Kentik Map

The Kentik Map module in the Kentik portal is discussed in the following topics:

• About Kentik Map
• Kentik Map Page
• Kentik Map Display
• Topology Views
• Health Problems Page

Note: For information related to the contents of the Details drawer of the Kentik Map see Kentik Map Details.

A high-level look at the Kentik map is provided in the following topics:

• Kentik Map Overview
• Kentik Map Views
• Kentik Map Health
• Kentik Map Prerequisites

The Kentik Map module of the Kentik portal illustrates the relationship between three main aspects of your Hybrid IT network infrastructure:

• Clouds: The cloud providers you use for compute and/or storage:
  - AWS: See Kentik for AWS.
  - Azure: See Kentik for Azure.
  - GCP: See Kentik for GCP.
  - OCI: See Kentik for OCI.
• Internet: The external sources and destinations of traffic to and from your network, broken down by Origin Network, Next Hop Network, and Provider (see Provider Classification).
• On Prem: The sites where your data center infrastructure is located (see About Sites).

In the main (top-level) Kentik map, each of the above areas of your network is represented as a grey rectangle, referred to as a "block," in which you can drill down to get further details about the network's structure and traffic. As a network engineer, this enables you to better understand what's happening on your network in real time, to compare current and historical traffic for specific network entities, and to see common adverse conditions without having to run queries.

The views available in the Kentik map represent the structure of your overall network, the components within that structure, and the traffic between those components. These views enable you to quickly drill down into your infrastructure at any level, where you can see information including the following:

• The existence and volume of traffic between your sites, such as data centers and branch offices (On Prem block), your clouds (Clouds block), and external networks (Internet block).
• The sites that make up your on-prem infrastructure, including:
  - Weather Map: The location of sites on a zoomable world map, with multiple layers showing information such as links, utilization, and health.
  - Topology: The architecture and individual devices of each site, as well as details about the traffic on the individual network entities or between entities.
• The health of network entities and of the connections between entities.
• The cloud providers you use, including region breakdowns for each cloud provider.
• The top ASNs (origin and next-op) and service providers (transit, peering, or IX) that account for your network's incoming and outgoing traffic.

The Kentik Map includes network health indicators that are based on a real-time Kentik service that watches key metrics that impact the health of network infrastructure elements. We are currently monitoring health via SNMP polling of network device and interface metrics. The metrics are evaluated and compared to expected ranges to determine what is considered "healthy" and what should be drawn to your attention as an issue, either "warning" or "critical." These issues currently fall into the following categories:

• Site health - Derived from the devices and interfaces in the site.
• Device health - Derived from the device metrics and interface metrics on this device:
  - Device Availability: Whether metrics are available for this device.
  - Device Metrics: CPU Utilization, Memory Utilization.
• Interface health - Derived from the interface metrics for this interface:
  - Interface Availability: Whether metrics are available for this interface.
  - Interface Metrics: Input Interface Utilization, Output Interface Utilization.

Notes:
- In order to be evaluated for health your devices must allow SNMP polling from Kentik (see Enabling SNMP Polling), with the polling interval set to Standard (see SNMP Polling Intervals).
- The health status represented by indicators in the Network Map UI is as of the time at which you opened the map.

Kentik's mapping capability is built on the core features of the Kentik system. To use Kentik maps effectively, you'll first need to ensure that your overall Kentik setup is as complete as possible:

• Register all devices: Physical devices (e.g. routers and switches) and host agents (e.g. kprobe) must be registered with Kentik in order for us to receive traffic data:
  - To register devices via the Kentik Onboarding wizard, see Device Setup.
  - To register via the portal's device admin UI, choose Settings from the portal nav menu, then on the resulting Admin page click the Add button for the kind of device (router or host) that you'd like to add (see Add a Device).
• Configure SNMP on all devices: SNMP polling enables Kentik to enrich traffic data (flow records) with data about the interfaces via which traffic is entering, transiting, and leaving your network:
  - To activate SNMP on a device via the Kentik Onboarding wizard, see Device SNMP Setup.
  - To activate SNMP via the portal's device admin UI, enable polling on the device with the device-specific SNMP configs provided in our Device Configs Directory, and also set the device's Device SNMP Settings.
  Note: To take advantage of the health status feature of Kentik maps, set the SNMP polling interval to Standard (see SNMP Polling Intervals).
• Register all clouds: A cloud export in Kentik represents one or more cloud resources (e.g. VPCs or subnets) used by your network on a given cloud provider (e.g. AWS, GCP, Azure). To gain visibility into those resources you must register them in Kentik (see Cloud Overview).
• Assign data sources to sites: A site is a specific user-defined physical location (e.g. the address of a data center) to which one or more data sources (devices, hosts, or clouds) may be assigned (see About Sites).
• Exclude interfaces from the map: Your organization may have interfaces that, to reduce clutter and improve clarity, you don't want to show up on the map. Before running interface classification, you can set an IC rule that excludes these interfaces (see Exclude Interfaces from Map).
• Run Interface Classification (see Using Interface Classification): Interface Classification assigns a Network Boundary and Connectivity Type value to every interface in the network:
  - Network Boundary: Classifies interfaces as Internal or External, which enables you to see whether the source and destination of the traffic are both fully within your network or if the traffic crossed a network boundary (came from or went to a different AS; see Network Boundary Attribute).
  - Connectivity Type: Classifies interfaces by their role in the overall network (see Connectivity Type Attribute), such as Transit, IX, Paid Peering, Cloud Interconnect, etc. (see Understanding Connectivity Types).
  Note: Links will be drawn between two sites in the On Prem block if the interfaces that connect them are assigned a Connectivity Type of either Backbone or Datacenter Interconnect.

