In this article:

Contents Search
   

 

Interface Classification

Note: These settings are accessed via the Admin menu, which is displayed to Admin users only (hidden from Member users).

Interface Classification is an automated process that enables your organization to quickly and easily understand the types of interfaces through which your traffic enters and leaves the network, giving you the ability to optimize your network for cost and performance. Interface Classification is covered in the following topics:

 

 
 top

About Interface Classification

The purpose and usage of interface classification in Kentik Detect is covered in the following topics:

 

 
 top  |  section

Interface Classification Overview

Interface classification involves assigning to each interface a value for two attributes (network boundary and connectivity type) and incorporating those attribute values into the flow records collected by Kentik Detect from traffic using each interface. Once a given interface has been classified (see Classification Rules), you can use the classification values as source or destination dimensions and/or filters in queries in Data Explorer, Dashboards, or Alerting, and also via the Kentik V5 Query API.

The following key points give a high-level introduction to Interface Classification in Kentik Detect:

  • Rules are defined on the Interface Classification Page of the Kentik Detect portal (click Admin in the portal navbar and then Interface Classification in the sidebar):
    - Rules evaluate either the description or IP address of an interface;
    - Rules apply a connectivity type value (see Connectivity Type Attribute) to an interface;
    - Rules apply a network boundary value (see Network Boundary Attribute), that is either specified manually (per rule) or applied automatically based on connectivity type.
  • Rules are evaluated from the Interface Classification page (see Applying Classification Rules), resulting in:
    - Efficient automated classification of some percent of interfaces;
    - Identification of devices with the remaining interfaces so that the descriptions/IP addresses can be modified to enable automatic classification.
  • Once a given interface is classified, the flow records for traffic using that interface are augmented with the classification values as they are ingested into KDE:
    - For network boundary the values are stored in the following KDE fields: src_interface_network_boundary, dst_interface_network_boundary;
    - For connectivity type the values are stored in the following KDE fields: src_interface_connectivity_type, dst_interface_connectivity_type.
  • Once flow records that include connectivity and boundary classifications are ingested into KDE, Kentik Detect queries can use those classifications for group-by dimensions and/or filters.

 

 
 top  |  section

Network Boundary Attribute

The network boundary attribute is used to classify interfaces as Internal or External, which enables you to see whether the source and destination of the traffic are both are fully within your network or if the traffic crossed a network boundary (came from or went to a different AS). This distinction allows Kentik Detect to avoid counting a given flow multiple times as it passes through the network, and it gives technical decision makers the ability to see how much traffic is coming in and out of their network versus how much of it is contained within the network.

The diagram below illustrates the over-counting issue that network boundary classification is intended to address. AS100 is the autonomous system of an imaginary Kentik Detect customer that receives and sends traffic to multiple ASNs via five network devices. We’ve got two flows (the light and dark gray lines), but each flow is generating three flow records that are sent to Kentik Detect: at ingress (orange segments at left), internal to the network (red segments in center), and at egress (blue segments at right). If we want to count flows at ingress then we need to be able to exclude the flow records that aren’t from the two orange segments at the left. Likewise, if we want to count the flows at egress we need to be able to exclude the flow records that aren’t from the two blue segments at the right.

The following screenshot shows an example of a visualization that you can generate in Data Explorer once network boundary classification is implemented on a given interface.

 

 
 top  |  section

Connectivity Type Attribute

The connectivity type attribute is used to classify interfaces by their role in the overall network, such as transit, ix, paid peering, etc. Identifying the type of connectivity used by traffic through a given interface gives you a way to look at the type of network from which a given set of traffic is entering and to which it is going, which helps you to determine costs and optimize pricing for that traffic.

The following connectivity types are currently supported:

  • Transit
  • IX Peering (Fabric)
  • Free private peering
  • Paid private peering
  • Backbone
  • Customer
  • Host
  • Available (identifies an interface that is available and unused versus one that isn’t available, e.g. no transceiver).
  • Reserved (identifies an interface that is currently available but already allocated for future use).

