To simplify troubleshooting workflows in Google Cloud, we've added several new details to the Kentik Map for Kentik Cloud. In the Cloud Network Details sidebar, we've added support for displaying the Firewall Policies that apply to each VPC. We've also added support for displaying details about the Load Balancers deployed in each VPC.

The new Firewall Policies area complements the Firewall Rules area added in July 2023, which shows the actions taken by those rules—denied and allowed traffic—in the selected VPC. 

For troubleshooting, the VPC details sidebar is now the single destination for getting all information related to firewall actions and rules:

In addition, the Cloud Network Details sidebar now also contains detailed metadata about the load-balancers deployed in the selected VPC:

We are happy to announce the support for the Google Cloud firewalls for Kentik Cloud. 

For customers looking for an easy and simple way to check and troubleshoot connectivity inside GCP and see what type of traffic is being denied by the configured firewall rules, we show that under the "Details" sidebar for every VPC.

We are excited to announce Version 1.0 of Kentik Map for GCP, which provides an analogous experience to the AWS and Azure maps in Cloud.

While the concept is largely the same, there are some differences in the GCP map organization compared to our AWS and Azure maps based on the way resources are organized in GCP.

For example, in contrast to the AWS topology map, which groups VPCs by region, the GCP map groups regions by VPC. Each region has its subnets listed beneath it.

The searchable GCP map displays traffic and routing data for the resources shown. We enable support for historical views back into your topology and metadata in GCP.

Visualizations from the GCP map include:

• VPN gateways with associated on-prem and cloud routers, networks, regions, subnets, interconnect attachments, and VM interfaces
• Static link paths for on-prem routers and external VPN gateways
• Traffic links generated from subnets and internet types
• Aggregated regional traffic classified as inbound, outbound, or internal

In the coming months, we will continue building GCP observability to achieve parity with our AWS and Azure offerings, adding functionality such as security group support. 

Our platform aims to provide customers full support for all clouds with a consistent user experience. Kentik Cloud abstracts away the differences in cloud network interfaces to maintain cohesive multi-cloud workflows in the Kentik Portal.

Setup instructions for the GCP Map are here in our Knowledge Base.

We are excited to announce support for a historical look back into your topology and metadata that will help you to monitor your cloud infrastructure more efficiently.

It is easier now to keep track of changes in your topology and metadata, such as VNETs, gateways, vWAN hubs, and Express Routes and their connections. You can use the map feature to quickly see what has changed without digging through logs or reports. It also provides a visual representation of your cloud topology at any historical moment, making it easy to spot any changes made.

We hope this new feature makes it easier for you to keep track of your cloud environment and ensure it runs smoothly. If you have any questions about Azure Cloud Map support for historical view, don't hesitate to contact our customer support team. We are here to help!

We are happy to announce the support for the Azure vWAN service in Kentik Maps and Data Explorer, with dimensions for vWAN hubs.

On Kentik Maps, vWAN components are shown in two places:

1. vWAN service is depicted as a global object located between your On-prem and Cloud deployments on the map. It allows you to quickly access the details, such as deployed vWAN Hubs and VPN sites with tunnels configured under that vWAN service.
   
2. Inside the Azure region, the vWAN hub is shown as a component deployed next to the VNETs from that region. The hub can be expanded to show all the gateways, route tables, and peerings configured. 

In addition, Data Explorer now has Ingress and Egress Virtual Hub dimensions that allow you to see precisely which virtual hubs were used by your traffic flow on their way to their destination.

vWAN service support will be a significant aid in troubleshooting your global cloud network deployments.  

It’s possible now to check for a traffic flows that were denied by the NSG rules configured on a Subnet or VNET level.

There are two ways how you can see that traffic:

• It’s available on a Kentik Map as a sidebar “Details” widget (similar to existing AWS functionality)
  
• You can search for them in a Data Explorer using source and destination Firewall Action as a dimensions, and change the metric to the flow/s.
  
  This feature will be a significant aid in troubleshooting the NSG firewall issues and decrease mean time to resolution.
  
  
  
  

We’re excited to announce our beta launch of Kentik Kube, an industry-first solution that reveals how K8s traffic routes through an organization’s data center, cloud(s), and the internet.

With this launch, Kentik can observe the entire network — on prem, in the cloud, on physical hardware or virtual machines, and anywhere in between. Kentik Kube enables network, infrastructure, platform, and DevOps engineers to gain full visibility of network traffic within the context of their Kubernetes deployments — so they can quickly detect & solve network problems, and surface traffic volumes from pods to external services.

Kubernetes cluster running on AKS, displaying traffic and latency to the front end of an online shopping site.

Why we built Kentik Kube

Kubernetes has become the de facto standard for cloud-based applications. As companies migrate their workloads, ensuring the reliability, connectivity and performance from user applications and their clusters, to the entire infrastructure and internet is critical.

Very often, pods and services experience network delays that degrade a user’s experience. It is difficult to identify which Kubernetes services and pods are experiencing network delays. The complexity of microservices leaves engineers wondering if the network reality matches their design, who are the top requesters consuming Kubernetes services or which microservices are oversubscribed, and how the infrastructure is communicating both within itself or across the internet.