To exclude one or more interfaces from the Kentik Map:

1. In Settings » interface Classification, click the Add Rule button to open the Add Rule dialog (see Rule Dialogs UI).
2. In the rule's IF settings, specify conditions that will match the interfaces that you'd like to exclude from the map.
3. In the rule's THEN settings:
   - Set the Connectivity Type to Other.
   - By default the Auto switch will be on. If Network Boundary is not shown as Internal, set Auto to off and manually set Network Boundary to Internal.
4. Click the Add Rule button at the bottom right. The dialog will close and the new rule will appear in the Rules list:
   - The Connectivity Type | Network Boundary indicator in the rule statement will show Other | Internal.
   - Interfaces matching this rule will not appear in the Kentik Map.

The Kentik Map page includes some UI elements that are common to all page types and others that are found only on the pages for Topology Views:

• Common Map Elements
• Topology View Elements

The following elements are common to all Kentik Map pages:

• Breadcrumbs (in the SubNav): An indicator of your current location within the Kentik portal. As you drill down deeper you can click on a breadcrumb to go back to a higher level.
• Full width (in the SubNav): A toggle button that expands the map to the maximum horizontal space available within the browser window.
• View Kube (not present on Cloud Topology views): A link to Kentik Kube, a network traffic and performance module for Kubernetes clusters (activated by request to Kentik; see Customer Care).
• View Logical Map (not present on cloud topology views): A link to the Logical Map, formerly known as the Network Map.
• Details (in the SubNav): Toggle visibility of the right-side Details drawer, which contains details about the currently selected map element (see Kentik Map Elements). If no element is selected this button is inactive.
• Filters: A button that opens a popup showing the filters applied to the data displayed on this page:
  - If filters already exist, each will be represented as a card in the popup. You can remove a filter using the red X at the right of its card, or you can modify or add filters by clicking the Edit Filters button.
  Both of the above buttons open a Filtering Options Dialog.
  - If no filters are currently applied you can add a filter by clicking the Edit Filters button.
• Time range: A control that indicates the current time range of the data displayed on this page and pops up a calendar form enabling you to specify the time range (see Time Range Control).
• Health indicator (heart icon): Indicates the number of issues identified by Kentik on your network. Click to open a popup giving a breakdown of different problem types (e.g. high inbound utilization, high outbound utilization, high memory utilization, etc.). Click the View Problems button to go to the Health Problems Page.
• Gbits/s legend: A horizontal bar showing the bit rate of traffic associated with the colors used for the squares that each represent a network in the Internet block (see Kentik Map Blocks).
• Map display area: Occupying the page’s main display area, this diagram graphically represents your network environment, including network entities and the links between them (see Kentik Map Display).

The following additional elements are found only on the pages for Topology Views:

• Search: A control set that filters the Topology Views to entities that match the entered text (see Topology Search Controls).
• Color by (present only on AWS Topology): The traffic volume of the VPCs in an AWS cloud region is represented by color intensity (greater intensity indicates greater volume). This control lets you choose whether the color intensity is based on bits/second inbound, outbound, or total.
• Subscriptions (present only on Azure Topology): A drop-down to filter the topology view based on the selected subscriptions (see Azure Subscription Filter).
• Show Default Networks (present only on GCP Topology): A checkbox to toggle the display of default networks. A GCP default network is an automatically provisioned virtual network provided to new projects unless user-disabled.

The Search control set in the Topology Search Controls enables you to filter the Topology Views to entities that match the entered text, as well as to save searches to apply them later. The controls include the following UI elements:

• Search by: A field into which you can enter one or more comma-separated values to match against the displayed entities:
  - Clicking in the field opens the Search popup, which includes the elements listed immediately below.
  - Clicking the X at the right of the field closes the popup and clears the search.
• Search Entries: A pane on the left of the popup that shows a categorized list of matching entities, which vary by cloud provider (see Topology Search Entries).
• Name: A field to enter a name by which to save the current search.
• Save: A button to save the current search.
• Saved Searches: A list of your saved searches (see Topology Saved Searches).

The Search Entries pane of the Topology Search Controls includes a table showing the number of full exact matches for the entry or entries (comma-separated) in each of the categories that are evaluated for a given cloud provider, which vary as shown in the table below.

The pane includes the following UI elements for each category:

• Search Entries: A lozenge for each match, which contains the matched string. Click the X at the right of the lozenge to clear the corresponding string from the Search field.
  Note: Lozenge colors are randomly assigned.
• Clear: A button to clear all strings in the category.

The Saved Searches pane of Topology Search Controls includes a table that lists all of your previously save topology view searches, any of which can be used in the view for any cloud provider. Click on a listed search to use it to filter the current topology view.

The Saved Searches table contains the following UI elements:

• Name: The name of the saved search.
• Edit (edit icon): A button that allows you to modify the name.
• Remove (trash icon): A button that opens a confirmation dialog in which you can remove the saved search.

