Latest features, improvements, and product updates on Kentik's Network Observability platform.
We are happy to announce the support for the Google Cloud firewalls for Kentik Cloud.
For customers looking for an easy and simple way to check and troubleshoot connectivity inside GCP and see what type of traffic is being denied by the configured firewall rules, we show that under the "Details" sidebar for every VPC.
We are excited to announce Version 1.0 of Kentik Map for GCP, which provides an analogous experience to the AWS and Azure maps in Cloud.
While the concept is largely the same, there are some differences in the GCP map organization compared to our AWS and Azure maps based on the way resources are organized in GCP.
For example, in contrast to the AWS topology map, which groups VPCs by region, the GCP map groups regions by VPC. Each region has its subnets listed beneath it.
The searchable GCP map displays traffic and routing data for the resources shown. We enable support for historical views back into your topology and metadata in GCP.
Visualizations from the GCP map include:
In the coming months, we will continue building GCP observability to achieve parity with our AWS and Azure offerings, adding functionality such as security group support.
Our platform aims to provide customers full support for all clouds with a consistent user experience. Kentik Cloud abstracts away the differences in cloud network interfaces to maintain cohesive multi-cloud workflows in the Kentik Portal.
Setup instructions for the GCP Map are here in our Knowledge Base.
We are excited to announce support for a historical look back into your topology and metadata that will help you to monitor your cloud infrastructure more efficiently.
It is easier now to keep track of changes in your topology and metadata, such as VNETs, gateways, vWAN hubs, and Express Routes and their connections. You can use the map feature to quickly see what has changed without digging through logs or reports. It also provides a visual representation of your cloud topology at any historical moment, making it easy to spot any changes made.
We hope this new feature makes it easier for you to keep track of your cloud environment and ensure it runs smoothly. If you have any questions about Azure Cloud Map support for historical view, don't hesitate to contact our customer support team. We are here to help!
We are happy to announce the support for the Azure vWAN service in Kentik Maps and Data Explorer, with dimensions for vWAN hubs.
On Kentik Maps, vWAN components are shown in two places:
In addition, Data Explorer now has Ingress and Egress Virtual Hub dimensions that allow you to see precisely which virtual hubs were used by your traffic flow on their way to their destination.
vWAN service support will be a significant aid in troubleshooting your global cloud network deployments.
It’s possible now to check for a traffic flows that were denied by the NSG rules configured on a Subnet or VNET level.
There are two ways how you can see that traffic:
We’re excited to announce our beta launch of Kentik Kube, an industry-first solution that reveals how K8s traffic routes through an organization’s data center, cloud(s), and the internet.
With this launch, Kentik can observe the entire network — on prem, in the cloud, on physical hardware or virtual machines, and anywhere in between. Kentik Kube enables network, infrastructure, platform, and DevOps engineers to gain full visibility of network traffic within the context of their Kubernetes deployments — so they can quickly detect & solve network problems, and surface traffic volumes from pods to external services.
Kubernetes has become the de facto standard for cloud-based applications. As companies migrate their workloads, ensuring the reliability, connectivity and performance from user applications and their clusters, to the entire infrastructure and internet is critical.
Very often, pods and services experience network delays that degrade a user’s experience. It is difficult to identify which Kubernetes services and pods are experiencing network delays. The complexity of microservices leaves engineers wondering if the network reality matches their design, who are the top requesters consuming Kubernetes services or which microservices are oversubscribed, and how the infrastructure is communicating both within itself or across the internet.
We built Kentik Kube to provide visibility for cloud-managed Kubernetes clusters (AKS, EKS, and GKE) as well as on-prem, self-managed clusters using the most widely implemented network models. Teams responsible for complex networks can:
Improve network performance
Gain end-to-end K8s visibility
Validate policies and security measures
Kentik Kube relies on data generated from a lightweight eBPF agent that is installed onto your Kubernetes cluster. It sends data back to the Kentik SaaS platform, allowing you to query, graph and alert on conditions in your data. This data coupled with our analytics engine, enables users to gain complete visibility and context for traffic performance inside and among Kubernetes clusters.
Kentik Kube provides east-west and north-south traffic analytics inside and among Kubernetes clusters.
Network map showing EKS clusters communicating between AWS regions.
Kentik Kube can display details so you can see if your route tables, NACLs, etc. are all configured correctly. You can drill down into a cluster to see if there are latency or other issues. Our eBPF telemetry agent deployed into these clusters lets you see the traffic between nodes and pods as well as any latency.
