July / August 2018

The product team here at Kentik is keeping up our relentless pace of improvements, with an emphasis on bringing our customers more solutions with business impact. Here’s a look at what we were able to accomplish in July and August.

Universal Search

Universal Search is a powerful tool that provides a unified place to find not only information about a given topic but also links to relevant Kentik Detect portal areas and controls. The idea is to make the portal experience more efficient by minimizing the user’s effort and time while maximizing the accuracy and utility of search results.

Universal Search is super-easy to use (think of “Google in Kentik Detect”) and is available anywhere in the portal, either via the Search input field in the main portal navbar (indicated with a magnifying-glass icon) or by pressing “Shift + S.” As you enter a string in the field, the Universal Search modal (shown below) opens automatically and presents results grouped into categories (e.g. Alert Policies, Reports, Users, Devices, Interfaces, Documentation, etc.).

It takes just a few searches to begin to see the variety of useful results that Universal Search can return:

• If you search for “alerts” your results include Quick Nav buttons (Active Alerts, Mitigation Methods, Alert Silent Mode, etc.) that take you directly to the relevant page of the portal.
• If you search for “sampling” you’ll see documentation explaining Kentik’s recommended sample rate tiers.
• If you search for terms such as “transit” or “peer,” results will include interfaces, reports, and alerts where the term is part of the interface description.

How does Universal Search make your day-to-day usage of Kentik Detect more efficient? Here are just a few examples:

• If you’re configuring a portal Admin setting and you need to refer to the Knowledge Base, use Universal Search to return the most relevant help topics directly within the portal (no need to juggle back and forth between tabs).
• If you’d like to see a dashboard built by one of your coworkers, but you’re not sure of the exact dashboard name, enter the part that you remember (e.g. “EMEA sales report”) and Universal Search will find it for you.
• If you can’t remember which network device a given IP is configured on, enter the IP; Universal Search will show a link to the Admin » Interfaces page, filtered to show the interface with that IP.

Leveraging customer feedback, we plan to continue refining Universal Search and finding new ways to put it to work for our users. For additional information, please see the Universal Search topic in the Kentik Knowledge Base or contact our Customer Success team.

Custom Geo (beta)

Custom Geo enables each Kentik customer to organize countries into custom groups so that reports and views generated in Kentik Detect are consistent with the geographical zones already in use elsewhere in their business. Rather than forcing all users to use the same predefined geographies, this feature accommodates the need for each customer to define territories however they want, which (as shown in the image below) can be quite different from company to company.

Custom Geo is part of a broader initiative to expose new dimensions that bring business logic into flow analytics, thereby making network data meaningful to teams that aren’t necessarily network savvy (e.g. interconnection managers and planners, business development individuals, and even executives). In this case, Custom Geos basically correspond to markets or sales territories, composed of multiple countries, for which data can be aggregated and presented together. This capability is especially useful for large worldwide content providers, carriers, and enterprises that need to be able to assess and compare data at the market level, as shown in the side-by-side screenshots below.

By default, Custom Geos are set to correspond to continents. To tailor the groupings for your business, go to the Admin » Custom Geo page in the portal (see screenshot below) and follow the instructions outlined in the KB topic Add or Edit Custom Geo.

Once you’ve defined your Custom Geos you can start using Custom Geo as a Source and/or Destination dimension for both group-by (e.g. in Data Explorer’s Query Dimension dialog, as pictured below) and filtering (in the Dimension Selector dialog).

Custom Geo can also be leveraged in the portal Library by building Dashboards in Guided Mode that take Custom Geo as an input. This would allow you to build market-specific dashboards that give interconnection managers or business development teams at-a-glance insight into key vitals for a given market. You could also create a dashboard that allows users to cycle through their markets to inspect a given information-set for each market, like connectivity mix (transit, peering, etc.) by PoP, as shown below.