The connectivity type is derived by evaluation of the following types of SNMP polling data collected about the interfaces by Kentik Detect (see SNMP OID Polling):

  • Interface description: Most decent size networks largely follow (more or less) consistent naming conventions, and those names are one of the first attributes looked at when troubleshooting, so there’s usually a strong incentive to keep them up to date. If an organization has SNMP polling enabled on all of its network devices, descriptions are readily available and pulled by Kentik Detect.
  • Interface IP address: Depending on a network’s addressing policies, connectivity type can be inferred from the IP Addressing on the interface, which is polled by Kentik Detect. Examples of policies might include:
    - a range of IP addresses may be used exclusively for transit customers;
    - a range of RFC1918 IP addresses may be used exclusively for interfaces on CDN servers behind a load balancer;
    - a range corresponding to the LAN of a particular Internet Exchange.

The following screenshot shows an example of a visualization that you can generate in Data Explorer once connectivity type classification is implemented on a given interface.

 

 
 top  |  section

Classification Rules

Interface classification is an automated process whereby the value of the network boundary and connectivity type attributes are specified for the interfaces of every device that your organization has registered with Kentik Detect. The classification process, which is run from the Interface Classification Page of the Kentik Detect portal, involves creating and applying any number of “if-match-then-classify” rules. The rules engine periodically evaluates interface description and IP addresses gathered via SNMP polling for the interfaces of your devices. It looks for a match with conditions defined in your rules, and if a match is found it classifies the matching interface as specified in the matched rule.

Note: For further information, see Applying Classification Rules.

 

 
 top  |  section

Classification of Flows

Once the network boundary and connectivity type values have been determined for each interface (see Classification Rules) those values are stored in the device database that Kentik Detect uses for information about each device (and its interfaces) that your organization registers with the system. When traffic crosses a device, Kentik derives from the device-generated flow records (e.g. NetFlow) which interfaces the traffic passed through, looks up those interfaces in the device database, and incorporates attribute values from that database into the flow records that are stored in the Kentik Data Engine (KDE).

The inclusion of interface classification attributes in the device database enables the following:

  • Each interface on each device can now be classified with its network boundary value (internal or external).
  • Each interface on each device can now be classified with its connectivity type.
  • Each flow record stored in KDE can now include the network boundary and connectivity type values for its source and destination interfaces.

 

 
 top

Interface Classification Page

Interface Classification is configured via the Interface Classification page of the Kentik Detect portal (Admin » Interface Classification). That page and its associated dialogs are covered in the following topics:

 

 
 top  |  section

Interface Classification UI

The Interface Classification page contains the following UI elements:

  • Add Rule button: Opens the Add Rule dialog (see Rule Dialogs).
  • Configure Interface Classification link: Opens the Setup Network Boundaries dialog (see Configure Network Boundaries).
  • Rules List: Contains a list of the current interface classification rules; see Rules List.
  • Classified Devices pane: Displays the current classification status of interfaces on the devices your organization has registered with Kentik; see Classified Devices Pane.

 

 
 top  |  section

Rules List

Once a rule has been defined in the Add Rule dialog, it appears at the bottom of the Rules List on the main Interface Classification page. Rules are evaluated in order of the list (see Applying Classification Rules), which can be changed by dragging the handle that appears at the left of each row when you hover over it.

Each row in the list includes the following elements (left to right) some of which are visible only when you hover over a given row:

  • Number: The order in which the rule will be executed.
  • Drag handle: Click and drag the handle at left to move a rule higher or lower in the list. Visible (instead of the rule number) only when you hover over the row.
  • Rule statement: A summary of the rule as defined with the settings in the Add Rule dialog, e.g. “If description contains Server NIC then classify as Host | Internal.”
  • Disable/enable: A toggle switch to disable or enable the rule. Visible only when you hover over the row.
  • Remove (trash icon): Opens a confirming dialog that allows you to delete the rule from the rules engine.