Kentik Kube is now in beta. You can apply to trial the beta by clicking on the Kentik Kube section of the menu. Please share your feedback with us. We’d love to hear what you think.
A lot of new additions have surfaced in February 2022 in the Kentik Map UI. Amongst others, users will find: a health digest reporting function, new layers for AWS Regions and cloud backbone, as well as improvements in the map legends.
An indicator in the toolbar gives a count of issues we’ve discovered on your network and opens a popover that provides a high-level rundown. Click the View Problems button to see a list detailing the issues, then drill down to the map to see an impacted component in the context of its surrounding infrastructure.
Mousing over the new health indicator in Kentik Map will provides a high-level rundown. Clicking View Problems will provide a list and details for each issue.
The health problems list and details can be viewed by clicking View Problems.
A new layer selector for the Kentik Map lets you choose which categories of overlays to display, including link traffic types, traffic layer types, cloud regions and backbones, traffic utilization, health, and clustering.
The new Layer Selector in Kentik Map and Weather Map lets you choose which categories of overlays to display and the popups for each allow control over the option specifics.
The legends that identify the value ranges represented by link colors are now persistent, so it’s always easy to see what the colors mean.
The color code legend on Kentik Map is persistent.
A layer for AWS regions and backbones has been added to the Kentik Map.
Kentik Map now includes an overlay for AWS Cloud Regions and backbone traffic as are displayed here with AWS US West (N. California).
As usual, our Cloud Product team turned around a ton of great enhancements to the Kentik Cloud and Map products over the month of December 2021. More than ever, Kentik goes one step closer from being the only and most complete Hybrid Cloud observability solution out there. See for yourself.
This month saw one of the largest updates to the Weather Map yet. In this release we’ve incorporated several new features worth discussing. We added layers that allow users to view utilization and/or health data into their map, along with a nifty layer selector:
A major use case for Weather Map in ISPs and large backbone networks is to assist users in performing capacity planning exercises. In order to accomplish this, we needed to color the map based on interface utilization rather than total bytes. This means that our new map breaks down the interface utilization of a single interface or an aggregated bundle and buckets these interfaces into 10 groups of increasing utilization.
We also needed to add in support for interface bundling as well as support visually aggregated interfaces when more than one link connects a site cluster to another site or another cluster. To support this, we use the backend attributes that we poll from our customer’s SNMP data to determine if an interface is configured as part of a bundle or is operating as a single interface.
If a link is drawn between two site clusters, we’ll aggregate the bandwidth over both links and calculate the total utilization on the fly:
When a user clicks on this link, the system allows them to choose which link they’d like to focus on:
We’ve also added in sidebar improvements that make selections of Sites and Links easier. Consider the following example. A user has clicked on the 3 site cluster in the Chicago region on the Kentik map:
The sidebar now opens up with a running count of the sites and links interconnecting the sites.
Expanding these elements allows to interactively browse the map:
We have also started to resurface health on the Weather Map. We started by adding health into the cluster popovers as such:
Of course, we also show the site health on the canvas and sidebar as well. Here we see an unhealthy ORD1 site on the canvas:
And a list of all of the sites within a view color-coded by health in the sidebar:
You will notice that we also now color links by health. We currently have two link-health states — down and degraded:
Down indicates that the router that originates or terminates a link has reported an ifOperStatus of DOWN or administratively shut down, while Degraded state means that the system is reporting errors.
A popular request we’ve heard is to show a user’s site topology without having to load the entire site view. We now show the site topology in the sidebar itself. This is useful for getting at-a-glance understandings of how sites are constructed and is a step closer to our next iteration which allows users to see the devices that connect to other sites directly on the Weather Map canvas.
This month the cloud product team delivered a ton of improvements: tightening up our maps, making our backend systems more resilient, and improving Azure onboarding. We released an alpha version of Kentik Kube, a product designed to help networkers awash in a sea of containers find solid ground, a variety of map improvements, support for VPC endpoint interfaces and gateways, and the ability to retain VPC Flow Logs inside of S3 buckets indefinitely. And we delivered the first of two projects designed to make agentless cloud ingest a reality. We are actively seeking design partners for Kentik Kube. Please contact us if you’d like to help guide our vision for this product early on. We welcome your input! Read on for all the details.
One thing we believe at Kentik is that everything that runs over the network should be observable — from containers to clouds, and everything in between. And with that in mind, whenever we become aware of a new visibility gap making operators’ lives more difficult, we aim to bridge it.
