It’s possible now to check for a traffic flows that were denied by the NSG rules configured on a Subnet or VNET level.

There are two ways how you can see that traffic:

• It’s available on a Kentik Map as a sidebar “Details” widget (similar to existing AWS functionality)
  
• You can search for them in a Data Explorer using source and destination Firewall Action as a dimensions, and change the metric to the flow/s.
  
  This feature will be a significant aid in troubleshooting the NSG firewall issues and decrease mean time to resolution.
  
  
  
  

We’re excited to announce our beta launch of Kentik Kube, an industry-first solution that reveals how K8s traffic routes through an organization’s data center, cloud(s), and the internet.

With this launch, Kentik can observe the entire network — on prem, in the cloud, on physical hardware or virtual machines, and anywhere in between. Kentik Kube enables network, infrastructure, platform, and DevOps engineers to gain full visibility of network traffic within the context of their Kubernetes deployments — so they can quickly detect & solve network problems, and surface traffic volumes from pods to external services.

Kubernetes cluster running on AKS, displaying traffic and latency to the front end of an online shopping site.

Why we built Kentik Kube

Kubernetes has become the de facto standard for cloud-based applications. As companies migrate their workloads, ensuring the reliability, connectivity and performance from user applications and their clusters, to the entire infrastructure and internet is critical.

Very often, pods and services experience network delays that degrade a user’s experience. It is difficult to identify which Kubernetes services and pods are experiencing network delays. The complexity of microservices leaves engineers wondering if the network reality matches their design, who are the top requesters consuming Kubernetes services or which microservices are oversubscribed, and how the infrastructure is communicating both within itself or across the internet.

Kentik Kube use cases

We built Kentik Kube to provide visibility for cloud-managed Kubernetes clusters (AKS, EKS, and GKE) as well as on-prem, self-managed clusters using the most widely implemented network models. Teams responsible for complex networks can:

Improve network performance

• Discover which services and pods are experiencing network latency
• Identify service misconfigurations without capturing packets
• Configure alert policies to proactively find high latency impacting nodes, pods, workloads or services.

Gain end-to-end K8s visibility

• Identify all clients and requesters consuming your Kubernetes services
• Know exactly who was talking to which pod, and when.

Validate policies and security measures

• See which pods, namespaces, and services are speaking with each other to ensure configured policy is working as expected.
• Identify pods and services that are communicating with non-Kubernetes infrastructure or the internet — when they should not be.

How Kentik Kube works

Kentik Kube relies on data generated from a lightweight eBPF agent that is installed onto your Kubernetes cluster. It sends data back to the Kentik SaaS platform, allowing you to query, graph and alert on conditions in your data. This data coupled with our analytics engine, enables users to gain complete visibility and context for traffic performance inside and among Kubernetes clusters.

Mapping your network with Kentik Kube

Kentik Kube provides east-west and north-south traffic analytics inside and among Kubernetes clusters. 

Network map showing EKS clusters communicating between AWS regions.

Kentik Kube can display details so you can see if your route tables, NACLs, etc. are all configured correctly. You can drill down into a cluster to see if there are latency or other issues. Our eBPF telemetry agent deployed into these clusters lets you see the traffic between nodes and pods as well as any latency.

How to get started with Kentik Kube

Kentik Kube is now in beta. You can apply to trial the beta by clicking on the Kentik Kube section of the menu. Please share your feedback with us. We’d love to hear what you think.

Azure regions are now shown on the Weathermap.

For a multi-cloud environment, here is how this looks, including the Cloud backbone traffic.

A lot of new additions have surfaced in February 2022 in the Kentik Map UI. Amongst others, users will find: a health digest reporting function, new layers for AWS Regions and cloud backbone, as well as improvements in the map legends.

Kentik Map Health Digest

An indicator in the toolbar gives a count of issues we’ve discovered on your network and opens a popover that provides a high-level rundown. Click the View Problems button to see a list detailing the issues, then drill down to the map to see an impacted component in the context of its surrounding infrastructure.

Kentik Map Layer Selector

A new layer selector for the Kentik Map lets you choose which categories of overlays to display, including link traffic types, traffic layer types, cloud regions and backbones, traffic utilization, health, and clustering.

Kentik Map legends

The legends that identify the value ranges represented by link colors are now persistent, so it’s always easy to see what the colors mean.

Kentik Map AWS Regions and Backbones

A layer for AWS regions and backbones has been added to the Kentik Map.

As usual, our Cloud Product team turned around a ton of great enhancements to the Kentik Cloud and Map products over the month of December 2021. More than ever, Kentik goes one step closer from being the only and most complete Hybrid Cloud observability solution out there. See for yourself.

