Intelligent Routing Platform

SELF-DEPLOYMENT GUIDE

Ubuntu LTS x86_64

Copyright ©2021 Noction Inc.

 Intelligent Routing Platform

Table of Contents

Introduction.......................................................................................................................3
1. IRP Requirements..........................................................................................................3
Hardware requirements...............................................................................................3
Software requirements................................................................................................4
IRP Server Access requirements..................................................................................4
Initial Data Requirements............................................................................................5
2. Pre-deployment activities..............................................................................................5
3. IRP Deployment.............................................................................................................6
Firewall configuration.................................................................................................6
Prepare for the installation.........................................................................................7
APT configuration..............................................................................................7
APT Repositories...............................................................................................8
IRP packages’ Installation..........................................................................................8
4. IRP Configuration.........................................................................................................8
Initial IRP Setup........................................................................................................9
Routers Configuration..............................................................................................10
Providers Configuration...........................................................................................11
IRP Launch....................................................................................................................12
IRP Documentation........................................................................................................13
IRP Functional Modes....................................................................................................13
Noction Support.............................................................................................................13

Self-Deployment Guide | Ubuntu Page 2 of 14

 Intelligent Routing Platform

This document presents the high level deployment process and the main required activities
for preparation and proper implementation of the Intelligent Routing Platform.

Introduction
The Intelligent Routing Platform (IRP) is a product developed by Noction to help Service
Providers and Enterprises optimally route traffic across multiple ISPs. The system makes
intelligent routing decisions by analyzing various network performance metrics and selecting
the best performing route for the traffic to pass through.

1. IRP Requirements
In order to deploy Noction Intelligent Routing Platform (IRP) into a network, a set of criterias
must be met:

Hardware Requirements
In a production environment, a dedicated server for each IRP instance is strongly
recommended. The system can also be deployed on a Virtual Machine, with matching
specifications, provided by a hardware virtualization platform (Xen, KVM, VMware, Hyper-V),
but care should be taken to guarantee the resources allocation.

NOTE: OS-level virtualization (OpenVZ/Virtuozzo or similar) is not supported.

1. CPU
• An Intel® Xeon® Processor E3/E5 family or equivalent is recommended for every 20
Gbps of analyzed traffic;

2. RAM
• minimum 16 GB, recommended 32GB;
NOTE: In case the traffic’s statistics/details are provided via SPAN (Port Mirroring), the
amount of RAM should be same as the analyzed traffic volume (in case of high Traffic
volumes) + at least 8 GB for IRP components’ requirements.

3. HDD
• At least 160GB of storage;
• SAS disks are recommended (SSDs are suitable only for 40Gbps+ networks);
• HDD partitioning:
1. LVM is recommended;
2. At least 100GB disk space usable for /var or separate partition
3. At least 10GB disk space usable for /tmp or separate partition. This is required
for big mysql tables manipulation. More disk space might be required under heavy
workload.

Self-Deployment Guide | Ubuntu Page 3 of 14

 Intelligent Routing Platform

4. NIC
• if providing sFlow/Netflow data - 100/1000 Mbps NIC;
• if providing raw traffic data by port mirroring - additional 10G interfaces for each span port.

NOTE: When needed, Noction can provide IRP appliances with the required hardware
specifications for a quick and rapid implementation in the customer’s network. The appliance is
delivered with the OS installed (latest LTS Ubuntu) and IRP software deployed.

Software Requirements
Clean minimal Linux system with:
• the latest Ubuntu LTS x86_64 version installed on the server;
• all installed packages updated (“apt-get update/upgrade” commands must be
performed).

IRP Server Access Requirements

Below are the access requirements to be met by the IRP server for Outbound (FROM the server)
access filters, which are mandatory for a proper Platform operation:

• TCP ports 80 and 443 to the following destinations:

lmon.noction.com;
maxmind.com;
geolite.maxmind.com;
www.iana.org;
data.ris.ripe.net;
Ubuntu Repositories;
Noction Repositories (repo.noction.com);

• UDP port 53 to public DNS servers or to the internal DNS servers;

• UDP port 123 to Ubuntu NTP servers:

0.ubuntu.pool.ntp.org;
1.ubuntu.pool.ntp.org;
2.ubuntu.pool.ntp.org; or
to internal NTP servers, if any;

• • ICMP To ANY # For probing purpose;

• • UDP and TCP SYN (ports 33434 - 33499) To ANY;# For probing purpose;

