kentik Product Updates logo
Back to Homepage Subscribe to Updates

Product Updates

Latest features, improvements, and product updates on Kentik's Network Observability platform.

Labels

  • All Posts
  • Improvement
  • Hybrid Cloud
  • Core
  • Service Provider
  • UI/UX
  • Synthetics
  • Insights & Alerting
  • DDoS
  • New feature
  • BGP Monitoring
  • MyKentik Portal
  • Agents & Binaries
  • Kentik Map
  • API
  • BETA
  • Flow
  • SNMP
  • NMS
  • AI

Jump to Month

  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • July 2021
  • June 2021
  • May 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • October 2020
  • September 2020
  • June 2020
  • February 2020
  • August 2019
  • June 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • September 2018
  • August 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • April 2016
ImprovementHybrid Cloud
3 years ago

Cloud: Major Aug/Sept 2021 Update

The months of August and September 2021 are synonymous of a large feature dump in the Cloud section ! While there's too much in it for a comprehensive summary, read the full details below to get your monthly fix of Cloud features.


Security Group & Network ACL Visibility in Kentik Map

Further burnishing our credentials as the cloud network engineers’ tool of choice for troubleshooting connectivity issues in AWS, we’ve just added a new sidebar feature to the Kentik Map, Security Groups & Network ACLs.

This sidebar enhancement enables network engineers to find traffic that is currently being dropped by AWS security groups or network ACLs applied to the selected VPC or subnet. The component analyzes the selected VPC or subnet for denied traffic into or out of the network environment and then crawls through the company’s AWS metadata to allow users to determine exactly what traffic has been dropped. The component also helps users understand which security group or network ACL policies caused the traffic to be dropped.

The system works by running a query of the flow logs to or from the selected VPC or subnet to find any traffic that had been marked by AWS as REJECTED. It then analyzes the direction of the traffic to provide an at-a-glance view of these traffic flows, as well as a convenient method for searching through the traffic to find a particular source or destination.

If a user wants to find more information about why particular traffic was dropped, they only need to click on the row to open an analysis window:

The system highlights rows that contributed to the specific traffic being dropped, making it easy to determine what policy needs to be updated and even which rule could be modified in order to rectify a misconfiguration.

Users can also view these access control policies directly from within the map — a very cumbersome task using only the AWS console and/or CLI. Kentik Cloud users now need only click on View Security Groups or View Network ACLs buttons in the sidebar and the system will open up a dialog showing exactly which policies are applied to the selected object and allow the user to browse the rules associated with each policy.

Support for New AWS Dimensions

Several months ago, AWS introduced support for the following dimensions in AWS flow logs:

  • Source/Destination Packet Address: Network traffic is often encapsulated — think of NAT gateways and GRE. AWS surfaced this dimension to help users determine the original source or destination of traffic and gain a deeper understanding of how traffic flows through a cloud environment.
  • Source/Destination AWS Service: Traces traffic to or from AWS services, even if the traffic is tunneled. This new dimension maps the traffic based on the packet address.
  • Traffic Path: This dimension shows the path that egress traffic takes towards its destination.
  • Flow Direction: Marks the direction of traffic from source to destination as ingress or egress.

ENI Tagging and Dimensions

Flows are generated from network interfaces that attach infrastructure to the network. In AWS parlance, these interfaces are called ENIs (elastic network interfaces). Mapping flows based on ENIs provides an opportunity to add new dimensions to group and filter by ENI type, as well as group or filter traffic by source and destination ENI. These new dimensions allow our users to construct super-precise flow queries that don’t double count traffic to or from instances, through gateway and load balancers as well as special infrastructure like Lambdas. This is an important advantage for Kentik Cloud users.

Cloud-Native Views for Kentik Map

We also created a more welcoming experience in the Kentik Map for cloud-native/cloud-only customers. Our previous version of the map assumed that users always had an on-prem network (or would soon be adding one). The result was that the cloud infrastructure was tucked away in the Cloud Block, while the large on-prem block remained a bare focal point on the map.

No longer! Now, when single cloud users without an on-prem network register their clouds in Kentik, the map will open up either directly in their cloud’s most appropriate view — and multi-cloud users without an on-prem network will be presented with a new multi-cloud view in the center of the map. If and when users decide to add on-prem network devices to Kentik, their experience will go back to what we are used to today (an on-prem centric view of the Kentik map).