Weather Map improvements

This month saw one of the largest updates to the Weather Map yet. In this release we’ve incorporated several new features worth discussing. We added layers that allow users to view utilization and/or health data into their map, along with a nifty layer selector:

Layer Selector

Utilization layer

A major use case for Weather Map in ISPs and large backbone networks is to assist users in performing capacity planning exercises. In order to accomplish this, we needed to color the map based on interface utilization rather than total bytes. This means that our new map breaks down the interface utilization of a single interface or an aggregated bundle and buckets these interfaces into 10 groups of increasing utilization.

We also needed to add in support for interface bundling as well as support visually aggregated interfaces when more than one link connects a site cluster to another site or another cluster. To support this, we use the backend attributes that we poll from our customer’s SNMP data to determine if an interface is configured as part of a bundle or is operating as a single interface.

If a link is drawn between two site clusters, we’ll aggregate the bandwidth over both links and calculate the total utilization on the fly:

When a user clicks on this link, the system allows them to choose which link they’d like to focus on:

Weather Map sidebar improvements

We’ve also added in sidebar improvements that make selections of Sites and Links easier. Consider the following example. A user has clicked on the 3 site cluster in the Chicago region on the Kentik map:

The sidebar now opens up with a running count of the sites and links interconnecting the sites.

Expanding these elements allows to interactively browse the map:

Health Layer

We have also started to resurface health on the Weather Map. We started by adding health into the cluster popovers as such:

Of course, we also show the site health on the canvas and sidebar as well. Here we see an unhealthy ORD1 site on the canvas:

And a list of all of the sites within a view color-coded by health in the sidebar:

You will notice that we also now color links by health. We currently have two link-health states — down and degraded:

Down indicates that the router that originates or terminates a link has reported an ifOperStatus of DOWN or administratively shut down, while Degraded state means that the system is reporting errors.

Mini-map site topology

A popular request we’ve heard is to show a user’s site topology without having to load the entire site view. We now show the site topology in the sidebar itself. This is useful for getting at-a-glance understandings of how sites are constructed and is a step closer to our next iteration which allows users to see the devices that connect to other sites directly on the Weather Map canvas.

This month the cloud product team delivered a ton of improvements: tightening up our maps, making our backend systems more resilient, and improving Azure onboarding. We released an alpha version of Kentik Kube, a product designed to help networkers awash in a sea of containers find solid ground, a variety of map improvements, support for VPC endpoint interfaces and gateways, and the ability to retain VPC Flow Logs inside of S3 buckets indefinitely. And we delivered the first of two projects designed to make agentless cloud ingest a reality. We are actively seeking design partners for Kentik Kube. Please contact us if you’d like to help guide our vision for this product early on. We welcome your input! Read on for all the details.

Kentik Kube: Network visibility for Kubernetes clusters

One thing we believe at Kentik is that everything that runs over the network should be observable — from containers to clouds, and everything in between. And with that in mind, whenever we become aware of a new visibility gap making operators’ lives more difficult, we aim to bridge it.

Enter Kubernetes. In 2020, we released an agent that could be used to export network flows from Kubernetes. And this month, we’ve released Kentik Kube to visualize this data.

Kentik Kube is a new module of the Kentik Network Observability Cloud that helps cloud and infrastructure engineers gain detailed network traffic and performance visibility both inside and among their Kubernetes clusters to quickly detect and solve network problems.

As the industry has adopted Kubernetes as a de facto standard for workload scheduling, teams that support these environments are discovering that their network and Kubernetes monitoring tools can’t help them answer critical questions because they:

• Are unaware of traffic patterns within Kubernetes or do not create traffic logs for these environments
• Do not take into account the network models implemented by Kubernetes
• Do not fuse Kubernetes metadata into traffic data.

We built Kentik Kube to provide this visibility for these teams. Our solution supports cloud-managed Kubernetes clusters (AKS, EKS, and GKS) and on-prem, self-managed clusters using the most widely used cloud implemented network models.

Kentik Kube helps by supporting the following use cases:

Network performance: Discover which services and pods are experiencing network delays so you can troubleshoot and fix problems faster. Identify service misconfigurations without capturing packets. Configure alert policies to proactively find high latency impacting nodes, pods, workloads or services.

Top talkers: Identify clients/requesters consuming your Kubernetes services so you can track down problematic connections. Discover oversubscribed microservices so you can adjust scaling, configure node affinity, etc. Know exactly who was talking to which pod, and when.

Policy validation: Ensure that your network reality matches your design. See which pods, namespaces and services are speaking with each other to ensure that your configured policy is working as expected.