Given the utility of Custom Geo, we also have plans to extend it into the realm of domestic markets, allowing ISPs to configure markets based on Regions (i.e. sub-countries, like states in the US). For additional information, please see the Custom Geo article in our Knowledge Base or contact our Customer Success team.

Google VPC Flow Logs

Kentik now offers extended network visibility to customers using the Google Cloud Platform (GCP) by supporting Google VPC flow logs as a source of flow records. VPC Flow Logs are NetFlow-like metadata, generated by virtual instances in Google Cloud Platform (GCP), for the network traffic entering, exiting, or within a VPC (between VMs). With VPC flow log support, Kentik customers can now get full visibility into network activity within GCP projects, and also between GCP and traditional on-premises data centers in hybrid cloud architectures.

The cool part about Google VPC flow logs is that very little configuration is required for existing VPC users. As depicted in the functional diagram above, all that’s needed is for you to configure VPCs in your GCP projects to send Flow Logs to a Pub/Sub topic, which Kentik subscribes to in order to pull the data. This provides agent-less visibility into all the traffic in the VPC without creating any additional instances. Once the connection is established, flow data from your cloud infrastructure is available within Kentik Detect for visualizations (like the screeenshot below) and alerting, just like data from any other source.

For additional information, please see our blog post Kentik for Google Cloud VPC Flow Logs, refer to the KB topic Kentik for Google VPC, or contact our Customer Success team.

Additional Quick Updates

In addition to the larger features discussed above, we’ve also been busy with a range of enhancements described below.

New Site-based Dimensions

We’ve added the new dimensions “Site Country” and “BGP UE Site Country.” While the existing  “Source Country” and “Dest Country” dimensions tag traffic based on the country associated with the source or dest IP of the flow, these new dimensions tag flows based on the country associated with the PoP (and device) that the flows were received from. This allows you to filter or segment traffic by the geolocation of the network entry or exit point, rather than the geolocation of the host(s) that originated or terminated the traffic. These dimensions were added to aid traffic engineering, peering, or customer traffic analyses that rely on understanding the geolocation of network entry and exit points.

Major Update to Geo HeatMaps

Region Maps (a.k.a. sub-country) have been revamped. As shown below, the regions are now fully modeled in the mapping engine, providing easy to read region-based heatmaps.

We also now support heatmaps based on Custom Geos (described above), as shown in the example below.

Expanded Service Names

We’ve expanded the list of Service names that are displayed with well known TCP and UDP Ports when using the Source/Dest Proto:Port dimensions. While we previously resolved only about 2000 service names, we now include approximately 12,000 port/service name mappings, and any port number listed in the public NMAP dictionary is available for resolution. NMAP sources this dictionary both from IANA’s allocation master file and their own curation efforts.

New Filter for Interface List

We’ve added an “SNMP but no Flow” filter to narrow the interfaces listed in the Interfaces List (Admin » Interfaces). Applying the filter will restrict the list to interfaces that should have flow enabled but do not. This is particularly useful when troubleshooting ports that have traffic reported via SNMP but show no flow, the most likely cause being misconfiguration ot the flow-generating device.

New View Types

We’ve added two new types of visualizations (see Chart View Types):

• Sunburst visualization: A density-based view in which the dimensions that make up the key definition are represented as concentric rings that are segmented into wedges representing the top-X results (see Sunburst Chart).

• Horizon charts: A compact time-based visualization in which each of the top-X rows is represented by one “lane” into which different-colored bands of results are overlayed, with higher volume results in front (for a fuller explanation, refer to Horizon Chart).

Enhanced Usability and UI

We’ve made a number of recent usability and UI improvements:

• Alerting Device Selector: The Device selector in alerting now matches the Device selection dialog used in Data Explorer, which enables device selection by Device Labels.
• Device Labels Scalability: Additional colors have been added to allow a greater range of Device Labels.
• Nesting in Saved Filters: Filters can now be saved even if they contain one or more nested filter groups. Additionally, as shown below, filters with nesting (saved or ad-hoc) can now be used in Alerting (Dataset tab of Alert Policy dialog).