Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Configuration

Basic Configuration

The streaming API uses Kafka to transfer metrics from Paragon Active Assurance. You therefore need to do the following to get the streaming API up and running:

  • Add the following to /etc/netrounds/netrounds.conf:

  • In /etc/netrounds/metrics.yaml set

  • Run

  • In /etc/kafka/server.properties replace localhost:9092 with 0.0.0.0:9092 for the listeners and add

    Here, ip_or_url should be set to the address that the clients will use. It is important that ip_or_url is routable; setting 0.0.0.0 as for the listeners results in an error.

    Note: Kafka is non-trivial to configure. If you change other aspects of the Kafka configuration, make sure you know what you are doing. Refer to the Apache Kafka documentation.

    Then run

  • Enable the metrics and TimescaleDB services (skip the latter if you are not using TimescaleDB):

  • Finally, restart the services:

Security Recommendations: Restricting Access to the Kafka Instance

At present, there is no authorization built into the streaming API. However, you can restrict access to the API by configuring your firewall. Here is how to set up persistent iptables rules for allowing and disallowing access to Kafka:

Install the iptables-persistent package:

In order to permanently add rules for IPv4, open the file /etc/iptables/rules.v4 and insert rules similar to the following:

Here, we allow access to the Kafka port (9092) for a specific IP address, while blocking all other connections to that port.

Similarly, in order to add IPv6 rules, edit the file /etc/iptables/rules.v6 according to the code below:

Note:

Important: Reboot the machine.

Next, check if the instructions are applied by running the command