For HealthBot to install successfully, the following hardware and software components are required on the host machine.
You can install HealthBot on either a physical or a virtual machine.
Proof-of-concept (POC) system—supports up to two device groups and three devices per device group:
RAM: 20 GB
Disk space: 100 GB available on the /var/ partition
Free disk space must be at least 20% of total disk space
CPU cores: 8
Production system:
RAM: 512 GB
Disk space: 2 TB SSD available on the /var/ partition
Free disk space must be at least 20% of total disk space
Recommended minimum IOPS for the disk(s): 1000
CPU cores: 64 or 128 with hyperthreading support (64x2)
See the scaling tool at https://apps.juniper.net/hb-sizing/ for more information on server configurations for a given use case.
HealthBot installs on Ubuntu, RedHat Enterprise Linux (RHEL), and CentOS versions of Linux.
For Ubuntu:
Ubuntu version 16.04.01 (Xenial Xerus)
For multi-node installation, the kernel version must be 4.4.19 or greater.
We recommend installing Ubuntu as one large disk partition.
If multiple partitions are used, HealthBot data is written to
the /var/local/healthbot/ directory
and HealthBot log files are written to /var/lib/docker/containers.
For RHEL:
RHEL version 7, Release 7.5 or later
The following system utilities must be installed manually if they are not already present:
tar, bash, ln, ssh-keygen, curl, vi, wget, openssl, openssh-server, and rsync
For CentOS:
CentOS version 7, Release 7.3 or later
For multi-node installation, the kernel version must be 4.4.19 or greater.
The following system utilities must be installed manually if they are not already present:
tar, bash, ln, ssh-keygen, curl, vi, wget, openssl, openssh-server, and rsync
HealthBot is supported on the following 64-bit web browsers:
Table 3: Supported Web Browsers
Browser | Supported Version(s) (Macintosh) | Supported Version(s) (Windows) |
|---|---|---|
Chrome | 81 and later | 75 and later |
Firefox | 65 and later | 65 and later |
Safari | 7.1 and later | 7.1 and later |
Opera | 68 and later | 68 and later |
Edge | N/A | 80 and later |
For Kubernetes-based installations, including multi-node installations:
All nodes must run NTP or other time-synchronization at all times.
An Internet connection is required for all nodes during the initial Ubuntu (.deb) or CentOS/RedHat (.rpm) software extraction process. This is not a requirement for the healthbot setup portion of the installation
One static IP address per node.
An SSH server must be running on all nodes.
All nodes must be in the same subnet
For a multi-node installation, a virtual (unused) IP address in the same subnet as the nodes is needed. This is the address on which the Web GUI is accessed.
A common SSH user name and password is needed for all nodes. The healthbot setup command (discussed later) must be run as this user.
Docker version 18.09.3 or later is required
The command: sysctl -w net.bridge.bridge-nf-call-iptables=1 must be run on all nodes.
You can add the net.bridge.bridge-nf-call-iptables=1 to
the file /etc/sysctl.conf to ensure
that it persists across reboots of the server.
For non-Kubernetes based installations:
Static IP address for the server.
An SSH server must be running on the server.
DNS is not required.
The command: sysctl -w net.bridge.bridge-nf-call-iptables=1 must be run on all nodes.
You can add the net.bridge.bridge-nf-call-iptables=1 to
the file /etc/sysctl.conf to ensure
that it persists across reboots of the server.
Open the following firewall ports, as appropriate:
JTI (native GPB), for telemetry collection - per your source and destination port settings
gRPC (OpenConfig), for telemetry collection - TCP port 32767
NETCONF/SSH, for telemetry collection - TCP port 830
SNMP, for telemetry collection - UDP port 161
Syslog messages - UDP port 514
NetFlow, for telemetry collection – UDP port of your choice.
Must be different for each NetFlow host.
Note Default ports are listed above; adjust as needed if you use non-default ports.
Junos Devices
HealthBot collects data from devices running Junos OS using multiple data collection methods, called sensors. Each sensor type requires a certain Junos OS version, and configuration added to the devices, to enable a connection to the HealthBot server.
Native GPB
Junos OS Version: 15.1 or later
Required configuration—configure a sensor profile for each relevant related rule in HealthBot:
##Streaming Server Profile set services analytics streaming-server COLLECTOR-1 remote-address <HealthBot-server-address> set services analytics streaming-server COLLECTOR-1 remote-port 22000 ##Export Profile set services analytics export-profile EXP-PROF-1 local-address <local-router-IP> set services analytics export-profile EXP-PROF-1 local-port 22001 set services analytics export-profile EXP-PROF-1 reporting-rate 30 set services analytics export-profile EXP-PROF-1 format gpb set services analytics export-profile EXP-PROF-1 transport udp ##Sensor Profile set services analytics sensor SENSOR-1 server-name COLLECTOR-1 set services analytics sensor SENSOR-1 export-name EXP-PROF-1 set services analytics sensor SENSOR-1 resource <resource> # example /junos/system/linecard/interface/
See Configuring a Junos Telemetry Interface Sensor for more information.
