kentik Kentik Product Updates logo
Back to Homepage Subscribe to Updates

Kentik Product Updates

Latest features, improvements, and product updates on the Kentik Network Intelligence Platform.

Labels

  • All Posts
  • Improvement
  • Hybrid Cloud
  • Core
  • Service Provider
  • UI/UX
  • Synthetics
  • Insights & Alerting
  • DDoS
  • New feature
  • BGP Monitoring
  • MyKentik Portal
  • Agents & Binaries
  • Kentik Map
  • API
  • BETA
  • Flow
  • SNMP
  • NMS
  • AI

Jump to Month

  • June 2025
  • May 2025
  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • July 2021
  • June 2021
  • May 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • October 2020
  • September 2020
  • June 2020
  • February 2020
  • August 2019
  • June 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • September 2018
  • August 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • April 2016
ImprovementCoreInsights & Alerting
8 years ago

May 2017 Update

nProbe Hosts and NPM v2

nProbe is agent software from ntop that is used to get traffic data from hosts to Kentik Detect. Kentik’s integration with nProbe has undergone significant improvement with newer versions (7.5 or higher). We’ve summarized some key points about the upgrades below; you can also learn more about the changes in the following Knowledge Base topics:

  • Installing and running nProbe on a host: Host Configuration.
  • Newly available metrics and dimensions: Host Metrics and Dimensions.

Selecting Host Devices

nProbe hosts are selected like any other devices in the device selector in the Devices pane of the Data Explorer (shown at right). nProbe hosts of v7.5 or higher are represented with the device type icon that is labeled “DNS WWW.”

New Metrics for NPM

nProbe-based deployments can now query on new Network Performance Monitoring (NPM) metrics (listed at right) in addition to the traditional metrics available from non-host devices (e.g. routers and switches).

Native Data Format

nProbe now communicates natively with the Kentik Detect platform, which means that there’s no need to use the Kentik Proxy Agent (chfagent) for hosts, even in private IP deployments. nProbe now sends traffic data to Kentik Detect using kFlow, Kentik’s own enriched and encrypted flow format.

New Host-specific Dimensions

Users running the new nProbe version are now able to query on host-based, application-level group-by dimensions. The initial set of new dimensions, which are related to DNS and WWW, are listed at right. These dimensions are available in the Group-By Dimension selector whenever any selected device is a host (see above).

Grouping by Substrings

Depending on the specific host dimensions selected to group by, a cut function for DNS/WWW dimensions will be available in the “Advanced Options” section of the Query Pane. This feature allows grouping by regex-matched substrings. In practice this means that you can dynamically pull results for metrics that are broken down by specific string patterns within those dimensions, such as TLD, domain name, specific HTTP Query arguments, or subsets of User Agent strings.

As an example, the graph and table below were generated using the DNS Query group-by dimension on an nProbe host:

DNS_query-800w.png

Using the DNS cut function, this query can be refined to group by domains, with the result shown below:

DNS_query_cut-800w.png


Access Control Lists

In our constant effort to increase security around access to your critical data, we have just added the Access Control (aka ACL) feature. Access control, which is covered in the Access Control article in our Knowledge Base, is configurable through Kentik Detect Portal at Admin » Access Control menu:

What ACLs offer is the ability to filter, by IP address or subnet, access to four different subsystems of Kentik Detect:

  • Portal: controls access via the Kentik Detect portal.
  • API: controls access via Kentik APIs.
  • Agent: controls access via the Kentik Proxy Agent.
  • Database: controls access via a PostgreSQL client.

Two options are available for each individual interface:

  • “Allow All” (default setting for Portal and Agent).
  • “Deny All except,” which enables you to whitelist individual IPs/CIDRS (default for API and Database).

Data Explorer additions

Unique Count of Source and Destination IPs

The technique for calculating unique source and destination IP counts over multiple selected devices has been updated for improved accuracy. We used to compute the #unique destination IPs for each selected device, for each 1-minute time bucket, then return the max per-device count of IPs within the specified time range. We now get a more realistic result by computing the number of unique destination IPs for the union of all selected devices, and then take the max corresponding to the specified time range.

New metric: Unique Destination next-hop ASNs

With this new metric you’ll be able to count the number of unique Next-Hop ASNs for a given device. This can be useful to track the number of peers you have on a specific Internet Exchange, as shown below.

Bi-directional Filters

We’ve noticed that when doing our own spelunking in Kentik Detect we often look up flows against a given ASN or IP/CIDR regardless of whether it’s a destination or a source. That used to require two filters, which could add up to a lot of extra work when stacking filters to narrow a query. So, as shown below, we’ve now provided a whole additional column in the Filter selector with dimensions that match source OR destination. Dimensions with this convenience include Country, ASN, AS Name, Flow Tag, IP Port, Mac Address, IP/CIDR, Interface ID, Interface Name, Interface Description and Route Prefix.

SNMPv3 Polling

We’ve added SNMPv3 to the existing SNMP v2c methods for automated polling of meta-data on your devices. SNMPv3 is a more secure iteration of SNMP and is preferable when your SNMP information will travel over the open Internet (i.e. when you are not directly peered with Kentik’s AS).

SNMPv3 adds two layers of security to the v1 and v2c model: authentication and privacy (a.k.a. encryption).

When configuring a device, you can now enable SNMPv3 by turning on the toggle.

Both can be individually enabled and configured in the SNMP section of the device page:

  • Authentication: Both MD5 and SHA methods are supported.

  • Privacy (encryption): Only 56-bit DES is supported for encryption (AES or 3DES are not currently supported).

Alerting Updates

Slack_channel-500w.png

Slack Notifications Channels

Our Alerting system is gaining output capabilities as we move to enable more seamless integration with your internal workflows. In addition to email, syslog, and JSON, we’ve now added Slack notifications to our range of available Alerting Notification Channels. Check it out at Alerting » Notification Channels, where you can now create a Slack notification channel

After you set configurations in a series of Slack web pages where you select your Slack Team and the channels to post in, this newly created Notification Channel is then available for use in the thresholds of your Alert Policies.

Notification-800w.png

The below example shows a Kentik alert notification in Slack:

Slack_alert-450w.png

Weekend-aware baselining

Baseline settings in an Alert Policy now include a “Weekend Aware” option (shown below). When active, this setting takes into account the day on which traffic will be evaluated against the baseline:

  • If evaluated over the weekend (Saturday, Sunday), only weekend days in the look-back period will be considered.
  • If evaluated over a weekday, weekend days will be discarded from the loopback.

Weekday_baseline-800w.png

This option can be a life-saver for situations like content networks, where there is a lot of traffic over the weekend and much less traffic on weekdays. Without taking the day of week into account, weekend traffic could set off false positives for alerts that track unusually high traffic.

Miscellaneous Alerting Updates

Additional improvements to Alerting:

  • Bi-directional filters (see above): available in alerting too!
  • Packet–Size: now available in Alert Policies, a both:
    – a Dimension to use for Group-By;
    – a Filter to include or exclude specific packet sizes.
  • View in Explorer: View_in_Explorer-400w.pnga button on Alert Policy page that allows you to look at the existing, current flow data against which you are trying to build a policy.

BGP Events Notifications

BGP_setting-300w.png

You asked for it: we’ve added a notification toggle for BGP events to the notification setting on the User Profile, which is accessible by clicking your username at the top right of the navbar.

With this setting toggled to “Yes” you will be informed via email of any BGP event on Kentik Detect’s ingest points, including all service-affecting issues. We will continue to notify about BGP-affecting maintenance windows via our usual channels.

Avatar of authorGreg Villain