Device Settings
| Note: A Kentik role of Member does not enable users to add, edit, or remove devices. |
The settings for Kentik-registered devices, which are found in the Device dialog, are covered in the following topics:
- About Device Dialogs
- Device Dialogs UI
- Device General Settings
- Device Flow Settings
- Device SNMP Settings
- Device ST Settings
- Device BGP Settings
- Device Integrations
- Device Config Info
Notes:
- For overall coverage of the Devices page, including the Device list, see Network Devices.
- Devices may be set up during your organization's initial onboarding with Kentik; see Onboarding.
- If you would like assistance with any aspect of adding or managing a device, please contact us at Customer Support.
- Devices can also be added and edited with the Device API.
About Device Dialogs
To perform operations such as receiving flow, polling SNMP, and establishing BGP peering, Kentik needs information that enables us to connect with your devices. We gather most of that information in the Device dialog of the Settings » Devices page (see Devices Page), which is used in the following contexts:
- Add Device: A dialog opens from the Add Device button at the top right of the Devices page, and enables you to register a new device with Kentik.
- Edit Device: A dialog opens from the Edit icon in the device's row of the Device list, and enables you to edit an already registered device.
Note: When editing, the dialog's settings vary between routers and hosts.
The settings in the dialog are organized into one or more groups on each of the dialog's tabs. The specific contents of the tabs varies depending on the type of device (router or host) and whether the device is being added or edited.
Notes:
- Each tab is marked with a caution icon until all of its required settings are complete.
- In addition to the fields used to enter information, the tabs of the Device dialogs also include information used to configure a device to connect with Kentik (see Device Config Info).
Device Dialogs UI
The Device dialog includes the following common UI elements (whether adding or editing a device):
- Cancel: A button at lower right and an X at top right that both exit the dialog without saving any changes made since the dialog was opened.
- Tabs: Choose which tab of the dialog to view. Tabs can include General, Flow, SNMP, Streaming Telemetry, BGP, and Integrations (see tab-specific topics below).
- Add Device (adding only): A button that allows you to save settings for the new device and exit the dialog.
- Save (editing only): A button that allows you to save changes to device settings and exit the dialog.
Device General Settings
The General tab includes settings that are not specific to any one data type that Kentik will collect from the device. This tab is covered in the following topics:
General Tab Settings
The table below shows the elements in the main panes of the General tab of the Device settings dialog when adding or editing a device.
| Element | Add Device |
Edit Device (Router) |
Edit Device (Host) |
Description |
| Name | Editable field | Editable field | Editable field | User-supplied name string. |
| Description | Editable field | Editable field | Editable field | User-supplied description string. |
| Site | Filterable drop-down menu | Filterable drop-down menu | Filterable drop-down menu | The site to which the device is assigned (see Manage Sites). |
| Role | Drop-down menu | Drop-down menu | Drop-down menu | Appears if the selected site’s architecture is defined in its settings (see Manage Sites); allows you to choose the role of this device. |
| Type | Drop-down menu | Drop-down menu | Drop-down menu | Specify the category of the device (see Supported Device Types). Note: Older device types for hosts — e.g. DNS (host-nProbe-dns-www), nHst (host-nProbe-basic), and kproxy — are deprecated. |
| Create a new Site | Button | Button | Button | Opens the settings covered in Create Site Settings, which allow you to create a new site. |
| Label(s) | Filterable drop-down menu | Filterable drop-down menu | Filterable drop-down menu | Shows the labels applied to the device; when clicked, opens a drop-down list from which you can select Device Labels. |
| Add Label | Link | Link | Link | Opens the New Label Dialog. The new label is not automatically added to the device. |
| Contribute to CDN Attribution | Switch | N.A. | Switch | Enables the contribution of DNS data from this device to our CDN Attribution learning algorithms (see About CDN Attribution). Note: Only present if the device is a kprobe host. |
| Billing Plan | Drop-down menu | Drop-down menu | Drop-down menu | The billing plan to which the device belongs (see Licenses). Note: If this field is set to a plan that doesn't support BGP, then no settings can be made on the BGP tab. |
Create Site Settings
The settings in the table below are shown only when you click the Create a new Site button.
| Element | Add Device |
Edit Device (Router) |
Edit Device (Host) |
Description |
| Site Name | Editable field | Editable field | Editable field | A user-supplied name string for a new site. |
| Street Address | Filterable drop-down menu | Filterable drop-down menu | Filterable drop-down menu | The physical location of the site given as a street address. As you begin typing, a drop-down list will be populated with possible matches for you to choose. Only an address chosen from the drop-down list will be geocoded to derive additional dimensions. Note: The X at right clears the field. |
| Use an existing Site | Button | Button | Button | Exits the creation of a new site, hiding the Site Name and Street Address fields and showing the Site field. |
Supported Device Types
Kentik currently supports devices in two broad categories:
- Routers, which include switches and firewalls.