Total infrastructure visualization: Know which pods are deployed on which nodes — even historically. See which pods and services are communicating with non-Kubernetes infrastructure or the internet. View your network from container to cloud.

AWS Flow Logs in-bucket file retention

Kentik has always allowed our AWS customers to retain their flow logs in their buckets. However, we ran into problems with customers who wanted to keep their flow logs around for long periods of time. We’ve made some significant changes and are happy to report that customers can now keep their flows around as long as they like — without any adverse effects on their Kentik subscriptions.

VPC endpoint support and ENI gateways

This month we’ve begun our journey towards full support of VPC endpoints in Kentik Cloud. Our first volley of product improvements includes giving customers the ability to group and filter flows based on these gateway IDs in the Data Explorer.

We support both Gateway-style VPC Endpoints as well as Interface VPC endpoints (AWS PrivateLink). However, despite their similar names, these are very different things under the hood. VPC Endpoint Gateways act as gateways to Amazon services, keeping this traffic inside your VPC and off the public internet. Using these endpoints can save money by keeping VPC network egress costs down — making identifying when traffic isn’t using these gateways a key use case. These gateways aren’t exposed as elastic network interfaces and thus can be difficult to track traffic using other network solutions. Kentik is the only solution on the market that gives you this capability.

AWS PrivateLink allows AWS and their customers to configure their services for consumption without forcing traffic to flow over the public internet. Over 128 different AWS services are available behind these so-called “interface endpoints” while just a small few are available behind VPC endpoint gateways. Interface Endpoints serve to reduce cost and can serve a security function in that sensitive information can be shared between AWS customers privately. These endpoints are exposed in a more standard fashion inside of VPCs using Elastic Network Interfaces as the gateways. The major difference in how this impacts Kentik users is that these interfaces are grouped in the Interface Type dimensions and specific interfaces are identified in the ENI ID dimension while the Gateway-style endpoints are grouped into the Gateway Type dimensions and the specifics are found under Gateway ID dimension.

S3 bucket ingest

We took a major step forward this month in our promise to offer agentless ingest to AWS customers. Instead of having Kentik reach into customer buckets to retrieve flow logs, we can now support customers who wish to write their flow logs directly into an S3 bucket that Kentik manages and maintains. This allows customers to write flow logs more flexibly (via direct VPC write, lambda copies, S3 actions, etc.) and also allows customers to avoid giving Kentik permissions into their S3 buckets. Next up on our agentless agenda is to provide a method for companies to post their metadata to a similar endpoint for enrichment and mapping visualizations. Stay tuned!

Map improvements

Following our September release of the Weather Map, we’ve continued to iterate on our Kentik Maps product. This month we’ve added a bunch of important fixes and improvements.

We’ve improved handling overlapping lines in AWS. Previous versions of Kentik Map would allow lines connecting close together objects to overlap. We’ve added some logic to detect this condition and give these objects a bit of breathing room, making it easier to visually determine the path connecting the objects and select them with your mouse.

We’ve improved visualizing site-to-site VPN connections. Prior versions of Kentik Map for AWS kept the customer gateways in the middle of the screen. We moved customer gateways into the “On Prem” box where they rightfully belonged. This helps clean up the interconnection section of the map considerably. We have more work coming here this quarter to make the map experience even easier to use for companies with lots of interconnections.

Hybrid Maps now supports path visualization in all of our layouts. With Hybrid Maps, NetOps teams gain an immediate and single, unified view to understand topology state, traffic flows, network performance and device health status within and between multi-cloud, on-prem and internet infrastructures.

To see the new path visualization, apply a sidebar filter to express the traffic you want to see visualized in the maps.

sFlow Improvements For Visibility

We have identified a way for customers who run the sFlow protocol to achieve the benefits and visibility offered by Hybrid Maps and other portions of the product. sFlow sends Kentik per-flow byte counts attributed to physical interfaces, while most network operators configure IP addressing logical sub-interfaces. This leads to a disjointed experience in Kentik as our mapping services draw connections between devices based on the interface ID, where we find IP addresses configured. The queries needed to understand the data flowing between the devices rely upon a completely different interface ID.

To support this situation, users must supply a manual mapping of interface IDs to VLAN interface IDs. We have developed example code on how this can be automated using Juniper devices interface and VLAN names. Before running the code, the user will also need to configure the device using the new “Advanced sFlow” device type. Once the device has been modified, and a map supplied, the user can make use of three new dimensions:

• Source Physical Interface and Destination Physical Interface — the original physical interface index sent via sFlow. This is useful for filtering and grouping by the physical interface. It is also helpful for auditing the remapping correctness.
• VLAN Rewrite Occurred — the number of interface rewrites that occurred for this record. This is useful troubleshooting.

