Kentik Map
The Kentik Map module in the Kentik portal is discussed in the following topics:
- About Kentik Map
- Kentik Map Page
- Kentik Map Display
- Kentik Map Details
- Topology Views
- Security Groups & NACLs
- Health Problems Page


About Kentik Map
A high-level look at the Kentik map is provided in the following topics:
Purpose: | Visualize every aspect of network infrastructure, both on-prem and cloud, to enable fast understanding of how components are interconnected and how that affects traffic patterns, network health, and performance, including application delivery and customer experience. |
Benefits: | - Unified view into traffic, performance, and health between and within cloud, on-prem, internet and WAN networks. - See connections between on-prem networks and VPCs, as well as between different cloud providers, to understand patterns, investigate problems, discover application dependencies, and reveal unintended Internet traffic. - Get insight into expensive, brittle, or bandwidth-constrained flow connections. - Answer questions about traffic in and between any environment, to and through ASNs, and out to the Internet, as well as north/south and east/west flows in data centers. - Identify at a glance links that are down or interfaces whose health or utilization are in a critical state, then identify potential causes with a few clicks. |
Use Cases: | - Hybrid network architecture visualization and mapping - Network health visualization - Network traffic visualization |
Relevant Roles: | Network Admin/Engineer, Network Architect, Site Reliability Engineering (Traffic Engineer, Net SRE, NetOps Engineer) |
Kentik Map Overview
The Kentik Map module of the Kentik portal illustrates the relationship between three main aspects of your Hybrid IT network infrastructure:
- Clouds: The cloud providers you use for compute and/or storage (AWS, Azure, GCP, IBM).
- Internet: The external sources and destinations of traffic to and from your network, broken down by Origin Network, Next Hop Network, and Provider (see Provider Classification).
- On Prem: The sites where your data center infrastructure is located (see About Sites).
In the main (top-level) Kentik map, each of the above areas of your network is represented as a grey rectangle, referred to as a "block," in which you can drill down to get further details about the network's structure and traffic. As a network engineer, this enables you to better understand what's happening on your network in real time, to compare current and historical traffic for specific network entities, and to see common adverse conditions without having to run queries.
Kentik Map Views
The views available in the Kentik map represent the structure of your overall network, the components within that structure, and the traffic between those components. These views enable you to quickly drill down into your infrastructure at any level, where you can see information including the following:
- The existence and volume of traffic between your sites, such as data centers and branch offices (On Prem block), your clouds (Clouds block), and external networks (Internet block).
- The sites that make up your on-prem infrastructure, including:
- Weather Map: The location of sites on a zoomable world map, with multiple layers showing information such as links, utilization, and health.
- Topology: The architecture and individual devices of each site, as well as details about the traffic on the individual network entities or between entities. - The health of network entities and of the connections between entities.
- The cloud providers you use, including region breakdowns for each cloud provider.
- The top ASNs (origin and next-op) and service providers (transit, peering, or IX) that account for your network's incoming and outgoing traffic.
Kentik Map Health
The Kentik Map includes network health indicators that are based on a real-time Kentik service that watches key metrics that impact the health of network infrastructure elements. We are currently monitoring health via SNMP polling of network device and interface metrics. The metrics are evaluated and compared to expected ranges to determine what is considered "healthy" and what should be drawn to your attention as an issue, either "warning" or "critical." These issues currently fall into the following categories:
- Site health - Derived from the devices and interfaces in the site.
- Device health - Derived from the device metrics and interface metrics on this device:
- Device Availability: Whether metrics are available for this device.
- Device Metrics: CPU Utilization, Memory Utilization. - Interface health - Derived from the interface metrics for this interface:
- Interface Availability: Whether metrics are available for this interface.
- Interface Metrics: Input Interface Utilization, Output Interface Utilization.

Notes:
- In order to be evaluated for health your devices must allow SNMP polling from Kentik (see Enabling SNMP Polling), with the polling interval set to Standard (see SNMP Polling Intervals).
- The health status represented by indicators in the Network Map UI is as of the time at which you opened the map.
Kentik Map Prerequisites
Kentik's mapping capability is built on the core features of the Kentik system. To use Kentik maps effectively, you'll first need to ensure that your overall Kentik setup is as complete as possible:
- Register all devices: Physical devices (e.g. routers and switches) and host agents (e.g. kprobe) must be registered with Kentik in order for us to receive traffic data:
- To register devices via the Kentik Onboarding wizard, see Device Setup.