The main parts of the Kentik map display area are covered in the following topics:

• Kentik Map Elements
• Kentik Map Blocks
• Inter-block Traffic Volume
• Kentik Weather Map
• On Prem Controls

A Kentik map diagram is made up of the following main types of parts:

• Blocks: Gray rectangles that each enclose different buckets of infrastructure (see Kentik Map Blocks).
• Network Entities: The individual network components that are shown within blocks:
  - Physical entities: The sites and data sources (devices and hosts) in your data centers.
  Note: Physical entities are each marked with a health indicator; see Element Health Indicators.
  - Virtual entities: The Regions, gateways, VPCs and subnets in your clouds.
  - Logical entities: The ASes and service providers to which your network connects to send or receive traffic.
  Note: Click an entity to either open the Details drawer for that entity (see Kentik Map Details) or pop up a menu listing possible Network Element Actions.
• Links: Lines representing the connections between blocks and between network entities. Each link is made up of two segments that each have an arrow representing the direction of the traffic. When you hover over a link the volume of traffic in each direction is displayed over the corresponding segment. Links are gray by default, but when a given network element is selected in the diagram the links for that element are rendered in blue.
• Weather Map: Shown on the Kentik Map landing page only, this is the default view for the On Prem block (see Kentik Weather Map).
• Topology: A variation of the map that shows the internal architecture of a given map element as well as that element’s relationship to other sites and clouds in your network and to external networks. Topology Views are accessed via a View Topology button in a Details popup. Topology views are available for the following entities:
  - On Prem: When chosen in the On Prem block on the Kentik Map landing page, this view shows the interconnection of all sites where you have on-premises network resources, and enables you to select individual sites to see their internal topology.
  - Site: Shows the architecture of the data sources in a given site (see Site Topology).
  - Devices: Shows the relationship of the device to other connected devices, and how the device’s interfaces connect to other devices (see Device Topology).
  - Cloud provider: Shows the regions within a given provider, as well as the count of each region’s active VPCs and instances (AWS, Azure, OCI) or subnets and VMs (GCP).

Note: In the AWS Topology, Azure Topology, and OCI Topology views, each VPC is represented as an expandable card.

If health status information (see Kentik Map Health) is available for a given map element representing a physical entity (a site, device, or interface) then that element will be marked in topology views to indicate its overall health status:

• Critical: If one or more metrics are in critical range, the element will be tinted red.
• Warning: If one or more metrics are out of normal range, but no metrics are in critical range, the element will be tinted orange.
• Healthy: If all health metrics for an element are within normal ranges, then the element will have no tint but it will be marked with a small green disk.
• Unknown (gray): If the health status of the element is unknown (e.g. the element is not currently configured to allow SNMP polling by Kentik) the element will neither be tinted nor marked with a disk.

Further detail about the health status of a given element is available in the following locations:

• On the Health tab of the element’s Details popup (see Health Details).
• On the Health Problems Page if the element’s status is warning or critical.

Clicking on a network element pops up a menu from which you can choose the following actions:

• View Topology (not present for logical entities): Takes you to a topology view for the element (see Topology Views).
• Show Details: Display information about the element in the Details drawer.
• Show Connections: Draws traffic indicator lines between the selected entities and other blocks. In the case of the AWS map, Show Connections also draws traffic indicator lines between a selected subnet and other subnets and gateways within the selected VPC.
• Show in AWS Console (only in AWS Topology view): Open the selected element in the AWS console to make configuration changes.
• Show in Azure Console (only in Azure Topology view): Open the selected element in the Azure console to make configuration changes.
• Show Path To (AWS and Azure subnets only): Displays a line showing the path that traffic will take out of a subnet towards its destination, which could be another subnet, a router in physical infrastructure, or an interconnection element like a Customer gateway. The line includes a moving arrow that shows the direction of traffic. Hovering on the line opens a popup giving the from/to of the path.

Note: In the AWS Topology view, clicking on the following types of AWS Interconnection Elements will directly open the Details drawer (see Kentik Map Details) rather than the actions menu: Direct Connection, Customer Gateway, Direct Connect Gateway, VPN Connection.

The following Kentik map blocks each contain different types of network entities:

• Clouds: A container for cloud providers (AWS, Azure, GCP, OCI).
• Internet: A container for external sources and destinations of traffic to and from your network (ASNs and service providers).
• On Prem: One of the following:
  - Weather Map (default): A zoomable world map showing the location of sites, with separate layers for information such as links, utilization, and health.
  - Topology: A container for sites where your data center infrastructure is located (see About Sites).
• Site (shown only in site topology map): A container for the devices in an individual Site.
• Other Sites (shown only in site topology map): A container for your sites other than the site shown in the Site block.

The links between the blocks on your main (top-level) Kentik map are labeled with the traffic volume between blocks. The following traffic is considered when calculating the volume between the various blocks:

• On-Prem » Internet: Includes all flows that leave your on-prem infrastructure via an interface whose Network Boundary (see Interface Classification Dimensions) is External, except for the following:
  - Flows whose Connectivity Type (see Understanding Connectivity Types) is Cloud Interconnect;
  - Flows whose Traffic Profile (see Network Classification Dimensions) is From Inside to Cloud.
• Internet » On-Prem: Includes all flows that enter your on-prem infrastructure via an interface whose Network Boundary is External, except for the following:
  - Flows whose Connectivity Type is Cloud Interconnect;
  - Flows whose Traffic Profile is From Cloud to Inside.
• On-Prem » Cloud: Includes the following traffic that is leaving your on-prem infrastructure:
  - Flows whose Connectivity Type is Cloud Interconnect;
  - Flows whose Traffic Profile is From Inside to Cloud.
• Cloud » On-Prem: Includes the following traffic that is entering your on-prem infrastructure:
  - Flows whose Connectivity Type is Cloud Interconnect;
  - Flows whose Traffic Profile is From Cloud to Inside.
• Cloud » Internet: Include all flows leaving any cloud with a Traffic Profile of From Cloud to Outside.
• Internet » Cloud: Include all flows entering any cloud with a Traffic Profile of From Outside to Cloud.
• Regions » On Prem: For Azure, GCP, and OCI, a line will be drawn between the Cloud Regions Block and the On Prem block.
  Note: These lines do not currently display data rates (coming soon).
• Regions » Other Clouds: Visualizations for Azure, GCP, and OCI include a line between the selected cloud’s region block and Other Clouds.
  Note: These lines do not currently display data rates (coming soon).

The weather map is the default view of the On Prem block on the Kentik Map landing page. This zoomable world map shows the location of network entities — typically sites (see About Sites) or cloud regions — as well as the links between them. Use the Links settings in the On Prem Controls to set the type of the links.

By default, the number of entities in a given location on the map determines how the entities are displayed:

• Clustered marker: A circle with a number inside indicates a clustered marker, which reduces clutter by using a single marker to represent multiple entities that are nearby to one another.
  - If the Health switch is on in the On Prem Controls then the marker’s circumference is made up of segments that each indicate the health of one of the represented entities.
  - Entities in a multi-site marker may be close but not at the same physical location. As you zoom further in on the map (either with your scroll wheel or using the zoom buttons; see On Prem Controls), entities in a multi-site marker may split off into their own separate markers.
  - Hover over the marker to open a popup with information about the entities (see Weather Map Popups).
  - If a clustered marker includes one or more sites, you can click it to open a Kentik Map Details drawer about the entities it contains.
• Individual marker: A circle with a label indicating the name of a site or cloud region. If a marker represents an individual site you can click it to see information about the site in a Details drawer (the details drawer is not available for individual cloud regions).

Note: You can turn clustering on/off in the On Prem Controls.

The Weather Map includes the following types of popups that open upon hover:

• Links: If the Links switch is on in the On Prem Controls then links will be drawn between the entities shown on the map. Hover over a link to pop up an indicator giving the traffic volume in each direction, expressed in bps and also (if the Utilization switch is on in the On Prem Controls) as a percent of capacity.
• Entities: If the Clustering switch is on in the On Prem Controls then hovering over a clustered marker opens a popup with the following information:
  - Health: If the Health switch is on in the On Prem Controls then the popup will contain a breakdown of the health status of the clustered entities.
  - Sites: A section listing the names of the clustered entities that are sites.
  - Regions: If the Cloud Regions switch is on in the On Prem Controls then the popup will contain a section listing the names of the clustered entities that are regions.

The on prem controls, which open from the layers icon in the On Prem block, determine what is rendered in the block’s Weather Map and Topology views.

• Links: Controls how lines are drawn between entities.
  - Traffic Type: Determines which types of connections are rendered (see Traffic Type Options).
  - Draw Connections Using: Determines which traffic is used when rendering links between entities: All Layers, Layer 3, or Layer 2.
  Note: A link is depicted as a solid line if it’s healthy, as a dashed yellow line if its health is degraded, and as a dashed yellow line if it’s not currently working.
• Cloud Regions: Determines whether cloud regions are rendered.
  - Cloud Backbone Traffic: Turn on/off rendering of links whose traffic is between the regions of a cloud provider.
• Utilization: Turn on/off coloring of links in the Weather Map based on utilization:
  - If on, links for which capacity information is available will be colored based on the utilization of the link (traffic as a percent of capacity). The utilization associated with each color will be shown in a legend at the bottom of the map.
  - If off, all links will be rendered as blue lines.
  Note: Capacity information isn’t available for links between the regions of a cloud provider.
• Health: If on, the circumference of clustered markers in the Weather Map will be made up of segments that each indicate the health of one of the represented entities. The health status associated with each color will be shown in a legend at the bottom of the map.
• Clustering: Reduce clutter on the Weather Map by using a single marker to represent multiple entities that are nearby to one another (see Weather Map Clustering).

The Traffic Type settings enable you to choose how the system draws lines between sites in the On Prem block:

• Connected Interfaces: Sites will be connected based on the interfaces at different sites that are configured with IP addresses inside of the same subnet. For example, interface 1 in site A with IP address 192.168.1.2 will be connected to interface 2 in site B configured with an IP address of 192.168.1.3. You can choose whether the connections are based on all layers (default), Layer 2 only, or Layer3 only.
• Site IP: Sites will be connected by running traffic queries from each site’s configured IP range to every other configured Site IP range. The results of the queries are used determine the traffic volume between sites. Connections are drawn as arrow links.
• Ultimate Exit: Sites will be connected by running traffic queries using Kentik’s BGP Ultimate Exit feature. Each site connected to another site represents a volume of traffic ingressing a source site and egressing the ultimate exit site.

Kentik Map topology views are covered in the following topics:

• About Topology Views
• Site Architecture
• Site Topology
• Device Topology
• Cloud Topology
• AWS Topology
• Azure Topology

Note: The topology view for AWS is distinct from that of other cloud providers.

