt-key add -
sudo apt-get update
sudo apt-get install netifyd

Configuration

Network Configuration

You will need two network cards configured. Feel free to configure the network in Ubuntu using your preferred tools and methods. In our lab, we use the following /etc/network/interfaces network configuration for eth0 and eth1:

# Network configuration for accessing Ubuntu and Netify 
auto eth0
iface eth0 inet static
address 192.168.55.50
netmask 255.255.255.0
gateway 192.168.55.1
dns-nameservers 8.8.8.8

# Network configuration for ingesting port mirror traffic
auto eth1
iface eth1 inet manual
up ifconfig eth1 up

Netify Configuration

Netify needs to distinguish between internal and external network traffic. In Ubuntu, you can define your network in the /etc/default/netifyd file. Please don't forget to set NETIFYD_AUTODETECT to "no"!

# Disable auto-detect.
NETIFYD_AUTODETECT="no"

# Disable NAT detection - not needed for mirror port mode.
NETIFYD_EXTRA_OPTS="-t"

# Define internal network interfaces and networks.
# For example, eth1 receives mirror port traffic for local network 192.168.55.0.24 and 10.0.0.0/16:
NETIFYD_INTNET="eth1,192.168.55.0/24,10.0.0.0/16"

Start

With the installation and setup completed, you can now start and enable Netify:

sudo netifyd --enable-sink
sudo systemctl start netifyd
sudo systemctl enable netifyd

Provisioning

The final step in the process is provisioning. You will first need to fetch the provision code from your Netify Agent install using the following command:

# netifyd -p
Agent UUID: AA-BB-CC-DD

Once you have the provisioning code, you will need to create a Netify account (if you don't have one already) and run through the simple provisioning wizard. Once complete, metadata and analysis will start to be available in under a minute.

Provision Agent