- To register via the portal's device admin UI, choose Settings from the portal nav menu, then on the resulting Admin page click the Add button for the kind of device (router or host) that you'd like to add (see Add a Device). - Configure SNMP on all devices: SNMP polling enables Kentik to enrich traffic data (flow records) with data about the interfaces via which traffic is entering, transiting, and leaving your network:
- To activate SNMP on a device via the Kentik Onboarding wizard, see Device SNMP Setup.
- To activate SNMP via the portal's device admin UI, enable polling on the device with the device-specific SNMP configs provided in our Device Configs Directory, and also set the device's Device SNMP Settings.
Note: To take advantage of the health status feature of Kentik maps, set the SNMP polling interval to Standard (see SNMP Polling Intervals). - Register all clouds: A cloud export in Kentik represents one or more cloud resources (e.g. VPCs or subnets) used by your network on a given cloud provider (e.g. AWS, GCP, Azure). To gain visibility into those resources you must register them in Kentik (see Cloud Overview).
- Assign data sources to sites: A site is a specific user-defined physical location (e.g. the address of a data center) to which one or more data sources (devices, hosts, or clouds) may be assigned (see About Sites).
- Exclude interfaces from the map: Your organization may have interfaces that, to reduce clutter and improve clarity, you don't want to show up on the map. Before running interface classification, you can set an IC rule that excludes these interfaces (see Exclude Interfaces from Map).
- Run Interface Classification (see Using Interface Classification): Interface Classification assigns a Network Boundary and Connectivity Type value to every interface in the network:
- Network Boundary: Classifies interfaces as Internal or External, which enables you to see whether the source and destination of the traffic are both fully within your network or if the traffic crossed a network boundary (came from or went to a different AS; see Network Boundary Attribute).
- Connectivity Type: Classifies interfaces by their role in the overall network (see Connectivity Type Attribute), such as Transit, IX, Paid Peering, Cloud Interconnect, etc. (see Understanding Connectivity Types).
Note: Links will be drawn between two sites in the On Prem block if the interfaces that connect them are assigned a Connectivity Type of either Backbone or Datacenter Interconnect.
Exclude Interfaces from Map
To exclude one or more interfaces from the Kentik Map:
- In Settings » interface Classification, click the Add Rule button to open the Add Rule dialog (see Rule Dialogs UI).
- In the rule's IF settings, specify conditions that will match the interfaces that you'd like to exclude from the map.
- In the rule's THEN settings:
- Set the Connectivity Type to Other.
- By default the Auto switch will be on. If Network Boundary is not shown as Internal, set Auto to off and manually set Network Boundary to Internal. - Click the Add Rule button at the bottom right. The dialog will close and the new rule will appear in the Rules list:
- The Connectivity Type | Network Boundary indicator in the rule statement will show Other | Internal.
- Interfaces matching this rule will not appear in the Kentik Map.
Kentik Map Page
The Kentik Map page includes the following main UI elements, which are — except as noted — also present on the pages for Topology Views:
- Breadcrumbs (in the SubNav): An indicator of your current location within the Kentik portal. As you drill down deeper you can click on a breadcrumb to go back to a higher level.
- Full width (in the SubNav): A toggle button that expands the map to the maximum horizontal space available within the browser window.
- View Kube (not present on Cloud Topology views): A link to Kentik Kube, a network traffic and performance module for Kubernetes clusters (activated by request to Customer Support).
- View Logical Map (not present on cloud topology views): A link to the Logical Map, formerly known as the Network Map.
- Details (in the SubNav): Toggle visibility of the right-side Details drawer, which contains details about the currently selected map element (see Kentik Map Elements). If no element is selected this button is inactive.
- Filters: A button that opens a popup showing the filters applied to the data displayed on this page:
- If filters already exist, each will be represented as a card in the popup. You can remove a filter using the red X at the right of its card, or you can modify or add filters by clicking the Edit Filters button.
Both of the above buttons open a Filtering Options Dialog.
- If no filters are currently applied you can add a filter by clicking the Edit Filters button. - Time range: A control that indicates the current time range of the data displayed on this page and pops up a calendar form enabling you to specify the time range (see Time Range Control).