 

Manual Rules Evaluation

The following Rules List events will cause an alert to appear at the top of the list, indicating that your rules need to be evaluated (manually applied) and displaying the Run Evaluation button; the alert disappears after the evaluation is run:

  • Change the order of the rules.
  • Disable or re-enable a rule.
  • Remove a rule.

 

View Rule Details

You can click on any row in the Rules List to open the corresponding rule in an Edit Rule dialog (see Rule Dialogs). The dialog opens pre-populated with the current settings of the rule.

 

 
 top  |  section

Classified Devices Pane

The Classified Devices pane (right sidebar) of the Interface Classification page includes the following elements:

  • Percent classified indicator: A ring diagram at the top of the pane showing the percent of your interfaces that have been successfully classified by the interface classification rules engine.
    Note: High classification ratios are usually achieved by applying a rigorously consistent interface description naming system and IP addressing system across your entire infrastructure.
  • Number classified indicators: A set of three indicators showing:
    - Devices: The number of devices on which the rules engine attempted interface classification.
    - Interfaces: The number of interfaces on which the rules engine attempted classification.
    - Classified: The number of interfaces that are classified.
  • Unclassified Interfaces (only if there are unclassified interfaces): A button that indicates the number of interfaces that are not yet classified, and opens the Unclassified Interfaces Dialog.
  • Device filter: A filter field for narrowing, by name, the devices displayed in the list of classified devices.
  • Sort button: Toggles the sort order (ascending or descending) of the listed devices (by name).
  • Device list: A list of the devices on which the rules engine attempted interface classification. Clicking on a device in the list will open, in a separate window or tab, the Device Interfaces Dialog for that device.

 

 
 top

Device Interfaces Dialog

The Device Interfaces Dialog is covered in the following topics:

 

 
 top  |  section

About the Device Interfaces Dialog

The Device Interfaces Dialog is a condensed version of the Interfaces Page. The dialog contains a table that lists all of the interfaces on a given device, but unlike the Interfaces Page it doesn’t include status information. To show the dialog for a given device, click on that device’s row in the device list of the Classified Devices Pane at the right of the Interface Classification page.

 

 
 top  |  section

Device Interfaces Dialog UI

The Device Interfaces dialog contains the following UI elements:

  • Close button: Click the X in the upper right corner to close the dialog.
  • Interfaces classified: Indicates, by fraction and by percent, the proportion of interfaces on the device that have been classified.
  • Filter field: Filters the Interface List to show only rows containing the entered text in any of the table columns.
  • Classification status selector: Filters the Device Interfaces List based on classification status:
    - All: Show all interfaces.
    - Classified: Show only interfaces that have been classified.
    - Unclassified: Show only interfaces that haven’t been classified.
    - Overridden: Show only interfaces whose SNMP-discovered values have been manually overridden (see Editing an Interface).
  • Device Interfaces List: A list of interfaces on the device (see Device Interfaces List).

 

 
 top  |  section

Device Interfaces List

The Device Interfaces List is a table whose rows each represent an interface that has been classified on the device (unclassified interfaces are not listed). Each row includes the following columns:

  • Name: The interface’s name string defined in the device itself and retrieved via SNMP.
  • Description: The description string defined in the device itself and retrieved via SNMP.
  • IP: The IP address for this interface.
    Note: The IP address is not reported for manually created interfaces.
  • Boundary ASNs: The ASNs of the autonomous systems to which — so far as Kentik is able to determine based on traffic and BGP data — an edge (External) interface is connected. If there’s more than one AS, the percent of traffic for each is also indicated.
  • Capacity: The maximum capacity in mbps as reported by SNMP.
  • Network Boundary: The network boundary value assigned to the interface by interface classification (see Network Boundary Attribute).
  • Connectivity Type: The network boundary value assigned to the interface by interface classification (see Connectivity Type Attribute).
  • View Interface Chart: Opens a modal with a multi-axis chart showing the traffic across the interface (top source AS number vs. top dest AS number) ranked by max bits/second:
    - Use the display type drop-down at upper right to change the type of chart.
    - Click the View in Explorer button to open the chart in Data Explorer for further exploration of that traffic.