• • TCP port 43 for WHOIS

NOTE: In case the firewall does not allow rules definition based on DNS names, the engineer
has to identify the list of ALL hosts (IPs) for which the specific DNS records exist, via any
available NS tool, such as in the examples below:

# dig +short lmon.noction.com or # nslookup -type=A lmon.noction.com

Self-Deployment Guide | Ubuntu Page 4 of 14

 Intelligent Routing Platform

Initial Data Requirements

For a proper deployment plan and design definition, the customer needs to collect and analyze
the following data:
• network diagram with all the horizontal (own) as well as upstream (providers) and
downstream (customers) routers included;
• logical BGP scheme;
• the list of prefixes announced by customer AS that should be analyzed and optimized by IRP;
• edge routers configuration (config related to the bgp configuration, the prefixes announced
by client’s ASN, the route maps, routing policies, access control list, sFlow/ Netflow and
related interfaces configurations).

2. Pre-deployment activities

When the initial data requirements are processed and the deployment plan is defined, the
customer network infrastructure should be prepared for the IRP deployment. In such cases the
following operations have to be performed:

1. The information about network traffic must be sent to the IRP server via sFlow (v. 2, 4, 5) or
Netflow/jFlow (v1, 5, 9, 10). For this to happen, the customer should configure the flow or/
and raw data to be sent from the edge routers to the main IRP server’s IP address.

NOTE: ​It’s important to ensure the IRP server gets both inbound and outbound traffic details.

Egress and Ingress flow accounting should be enabled on the provider links, or, if this is
not technically possible, Egress and Ingress flow accounting should be enabled on all the
interfaces facing the internal network.

NetFlow is the recommended option and it is specially used for high traffic volumes, or in
the case of a sophisticated network infrastructure, where port mirroring is not technically
possible. Recommended sampling rates:
• For traffic up to 1Gbps: 1024
• For traffic up to 10 Gbps: 2048
• For traffic up to 20 Gbps: 4096

2. Setup Policy Based Routing (PBR) for IRP active probing:

a. Apart from the main server IP, the customer needs to add one public IP addresses,
depending on the number of connected providers and their type, to be used for probing
purpose (configured as alias IPs on the IRP server), and configure PBR for traffic originating
from each of these IPs to be routed over different providers, respectively:
i. one additional IP for each Transit or Partial Provider;
ii. one additional IP for each 64 peers in case of an Exchange Provider;
NOTE: It is strongly recommended to avoid using NAT-ed IP addresses as, in such cases,
IRP will be generating a large number of NAT-ed transactions, which could lead to router(s)
overloading.

Self-Deployment Guide | Ubuntu Page 5 of 14

 Intelligent Routing Platform

b. No route maps should be enforced for the main IRP server’s IP address as the traffic
originating from it should pass the router(s) using the default route.
Depending on the site where the IRP server will be located, in case the traffic from the IRP
server passes through multiple routers before getting to the provider and when a separate
probing VLAN could not be configured across all routers, GRE tunnels from the IRP to the
Edge routers should be configured.
The tunnels are mainly used to prevent additional overhead from route maps configured on
the whole IRP←→Edge routers path.

3. Provide SNMP access (a read-only community will suffice) on the edge routers in order to be
further configured in IRP for each provider link, by using the following information:
• SNMP interface name (or ifIndex)
• SNMP IP (usually the router IP)
• SNMP community
The mentioned above, SNMP information is required for the report generation, Commit
Control decision-making and prevention of overloading a specific provider with an excessive
number of improvements. At least access to the following MIBs is required:
• BGP4­-MIB
• IF­-MIB
• SNMPv2-­MIB
• IP­-MIB
4. For a full setup of cost related settings as well as the Commit Control mechanism, the
customer needs to identify and configure the following info:

• the maximum allowed interface throughput for each provider link (limit load);
• cost per Mbps for each provider (required only for the IRP’s COST functional mode);
• the 95% for each providers and;
• precedence.

The above is sufficient for a customer to proceed with a non-intrusive setup. To start the
system in full Intrusive mode, iBGP sessions between IRP and the edge routers are required.

3. IRP Deployment

Before proceeding at the installation process some server’s preparations activities are required,
as described in the following sections.

