Paragon Insights Installation Requirements
You can perform an online or offline installation of Paragon Insights.
Online Installation—You need an active internet connection to run an online installation of Paragon Insights. You must download the necessary online package (.deb for Ubuntu or .rpm for CentOS/RedHat) from the Juniper Networks Software Downloads page and install them. You can then proceed to run the
sudo healthbot setupandhealthbot startcommands.Offline Installation—You do not need an active internet connection during offline installation. However, you need an active internet connection to download and install the necessary Paragon Insights package (.deb for Ubuntu or .rpm for CentOS/RedHat) from the Juniper Networks Software Downloads page and install them. After you install the package (.deb or .rpm), you must download the offline install package to the
/var/local/healthbotdirectory and rename the file to healthbot-offline.tgz. You can then run thesudo healthbot setupandhealthbot startcommands without an active internet connection.
For Paragon Insights (formerly HealthBot) to install successfully, the following hardware and software components are required on the host machine.
Paragon Insights Hardware Requirements
You can install Paragon Insights on either a physical or a virtual machine.
Proof-of-concept (POC) system—supports up to two device groups and three devices per device group:
RAM: 20 GB
Disk space: 100 GB available on the /var/ partition
Free disk space must be at least 20% of total disk space at all times.
CPU cores: 8
Production system (minimum system requirements):
RAM: 32 GB
Disk space: 250 GB SSD available on the /var/ partition
Free disk space must be at least 20% of total disk space at all times.
Recommended minimum IOPS for the disk(s): 1000
CPU cores: 16
Paragon Insights is a cloud-native application that leverages a microservices-based architecture that allows scale-out and multinode deployment. Depending on your specific requirements and use case, you can add more nodes to the Kubernetes cluster.
For more information on rules and telemetry sensors supported in a Junos OS and Junos OS Evolved software release for a specific hardware platform, see Telemetry Sensor Explorer.
Paragon Insights Software Requirements
You can install Paragon Insights on Ubuntu, Red Hat Enterprise Linux (RHEL), and CentOS versions of Linux.
For Ubuntu:
The following Ubuntu releases are qualified to work with Paragon Insights:
Installation
Paragon Insights Release
Ubuntu Version
Online Installation
Release 4.3.0
Ubuntu 20.04.3 and Ubuntu 18.04.04
Release 4.2.0 and earlier
Ubuntu 18.04.04 and Ubuntu 16.04.01
Offline Installation
Release 4.3.0
Ubuntu 20.04.3 and Ubuntu 18.04.04
Release 4.2.0 and earlier
Ubuntu 18.04.04 and Ubuntu 16.04.01
The kernel version must be 4.4.19 or greater.
We recommend installing Ubuntu as one large disk partition.
If multiple partitions are used, Paragon Insights data is written to the /var/local/healthbot/ directory and Paragon Insights log files are written to /var/lib/docker/containers.
Disable the swap memory by running the
swapoff -acommand to bring up kubelet service.You must then remove swap memory entries from the
/etc/fstabfolder.Note:You might need to reboot the server for this setting to take effect.
For RHEL:
The following RHEL releases are qualified to work with Paragon Insights:
Installation
Paragon Insights Release
RHEL Release
Online Installation
Release 4.1.0 and later
RHEL 7.5 and RHEL 8.2
Release 4.0.0
Not supported
Release 3.2.0 and earlier
RHEL 7.5
Offline Installation
Release 4.0.0 and later
RHEL 7.5 and RHEL 8.3
Release 3.2.0 and earlier
RHEL 7.5
Note:All Paragon Insights releases except Release 4.0.0 support both online and offline installations. Paragon Insights Release 4.0.0 supports only offline installation.
The following system utilities must be installed manually if they are not already present:
tar, bash, ln, ssh-keygen, curl, vi, wget, openssl, openssh-server, and rsync
Enter the following configuration line in the file /etc/sysctl.conf:
vm.max_map_count=262144.Disable the swap memory by running the
swapoff -acommand to bring up kubelet service.You must then remove swap memory entries from the
/etc/fstabfolder.Note:You might need to reboot the server for this setting to take effect.
