OTT and CDN Analytics Overview

As much as some of us in the networking industry wouldn't like to admit, no one actually cares about the network. Now, maybe that seems like a provocative statement to you, but think about what we use the network for. We don't use it for its own sake, but to access all manner of services, usually in the form of applications hosted somewhere else in the world, whether that's across town or across an ocean, Kentik's visibility of over-the-top services and CDN analytics Go a layer above the packets on the wire to give you a deeper understanding of what's happening with actual application activity on your network. And over the public internet. It's kind of like the difference between just seeing more data and understanding why a network is behaving a certain way or an application is performing the way that it is. So with me today is Steve Meuse, a solutions architect at Kentik, focused on the service provider space and a subject matter expert in Kentik's OTT and CDN analytics. Steve, Thanks for joining me today. Before we see the Kenik solution in action, would you mind briefly explaining what over-the-top services are and why having an understanding of OTT is so important today? Well, in short, OTT stands for over the top. But what it really means is that it's the applications that all our families use all day long. So it's the over-the-top video services like Netflix and Hulu and YouTube, social media like Facebook. And so forth, all the applications that we use day to day. Now, the reason why they're classified as they are is because before the traditional access providers would be providing the video services to the subscriber, and that would have been done over linear transmission through cable or fiber or some other mechanism. Now that the delivery of this content is all coming from the IP side of it, we consider that over the top, over the top of the cable. Right so why it's so important today is because now as time has marched on, the consolidation of this traffic has really come from fewer and fewer total traffic sources provided by some smaller number of CDNs, whereas years ago content sources were hundreds of thousands varied across the entire internet and it's very been very much consolidated. So now understanding how a particular application is delivered to your network becomes so much more critical because at the end of the day, it's going to provide reduction in total support cost in terms of phone calls into your support centers and things like that. And having a real strong understanding of how these services map to your physical network infrastructure becomes increasingly more important to reduce those support costs. All right. Well, that makes sense to me. I mean, I get the importance of why we need a deeper understanding of how applications are being delivered over the network from a technical perspective, quality of experience. But you also mention cost, which is something that I think many engineers like myself forget about sometimes. So can you explain to me what Kentik is doing specifically to solve this problem? What are we doing to give visibility into over-the-top services and analytics of content delivery networks? Well, traditionally this type of visibility was obtained by using things like DPI, deep packet inspection and DPIs forte was being able to look deep into the packet to understand the performance of that particular application that was running over the wire. DPI was very capital intensive. It's very support intensive. Like it's, it's a major, major uplift to, to support and it doesn't necessarily tie the application to your network infrastructure more broadly. DPI is a point in time, point in place solution. What Kentik does is we utilize some data sources that you're likely already collecting on the network, such as network flow data, BGP data, SNMP data and then adding an additional layer on top of that like DNS telemetry to allow us to give you that, that mapping to those applications that are so critical to running today's businesses, but more importantly, tie it to that infrastructure so that your support teams can really understand how they're being delivered to you. OK so then, Kentik gives us the visibility that we need into OTT services, but without the unnecessary and heavy lift and cost of capturing and processing every single packet, which is what you do with DPI. Is that right? That's right. Yeah you're likely already collecting most of those data sources if you're a cable operator, an access operator, or even backbone operator. So those data sources already exist in the network. There are likely already being collected. So it's just a matter of bringing them all together within the Kentik portal to be able to unlock that layer of visibility that's become so important to today's operations. OK but Steve, I know that DPI is pretty much mandatory for certain types of visibility, like doing a forensics analysis after a security breach. So does that means we're missing? Does that mean that we're missing information if we're not doing DPI? Depending so typically Kentik operates off of sampled NetFlow data. So we're sampling one out of n number of flows. So on a very small layer, we could potentially be losing some information. But more broadly, if we're sampling very large amounts of data will still likely be able to capture a lot of that information as well. OK yeah, that makes sense. And the reality is, I know from my experience when you sample data from such a large data set, in this case, millions and millions of packets, I know that we're actually getting a statistically very accurate picture of what's going on in spite of not capturing every single packet. So so Steve, this has been a really helpful conversation so far, but would you walk us through the Kentik solution in action? Yeah, absolutely. Here in the Kentik interface, we have dedicated workflows for understanding our CDN and OTT traffic. Here in the CDN analytics workflow, we have the ability to understand how much traffic is being delivered by our CDNs, our content delivery networks, and if those content delivery networks are offering dedicated embedded caches that we have installed in our network. We can measure the performance of those caches. So in cases like Netflix, who has a defined set of library, they have very high cache efficiency. So they can provide a lot of their content from their caches, whereas other cache providers have much more dynamic traffic. So their efficiency tends to be a little bit lower. These are example networks, but they give you a rough approximation of the global performance of each of these caches. But more importantly, we can give you a breakdown of traffic by all of these different content delivery networks, whether it be Apple, Akamai, Fastly, et cetera. So if we can drill into Akamai, we can see all the information that we have about Akamai, how many different ASNs, their