Device Settings
Note: A Kentik role of Member does not enable users to add, edit, or remove devices. |
The settings for Kentik-registered devices, which are found in the Device dialog, are covered in the following topics:
- About Device Dialogs
- Device Dialogs UI
- Device General Settings
- Device Flow Settings
- Device SNMP Settings
- Device ST Settings
- Device BGP Settings
- Device Integrations
- Device Config Info
Notes:
- For overall coverage of the Devices page, including the Device list, see Network Devices.
- Devices may be set up during your organization's initial onboarding with Kentik; see Onboarding.
- If you would like assistance with any aspect of adding or managing a device, please contact us at Customer Support.
- Devices can also be added and edited with the Device API.
About Device Dialogs
To perform operations such as receiving flow, polling SNMP, and establishing BGP peering, Kentik needs information that enables us to connect with your devices. We gather most of that information in the Device dialog of the Settings » Devices page (see Devices Page), which is used in the following contexts:
- Add Device: A dialog opens from the Add Device button at the top right of the Devices page, and enables you to register a new device with Kentik.
- Edit Device: A dialog opens from the Edit icon in the device's row of the Device list, and enables you to edit an already registered device.
Note: When editing, the dialog's settings vary between routers and hosts.
The settings in the dialog are organized into one or more groups on each of the dialog's tabs. The specific contents of the tabs varies depending on the type of device (router or host) and whether the device is being added or edited.
Notes:
- Each tab is marked with a caution icon until all of its required settings are complete.
- In addition to the fields used to enter information, the tabs of the Device dialogs also include information used to configure a device to connect with Kentik (see Device Config Info).
Device Dialogs UI
The Device dialog includes the following common UI elements (whether adding or editing a device):
- Cancel: A button at lower right and an X at top right that both exit the dialog without saving any changes made since the dialog was opened.
- Tabs: Choose which tab of the dialog to view. Tabs can include General, Flow, SNMP, Streaming Telemetry, BGP, and Integrations (see tab-specific topics below).
- Add Device (adding only): A button that allows you to save settings for the new device and exit the dialog.
- Save (editing only): A button that allows you to save changes to device settings and exit the dialog.
Device General Settings
The General tab of the Device settings dialog includes settings that are not specific to any one data type that Kentik will collect from the device. The table below shows the elements in the main panes of the tab when adding or editing a device.
Element | Add Device |
Edit Device (Router) |
Edit Device (Host) |
Description |
Name | Editable field | Editable field | Editable field | User-supplied name string. |
Description | Editable field | Editable field | Editable field | User-supplied description string. |
Site | Filterable drop-down menu | Filterable drop-down menu | Filterable drop-down menu | The site to which the device is assigned (see Manage Sites). |
Role | Drop-down menu | Drop-down menu | Drop-down menu | Appears if the selected site’s architecture is defined in its settings (see Manage Sites); allows you to choose the role of this device. |
Type | Drop-down menu | Drop-down menu | Drop-down menu | Specify the category of the device (see Supported Device Types). Note: Older device types for hosts — e.g. DNS (host-nProbe-dns-www), nHst (host-nProbe-basic), and kproxy — are deprecated. |
Create a new Site | Button | Button | Button | Opens the settings covered in Create Site Settings, which allow you to create a new site. |
Label(s) | Filterable drop-down menu | Filterable drop-down menu | Filterable drop-down menu | Shows the labels applied to the device; when clicked, opens a drop-down list from which you can select Device Labels. |
Add Label | Link | Link | Link | Opens the New Label Dialog. The new label is not automatically added to the device. |
Contribute to CDN Attribution | Switch | N.A. | Switch | Enables the contribution of DNS data from this device to our CDN Attribution learning algorithms (see About CDN Attribution). Note: Only present if the device is a kprobe host. |
Billing Plan | Drop-down menu | Drop-down menu | Drop-down menu | The billing plan to which the device belongs (see Licenses). Note: If this field is set to a plan that doesn't support BGP, then no settings can be made on the BGP tab. |
Create Site Settings
The settings in the table below are shown only when you click the Create a new Site button.