- Hosts, which include cloud resources.
Devices in the two categories store and report traffic differently (see Device Type), and also have some differences in portal configuration settings. The table below shows the types of devices currently available in the portal (in the order in which they appear in the Type drop-down), including the category of each.
| Device Type | Category | Subtype | Description |
| NetFlow-Enabled Router | Router | router | Hardware router or switch. |
| Kentik Host Agent (kprobe) | Host | kprobe | Kentik's software host agent (see About kprobe). |
| A10 CGN | Router | a10_cgn | A10 Thunder Carrier Grade Networking devices (see A10 Thunder CGN Dimensions). |
| Advanced sFlow | Router | advanced_sflow | Any sFlow device from which you want Kentik to ingest a value for the TTL dimension and/or for the Physical Interface dimensions (Src and Dst), which requires use of Kentik's VLAN Mapping API (ask Customer Support for assistance). |
| Cisco ASA | Router | cisco_asa | Cisco Adaptive Security Appliance (see Cisco ASA Dimensions). |
| Cisco ASA (Syslog) | Router | cisco_asa_syslog | Syslog data from a Cisco Adaptive Security Appliance (see Cisco ASA Syslog Dimensions). |
| Cisco NBAR-Enabled Router | Router | cisco_nbar | Cisco router that supports traffic prioritization using Network Based Application Recognition (https://www.cisco.com/c/en/us/products/ios-nx-os-software/network-based-application-recognition-nbar/index.html). |
| Cisco nvzFlow | Router | cisco_nvzflow | Cisco Network Visibility Flow for AnyConnect VPN client (see Cisco nvzFlow Dimensions). |
| Cisco SD-WAN IOS XE | Router | cisco_sdwan_xe | Cisco SD-WAN IOS XE Edge devices (see Cisco SD-WAN vEdge Dimensions) |
| Cisco Zone-Based Firewall | Router | cisco_zone_based_firewall | Cisco router using a zone-based firewall (see Cisco Zone-based Firewall). |
| Darknet Stream | N.A. |
N.A. |
Reserved for Kentik use. |
| Fortinet FortiGate | Router | fortinet_fortigate | Fortinet FortiGate firewalls and SD-WAN devices (see FortiGate Dimensions). |
| Cisco IOS XR | Router | ios_xr | Data from routers using the IOS XR operating system (see Cisco IOS XR Dimensions). |
| Istio (Beta) | Router | istio | Istio cloud logs |
| Juniper DDoS Flow | Router | juniper_ddos | Juniper Flow-based Telemetry |
| Process-Aware Telemetry Agent | Host |
kappa |
Host agent used for Kentik Kube. It generates flows from network traffic based on eBPF. |
| kProbe True Origin Tap | N.A. |
krobe_tap |
Reserved for Kentik internal use. |
| Cisco Meraki | Router | meraki | A Meraki-managed firewall (see Cisco Meraki Metrics). |
| MPLS Router | Router | mpls | An MPLS-enabled router (see Using MPLS). |
| Nokia Layer 2 | Router | nokialayer2 | Nokia service routers for IP edge and core applications using L2 flow template. |
| ntop Host Agent (nProbe) | Host | nprobe | Deprecated. |
| Oracle Cloud Infrastructure | Host | oci_subnet | Oracle Cloud Infrastructure |
| Palo Alto Networks Firewall | Router | paloalto | A PAN firewall (see Palo Alto Networks Firewall). |
| Palo Alto Prisma SD-WAN | Router | paloalto_prismasdwan | Palo Alto Prisma SD-WAN (sdwan) |
| Juniper PFE (Syslog) | Router | pfe_syslog | Syslog data from a Juniper switch equipped with a Packet Forwarding Engine (see Juniper PFE Syslog Dimensions). |
| sFlow Tunnel decode | Router | sflow_tunnel | Network device sending sFlow logs, with additional decode of the tunneling protocols. This device type is used for decoding VXLAN data into native dimensions (see sFlow Tunnel Decode Dimensions). |
| Silver Peak EdgeConnect | Router | silverpeak | Silver Peak appliance running VXOA software (see Silver Peak Dimensions). |
| Generic Syslog | Router | syslog | A generic device sending syslogs to kproxy (see kproxy Syslog Parsing). |
