For the last few months, our product team has been adding exciting, new capabilities that transform Kentik from a network monitoring product into an AIOps platform — turning data into insights and using automation to empower network teams.
Here is the complete product update on all new major features that were released between August 2019 and February 2020. We’ll also talk about what’s next on our near-term roadmap. Let’s dig in.
Running networks has never been easy, especially today. As digital business drives the fastest revenue growth in history, infrastructure/Ops teams are under tremendous pressure to run networks smoothly. However, since even small networks continuously generate gigabytes of diagnostic and telemetry data, operators spend hours collecting, collating, merging and analyzing this information to understand network utilization, manage and optimize network capacity, troubleshoot problems, identify malicious actors, and manage costs.
At Kentik, we want to make managing networks significantly easier. We have done that in this release by:
At a high level, workflows focus on common Ops tasks and are categorized into four different modules (Operate, Edge, Protect, Service Provider). There are also some shared core components that are used across multiple workflows, such as Insights & Alerting, Data Explorer, and Network Map.
Troubleshoot and visualize network traffic and infrastructure across cloud, data center, WAN and campus environments.
Network Explorer: Assess network status with organized, pre-built views of activity and utilization.
Insights & Alerting: Search, filter, and view network events that are automatically detected by the Kentik AIOps engine.
Data Explorer: Distill network data into rich visualizations that provide a deep understanding of network activity.
Network Map: Visualize network topology, geography and traffic to understand the interaction between customers or applications and the underlying infrastructure.
Capacity Planning: Automate network capacity planning tasks and prioritize actions using growth forecasts and projected run-out dates.
Analyze and optimize network performance and costs across the internet edge.
Peering & Interconnection: Identify remote networks to target for direct interconnection and understand the potential impact on new and existing connectivity.
Connectivity Costs: Predict costs for external connectivity using provider pricing models and traffic volume measurements.
Traffic Engineering: Resolve impending congestion and customer impact by identifying logical traffic groups that can be moved to alternate paths.
Protect the network from DDoS attacks with fast, accurate detection, automated mitigation actions, and fine-grained forensics.
DDoS Defense: Automate the entire DDoS attack lifecycle, from detection, to investigation, and mitigation.
Understand the dynamics of customer and subscriber network utilization to optimize network costs, survey the competitive landscape and discover new revenue opportunities.
CDN Analytics: Discover the mix of CDN providers that deliver traffic into the network and where the traffic enters the network.
OTT Service Tracking: Associate traffic with OTT content owners and service operators to expose the competitive landscape and optimize pricing to incorporate actual subscriber usage patterns.
From the start, we offer step-by-step onboarding guidance to help you setup your Kentik environment based on your specific interests and needs. The onboarding includes easy and quick steps to configure the data to be ingested from your devices.
1. Purpose of your Network
Define the purposes your networks serve, for example, how it:
2. Network Boundaries
Classify IP addresses and ASNs as Internal or External. By doing this, Kentik will be able to profile the traffic as it traverses the network. With these traffic profiles, users can get an immediate sense of where the traffic is coming from and going to in relation to the network’s boundary.
3. Data Sources
Add the data sources that can generate flows — either networking devices or instances from public clouds.
(You will be prompted to enter various device / cloud information in order to send the traffic data to the Kentik Platform.)
For more information, please contact our Customer Success team.
Network Explorer is the default landing page of the new Kentik Portal. It curates an intuitive summarized view for all traffic (including cloud) across your entire infrastructure, categorized into different traffic profiles. To be specific:
It’s important to highlight the “Explorer Top Talkers” in the “Operate” box. This provides direct and quick access to the data visualization that ties to specific aspects of traffic beyond just the overview. You can now more easily view your traffic from different perspectives and look for the things you care about the most.
We also call this “Quick View,” which aims to provide a table-view of what’s happening in your network with the attribute that you are interested in. Instead of having users manually create repetitive queries to slice-and-dice the network data, Kentik now has these frequently-used queries available with a single click:
Each Quick View enables users to drill down to any level of detail to help them understand their network better, for example:
Kentik also enables a very handy way of accessing those views via URL:
We revamped our platform around an AIOps Engine, which was designed to surface relevant, actionable and interesting events related to your network traffic, health, security, and applications. This system empowers operators to efficiently identify, troubleshoot and resolve real issues on their networks, and fast.