Element | Add Device |
Edit Device (Router) |
Edit Device (Host) |
Description |
Site Name | Editable field | Editable field | Editable field | A user-supplied name string for a new site. |
Street Address | Filterable drop-down menu | Filterable drop-down menu | Filterable drop-down menu | The physical location of the site given as a street address. As you begin typing, a drop-down list will be populated with possible matches for you to choose. Only an address chosen from the drop-down list will be geocoded to derive additional dimensions. Note: The X at right clears the field. |
Use an existing Site | Button | Button | Button | Exits the creation of a new site, hiding the Site Name and Street Address fields and showing the Site field. |
Device Flow Settings
The Flow tab is covered in the following topics:
Flow Collection Method
The Collection Method pane tells you the Kentik IP address and port to which the device should send flow records, which varies depending on whether flow is sent to Kentik directly from the device or via an instance of the Kentik Proxy Agent (kproxy). The information needed to configure your device for these options is found in the following two tabs:
- Direct:
- Kentik Ingest IP
- Kentik Ingest UDP port - Via kproxy:
- Select a kproxy: A drop-down from which you choose the agent instance to which the device is sending flow:
- Kproxy Private IP
- Kproxy port
Note: The Need help configuring Flows? link opens the KB article Router Configuration in a new browser tab.
Flow Export Configuration
The Flow export configuration pane of the Flow tab enables you to tell us the IP(s) from which Kentik should expect flow data for this device. The tab includes the following UI elements for both routers and hosts:
- Sending IPs: A field in which to enter the IP address(es) from which the router sends flow to Kentik.
Note: The IP must be unique except as described in IP Overloading. - Add Sending IP: A button that adds a new Sending IPs field.
Note: An X will be added at the right of each Sending IPs field, enabling you to remove the IP. - Sample Rate: A field in which to enter the ratio of total flows transiting the device to flows whose flow record is sent to Kentik (see Flow Sampling). If you enter, for example, 1000, a flow record will be generated for one out of every 1000 flows.
Notes:
- Kentik may dynamically downsample from this nominal sample rate as needed to keep FPS within limits specified in the plan to which the device is assigned (see About Plans).
- For hosts, see Sample Rate for Hosts.
IP Overloading
The IP address specified with Sending IPs must be unique (not used by any other device in your organization) for any device sending flow data directly to Kentik. If, however, a device sends flow data via kproxy (see Kentik Proxy Agent) then an IP specified in the Sending IPs field may be the same as that of an already registered device if the following is true:
- The two devices do not use the same instance of kproxy.
- Both instances of kproxy specify a valid site ID using the -site_id parameter in the kproxy command line (see kproxy Proxy Agent Arguments).
- The value of -site_id for the two instances of kproxy is not the same.
Sample Rate for Hosts
Kentik uses the kprobe software host agent to generate network traffic data from hosts (see About kprobe). The sample rate for flow data generated by kprobe involves two settings:
- The --sample parameter of the kprobe Command Line. This CLI parameter is optional.
- The Sample Rate field of the Flow tab of the Device settings dialog. This setting is required when a host device is registered in the portal.
The sample rate that is actually used is determined by the following:
- If the --sample parameter is included in the command line, the CLI-provided value takes precedence over the Sample Rate field value.
- If the --sample parameter is not included in the command line, the Sample Rate field value is used.
Note: If the value is not set in the command line and the Sample Rate field value is reset in the portal, then the corresponding kprobe instance will exit. If kprobe is not run under a supervisor, then it must be restarted manually. |
Device SNMP Settings
The SNMP tab of the Device settings dialog is covered in the following topics:
About the SNMP Tab
The SNMP tab enables the polling of SNMP data for two distinct purposes. To configure SNMP for the device, click either or both of the checkboxes in the Collection method pane of the tab, which will open the corresponding panes described in the topics below:
- For NMS via Universal Agent: Poll SNMP data for Kentik NMS using Kentik's Universal agent (see For NMS via Universal Agent).
- For Flow Enrichment: Poll SNMP data to enrich flow records using the kproxy agent (see For Flow Enrichment).
For NMS via Universal Agent
The For NMS via Universal Agent pane of the SNMP tab includes the following fields and controls:
- Credential: A drop-down to choose the credential that is used for the collection agent (see SNMP NMS Device Credential).