Topology views provide a picture of the relationships between sites, devices, and interfaces in your on-prem infrastructure, as well as the cloud resources in each of your cloud providers. Topology views are available for the following entities:

• Site: Shows the architecture of the data sources in a given site (see Site Topology).
• Devices: Shows the relationship of the device to other connected devices, and how the device’s interfaces connect to other devices (see Device Topology).
• Cloud provider: Shows the regions within a given provider, as well as the count of each region’s active VPCs and instances (AWS, Azure, OCI) or subnets and VMs (GCP).

The UI elements of topology views are similar to those of the main Kentik map, which are covered in Kentik Map Page.

To provide a meaningful on-prem topology view for sites and devices, Kentik relies on user-provided information about the architecture of a site, which is defined in the Edit Site dialog. To define a site’s architecture:

1. From the main Kentik Map, click on a site to open the site’s Details drawer.
2. Click the View Topology button, which will take you to the site’s topology view.
3. Assuming that the site architecture hasn’t already been defined, the block for the site will show a number of devices under the heading Unassigned, beneath which is a Configure Site link. Click the link, which will open the Edit Site dialog.
4. In the Type section (below the address field), click the button that most closely corresponds to your overall concept of how the site is organized (e.g. Data Center, Cloud, etc.).
5. In the Architecture section, click the Edit Architecture button, which will open the Edit Architecture dialog.
6. The dialog contains multiple tabs, each of which provides modifiable templates for different “typical” architectures. Click on the template that seems closest to your situation (or choose Custom from the Other tab), which will open the Architecture Edit UI for that template.
7. Use the architecture edit UI to assign devices to the layers and to rename each layer as needed, then click the Save Architecture button to save your changes.

The edit UI for site architecture enables you to customize a site architecture template to the specifics of your site. The dialog includes the following UI elements:

• Close (X at the upper right): Click to close the dialog without saving any changes to the architecture.
• Layers: A box representing a layer in the architecture and containing the fields described in Layer Fields.
• Add Layer: Click to add a box for a new layer at a level that’s in between two existing layers.
• Add Parallel Layer: Click to add a box for a new layer that at the same level as an existing layer.
• Cancel: Click to close the dialog without saving any changes to the architecture.
• Save Architecture: Click to save all changes to the architecture and close the dialog.

Each layer of the architecture is represented as a box containing the following fields:

• Layer: Specify the name of the layer.
• Devices: Click in the field to choose one or more devices for the layer from a drop-down list of the Kentik-registered devices that have been assigned to this site.
• Handle: Enables you to drag layers into a different order.
• Remove (trash icon): Remove this layer from the architecture.

Once the architecture has been specified for a site (see Site Architecture) the site’s layers and the relationship between the site’s devices are rendered in the site’s topology view. To access site topology, click the View Site Topology button in the Details drawer for the site (see Details Panes).

The topology view includes the following blocks (see Kentik Map Blocks):

• Site: Shows the site as a block like the On Prem block in the standard Kentik Map view (see Site Block).
• Other Sites: Shows all other sites from your infrastructure.
• Clouds: Shows your cloud providers (AWS, GCP, Azure, and OCI).
• Internet: Shows external sources and destinations of traffic to and from your network (ASNs and service providers).

The site block is structured according to the layers defined in the site architecture:

• A labeled icon is shown for each device in the layer to which the device is assigned:
  - Click the icon to open a device Details drawer for that device (see Kentik Map Details).
  - Click the View Device Topology button in the drawer to go to the Device Topology.
• A line shows the links between connected devices. Hover over a device to highlight all of its links.
• An Unassigned section shows the devices that haven’t yet been assigned to a layer. Click the Configure Site link to assign these devices (see Site Architecture).

The device topology view is organized into the following blocks:

• Upstream Connected Devices: Shows the devices in the same site that are connected to this device and assigned to a higher layer.
• Parallel Connected Devices: Shows the devices in the same site that are connected to this device and assigned to the same layer.
• Device: Shows information about the device (see Device Block Information) and its interfaces (see Device Block Interfaces). Click the device name to link to the Network Explorer details page for this device.
• Downstream Connected Devices: Shows the devices in the same site that are connected to this device and assigned to a lower layer.

The left side of the device block provides the following general information related to the main device of the topology view:

• Status: The health of this device (see Element Health Indicators).
• IP Address: The IP from which this device sends flow to Kentik.
• Site: The site where the device is located (click to link to the Network Explorer details page for this site).
• Sample rate: The rate at which the device is sampling flow (see Flow Sampling).
• Machine Type: The type of the device (e.g. router, host, etc.).
• Device ID: The device’s Kentik-assigned ID.
• Metrics: Device metrics gathered via SNMP (see Device Metrics Information).

The Metrics section of the device block includes the following information, gathered via SNMP, and controls:

• View Details: Pops up a view with charts detailing device metrics.
• CPU Utilization: A chart of CPU utilization on this device during the last 24 hours, plus the highest value during that period.
• Memory Utilization: A chart of memory utilization on this device during the last 24 hours, plus the highest value during that period.

The main area of the device block gives the total number of known interfaces on the device and provides a breakdown of those interfaces based on the layer of the devices to which those interfaces connect:

• Upstream Connected Interfaces: Shows the interfaces connected to a device at a higher layer.
• Parallel Connected Interfaces: Shows the interfaces connected to a device at the same layer.
• Unknown Connected Interfaces: Shows interfaces that fall into one of the following categories:
  - The interface is connected to something that’s not monitored by Kentik.
  - The interface is a physical member of a logical bundle (multiple physical interfaces defined as a single logical interface).
  - The interface is connected to a Layer 2 device.
• Downstream Connected Interfaces: Shows the interfaces connected to a device at a lower layer.