In short, proactive and interactive insights and human-assisted and machine-powered automation are how Kentik delivers the promise of AIOps for network professionals.
We provide two categories of Insights:
With Kentik Insights, network engineers will be able to:
You can always expand the view of a specific Insight and get quick details without leaving the page. From there, you can dig deeper with the links that are provided — either by looking at the details page for the Insight or by going directly to the related Device, Site, AS, whichever the Insight is about.
The notifications from Insights will be filtered and shown in the right panel across the board based on relevancy. If you are on the “Overview” page, all Insights will be shown; if you are on the “Sites” page, only Insights related to “Sites” will be shown, and the same applies to “Devices”, “Interfaces” views, and so on.
Data Explorer is one of Kentik’s core functionalities that can be used across multiple use cases.
Data Explorer provides direct views into your network activity and traffic, from a high-level picture down to the deep details. Data Explorer’s key capabilities include unlimited nested filtering and rapid click-through to get you the answers you need fast. This has been a powerful feature that all existing Kentik customers love because it allows easy access to all data, grouped by any variable.
As shown below, we’ve implemented some improvements such as:
Network Map is another core functionality that can be used across multiple use cases. Network Map provides a visual overview of the network topology with every component and real-time traffic across the entire infrastructure.
In a large-scale network, it’s always hard not to lose the big picture while chasing after small details, and vice versa. Depending on your role, Network Map can help answer your questions from both macro and micro perspectives.
If you are a network architect overseeing your entire infrastructure, you can:
If you are a network operator focusing on one particular site, you can see things like:
If you are a network engineer under tremendous pressure when a critical issue happens, you want to:
Network Map enables you to take action via workflows. You can always drill down to detail pages from topology panels to solve your problem instantly.
Roadmap: In the near future, we will add more rich context in Network Maps to help users understand their networks better:
Infrastructure utilization is directly related to operational efficiency which impacts the business. Bad capacity planning can result in a big mess — either wasting resources or creating congestion when the infrastructure is not keeping up with business growth.
Capacity Planning creates an automated workflow for managing infrastructure capacity. This replaces old, tedious, error-prone manual methods and generates alerts and run-out date predictions so network architects and capacity teams can properly plan their network capacity throughout the planning lifecycle. Planning teams can then easily analyze and optimize costly connections between locations, to the internet and cloud providers.
Capacity Planning can help network architects and network services buyers in the following use cases:
To achieve the best planning accuracy, we leverage multiple data sources across the environments as necessary, such as SNMP, flow data and streaming telemetry data. We currently use SNMP data primarily which will be augmented with additional data sources in the near future.
The workflow for Capacity Planning is very intuitive via the following steps:
Peering is a voluntary interconnection between networks belonging to separate organizations for the purpose of exchanging traffic. There are many motivations behind peering and interconnection, such as:
The Peering & Interconnection workflow is designed to help access/eyeball networks, enterprise networks, and content networks to make informed decisions on how to architect their internet edge and structure routing policies in order to reduce costs and/or improve performance.
There are many use cases when it comes to Peering & Interconnection that Kentik can help with. Here are a couple of examples :
For network strategists, architects or operators:
Today’s Peering & Interconnection workflow provides the capability to discover potential peers automatically and identify attractive peering opportunities. By default, the Sankey diagram displays all possible peers, but you can always use the filters (e.g. sites, countries, peering policy, peering traffic ratio, etc.) on the top of the page to narrow that list.
Depending on your business, you may care about peering using different directional perspectives. Kentik can populate the data using both inbound and outbound modes. The inbound mode will help networks that receive a lot of traffic from remote networks. The outbound mode will help networks that send a lot of traffic to remote networks.
The rest of the page will display all the potential peers with more details in a table, with controls to exclude networks which are not good peering candidates.
