Device Admin

Note: These settings are accessed via the Admin menu, which is displayed to Admin users only (hidden from Member users).

The setup of devices in the Kentik Detect portal is discussed in the following topics:

Note: If you would like assistance with any aspect of registering a device, please contact us at support@kentik.com.

 

About Devices

Devices in Kentik Detect are classified as either routers (which includes switches) or hosts. To enable devices to send flow data (NetFlow, sFlow, IPFIX) to Kentik Detect:

  • Register a new device in the Kentik Detect portal, using the Add Device page. Information about that process is included in this article (see Add or Edit Device).
  • Configure the device itself to send flow:
    - If the device is a router, see Router Configuration.
    - If the device is a host, see Host Configuration.

Note: If you would like assistance with any aspect of this process, please contact support@kentik.com.

 

Devices Page

All registered devices for a given customer are listed on the Devices page (a.k.a. Device Management) of the Kentik portal (choose Admin from the Kentik navbar, then Devices from the sidebar at left). The Devices page is covered in the following topics:

 
top  |  section

Devices Page UI

The Devices page includes the following UI elements:

  • Filter field: Filters the Device List to show only rows containing the entered text in one of the following columns: Name, Type, Flow Type, or IP. You can also enter a site name to return the rows for devices in a given site.
  • Group-by selector: Allows you to choose how the Device List table will be organized:
    - None: Lists all devices, without categorization.
    - Site: Shows devices categorized by site (see About Sites), where each site is shown as a collapsible list with its associated devices.
    - Plan: Shows devices categorized by plan (see About Plans), where each plan is shown as a collapsible list with its associated devices.
    - Type: Shows devices categorized by type, where each type is shown as a collapsible list with its associated devices (see Supported Device Types).
    - Label: Shows devices categorized by label (see Device Labels), where each type is shown as a collapsible list with its associated devices.
  • Show selector: Allows you to choose which view of the Device List is displayed (see Device List Views).
  • Add Device button: Links to an Add Device dialog where you can add a device to Kentik Detect (see Device Admin Dialogs).
  • Device List: A table listing your organization’s devices (see Device List).
 
top  |  section

Device List

The Device List is a table that shows information about the listed devices as well as available actions. By default the list (or each group if group-by is Site, Plan, or Type) is ordered alphabetically by name (ascending). To change the sort order of the list, click on a heading to choose a sort column, and on the resulting blue up or down arrow to choose the sort direction (ascending or descending).

Notes:
- Click on a column heading to sort the list (ascending or descending).
- To see additional information about a given device, click anywhere in the row for that device, which opens a Edit Device dialog in which you can review and (in some cases) edit settings (see Editing a Device).
- To remove a device, click the device's row to open the Edit Device dialog, then click Remove at bottom left.

Device List Views

The device list has two views that differ in terms of the columns that are displayed:

The two views have a number of columns in common (see Device List Common Columns).

Device List Common Columns

The following columns of the Device List appear (left to right) in both the Device Stats view and the Device Details view:

  • Flow: Indicates whether Kentik Detect is receiving flow from the device. If no flow is detected, the indicator is light gray. If flow is detected, then the indicator is green if the flow is coming directly from a router or blue if the flow is coming via the Kentik agent.
  • SNMP: Indicates whether Kentik Detect is able to successfully poll the device for SNMP information. If yes, the indicator is green; if no it's light gray.
  • Name/ID: Indicates the following:
    - Name (top line): Name of the device as specified at the time the device was registered with Kentik Detect.
    - ID (bottom line): System-generated numeric ID assigned to the device when it was registered with Kentik Detect.
  • Type: Indicates the category of the device (see Supported Device Types).
  • Flow type: Indicates the type of flow (auto-detected) from the device:
    - NetFlow v5: NetFlow version 5
    - NetFlow v9: NetFlow version 9
    - IF: IPFIX
    - SF: sFlow
    - nProbe: used for flow sent to Kentik Detect from nProbe host agent software.
  • IP: The IP address(es) from which the device sends data to Kentik Detect.
  • BGP Status: Indicates the BGP Peering status for IP v4 (top) and v6 (bottom):
    - Enabled and established: BGP is turned on for this device and a session is currently established directly.
    - Enabled through another device: BGP is turned on for this device and a session is currently established indirectly (via another device).
    - Enabled but not established: BGP is turned on for this device, but a session is not currently established, either directly or indirectly.
    - Not enabled: BGP is turned off for this device.
    Note: To change BGP settings, see Editing a Device.
  • View in chart: Opens the Current and Historical Traffic Dialog.
  • View Interfaces: Links to the Interfaces Page that shows the device's interfaces.
  • View Interface Classification: Links to the Interface Classification page and opens the Device Interfaces Dialog for the device.

Device Stats View

The following Device List columns appear only in Device Stats view:

  • Pre-Cap FPS 2h: The 99th percentile rate, expressed in flows per second, at which the device has been sending data to Kentik Detect over the last two hours. This rate does not include the effect of any limits imposed on the device by the flow cap in the service agreement.
  • Max FPS 5m: The maximum rate, expressed in flows per second, at which the device has sent data to Kentik Detect during the last 5 minutes. This rate reflects the effect of any limits imposed on the device by the flow cap in the service agreement.
  • BGP Prefixes 5m: For devices whose BGP Status column shows enabled and established (see Device List Common Columns) this column shows the IP v4 (top) and v6 (bottom) prefixes currently (within last 5 minutes) in the BGP routing table.
  • Sample Rate 24h: If the device's flow protocol includes a sample rate field (sFlow or NetFlow v5), the 95th percentile sample rate reported in the last 24 hours, else the device’s sample rate setting in the portal.
    Note: If the flow from a given device is dynamically downsampled by Kentik to keep FPS within limits specified in the device's plan, then this number will be the downsampled rate.

Note: For columns that are common to all Device List views, see Device List Common Columns.

Device Details View

The following Device List columns appear only in Device Details view:

  • Interface Classification: Shows the number and percent of interfaces classified (see Interface Classification).
  • Device options: Indicates whether the following settings are enabled (green checkmark) or disabled (gray disc):
    - CDN attribution: Enabled if the device is a host and its Contribute to CDN Attribution switch is on (see Device General Settings).
    - Flowspec: Enabled if the device's BGP Flowspec Compatible switch is on (see Device BGP Settings).
    - RTBH: Enabled if the device is assigned to an RTBH mitigation platform (see RTBH Platform Settings).
  • Plan & Site: Shows the following:
    - Plan (top line): The ID of the plan to which the device belongs (see About Plans).
    - Site (bottom line): The name of the site to which the device is assigned (see About Sites).

Note: For columns that are common to all Device List views, see Device List Common Columns.

Current and Historical Traffic Dialog

The Current and Historical Traffic dialog, opened via the View in Chart button, displays a chart of the total volume of flows (source and destination) for a given device, both historically and over the last 24 hours.

The dialog includes the following UI elements:

  • Close buttons: To close the dialog, click the X in the upper right corner or the Close button at lower right.
  • View Type: A drop-down menu used to set the type of visualization used for the graph (defaults to Line Chart); for descriptions of the options see Chart View Types.
  • Chart: The visualization of traffic (using the current view type).
  • View in Explorer button: Opens Data Explorer for further exploration of the device's traffic. The sidebar will be set so that query results will show the same traffic that is shown in the dialog.
 

Device Admin Dialogs

Adding or editing a device via the Kentik portal involves specifying information in the fields of the device admin dialogs, which are covered in the following topics.

Note: Devices can also be added and edited with the Device API.

 
top  |  section

About Device Dialogs

The Kentik portal uses device admin dialogs to collect the information required for Kentik to connect with the device to receive flow, poll SNMP, and establish BGP peering (when applicable). The required information is entered into the fields of either of the following dialogs:

  • Add Device when registering a new device with Kentik.
  • Edit Device when editing an already registered device.
 
top  |  section

Device Dialogs UI

The Add Device and Edit Device dialogs share the same layout and the following common UI elements:

  • Close button: Click the X in the upper right corner to close the dialog. All elements will be restored to their values at the time the dialog was opened.
  • Tab selectors: Choose the tab to display (see tab-specific topics below).
  • Remove button (Edit Device dialog only): Remove the device from your organization's collection of Kentik-registered devices.
  • Cancel button: Cancel the add device or edit device operation and exit the dialog. All elements will be restored to their values at the time the dialog was opened.
  • Add Device button (Add Device dialog only): Save settings for the new device and exit the dialog.
  • Save button (Edit Device dialog only): Save changes to device settings and exit the dialog.
 
top  |  section

About Device Fields

Each device admin dialog is broken into the tabs covered in the topics below, each of which is made up of a number of fields. The tabs that are visible at any given moment, and the fields on those tabs, varies depending on the type (router or host) of the device, and whether the device is being added or edited.

Until all required settings on a given tab are entered the tab name is preceded with a caution icon. Once a tab's fields are complete the icon changes to a check mark.

Notes:
- Some fields that are editable when adding a device are read-only when editing a device.
- In addition to the fields used to enter information, the tabs of the device dialogs also include information used to configure a device to connect with Kentik (for routers, see Router Configuration Overview).

 
top  |  section

Device General Settings

The following table shows the elements of the General Settings tab of the device admin dialogs:

Element Add
Device
Edit
Device
(Router)
Edit
Device
(Host)
Description
Name Editable field Fixed field Fixed field User-supplied name string.
Description Editable field Editable field Editable field User-supplied description string.
Type Drop-down menu Fixed field Fixed field Specify the category of the device (see Supported Device Types).
Note: Older device types for hosts — e.g. DNS (host-nProbe-dns-www), nHst (host-nProbe-basic), and kproxy — are deprecated.
Labels Selector Selector Selector Opens a drop-down selector from which you can assign Device Labels.
Manage (labels) Link Link Link Takes you to the Device Labels page (Admin » Device Labels).
Contribute to CDN Attribution Switch
(if Type is host)
N.A. Switch Enables the contribution of DNS data from this device to our CDN Attribution learning algorithms (see About CDN Attribution).
Note: Only present if the device is a kprobe host.
Sending IP(s) Editable field Editable field Editable field IP address(es) from which the router sends flow to Kentik.
Note: The IP must be unique except as described in IP Overloading.
Add Sending IP Button Button Button Adds a new Sending IPs field so you can add an IP.
Sample Rate Editable field Editable field Editable field Total packets transiting the device for each packet processed for flow data (see Flow Sampling).
Notes:
- Kentik may dynamically downsample from this nominal sample rate as needed to keep FPS within limits specified in the plan (see About Plans) to which the device is assigned.
- For hosts, see Sample Rate for Hosts.

IP Overloading

The address specified with Sending IPs must be unique (not used by any other device in your organization) for any device sending flow data directly to Kentik Detect. If, however, a device sends flow data via kproxy (see Kentik Proxy Agent) then an IP specified in the Sending IPs field may be the same as that of an already registered device so long as the following is true:

  • The two devices do not use the same instance of kproxy.
  • Both instances of kproxy specify a valid site ID using the -site_id parameter in the kproxy command line (see kproxy Proxy Agent Arguments).
  • The value of -site_id for the two instances of kproxy is not the same.

Supported Device Types

Kentik Detect currently supports devices in two broad categories:

  • Routers, which include switches and firewalls.
  • Hosts, which include cloud resources.

Devices in the two categories store and report traffic differently (see Device Type), and also have some differences in portal configuration settings, most notably a BGP tab for routers that is not present for hosts. The table below shows the types of devices currently available in the portal, including the category of each.

Portal name Category Subtype Description
Kentik Host Agent (kprobe) Host kprobe Kentik's software host agent (see About kprobe).
NetFlow-enabled Router Router router Hardware router or switch.
A10 CGN Router a10_cgn A10 Thunder Carrier Grade Networking devices (see A10 Thunder CGN Dimensions).
Advanced sFlow Router advanced_sflow Any sFlow device from which you want Kentik to ingest a value for the TTL dimension and/or for the Physical Interface dimensions (Src and Dst), which requires use of Kentik's VLAN Mapping API (ask Customer Support for assistance).
Cisco ASA Router cisco_asa Cisco Adaptive Security Appliance (see Cisco ASA Dimensions).
Cisco ASA (Syslog) Router cisco_asa_syslog Syslog data from a Cisco Adaptive Security Appliance (see Cisco ASA Syslog Dimensions).
Cisco NBAR-Enabled Router Router cisco_nbar Cisco router that supports traffic prioritization using Network Based Application Recognition (https://www.cisco.com/c/en/us/products/ios-nx-os-software/network-based-application-recognition-nbar/index.html).
Cisco Zone-Based Firewall Router cisco_zone_based_firewall Cisco router using a zone-based firewall (see Cisco Zone-based Firewall).
Darknet Stream N.A.
N.A.
Reserved for Kentik use.
Cisco IOS XR Router ios_xr Data from routers using the IOS XR operating system (see Cisco IOS XR Dimensions).
Process-Aware Telemetry Agent N.A.
N.A.
Reserved for Kentik use.
kProbe True Origin Tap N.A.
N.A.
Reserved for Kentik use.
Cisco Meraki Router meraki A Meraki-managed firewall (see Cisco Meraki Metrics).
MPLS Router Router mpls An MPLS-enabled router (see Using MPLS).
ntop Host Agent (nProbe) Host nprobe Deprecated.
Palo Alto Networks Firewall Router paloalto A PAN firewall (see Palo Alto Networks Firewall).
Silver Peak EdgeConnect Router silverpeak Silver Peak appliance running VXOA software (see Silver Peak Dimensions).
Generic Syslog Router syslog A generic device sending syslogs to kproxy (see kproxy Syslog Parsing).
Juniper PFE (Syslog) Router pfe_syslog Syslog data from a Juniper switch equipped with a Packet Forwarding Engine (see Juniper PFE Syslog Dimensions).
Cisco SD-WAN vEdge Router viptela IPFIX fields in cflowd records from Cisco vEdge SD-WAN routers (see Cisco SD-WAN vEdge Dimensions).