Click on a column heading to sort the list (ascending or descending).

Note: When a value in the Name, Description, IP, or Capacity columns of the Device Interfaces List has been specified manually (rather than SNMP-discovered) it will be underlined in red. If you hover over a red-underlined value a popup will be displayed that includes the manually specified value and the SNMP-discovered value (if any).

 

 
 top

Unclassified Interfaces Dialog

The Unclassified Interfaces dialog, which opens from the Unclassified Interfaces button in the Classified Devices Pane, is covered in the following topics:

 

 
 top  |  section

Unclassified Interfaces UI

The Unclassified Interfaces dialog contains the following UI elements:

  • Close button: Click the X in the upper right corner to close the dialog.
  • Filter field: Filters the Interface List to show only rows containing the entered text in any of the table columns.
  • Group-by selector: Groups the interfaces in the table:
    - None: No subgroups within the Unclassified Interfaces List.
    - Device: Groups the interfaces by device, inserting a heading row for each device with an indicator of the number of unclassified interfaces on that device.
  • Unclassified Interfaces List: A list of interfaces on the device (see Unclassified Interfaces List).

 

 
 top  |  section

Unclassified Interfaces List

The Unclassified Interfaces List is a table that includes the following columns (click on a column heading to sort ascending or descending):

  • Device: The device to which the interface belongs.
  • Name: The interface’s name string, either defined in the device itself and retrieved via SNMP or manually specified in Kentik (overridden; see Add or Edit Interface).
  • Description: The description string, either defined in the device itself and retrieved via SNMP or manually specified in Kentik (overridden).
  • IP: The IP address for this interface.
    Note: The IP address is not reported for manually created interfaces.
  • Boundary ASNs: The ASNs of the autonomous systems to which — so far as Kentik is able to determine based on traffic and BGP data — an edge (External) interface is connected. If there’s more than one AS, the percent of traffic for each is also indicated.
  • Capacity: The capacity of the interface in Mbps.
  • View Interface Chart (icon): Opens a modal with a chart showing the traffic across the interface ranked by max bits/second to each destination AS:
    - Use the display type drop-down at upper right to change the type of chart.
    - Click the View in Explorer button to open the chart in Data Explorer for further exploration of that traffic.

Note: When a value in the list has been specified manually (rather than SNMP-discovered) it will be underlined in red. If you hover over a red-underlined value a popup will be displayed that includes the manually specified value and the SNMP-discovered value (if any).

 

 
 top

Rule Dialogs

Adding or editing an interface classification rule involves specifying information in the rule dialogs, which are covered in the following topics.

 

 
 top  |  section

About Rule Dialogs

The Kentik portal uses rule dialogs to define interface classification. The information required to define a rule is entered in either of the following dialogs:

  • Add Rule when creating a new rule.
  • Edit Rule when editing an existing rule.

The UI of these two dialogs is identical, except that the Unclassified Interfaces view appears only in the Add Rule dialog.

 

 
 top  |  section

Rule Dialogs UI

The rule dialogs include the following UI elements:

  • Close button: Click the X in the upper right corner to close the dialog without saving any changes.
  • Set Rule Conditions: Configure a rule using the controls described in Rule IF Settings and Rule THEN Settings.
  • Test or Save: Enables testing a rule or saving it to the Rules List on the main Interface Classification page.
  • Main Pane: Contains one or the other of the following:
    - Unclassified Interfaces (initial state): A list of unclassified interfaces (see Unclassified Interfaces View).
    - Analyze Results: (after rule is tested): information about the result of testing a rule (see Analyze Results View).

 

 
 top  |  section

Rule IF Settings

The dialog’s IF controls specify the match condition that the rules engine will look for:

  • Interface field: The SNMP-polled interface field in which to look for a match, which will be one of the following:
    - Interface description;
    - IP address.
  • Match clause: The operator used to evaluate the interface field for a match, which depends on which field type will be evaluated:
    - Interface description: equals, contains, or matches regex;
    - IP address: is contained in subnet, is public IP address, is private IP address, has no IP address.
  • Pattern field: The string or IP address to try to match (not present when the match clause is “has no IP address”).