| Versa | Router | versa | Versa Networks SD-WAN Edge devices (sdwan) |
| Cisco SDWAN vEdge | Router | viptela | IPFIX fields in cflowd records from Cisco vEdge SD-WAN routers (see Cisco SD-WAN vEdge Dimensions). |
| VMware SD-WAN | Router | vmware_velocloud | VMware SD-WAN Edge devices (see VMware SD-WAN Dimensions). |
| VMWare vSphere | Router | vmware_vsphere | VMware vSphere flow log export |
| VXLAN | Router | vxlan | Network device sending sFlow logs, with additional decode of VXLAN protocol fields into separate dimensions (see VXLAN Dimensions). |
Note: In the Device API the above device types are referenced using the subtype values listed above.
Device Flow Settings
The Flow tab is covered in the following topics:
Flow Collection Method
The Collection Method pane tells you the Kentik IP address and port to which the device should send flow records, which varies depending on whether flow is sent to Kentik directly from the device or via an instance of the Kentik Proxy Agent (kproxy). The information needed to configure your device for these options is found in the following two tabs:
- Direct:
- Kentik Ingest IP
- Kentik Ingest UDP port - Via kproxy:
- Select a kproxy: A drop-down from which you choose the agent instance to which the device is sending flow:
- Kproxy Private IP
- Kproxy port
Note: The Need help configuring Flows? link opens the KB article Router Configuration in a new browser tab.
Flow Export Configuration
The Flow export configuration pane of the Flow tab enables you to tell us the IP(s) from which Kentik should expect flow data for this device. The tab includes the following UI elements for both routers and hosts:
- Sending IPs: A field in which to enter the IP address(es) from which the router sends flow to Kentik.
Note: The IP must be unique except as described in IP Overloading. - Add Sending IP: A button that adds a new Sending IPs field.
Note: An X will be added at the right of each Sending IPs field, enabling you to remove the IP. - Sample Rate: A field in which to enter the ratio of total flows transiting the device to flows whose flow record is sent to Kentik (see Flow Sampling). If you enter, for example, 1000, a flow record will be generated for one out of every 1000 flows.
Notes:
- Kentik may dynamically downsample from this nominal sample rate as needed to keep FPS within limits specified in the plan to which the device is assigned (see About Plans).
- For hosts, see Sample Rate for Hosts.
IP Overloading
The IP address specified with Sending IPs must be unique (not used by any other device in your organization) for any device sending flow data directly to Kentik. If, however, a device sends flow data via kproxy (see Kentik Proxy Agent) then an IP specified in the Sending IPs field may be the same as that of an already registered device if the following is true:
- The two devices do not use the same instance of kproxy.
- Both instances of kproxy specify a valid site ID using the -site_id parameter in the kproxy command line (see kproxy Proxy Agent Arguments).
- The value of -site_id for the two instances of kproxy is not the same.
Sample Rate for Hosts
Kentik uses the kprobe software host agent to generate network traffic data from hosts (see About kprobe). The sample rate for flow data generated by kprobe involves two settings:
- The --sample parameter of the kprobe Command Line. This CLI parameter is optional.
- The Sample Rate field of the Flow tab of the Device settings dialog. This setting is required when a host device is registered in the portal.
The sample rate that is actually used is determined by the following:
- If the --sample parameter is included in the command line, the CLI-provided value takes precedence over the Sample Rate field value.
- If the --sample parameter is not included in the command line, the Sample Rate field value is used.
| Note: If the value is not set in the command line and the Sample Rate field value is reset in the portal, then the corresponding kprobe instance will exit. If kprobe is not run under a supervisor, then it must be restarted manually. |
Device SNMP Settings
The SNMP tab of the Device settings dialog is covered in the following topics:
About the SNMP Tab
The SNMP tab enables the polling of SNMP data for two distinct purposes. To configure SNMP for the device, click either or both of the checkboxes in the Collection method pane of the tab, which will open the corresponding panes described in the topics below:
- For NMS via Kentik Agent: Poll SNMP data for Kentik NMS using Kentik's NMS Agent (see For NMS via Kentik Agent).
- For Flow Enrichment: Poll SNMP data to enrich flow records using the kproxy agent (see For Flow Enrichment).
For NMS via Kentik Agent
The For NMS via Kentik Agent pane of the SNMP tab includes the following fields and controls:
- Credential: A drop-down to choose the credential that is used for the collection agent (see SNMP NMS Device Credential).
- Collection Agent: A drop-down to choose the Kentik agent that is used to collect SNMP data.
- Device SNMP IP: A field to enter the SNMP IP address that Kentik should poll.
- Port: A field to enter the port number that Kentik should use for SNMP polling.
- Timeout: A field to enter the time in seconds that Kentik should wait for a response from the SNMP server.
SNMP NMS Device Credential
The Credential field on the SNMP tab allows you to create a new credential or use an existing credential from Kentik’s Credentials Vault.
- To use an existing credential, click the Credential drop-down and select a credential from the list.
- To create a new SNMP credential, see Add SNMP Device Credential.
Add SNMP Credential Dialog
The Add SNMP Credential dialog, used when creating a new credential for a device, includes the following UI elements:
- Cancel: A button at lower right and an X at top right that both exit the dialog without creating the credential.
- Type: A set of radio buttons that set the credential type to match the SNMP version used to poll the device (v1, v2c, or v3). The remaining fields of the dialog vary depending on this setting.
Note: All three SNMP types use system templates for creating a credential, which means that neither their key/value pairs nor their key names can be changed (see Keys by Credential Type). - Credential Name: A field to enter a name for the credential. The field accepts only alpha-numeric characters, dashes, and underscores.
Note: Once saved, a credential’s name cannot be changed. - Community (SNMP v1 and SNMP v2c only): A field to enter a masked value for the community key.
- User Name (SNMP v3 only): A field to enter a value for the username key.
- Authentication (SNMP v3 only):
- Authentication protocol: A drop-down menu to select the authentication protocol (None, MD5, or SHA).
- Value: A field to enter a masked value (passphrase) for the authentication key. - Privacy (SNMP v3 only):
- Privacy protocol: A drop-down menu to select the privacy protocol (None, DES, or AES).
- Value: A field to enter a masked value (passphrase) for the privacy key. - Add Credential: Saves the new credential and exits the dialog.
Notes:
- The contents of fields used for masked values can't be seen as text is entered.
- The behavior of fields used to enter key values for credentials is covered in Credential Values.
- While labels and descriptions can't be specified for a credential in the Add SNMP Credential dialog, they can be added by editing in the Credentials Vault (see Edit a Credential).
For Flow Enrichment
The For Flow Enrichment pane of the SNMP tab includes the following fields and controls:
- Kentik SNMP polling IPs: A callout giving the IP addresses of the Kentik SNMP Polling IPs.
Note: Use these IPs when configuring SNMP on the device itself, which is required to enable polling by Kentik. - SNMP polling: A drop-down to choose the polling frequency for SNMP:
- Standard: Interface counter is polled every 5 minutes; interface description is polled every 3 hours.
- Minimum: Interface counter isn’t polled; interface description is polled every 6 hours. - Device SNMP IP: A field to enter the IP address that Kentik should poll for SNMP.
- SNMP Community: A field to enter the SNMP community that Kentik should use when polling the router via SNMP v1 or v2c.
Notes:
- Not shown when SNMP v3 is enabled.
- The entered string is obscured but can be edited. - Enable SNMP v3 Authentication: A toggle switch that sets SNMP polling to v3 (see About SNMP V3), displays the SNMP v3 Settings Pane, and hides the SNMP Community field.
Note: Available for routers only; overrides SNMP Community setting (above).
SNMP v3 Settings Pane
The following elements are shown only when the Enable SNMP v3 Authentication switch is on:
- SNMP v3 User Name: A field to enter the user name for SNMP v3 authentication (required).