Note: In the Device API the above device types are referenced using the subtype values listed above.

Sample Rate for Hosts

Kentik Detect uses the kprobe software host agent to generate network traffic data from hosts (see About kprobe). The sample rate for flow data generated by kprobe involves two settings:

  • The --sample parameter of the kprobe Command Line. This CLI parameter is optional.
  • The Sample Rate field of the Device General Settings tab of the Add Device or Edit Device dialog. This setting is required when a host device is registered in the portal.

The sample rate that is actually used is determined by the following:

  • If the --sample parameter is included in the command line, the CLI-provided value takes precedence over the Sample Rate field value.
  • If the --sample parameter is not included in the command line, the Sample Rate field value is used.

Note: If the value is not set in the command line and the Sample Rate field value is reset in the portal then the corresponding kprobe instance will exit. If kprobe is not run under a supervisor then it must be restarted manually.

 
top  |  section

Device Plan & Site Settings

The following table shows the elements of the Plan & Site tab of the device admin dialogs:

Element Add
Device
Edit
Device
(Router)
Edit
Device
(Host)
Description
Billing Plan Drop-down menu Drop-down menu Drop-down menu The billing plan to which the device belongs (see About Plans).
Note: If this field is set to a plan that doesn't support BGP then no settings can be made on the BGP Settings tab.
Site Drop-down menu Drop-down menu Drop-down menu The site to which the device is assigned (see About Sites). If the device is not yet assigned to any site, the drop-down defaults to "None selected."

 
top  |  section

Device IP & SNMP Settings

The table below shows the elements of the IP & SNMP tab of the device admin dialogs.

Note: This tab is shown only when the device type is router.

Element Add
Device
Edit
Device
Description
SNMP polling Drop-down menu Drop-down menu The polling frequency for SNMP:
- If Standard, interface counter will be polled every 5 minutes and interface description every 30 minutes.
- If Minimum, interface counter won't be polled and interface description will be polled every 6 hours.
Device SNMP IP Editable field Editable field The SNMP IP address that will be polled by Kentik Detect.
SNMP Community Editable field Editable field The SNMP community to use when polling the router.

Note: Not shown when SNMP v3 is enabled.
SNMP v3 Auth Toggle switch Toggle switch If enabled, SNMP polling will be via SNMP V3 (see About SNMP V3). Available for routers only; overrides SNMP Community setting.
SNMP v3 User Name Editable field Editable field The user name for SNMP v3 authentication.

Note: Shown and required only when SNMP V3 is enabled.
SNMP v3 Auth Type Editable field Editable field The SNMP v3 authentication protocol:
- None
- MD5 passphrase
- SHA passphrase

Note: Shown only when SNMP V3 is enabled.
SNMP v3 Auth Passphrase Editable field Editable field Password for SNMP V3 authentication.

Note: Shown only when SNMP V3 is enabled and Auth Type is not "none."
SNMP v3 Privacy Type Editable field Editable field The SNMP V3 privacy type:
- None
- DES (56-bit encryption)
- AES-128

Notes:
- Shown only when SNMP V3 is enabled.
SNMP v3 Privacy Passphrase Editable field Editable field Password for SNMP V3 privacy.