The controls above allow various ways to build a rule depending on the SNMP field to match on and the match clause. As discussed in Connectivity Type Attribute, a match can be based on one of two SNMP fields:

  • Interface description: Base the match on interface description, which might be stated as something like: “if description contains peering: PI then classify the interface as free private peering.” In this case peering: PI would be a string that you provide based on your knowledge of the interface description protocol used on your network, and free private peering would be selected from the connectivity type drop-down.
  • IP address: Base the match on IP, which might be stated as something like: “if IP address is in subnet 123.456.78.90 then classify the interface as host.”

The following table gives an idea of the types of matching that you can currently use in your rules:

Interface Attribute Match clause Matches when...
Description Equals Provided string is an exact match with the description (case sensitive).
Description Contains Provided string is found in the description (case insensitive).
Description Matches Regex Provided string is found in the description with Standard Regex match.
IP Address is contained in subnet Interface’s IP address is within the user-provided CIDR.
IP Address is a Public IP Address Interface’s IP address is a publicly routable IP address.
IP Address is a Private IP Address Interface’s IP address is reserved (e.g. RFC1918, test-net, doc-net, apipa, cgn, etc.).
IP Address has no IP address Interface has no IP address.

 

 
 top  |  section

Rule THEN Settings

The dialog’s THEN controls specify the interface classification attribute values that will be applied by the rules engine if a match is found:

  • Connectivity type: Set the connectivity type value that will be applied if the rule is matched (see Connectivity Type Attribute).
  • Network boundary: Set the network boundary value (Internal or External) that will be applied if the rule is matched (see Network Boundary Attribute).

By default, the network boundary classification is automatically determined by the connectivity type. You can override the automatic correspondence between network boundary and connectivity type in either of two ways:

  • To change the boundary value that will be applied for an individual rule, toggle the Auto button to off, then choose a value (Internal or External) from the drop-down list.
  • To change the boundary value that will be applied automatically for a given connectivity type, see Configure Network Boundaries.

 

 
 top  |  section

Test or Save Controls

The Test or Save section of the rules dialogs includes two buttons for applying the IF and THEN settings:

  • Test Rule: Allows you to see the effect of applying the rule. An Evaluating Rules alert will appear, after which the right side of the dialog will switch to Analyze Results View.
  • Add Rule (Add Rule dialog only): Adds the rule to your set of interface classification rules, classifies your interfaces, and closes the dialog, leaving you back on the Interface Classification page with the new rule now shown at the end of the Rules List.
  • Save Changes (Edit Rule dialog only): Saves any changes to the rule, classifies your interfaces, and closes the dialog, leaving you back on the Interface Classification.

 

 
 top  |  section

Unclassified Interfaces View

In its initial state, the main area of the Add Rule dialog displays a table whose rows each represent an unclassified interface. The way that the interfaces are displayed in the list can be changed with the following controls:

  • Filter field: Filters the Interface List to show only rows containing the entered text in any of the table columns.
  • Group-by selector: Groups the interfaces in the table:
    - None: No subgroups within the table.
    - Device: Groups the interfaces by device, inserting a heading row for each device with an indicator of the number of unclassified interfaces on that device.

The table itself includes the following columns:

  • Device: The device to which the interface belongs.
  • Name: The interface’s name string, either defined in the device itself and retrieved via SNMP or manually specified in Kentik (overridden; see Add or Edit Interface).
  • Description: The description string, either defined in the device itself and retrieved via SNMP or manually specified in Kentik (overridden).
  • IP: The IP address for this interface.
    Note: The IP address is not reported for manually created interfaces.
  • Boundary ASNs: The ASNs of the autonomous systems to which — so far as Kentik is able to determine based on traffic and BGP data — an edge (External) interface is connected. If there’s more than one AS, the percent of traffic for each is also indicated.
  • View Interface Chart (icon): Opens a modal with a chart showing the traffic across the interface ranked by max bits/second to each destination AS:
    - Use the display type drop-down at upper right to change the type of chart.
    - Click the View in Explorer button to open the chart in Data Explorer for further exploration of that traffic.