- Color by (present only on AWS Topology and Azure Topology views): The traffic volume of the VPCs in an AWS cloud region is represented by color intensity (greater intensity indicates greater volume). This control lets you choose whether the color intensity is based on bits/second inbound, outbound, or total.
- Health indicator (heart icon): Indicates the number of issues identified by Kentik on your network. Click to open a popup giving a breakdown of different problem types (e.g. high inbound utilization, high outbound utilization, high memory utilization, etc.). Click the View Problems button to go to the Health Problems Page.
- Gbits/s legend: A horizontal bar showing the bit rate of traffic associated with the colors used for the squares that each represent a network in the Internet block (see Kentik Map Blocks).
- Map display area: Occupying the page's main display area, this diagram graphically represents your network environment, including network entities and the links between them (see Kentik Map Display).


Kentik Map Display
The main parts of the Kentik map display area are covered in the following topics:
Kentik Map Elements
A Kentik map diagram is made up of the following main types of parts:
- Blocks: Gray rectangles that each enclose different buckets of infrastructure (see Kentik Map Blocks).
- Network Entities: The individual network components that are shown within blocks:
- Physical entities: The sites and data sources (devices and hosts) in your data centers.
Note: Physical entities are each marked with a health indicator; see Element Health Indicators.
- Virtual entities: The Regions, gateways, VPCs and subnets in your clouds.
- Logical entities: The ASes and service providers to which your network connects to send or receive traffic.
Note: Click an entity to either open the Details drawer for that entity (see Kentik Map Details) or pop up a menu listing possible Network Element Actions. - Links: Lines representing the connections between blocks and between network entities. Each link is made up of two segments that each have an arrow representing the direction of the traffic. When you hover over a link the volume of traffic in each direction is displayed over the corresponding segment. Links are gray by default, but when a given network element is selected in the diagram the links for that element are rendered in blue.
- Weather Map: Shown on the Kentik Map landing page only, this is the default view for the On Prem block (see Kentik Weather Map).
- Topology: A variation of the map that shows the internal architecture of a given map element as well as that element's relationship to other sites and clouds in your network and to external networks. Topology Views are accessed via a View Topology button in a Details popup. Topology views are available for the following entities:
- On Prem: When chosen in the On Prem block on the Kentik Map landing page, this view shows the interconnection of all sites where you have on-premises network resources, and enables you to select individual sites to see their internal topology.
- Site: Shows the architecture of the data sources in a given site (see Site Topology).
- Devices: Shows the relationship of the device to other connected devices, and how the device's interfaces connect to other devices (see Device Topology)
- Cloud provider: Shows the regions within a given provider, as well as the count of each region's active VPCs and instances (AWS, Azure, IBM) or subnets and VMs (GCP).
Note: In the AWS Topology and Azure Topology views, each VPC is represented as an expandable card.
Element Health Indicators
If health status information (see Kentik Map Health) is available for a given map element representing a physical entity (a site, device, or interface) then that element will be marked in topology views to indicate its overall health status:
- Critical: If one or more metrics are in critical range, the element will be tinted red.
- Warning: If one or more metrics are out of normal range, but no metrics are in critical range, the element will be tinted orange.
- Healthy: If all health metrics for an element are within normal ranges, then the element will have no tint but it will be marked with a small green disk.
- Unknown (gray): If the health status of the element is unknown (e.g. the element is not currently configured to allow SNMP polling by Kentik) the element will neither be tinted nor marked with a disk.
Further detail about the health status of a given element is available in the following locations:
- On the Health tab of the element's Details popup (see Health Details).
- On the Health Problems Page if the element's status is warning or critical.
Network Element Actions
Clicking on a network element pops up a menu from which you can choose the following actions:
- View Topology (not present for logical entities): Takes you to a topology view for the element (see Topology Views).
- Show Details: Display information about the element in the Details drawer.
- Show Connections: Draws traffic indicator lines between the selected entities and other blocks. In the case of the AWS map, Show Connections also draws traffic indicator lines between a selected subnet and other subnets and gateways within the selected VPC.
- Show in AWS Console (only in AWS Topology view): Open the selected element in the AWS console to make configuration changes.
- Show Path To (AWS subnets only): Displays a line showing the path that traffic will take out of a subnet towards its destination, which could be another subnet, a router in physical infrastructure, or an interconnection element like a Customer gateway. The line includes a moving arrow that shows the direction of traffic. Hovering on the line opens a popup giving the from/to of the path.
