Kentik’s Aaron Kagawa explains why today’s network analytics solutions require new types of contextual data and introduces the concept of Universal Data Records. Learn how and why Kentik is moving beyond network flow data.
Every story has a beginning. At Kentik, flow data was ours. It’s how we began to set the bar for what modern network analytics should look like. In just a few short years, we’ve proven that flow-based analytics (with formats like NetFlow, sFlow, and JFlow) give enterprises and service providers powerful insights into network performance, availability, security, and much more.
However, networks are growing more complex. Infrastructure is increasingly diverse. And visibility is diminishing alongside new overlays and technologies layered upon the network.
Going beyond flow data is now a necessary requirement for maintaining comprehensive network visibility. That’s why Kentik is not just “going with the flow.” We’re evolving.
We’ve enhanced our core platform to accept any data element in any format—including fields like application ID, user ID, NAT translations, and vendor-specific fields—and even data records that aren’t flow at all.
It was hard work, but the results have proven to be well worth the effort. We call the new architectural element “Universal Data Records” (UDRs), and with this, Kentik now has the ability to innovate faster than ever before—adding more data sources to our platform to stay ahead of and address the always-evolving network visibility challenges faced by our customers.
Universal Data Records for the Cloud
One of the challenges we hear about with increasing frequency is centered around networking in the cloud era. As organizations shift applications and workloads to multi-cloud environments and new network overlays appear, many network professionals are losing visibility into their networks. For example, it becomes harder to understand which teams might be running which services in what locations. This type of uncertainty can lead to performance problems, security nightmares, and cloud spending surprises.
UDRs allow us to flexibly receive and store new data fields that aren’t present in traditional network data. This innovation made it possible to add support for VPC Flow Logs from Google Cloud Platform (GCP), followed by adding support for AWS VPC Flow Logs, both of which contain new fields that describe attributes like instance names and zone/region names.
Additionally, the rise of containers, with their many moving (and short-lived) parts, has made it increasingly difficult for network operators to understand what traffic is coming from where. That’s why we’ve also added UDRs for Kubernetes and Istio. This provides our customers with visibility into pod-to-pod and service-to-service traffic flows, giving them a better understanding and ways to visualize container orchestration and service meshes. And we now have several other monitoring capabilities in the works for cloud and cloud-native data sources that are set to roll out over the coming year.
You can read how Pandora uses Kentik for our new cloud visibility capabilities here.
UDRs for the Firewall
Most recently, UDRs allowed us to add visibility into firewalls, including Cisco ASA and others. Firewalls can carry deep insights into network traffic based on their ability to perform deep packet inspection and authentication, and add attributes (such as user names and application types) to flow data. These are hugely valuable for adding both security and application context to network activity.
For us, this is part of Kentik’s continued evolution. We’re no longer just supporting core and edge. Rather, we’re stepping beyond that—and quickly.
Beginning End to End…
With a powerful backend equipped to ingest more data types than ever—and running in a highly scalable SaaS-delivered product—the Kentik team has a full pipe of planned work.
Additional data sources and types we’re adding include SNMP, Streaming Telemetry, MPLS labels, Cisco NBAR, VXLAN, SD-WAN performance metrics, and syslog. We also just rolled out full alerting support for the UDR fields mentioned previously in this post.
Correlating and alerting on all of these data sources, together, will arm our customers with complete, end-to-end network visibility and actionable insights.