Note: When a value in the list has been specified manually (rather than SNMP-discovered) it will be underlined in red. If you hover over a red-underlined value a popup will be displayed that includes the manually specified value and the SNMP-discovered value (if any).

 

 
 top  |  section

Analyze Results View

The rules dialogs allow you to test, without actually applying a new or edited rule, what the currently configured rule settings would do. If you click the Test Rule button at the lower left of the dialog (see Test or Save Controls), the rule will be evaluated, and the main area of the Add Rule dialog will display the Analyze Results view, which includes two panes that provide information about the current state of interface classification across your organization’s Kentik-registered devices.

 

All Interfaces

This pane presents a summary of the test results:

  • The percent of interfaces classified (by all enabled rules).
  • A show/hide toggle link (default is hidden) for a table listing the devices that still aren’t classified.
  • The table itself.

The table includes the following columns:

  • Device: The device to which the interface belongs.
  • Name: The interface’s name string, either defined in the device itself and retrieved via SNMP or manually specified in Kentik (overridden; see Add or Edit Interface).
  • Description: The description string, either defined in the device itself and retrieved via SNMP or manually specified in Kentik (overridden).
  • IP: The IP address for this interface.
    Note: The IP address is not reported for manually created interfaces.
  • Boundary ASNs: The ASNs of the autonomous systems to which — so far as Kentik is able to determine based on traffic and BGP data — an edge (External) interface is connected. If there’s more than one AS, the percent of traffic for each is also indicated.
  • Capacity: Interface capacity, either defined in the device itself and retrieved via SNMP or manually specified in Kentik (overridden).
  • View Interface Chart (icon): Opens a modal with a chart showing the traffic across the interface ranked by max bits/second to each destination AS:
    - Use the display type drop-down at upper right to change the type of chart.
    - Click the View in Explorer button to open the chart in Data Explorer for further exploration of that traffic.

Note: When a value in the table has been specified manually (rather than SNMP-discovered) it will be underlined in red. If you hover over a red-underlined value a popup will be displayed that includes the manually specified value and the SNMP-discovered value (if any).

 

Device Matches

This pane presents classification status by device in the form of a Device Matches list. The list shows how many interfaces per device, by percent and number, are classified by the current rule and all other enabled rules, so you can see if the current rule is having any effect on overall classification. A toggle link is provided to hide/show the list.

Each row in the list includes the following:

  • The device name.
  • A horizontal bar showing the percent of classified interfaces on the device.
  • The number of interfaces matched and classified by the current rule (left half of lozenge, on blue background).
  • The number of interfaces classified by other rules (right half of lozenge).
  • The percent of interfaces classified.

When you click on a row in the breakdown, an Interfaces Classified Dialog will appear that shows the classification status of the interfaces on the device corresponding to that row.

 

 
 top

Interfaces Classified Dialog

The Interfaces Classified dialog, reached by clicking a row in the Device Matches list in the Add Rule or Edit Rule dialog, shows the classification status of the interfaces on an individual device. The dialog is covered in the following topics:

Note: The information available in this dialog is partially but not entirely the same as the information in the Device Interfaces Dialog reached from the Classified Devices pane on the Interface Classification page. The Interfaces Classified dialog includes classification status for each interface, but not other information such as capacity, network boundary, and connectivity type.