The topology view is very similar at all levels from cloud provider level down to subnet. The view is organized into the blocks described in the topics below.

Notes:
- Cloud topology for AWS resources is covered in AWS Topology.
- Cloud topology for Azure resources is covered in Azure Topology.
- Cloud topology for GCP resources is covered in GCP Topology.
- Cloud topology for Azure resources is covered in OCI Topology.

The following blocks appear in cloud topology views at all levels:

• On Prem: Represents your on-premises infrastructure that is connected to the resources in this cloud provider.
• Other Clouds: Shows the other cloud providers your organization has registered with Kentik, and a link representing traffic (if any) between this cloud provider and the others.
• Internet: Shows the external sources and destinations of traffic to and from your network (origin networks, service providers, and next-hop networks).

The following blocks appear in cloud topology views only at the indicated levels:

• Regions (cloud provider level only): Shows the regions, each represented as a box, where you have resources within this cloud provider. Each box gives the number of VPCs and subnets within that region. To drill down further, click the box for a region and choose View Topology from the popup.
• VPC: Shows the VPCs, each represented as a box, within the region. Each box gives the number of subnets and VMs within that VPC. To drill down further, click the box for a VPC and choose View Topology from the popup.
• Subnets (region level in GCP): Shows a box for each of your subnets within the VPC or region. For traffic data, click the box and choose Show Details from the popup.

The AWS topology view is organized into the following blocks:

• On Prem: Represents your on premises infrastructure that is connected to the resources in this cloud provider.
• Internet: Shows the external sources and destinations of traffic to and from your network (origin networks, service providers, and next-hop networks).
• Regions (cloud provider level only): Shows the regions, each represented as a block, where you have resources within this cloud provider.
  - Each region block shows the VPCs in that region. VPCs are expanded (see VPCs below) unless there are more than nine rows of VPCs at the current browser window width, in which case the VPCs are collapsed.
  - Each region block shows the Transit Gateway via which traffic enters and exits.
  - Lines are drawn to and from each region on the map to denote inter-region traffic volumes.
• VPCs: Click on an individual VPC to expand it to show its component subnets and the VPC connections (see AWS Interconnection Elements) for that VPC. The display of VPCs in a given region block depends on whether the block is expanded or collapsed (see Regions above):
  - Expanded: Each VPC is represented as a labeled card showing VPC name, ID, and configured CIDR block.
  - Collapsed: Each VPC is represented as a square. The color intensity of the square depends on the Color by control (see Kentik Map Page). Hover over the square to see the name, ID, and CIDR.
• Subnets: The subnets of a VPC are each represented as a card giving the subnet name and IP /CIDR. The subnets are grouped into Availability Zones which are represented by the dashed outlines around each subnet. An AZ represents a physically isolated datacenter in Amazon’s ecosystem. For traffic data about a given subnet, click the subnet and choose Show Details to open the Details drawer.
• Connections: AWS supports multiple types of connections for entities within AWS as well as between AWS and on premises infrastructure (see AWS Interconnection Elements).

The AWS topology view includes the following interconnection elements:

• Customer Gateway: Terminates one or more site-to-site VPN connections that are extended from virtual gateways in VPCs.
• Link Aggregation Group: A logical interface that uses the Link Aggregation Control Protocol (LACP) to aggregate multiple connections at a single AWS Direct Connect endpoint, allowing all connections in the group to be configured and managed a single connection (see Link aggregation groups in AWS docs.
• Direct connection: Shows the entry/exit point for traffic to/from the On Prem block that transits an AWS Direct Connect circuit. Kentik can visualize AWS Direct Connects whose virtual interfaces extend from a given VPC directly through to an on-prem router or those connected to Transit Gateway routing devices.
• Direct Connect Gateway: Aggregates one or more direct connect circuits and allows for easy connectivity between VPCs and multiple on-prem connections (see AWS Direct Connect docs).
• VPN Connection: Connect your Amazon VPC to remote networks and users (see AWS VPN connections docs).
• VPC connection: When a VPC is expanded its connection gateways (which enable instances in subnets to talk to other instances in other regions, VPCs, and subnets) are shown as labeled squares across the bottom of the VPC block. Currently supported types include internet gateway, peering connection, virtual gateway, TGW attachment, NAT gateway, VPC endpoint interface, and transit gateway.
• Transit Gateway: An AWS managed high availability and scalability regional network transit hub used to interconnect VPCs and customer networks (see AWS Transit Gateway docs).

The lines drawn between the above interconnection types show the links over which traffic travels to and from entities both within AWS and beyond (e.g. on-prem). Most such links are drawn by default, but for the following VPC connection types links are drawn only when Show Connections is chosen from the drop-down Network Element Actions menu: Internet, NAT Gateway, and Virtual Gateway.

