The use of CDN attribution in Kentik Detect is covered in the following topics:
Note: To use CDN attribution at least one of your DNS servers must be running Kentik’s kprobe host agent software (see Host Configuration).
Background information about CDN attribution is covered in the following topics:
CDN attribution makes it possible for Kentik Detect to determine whether a given flow record originated or terminated with a commercial CDN, and to store that information for each record using the following two columns of the Kentik Data Engine (KDE):
- src_cdn: The commercial name of the CDN derived from the source IP (inet_src_addr) of an ingested flow.
- dst_cdn: The commercial name of the CDN derived from the destination IP (inet_dst_addr) of an ingested flow.
Note: This dimension enables you to track “fill traffic” that is pointed toward a CDN server to fill a local cache.
Once stored in KDE (see KDE Tables), the columns can be used for both group-by dimensions and filters in Kentik Detect queries (e.g. in Data Explorer, Dashboards, etc.) as described in Applying CDN Attribution.
While fairly simple in theory, mapping IPs to CDNs is non-trivial in practice, mainly because CDNs rely on two infrastructure scenarios:
- CDN-owned Infrastructure: Each CDN runs their own ASN(s), with their own PoPs running their own cache servers
- ISP-embedded infrastructure: Many CDNs rely on ISP-embedded caching servers for better last mile performance. The CDN typically directs users of a given ISP to the CDN nodes that are co-located at the local ISP, closer to the end-users.
The above infrastructure scenarios may be blended in varying degrees by different types of CDNs, e.g. commercial, multi-tenant CDNs as distinct from single-purpose CDNs. But the dynamic algorithms employed by Kentik for CDN attribution allow IP mapping across the spectrum:
- A base mapping is obtained by listing ASNs by CDN and looking at their originated IP ranges.
- A more dynamic, additional layer taps into DNS traffic (upon ISP agreement) and deduces the remaining mappings.
The following diagram provides a simplified visual description of how CDN attribution operates:
Kentik has designed CDN attribution as a self-learning system that updates itself once a day. The system constantly discovers new CDNs as they are born and new IPs (caching servers) as they are deployed.
Preparing your Kentik setup for CDN attribution involves the following tasks:
- Install Kentik’s kprobe host agent software on at least one of your DNS servers (see Host Configuration).
- Configure the corresponding kprobe device (in the Kentik Detect portal or via Device API) to send DNS data to Kentik.
To configure CDN attribution in the portal:
- Click Admin in the portal navbar, then choose Devices from the sidebar at left to open the Devices page.
- Open the Add/Edit Device dialog:
- If you want to register a new DNS server with Kentik Detect, click the Add Device button.
- If you want to change the CDN attribution settings of an existing DNS server, click anywhere in the row corresponding to that device in the Device List.
Note: Legacy nProbe devices (type host-nProbe-dns-www) can be set to contribute to CDN attribution (see step 4) but won’t necessarily provide accurate information. To use CDN attribution, upgrade to kprobe as the host agent for all DNS servers (see kprobe Download and Install). If you need assistance with host agent software, please contact Kentik support (firstname.lastname@example.org).
- If you’re registering a new device, on the General Settings tab set the Type field to KPb (kprobe-beta).
- On the General Settings tab, set the Contribute to CDN Attribution switch to On.
- Set the remaining fields on the dialog’s tabs as needed (see About Device Fields).
- Click the Save button. The dialog will close and you’ll be back on the Devices page. If you added a new device it will now be shown in the Device List.
Note: DNS servers covering different geographical zones will typically result in distinct (largely non-overlapping) IP-to-CDN mappings. To export the best IP-to-CDN mapping data to KDE, Kentik recommends that CDN attribution users deploy kprobe on as many of their DNS servers as possible. This approach has the added advantage of providing highly granular NPM metrics for those devices (see Host Metrics and Dimensions).
Once you’ve registered one or more DNS servers with Kentik and configured them for CDN attribution, the flow records stored for those devices in KDE (see KDE Tables) will include CDN Attribution Dimensions. You will now be able to use those dimensions in Kentik Detect queries:
- To use source or destination CDN as a group-by dimension, see Query Dimension Selectors.
- To use source or destination CDN as a filter (as shown in the screenshot below), see Filtering Pane Settings.
Using CDN for filters or group-by dimensions in Data Explorer or Dashboard queries can reveal (among other things) how much of your traffic is coming from (shown in screenshot below) or going to various CDNs.