Firewall configuration
In the process of the firewall configuration it is important to configure NOTRACK rules, using
the following iptables entries/commands:

Self-Deployment Guide | Ubuntu Page 6 of 14

 Intelligent Routing Platform

In the process of the firewall configuration it is important to configure NOTRACK rules, using
the following iptables entries/commands:

# iptables -t raw -A PREROUTING -p icmp -j NOTRACK

# iptables -t raw -A OUTPUT -p icmp -j NOTRACK
# iptables -t raw -A OUTPUT -p udp -m udp --dport 33434:33534 -j NOTRACK
# iptables -t raw -A OUTPUT -p tcp -m tcp --dport 33434:33534 -j NOTRACK

NOTE: if the system is restarted before saving the iptables configuration set, all rules are lost.
In order to make them persistent, the access rules need to be saved:

iptables-save > rules.v4

ip6tables-save > rules.v6

Iptables-persistent should be installed for this. This can be done by running “apt-get install
iptables-persistent.

In case firewalld or any external Firewall is used, similar NOTRACK rules need to be set.
Skipping this step will cause IRP false probing results because of firewall delaying probing
packets.

Prepare for the installation

In order to proceed with the IRP installation, the server’s IP address(es) (public and private IP)
must be provided to Noction Support Team in order to allow access to the required IRP APT
repositories and configure the required license(s).

NOTE: ​This information is provided to the Noction Sales Manager, who will forward it to the right
team for further processing.

When access is confirmed, apt-get should be configured as described in section below.

APT configuration
For an easier Ubuntu packages’ management, the APT (Advanced Package Tool), representing
the primary tool managing Ubuntu based Linux distributions’ DEB software packages from official
and third-party software repositories, has to be configured.

The first step is to import the GPG public key:

# wget -qO - http://repo.noction.com/repo.gpg | apt-key add -

The next step is to add the repo itself:

Ubuntu 14: № wget -O /etc/apt/sources.list.d/irp.list http://repo.noction.com/irp.ubuntu14.list

Ubuntu 16: # wget -O /etc/apt/sources.list.d/irp.list http://repo.noction.com/irp.ubuntu16.list

Ubuntu 18: # wget -O /etc/apt/sources.list.d/irp.list http://repo.noction.com/irp.ubuntu18.list

Self-Deployment Guide | Ubuntu Page 7 of 14

 Intelligent Routing Platform

APT Repositories
Before proceeding to the IRP packages installation, the engineer needs to ensure that all NON-
Standard Ubuntu repositories, are disabled, because of some strict IRP dependencies. This can
be done by commenting all NON-Standard repositories in the /etc/apt/sources.list.

Standard repositories are deb and deb-src links like:

htps://$country.archive.ubuntu.com/ubuntu $your_version

Where $country is the canonical country name (e.g. us/de/nl etc.) and
$your_version is the name of your version of Ubuntu: Trusty for Ubuntu 14 LTS, Xenial for Ubuntu
16 LTS , and Bionic for Ubuntu 18.

IRP packages Installation

In order to install the IRP product via apt-get tool, the following commands must be used:

1. To check available IRP versions:

# apt-get update
# apt-cache madison irp
2. To install IRP:
# apt-get install irp

NOTE: The installation process may take up to 20 minutes or even more in case of a slow
Internet connection.

4. IRP Configuration

IRP is initially configured through a graphical wizard. After the initial configuration, all further
manipulation and settings’ configurations are done via the FrontEnd IRP component.

Before proceeding to initial configuration, the engineer needs to:

• Ensure that IPv6 support is enabled if it is configured on the network.

# sysctl -a | grep net.ipv6.conf.default.disable_ipv6

• In case it is disabled, the engineer should perform the following steps in order to enable
IPv6 support on a Ubuntu platform:

1. Ensure IPv6 Support is enabled in the /etc/sysctl.conf configuration file:

- net.ipv6.conf.all.disable_ipv6 = 0
- net.ipv6.conf.default.disable_ipv6 = 0

2. Perform a network service restart;

Self-Deployment Guide | Ubuntu Page 8 of 14

 Intelligent Routing Platform

• Ensure that the rp_filter is disabled in order to avoid any possible issue related to Flow
processing. The rp_filter has to be disabled for each physical interface (except SPAN), by
using a command similar to the following one:
# sysctl -w net.ipv4.conf.$ethN.rp_filter=0 -- where $ethN is the interface name (e.g. eth0);

or, in order to make the change/configuration permanent, it has to be set to 0 in /etc/sysctl.conf

NOTE: The rp_filter should NOT be disabled in case SPAN (port mirror) is used !!!