Note: In the AWS Topology view, clicking on the following types of AWS Interconnection Elements will directly open the Details drawer (see Kentik Map Details) rather than the actions menu: Direct Connection, Customer Gateway, Direct Connect Gateway, VPN Connection.

Kentik Map Blocks
The following Kentik map blocks each contain different types of network entities:
- Clouds: A container for cloud providers (AWS, GCP, Azure, IBM Cloud).
- Internet: A container for external sources and destinations of traffic to and from your network (ASNs and service providers).
- On Prem: One of the following:
- Weather Map (default): A zoomable world map showing the location of sites, with separate layers for information such as links, utilization, and health.
- Topology: A container for sites where your data center infrastructure is located (see About Sites). - Site (shown only in site topology map): A container for the devices in an individual Site.
- Other Sites (shown only in site topology map): A container for your sites other than the site shown in the Site block.
Inter-block Traffic Volume
The links between the blocks on your main (top-level) Kentik map are labeled with the traffic volume between blocks. The following traffic is considered when calculating the volume between the various blocks:
- On-Prem » Internet: Includes all flows that leave your on-prem infrastructure via an interface whose Network Boundary (see Interface Classification Dimensions) is External, except for the following:
- Flows whose Connectivity Type (see Understanding Connectivity Types) is Cloud Interconnect;
- Flows whose Traffic Profile (see Network Classification Dimensions) is From Inside to Cloud. - Internet » On-Prem: Includes all flows that enter your on-prem infrastructure via an interface whose Network Boundary is External, except for the following:
- Flows whose Connectivity Type is Cloud Interconnect;
- Flows whose Traffic Profile is From Cloud to Inside. - On-Prem » Cloud: Includes the following traffic that is leaving your on-prem infrastructure:
- Flows whose Connectivity Type is Cloud Interconnect;
- Flows whose Traffic Profile is From Inside to Cloud. - Cloud » On-Prem: Includes the following traffic that is entering your on-prem infrastructure:
- Flows whose Connectivity Type is Cloud Interconnect;
- Flows whose Traffic Profile is From Cloud to Inside. - Cloud » Internet: Include all flows leaving any cloud with a Traffic Profile of From Cloud to Outside.
- Internet » Cloud: Include all flows entering any cloud with a Traffic Profile of From Outside to Cloud.
- Regions » On Prem: For Azure, GCP, and IBM Clouds, a line will be drawn between the Cloud Regions Block and the On Prem block.
Note: These lines do not currently display data rates (coming soon). - Regions » Other Clouds: Visualizations for Azure, GCP, and IBM Cloud include a line between the selected cloud’s region block and Other Clouds.
Note: These lines do not currently display data rates (coming soon).
Kentik Weather Map
The weather map is the default view of the On Prem block on the Kentik Map landing page. This zoomable world map shows the location of network entities — typically sites (see About Sites) or cloud regions — as well as the links between them. Use the Links settings in the On Prem Controls to set the type of the links.
Weather Map Clustering
By default, the number of entities in a given location on the map determines how the entities are displayed:
- Clustered marker: A circle with a number inside indicates a clustered marker, which reduces clutter by using a single marker to represent multiple entities that are nearby to one another.
- If the Health switch is on in the On Prem Controls then the marker's circumference is made up of segments that each indicate the health of one of the represented entities.
- Entities in a multi-site marker may be close but not at the same physical location. As you zoom further in on the map (either with your scroll wheel or using the zoom buttons; see On Prem Controls), entities in a multi-site marker may split off into their own separate markers.
- Hover over the marker to open a popup with information about the entities (see Weather Map Popups).
- If a clustered marker includes one or more sites, you can click it to open a Kentik Map Details drawer about the entities it contains. - Individual marker: A circle with a label indicating the name of a site or cloud region. If a marker represents an individual site you can click it to see information about the site in a Details drawer (the details drawer is not available for individual cloud regions).
Note: You can turn clustering on/off in the On Prem Controls.
Weather Map Popups
The Weather Map includes the following types of popups that open upon hover:
- Links: If the Links switch is on in the On Prem Controls then links will be drawn between the entities shown on the map. Hover over a link to pop up an indicator giving the traffic volume in each direction, expressed in bps and also (if the Utilization switch is on in the On Prem Controls) as a percent of capacity.