Note: Shown only when SNMP V3 is enabled and Priv Type is not "none."

 
top  |  section

Device BGP Settings

The following table shows the elements of the BGP Settings tab of the device admin dialogs:

Element Add
Device
Edit
Device
(Router)
Edit
Device
(Host)
Description
BGP Type Drop-down menu Drop-down menu Drop-down menu Choose one of the following:
No peer, use generic IP/ASN mapping: Generic IP/ASN mapping will be used.
Peer with device: Kentik will BGP peer with this device.
Use table from another peered device: the BGP table will be obtained from another device that is already set to peer with Kentik.
BGP Flowspec Compatible Switch Switch Switch Turn on if the router supports MP-BGP and is therefore compatible with BGP Flowspec.
Your IPv4 Peering Address Editable field Editable field Editable field The IPv4 address of the peering device.
- Displayed only when BGP is set to "Peer with device."
- RFC1918 addresses are not valid.
- Cannot be an IP that is already being used to peer with a different Kentik Detect device.
Your IPv6 Peering Address Editable field Editable field Editable field The Ipv6 address of the peering device.
- Displayed only when BGP is set to "Peer with device."
- RFC1918 addresses are not valid.
- Cannot be an IP that is already being used to peer with a different Kentik Detect device.
Your ASN Editable field Editable field Editable field The number (16- or 32-bit) of the autonomous system (AS) to which the peering device belongs.
- Displayed only when BGP is set to "Peer with device."
BGP MD5 Password Editable field Editable field Editable field Optional shared authentication password for BGP peering; 32 alphanumeric characters.
- Displayed only when BGP is set to "Peer with device."
Master BGP Device Drop-down menu Drop-down menu Drop-down menu The device whose BGP table will be shared with this device.
- Displayed only when BGP is set to "Use table from another peered device."

Note: Settings can't be made on the BGP Settings tab unless the Billing Plan field (see Device Plan & Site Settings) is set to a plan that supports BGP (see About Plans).

 
top  |  section

Device Config Info

In addition to internal Kentik Detect settings for registered devices, the tabs of the Add Device and Edit Device dialogs include the following information needed when configuring routers:

  • Kentik ingest IP (General Settings tab): The IP address at Kentik to which your router should be configured to send data.
  • Kentik ingest UDP port (General Settings tab): The port at Kentik to which your router should be configured to send data.
  • SNMP polling IPs (IP & SNMP tab): The IPs from which your router should be configured to allow SNMP polling using the Community supplied in the router configuration.
  • Peering Address (BGP Settings tab): The IPv4 and IPv6 addresses with which to peer devices for BGP (the devices must be in a plan that support BGP; see About Plans).
 

Add or Edit Device

Devices are created and edited via the Devices page of the Kentik Detect portal (choose Admin from the Kentik navbar, then Devices from the sidebar at left). The add/edit process is covered in the following sections:

 
top  |  section

Adding a Device

To add (register) a new Device:

  1. Choose Admin from the Kentik navbar, then Devices from the sidebar at left.
  2. Open the Add Device dialog by clicking the Add Device button at upper right.
  3. On the General Settings tab, enter a name in the Name field.
  4. Choose the Type (see Supported Device Types), which determines the settings fields that are displayed.
  5. Specify the values of the remaining fields (see Device Admin Dialogs).
  6. Save the new device by clicking the Add Device button.

Notes:
- In addition to registering a device you must also configure the device itself to send flow records to Kentik Detect; see Router Configuration or Host Configuration.
- For assistance walking through this process please email support@Kentik.com.

 
top  |  section

Editing a Device

To edit an existing Device:

  1. Choose Admin from the Kentik navbar, then Devices from the sidebar at left.
  2. In the Device List, click in the row for the device that you'd like to edit, which will open the Edit Device dialog.
  3. Edit the fields that you want to change (see Device Admin Dialogs).
  4. Save the changes by clicking the Save button.

Note: To delete a device, click Remove at lower left.

 
top  |  section

Enabling BGP

To enable collection of BGP data from a device:

  1. Choose Admin from the Kentik navbar, then Devices from the sidebar at left.
  2. In the Device List, click the name of the device from which you wish Kentik to get BGP data, which opens the Edit Device dialog for that device.
  3. On the BGP Settings tab, choose “Peer With Device” from the drop-down BGP Type menu. Several new fields will appear on the page:
    - Your IPv4 Peering Address;
    - Your Ipv6 Peering Address;
    - Your ASN;
    - BGP MD5 Password.
  4. Fill in these fields (for descriptions, see Device Admin Dialogs), then click Save.
© 2014- Kentik
In this article:
×