- SNMP v3 Auth Protocol: A drop-down to choose the SNMP v3 authentication protocol:
- None
- MD5
- SHA - SNMP v3 Auth Passphrase: A field to enter the password for SNMP v3 authentication.
Note: The entered string is obscured but can be edited. - SNMP v3 Privacy Protocol: A drop-down to choose the SNMP v3 privacy protocol:
- None
- DES (56-bit encryption)
- AES-128 - SNMP v3 Privacy Passphrase: A field to enter the password for SNMP v3 privacy.
Note: The entered string is obscured but can be edited.
Device ST Settings
The Streaming Telemetry tab of the Device settings dialog is covered in the following topics:
About the ST Tab
The Streaming Telemetry tab enables the collection of ST data for two distinct purposes. To configure ST for the device, click either or both of the checkboxes in the Collection method pane of the tab, which will open the corresponding panes described in the topics below:
- Dial-In from Kentik Agent: Collect ST data for Kentik NMS using Kentik's NMS Agent (see Dial-In from Kentik Agent).
- Dial-Out to Kproxy: Collect ST data from your device using Kentik's kproxy agent (see Dial-Out to Kproxy).
Dial-In from Kentik Agent
The Dial-In from Kentik Agent pane of the Streaming Telemetry tab enables the Kentik Agent to establish a connection to the device via the gNMI protocol. ST data collected with this method is accessible through Metrics Explorer. The pane includes the following fields and controls:
- Credential: A drop-down to choose the credential that is used for the collection agent (see ST NMS Device Credential).
- Collection Agent: A field that shows (but can't change) the Kentik agent used to collect ST data, which is the same collection agent selected in the For NMS via Kentik Agent pane of the SNMP tab (see For NMS via Kentik Agent).
- Timeout: A field to enter the time in seconds that Kentik should wait for a response from the server.
- Port: A field to enter the number of the device's listening port.
- Use secure connection (SSL): A switch that turns on SSL encryption for the data transmission.
ST NMS Device Credential
The Credential field on the Streaming Telemetry tab allows you to create a new credential or use an existing credential from Kentik’s Credentials Vault.
- To use an existing credential, click the Credential drop-down and select a credential from the list.
- To create a new ST credential, see Add ST Device Credential.
Add ST Credential Dialog
The Add Streaming Telemetry Credential dialog includes the following UI elements:
- Cancel: A button at lower right and an X at top right that both exit the dialog without creating the credential.
- Credential Name: A field to enter a name for the credential. The field accepts only alpha-numeric characters, dashes, and underscores.
Note: Once saved, a credential’s name cannot be changed. - User Name: A field to enter a value for the username key.
- Password: A field to enter a masked value for the password key.
- Add Credential: Saves the new credential and exits the dialog.
Notes:
- The contents of fields used for masked values can't be seen as text is entered.
- While labels and descriptions can't be specified for a credential in the Add Streaming Telemetry Credential dialog, they can be added by editing in the Credentials Vault (see Edit a Credential).
Dial-Out to Kproxy
With the “dial-out” collection method, devices are pre-configured to send Streaming Telemetry (ST) data to a kproxy agent. ST data collected with this method is accessible through Data Explorer. The Dial-Out to Kproxy pane of the Streaming Telemetry tab includes the following fields and controls:
- Sending IP: A field giving the IP address from which the device sends ST data.
- Kentik Ingest IP: A field giving the Kentik IP address to which to send ST data.
- Kentik ST port: A field giving the port on which Kentik will receive ST data.
Device BGP Settings
The settings on the BGP tab, which vary depending on the BGP Type setting, determine how Kentik collects the BGP data used to enrich flow records for the device. These settings are covered in the following topics:
Note: Settings can't be made on the BGP Settings tab unless the Billing Plan field (see Device General Settings) is set to a plan that supports BGP (see About Plans).
Common BGP Settings
The following controls are common to all BGP situations (regardless of the BGP Type setting):
- BGP Type: A drop-down to choose how BGP will be enabled on this device:
- No peer, use generic IP/ASN mapping: Map the device's IP address to an ASN.
- Peer with device: Kentik will BGP peer with this device (this setting is required for RTBH/Flowspec).
- Use table from another peered device: The BGP table will be obtained from another device that is already set to peer with Kentik. - BGP Flowspec Compatible: A switch that should be turned on if the router supports MP-BGP and is therefore compatible with BGP Flowspec.