For CentOS:
The following CentOS releases are qualified to work with Paragon Insights:
Installation
Paragon Insights Release
CentOS Release
Online Installation
Release 4.3.0
CentOS 7.3
Release 4.2.x and Release 4.1.0
CentOS 7.3 and CentOS 8.2
Release 4.0.0
Not supported
Release 3.2.0 and earlier
CentOS 7.3
Offline Installation
Release 4.3.0
Not supported
Release 4.2.x, Release 4.1.0, and Release 4.0.0
CentOS 7.3 and CentOS 8.3
Release 3.2.0 and earlier
CentOS 7.3
Note:All Paragon Insights releases except Releases 4.3.0 and 4.0.0 support both online and offline installations. Paragon Insights Release 4.3.0 supports only online installation and release 4.0.0 supports only offline installation.
The kernel version must be 4.4.19 or greater.
With Paragon Insights Release 4.0.0, for CentOS 8 server and RHEL 8, kernel upgrade is not required.
The following system utilities must be installed manually if they are not already present:
tar, bash, ln, ssh-keygen, curl, vi, wget, openssl, openssh-server, and rsync
Disable the swap memory by running the
swapoff -acommand to bring up kubelet service.You must then remove swap memory entries from the
/etc/fstabfolder.Note:You might need to reboot the server for this setting to take effect.
Enter the following configuration line in the file /etc/sysctl.conf:
vm.max_map_count=262144.On a scaled production server, we recommend that you configure the OS settings in the
limits.confandsysctl.conffiles. These values set the soft and hard memory limits for influx DB memory requirements. If you do not set these limits, you might see errors such as “out of memory” or “too many open files” because of default system limits.cat /etc/security/limits.conf # End of file * hard nofile 1048576 * soft nofile 1048576 root hard nofile 1048576 root soft nofile 1048576 influxdb hard nofile 1048576 influxdb soft nofile 1048576
cat /etc/sysctl.conf fs.file-max = 2097152 vm.max_map_count=262144 fs.inotify.max_user_watches=524288 fs.inotify.max_user_instances=512
Run the
sysctl -w net.bridge.bridge-nf-call-iptables=1command on all nodes.Add the
net.bridge.bridge-nf-call-iptables=1to the file /etc/sysctl.conf to ensure that it persists across server reboots.
You might need to reboot the server for this setting to take effect.
Web Browser Requirements
Paragon Insights is supported on the following 64-bit web browsers:
Browser |
Supported Version(s) (Macintosh) |
Supported Version(s) (Windows) |
|---|---|---|
Chrome |
90 and later |
90 and later |
Firefox |
83 and later |
83 and later |
Safari |
14.0.3 and later |
- |
Network Requirements
For Kubernetes-based installations, including multinode installations:
All nodes must run NTP or other time-synchronization at all times.
An Internet connection is required for all nodes during the initial Ubuntu (.deb) or CentOS/Red Hat (.rpm) software extraction process. This is not a requirement for the
healthbot setupportion of the installationOne static IP address per node.
(Optional) A hostname that resolves to the corresponding IP address.
Ensure that internet protocol version 6 (IPv6) is enabled.
An SSH server must be running on all nodes.
All nodes must be in the same subnet.
For a multi-master installation:
You must always enter an odd number of master nodes.
You need a virtual IP address to configure high availability (HA) between the master nodes. This virtual IP address must be different from the virtual IP address that you specify to access various Paragon Insights services.
All master nodes must be in same subnet. Ensure that you place the master nodes on different racks so that there is no impact if there are power outages
You need to determine the number of master nodes before you start the installation process.
For a multinode installation, a virtual (unused) IP address in the same subnet as the nodes is needed. This is the address on which the Web GUI is accessed.
A common SSH user name and password is needed for all nodes. The
healthbot setupcommand (discussed later) must be run as this user.Docker version 18.09.3 or later is required
Note:Starting with Paragon Insights Release 4.0.0, Docker upgrade is not required.
Run any one of the following commands to verify the Docker version installed:
$ docker version
or
$ docker --version
Note:Verify the SELinux mode. If it is set to enforcing, change it to permissive. This is required to allow Docker commands to execute later in this procedure.
$ getenforce Enforcing $ sudo setenforce 0 $ getenforce Permissive
Open the following firewall ports, as appropriate:
JTI (native GPB), for telemetry collection - per your source and destination port settings
gRPC (OpenConfig), for telemetry collection - TCP port 32767
NETCONF/SSH, for telemetry collection - TCP port 830
SNMP, for telemetry collection - UDP port 161
Syslog messages - UDP port 514
NetFlow, for telemetry collection – UDP port of your choice.
