What does Flowtriq require to deploy?
Any modern Linux distribution (Ubuntu 20.04+, Debian 11+, CentOS 8+). Under 0.1% CPU. Under 30 MB RAM. Install in 60 seconds. No hardware, no dedicated servers, no network topology changes. BGP and cloud scrubbing integrations are optional and extend mitigation to the network edge.
Core Requirements
What you need to get started
Required
| Operating system | Linux (Ubuntu 20.04+, Debian 11+, CentOS 8+) |
| CPU overhead | < 0.1% |
| Memory usage | < 30 MB RAM |
| Python | 3.6+ (for pip install) |
| Network | Outbound TLS (port 443) to flowtriq.com |
| Access level | Root (for kernel stats, firewall rules, PCAP) |
| Flowtriq account | Free trial or paid plan |
Optional (extends capabilities)
| BGP speaker | ExaBGP, GoBGP, BIRD 2, FRRouting, Cloudflare, Radware, F5, or webhook |
| Cloud scrubbing | Cloudflare Magic Transit, OVH VAC, Hetzner, AWS Shield Advanced, + 5 more |
| Flow sources | sFlow v5 (port 6343), NetFlow v5/v9 (port 2055), IPFIX (port 4739) |
| Alert channels | Discord, Slack, PagerDuty, OpsGenie, Telegram, Teams, SMS, webhooks |
| SIEM | Splunk, Elasticsearch, Microsoft Sentinel, Datadog, Syslog, Wazuh |
| Web server logs | nginx, Apache, Caddy, LiteSpeed, HAProxy (for L7 detection) |
Installation
60-second install
The setup wizard prompts for your API key (from the Flowtriq dashboard), configures the agent as a system service, and begins monitoring. No configuration files to edit, no network changes, no reboots.
Integrations
Supported router, firewall, and scrubbing integrations
BGP and cloud scrubbing integrations extend Flowtriq's mitigation from the server level to the network edge. They are optional -- Flowtriq works without them using on-node mitigation.
| Category | Supported | Purpose |
|---|---|---|
| BGP speakers | ExaBGP, GoBGP, BIRD 2, FRRouting (FRR) | FlowSpec rate-limit/drop, RTBH blackhole announcements |
| Cloud BGP | Cloudflare Magic Transit, Radware, F5 | Cloud-edge BGP mitigation |
| Cloud scrubbing | Cloudflare, OVH VAC, Hetzner, AWS Shield Advanced | Volumetric attack absorption |
| Cloud firewalls | DigitalOcean, Vultr, Linode/Akamai, Cloudflare WAF | Cloud-native firewall rule deployment |
| RouterOS | MikroTik (native API) | Direct router rule management |
| On-node firewalls | iptables, nftables, ipset, ufw, firewalld, CSF, XDP/eBPF, tc | Server-level packet filtering |
| Flow telemetry | sFlow v5, NetFlow v5/v9, IPFIX | Router-level traffic visibility |
BGP FlowSpec and RTBH are strengths of Flowtriq's integration model. If you have BGP infrastructure, Flowtriq automates what operators previously did manually: detecting an attack, logging into a router, and typing FlowSpec or RTBH commands. If you do not have BGP infrastructure, on-node rules and cloud firewall APIs handle mitigation.
FAQ
Deployment questions
What are the minimum system requirements?
Any modern Linux distribution (Ubuntu 20.04+, Debian 11+, CentOS 8+). Under 0.1% CPU usage. Under 30 MB RAM. Python 3.8+ (for pip install). Network connectivity to the Flowtriq dashboard over TLS. That is the complete list. No special hardware, no dedicated server, no root partition requirements.
How do I install Flowtriq?
Run: pip install ftagent && sudo ftagent --setup. The setup wizard connects the agent to your Flowtriq dashboard using an API key. Detection is active within 30 seconds. Baseline convergence takes approximately 5 minutes.
Does Flowtriq require root access?
Yes. ftagent needs root to read kernel-level network stats from /proc/net/dev, execute firewall rules (iptables, nftables, XDP), and capture packets for PCAPs. It runs as a system service.
Does Flowtriq require BGP?
No. BGP FlowSpec and RTBH are optional features for operators who have BGP infrastructure. Without BGP, Flowtriq provides full detection, classification, PCAP forensics, alerting, and on-node mitigation (iptables, nftables, XDP/eBPF). BGP extends mitigation to the network edge, but it is not required for the core product to work.
What Linux distributions are supported?
Ubuntu 20.04+, Debian 11+, CentOS 8+, RHEL 8+, Rocky Linux, AlmaLinux, Fedora, Arch Linux, openSUSE, and others. Any modern Linux distribution is supported.
Does Flowtriq work on ARM servers?
Yes. ftagent is a Python package that runs on any architecture supported by the Linux kernel, including x86_64 and ARM (aarch64). No native binary compilation required.
What network ports does Flowtriq use?
Outbound: TLS (443) to the Flowtriq dashboard API. Inbound (optional): sFlow (UDP 6343), NetFlow (UDP 2055), IPFIX (UDP 4739) if using flow source ingestion. No inbound ports required for agent-only deployments.
Can I deploy Flowtriq without internet access?
ftagent needs connectivity to the Flowtriq dashboard for metrics reporting, alert dispatch, and configuration sync. However, it has a 2,000-event offline retry queue: detection and local mitigation continue during connectivity loss, and events sync when the connection is restored.
Related
Learn more
60-second install. No hardware. No contracts.
14-day free trial. Every feature included. No credit card required.