Route Traffic Analytics
The Route Traffic Analytics (RTA) section of the Kentik Detect portal is covered in the following topics:
- About Route Traffic Analytics
- Route Traffic Analytics Page
- Route Analytics Controls
- Route Analytics Display
Note: The following blog post can help you learn more about the business context for the inclusion of Route Traffic Analytics in Kentik Detect: From Network Flow Monitoring to Capex Savings.
About Route Traffic Analytics
General information about route traffic analytics in Kentik Detect is covered in the following topics:
Route Traffic Analytics Overview
Route Traffic Analytics evaluates flow and BGP data to derive route traffic distribution (the distribution of traffic across routes), which enables you to see how many unique network prefixes (routes) are represented in a given percent of your traffic. The primary use case for traffic distribution is to determine the capacity required for the Forwarding Information Base (a.k.a. CEF table or IP forwarding table) of an edge router, which is defined in terms of the supported number of FIB entries (each made up of a network prefix, a router port identifier, and next hop information). The FIB in high-end routers can accommodate upwards of a million entries while lower-cost routers typically support on the order of 30K FIB entries. Matching edge routers to the specific forwarding requirements of your network’s traffic may result in significant capital expenditure savings.
Route Traffic Analytics Views
Kentik Detect provides information related to traffic distribution in three main views (set via the Action menu in the Route Analytics Options Pane):
- Summary analysis: A graph and table that show the number and percentage of routes that make up a given percentage of the total traffic (in Mbps) on a selected set of interfaces. This helps you to understand the capacity needed in edge router FIBs to handle a given percentage of your traffic. See Summary Display.
- Top routes: A table providing details (e.g. average and max bitrate, destination AS, destination country) about the top 1000 routes, by traffic volume, on a selected set of interfaces. See Top 1000 Routes Display.
- Volume overview: A table showing a quick calculation of the average and max traffic volume (in Mbps) per route on a selected set of interfaces. See Quick Traffic Calc Display.
Route Traffic Considerations
The following important considerations apply when working with route traffic analytics:
- Your deployment must include BGP peering with Kentik.
- You must send flow and BGP data to Kentik Detect for a minimum of two hours before RTA will yield meaningful results.
- Before using route traffic analytics you should classify your interfaces using Interface Classification. For best results, 90% or more of your interfaces should be classified.
- Route traffic analytics are typically run on a per-site basis.
- For meaningful results, apply the filters described in Route Analytics Filtering.
Route Traffic Analytics Page
The Route Traffic Analytics page is reached from the main navbar (Analytics » Route Traffic). It is made up of two main areas:
- Sidebar: An area at left that contains a set of individual information and control panes (see Route Analytics Controls).
- Display area: An area for display of route traffic data in charts and tables (see Route Analytics Display).
Settings are made in the sidebar and then applied to update the results in the display area.
Route Analytics Controls
The sidebar on the Route Traffic Analytics page contains information and control panes that are covered in the following topics:
Route Analytics Controls Overview
The Route Traffic Analytics sidebar contains the following UI elements:
- Run Query button: Applies changed sidebar settings to the graphs and tables in the display area to the right (see Run Query Button). When there are no changes to apply, the button is grayed-out.
- Sidebar panes: A set of panes that are used to set values for the queries whose results (graphs and tables) are shown in the display area. The panes can be in either Edit mode or Summary mode (see Pane Display Modes).
Route Analytics Sidebar Panes
The sidebar on the Route Traffic Analytics page contains the following panes to control the query whose results are displayed in the display area:
- Analysis Options pane: Configures the type of analysis you’d like to see in the data display area; see Route Analytics Options Pane.
- Filtering pane: Specifies filters that may be applied to the query:
- For filtering considerations that are specific to route traffic analytics, see Route Analytics Filtering.
- For general information about using the pane to set filters, see Filtering Pane Settings. - Devices pane: Specifies the Kentik-registered devices covered by the query:
- For device considerations that are specific to route traffic analytics, see Route Analytics Devices.
- For general information about using the pane to set devices, see Devices Pane Settings.
Note: For additional general information about panes see About Sidebar Panes.