- Entities: If the Clustering switch is on in the On Prem Controls then hovering over a clustered marker opens a popup with the following information:
- Health: If the Health switch is on in the On Prem Controls then the popup will contain a breakdown of the health status of the clustered entities.
- Sites: A section listing the names of the clustered entities that are sites.
- Regions: If the Cloud Regions switch is on in the On Prem Controls then the popup will contain a section listing the names of the clustered entities that are regions.
On Prem Controls
The on prem controls, which open from the layers icon in the On Prem block, determine what is rendered in the block's Weather Map and Topology views.
- Links: Controls how lines are drawn between entities.
- Traffic Type: Determines which types of connections are rendered (see Traffic Type Options).
- Draw Connections Using: Determines which traffic is used when rendering links between entities: All Layers, Layer 3, or Layer 2.
Note: A link is depicted as a solid line if it's healthy, as a dashed yellow line if its health is degraded, and as a dashed yellow line if it's not currently working. - Cloud Regions: Determines whether cloud regions are rendered.
- Cloud Backbone Traffic: Turn on/off rendering of links whose traffic is between the regions of a cloud provider. - Utilization: Turn on/off coloring of links in the Weather Map based on utilization:
- If on, links for which capacity information is available will be colored based on the utilization of the link (traffic as a percent of capacity). The utilization associated with each color will be shown in a legend at the bottom of the map.
- If off, all links will be rendered as blue lines.
Note: Capacity information isn't available for links between the regions of a cloud provider. - Health: If on, the circumference of clustered markers in the Weather Map will be made up of segments that each indicate the health of one of the represented entities. The health status associated with each color will be shown in a legend at the bottom of the map.
- Clustering: Reduce clutter on the Weather Map by using a single marker to represent multiple entities that are nearby to one another (see Weather Map Clustering).
Traffic Type Options
The Traffic Type settings enable you to choose how the system draws lines between sites in the On Prem block:
- Connected Interfaces: Sites will be connected based on the interfaces at different sites that are configured with IP addresses inside of the same subnet. For example, interface 1 in site A with IP address 192.168.1.2 will be connected to interface 2 in site B configured with an IP address of 192.168.1.3. You can choose whether the connections are based on all layers (default), Layer 2 only, or Layer3 only.
- Site IP: Sites will be connected by running traffic queries from each site’s configured IP range to every other configured Site IP range. The results of the queries are used determine the traffic volume between sites. Connections are drawn as arrow links.
- Ultimate Exit: Sites will be connected by running traffic queries using Kentik’s BGP Ultimate Exit feature. Each site connected to another site represents a volume of traffic ingressing a source site and egressing the ultimate exit site.
Kentik Map Details
The Kentik Map Details drawer is covered in the following topics:
About Kentik Map Details
The Details drawer displays information about the currently selected Kentik map element. Details are available for the following entity types:
- Site entities: Details about network entities in your physical (on-prem) infrastructure:
- Site: Overall traffic to and from one of your sites.
- Device (via site topology): Traffic to and from an individual router or host.
- Interface (via device topology): Traffic to and from an individual interface. - Cloud entities: Details about traffic to and from your organization's resources in a cloud provider such as AWS, GCP, Azure, or IBM:
- Provider: Overall traffic to and from the cloud resources.
- Region (via cloud topology): Traffic to and from your resources in one of the provider's cloud regions.
- Subnet (via cloud region topology): Traffic to and from an individual subnet in the cloud region. - Internet entities: Details about your traffic to and from network entities beyond your own physical infrastructure or cloud resources:
- Origin Network: Traffic to and from an origin AS.
- Provider: Traffic to and from a service provider.
- Next-hop Network: Traffic to and from a next-hop AS. - Links: Details about a direct link between two individual map entities, e.g. sites, devices, or interfaces.
Note: To close the drawer, click anywhere outside it or click the Details button in the SubNav (see Kentik Map Page).
Details Types
The information displayed in a Kentik map Details drawer varies depending on the specifics of the current entity (see Entity-specific Details). Two main categories of details are currently displayed:
- Link details: Contains details about the link between two map entities (see Link Details). Hovering anywhere on the line directly connecting two entities will cause the line to become bold, and clicking on the line will open the drawer.
- Entity Details: Contains details (see Entity Details) about an individual entity (one of the types listed in About Kentik Map Details). To open the Details drawer for an entity, click directly on the map element and choose Show Details from the popup Network Element Actions menu.
