Router Configuration

The configuration of routers, switches, and other network hardware to collect and export data to Kentik Detect is covered in the following topics :

Notes:
- Model-specific configuration settings for devices sending data to Kentik Detect are provided in Device Configs Directory.
- To learn how to register routers on the Kentik system see Device Settings.
- For general information about flow, see Flow Overview.
- For information about host configuration, see Host Configuration.
- As used in this Knowledge Base, the term “router” refers as well to other non-host network devices such as switches.

 

 
 top

Router Configuration Overview

The Kentik Data Engine (KDE), Kentik Detect’s big data back-end, collects and correlates data from a variety of sources, including routers, switches, and other hardware in your Kentik-monitored network infrastructure. Data from these devices includes flow records (NetFlow, IPFIX, sFlow; see Flow Overview) as well as other network data such as BGP and SNMP.

Enabling Kentik to gather the above data from a given router involves configuration steps on the device itself and also in the Kentik Detect portal using the Add Device dialog (accessed via Admin » Devices; see Device Admin Dialogs). Before starting, you’ll need to decide which of the following methods you’ll use to get the data to Kentik:

  • Direct to KDE ingest servers.
  • Through a local encryptor/redirector running the Kentik software called “kproxy” (see NetFlow Proxy Agent).

The device configuration process varies depending on device manufacturer, but is typically performed in “configuration mode” or in a “configuration editor.” Before you start you’ll need to know the following information:

  • IP and port: The destination IP and Port to which the router should send flow data:
    - If the flow data is to be sent directly to Kentik Detect, this information (which varies from customer to customer) is found in the General Settings tab of the Add Device dialog in the Kentik Detect portal (see Device Config Info).
    - If the flow data is to be encrypted by kproxy before being sent to Kentik Detect, these values will be the IP and Port you chose on your local encryptor/redirector running kproxy.
  • Sample rate: The sample rate at which you want to sample flow records (see Flow Sampling). The rate configured on the router should match the rate set for the same device in the Kentik Detect portal (see Device General Settings).
  • Ingress or egress: Whether you will examine traffic at ingress or egress (ingress is recommended; see Ingress and Egress).

Once you’ve gathered the information listed above you’re ready to configure your routers to work with Kentik Detect. Configurations that work on common networking hardware products are covered in Device Configs Directory.

 

 
 top

Router Troubleshooting

If you’ve configured a router to send flow to Kentik Detect (using the router-specific configurations listed in Device Configs Directory) and you are not seeing flow from that router in the Kentik Detect portal, then we’ll need to know if the router is able to ping our collectors reliably with large packets. To find that out, please perform the following simple tests:

  • Determine that there’s no loss between your server and Kentik Detect:

ping -c200 -D -s400 flow.kentik.com

  • Determine if the MTU between you and Kentik Detect is “normal”:

ping -c100 -D -s1472 flow.kentik.com

  • Determine if fragmentation works either way:

ping -c100 -s1500 flow.kentik.com

Note: If your organization is registered with Kentik in the EU, the above URLs should instead be flow.kentik.eu.

The information that you gather from these tests will help us troubleshoot the issue if you contact support@kentik.com.

 

 
 top

SNMP OID Polling

SNMP polling by Kentik Detect is covered in the following topics:

 

 
 top  |  section

About SNMP Polling

OIDs are identifiers for SNMP objects that each represent the properties of a network-connected device such as a router. An OID takes the form of a path to the SNMP object it represents. Like a standard HTTP path, each segment represents a successively narrower slice of the entire networked universe, but in the case of an OID each segment is a pre-assigned number. The base OID for MIB-2 defined SNMP variables is 1.3.6.1.2.1.

Kentik Detect polls SNMP OIDs in two different categories (see details in table below):

  • Selected counter OIDs
  • Selected info OIDs

Notes:
- SNMP is polled on a given device only when Kentik Detect is actively receiving flow from that device.
- The timeout for polling from Kentik Detect is 60 seconds. If a response is not received then polling is skipped until the next polling interval (see SNMP Polling Intervals).