From there, you can go to the Peer Explorer by clicking on one of the table items to drill in on a specific opportunity to discover how easy or hard it would be to peer with the network in question, and the implications of peering with a specific network. You’ll see things like the AS number and name, a visualization of the last 30 days of traffic, with one-hour granularity, a visualization that shows the bitrate to/from the ASN, unique IP and prefix counts, traffic distribution by country, external traffic details from that potential peer by site and more. You can always type in the URL
portal.kentik.com/v4/edge/peering/[asn] to access the information for a specific peer.
Managing the costs of connecting your business to the world is an essential aspect of controlling your overall service delivery costs. Maintaining a firm grasp on how these costs are allocated, and knowing exactly when they change, can help guide you through critical decisions and planning exercises. However, calculating and making sense of these costs can easily become a full-time job. Kentik now provides a Connectivity Costs workflow to help NetOps teams contextualize and manage these costs quickly and easily — no spreadsheets needed!
The Connectivity Costs workflow aims at helping Kentik customers understand how traffic entering or exiting external interfaces (transit and/or peering interfaces) impacts operational costs. This workflow serves the following purposes:
Roadmap: In a future iteration, we will allow users to surface historical cost trends across providers based on the data, as well as see how customer network utilization impacts your overall costs. We will also soon build automatic insights and report export capabilities.
For complete steps, please refer to the Enabling Connectivity Costs topic in the Knowledge Base.
A very important feature called Cost Rollup gives the “bottom line” cost estimation for all of the computed providers and their associated cost groups. This number is computed by taking the sum of all computed provider groups without performing any additional aggregation at this level.
The Total Ingress and Total Egress figures show the amount of traffic recorded inbound or outbound across the interfaces identified within the cost groups. This is useful as it provides the user with context as to which “direction” of traffic flow they are billed on.
On the same page, you will also find the distribution of “Costs by Provider Group”, “Costs by Site” as well as “Costs by Site Country”, where you can click to dive into detailed breakdowns for each of these important perspectives.
Traffic Engineering is a daily function that nearly all service providers and digital enterprises employ to optimize network performance, control costs and prepare for service interruptions. For instance:
Our goal is to help our customers to leverage flow data to make sound traffic engineering decisions in an automatic manner, depending on their intentions, instead of routinely adjusting BGP knobs to shift traffic from one network peer to another manually.
We built the Traffic Engineering workflow together with multiple Kentik users who work on the largest peering networks in the world. We listened carefully to their pain points when it comes to handling traffic engineering and developed a solution to address that pain. We also allow grouping traffic using real-world traffic attributes such as AS-Path regex patterns and IP prefixes to simplify the traditional traffic engineering approach.
The configuration is automatic and leverages existing BGP, SNMP and flow data already collected from your network. Assuming these prerequisites are met, you can navigate to the main window to find the particular sets of interfaces that you are interested in, as well as highly-utilized interfaces within the last 24 hours as shown below:
Then let’s say you select one interface to see the current load distribution based on Raw Prefix or Destination 2nd/3rd Hop AS-Path and your target utilization. If the actual traffic load exceeds the target utilization, this amount of traffic will be highlighted, and you can discover the correct prefixes to match on in a routing policy in order to reduce traffic on the interface.
Roadmap: Future iterations of this product will include the ability to sort prefixes by bitwise order as well as automatic aggregation of prefixes.
DDoS attacks have the potential to wreak havoc on your network. Beyond the negative impacts on your service availability, denial-of-service attacks can have serious negative consequences on your team’s efficiency, lower revenues, and hurt your reputation.
Kentik uses flow data as a key signal to determine “normal” vs. abnormal traffic activity. When abnormal conditions are detected, Kentik can step in to reduce the harmful effects of DDoS or even mitigate attack traffic. (Please refer to the DDoS Defense topic on our website for more information.)
On top of our existing, powerful DDoS protection capabilities, we’ve built a new DDoS Defense workflow to make it quick and painless for users by focusing on ease-of-use features and a beautiful and intuitive UI that enables users to:
The DDoS Defense workflow is composed of two main parts: DDoS Defense Configuration and the DDoS Defense Dashboard Page. The Configuration part helps users set things up correctly in order to accurately detect attacks. The Dashboard Page gives a view of where users can quickly and easily see details about ongoing and historical attacks and mitigations.