• Ensure that DbCron and irpapid services are started and running, using the command:

# service dbcron status

* dbcron.pl is running
# service irpapid status *
irpapid is running

In case the service is stopped, it has to be started:

# service dbcron restart

# service irpapid restart

Initial IRP Setup

In order to start the initial configuration process for the Noction product, the engineer needs to point
the browser to the https://servername.domain or https://server_IP and go through the wizard. At
this point, the following default credentials have to be used:
- Username: admin
- Password: admin

NOTE: If during the Initial Configuration Wizard an API connection error appear, then the engineer
will have to connect to the server via SSH and execute the following command:

# service irpapid restart

Self-Deployment Guide | Ubuntu Page 9 of 14

 Intelligent Routing Platform

After the first start of the FrontEnd interface, it automatically starts the “​Initial setup​“, in
which the main parameters of the IRP configuration need to be configured:

1. Configure the “Infrastructure IP addresses” used by Explorer component to determine the

current route for a specific prefix, and “Analyzed networks” list of prefixes to be analyzed and
improved by IRP;

2. Configure Collector by setting up the method IRP will use to collect the network prefixes’
statistics. The collector can operate in the following modes, by enabling the required
services in the wizard and by configured the specified parameters:

a. FLOW (Irpflowd) - using NetFlow/sFlow and/or

NetFlow/sFlow UDP Port - Udp ports on which traffic statistics will be provided. In
case the Flow exporters are configured to use non-standard port numbers (2055 for
NetFlow/jFlow and 6343 for sFlow);
Flow Sources - Flow exporters IP addresses. Flow data coming in from other IP
addresses that are not listed in this parameter will be ignored.

b. SPAN (IrpSpand) - collecting raw traffic from mirrored ports.

Irpspand interfaces - The list of server’s network interfaces that should receive
mirrored traffic;
min_delay status - Enable TCP Re-transmits analysis.

3. Configure the “Improvement Mode” in which IRP should function. IRP can operate in two modes:

a. Performance mode - when only performance metrics like latency and packets loss are
analyzed; while in
b. Cost mode - the same metrics are analyzed as in the Performance mode with additional
analysis of the traffic cost for each provider;

4. Configure “Management Interface” to be used by IRP instance for management purpose

(just cosmetic). The required physical interface and its IP address can be found in the system
with ifconfig tool.

5. Configure “Probing Interfaces” that are just the aliases created for the management
interface to be used for probing purpose.

Routers Configuration
After the initial setup is finalized, at least one edge router and at least two providers have to be
configured in IRP, for further establishment of BGP session(s) and, as such, the “Add a router”
option needs to be selected in the main screen and the following to be configured:

1. “Router Name and AS” where the router name (usually the hostname) and the AS number are set;

2. “Router IP address” where the Local IPv4 address (IRP main IP address) and the Remote
IPv4 address (IP address of the Edge router) must be set;

Self-Deployment Guide | Ubuntu Page 10 of 14

 Intelligent Routing Platform

3. “ROUTER ANNOUNCING”, where the required BGP attributes to be further used to

manipulate the edge router’s BGP table are set.

SNMP Hosts Configuration

SNMP hosts are nodes on the network that provide or read SNMP data. In the main screen of the
Providers setup wizard, the Add SNMP host option needs to be selected and the following to be
configured:

1. SNMP community - defines the SNMP community (read-only) for retrieving data;

2. SNMP host short name - defines an intuitive short name for the SNMP host;

3. SNMP host address - defines IPv4/IPv6 address of the SNMP host.

Providers Configuration
In the main screen of the Providers setup wizard, the Add a provider option needs to be used.
This option is used for each provider and every time a new provider has to be added into IRP
configuration.
The “Add a provider” activity consists of several steps required to be set as described in the
following:

1. “Router Name and AS” where the edge router, that should be already configured in the
system is selected. In case there are multiple edge routers, the router that the provider is
connected to has to be selected from a dropdown menu;
2. “Provider name” where the name of the provider has to be set;
3. “Provider description” this will be used in reports and graphs;
4. “Provider IP Addresses” is the place where the following parameters have to be
configured:
• Probing IPv4 address - usually it is the alias IP on the management/probing interface
with configured PBR;
• IPv4 diagnostic hop - defines the diagnostic hop or subnet in CIDR format for the
current provider;
• Router next hop address - the next-hop IPv4 address for BGP route injection. Usually,
it is the IPv4 address of the BGP partner from the provider;
• Remote provider ASN - the provider’s AS number.

