Hybrid Maps now supports path visualization in all of our layouts. With Hybrid Maps, NetOps teams gain an immediate and single, unified view to understand topology state, traffic flows, network performance and device health status within and between multi-cloud, on-prem and internet infrastructures.

To see the new path visualization, apply a sidebar filter to express the traffic you want to see visualized in the maps.

The Kentik Network Observability Platform provides the most comprehensive data across all public, private, and hybrid networking environments, including flow records, streaming telemetry, SNMP data, device configurations, and synthetic performance metrics. 

With Kentik Firehose, you can now send all this data from Kentik into your application monitoring tools (e.g., New Relic, Splunk, InfluxDB, Elasticsearch, AWS S3, etc.), and publishing platforms (e.g., Kafka, AWS Kinesis, Google Pub/Sub, etc.).

For further information see the Kentik Firehose Solution Overview. 

Firehose closes the network observability gap and lets you uncover insights, and effectively troubleshoot your apps with full context and data about your networks included in the tools you use.

Examples of exportable data include:

• Flow data from NetFlow, sFlow, IPFIX
• VPC flow logs from all major public clouds
• Streaming telemetry from all major vendors (Juniper, Cisco, Arista)
• SNMP device metrics (CPU, memory, network interface)
• Synthetic measurements
• Internet, ISPs, CDNs
• Correlated and context enriched data from the customer’s application, infrastructure, geo-location, business environment, and other customer-defined dimensions

Data formats include:

• Output formats: JSON, NetFlow, AVRO, InfluxDB line protocol, Prometheus endpoint
• Compression algorithm: none, gzip, snappy, null, deflate
• Data sinks: .Net, Kafka, Kentik, stdout, file, New Relic, HTTP, Splunk, and more coming
• Rollups groups: type, metric, dimension 1, dimension 2, …, dimension n.
• Filters: string, src_addr, ==, 12.0.1.2

Customers are using Kentik Firehose to:

• Troubleshoot performance in complex application environments. Network data from Kentik allows teams to understand application performance in context.
• Combine network and infrastructure data all in one place for analysis and storage. IT teams use Firehose to send data to other systems like data lakes, with formats like JSON and AVRO. This data enables more cost-effective storage and the ability to perform complex analysis, with the data all in a single place.
• Enhance cross-domain analytics to detect threats. Security and risk management teams can correlate Kentik’s Firehose data to rapidly detect, analyze, investigate, and actively respond to threats. Using data like geolocation and network flow allows for a better understanding and easier identification of threats.

Site IP Classifications

Site IP Classification provides a way to define what site traffic originates from or what site traffic terminates to. This is particularly useful for our enterprise network customers to be able to track which data centers, branch offices, infrastructure hosts, or even employees are utilizing the network.

The configuration of this mapping is in the Manage Sites page in the settings.

In the following dialog, provide a comma separated list of IP CIDRs of the appropriate networks that are located at a particular site. Doing this configuration will tag each of your traffic flows with the appropriate values in the following dimensions:

• Site by IP: The site name based on the site IP mapping
• Site Type by IP: The site type (Data Center, Cloud, Branch/Building, Connectivity PoP, Customer/Partner, Other) based on the Site IP Mapping
• IP Type (to be released soon): The IP Type (Infrastructure Networks, User Access Networks, Other IPs) based on the Site IP Mapping

New Settings Details Sidebar

Usability and design are very important to us at Kentik. We constantly look for ways to improve the readability and utility of the information that is presented. More importantly, we respond to our customer feedback. We have updated the design of a few of our most-used setting pages to provide a cleaner and more organized presentation of the most important aspects of your network — Interfaces and Devices. Take a look and let us know what you think by submitting your input via the “Feedback” link at the top right of the Kentik window.

sFlow Improvements For Visibility

We have identified a way for customers who run the sFlow protocol to achieve the benefits and visibility offered by Hybrid Maps and other portions of the product. sFlow sends Kentik per-flow byte counts attributed to physical interfaces, while most network operators configure IP addressing logical sub-interfaces. This leads to a disjointed experience in Kentik as our mapping services draw connections between devices based on the interface ID, where we find IP addresses configured. The queries needed to understand the data flowing between the devices rely upon a completely different interface ID.

To support this situation, users must supply a manual mapping of interface IDs to VLAN interface IDs. We have developed example code on how this can be automated using Juniper devices interface and VLAN names. Before running the code, the user will also need to configure the device using the new “Advanced sFlow” device type. Once the device has been modified, and a map supplied, the user can make use of three new dimensions:

• Source Physical Interface and Destination Physical Interface — the original physical interface index sent via sFlow. This is useful for filtering and grouping by the physical interface. It is also helpful for auditing the remapping correctness.
• VLAN Rewrite Occurred — the number of interface rewrites that occurred for this record. This is useful troubleshooting.