NetFlow (IPFIX)
Junos OS Version: 14.1R1 or later for MX Series Routers. For complete Junos version and platform support information, see:
Required configuration—
Configure a NetFlow v9 or IPFIX template
Apply the template to enable traffic sampling
Associate the sampling instance with the FPC
Specify which traffic interface to sample
The following samples are for an IPFIX configuration. Lines that start with “##” are comments and are used to point out details in the configuration.
IPFIX Template Configuration
set services flow-monitoring version-ipfix template IPv4-TEMPLATE
ipv4-template Apply IPFIX Template to Enable Traffic Sampling
set forwarding-options sampling instance IPFIX-IPv4-INSTANCE
input rate 10 set forwarding-options sampling instance IPFIX-IPv4-INSTANCE
family inet output flow-server 10.102.70.200 port 2055 set forwarding-options sampling instance IPFIX-IPv4-INSTANCE
family inet output flow-server 10.102.70.200 version-ipfix template
IPv4-TEMPLATE set forwarding-options sampling instance IPFIX-IPv4-INSTANCE
family inet output inline-jflow source-address 198.51.100.1 ## 10.102.70.200 = HealthBot server
## port 2055; use this value in HealthBot GUI (device group config)
## inline-jflow = Enable inline flow monitoring for traffic from the designated address
## 198.51.100.1 = traffic interface that does the exporting; use this value in HealthBot GUI (device config)
Associate Sampling Instance with the FPC
set chassis fpc 0 sampling-instance IPFIX-IPv4-INSTANCESpecify the Traffic Interface to Sample and Direction of Sampled Traffic
set interfaces ge-0/0/0 unit 0 family inet sampling input set interfaces ge-0/0/0 unit 0 family inet sampling output OpenConfig
Junos OS Version: 16.1 or later
The OpenConfig sensor requires that the Junos device have the OpenConfig and network agent packages installed. These packages are built into Junos OS Releases 18.2X75, 18.3, and later. For releases between 16.1 and 18.2X75 or 18.3, you must install the packages.
To verify whether you have these packages, enter the following command:
user@host> show version | match "Junos:|openconfig|na
telemetry"Junos: 19.2R1.8 JUNOS na telemetry [19.2R1.8] JUNOS Openconfig [19.2R1.8]
See Understanding OpenConfig and gRPC on Junos Telemetry Interface for more information.
Network agent is not supported on PPC platforms (MX104, MX80, and so on)
Required configuration:
set system services extension-service request-response grpc
clear-textiAgent (NETCONF)
Junos OS Version: 11.4 or later
Required configuration:
set system services netconf sshSNMP
Junos OS Version: Any release
Required configuration:
set snmp community publicSyslog
Junos OS Version: Any release
Required configuration:
set system syslog host 10.10.10.1 any any set system syslog host 10.10.10.1 allow-duplicates set system syslog host 10.10.10.1 structured-data ## 10.10.10.1 = HealthBot server
Best Practice Structured syslog is highly recommended because it avoids text parsing by the HealthBot server.
Cisco Device Support
HealthBot can collect telemetry data from Cisco IOS XR devices. To use these devices with HealthBot, you must configure the grpc server and the openconfig-interfaces sensors. HealthBot does not automatically configure these for you.
The following example shows a sensor group sg1 created for gRPC dial-in configuration with the YANG model for interfaces. An hbot_interfaces subscription associates the sg1 sensor group with an interval of 10 seconds to stream data.
Note The following reference configuration is loaded on a device running Cisco IOS XR software version 6.3.2.
! grpc port 32767 ! telemetry model-driven sensor-group sg1 sensor-path openconfig-interfaces:interfaces/interface ! subscription hbot_interfaces_ sensor-group-id sg1 sample-interval 10000 ! ! ssh server v2 end
Starting with release 3.0.0 HealthBot uses Kubernetes for all HA/multi-node installations. In order to install HealthBot on more than one server, you must install using Kubernetes. All of the needed configuration for the clusters is performed by Kubernetes. During the setup phase of the installation process, you must identify the Kubernetes master node and worker node(s). The following example shows the installation command for an Ubuntu server.
$ sudo apt-get install -y /<path-to-deb-file>/healthbot-<version>.deb$ sudo apt-get install -y /var/tmp/healthbot-3.0.0.deb [sudo] password for user: Reading package lists... Done Building dependency tree Reading state information... Done Note, selecting 'healthbot' instead of '/var/tmp/healthbot-3.0.0.deb' The following NEW packages will be installed: healthbot … Unpacking healthbot (3.0.0) ... … Setting up healthbot (3.0.0) ... …