- Collection Agent: A drop-down to choose the Kentik agent that is used to collect SNMP data.
- Device SNMP IP: A field to enter the SNMP IP address that Kentik should poll.
- Port: A field to enter the port number that Kentik should use for SNMP polling.
- Timeout: A field to enter the time in seconds that Kentik should wait for a response from the SNMP server.
SNMP NMS Device Credential
The Credential field on the SNMP tab allows you to create a new credential or use an existing credential from Kentik’s Credentials Vault.
- To use an existing credential, click the Credential drop-down and select a credential from the list.
- To create a new SNMP credential, click the Credential drop-down and select "New Credential" from the list, which opens the Add SNMP Credential Dialog.
Add SNMP Credential Dialog
The Add SNMP Credential dialog, used when creating a new credential for a device, includes the following UI elements:
- Cancel: A button at lower right and an X at top right that both exit the dialog without creating the credential.
- Type: A set of radio buttons that set the credential type to match the SNMP version used to poll the device (v1, v2c, or v3). The remaining fields of the dialog vary depending on this setting.
Note: All three SNMP types use system templates for creating a credential, which means that neither their key/value pairs nor their key names can be changed (see Keys by Credential Type). - Credential Name: A field to enter a name for the credential. The field accepts only alpha-numeric characters, dashes, and underscores.
Note: Once saved, a credential’s name cannot be changed. - Labels: A field that, when clicked, drops down a filterable list of labels. To apply a label, click it in the list, after which it will appear in the field. Repeat to apply multiple labels. When done, click outside the list to close it.
Note: To remove a label, click the X at the right of that label. - Add/Edit: A link to the Labels Page, where you can create or remove the labels that are available to apply.
- Community (SNMP v1 and SNMP v2c only): A field to enter a masked value for the community key.
- User Name (SNMP v3 only): A field to enter a value for the username key.
- Authentication (SNMP v3 only):
- Authentication protocol: A drop-down menu to select the authentication protocol (None, MD5, or SHA).
- Value: A field to enter a masked value (passphrase) for the authentication key. - Privacy (SNMP v3 only):
- Privacy protocol: A drop-down menu to select the privacy protocol (None, DES, or AES).
- Value: A field to enter a masked value (passphrase) for the privacy key. - Add Credential: Saves the new credential and exits the dialog.
Notes:
- The contents of fields used for masked values can't be seen as text is entered.
- The behavior of fields used to enter key values for credentials is covered in Credential Values.
- While descriptions can't be specified for a credential in the Add SNMP Credential dialog, they can be added by editing in the Credentials Vault (see Edit a Credential).
For Flow Enrichment
The For Flow Enrichment pane of the SNMP tab includes the following fields and controls:
- Kentik SNMP polling IPs: A callout giving the IP addresses of the Kentik SNMP Polling IPs.
Note: Use these IPs when configuring SNMP on the device itself, which is required to enable polling by Kentik. - SNMP polling: A drop-down to choose the polling frequency for SNMP:
- Standard: Interface counter is polled every 5 minutes; interface description is polled every 3 hours.
- Minimum: Interface counter isn’t polled; interface description is polled every 6 hours. - Device SNMP IP: A field to enter the IP address that Kentik should poll for SNMP.
- SNMP Community: A field to enter the SNMP community that Kentik should use when polling the router via SNMP v1 or v2c.
Notes:
- Not shown when SNMP v3 is enabled.
- The entered string is obscured but can be edited. - Enable SNMP v3 Authentication: A toggle switch that sets SNMP polling to v3 (see About SNMP V3), displays the SNMP v3 Settings Pane, and hides the SNMP Community field.
Note: Available for routers only; overrides SNMP Community setting (above).
SNMP v3 Settings Pane
The following elements are shown only when the Enable SNMP v3 Authentication switch is on:
- SNMP v3 User Name: A field to enter the user name for SNMP v3 authentication (required).
- SNMP v3 Auth Protocol: A drop-down to choose the SNMP v3 authentication protocol:
- None
- MD5
- SHA - SNMP v3 Auth Passphrase: A field to enter the password for SNMP v3 authentication.
