NetQ contains the following applications and key components:
- Telemetry data collection and aggregation via
- NetQ switch agents
- NetQ host agents
- Data streaming
- Network services
- User interfaces
While these functions apply to both the on-premises and cloud solutions, they are configured differently, as shown in the following diagrams.
NetQ Agents are installed via software and run on every monitored node in the network—including Cumulus® Linux® switches, Linux bare metal hosts, and virtual machines. The NetQ Agents push network data regularly and event information immediately to the NetQ Platform.
The NetQ Agents running on Cumulus Linux or SONiC switches gather the following network data via Netlink:
- IP addresses (v4 and v6)
- IP routes (v4 and v6)
- Bridge FDB (MAC address table)
- ARP Entries/Neighbors (IPv4 and IPv6)
for the following protocols:
- Bridging protocols: LLDP, STP, MLAG
- Routing protocols: BGP, OSPF
- Network virtualization: EVPN, VXLAN
The NetQ Agent is supported on Cumulus Linux 3.7.12 and later and SONiC 202012 and 202106.
The NetQ Agents running on hosts gather the same information as that for switches, plus the following network data:
- Network IP and MAC addresses
- Container IP and MAC addresses
The NetQ Agent obtains container information by listening to the Kubernetes orchestration tool.
The NetQ Agent is supported on hosts running Ubuntu 18.04, Red Hat® Enterprise Linux 7, and CentOS 7 Operating Systems.
The NetQ core performs the data collection, storage, and processing for delivery to various user interfaces. It consists of a collection of scalable components running entirely within a single server. The NetQ software queries this server, rather than individual devices, enabling greater system scalability. Each of these components is described briefly below.
The data aggregation component collects data coming from all of the NetQ Agents. It then filters, compresses, and forwards the data to the streaming component. The server monitors for missing messages and also monitors the NetQ Agents themselves, sending notifications about events when appropriate. In addition to the telemetry data collected from the NetQ Agents, the aggregation component collects information from the switches and hosts, such as vendor, model, version, and basic operational state.
NetQ uses two types of data stores. The first stores the raw data, data aggregations, and discrete events needed for quick response to data requests. The second stores data based on correlations, transformations, and raw-data processing.
The streaming component processes the incoming raw data from the aggregation server in real time. It reads the metrics and stores them as a time series, and triggers alarms based on anomaly detection, thresholds, and events.
The network services component monitors protocols and services operation individually and on a networkwide basis and stores status details.
NetQ data is available through several interfaces:
- NetQ CLI (command line interface)
- NetQ UI (graphical user interface)
- NetQ RESTful API (representational state transfer application programming interface)
The CLI and UI query the RESTful API to present data. NetQ can integrate with event notification applications and third-party analytics tools.