Note, effective DDoS-attack detection requires us to fully understand the structure of your network so that we can differentiate normal traffic patterns from anomalous behavior. Kentik gains this understanding through prerequisites, including: Interface Classification, Traffic History and BGP Configuration. The DDoS Defense workflow walks you through those prerequisite settings step-by-step.
After checking prerequisites is complete, this workflow guides you the ability to the “Enable Attack Profiles” page and select and activate one or more Kentik preset alert policies (20+ of them!) — each of which is designed to respond to a specific attack profile. With a few simple adjustments to a given policy’s threshold settings, you will be able to tailor that policy to the specifics of your network’s traffic.
Once attack profiles are configured, Kentik will start ingesting at least 120 hours of traffic history to accurately detect any attack traffic that might enter later.
After finishing the initial configuration, DDoS Defense by default will take you to the dashboard page to give you a high-level view of DDoS attack activity that has generated alarms from the alert policies that you configured earlier. Each of the attacks can be further expanded with more details, and will be highlighted in the traffic charts above.
Today, nearly all content providers leverage one or more CDN (content delivery network) providers, which means each CDN normally carries traffic for a multitude of content providers. Eyeball ISPs, whose networks deliver bandwidth to subscribers, are now facing a huge challenge to make sensible engineering decisions that drive business growth without a clear and unified picture of how CDNs factor into traffic delivery. Furthermore, CDNs constantly change delivery sources and paths for each ISP and they routinely modify routing to adapt to ever-changing capacity and cost constraints on their end. All of this adds more complications for Eyeball ISPs to make data-driven business decisions in order to retain subscribers and maximize the ratio of performance versus cost.
Eyeball ISPs need visibility into how CDNs deliver traffic to their end-users in order to operate efficiently.
Kentik now offers CDN Analytics, arming ISPs with the following capabilities:
Let’s dive into a few user scenarios where CDN Analytics become very helpful for various roles in Eyeball ISPs:
CDN Analytics provides a guided workflow to configure all required background data properly which builds a solid foundation to optimize CDN detection accuracy and unlock every view, including:
After setup, the CDN Analytics workflow is able to provide the following capabilities:
Below is a sample look at the CDN Analytics main page. It clearly maps out your CDN vs. non-CDN traffic, traffic by connectivity type, and your top CDNs’ traffic. All the source CDNs will be listed below for users to further drill down. In the right panel below, all the insights related to CDNs are surfaced, driven both by manually configured and system-generated policies.
Together, CDN, OTT, and Subscriber (future release) Analytics in our Service Provider product provides a holistic subscriber and content analytics solution.
Eyeball ISP engineering leaders and network strategists need to support many activities, including customer retention, content performance/cost analysis, and content-focused interconnection and planning. They need to react quickly and troubleshoot efficiently to ensure smooth delivery of content towards subscribers. However, there currently aren’t many good ways to get metrics on OTT content services consumed by Eyeball ISP users.
The Kentik OTT Service Tracking workflow gives DPI-like visibility, delivered as a SaaS solution, without the cost, operational complexity and security concerns of appliance-based solutions. The OTT Service Tracking workflow arms Eyeball ISPs with the instrumentation they need to deliver content to subscribers by providing very precise insights such as overlays of delivery methods, subscriber groups, subscriber performance, OTT applications and providers, and more.
Let’s dive into a few user scenarios where OTT Service Tracking can be very helpful for various roles in Eyeball ISPs:
The OTT Service Tracking workflow provides the following key features to address the above use cases:
Below is a sample look at the OTT Service Tracking workflow landing page. It gives an overview of your total OTT traffic, traffic by connectivity type, and your top providers’ traffic. All of the OTT service types will be listed below for users to further drill down. In the right panel, all the insights related to OTT are surfaced, driven by both manually configured and system-generated policies.
For more information, please see the OTT Service Tracking topic in our Knowledge Base, or contact our Customer Success team.
Kentik is AIOps for network professionals. We launched the new Kentik platform in winter 2020 to power up network teams with AIOps techniques like large-scale data collection, correlation, and machine learning to manage the scale and complexity of todayʼs networks.