 

 
 top  |  section

SNMP Polling Intervals

The polling intervals for a given router depend on the device’s SNMP Polling setting, which is set in the Add Device or Edit Device page (see Device IP & SNMP Settings):

  • If Standard, interface counter will be polled every 5 minutes and interface description every 3 hours.
  • If Minimum, interface counter won’t be polled and interface description will be polled every 6 hours.

Note: The Interface List (see Interfaces Page) includes indicators that enable you to compare flow volume as reported via SNMP polling with flow volume as reported in flow records from the same device.

 

 
 top  |  section

Enabling SNMP Polling

To enable Kentik Detect to properly poll SNMP on a given router:

  • Determine which version of SNMP to use (see About SNMP V3).
  • Ensure that SNMP is enabled for the router (consult documentation for your router make and model).
  • Permit SNMP polling of the router from Kentik’s SNMP polling IPs. The IPs are listed in the SNMP Polling IPs field on the IP & SNMP tab of the router’s Edit Device dialog in the Admin section of the portal (open the dialog by clicking on the router in the Device List).
  • Set community on the router to match the SNMP Community string indicated on the router’s IP & SNMP tab.
  • If the router has been configured to block polling of any of the specific OIDs polled by Kentik Detect (see Kentik-polled SNMP OIDs), re-enable polling of those OIDs.

 

About SNMP V3

Kentik Detect supports polling via SNMP V3, which is more secure than previous SNMP versions. SNMP V3 is recommended for customers who have concerns about using SNMP V2 over the public Internet.

The SNMP V3 implementation in Kentik Detect allows each of the following to be enabled and configured independently:

  • Authentication: Options include:
    - None
    - MD5
    - SHA
  • Privacy: The actual encryption of SNMP transactions:
    - None
    - 56-bit DES encryption
    - AES-128

Note: Kentik Detect’s SNMP V3 privacy options do not currently include 168-bit 3DES.

To use SNMP V3:

  1. Configure your router to enable polling via SNMP V3. Consult your router documentation for the correct settings.
  2. Using the SNMP V3 toggle switch in the Add Device or Edit Device dialog in the Kentik Detect portal, enable SNMP V3 and fill in the resulting additional fields (see Device IP & SNMP Settings).

 

 
 top  |  section

Verifying SNMP Polling

If you’ve successfully completed the steps in Enabling SNMP Polling, after about 5 minutes (one complete counter polling interval) you’ll be able to verify in the portal that Kentik Detect is able to poll your router:

  • Go to the portal’s Admin » Devices page (choose Devices from the drop-down Admin menu).
  • In the Device list, find the row corresponding to the router and confirm that the SNMP indicator in the column at left is green.
  • In the router’s row, click the View Interfaces button at the right, which will take you to the Interfaces page for that router.
  • Verify that names and descriptions for the router’s interfaces appear on the Interfaces page.
  • Using the Show button, be sure that the Interface list is set to Traffic/Stats. In the Traffic In and Traffic Out columns, verify that lower value (SNMP) is greater than zero.

 

 
 top  |  section

Kentik-polled SNMP OIDs

The OIDs polled by Kentik Detect are listed in the topics below. To enable Kentik to poll SNMP on a given device the device must not be configured to block polling of any of the listed OIDs.

Notes:
- Discontinuities in the value of counters can occur at re-initialization of the management system, and at other times as indicated by the value of the OID ifCounterDiscontinuityTime (1.3.6.1.2.1.31.1.1.1.19).
- Additional information about the above OIDs may be found in the OID Repository at http://oid-info.com/.

 

Counter SNMP OIDs

The following counter OIDs are polled every 5 minutes when SNMP polling is standard (see SNMP Polling Intervals), and are not polled when polling is minimized:

OID (1.3.6.1.2.1...) Object/variable name
(SNMP_...)
Portal metric Streaming Telemetry path Description
...31.1.1.1.6 ifHCInOctets Input Bit Rate in-octets The total number of octets received on the interface, including framing characters.
...31.1.1.1.10 ifHCOutOctets Output Bit Rate out-octets The total number of octets transmitted out of the interface, including framing characters.
...31.1.1.1.7 ifHCInUcastPkts Input Packets in-unicast-pkts The number of packets, delivered by this sub-layer to a higher sub-layer, which were not addressed to a multicast or broadcast address at this sub-layer.
...31.1.1.1.11 ifHCOutUcastPkts Output Packets out-unicast-pkts The total number of packets that higher-level protocols requested be transmitted, and which were not addressed to a multicast or broadcast address at this sub-layer, including those that were discarded or not sent.
...2.2.1.14 ifInErrors Input Errors in-errors The number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol.
...2.2.1.20 ifOutErrors Output Errors out-errors The number of outbound packets that could not be transmitted because of errors.
...2.2.1.13
ifInDiscards Input Discards in-discards The number of inbound packets which were chosen to be discarded even though no errors had been detected, possibly to free up buffer space.
...2.2.1.19
ifOutDiscards Output Discards out-discards The number of outbound packets which were chosen to be discarded even though no errors had been detected, possibly to free up buffer space.
...31.1.1.1.8
ifHCInMulticastPkts Input Multicast Packets in-multicast-pkts The number of packets, delivered by this sub-layer to a higher sub-layer, which were addressed to a multicast address at this sub-layer. For a MAC layer protocol, this includes both Group and Functional addresses.
...31.1.1.1.12 ifHCOutMulticastPkts Output Multicast Packets out-multicast-pkts The total number of packets that higher-level protocols requested be transmitted, and which were addressed to a multicast address at this sub-layer, including those that were discarded or not sent. For a MAC layer protocol, this includes both Group and Functional addresses.
...31.1.1.1.9
ifHCInBroadcastPkts Input Broadcast Packets in-broadcast-pkts The number of packets, delivered by this sub-layer to a higher sub-layer, which were addressed to a broadcast address at this sub-layer.
...31.1.1.1.13 ifHCOutBroadcastPkts Output Broadcast Packets out-broadcast-pkts The total number of packets that higher-level protocols requested be transmitted, and which were addressed to a broadcast address at this sub-layer, including those that were discarded or not sent.

 

Information SNMP OIDs

The following information OIDs are polled every 3 hours when SNMP polling is standard (see SNMP Polling Intervals), and every 6 hours when polling is minimized:

OID (1.3.6.1.2.1...) Object/variable name
(SNMP_...)
Portal dimension (filtering) Description
...10.166.11.1.2.2.1.3 mplsL3VpnVrfDescription VRF Name The human-readable description of this VRF. Default is ““ (empty string).
...10.166.11.1.2.2.1.4 mplsL3VpnVrfRD VRF Route Distinguisher The route distinguisher for this VRF. Default is ““ (empty string).
...10.166.11.1.2.3.1.4 mplsL3VpnVrfRT VRF Route Target The route target distribution policy. Default is ““ (empty string).
...10.166.11.1.2.1.1.2 mplsL3VpnIfVpnClassification N.A. (Kentik internal use) Denotes whether this link participates in a carrier’s carrier, enterprise, or inter-provider scenario. Default is “enterprise.”
...2.2.1.2 ifDescr Interface Name A textual string containing information about the interface. Includes manufacturer name, product name, and interface version.
...31.1.1.1.18 ifAlias Interface Name An ‘alias’ name for the interface, as specified by a network manager, that provides a non-volatile ‘handle’ for the interface.
...31.1.1.1.15 ifHighSpeed Interface Capacity An estimate of the interface’s current bandwidth in bits per second.
...4.20.1.2 ipAdEntIfIndex N.A. An index value that uniquely identifies an interface. Used to derive the IP displayed for the interface in the portal (interface-related pages and dialogs).
...4.20.1.3 ipAdEntNetMask N.A. The subnet mask associated with the IP address of this entry. Used to derive the IP mask displayed for the interface in the portal (interface-related pages and dialogs).
...55.1.8.1.2 ipv6AddrPfxLength N.A. (Kentik internal use) The length of the prefix (in bits) associated with the IPv6 address of this entry.
...1.1 sysDescr N.A. (Kentik internal use) A textual description of the entity. Includes the full name and version identification of the system’s hardware type, software operating-system, and networking software.

In this article: