Device Admin

The setup of devices in the Kentik Detect portal is discussed in the following topics:

• About Devices
• Devices Page
• Device Admin Dialogs
• Add or Edit Device

Note: If you would like assistance with any aspect of registering a device, please contact us at support@kentik.com.

Devices in Kentik Detect are classified as either routers (which includes switches) or hosts. To enable devices to send flow data (NetFlow, sFlow, IPFIX) to Kentik Detect:

• Register a new device in the Kentik Detect portal, using the Add Device page. Information about that process is included in this article (see Add or Edit Device).
• Configure the device itself to send flow:
  - If the device is a router, see Router Configuration.
  - If the device is a host, see Host Configuration.

Note: If you would like assistance with any aspect of this process, please contact support@kentik.com.

All registered devices for a given customer are listed on the Devices page (a.k.a. Device Management) of the Kentik portal (choose Admin from the Kentik navbar, then Devices from the sidebar at left). The Devices page is covered in the following topics:

• Devices Page UI
• Device List

The Devices page includes the following UI elements:

• Filter field: Filters the Device List to show only rows containing the entered text in one of the following columns: Name, Type, Flow Type, or IP. You can also enter a site name to return the rows for devices in a given site.
• Group-by selector: Allows you to choose how the Device List table will be organized:
  - None: Lists all devices, without categorization.
  - Site: Shows devices categorized by site (see About Sites), where each site is shown as a collapsible list with its associated devices.
  - Plan: Shows devices categorized by plan (see About Plans), where each plan is shown as a collapsible list with its associated devices.
  - Type: Shows devices categorized by type, where each type is shown as a collapsible list with its associated devices (see Supported Device Types).
  - Label: Shows devices categorized by label (see Device Labels), where each type is shown as a collapsible list with its associated devices.
• Show selector: Allows you to choose which view of the Device List is displayed (see Device List Views).
• Add Device button: Links to an Add Device dialog where you can add a device to Kentik Detect (see Device Admin Dialogs).
• Device List: A table listing your organization’s devices (see Device List).

The Device List is a table that shows information about the listed devices as well as available actions. By default the list (or each group if group-by is Site, Plan, or Type) is ordered alphabetically by name (ascending). To change the sort order of the list, click on a heading to choose a sort column, and on the resulting blue up or down arrow to choose the sort direction (ascending or descending).

Notes:
- Click on a column heading to sort the list (ascending or descending).
- To see additional information about a given device, click anywhere in the row for that device, which opens a Edit Device dialog in which you can review and (in some cases) edit settings (see Editing a Device).
- To remove a device, click the device’s row to open the Edit Device dialog, then click Remove at bottom left.

The device list has two views that differ in terms of the columns that are displayed:

• Device Stats: See Device Stats View.
• Device Details: See Device Details View.

The two views have a number of columns in common (see Device List Common Columns).

The following columns of the Device List appear (left to right) in both the Device Stats view and the Device Details view:

• Flow: Indicates whether Kentik Detect is receiving flow from the device. If no flow is detected, the indicator is light gray. If flow is detected, then the indicator is green if the flow is coming directly from a router or blue if the flow is coming via the Kentik agent.
• SNMP: Indicates whether Kentik Detect is able to successfully poll the device for SNMP information. If yes, the indicator is green; if no it’s light gray.
• Name/ID: Indicates the following:
  - Name (top line): Name of the device as specified at the time the device was registered with Kentik Detect.
  - ID (bottom line): System-generated numeric ID assigned to the device when it was registered with Kentik Detect.
• Type: Indicates the category of the device (see Supported Device Types).
• Flow type: Indicates the type of flow (auto-detected) from the device:
  - NetFlow v5: NetFlow version 5
  - NetFlow v9: NetFlow version 9
  - IF: IPFIX
  - SF: sFlow
  - nProbe: used for flow sent to Kentik Detect from nProbe host agent software.
• IP: The IP address(es) from which the device sends data to Kentik Detect.
• BGP Status: Indicates the BGP Peering status for IP v4 (top) and v6 (bottom):
  - Enabled and established: BGP is turned on for this device and a session is currently established directly.
  - Enabled through another device: BGP is turned on for this device and a session is currently established indirectly (via another device).
  - Enabled but not established: BGP is turned on for this device, but a session is not currently established, either directly or indirectly.
  - Not enabled: BGP is turned off for this device.
  Note: To change BGP settings, see Editing a Device.
• View in chart: Opens the Current and Historical Traffic Dialog.
• View Interfaces: Links to the Interfaces Page that shows the device’s interfaces.
• View Interface Classification: Links to the Interface Classification page and opens the Device Interfaces Dialog for the device.

The following Device List columns appear only in Device Stats view:

• Pre-Cap FPS 2h: The 99th percentile rate, expressed in flows per second, at which the device has been sending data to Kentik Detect over the last two hours. This rate does not include the effect of any limits imposed on the device by the flow cap in the service agreement.
• Max FPS 5m: The maximum rate, expressed in flows per second, at which the device has sent data to Kentik Detect during the last 5 minutes. This rate reflects the effect of any limits imposed on the device by the flow cap in the service agreement.
• BGP Prefixes 5m: For devices whose BGP Status column shows enabled and established (see Device List Common Columns) this column shows the IP v4 (top) and v6 (bottom) prefixes currently (within last 5 minutes) in the BGP routing table.
• Sample Rate 24h: If the device’s flow protocol includes a sample rate field (sFlow or NetFlow v5), the 95th percentile sample rate reported in the last 24 hours, else the device’s sample rate setting in the portal.
  Note: If the flow from a given device is dynamically downsampled by Kentik to keep FPS within limits specified in the device’s plan, then this number will be the downsampled rate.

Note: For columns that are common to all Device List views, see Device List Common Columns.

The following Device List columns appear only in Device Details view:

• Interface Classification: Shows the number and percent of interfaces classified (see Interface Classification).
• Device options: Indicates whether the following settings are enabled (green checkmark) or disabled (gray disc):
  - CDN attribution: Enabled if the device is a host and its Contribute to CDN Attribution switch is on (see Device General Settings).
  - Flowspec: Enabled if the device’s BGP Flowspec Compatible switch is on (see Device BGP Settings).
  - RTBH: Enabled if the device is assigned to an RTBH mitigation platform (see RTBH Platform Settings).
• Plan & Site: Shows the following:
  - Plan (top line): The ID of the plan to which the device belongs (see About Plans).
  - Site (bottom line): The name of the site to which the device is assigned (see About Sites).

Note: For columns that are common to all Device List views, see Device List Common Columns.

The Current and Historical Traffic dialog, opened via the View in Chart button, displays a chart of the total volume of flows (source and destination) for a given device, both historically and over the last 24 hours.

The dialog includes the following UI elements:

• Close buttons: To close the dialog, click the X in the upper right corner or the Close button at lower right.
• View Type: A drop-down menu used to set the type of visualization used for the graph (defaults to Line Chart); for descriptions of the options see Chart View Types.
• Chart: The visualization of traffic (using the current view type).
• View in Explorer button: Opens Data Explorer for further exploration of the device’s traffic. The sidebar will be set so that query results will show the same traffic that is shown in the dialog.

Adding or editing a device via the Kentik portal involves specifying information in the fields of the device admin dialogs, which are covered in the following topics.

• About Device Dialogs
• Device Dialogs UI
• About Device Fields
• Device General Settings
• Device Plan & Site Settings
• Device IP & SNMP Settings
• Device BGP Settings
• Device Config Info

Note: Devices can also be added and edited with the Device API.

The Kentik portal uses device admin dialogs to collect the information required for Kentik to connect with the device to receive flow, poll SNMP, and establish BGP peering (when applicable). The required information is entered into the fields of either of the following dialogs:

• Add Device when registering a new device with Kentik.
• Edit Device when editing an already registered device.

The Add Device and Edit Device dialogs share the same layout and the following common UI elements:

• Close button: Click the X in the upper right corner to close the dialog. All elements will be restored to their values at the time the dialog was opened.
• Tab selectors: Choose the tab to display (see tab-specific topics below).
• Remove button (Edit Device dialog only): Remove the device from your organization’s collection of Kentik-registered devices.
• Cancel button: Cancel the add device or edit device operation and exit the dialog. All elements will be restored to their values at the time the dialog was opened.
• Add Device button (Add Device dialog only): Save settings for the new device and exit the dialog.
• Save button (Edit Device dialog only): Save changes to device settings and exit the dialog.

Each device admin dialog is broken into the tabs covered in the topics below, each of which is made up of a number of fields. The tabs that are visible at any given moment, and the fields on those tabs, varies depending on the type (router or host) of the device, and whether the device is being added or edited.

Until all required settings on a given tab are entered the tab name is preceded with a caution icon. Once a tab’s fields are complete the icon changes to a check mark.

Notes:
- Some fields that are editable when adding a device are read-only when editing a device.
- In addition to the fields used to enter information, the tabs of the device dialogs also include information used to configure a device to connect with Kentik (for routers, see Router Configuration Overview).