5. “Provider Commit Control” where the data and values for parameters related to the
commit control feature have to be configured, in case the Commit Level is important for the
customer. Only when this is of importance for the company, the following have to be set up:
• Provider 95th percentage
• Commit Control (CC) provider precedence
• Provider cost per Mbps
• Maximum load per interface

Self-Deployment Guide | Ubuntu Page 11 of 14

 Intelligent Routing Platform

6. “Providers Monitoring setup” where the monitoring options for the specific provider via
SNMP are set for the edge router on which the provider is connected. The monitoring is
performed for BGP session and interface statistics. In this step the following parameters
need to be set:
• SNMP Host - identifier of SNMP host to be used for Interface counter statistics;
• Provider SNMP interface - SNMP interface name or index. IRP is automatically
retrieving the available interfaces. The Interface has to be assigned by submitting
the ‘Add’ Button.

7. “External Monitor setup” where the external monitor needs to be set up. At this stage the
following parameters have to be configured:
• External monitor - external monitor will be set to state “Enabled”;
• ICMP/UDP ping monitored IPv4 addresses - which defines the List of IPv4 addresses
to be monitored by BGPd (usually the Google DNS/OpenDNS IPs).

8. “Internal Monitor setup” where the Internal monitor needs to be configured and the
following parameters must be set:
• Internal Monitor - which needs to be set to the state “Enabled”;
• BGP session monitoring IPv4 address - the ip address of ISP BGP router;
• Internal monitor SNMP host - identifier of SNMP host to be used for BGP session
monitoring.

NOTE: Internal Monitor should be set up only if router has BGP4-MIB available for SNMP

9. “Provider pre-check” where the required checks are performed in order to ensure that
everything is correctly configured, including the aliases and PBR.

IRP Launch
After the Initial IRP Configuration has been finished, the engineer has to start the IRP services
by running the command:

Ubuntu 14: # service irp start Ubuntu 16/18: # service irp start

IRP services status could be identified in the output of the command:

Ubuntu 14: # service irp status

Ubuntu 16/18: # systemctl list-dependencies irp.target

Note: In case not all service are started, the following commands will restart all IRP
services:

Ubuntu 14: # service irp stop Ubuntu 16/18:
# service irp start
or #systemctl start irp-shutdown.
# service irp restart target; systemctl start irp.target

Self-Deployment Guide | Ubuntu Page 12 of 14

 Intelligent Routing Platform

The output of the above command is very important as it provides the status/state of each
component to be further considered in case of any required troubleshooting session. Also, the
state of the IRP components as such as a lot of other useful data, provided by diverse graphs
and reports, are available in the Frontend.

IRP Documentation
After the product (IRP) is deployed, the engineer will be able to access the IRP Documentation
file that contains a lot of useful information about the product itself such as: components and
features, optimization modes, configuration files and their structure, product implementation,
troubleshooting, maintenance and usage.

The Documentation for the IRP product is available for you at our website using the link:
https://www.noction.com/resource_center/documentation.

IRP Functional Modes

Initially the IRP instance is configured in Non-intrusive mode, when the IRP server is gathering
data for network prefixes and is identifying possible improvements for them and the information
is presented in the Dashboard page. I​ n this functional mode no improvements are announced to
the border routers.

The Non-Intrusive mode allows the customer to have a real picture regarding the benefits IRP can
bring into his network, without affecting in any way his network.

When the customer is ready to switch the IRP instance to FULL Functional mode, called
INTRUSIVE, he/she has to configure the required BGP sessions and to perform the switching to
Intrusive activities, based on a preliminary defined plan.

NOTE: the template action plan for the switching to Intrusive is available in the documentation
described above (irp-documentation.pdf) under the IRP Operating modes section.

Noction Support
Should the customer have a question or in case any assistance from Noction Support team is
required, a support ticket has to be created, by sending an email to support@noction.com.

Self-Deployment Guide | Ubuntu Page 13 of 14

Intelligent Routing Platform
SELF-DEPLOYMENT GUIDE | Ubuntu

Copyright ©2021 Noction Inc., All Rights Reserved. Noction logos, and trademarks or
registered trademarks of Noction Inc. or its subsidiaries in the United States and other
countries.

Other names and brands may be claimed as the property of others. Information
regarding third party products is provided solely for educational purposes.

Noction Inc. is not responsible for the performance or support of third party products
and does not make any representations or warranties whatsoever regarding quality,
reliability, functionality, or compatibility of these devices or products.

Copyright ©2021 Noction Inc.