Improvements in Sidebar Traffic Queries

Did you know that sites don’t need to be directly connected to each other in order to show traffic lines in the Kentik Map? Several quarters ago, we introduced a feature called “Draw Links Using…” which enabled users to select an option to draw links based on BGP Ultimate Exit as well as Site IP addresses configured in the site architecture dialog. This enables “island” networks (networks without a backbone) or SD-WAN networks to configure their sites and easily run traffic queries between sites.

These lines are drawn by queries using new dimensions called Source/Dest Site by IP and Site Type by IP. Because we’d heard that some new business was based on this, we’ve responded by adding these dimensions into the sidebar for convenient analysis in the map.

Another quick but important usability improvement was to create a new sidebar section titled “Details.” This prevents map objects (subnets, VPCs, gateways) with lots of metadata from making the sidebar unusable.


Azure Updates

A major improvement we’ve added for Azure is the ability for companies that centralize the collection of NSG flow logs into a single storage account to create “metadata-only” exports for resource groups within the same region. To make this work, simply disable the slider called “Enable Flow Logs for this Export” on any resource groups that don’t have their own storage account associated.

We’ve also implemented some improvements to our Azure services based on customer feedback as well as added infrastructure resiliency and backend code improvements. Stay tuned for more improvements this and next quarter as we continue to round out our cloud offerings.

New Cloud Tour in Demo Mode

We’ve added a sixth tour to Kentik’s Demo Mode, which walks users through a troubleshooting scenario involving connectivity problems between AWS resources and an on-premise database. The new tour highlights the difficulty of conducting this kind of troubleshooting in complex cloud environments with existing tools, and makes very clear Kentik’s strength in helping solve these issues.

New Weather Map

This month we are excited to announce beta availability for our new Weather Map — a new core feature of Kentik Maps.

One of our global backbone customers as shown in the Weather Map

Our new Weather Map shows network engineers how their network looks so that network architectures and the current traffic patterns can be understood at a glance. This feature was one of the most requested enhancements to Kentik Maps since we went live, and we’ve only begun to scratch the surface in terms of what we plan to do here.

Today, the Weather Map is simple. It renders a company’s sites over a geo-political map, using the customer’s configured site addresses to translate to latitude and longitude coordinates. We also cluster groups of sites within the same region to declutter the map; as users zoom towards these clusters, the cluster breaks open, revealing the sites positions on the map below. Between sites (and clusters) of sites, we’ll draw links using the connected interfaces so customers can view their backbone network utilization and click on links for easy traffic analysis.

We’ve got an amazing roadmap of features coming out for Kentik maps this quarter, so stay tuned for future updates to Weather Map, AWS map and site maps in Q4.

Historical Queries

Another great new feature enhancement is our ability to rewind the clock and show users how their AWS network (and associated traffic) looked in the past, using historical metadata.

When we launched the Kentik Map for AWS, we began with a metadata service that only stored metadata describing the current state of the user’s network. However, if a user adjusted the time window to find specific flows, we assumed that the AWS architecture was the same during the specified query window as it was when the query was actually run. We knew this would eventually require historical support, which took time to design and implement.

However, that day is here! Users can change the to/from dates in the Kentik Map and we will update the map to show the user what the environment looked like during that time. If we took multiple “snapshots” of metadata during the specified time, we will show the most current we have for the time window.

This means that if traffic used to flow through a gateway that was subsequently deleted, we’ll show that gateway on the map. If traffic entered a subnet that only existed for a day or an hour — we’ll draw that subnet on the map.

Clickable Lines in the Kentik Map for AWS

We’ve added the ability to click on a line within AWS and get instantaneous traffic details for the line! In prior versions of the Map for AWS, users could only click on Map elements such as Subnets, Gateways, etc. Understanding and analyzing traffic between elements was left as an exercise for the user to construct queries using the Data Explorer. Now users can click on lines between subnets (“Show Connections”), lines between gateways, and lines to and from internet ASNs.

NAT Gateways and Transit Gateways

We also improved upon the way that the Kentik Map rendered traffic to and from gateway objects. Previous versions of the Kentik Map couldn’t determine the amount of traffic entering a subnet from a gateway. Now that we’ve switched our flow enrichment over to using network interfaces rather than only IP addresses, we can indeed show traffic from this infrastructure entering your customer’s environments.

Avatar of authorChristoph Pfister