Must be different for each NetFlow host.
sFlow, for telemetry collection - UDP port of your choice
Note:Default ports are listed above; adjust as needed if you use non-default ports.
Enable these ports to allow intra-cluster and inter-cluster communication.
This ensures that the cluster setup does not crash due to SSH timeout.
See Table 2 for information and requirements on ports for single-master setups. You must enable these ports for single-master setups.
For more information on ports for multi-master setups, see Table 3. You must enable the ports listed in both Table 2 and Table 3 for multi-master setups.
Table 2: Ports for Single-Master and Multi-Master Setups Direction
Ether Type
Internet Protocol
Port Range
Remote IP Prefix
Description
Ingress
IPv4
TCP
22
0.0.0.0/0
SSH
Ingress
IPv4
ICMP
any
0.0.0.0/0
ICMP probes
Ingress
IPv4
TCP
8080
0.0.0.0/0
Paragon Insights GUI and REST API server
Ingress
IPv4
TCP
6443
Communicate with worker nodes in the cluster
Ingress
IPv4
TCP
179
BGP used by calico for route discovery
Ingress
IPv4
TCP
10250
Kubelet API communication
Ingress
IPv4
TCP
8443
Kubernetes metrics server
Ingress
IPv4
TCP
7005
Paragon Insights common services
Ingress
IPv4
IPIP
any
Overlay network setup by calico
Egress
IPv4
any
any
0.0.0.0/0
Allow all IPv4 outbound traffic
Egress
IPv6
any
any
::/0
Allow all IPv6 outbound traffic
Table 3: Additional Ports for Multi-Master Setups Direction
Ether Type
Internet Protocol
Port Range
Remote IP Prefix
Description
Ingress
IPv6
TCP
2379
etcd client requests
Ingress
IPv4
TCP
2380
etcd peer communication
Network Device Requirements
Junos Devices
Paragon Insights collects data from devices running Junos OS using multiple data collection methods, called sensors. Each sensor type requires a certain Junos OS version, and configuration added to the devices, to enable a connection to the Paragon Insights server.
Native GPB
Junos OS Version: 15.1 or later
Required configuration—configure a sensor profile for each relevant related rule in Paragon Insights:
##Streaming Server Profile set services analytics streaming-server COLLECTOR-1 remote-address <HealthBot-server-address> set services analytics streaming-server COLLECTOR-1 remote-port 22000 ##Export Profile set services analytics export-profile EXP-PROF-1 local-address <local-router-IP> set services analytics export-profile EXP-PROF-1 local-port 22001 set services analytics export-profile EXP-PROF-1 reporting-rate 30 set services analytics export-profile EXP-PROF-1 format gpb set services analytics export-profile EXP-PROF-1 transport udp ##Sensor Profile set services analytics sensor SENSOR-1 server-name COLLECTOR-1 set services analytics sensor SENSOR-1 export-name EXP-PROF-1 set services analytics sensor SENSOR-1 resource <resource> # example /junos/system/linecard/interface/
See Configuring a Junos Telemetry Interface Sensor for more information.
NetFlow (IPFIX)
Junos OS Version: 14.1R1 or later for MX Series Routers. For complete Junos version and platform support information, see:
Required configuration—
Configure a NetFlow v9 or IPFIX template
Apply the template to enable traffic sampling
Associate the sampling instance with the FPC
Specify which traffic interface to sample
The following samples are for an IPFIX configuration. Lines that start with “##” are comments and are used to point out details in the configuration.