Route Analytics Options Pane
The Route Traffic Analytics Options pane contains the following controls, which are used to set the parameters of a route traffic analysis:
- Action: A drop-down menu used to choose the type of analysis. The remaining options in the pane vary depending on this setting.
- Quick Traffic Calc Mb/s: Show (in Mbps) a quick calculation of per route traffic, both average and maximum. Data returns as a table only. See Quick Traffic Calc Display.
- Summary: Primarily shows the correlation — as determined from BGP — between the volume of traffic (in Mbps) and the number of unique routes, illustrating the percent of total routes represented in a given percent of total traffic. Data returns as both a graph and a table. See Summary Display.
- Top 1000 Routes: Lists the top 1000 routes by traffic volume (Mbps), with details on max and average as well as destination AS and country. Data returns as a table only. See Top 1000 Routes Display.
- Export Top Routes as CSV: Compiles the Top 1000 Routes data into a downloadable CSV file. After you choose this option and click Apply Changes, click the Download CSV File link to download. - Order Mode: A drop-down menu used to choose the method used to determine the top routes (not available for Quick Traffic Calc Mb/s):
-Max per Slice: Calculate the top routes based on most traffic per time-slice (see Table Time-slicing). The width of a time-slice will be 1 hour for Full dataseries and 10 minutes for Fast dataseries.
-Avg 24h: Calculate top routes based on averaging the traffic volumes of the time slices that make up the 24-hour period specified with the 1-Day Window setting (see below). - Calculation Mode: Choose the data-series used to calculate the analysis (see About Dataseries Resolution):
- Fast: Results are calculated using the Fast dataseries, which is aggregated and is lower-resolution than the Full dataseries.
- Full Resolution: Results are calculated using the Full dataseries, which is more computation-intensive and thus not as fast as the Fast option. - Limit each slice to × routes: Set the maximum number of routes that are to be considered within each time-slice. This allows you to focus on routes with significant traffic. Available for all Action options except Quick Traffic Calc Mb/s.
- Limit overall routes to × routes: Set an overall cap to limit the processing power required by the RTA engine. The default value, 700,000, corresponds to slightly more than a full Internet routing table (as of April 2017). Available only for the following Action options:
- Summary: Determines the highest value on the X axis in the resulting graph.
- Export Top Routes as CSV: Determines the number of routes to be exported to the CSV file. - 1-Day Window: Results are always calculated based on traffic over a one-day window. These controls set the ending date/time (in UTC) of this 24-hour period. See Setting Date and Time.
Setting Date and Time
The 1-Day Window field gives you various ways to set the ending date/time (in UTC) of the 24-hour period that will be evaluated for route analytics:
- Click directly on the month, date, year, or time in the field, then enter a value.
- Click in the field and choose a date in the resulting calendar.
- Click in the field, then click on the time field in the resulting calendar and enter a new time.
Route Analytics Filtering
The Route Traffic Analytics Filtering pane allows you to filter out traffic that you don’t want the route traffic analytics engine to consider. The operation of the filtering pane, including both saved filters and locally specified filter groups, is the same as elsewhere in the Kentik Detect portal; see Filtering Pane Settings.
For route traffic analytics you should generally include only the traffic on exit interfaces that connect to a network (AS) other than your own. The following types of traffic should be filtered out:
- Traffic destined for your own AS.
- Traffic destined for RFC 1918 or test subnets.
- Any traffic from a private AS.
- If you are a content provider, traffic sourced from outside of your AS.
The recommended way to achieve this is to classify your interfaces, using Interface Classification, before using route traffic analytics. Once your interfaces are classified, you can filter for traffic on interfaces whose Network Boundary value is External. Because you will likely wish to run the analysis on an individual site, you should also apply a filter limiting traffic to that site.
Route Analytics Devices
The route traffic analytics Devices pane is used to set the devices (routers, hosts, etc.) whose traffic will be included in the analysis. The currently selected devices are listed in the Selected Devices box, and the number of devices currently selected is indicated in the selected device counter in the title bar of the Devices pane. For further information on the operation of this pane see Devices Pane Settings.
For route traffic analytics you’ll typically use the device selector to narrow the devices in the analysis, looking at either a single device or all devices within a single point of presence (site).