Layer 2 Support on Hybrid Maps

A new selector is available on the Hybrid Network Maps to select how Kentik draws connections between devices. Users can now choose to draw connections using layer 2, layer 3 or both.

Layer 2 connectivity requires that users run the LLDP protocol and allow Kentik to poll this data over SNMP. We will then find matches that only exist at layer 2.

Layer 3 connectivity was supported previously. Device adjacencies are determined by finding IP addresses that share a subnet smaller than a /24. We create matches for site-to-site adjacencies with the following connectivity types: Backbone, Data Center Interconnect and Device Aggregation. For device adjacencies in the site layouts, connections are displayed between devices sharing a subnet as long as the connectivity type is not configured as “Host.”

This metadata is also visible on the interface admin page:

New Onboarding Options

We are continuing to improve onboarding options to give customers and prospects more flexibility in learning about and evaluating Kentik. We now have separate paths for customers interested in flow, synthetics or a guided demo mode. The options will appear clearly on the revised onboarding page.

We have started to add guided, in-product demos of real-world use cases. We are starting with two different situation demos: 1. Troubleshoot VPN Issues or 2: Manage Network Costs. We expect to add an expanding list of use case situations over time.

Kentik has introduced important new health features aimed at hybrid IT organizations. Site Health, Device Health, and Interface Health provide an at-a-glance easy indicator of how your network, devices, and applications are performing. They are now a standard offering in the Network Management product.

For customers that monitor all their global hybrid IT infrastructure, it is vitally important to separate what is healthy from what is not healthy. Engineers simply do not have enough time in the day to look at all the metrics. Kentik’s new health capabilities classify a base layer of metrics into Healthy, Warning, or Critical status and display the status in our next-generation Network Maps and Network Explorer.

We are monitoring network devices and interface metrics via SNMP. Health values available include:

• Site Health
  Derived from the devices and interfaces in the site
  
  
• Device Health
  Derived from the device metrics and interface metrics on this device
  • Device Availability
    Whether metrics are available for this device
  • Device Metrics:
    • CPU Utilization
    • Memory Utilization
      
      
• Interface Health
  Derived from the interface metrics for this interface
  • Interface Availability
    Whether metrics are available for this interface
  • Interface Metrics
    • Input Interface Utilization
    • Output Interface Utilization

Last month, Kentik introduced Hybrid Map, allowing teams to view the entirety of their network infrastructures, dive deep where needed, assess quickly, solve problems and gain insights immediately. You can now visualize and manage interactions within and between on-prem infrastructure, cloud infrastructure from Amazon AWS, Google Cloud, IBM Cloud, and Microsoft Azure, as well as internet platforms and services — all in a single, unified view.

Kentik Hybrid Map allows you to simultaneously:

• Understand AWS, Azure, Google Cloud, and IBM VPC flow logs and inter-service dependencies
• Observe site topology and architecture (spine/leaf and tiers), device metrics (CPU, memory, interface utilization), and north-south and east-west traffic
• Visualize SD-WAN overlay, and WAN underlay transport utilization and performance
• Quickly find and resolve problems by viewing network performance and utilization data from the data center to clouds, other sites/data centers, and internet sites
• Visually interact with the network, dive deep, and quickly identify problems with instant insights
• React quickly to network conditions and discover which devices are experiencing CPU, memory, interface, or traffic anomalies

Since the initial release of Hybrid Map, Kentik’s updated release now includes visual directionality. This latest release covers inter-block flows (i.e., flows between a VPC and the internet, or between an on-prem site and an internet AS, for example), and directionality between sites and devices in the arc and chord layouts.

Users can now go to the Hybrid Map to see their traffic in context with health across all devices. The backend service that collects, stores, and assesses the metrics also looks at a device’s CPU, memory, and interface utilization statistics to determine health. The device layout includes CPU and memory utilization views, and Healthy, Warning, or Critical status up to the site level.

Users can now drill into cloud infrastructure from the Hybrid Map. Users can quickly see traffic between regions, VPCs, and subnets and traffic from the cloud to on-prem infrastructure and origin networks for AWS, GCP, and Azure. We’ve also released an excellent backend service that makes these views blazing fast.

New features include:

• Cloud views that enable users to drill into their clouds and see traffic from the region, zone, and VPC down to the subnets inside
• Popover controls for all of the new views, including readability improvements
• Health indicators across the maps, consuming health data from the new health service
• Improvements to the algorithm that determines connections between the cloud/internet blocks and the on-prem block
• New popover views that allow users to view all traffic through sites, devices and interfaces