Kentik - Network Observability
Back to Blog

Anatomy of an OTT traffic surge: Microsoft Patch Tuesday

Doug Madory
Doug MadoryDirector of Internet Analysis

Internet AnalysisOTT
Patch Tuesday September 2021 By Source CDN

Summary

Last Tuesday, September 14th was the second Tuesday of the month, and for anyone running a network or working in IT, you know what that means: another Microsoft Patch Tuesday. Doug Madory looks at how the resulting traffic surge can be analyzed using Kentik’s OTT Service Tracking.


Last Tuesday, September 14th was the second Tuesday of the month, and for anyone running a network or working in IT, you know what that means: another Microsoft Patch Tuesday.

In an effort to regularize the deployment of software patches and updates to their software, Microsoft, years ago, designated this the day of the month to be when patches get pushed out globally to computers, servers, and other devices running Microsoft’s operating systems.

It is also a traffic surge that can be analyzed using Kentik’s OTT Service Tracking.

OTT Service Tracking

Kentik’s OTT Service Tracking (part of Kentik Service Provider Analytics) combines DNS queries with NetFlow to allow a user to understand exactly how OTT services are being delivered - an invaluable capability when trying to determine what is responsible for the latest traffic surge. Whether it is a Call of Duty update or a Microsoft Patch Tuesday, these OTT traffic events can put a lot of load on a network and understanding them is necessary to keep a network operating at an optimal level.

The capability is more than simple NetFlow analysis. Knowing the source and destination IPs of the NetFlow of a traffic surge isn’t enough to decompose a networking incident into the specific OTT services, ports, and CDNs involved. DNS query data is necessary to associate NetFlow traffic statistics with specific OTT services in order to answer questions such as, “What specific OTT service is causing my peering link with a certain CDN to become saturated?”

Kentik True Origin is the engine that powers OTT Service Tracking workflow. True Origin detects and analyzes the DNA of over 540 categorized OTT services and providers and more than 50 CDNs in real time, all without the need to deploy DPI (deep packet inspection) appliances behind every port at the edge of the network.

Microsoft Patch Tuesday

Last week, Kentik customers were experiencing another Patch Tuesday. As illustrated below is a screenshot from Kentik’s Data Explorer view, Microsoft Update traffic experienced a peak that was almost 7.5 times that of the previous day. The update traffic was delivered via a variety of content providers including Akamai (38%), Stackpath (17%) and Edgecast (16%).

Microsoft Patch Tuesday/Windows Update traffic analysis with Kentik

When broken down by Connectivity Type (below), Kentik customers received Microsoft’s latest round of patches and updates from a variety of sources including Private Peering (54%), Transit (22%), Embedded Cache (17.4%), and IXP (7.1%).

Microsoft Patch Tuesday/Windows Update OTT traffic analysis by source

In addition to source CDN and connectivity type, users of Kentik’s OTT Service Tracking are also able to break down traffic volumes by subscribers, specific router interfaces and customer locations.

How does OTT Service Tracking help?

In July, my colleague Greg Villain described the latest enhancements to our OTT Service Tracking workflow which allows providers to plan and execute what matters to their subscribers, including:

  • Maintaining competitive costs
  • Anticipating and fixing subscriber OTT service performance issues
  • Delivering sufficient inbound capacity to ensure resilience

Major traffic events like Microsoft’s Patch Tuesday can have impacts in all three areas. OTT Service Tracking is the key to understanding and responding when they occur. Learn more about the application of Kentik for network business analytics here.

Explore more from Kentik

We use cookies to deliver our services.
By using our website, you agree to the use of cookies as described in our Privacy Policy.