Enter Kubernetes. In 2020, we released an agent that could be used to export network flows from Kubernetes. And this month, we’ve released Kentik Kube to visualize this data.
Kentik Kube is a new module of the Kentik Network Observability Cloud that helps cloud and infrastructure engineers gain detailed network traffic and performance visibility both inside and among their Kubernetes clusters to quickly detect and solve network problems.
As the industry has adopted Kubernetes as a de facto standard for workload scheduling, teams that support these environments are discovering that their network and Kubernetes monitoring tools can’t help them answer critical questions because they:
We built Kentik Kube to provide this visibility for these teams. Our solution supports cloud-managed Kubernetes clusters (AKS, EKS, and GKS) and on-prem, self-managed clusters using the most widely used cloud implemented network models.
Kentik Kube helps by supporting the following use cases:
Network performance: Discover which services and pods are experiencing network delays so you can troubleshoot and fix problems faster. Identify service misconfigurations without capturing packets. Configure alert policies to proactively find high latency impacting nodes, pods, workloads or services.
Top talkers: Identify clients/requesters consuming your Kubernetes services so you can track down problematic connections. Discover oversubscribed microservices so you can adjust scaling, configure node affinity, etc. Know exactly who was talking to which pod, and when.
Policy validation: Ensure that your network reality matches your design. See which pods, namespaces and services are speaking with each other to ensure that your configured policy is working as expected.
Total infrastructure visualization: Know which pods are deployed on which nodes — even historically. See which pods and services are communicating with non-Kubernetes infrastructure or the internet. View your network from container to cloud.
Kentik has always allowed our AWS customers to retain their flow logs in their buckets. However, we ran into problems with customers who wanted to keep their flow logs around for long periods of time. We’ve made some significant changes and are happy to report that customers can now keep their flows around as long as they like — without any adverse effects on their Kentik subscriptions.
This month we’ve begun our journey towards full support of VPC endpoints in Kentik Cloud. Our first volley of product improvements includes giving customers the ability to group and filter flows based on these gateway IDs in the Data Explorer.
We support both Gateway-style VPC Endpoints as well as Interface VPC endpoints (AWS PrivateLink). However, despite their similar names, these are very different things under the hood. VPC Endpoint Gateways act as gateways to Amazon services, keeping this traffic inside your VPC and off the public internet. Using these endpoints can save money by keeping VPC network egress costs down — making identifying when traffic isn’t using these gateways a key use case. These gateways aren’t exposed as elastic network interfaces and thus can be difficult to track traffic using other network solutions. Kentik is the only solution on the market that gives you this capability.
AWS PrivateLink allows AWS and their customers to configure their services for consumption without forcing traffic to flow over the public internet. Over 128 different AWS services are available behind these so-called “interface endpoints” while just a small few are available behind VPC endpoint gateways. Interface Endpoints serve to reduce cost and can serve a security function in that sensitive information can be shared between AWS customers privately. These endpoints are exposed in a more standard fashion inside of VPCs using Elastic Network Interfaces as the gateways. The major difference in how this impacts Kentik users is that these interfaces are grouped in the Interface Type dimensions and specific interfaces are identified in the ENI ID dimension while the Gateway-style endpoints are grouped into the Gateway Type dimensions and the specifics are found under Gateway ID dimension.
We took a major step forward this month in our promise to offer agentless ingest to AWS customers. Instead of having Kentik reach into customer buckets to retrieve flow logs, we can now support customers who wish to write their flow logs directly into an S3 bucket that Kentik manages and maintains. This allows customers to write flow logs more flexibly (via direct VPC write, lambda copies, S3 actions, etc.) and also allows customers to avoid giving Kentik permissions into their S3 buckets. Next up on our agentless agenda is to provide a method for companies to post their metadata to a similar endpoint for enrichment and mapping visualizations. Stay tuned!
Following our September release of the Weather Map, we’ve continued to iterate on our Kentik Maps product. This month we’ve added a bunch of important fixes and improvements.
We’ve improved handling overlapping lines in AWS. Previous versions of Kentik Map would allow lines connecting close together objects to overlap. We’ve added some logic to detect this condition and give these objects a bit of breathing room, making it easier to visually determine the path connecting the objects and select them with your mouse.
We’ve improved visualizing site-to-site VPN connections. Prior versions of Kentik Map for AWS kept the customer gateways in the middle of the screen. We moved customer gateways into the “On Prem” box where they rightfully belonged. This helps clean up the interconnection section of the map considerably. We have more work coming here this quarter to make the map experience even easier to use for companies with lots of interconnections.