Kentik Kube use cases

We built Kentik Kube to provide visibility for cloud-managed Kubernetes clusters (AKS, EKS, and GKE) as well as on-prem, self-managed clusters using the most widely implemented network models. Teams responsible for complex networks can:

Improve network performance

• Discover which services and pods are experiencing network latency
• Identify service misconfigurations without capturing packets
• Configure alert policies to proactively find high latency impacting nodes, pods, workloads or services.

Gain end-to-end K8s visibility

• Identify all clients and requesters consuming your Kubernetes services
• Know exactly who was talking to which pod, and when.

Validate policies and security measures

• See which pods, namespaces, and services are speaking with each other to ensure configured policy is working as expected.
• Identify pods and services that are communicating with non-Kubernetes infrastructure or the internet — when they should not be.

How Kentik Kube works

Kentik Kube relies on data generated from a lightweight eBPF agent that is installed onto your Kubernetes cluster. It sends data back to the Kentik SaaS platform, allowing you to query, graph and alert on conditions in your data. This data coupled with our analytics engine, enables users to gain complete visibility and context for traffic performance inside and among Kubernetes clusters.

Mapping your network with Kentik Kube

Kentik Kube provides east-west and north-south traffic analytics inside and among Kubernetes clusters. 

Network map showing EKS clusters communicating between AWS regions.

Kentik Kube can display details so you can see if your route tables, NACLs, etc. are all configured correctly. You can drill down into a cluster to see if there are latency or other issues. Our eBPF telemetry agent deployed into these clusters lets you see the traffic between nodes and pods as well as any latency.

How to get started with Kentik Kube

Kentik Kube is now in beta. You can apply to trial the beta by clicking on the Kentik Kube section of the menu. Please share your feedback with us. We’d love to hear what you think.

Azure regions are now shown on the Weathermap.

For a multi-cloud environment, here is how this looks, including the Cloud backbone traffic.

A lot of new additions have surfaced in February 2022 in the Kentik Map UI. Amongst others, users will find: a health digest reporting function, new layers for AWS Regions and cloud backbone, as well as improvements in the map legends.

Kentik Map Health Digest

An indicator in the toolbar gives a count of issues we’ve discovered on your network and opens a popover that provides a high-level rundown. Click the View Problems button to see a list detailing the issues, then drill down to the map to see an impacted component in the context of its surrounding infrastructure.

Kentik Map Layer Selector

A new layer selector for the Kentik Map lets you choose which categories of overlays to display, including link traffic types, traffic layer types, cloud regions and backbones, traffic utilization, health, and clustering.

Kentik Map legends

The legends that identify the value ranges represented by link colors are now persistent, so it’s always easy to see what the colors mean.

Kentik Map AWS Regions and Backbones

A layer for AWS regions and backbones has been added to the Kentik Map.

As usual, our Cloud Product team turned around a ton of great enhancements to the Kentik Cloud and Map products over the month of December 2021. More than ever, Kentik goes one step closer from being the only and most complete Hybrid Cloud observability solution out there. See for yourself.

Weather Map improvements

This month saw one of the largest updates to the Weather Map yet. In this release we’ve incorporated several new features worth discussing. We added layers that allow users to view utilization and/or health data into their map, along with a nifty layer selector:

Layer Selector

Utilization layer

A major use case for Weather Map in ISPs and large backbone networks is to assist users in performing capacity planning exercises. In order to accomplish this, we needed to color the map based on interface utilization rather than total bytes. This means that our new map breaks down the interface utilization of a single interface or an aggregated bundle and buckets these interfaces into 10 groups of increasing utilization.

We also needed to add in support for interface bundling as well as support visually aggregated interfaces when more than one link connects a site cluster to another site or another cluster. To support this, we use the backend attributes that we poll from our customer’s SNMP data to determine if an interface is configured as part of a bundle or is operating as a single interface.

If a link is drawn between two site clusters, we’ll aggregate the bandwidth over both links and calculate the total utilization on the fly:

When a user clicks on this link, the system allows them to choose which link they’d like to focus on:

Weather Map sidebar improvements

We’ve also added in sidebar improvements that make selections of Sites and Links easier. Consider the following example. A user has clicked on the 3 site cluster in the Chicago region on the Kentik map:

The sidebar now opens up with a running count of the sites and links interconnecting the sites.

Expanding these elements allows to interactively browse the map:

Health Layer

We have also started to resurface health on the Weather Map. We started by adding health into the cluster popovers as such:

Of course, we also show the site health on the canvas and sidebar as well. Here we see an unhealthy ORD1 site on the canvas:

And a list of all of the sites within a view color-coded by health in the sidebar:

You will notice that we also now color links by health. We currently have two link-health states — down and degraded:

Down indicates that the router that originates or terminates a link has reported an ifOperStatus of DOWN or administratively shut down, while Degraded state means that the system is reporting errors.

Mini-map site topology

A popular request we’ve heard is to show a user’s site topology without having to load the entire site view. We now show the site topology in the sidebar itself. This is useful for getting at-a-glance understandings of how sites are constructed and is a step closer to our next iteration which allows users to see the devices that connect to other sites directly on the Weather Map canvas.