Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

System Requirements

Network Connectivity

Depending on the configured options, Apstra Flow requires various TCP and UDP ports to receive flow records, retrieve data for enrichment, and store data in your chosen data platform. To allow communication on TCP and UDP ports, you must configure any host or network firewalls to allow traffic to pass through as described in the following sections:

Listening for Flow Data

You can configure the Apstra Flow collector to listen for incoming flow record packets on one or more UDP ports. Table 1 shows the collector's UDP default ports.

Table 1: Apstra Flow Collector Default Ports

Protocol

Port

Direction

Description

UDP

9995

in

Apstra Flow default port

UDP

2055

in

Netflow standard port

UDP

4739

in

IPFIX standard port

UDP

6343

in

sFlow standard port

While a variety of ports can be used to listen for flow record packets, the specific ports which must allowed are those for which the collector is configured using EF_FLOW_SERVER_UDP_PORT.

Accessing Enrichment Data

The Apstra Flow collector can enrich flow records with additional information. The following sections show the various enrichment options and corresponding allowed ports.

DNS

Required when EF_PROCESSOR_ENRICH_IPADDR_DNS_ENABLE is true.

Table 2: DNS Allowed Port

Protocol

Port

Direction

Description
UDP

53

out

DNS

SNMP

Required when EF_PROCESSOR_ENRICH_NETIF_SNMP_ENABLE is true.

Table 3: SNMP Allowed Port

Protocol

Port

Direction

Description

UDP

161

out

Network interface attributes through SNMP.

OpenSearch

Specify one of the TCP allowed ports when EF_OUTPUT_OPENSEARCH_ENABLE is true.

Table 4: OpenSearch Allowed Ports

Protocol

Port

Direction

Description

TCP

9200

out

OpenSearch REST API.
TCP 5601 out OpenSearch dashboards, GUI and API.

VM Sizing

We conducted tests for VM sizing using Apstra Flow OVA on ESXi 8.0 (Table 5). VM sizes and storage results are listed in Table 6 .

Note:

Other workloads were not active on the system during testing. "Noisy neighbors" or other resource contention could negatively impact the results in production environments.

Table 5: Components Tested for VM Sizing

Component

Description

CPU

AMD EPYC 7702 (64-core Zen2), locked at 2.9GHz to avoid thermal throttling.

Memory

256GB DDR4 3200MT/s, all 8 memory channels populated for maximum memory bandwidth.
Storage (Direct-SSD)

4TB SATA SSD

Storage (NFS)

8x HDD (RAID10) with NVMe read/write cache through 10Gbe
Table 6: VM Sizing and Storage Results

VM Size

CPU and Memory Sizing

Ingest Capacity

Default (Medium) VM

  • CPU: 16vCPUs

  • Memory: 64 GB

Direct-SSD:

  • Recommended ingest: 12,000 records per second.

  • Burst ingest: up to 40,000 flow records per second.

NFS

  • Recommended ingest: 10,000 records per second.

  • Burst ingest: up to 40,000 flow records per second.

Small VM

  • CPU: 8vCPUs

  • Memory: 32 GB

Direct-SSD:

  • Recommended ingest: 6,500 records per second.

  • Burst ingest: Up to 21,500 flow records per second.

NFS

  • Recommended ingest: 5,500 records per second.

  • Burst ingest: up to 21,500 flow records per second.

Large VM

  • CPU: 24vCPUs

  • Memory: 64 GB

Direct-SSD:

  • Recommended ingest: 16,000 records per second.

  • Burst ingest: up to 53,000 flow records per second.

NFS

  • Recommended ingest: 13,000 records per second.

  • Burst ingest: up to 53,000 flow records per second.

X-Large VM (custom)

Contact your Juniper sales representative for guidance on creating a cluster for a custom deployment.

Greater than 15,000 FPS.

Licensing

The Apstra Flow collector operates with the integration of a Juniper Apstra license. Premium license holders benefit from enhanced features and an elevated flow rate capacity. In contrast, users with the basic license have a constraint of up to 500 flows per second. For information about activating your license, see the Juniper Licensing User Guide.