Link Details
The Details drawer for links includes the following main parts:
- Details type: Located at the top left of the drawer, this "Traffic Details" label indicates that the details displayed in the drawer are for a link.
- Link entities: Also at top left, this field indicates the two entities at either end of the link.
- Query Results panes: A set of one or more panes with graphs and visualizations showing the results returned from queries that are automatically run on the link being detailed (see Details Panes).
Note: The results reflect the Kentik Map's current time range and filters settings (see Kentik Map Page).

Entity Details
The Details drawer for entities includes the following main parts:
- Entity type: Located at the top left of the drawer, this field indicates the type of entity for which details are displayed in the drawer (e.g. Site, Cloud, ASN, Data Center, etc.; see list in About Kentik Map Details).
- View Topology (sites only): A button that takes you to a topology view for the entity (see Topology Views).
- Name: The name (just under the type) of the entity for which the drawer is showing details. The name is a link; click it to open, in a new tab, the Network Explorer detail view for the current device (see Core Details Pages).
- Entity-specific details: Additional information that varies depending on the type of the entity (see Entity-specific Details).
- Query Results panes: A set of one or more panes with graphs and visualizations showing the results returned from queries that are automatically run on the entity being detailed (see Details Panes).
Note: The results reflect the Kentik Map's current time range and filters settings (see Kentik Map Page).
Entity-specific Details
In addition to the general information above, the following additional details or links may be included in the entity information, depending on the type of the entity:
- Site entities:
- Site (Kentik Map only): The Type (e.g. Data Center) and Address (physical location).
- Device (Kentik Map and topology views): The Type (e.g. Cisco ASA), device name, device ID, and any Labels assigned to the device.
- Interface (topology views only): A drop-down Connection list from which you can choose the link for which information will be displayed in the panes of the Details sidebar (see Details Panes). - Cloud entities (non AWS):
- Cloud (Kentik Map only): Name.
- Region (topology views only): Name.
- Subnet (topology views only): Name.
- VNet (Azure topology only): Name. - Cloud entities (AWS):
- Cloud (Kentik Map only): Name.
- Interconnections (topology views only; see AWS Interconnection Elements): Name plus details that vary depending on type of interconnection, including ID, Account ID, VPC ID, State, Tags, Destinations.
- VPC (topology views only): Name, ID, Account ID, CIDR, State, Tags.
- Subnet (topology views only): Name, ID, Account ID, CIDR, State, Tags. - Internet entities: Details about your traffic to and from network entities beyond your own physical infrastructure or cloud resources:
- Origin Network: Name and View Peering Analysis link, which opens a new tab showing the Potential Peer Page for the ASN.
- Provider: Name.
- Next-hop Network: Name and View Peering Analysis link, which opens a new tab showing the Potential Peer Page for the ASN.
Note: The entity name at the top of a Details pane is a link that takes you to that entity's Details page in the Core section of the portal (see Core Details Pages).
Details Panes
The panes of the Details drawer are covered in the following topics:
About Details Panes
Every Details drawer includes at least one pane that displays the results of queries that Kentik runs regarding the entity or link that is the subject of the drawer. The panes included for a given entity, which depend on the entity type, are listed in the topics below.
Universal Details Panes
The following panes are found in the Details drawer for all types of network entities:
- Traffic (all detail types): Ingress, egress, and top-X for traffic on the selected network element or link (see Traffic Details).
Infrastructure Details Panes
The panes in the table below are found in the Details drawer for network entities in physical infrastructure.
Pane | Entity | Description |
Internal Map Details | Sites | A diagram of the site topology (see Internal Map Details). |
Devices | Sites | Information about the devices in a site, including health status and a list of devices with details on each (see Device Details). |
Health | Devices, Interfaces, Sites | Health status based on SNMP metrics (see Health Details). |
Metrics | Devices, Interfaces, Links | Contents vary depending on the type of entity (see Metrics Details): - Links: SNMP counter data (see Counter SNMP OIDs) on input and output traffic between interfaces on the devices at each end of the link, including bitrate, errors, and discards. - Devices: SNMP-derived information on utilization over time. - Interfaces: SNMP counter data (see Counter SNMP OIDs) on input and output traffic over the interface. |
Interface Metadata | Links | Information about the interfaces (see Interface Metadata Details). |
Cloud Details Panes
The panes in the table below are found in the Details drawer for Kentik-supported cloud providers.