- BGP Route Selection: A drop-down to set how Kentik will match, for both VRF and non-VRF interfaces, each flow’s IP address against the BGP route received via the device's BGP sessions (see BGP Route Selection).
Type-specific BGP Settings
The following controls are present only for specific BGP Type settings:
- Use AS Numbers from Flow: A switch that changes Kentik’s default behavior by retaining the source and destination ASN information from the flows exported by the network device.
- Present only when BGP Type is set to No peer, use generic IP/ASN mapping. - IPv4 Peering Address: A field to enter the IPv4 address of the peering device.
- Present only when BGP is set to Peer with device.
- RFC1918 addresses are not valid.
- Cannot be an IP that is already being used to peer with a different Kentik device. - IPv6 Peering Address: A field to enter the IPv6 address of the peering device.
- Present only when BGP is set to Peer with device.
- RFC1918 addresses are not valid.
- Cannot be an IP that is already being used to peer with a different Kentik device. - ASN: A field to enter the number (16- or 32-bit) of the autonomous system (AS) to which the peering device belongs.
- Present only when BGP Type is set to Peer with device. - BGP MD5 Password: A field to enter an optional shared authentication password (32 alphanumeric characters) for BGP peering.
- Present only when BGP Type is set to Peer with device. - Master BGP Device: A drop-down to choose the device whose BGP table will be shared with this device.
- Present only when BGP Type is set to Use table from another peered device.
Kentik Ingest Peering IPs
When BGP Type is set to "Peer with device," Kentik's Ingest Peering IPs (v4 and v6) will be shown to the right of the Peering Address fields (IPv4 and IPv6) listed above. You'll use these as the IPs that the device should be set to peer with in the BGP configuration on the device itself.
BGP Route Selection
As flow records from devices are ingested into the Kentik Data Engine (KDE) they are enriched with BGP/routing information, a process that depends on matching each flow’s IP address against the BGP route received via the device's BGP sessions. As shown in the table below, the BGP Route Selection drop-down determines how this matching will be performed for both VRF and non-VRF interfaces.
| Dropdown menu option | VRF interface | Non-VRF interface |
| VPN table for VRF interface, Unicast table for non-VRF interface (default) | Use only L3VPN routes. | Uses only Unicast routes. |
| VPN table, fallback to Unicast table | Uses L3VPN. If no match, uses Unicast |
Uses Unicast. |
| VPN table, fallback to Labeled-Unicast table, fallback to Unicast table | Uses L3VPN. If no match, uses Labeled-Unicast. If no match, uses Unicast. |
Use Labeled-Unicast. If no match, uses Unicast. |
| VPN table for VRF, Labeled-Unicast, fallback to Unicast for non-VRF (both directions) | Uses L3VPN. If no match, uses Labeled-Unicast. If no match, uses Unicast. Note: This variation checks routing tables based on interfaces in both directions. |
Same as VRF |
| VPN Table for VRF, Unicast for non-VRF (both directions) | Use only L3VPN routes, but check routing tables based on interfaces in both directions. |
Same as VRF |
Note: For both of the "both directions" options above, the routing table is first checked based on the interface in the opposite direction, then checked based on the interface in the same direction.
Device Integrations
The Integrations tab on the Device dialogs is used to specify settings for integrations that are specific to an individual device. This tab is currently used only for Kentik Firehose (to specify the ktranslate instance to which the kflow from this device should be sent). For more information, see Firehose Data Sources.
Device Config Info
The table below shows where on the tabs of the Device dialog to find information that you'll need when configuring devices for Kentik:
| Field | Dialog tab | Location | Description |
| Kentik Ingest IP | Flow | Collection method pane, Direct tab | The IP address at Kentik to which your router should be configured to send data. |
| Kentik Ingest UDP port | Flow | Collection method pane, Direct tab | The port at Kentik to which your router should be configured to send data. |
| Kentik SNMP polling IPs | SNMP | For Flow Enrichment pane | The IPs from which your router should be configured to allow SNMP polling using the Community supplied in the router configuration. |
| Peering Addresses | BGP | Peer with device settings | The IPv4 and IPv6 addresses to which the device should be set to peer in the BGP configuration on the device itself. |