IPFIX Template Configuration
set services flow-monitoring version-ipfix template IPv4-TEMPLATE ipv4-template
Apply IPFIX Template to Enable Traffic Sampling
set forwarding-options sampling instance IPFIX-IPv4-INSTANCE input rate 10 set forwarding-options sampling instance IPFIX-IPv4-INSTANCE family inet output flow-server 10.XX.XX.200 port 2055 set forwarding-options sampling instance IPFIX-IPv4-INSTANCE family inet output flow-server 10.XX.70.XX version-ipfix template IPv4-TEMPLATE set forwarding-options sampling instance IPFIX-IPv4-INSTANCE family inet output inline-jflow source-address 198.XX.XX.1
## 10.XX.70.XX = Paragon Insights server
## port 2055; use this value in Paragon Insights GUI (device group config)
## inline-jflow = Enable inline flow monitoring for traffic from the designated address
## 198.XX.XX.1 = traffic interface that does the exporting; use this value in Paragon Insights GUI (device config)
Associate Sampling Instance with the FPC
set chassis fpc 0 sampling-instance IPFIX-IPv4-INSTANCE
Specify the Traffic Interface to Sample and Direction of Sampled Traffic
set interfaces ge-0/0/0 unit 0 family inet sampling input set interfaces ge-0/0/0 unit 0 family inet sampling output
OpenConfig
Junos OS Version: 16.1 or later
The OpenConfig sensor requires that the Junos device have the OpenConfig and network agent packages installed. These packages are built into Junos OS Releases 18.2X75, 18.3, and later. For releases between 16.1 and 18.2X75 or 18.3, you must install the packages.
To verify whether you have these packages, enter the following command:
To verify whether you have these packages, enter the following command:
user@host> show version | match "Junos:|openconfig|na telemetry" Junos: 19.2R1.8 JUNOS na telemetry [19.2R1.8] JUNOS Openconfig [19.2R1.8]
See Understanding OpenConfig and gRPC on Junos Telemetry Interface for more information.
Network agent is not supported on PPC platforms (MX104, MX80, and so on)
Refer to the following topics of the Junos Telemetry Interface User Guide if the OpenConfig and network agent packages are not installed.
To install the OpenConfig package, see Installing the OpenConfig Package.
To install the network agent manager package, see Installing the Network Agent Package (Junos Telemetry Interface).
After you have installed the packages, enable OpenConfig on the MX240 by running the following command:
set system services extension-service request-response grpc clear-text port number
Network agent is not supported on PPC platforms (MX104, MX80, and so on)
iAgent (NETCONF)
Junos OS Version: 11.4 or later
Required configuration:
set system services netconf ssh
SNMP
Junos OS Version: Any release
Required configuration:
set snmp community public
Syslog
Junos OS Version: Any release
Required configuration:
set system syslog host 10.x.x.1 any any set system syslog host 10.x.x.1 allow-duplicates set system syslog host 10.x.x.1 structured-data
## 10.x.x.1 = Paragon Insights server
Structured syslog is highly recommended because it avoids text parsing by the Paragon Insights server.
Cisco Device Support
Paragon Insights can collect telemetry data from Cisco IOS XR
devices. To use these devices with Paragon Insights, you must configure
the grpc server and the openconfig-interfaces sensors. Paragon Insights does not automatically configure these
for you.
The following example shows a sensor group sg1 created
for gRPC dial-in configuration with the YANG model for interfaces.
An hbot_interfaces subscription associates the sg1 sensor group with an interval of 10 seconds to stream data.
The following reference configuration is loaded on a device running Cisco IOS XR software version 6.3.2.
! grpc port 32767 ! telemetry model-driven sensor-group sg1 sensor-path openconfig-interfaces:interfaces/interface ! subscription hbot_interfaces_ sensor-group-id sg1 sample-interval 10000 ! ! ssh server v2 end
Multinode Installation
Starting with release 3.0.0 Paragon Insights uses Kubernetes for all HA/multinode installations. In order to install Paragon Insights on more than one server, you must install using Kubernetes. All of the needed configuration for the clusters is performed by Kubernetes. During the setup phase of the installation process, you must identify the Kubernetes master node(s) and worker node(s).
Starting with Release 4.0.0, while installing Paragon Insights
you can choose to have multiple master nodes. While running the healthbot setup command, you are prompted to specify hostnames
or IP addresses of the master nodes. If you choose to have multiple
master nodes, you must also specify the virtual IP address that is
required for configuring high availability (HA) between the master
nodes. If you are using the silent installer, in the configuration
file you can specify the virtual IP address in the master_virtual_ip field.
Starting from Release 4.0.0, while installing Paragon Insights you can specify multiple virtual IP addresses (unused) so that you can connect to various services in Paragon Insights and thereby monitor devices that are in different subnets. If you are using the silent installer, in the configuration file you can specify multiple virtual IP addresses in the load_balancer_ip field.