The Azure topology view is organized into the following blocks:

• On Prem: Represents your on-premises infrastructure that is connected to the resources in this cloud provider.
• Internet: Shows the external sources and destinations of traffic to and from your network (origin networks, service providers, and next-hop networks).
• Regions: Shows the regions, each represented as a block, where you have resources within this cloud provider. Each region block shows the VNets in that region. Click the Show Details link to open the region’s Details drawer (see Kentik Map Details).
• VNets: The VNets in each region are shown within the region block. By default all VNets in a region are collapsed. Click on an individual VNet to expand it to show its component subnets. The display of the VNets depends on whether any of the VNets are currently expanded:
  - Collapsed: Each VNet is represented as a rectangle showing the VNet’s name, ResourceId, and CIDR.
  - Expanded: The expanded VNet is represented as a blue block within which are shown the VNet's subnets and interconnection elements (gateways, etc.), as well as a Show Details link. The remaining VNets are represented as labeled cards showing VNet name, ResourceId, and configured CIDR block.
• Subnets: The subnets of a VNet are each represented as a rectangle giving the subnet name and IP/CIDR. Click the subnet to open its Details drawer.
• VNet connections: Azure supports multiple interconnection types (see Azure Interconnection Elements). When a VNet is expanded its interconnections are shown as labeled rectangles across the bottom of the VNet block.

Notes:
- For an overview of Azure networks, see Azure networking services overview.
- For information about Azure virtual networks (VNets) see Microsoft documentation at What is Azure Virtual Network.

The Azure topology view includes the following interconnection elements:

• VNet Gateway: A virtual network gateway is composed of two or more VMs that are automatically configured and deployed to a specific subnet you create called the gateway subnet. The gateway VMs contain routing tables and run specific gateway services. You can’t directly configure the VMs that are part of the virtual network gateway, although the settings that you select when configuring your gateway impact the gateway VMs that are created. See Microsoft documentation at What is a virtual network gateway.
• VNet Peering: Virtual network peering connects two or more VNets. The VNets appear as one for connectivity purposes. The traffic between virtual machines in peered virtual networks uses the Microsoft backbone infrastructure. Like traffic between virtual machines in the same network, traffic is routed through Microsoft’s private network only. See Microsoft documentation at Virtual network peering.
• NAT Gateway: A fully managed Network Address Translation (NAT) service that simplifies outbound Internet connectivity for virtual networks. When configured on a subnet, all outbound connectivity uses the Virtual Network NAT’s static public IP addresses. See Microsoft documentation at What is Virtual Network NAT.

Note: For a comparison of Azure peering and gateway options, see Microsoft documentation at VNet peering and VPN gateways.

The Azure Subscription Filter is a drop-down that allows you to search, select, and organize your Azure subscriptions within the topology view. The drop-down allows you to view a summary of the associated resources and group them together for a streamlined view. The Subscription Filter contains the following UI elements:

• Search: A field that filters the Azure Subscription List to subscriptions whose name, ID, or CIDR contains a match for the entered text.
• View: A drop-down that filters the list to either all available subscriptions or the currently selected subscriptions.
• Group: A drop-down that filters the list to subscriptions that belong to the selected group.
• Select All (checkbox): A checkbox for toggling the selection of all subscriptions in the subscription list.
  - A numerical count next to the checkbox indicates the number of subscriptions selected in comparison to the total available.
• Create Group: A button that opens the Create Group Dialog.
• Clear: A button that clears the subscription selections.
• Subscriptions List: A list of Azure subscriptions used to filter the topology view (see Azure Subscription List).

The Create Group dialog is used to create a group for a set of subscriptions. The dialog contains the following UI elements:

• Name: A text field for the group name.
• Count: A numerical indicator for the number of subscriptions for the group.
• Cancel: A button to exit the dialog without creating a new group.
• Confirm: A button to create a new group and exit the dialog.

The Azure subscription list contains all the Azure subscriptions within the organization and is used to filter the topology view to display only the selected resources associated with the subscriptions. Each row in the subscription list contains the following UI elements:

• Select (checkbox): A checkbox that selects this subscription for the topology view.
• Name: The name of the Azure subscription.
• Subscription ID: The ID of the Azure subscription.
• Cloud Entities: Various icons indicating the different Azure cloud entities along with a numerical count of each entity type associated with the subscription.

The GCP topology view is organized into the following blocks:

• On Prem: Represents your on-premises infrastructure that is connected to the resources in this cloud provider.
• Internet: Shows the external sources and destinations of traffic to and from your network (origin networks, service providers, and next-hop networks).
• VPCs: Each VPC block shows the regions that the VPC spans across. In GCP, VPCs networks are global resources that can span multiple regions. Click the Show Details link to open the VPC’s Detail drawer (see Kentik Map Details).
• Regions: The regions in each VPC are shown within the VPC block. By default, all regions in a VPC are collapsed. Click on an individual region to expand it to show its component subnets. The display of the region depends on whether any of the regions are currently expanded:
  - Collapsed: Each region is represented as a rectangle showing the region’s name.
  - Expanded: The expanded region is represented as a green block and shows the region’s subnets and interconnection elements (gateways, etc.), as well as a Show Details link.
• Subnets: The subnets of a VPC within a region are each represented as a rectangle giving the subnet name and IP/CIDR. Click the subnet, then click Show Details to open its Details drawer.
• VPC connections: GCP supports multiple interconnection types (see GCP Interconnection Elements).

