Spring is here — at least according to the calendar — and April has come to a close. Yet again, our development teams have been hard at work with their continual improvement to Kentik Detect®. So let’s dig right in and take a look at the latest changes…
Kentik Detect Library
The largest and most obvious change we made this month was the rollout of Kentik Detect v3.1, which introduces our new Library section of the portal. If you’ve logged in recently you probably noticed the announcement in a popup that appears at login. The Library gives you a single page from which to create, view, modify, and manage views of your network traffic data. It’s a big step forward in our effort to streamline your workflow when using the portal, and it will enable us to rapidly develop a rich array of preset views for specific use cases.
While the Library replaces the portal’s separate Dashboard and Saved Views pages, all of your existing dashboards and saved views have been preserved and are now available in a central location. Access the Library via the main navbar, then use the sidebar to choose views that have been created within your organization or provided by Kentik. You’ll be able to move quickly between different views, and to easily edit views, modify properties, and clone existing views to make variations. Learn more about the details in the following Knowledge Base articles:
Users can now make the Library their default landing page via the Default Settings pane of the User Profile (accessed via the drop-down menu at the far right of the main portal navbar).
Focus on Ease-of-Use
The Library is the latest example of our focus on portal ease-of-use, which we’ve mentioned in previous updates. The idea is to empower the consumers of information via dashboards and saved views (created by both power users and consumers). The Library also enables us to release Kentik-provided preset views that address specific use cases. The Library’s consumer-focussed UI supports this goal with the following design features:
- Persistent access: The Library tab is always available for direct access to dashboards and saved views. The list includes views that you’ve designated as favorites and also those that you’ve recently viewed.
- Ubiquitous search: A search popup (shown at right) that launches from the main navbar means that you can quickly find views wherever you are in the portal.
- Content organization: Views in the Library can be assigned to categories and are grouped into buckets (personal, company-shared, and Kentik presets).
- Content discovery: The Library landing page gives us the ability to promote new and featured views, organized by task-specific categories or consumer teams.
The new Library is only one aspect of our recent usability efforts. Some additional steps include:
- Adding dimensions that enable characterization of network traffic, e.g. Interface Classifiers and Network Classifiers.
- Upping the portal’s visualization game with new view types (Gauge, Geo HeatMap) and making data more visually useful with Bracketing (application of colors based on value range).
- Bringing interactivity to dashboards via guided-mode dashboards and dashboard navigation (drill down to deeper views).
More usability enhancements are slated for release in coming months, so keep an eye on this space…
Keyboard shortcuts, enabling greater efficiency for commonly performed tasks, have now come to the Kentik Detect portal. How do you find the shortcut for a given task? Press [SHIFT]+[?] on your keyboard to pop up the shortcuts help menu. As shown in the screenshot at right, the popup is context-sensitive and will display both global shortcuts and those that are specific to an individual page (in this case Data Explorer).
Back in October we launched kprobe, our improved host agent software that can be deployed anywhere (in your data center or in the cloud) to gather all kinds of useful data from real traffic on your hosts. We’ve been steadily enhancing kprobe ever since; this month we have a new release that includes a couple new CLI parameters:
- –status-port gives you the ability to check the status of the agent by defining the port to listen on.
- –status-host enables access beyond the localhost IP address (127.0.0.1).
Once the new parameters are configured, you can point your browser to http://host:port/v1/status to get a JSON output of the status.
For more information on installing and configuring kprobe, check the Knowledge Base (KB) article on Host Configuration.
Raw Flow Viewer Enhancements
In last month’s product update we introduced a new analytics view called Raw Flow, which enables you to directly examine the flow data stored in Kentik Data Engine (KDE), the back end datastore used by Kentik Detect. We’ve further improved this functionality by adding a filter box and also the option to export the results in CSV format.
With the filter box, filtering is now as easy as entering a string. As the user types, the page refreshes with matching results. Once you’re happy with the results, click the blue Export CSV button to export the flow records. For more about this feature see our KB article on Raw Flow.
Multiple Mitigations Per Threshold
Those readers who’ve used our alerting system know that it’s based on alert policies that are each made up of one or more thresholds that enter alarm state when triggered by user-defined conditions. Alarms generate notifications (email, Slack, PagerDuty, etc.) but they can also automatically initiate mitigation. With our latest iteration you can now assign more than one mitigation per threshold.
What’s the advantage of multiple mitigations per threshold? Below are a few simple examples of why this feature is so useful:
- You can now use a single policy to configure all of the desired mitigation methods/platforms with which you’d like to respond to a given set of conditions, which is much more scalable than cloning a given policy for each of your appliances so that they can all trigger at the same time for a given condition.
- Users with mitigation appliances at multiple sites now have the ability to trigger them all at the same time.
- The response for a given alarm can now include a mix of mitigation types, e.g. RTBH, A10, and Radware. A multi-location DDoS response involving multiple mitigations types is outlined in the following example:
1. De-preference or stop-announcing a BGP route on Location #1 by injecting a route whose community has been predefined as a flag for these actions.
2. Announce a broader routing table entry, less-specific than /24 (thus forcing acceptance by Internet peers), for Location #2.
3. Trigger a 3rd-party mitigation method — e.g. A10 or Radware — on Location #2 to announce more specific prefixes for internal re-direction to a scrubbing center.
To add a second mitigation to an existing policy, head over to Alerting » Policies and click on the name of the policy. In the Edit Policy dialog click the Alert Thresholds tab and scroll down to the Mitigations section. In the drop-down Add Mitigation menu, select the appropriate mitigation platform and click the Add Mitigation button.
For more information about using mitigation, check out our KB article on Alert Mitigation.
Product and Service Notifications
For a while now the portal has included in-session popup notifications about service issues (red background) and when updated versions are available (blue background). Most users find this information helpful, but in some circumstances — e.g. running Kentik Detect on a large monitor in a Network Operations Center (NOC) — users may find the popups to be a distraction. We’ve addressed this by tying notification behavior to the existing “Product Updates” and “Service Updates” settings in the User Profile (accessed via the drop-down menu at the far right of the main portal navbar). Turning off Product Updates will suppress in-session version banners, and turning off Service Updates will suppress in-session popups for system messages (outages, etc). These system messages will still show at login, but new ones will not be shown during an active session. For more information on these notification settings, check out the User Profile topic in our KB.
VLAN Tags and Custom Dimensions
One of Kentik Detect’s most powerful features is the ability to add additional context to netflow data using flow tags or custom dimensions (see our Flow Tags and Custom Dimensions KB articles). We’ve now extended this feature by enabling tags and custom dimension populators to match on the VLAN ID of flow records. The value for VLAN ID accepts comma-separated values between 0 and 4095 (inclusive), as well as integer ranges, all of which can be intermingled in the same list.
Guided Mode Dashboard Dimensions
Back in November, our dashboards were enhanced with the guided mode feature, in which the user is prompted to enter or choose the value of a given dimension and that value determines what traffic is displayed in some or all of the dashboard’s panels. The guided-mode dimension for a given dashboard is chosen in the Dashboard Properties dialog (see Guided Mode Settings) using the drop-down Dimension family to filter by menu. We recently added the following additional dimension families that now appear on this menu:
- Connectivity Type
- Interface Description
- Network Boundary