 

 
 top  |  section

Interfaces Classified UI

The Interfaces Classified dialog includes the following UI elements:

  • Device name: Shown in title bar at upper left.
  • Close button: Click the X in the upper right corner to close the dialog without saving any changes.
  • Interfaces Classified indicator: a collection of elements indicating:
    - The percent of classified interfaces on the device, shown as a horizontal bar with the percent stated at right.
    - The number of interfaces classified.
    - The total number of interfaces on the device.
  • Filter field: Filters the Interfaces Classified List to show only rows containing the entered text in any of the table columns.
  • Match indicator: States the IF condition defined in the rule (see Rule IF Settings) and the position of the rule in the Rules List.
  • Classification key: A key explaining the icons used in the left-hand column of the Interfaces Classified List, which cover the following cases:
    - The interface was matched and classified by this rule.
    - The interface matched this rule, but was already classified by prior rule (higher in the Rules List).
    - The interface did not match this rule, but was classified by another rule.
    - The interface matched no rules.
  • Interfaces Classified List: A list of interfaces on the device (see Interfaces Classified List).

 

 
 top  |  section

Interfaces Classified List

The Interfaces Classified List includes the following columns:

  • Match: An icon indicating the interface’s classification status. Possible values are described in the classification key (see Interfaces Classified UI).
  • Name: The interface’s name string, either defined in the device itself and retrieved via SNMP or manually specified in Kentik (i.e. overridden; see Add or Edit Interface).
  • Description: The description string, either defined in the device itself and retrieved via SNMP or manually specified in Kentik (overridden).
  • IP: The IP address for this interface.
    Note: The IP address is not reported for manually created interfaces.

Click on a heading to sort the list (ascending or descending).

 

 
 top

Applying Classification Rules

Interface classification involves applying the current rules in the rules list to your organization’s interfaces. The classification process is initiated in response to the following:

  • Automatic evaluation in response to:
    - Adding a new rule with the Add Rule button in the Add Rule dialog.
    - Saving an edited rule with the Save Changes button in the Edit Rule dialog.
  • Manual evaluation as described in Manual Rules Evaluation.

When the classification process is initiated the engine works through the interfaces on all of your registered devices. Classification is applied based on the first (top-most) match condition (“if”) that results in a match.

When an interface is classified, the values of the two attributes (connectivity type and network boundary) are written to your organization’s devices database in Kentik Detect, which is updated every three hours. From there the values are applied to incoming flow records as they are processed by our ingest layer.

If no rule is matched for a given interface, that interface won’t be classified. Information about how many interfaces were classified and which devices they were from is shown as part of the Classified Devices Pane.

 

 
 top

Configure Network Boundaries

The Configure Network Boundaries link on the main Interface Classification page takes you to the Configure Network Boundaries dialog. The dialog shows the boundary value (Internal or External) that is currently associated with each of the supported connectivity types (see Connectivity Type Attribute).

Using the drop-down selector below each connectivity type, you can change the associated network boundary value. When your interface classification rules are run, the engine will apply the settings in this dialog to every interface that is classified by a rule whose network boundary is set to Auto in the THEN section of the Add Rule or Edit Rule dialog (see Rule THEN Settings).

 

 
 top

Using Interface Classification

The use of Interface Classification is covered in the following series of steps:

  1. Check device SNMP fields: Interface classification works best when the following is applied across your entire infrastructure:
    - a rigorously consistent interface description naming system;
    - a rigorously consistent IP addressing system.
  2. Create and test rules: Based on your knowledge of the descriptions and IP addresses for the interfaces in your network, create a set of classification rules using the IF and THEN sections of the Rule Dialogs:
    - The IF section sets what will be matched to determine if the rule will be applied to a give interface (see Rule IF Settings).
    - The THEN section sets what connectivity type and network boundary values will be assigned to an interface that is matched by the rule (see Rule THEN Settings).
    - A rule can be tested as it is developed to see how many (and which) interfaces would be classified by the rule if the rule were applied (see Test Rule in Test or Save Controls).
  3. Apply classification rules: Initiate classification (see Applying Classification Rules), which results in applying the current set of rules in the rules list. Rules are evaluated in order of the list.
  4. Query based on classifications: Use the classification values as source or destination dimensions or in filters for queries in Data Explorer, in Dashboards, in Alerting, and via the Kentik V5 Query API:
    - dimensions for network boundary: src_interface_network_boundary, dst_interface_network_boundary;
    - dimensions for connectivity type: src_interface_connectivity_type, dst_interface_connectivity_type.