The GCP topology view includes the following interconnection elements:

• Cloud Router: A cloud router provides dynamic routing to facilitate traffic between your VPCs and external networks. See GCP documentation at Cloud Router Overview.
• External VPN Gateway: An external VPN gateway provides external network connection to your VPC through VPN tunnels. See GCP documentation at Cloud VPN Overview.
• Interconnect Attachment: An interconnect attachment (also known as Dedicated Interconnect attachment) provides connectivity between your on-prem network and VPC network through a specific interconnect. See GCP documentation at Dedicated Interconnect Overview.
• VPN Gateway: A VPN gateway provides connection from your VPC networks to external networks through VPN tunnels. See GCP documentation at Cloud VPN Overview.
• VPN Tunnel: A VPN tunnel provides a path for network traffic between your GCP VPC and external networks. See GCP documentation at Key Terms.

The OCI topology view is organized into the following blocks:

• On Prem: Represents your on-premises infrastructure that is connected to the resources in this cloud provider.
• Internet: Shows the external sources and destinations of traffic to and from your network (origin networks, service providers, and next-hop networks).
• Regions: Shows the regions, each represented as a block, where you have resources within this cloud provider. Each region block shows the VCNs in that region. Click the Show Details link to open the region's Details drawer (see Kentik Map Details).
• VCNs: The Virtual Cloud Network (VCN) in each region are shown within the region block. By default, all VCNs in a region are collapsed. Click on an individual VCN to expand it to show its component subnets. The display of the VCN depends on whether any of the VCNs are currently expanded:
  - Collapsed: Each VCN is represented as a rectangle showing the VCN’s name, Oracle Cloud Identifier (OCID), and CIDR.
  - Expanded: The expanded VCN is represented as a red block and shows the VCN’s subnets and interconnection elements (gateways, etc.), as well as a Show Details link. The remaining VCNs are represented as labeled cards showing VCN name, OCID, and configured CIDR block.
• Subnets: The subnets of a VNet are each represented as a rectangle giving the subnet name and IP/CIDR. Click the subnet, then click Show Details to open its Details drawer.
• VCN connections: OCI supports multiple interconnection types (see OCI Interconnection Elements).

Notes:
- For an overview of OCI networks, see Oracle Cloud Infrastructure Networking Overview.

The OCI topology view includes the following interconnection elements:

• Dynamic Routing Gateway: A dynamic routing gateway is a virtual router that provides a path for network traffic between your VCN and on-prem network. See OCI documentation at Dynamic Routing Gateways.
• Internet Gateway: A fully managed gateway that allows direct internet access to and from your VCN. The internet gateway enables public resources within your VCN to be accessed from the internet and allows resources in your VCN to initiate connections. See OCI documentation at Internet Gateway.
• IPSec Connection: An IPSec connection is a site-to-to VPN that provides connection between your on-prem network and VCN. See OCI documentation at Site-to-Site VPN Overview.
• Local Peering Gateway: VCN peering in OCI connects two VCNs in the same region, allowing them to communicate using private IPs as if they were in the same network, similar to Azure VNet Peering. See OCI documentation at Overview of Local VCN Peering.
• NAT Gateway: A NAT gateway simplifies outbound internet connectivity for resources within your VCN. It doesn’t facilitate direct interconnection between different networks but instead, allows outbound connection from your VCN to the internet. See OCI documentation at NAT Gateway.

The Health Problems page, which is accessed from the Health indicator (heart icon) at the upper right of the Kentik Map Page, lists issues with the health status of entities on the Kentik map. The page is covered in the following topics:

• About Health Problems
• Health Problems Page UI
• Health Problems List
• Health Problems Actions

The Kentik Map includes a dedicated health assessment system that checks the health status of entities when you open the map (see Kentik Map Health). A link in the popup summary that appears when you click the Health indicator (heart icon) at the upper right of the Kentik Map Page takes you to the Health Problems page. The page is built around a table that shows information about each entity that has a health issue (status of either Warning or Critical).

The Health Problems page includes the following UI elements:

• Filter field: Enter text to narrow the issues shown in the Health Problems list to those whose alarm type, entity name, or site that text.
• Group By: Choose a property (e.g. Site) from the drop-down menu to group the issues in the table by the value of that property. The table supports grouping by alarm type, site, device name, and device label.
• Health Problems List: A list of health issues (see Health Problems List).

The Health Problems page features a table that lists the issues identified by the Kentik Map health assessment. To change the sort order of the list, click a heading to select a column, and click the resulting blue up or down arrow to choose the sort direction (ascending or descending).

The Health Problems list includes the following columns (left to right):

• Alarm Type: The nature of the health issue (for descriptions, see Kentik Map Health).
• Entity name: For device-level alarms, the device name; for interface-level alarms the device name and interface name. The names are links that you can click to go to the Details page in Core that corresponds to the entity (see Core Details Pages).
• Site: The site in which the entity is located.
• Current Value: The value that triggered the health alarm, e.g. "150%" for an Alarm Type of "Interface Inbound Utilization."
• Actions: Actions that you can take to further investigate the issue (see Health Problems Actions).

The following actions are available from the icons in the far-right columns of the Health Problems List:

• View Entity in Kentik Map: Takes you to the Kentik Map:
  - If the entity is a device: You'll see the topology view for the site containing the device. The Details sidebar will be open for that device; see Kentik Map Details).
  - If the entity is an interface: You'll see the topology view for the device containing the interface. The Details sidebar will be open for that interface.
• View Entity Settings:
  - If the entity is a device: Opens the Device Settings Dialog for the device.
  - If the entity is an interface: Opens the Interface Settings Dialog for the interface.