sFlow Improvements For Visibility

We have identified a way for customers who run the sFlow protocol to achieve the benefits and visibility offered by Hybrid Maps and other portions of the product. sFlow sends Kentik per-flow byte counts attributed to physical interfaces, while most network operators configure IP addressing logical sub-interfaces. This leads to a disjointed experience in Kentik as our mapping services draw connections between devices based on the interface ID, where we find IP addresses configured. The queries needed to understand the data flowing between the devices rely upon a completely different interface ID.

To support this situation, users must supply a manual mapping of interface IDs to VLAN interface IDs. We have developed example code on how this can be automated using Juniper devices interface and VLAN names. Before running the code, the user will also need to configure the device using the new “Advanced sFlow” device type. Once the device has been modified, and a map supplied, the user can make use of three new dimensions:

• Source Physical Interface and Destination Physical Interface — the original physical interface index sent via sFlow. This is useful for filtering and grouping by the physical interface. It is also helpful for auditing the remapping correctness.
• VLAN Rewrite Occurred — the number of interface rewrites that occurred for this record. This is useful troubleshooting.

Layer 2 Support on Hybrid Maps

A new selector is available on the Hybrid Network Maps to select how Kentik draws connections between devices. Users can now choose to draw connections using layer 2, layer 3 or both.

Layer 2 connectivity requires that users run the LLDP protocol and allow Kentik to poll this data over SNMP. We will then find matches that only exist at layer 2.

Layer 3 connectivity was supported previously. Device adjacencies are determined by finding IP addresses that share a subnet smaller than a /24. We create matches for site-to-site adjacencies with the following connectivity types: Backbone, Data Center Interconnect and Device Aggregation. For device adjacencies in the site layouts, connections are displayed between devices sharing a subnet as long as the connectivity type is not configured as “Host.”

This metadata is also visible on the interface admin page:

New Onboarding Options

We are continuing to improve onboarding options to give customers and prospects more flexibility in learning about and evaluating Kentik. We now have separate paths for customers interested in flow, synthetics or a guided demo mode. The options will appear clearly on the revised onboarding page.

We have started to add guided, in-product demos of real-world use cases. We are starting with two different situation demos: 1. Troubleshoot VPN Issues or 2: Manage Network Costs. We expect to add an expanding list of use case situations over time.

Kentik's Product and Engineering teams are at it again this October 2020: a whole batch of new features have been delivered to delight our Synthetic Monitoring users - test configuration options got extended to allow the following

• we added 1 second test frequencies
• IPv4/v6 granular test configs
• new Network Test protocol choices

Read on and enjoy!

Testing Frequency

Kentik has introduced new testing frequency options that range from every 15 seconds down to every second. Furthermore, we have structured pricing for sub-minute synthetic tests to be very attractive. Kentik asks, “Your traffic is continuous, so why isn’t your synthetic testing?”

For the first time in the industry, Kentik makes synthetic testing practical for mission-critical applications such as machine, factory and warehouse automation, where high-frequency testing is required, missing nothing.

Per Test Configuration Options

We’ve added new options under the Advanced menu when creating new tests. Users can increase the number of probes sent per test (to gather more data points) or dial it down (to prevent flooding the network).

IPv4/v6

Users can now control whether a test will target both IPv4 and IPv6 addresses or just one type. This is particularly useful in Hostname and Autonomous tests, where we find a mix of IPv4 and IPv6 addresses.

TCP “Ping”

Choosing TCP (as an alternative to ICMP) at test creation time and specifying a destination port to test towards will result in a test that will send a certain number of TCP SYN probes and either expect a SYN-ACK or RST in response. This is currently only applicable to ping tests (not trace) and requires ksynth (agent) 0.0.6 or newer.

Reverse Path for Site-Mesh tests

Hovering over a subtest in a site-mesh test will now show path metrics in both directions and highlight both tests.

