About Kentik

This article provides a basic introduction to Kentik, with answers to the following questions:

The Kentik Portal enables configuration of traffic and synthetic monitoring and displays the resulting charts, tables, and indicators.
 

What is Kentik?

Kentik is an open, scalable platform for collecting, analyzing, and visualizing data about the health and performance of your organization's networks. Kentik covers both on-prem infrastructure (e.g. data centers) and cloud resources, correlates data from both actual traffic and synthetic testing, and provides instant answers based on both real-time and historical data.

Kentik's purpose-built data platform sets up in minutes and provides fast, simple tools that help isolate, identify, and explain unusual activity or behavior, alerting you in real time to performance issues and attacks. The Kentik portal is a Web-based user interface that allows you to run sophisticated analytics on traffic data, monitor availability with synthetic testing, and protect your network with alerts and mitigation. The Kentik platform also integrates with your own tools and systems using Kentik REST APIs.

 

What traffic data is collected?

The main data source for Kentik is “flow” data. A flow is a collection of packets that traverses a device, such as a router, switch, or host (see Supported Device Types), and shares certain properties including protocol and source and destination IP address (see About Flow). If a given device is configured to enable it, flow data can be collected in a cache and exported by sending it to a specified destination (e.g. Kentik) at a specified interval. The primary protocols in use for flow are sFlow, IPFIX, and NetFlow version 9 or version 5.

The flow data collected by Kentik is enriched with a variety of additional data that is correlated and stored in time series flow records within the Kentik Data Engine, Kentik’s distributed back end. These data types include the following:

  • SNMP: Used to determine interface names/descriptions and to validate flow levels (see SNMP OID Polling).
  • GeoIP: Used to determine country, region, and city of flow source and destination.
  • BGP: Correlated with flow data to extract source and destination AS Path and community information on a per-flow basis (see BGP Overview), enabling features such as Discover Peers.
  • Host traffic data: Correlated with flow data to provide information from hosts, including URLs, DNS queries, and performance information (retransmits, fragments, etc.). See Host Traffic Dimensions and Host Traffic Metrics.
  • Classification data: Information, useful for business intelligence, about the role of the interfaces through which your traffic enters and leaves the network (see Interface Classification).
  • Threat feeds: Obtained daily from Spamhaus and correlated with flow data to identify source and destination hosts and IPs that have been identified as a security threat (see Threat Feed Columns).

For a more detailed look at the kinds of data we store in KDE, see Dimension Categories and Dimensions Reference.

 

How is data collected?

Kentik can receive flow from sources including routers and switches as well as hosts/servers. Host monitoring provides enhanced debugging of performance issues because data from the host agent enables display and analysis of TCP retransmits per flow.

Flow data may come to Kentik from any of the following sources:

  • Direct: From routers or switches directly to Kentik servers (see About Devices).
  • Host agent: From hosts that are monitored using kprobe, Kentik’s software host agent (see Host Configuration).
  • Proxy agent: From routers or switches via a locally hosted instance of kproxy, Kentik's NetFlow Proxy Agent, which can be configured to collect, munge, encrypt, and redirect both flow and SNMP.
 

How do I access my data?

Kentik provides three ways to access and view your stored traffic data (flow records, BGP, etc.):

  • Portal: Access via the views available in the Kentik portal (UI), including the Data Explorer, Dashboards, and the Query Editor.
  • APIs: Access via one of the Kentik APIs; see About Kentik APIs.
  • Firehose: Supported by our ktranslate agent, Kentik Firehose enables you to integrate Kentik-enriched flow records into other (non-Kentik) analytics systems, either directly or through a data lake; see Using Kentik Firehose.
 

What synthetic testing is supported?

Kentik's Synthetics workflows are easy to set up and cost effective to run. Testing is enabled by Kentik's ksynth software agent (see About Synthetics Agents), which is deployed in two contexts:

  • Public agents: Accessible to all Kentik customers, the public agents that make up our Kentik Global Agent Network are located in all major Internet hubs and cloud regions (AWS, GCP, Azure, IBM, etc.).
  • Private agents: Accessible only to your organization, private agents are deployed in your physical infrastructure or your cloud resources.

Ping and traceroute tests performed continuously with public and/or private agents generate key metrics (latency, jitter, and loss) that are evaluated for network health and performance. Kentik is also unique in its ability to intelligently guide synthetic testing based on patterns in your actual traffic, enabling you to focus testing resources where they can have the greatest impact. For further information see Synthetics Overview.

The Synthetics Dashboard is the landing page for Synthetics.
 

Anything else I should know?

The following resources should help you get up to speed with Kentik:

  • Check the rest of this Knowledge Base for helpful information on the setup and use of Kentik:
    - The sidebar at left contains the Contents tab and a Search tab in which you can find all topics containing one or more entered strings.
    - The How-Tos library (accessed from the Contents tab) enables you to browse or search for step-by-step procedures to accomplish specific tasks.
  • We’re happy to answer any questions you may have about setting up and using Kentik. Learn how to contact us at Customer Support.
© 2014- Kentik
In this article:
×