peering DB information, but more importantly, how are we getting this content delivery from them? Is it coming from caches? Is it coming from our transit connections via exports or free private peering? How is that traffic making it to our network? And then also the ability to tie it directly to our infrastructure. Which router porters are coming in? Is it coming in over transit? Is it coming over IX ports, etc.? And then break that down by city and/or network site in our parlance. Right and then also give you the ability to drill in even further, to give you, which sources, what OTT sources are being delivered and giving you a rough approximation of performance per content delivery network. Now from here, the question usually we get asked is, well, that's it's really nice to be able to see how the CDN traffic is delivered to us. But more importantly, what are the services that are being offered from these content delivery networks? And here we have a dedicated workflow for that called OTT service tracking. Steve, if I can interrupt, I have a quick question for you. I'm seeing some really interesting information on the screen here. So what specific data sources are you using to populate these graphs and charts? Phil typically we're using four different data sources. We use the base layer of information as IP NetFlow on top of NetFlow, That gives us information about the volumes of traffic. On top of NetFlow, we do things like SNMP metadata, which gives us information about how the network is built, BGP routing data, which gives us the internet context and then DNS telemetry. So we understand what services the customers are actually requesting from the network. Once we have that four layer of information, we can start to give you a breakdown of the traffic by 3 effective major categories. First, the category of the traffic, whether it be video, social networking, gaming, software updates, things like that, which providers are providing those services, whether that be Netflix, Microsoft, Sony, Facebook, you know, the aggregators of all this. And then what are the individual services that are being delivered? So if we were to look at the Kentik interface here, we can see our broad categories, video gaming. We have a histogram. So we can understand, do we have a peak? Is something out of the ordinary. But I can also drill into it and show you the ranking of the services within this category. And it's really interesting here too, because our access providers who providing their own video over IP services tend to can map those services and display them in the ranking here so that if you're cable company x, you can have your cable company X video services ranked right next to YouTube so you can understand how you rank compare to these other video services. In terms of the provider, you know, a number of these providers will have multiple different video services. Facebook's an example of that, Facebook provides Facebook video, Facebook social media, Instagram, Messenger, Oculus. These are individual services that we can pull out of the total flow to Facebook, and then we will be able to give you some information about them. And then there's the actual individual services that are coming in over the top. And a great example of that is Disney+. Disney+ is a new service that was created a handful of years ago, and it created a specific problem for Kentik access customers, where Disney+ didn't really tell everybody ahead of time, which content delivery networks they were going to be delivering this new service from. But everybody knew that this service was going to be a huge amount of traffic that they were going to have to deal with. Well Kentik gave them the ability on day one of the service being launched to show them the breakdown of the different content delivery networks that were going to be delivering that traffic to the access network. So these customers, Kentik customers who had the OTT workflow enabled, were immediately able to reach out to these content delivery networks to provision the extra capacity that they needed to be able to safely handle this new service that was going to be a very large volume of traffic. So in our example network here on the screen, we can see that Lumen, Akamai, Fastly and Edgecast Verizon caches or CDNs were able to provide that traffic and our customers were able to provision additional capacity with them very quickly. Once we understand what content delivery network is providing that over-the-top service, we can then map that OTT service to the physical infrastructure. This allows us to understand does Disney+ come in the same way that Hulu comes in, or in the case of, say, Microsoft, where they have multiple services and they're getting maybe some phone complaints about, you know, Xbox gaming, having performance problems. But when they go and look at their interconnects with the Microsoft network, they don't see any issues. But then they realize by utilizing the Kentik workflow that Xbox Live is coming in over an embedded cache and not through traditional interconnect with Microsoft. So it allows them to see on an individual service how it maps to the actual network. Steve, I have another question for you. You explain how we can identify types of traffic, providers, volume, some information about how we're ingesting it. But are there any indicators of performance that you can show us? Absolutely so for each individual, OTT service Kentik has the ability to look down into the subscriber level and give you a rough approximation of performance looking at bit rates. And we can do that by taking the total volume and giving you a rough approximation, by looking at the number of subscribers actively being served by the service right now. So here we can see for Disney Plus. At this particular point in time, we have a rough performance per subscriber of some particular bitrate and that gives us a rough idea of what the performance is for this particular OTT service. Great thanks, Steve. This has been really a great walkthrough of Kentik's OTT and CDN analytics solution, and I think it's clear today, now more than ever, an awareness of what's happening on our networks from an application perspective, not just seeing more individual data points is more important now than it's ever been for making smart technical decisions for sure, and also business decisions. So I do appreciate how you explained that Yes, there are absolutely valuable insights that we can glean from Kentik's OTT and CDN analytics, which we need for successful network operations. But there's also a great amount of business value that we can mine out of the data to help make those more abstract business decisions about how we manage traffic. So very helpful. Thanks again. So to learn more about Kentik's service provider analytics solution visit kentik.com/analytics and you can always reach out to your local Kentik representative as well. Thanks very much.