This feature exposes the current audit log, with some minor enhancements, to administrators of Kentik. Audit Log helps avoid configuration errors or confusion between administrators as they make changes to the various configurations in Kentik. Audit Log also provides a layer of accountability to prevent unauthorized changes that may impact the customer’s security posture. The ability to zero in on changes, find misconfigurations, and find root causes are typical benefits of Audit Log.

My Kentik Portal tenants are now able to partition flows across their tenants, leveraging custom dimensions. For example, this can be useful for tenants, provisioned on a layer two network, where their port’s MAC address uniquely identifies them.

Any number of Custom Dimensions are supported. Each Custom Dimension selection is OR’ed. This is supported via a User Filter. You can automatically replace filters in dashboards that match tenants’ custom dimension definitions to provide inbound and outbound dashboarding capabilities.

Interface Utilization Spike and Interface Utilization Drop Insights are Kentik Insights that automatically analyze interface utilization changes via the SNMP interface input bit rate. An Insight is fired when it detects a particular pattern of utilization.

Additionally, we have developed an algorithm that processes flow data associated with this interface and finds the best fitting root cause of the spike/drop. This Kentik Insight brings together SNMP interface metrics with Flow traffic. And our first Insight does two layers of algorithms.

• As suggested by several users, we’ve added the AWS Interface ID back into the platform for use in the Data Explorer, Dashboards, and Alerting. This is useful for users that want to filter their views to zoom in traffic that flows through specific Elastic Network Interfaces (EINs), such as load balancers, ingest nodes, or VPN/Internet gateways.
• We’ve added support for the AWS V4 VPC Flow Log format. This log format allows users to specify new fields and create customized export templates.

Over the summer, Kentik announced a new partnership with Silver Peak, a market leader in SD-WAN solutions. The two companies offer advanced SD-WAN visibility to keep businesses and their networks operating optimally through the new partnership. For many enterprises, SD-WAN enables organizations to meet the network connectivity, performance and security demands of distributed and increasingly remote workforces. At the same time, enterprise network teams must overcome the visibility gaps across different parts of their distributed infrastructures, whether on-premises or in one or multiple clouds.

Since the announcement, Kentik has continued to expand support for Silver Peak, adding support for new IPFIX fields, including:

• Dimensions
  • Application Name
  • Business Intent Overlay
  • Application Category
  • From Zone and To Zone
  • Firewall Event
• Metrics
  • Network To Server Delay
  • Network To Client Delay
  • Client To Server Response Delay

Some useful pointers on Kentik's Silver Peak integration work:

• Solution Brief
• Kentik Tech Talk on SD-WAN and Silver Peak
• SDX central media coverage
• SD-WANresource.com media coverage

We have identified and improved several DDoS features as requested by our customers, with more to come. 

Here is a summary of the recent enhancements:

• We’ve added 1-minute interval polling for our threshold queries, ensuring that users can trust the data represented on the screen when configuring policies
• Users can now customize DDoS policies to include different dimensions or metrics to create a more tailored detection system or experience for their network
• The workflow to set up DDoS policies now includes user-friendly options for quicker configuration
• Users can now create ad-hoc policy metrics and dimensions
• We now support “Greek prefixes” (Gbits/s, Mbits/s, etc.) for policy configuration
• We now illustrate accurate max values over a time series data set, ensuring that we don’t steer users towards configuring artificially low thresholds
• The mouseover no longer blocks the useful data displayed in the threshold window
• Amplification policies are now simplified
• Disabled policies remain visible

We’ve launched a new agent-based approach for IBM flow logs that allows customers to directly export cloud flow logs to Kentik without also requiring changes to security authentication policies.

Read the Kentik IBM Cloud knowledge base article for more details !

Kentik now supports vendor-specific MIBs via SNMP device metrics. We are discovering the vendor, then polling the right OIDs and applying the right algorithms to construct a normalized dataset. This capability will allow us to poll a growing list of vendor-specific metrics in the future.

Device metrics are available in the following areas: 

• Site
• Network Device
• Interface Health via the Hybrid Map
• Dashboards
• Data Explorer
• ...and Custom Insights (alerting).