Note: The entered string is obscured but can be edited. - SNMP v3 Privacy Protocol: A drop-down to choose the SNMP v3 privacy protocol:
- None
- DES (56-bit encryption)
- AES-128 - SNMP v3 Privacy Passphrase: A field to enter the password for SNMP v3 privacy.
Note: The entered string is obscured but can be edited.
Device ST Settings
The Streaming Telemetry tab of the Device settings dialog is covered in the following topics:
About the ST Tab
The Streaming Telemetry tab enables the collection of ST data for two distinct purposes. To configure ST for the device, click either or both of the checkboxes in the Collection method pane of the tab, which will open the corresponding panes described in the topics below:
- Dial-In from Universal Agent: Collect ST data for Kentik NMS using Kentik's Universal agent (see Dial-In from Universal Agent).
- Dial-Out to Kproxy: Collect ST data from your device using Kentik's kproxy agent (see Dial-Out to Kproxy).
Dial-In from Universal Agent
The Dial-In from Universal Agent pane of the Streaming Telemetry tab enables Kentik's Universal agent to establish a connection to the device via the gNMI protocol. ST data collected with this method is accessible through Metrics Explorer. The pane includes the following fields and controls:
- Credential: A drop-down to choose the credential that is used for the collection agent (see ST NMS Device Credential).
- Collection Agent: A field that shows (but can't change) the Kentik agent used to collect ST data, which is the same collection agent selected in the For NMS via Universal Agent pane of the SNMP tab.
- Timeout: A field to enter the time in seconds that Kentik should wait for a response from the server.
- Port: A field to enter the number of the device's listening port.
- Use secure connection (SSL): A switch that turns on SSL encryption for the data transmission.
ST NMS Device Credential
The Credential field on the Streaming Telemetry tab allows you to create a new credential or use an existing credential from Kentik’s Credentials Vault.
- To use an existing credential, click the Credential drop-down and select a credential from the list.
- To create a new ST credential, see Add ST Device Credential.
Add ST Credential Dialog
The Add Streaming Telemetry Credential dialog includes the following UI elements:
- Cancel: A button at lower right and an X at top right that both exit the dialog without creating the credential.
- Credential Name: A field to enter a name for the credential. The field accepts only alpha-numeric characters, dashes, and underscores.
Note: Once saved, a credential’s name cannot be changed. - User Name: A field to enter a value for the username key.
- Password: A field to enter a masked value for the password key.
- Add Credential: Saves the new credential and exits the dialog.
Notes:
- The contents of fields used for masked values can't be seen as text is entered.
- While labels and descriptions can't be specified for a credential in the Add Streaming Telemetry Credential dialog, they can be added by editing in the Credentials Vault (see Edit a Credential).
Dial-Out to Kproxy
With the “dial-out” collection method, devices are pre-configured to send Streaming Telemetry (ST) data to a kproxy agent. ST data collected with this method is accessible through Data Explorer. The Dial-Out to Kproxy pane of the Streaming Telemetry tab includes the following fields and controls:
- Sending IP: A field giving the IP address from which the device sends ST data.
- Kentik Ingest IP: A field giving the Kentik IP address to which to send ST data.
- Kentik ST port: A field giving the port on which Kentik will receive ST data.
Device BGP Settings
The settings on the BGP tab, which vary depending on the BGP Type setting, determine how Kentik collects the BGP data used to enrich flow records for the device. These settings are covered in the following topics:
Note: Settings can't be made on the BGP Settings tab unless the Billing Plan field (see Device General Settings) is set to a plan that supports BGP (see About Plans).
Common BGP Settings
The following controls are common to all BGP situations (regardless of the BGP Type setting):
- BGP Type: A drop-down to choose how BGP will be enabled on this device:
- No peer, use generic IP/ASN mapping: Map the device's IP address to an ASN.
- Peer with device: Kentik will BGP peer with this device (this setting is required for RTBH/Flowspec).
- Use table from another peered device: The BGP table will be obtained from another device that is already set to peer with Kentik. - BGP Flowspec Compatible: A switch that should be turned on if the router supports MP-BGP and is therefore compatible with BGP Flowspec.