Route Analytics Display
The Route Traffic Analytics display area shows information about route traffic as filtered with the fields and controls in the sidebar. The data displayed depends on the Action setting in the Route Analytics Options Pane. The available display types are described in the following topics:
Quick Traffic Calc Display
The results of a Quick Traffic Calc Mb/s analysis are displayed as a table showing the average and maximum traffic volume (in Mbps) for routes using the set of interfaces defined with the Filtering and Devices panes of the sidebar. The information displayed is:
- Avg (Mbps): The average volume of traffic (in Mb/s) per route.
- Max (Mbps): The maximum volume of traffic (in Mb/s) per route.
Summary Display
The results of a Summary analysis are displayed as both a line graph and a table.
Summary Graph
For the line graph, the X axis is the number of routes and the Y axis is the volume of traffic (in Mbps). The overall distribution of traffic over the number of routes is plotted with a light blue line. In addition, the p80th, p90th, and p95th traffic volumes are shown as dashed lines (orange, green, and black, respectively) positioned relative to the Y axis, while the number of routes at each of those traffic percentiles are shown as, respectively, yellow, red, and violet vertical lines positioned relative to the X axis.
You can change the display of the graph with the following actions:
- Zoom in on a given area by clicking in the graph and dragging horizontally. Reset the zoom by clicking the Reset zoom button.
Note: Zooming in on the area at the left of the graph can be helpful when the vertical lines representing the p80th, p90th, and p95th routes are too close to easily distinguish. - Turn off any individual plot by clicking on the corresponding key below the graph. Click again to toggle the plot back on.
The position of the vertical route lines on the Summary graph indicates the extent to which traffic distribution is concentrated, which in turn indicates the feasibility of using a router with a smaller FIB:
- If the vertical route lines (yellow, red, and violet) are clustered to the left end of the X axis then most of the traffic volume is concentrated into a relatively small percent of the routes.
- If the vertical lines are spread out away from the left end of the X axis then the traffic is more evenly distributed across routes.
Summary Table
The Summary table lists routes in descending order (determined based on the Order Mode setting in the Route Analytics Options Pane) of their amount of traffic. The table includes the following columns:
- Row # (route #): The rank (ordinal position) of this route, which indicates the number of routes represented in the values of the cumulative columns of this row. For example, if this value is 16, then those columns show combined values for the top 16 routes.
- % of Total Traffic: The percent of total traffic that is accounted for by the cumulative traffic of the top x routes, where x is the number in column 1.
- % of routes: The number of routes indicated in column 1 as a percent of total routes.
- Total Mb/s: The cumulative traffic (in Mbps) over the top x routes, where x is the number in column 1.
- Average Mb/s: The average amount of traffic (in Mbps) on the individual route whose rank in the top x is shown in column 1. The calculation method depends on the Order Mode setting.
- Max Mb/s: The maximum amount of traffic (in Mbps) on the individual route whose rank in the top x is shown in column 1. The calculation method depends on the Order Mode setting.
Top 1000 Routes Display
The results from a Top 1000 Routes analysis are displayed as a 1000-row table that shows individual routes in descending order based on average Mbps (calculated based on the Order Mode setting in the Route Analytics Options Pane). This table is also in the data exported to a CSV file by Export Top Routes to CSV (see the Action setting in the Route Analytics Options Pane). The table includes the following columns:
- Row # (route #): The rank of this route based on amount of traffic (average Mbps).
- prefix (len): The IP address (in CIDR notation) of the prefix associated with the route.
- Avg Mb/s: The average traffic volume (in Mbps) for the route during the time window (see Order Mode setting).
- Max-slice Mb/s: The highest volume of traffic (in Mbps) on the route in any time-slice during the time window (see Order Mode setting).
- Cumulative total of Avg: Shows the sum, up to and including the current row, of the Avg Mb/s column.
- % of total traffic: Shows the percentage of total traffic represented by the table’s routes up to and including the current row.
- % of routes: Shows the percentage of total routes represented by the table’s routes up to and including the current row.
- Dst ASN: Shows the AS name and number for the route (where the traffic is going).
- Dst Geo: Shows the country code for the route’s destination.