Layer 2 Support on Hybrid Maps

A new selector is available on the Hybrid Network Maps to select how Kentik draws connections between devices. Users can now choose to draw connections using layer 2, layer 3 or both.

Layer 2 connectivity requires that users run the LLDP protocol and allow Kentik to poll this data over SNMP. We will then find matches that only exist at layer 2.

Layer 3 connectivity was supported previously. Device adjacencies are determined by finding IP addresses that share a subnet smaller than a /24. We create matches for site-to-site adjacencies with the following connectivity types: Backbone, Data Center Interconnect and Device Aggregation. For device adjacencies in the site layouts, connections are displayed between devices sharing a subnet as long as the connectivity type is not configured as “Host.”

This metadata is also visible on the interface admin page:

New Onboarding Options

We are continuing to improve onboarding options to give customers and prospects more flexibility in learning about and evaluating Kentik. We now have separate paths for customers interested in flow, synthetics or a guided demo mode. The options will appear clearly on the revised onboarding page.

We have started to add guided, in-product demos of real-world use cases. We are starting with two different situation demos: 1. Troubleshoot VPN Issues or 2: Manage Network Costs. We expect to add an expanding list of use case situations over time.

Kentik's Product and Engineering teams are at it again this October 2020: a whole batch of new features have been delivered to delight our Synthetic Monitoring users - test configuration options got extended to allow the following

• we added 1 second test frequencies
• IPv4/v6 granular test configs
• new Network Test protocol choices

Read on and enjoy!

Testing Frequency

Kentik has introduced new testing frequency options that range from every 15 seconds down to every second. Furthermore, we have structured pricing for sub-minute synthetic tests to be very attractive. Kentik asks, “Your traffic is continuous, so why isn’t your synthetic testing?”

For the first time in the industry, Kentik makes synthetic testing practical for mission-critical applications such as machine, factory and warehouse automation, where high-frequency testing is required, missing nothing.

Per Test Configuration Options

We’ve added new options under the Advanced menu when creating new tests. Users can increase the number of probes sent per test (to gather more data points) or dial it down (to prevent flooding the network).

IPv4/v6

Users can now control whether a test will target both IPv4 and IPv6 addresses or just one type. This is particularly useful in Hostname and Autonomous tests, where we find a mix of IPv4 and IPv6 addresses.

TCP “Ping”

Choosing TCP (as an alternative to ICMP) at test creation time and specifying a destination port to test towards will result in a test that will send a certain number of TCP SYN probes and either expect a SYN-ACK or RST in response. This is currently only applicable to ping tests (not trace) and requires ksynth (agent) 0.0.6 or newer.

Reverse Path for Site-Mesh tests

Hovering over a subtest in a site-mesh test will now show path metrics in both directions and highlight both tests.

This feature exposes the current audit log, with some minor enhancements, to administrators of Kentik. Audit Log helps avoid configuration errors or confusion between administrators as they make changes to the various configurations in Kentik. Audit Log also provides a layer of accountability to prevent unauthorized changes that may impact the customer’s security posture. The ability to zero in on changes, find misconfigurations, and find root causes are typical benefits of Audit Log.

My Kentik Portal tenants are now able to partition flows across their tenants, leveraging custom dimensions. For example, this can be useful for tenants, provisioned on a layer two network, where their port’s MAC address uniquely identifies them.

Any number of Custom Dimensions are supported. Each Custom Dimension selection is OR’ed. This is supported via a User Filter. You can automatically replace filters in dashboards that match tenants’ custom dimension definitions to provide inbound and outbound dashboarding capabilities.

Interface Utilization Spike and Interface Utilization Drop Insights are Kentik Insights that automatically analyze interface utilization changes via the SNMP interface input bit rate. An Insight is fired when it detects a particular pattern of utilization.

Additionally, we have developed an algorithm that processes flow data associated with this interface and finds the best fitting root cause of the spike/drop. This Kentik Insight brings together SNMP interface metrics with Flow traffic. And our first Insight does two layers of algorithms.

• As suggested by several users, we’ve added the AWS Interface ID back into the platform for use in the Data Explorer, Dashboards, and Alerting. This is useful for users that want to filter their views to zoom in traffic that flows through specific Elastic Network Interfaces (EINs), such as load balancers, ingest nodes, or VPN/Internet gateways.
• We’ve added support for the AWS V4 VPC Flow Log format. This log format allows users to specify new fields and create customized export templates.