The following table shows the elements of the General Settings tab of the device admin dialogs:

The address specified with Sending IPs must be unique (not used by any other device in your organization) for any device sending flow data directly to Kentik Detect. If, however, a device sends flow data via kproxy (see Kentik Proxy Agent) then an IP specified in the Sending IPs field may be the same as that of an already registered device so long as the following is true:

• The two devices do not use the same instance of kproxy.
• Both instances of kproxy specify a valid site ID using the -site_id parameter in the kproxy command line (see kproxy Proxy Agent Arguments).
• The value of -site_id for the two instances of kproxy is not the same.

Kentik Detect currently supports devices in two broad categories:

• Routers, which include switches and firewalls.
• Hosts, which include cloud resources.

Devices in the two categories store and report traffic differently (see Device Type), and also have some differences in portal configuration settings, most notably a BGP tab for routers that is not present for hosts. The table below shows the types of devices currently available in the portal, including the category of each.

Note: In the Device API the above device types are referenced using the subtype values listed above.

Kentik Detect uses the kprobe software host agent to generate network traffic data from hosts (see About kprobe). The sample rate for flow data generated by kprobe involves two settings:

• The --sample parameter of the kprobe Command Line. This CLI parameter is optional.
• The Sample Rate field of the Device General Settings tab of the Add Device or Edit Device dialog. This setting is required when a host device is registered in the portal.

The sample rate that is actually used is determined by the following:

• If the --sample parameter is included in the command line, the CLI-provided value takes precedence over the Sample Rate field value.
• If the --sample parameter is not included in the command line, the Sample Rate field value is used.

The following table shows the elements of the Plan & Site tab of the device admin dialogs:

The table below shows the elements of the IP & SNMP tab of the device admin dialogs.

Note: This tab is shown only when the device type is router.

The following table shows the elements of the BGP Settings tab of the device admin dialogs:

Note: Settings can’t be made on the BGP Settings tab unless the Billing Plan field (see Device Plan & Site Settings) is set to a plan that supports BGP (see About Plans).

In addition to internal Kentik Detect settings for registered devices, the tabs of the Add Device and Edit Device dialogs include the following information needed when configuring routers:

• Kentik ingest IP (General Settings tab): The IP address at Kentik to which your router should be configured to send data.
• Kentik ingest UDP port (General Settings tab): The port at Kentik to which your router should be configured to send data.
• SNMP polling IPs (IP & SNMP tab): The IPs from which your router should be configured to allow SNMP polling using the Community supplied in the router configuration.
• Peering Address (BGP Settings tab): The IPv4 and IPv6 addresses with which to peer devices for BGP (the devices must be in a plan that support BGP; see About Plans).

Devices are created and edited via the Devices page of the Kentik Detect portal (choose Admin from the Kentik navbar, then Devices from the sidebar at left). The add/edit process is covered in the following sections:

• Adding a Device
• Editing a Device
• Enabling BGP

To add (register) a new Device:

1. Choose Admin from the Kentik navbar, then Devices from the sidebar at left.
2. Open the Add Device dialog by clicking the Add Device button at upper right.
3. On the General Settings tab, enter a name in the Name field.
4. Choose the Type (see Supported Device Types), which determines the settings fields that are displayed.
5. Specify the values of the remaining fields (see Device Admin Dialogs).
6. Save the new device by clicking the Add Device button.

Notes:
- In addition to registering a device you must also configure the device itself to send flow records to Kentik Detect; see Router Configuration or Host Configuration.
- For assistance walking through this process please email support@Kentik.com.

To edit an existing Device:

1. Choose Admin from the Kentik navbar, then Devices from the sidebar at left.
2. In the Device List, click in the row for the device that you’d like to edit, which will open the Edit Device dialog.
3. Edit the fields that you want to change (see Device Admin Dialogs).
4. Save the changes by clicking the Save button.

Note: To delete a device, click Remove at lower left.

To enable collection of BGP data from a device:

1. Choose Admin from the Kentik navbar, then Devices from the sidebar at left.
2. In the Device List, click the name of the device from which you wish Kentik to get BGP data, which opens the Edit Device dialog for that device.
3. On the BGP Settings tab, choose “Peer With Device” from the drop-down BGP Type menu. Several new fields will appear on the page:
   - Your IPv4 Peering Address;
   - Your Ipv6 Peering Address;
   - Your ASN;
   - BGP MD5 Password.
4. Fill in these fields (for descriptions, see Device Admin Dialogs), then click Save.