Netify for Ubuntu

Requirements

If you have network switches with port mirroring capabilities, you can connect the port to a standalone Netify agent. You can install the agent on Ubuntu on a baremetal appliance or inside a virtual machine.
Netify with Port Mirroring

You will need to install Ubuntu on a system with at least 2 network cards:

  • Network Interface #1: used to access the operating system and Netify
  • Network Interface #2: used to ingest port mirror traffic from LAN segment 1
  • Network Interface #N: used to ingest port mirror traffic from LAN segment N (optional)

Netify should have a route to the Internet in order to send metadata to our Netify cloud engine.

Installation

Up-to-date Netify packages are maintained in our Ubuntu repository.

If you are unsure of the version of Ubuntu you are using, run lsb_release -a

Ubuntu 16.04 LTS

curl http://download.netify.ai/netify/ubuntu/apt-gpg-key-netify.asc -o Netify.gpg
sudo apt-key add - < Netify.gpg 
echo 'deb http://download.netify.ai/netify/ubuntu/xenial/ /' > /tmp/netify.list
sudo mv /tmp/netify.list /etc/apt/sources.list.d/netify.list
sudo apt-get update
sudo apt-get -y install netifyd

Ubuntu 18.04 LTS

curl http://download.netify.ai/netify/ubuntu/apt-gpg-key-netify.asc -o Netify.gpg
sudo apt-key add - < Netify.gpg 
echo 'deb http://download.netify.ai/netify/ubuntu/bionic/ /' > /tmp/netify.list
sudo mv /tmp/netify.list /etc/apt/sources.list.d/netify.list
sudo apt-get update
sudo apt-get -y install netifyd

Configuration

Network Configuration

You will need at least two network cards configured. Unfortunately, Netplan has a limitation at the current time which prevents interfaces from coming up without an assigned IP. Since the mirror port requires exactly this state, Netplan is not currently supported. Instead, install the legacy ifupdown package.

sudo apt install ifupdown

Edit /etc/network/interfaces. A sample configuration is provided below for a server having 4 physical network cards. ens32 is being used as the control/reporting port while ens33, ens34 and ens35 are configured to ingest mirrored flows from the switch on any of three LAN segments.

auto ens32
iface ens32 inet dhcp
auto ens33
iface ens33 inet manual
up ifconfig ens33 up
auto ens34
iface ens34 inet manual
up ifconfig ens34 up
auto ens35
iface ens35 inet manual
up ifconfig ens35 up

Reboot the server to test your configuration/network settings.

Next, edit /etc/default/netifyd to disable autodetect of the interface roles and manually configure the interfaces to run DPI through. Again, an example is provided below.

# Netify Agent command-line options
# Copyright (C) 2016-2019 eGloo, Incorporated
#
# This is free software, licensed under the GNU General Public License v3.
#
# See the netifyd(8) manual for common options.

# Auto-detect (when possible) network ineterface roles (yes/no)?
NETIFYD_AUTODETECT="no"

# Set desired custom options here:
# NETIFYD_EXTRA_OPTS=""

# Define internal network interfaces and if needed, corresponding network
# addresses.  Normally network addresses are discovered via Netlink but for
# cases where Netlink is unavailable or when capturing from a mirrored port,
# they should be specified as a comma-delimited list as shown below:
# NETIFYD_INTNET="eth1 eth2 eth3,192.168.0.0/24,10.0.0.0/16"
NETIFYD_INTNET="ens33 ens34 ens35"

# Define external network interfaces.  For PPPoE interfaces, you can optionally
# specify the associated physical ethernet interface to set the MAC address.
# NETIFYD_EXTNET="eth4 ppp0,eth5"

The final step is to enable the Netify daemon to report metadata back to the Netify Informatics cloud sink, restart the daemon and configure it to start on boot.

sudo /usr/sbin/netifyd --enable-sink
sudo systemctl restart netifyd
sudo systemctl enable netifyd

Provisioning

With the Netify service installed, configured and running, it is time to provision your unique install. You will first need to fetch the provision code from your Netify Agent install using the following command:

# netifyd -p
Agent UUID: AA-BB-CC-DD

Once you have the provisioning code, you will need to create a Netify account (if you don't have one already) and run through the simple provisioning wizard. Once complete, metadata and analysis will start to be available in under a minute.

Provision Agent