- BGP Route Selection: A drop-down to set how Kentik will match, for both VRF and non-VRF interfaces, each flow’s IP address against the BGP route received via the device's BGP sessions (see BGP Route Selection).
Type-specific BGP Settings
The following controls are present only for specific BGP Type settings:
- Use AS Numbers from Flow: A switch that changes Kentik’s default behavior by retaining the source and destination ASN information from the flows exported by the network device.
- Present only when BGP Type is set to No peer, use generic IP/ASN mapping. - IPv4 Peering Address: A field to enter the IPv4 address of the peering device.
- Present only when BGP is set to Peer with device.
- RFC1918 addresses are not valid.
- Cannot be an IP that is already being used to peer with a different Kentik device. - IPv6 Peering Address: A field to enter the IPv6 address of the peering device.
- Present only when BGP is set to Peer with device.
- RFC1918 addresses are not valid.
- Cannot be an IP that is already being used to peer with a different Kentik device. - ASN: A field to enter the number (16- or 32-bit) of the autonomous system (AS) to which the peering device belongs.
- Present only when BGP Type is set to Peer with device. - BGP MD5 Password: A field to enter an optional shared authentication password (32 alphanumeric characters) for BGP peering.
- Present only when BGP Type is set to Peer with device. - Master BGP Device: A drop-down to choose the device whose BGP table will be shared with this device.
- Present only when BGP Type is set to Use table from another peered device.
Kentik Ingest Peering IPs
When BGP Type is set to "Peer with device," Kentik's Ingest Peering IPs (v4 and v6) will be shown to the right of the Peering Address fields (IPv4 and IPv6) listed above. You'll use these as the IPs that the device should be set to peer with in the BGP configuration on the device itself.
BGP Route Selection
As flow records from devices are ingested into the Kentik Data Engine (KDE) they are enriched with BGP/routing information, a process that depends on matching each flow’s IP address against the BGP route received via the device's BGP sessions. As shown in the table below, the BGP Route Selection drop-down determines how this matching will be performed for both VRF and non-VRF interfaces.
Dropdown menu option | VRF interface | Non-VRF interface |
VPN table for VRF interface, Unicast table for non-VRF interface (default) | Use only L3VPN routes. | Uses only Unicast routes. |
VPN table, fallback to Unicast table | Uses L3VPN. If no match, uses Unicast |
Uses Unicast. |
VPN table, fallback to Labeled-Unicast table, fallback to Unicast table | Uses L3VPN. If no match, uses Labeled-Unicast. If no match, uses Unicast. |
Use Labeled-Unicast. If no match, uses Unicast. |
VPN table for VRF, Labeled-Unicast, fallback to Unicast for non-VRF (both directions) | Uses L3VPN. If no match, uses Labeled-Unicast. If no match, uses Unicast. Note: This variation checks routing tables based on interfaces in both directions. |
Same as VRF |
VPN Table for VRF, Unicast for non-VRF (both directions) | Use only L3VPN routes, but check routing tables based on interfaces in both directions. |
Same as VRF |
Note: For both of the "both directions" options above, the routing table is first checked based on the interface in the opposite direction, then checked based on the interface in the same direction.
Device Integrations
The Integrations tab on the Device dialogs is used to specify settings for integrations that are specific to an individual device. This tab is currently used only for Kentik Firehose (to specify the ktranslate instance to which the kflow from this device should be sent). For more information, see Firehose Data Sources.
Device Config Info
The table below shows where on the tabs of the Device dialog to find information that you'll need when configuring devices for Kentik:
Field | Dialog tab | Location | Description |
Kentik Ingest IP | Flow | Collection method pane, Direct tab | The IP address at Kentik to which your router should be configured to send data. |
Kentik Ingest UDP port | Flow | Collection method pane, Direct tab | The port at Kentik to which your router should be configured to send data. |
Kentik SNMP polling IPs | SNMP | For Flow Enrichment pane | The IPs from which your router should be configured to allow SNMP polling using the Community supplied in the router configuration. |
Peering Addresses | BGP | Peer with device settings | The IPv4 and IPv6 addresses to which the device should be set to peer in the BGP configuration on the device itself. |