Pane | Provider | Description |
Cloud Details | AWS, Azure | Details about various cloud entities and connections (see Cloud Details). |
Cloud Metrics | AWS, Azure | Information and metrics for cloud entities (see Cloud Metrics Details). |
Route Table | AWS, Azure, GCP | Indicators and controls related to route tables on a VPC or transit gateway (see Route Table Details). |
Security Groups & Network ACLs | AWS | Information about flows that were denied as a result of a rule in a Security Group or a Network ACL (see Security Groups & NACLs Details). |
Network Security Groups | Azure | Information about flows that were denied as a result of a rule in a Security Group (see NSG Details). |
Denied Traffic | Azure | Information about flows that were denied as a result of a firewall rule (see Denied Traffic Details). |
Firewall Policies | GCP | Information about flows that were denied as a result of a firewall rule (see Firewall Rules Details). |
Load Balancers | GCP | Information about the load balancers deployed in a given GCP region or VPC (see Load Balancers Details). |
Internal Map Details
If the architecture of the site has already been defined (see Site Architecture), the Internal Map Details pane will feature a diagram of that topology. Click the expand icon at the upper right of the pane to open the topology in Internal Map Details dialog. In that dialog or in the pane itself you can click on any device in the topology to open a menu with the following options:
- View Full Map: Takes you to a topology view for the site containing the device (see Site Topology).
- Show Connections: Highlight (in blue) the links between the selected entity and other blocks.
If the architecture of the site hasn't already been defined you can click the Configure Site link, which opens the Edit Site dialog (see Site Settings).
Cloud Details
The Details pane for an entity in AWS or Azure includes various information about the entity that varies depending on both the cloud provider and entity type. the tables in the following topics show which details are included for the various entity types.
AWS Entity Details
Details for AWS regions, VPCs, and subnets.
Detail | Region | VPC | Subnet |
Transit Gateways | Y | N | N |
VPN Gateways | Y | N | N |
VPCs | Y | N | N |
ID | N | Y | Y |
Account ID | N | Y | Y |
CIDR | N | Y | Y |
State | N | Y | Y |
Tags | N | Y | Y |
VPC ID | N | N | Y |
AWS-to-On Prem Connection Details
Details for interconnections between on premises infrastructure and resources in AWS:
Detail | Customer Gateway | LAG | Direct connection | Direct Connect Gateway | VPN Connection |
ID | Y | Y | Y | Y | Y |
State | Y | N | Y | Y | Y |
Tags | Y | N | Y | N | Y |
Destination | Y | N | N | N | N |
AWS Internal Connection Details
Details for interconnections between and within AWS regions:
Detail | Internet Gateway | Peering Connection | Virtual Gateway | TGW Attachment | NAT Gateway | VPC Interface Endpoint | Transit Gateway |
ID | Y | Y | Y | Y | Y | Y | Y |
State | N | Y | Y | Y | N | Y | |
Tags | N | Y | Y | Y | N | N | Y |
Destination | N | N | N | N | N | N | N |
Account ID | Y | N | N | N | N | Y | Y |
VPC ID | Y | N | Y | Y | Y | N | N |
Subnet ID | N | N | N | N | Y | Y | N |
Service Name | N | N | N | N | N | Y | N |
ENI ID | N | N | N | N | N | Y | N |
Azure Entity Details
Details for Azure regions, VNets, and subnets.
Detail | Region | VNet | Subnet |
Tenant ID | Y | Y | Y |
Subscription ID | Y | Y | Y |
Location | Y | Y | N |
Latitude | Y | N | N |
Longitude | Y | N | N |
Resource group | N | Y | Y |
Name | N | Y | Y |
CIDRs | N | Y | Y |
State | N | Y | Y |
Tags | N | Y | N |
Local Network | N | N | N |
Remote Network | N | N | N |
Subnets | N | N | N |
Azure Interconnection Details
Details for Azure interconnections:
Detail | VNet Gateway | VNet Peering | NAT Gateway |
Tenant ID | Y | Y | Y |
Subscription ID | Y | Y | Y |
Location | N | N | N |
Latitude | N | N | N |
Longitude | N | N | N |
Resource group | Y | N | N |
Name | N | N | N |
CIDRs | N | N | N |
State | N | N | N |
Tags | N | N | N |
Local Network | N | Y | N |
Remote Network | N | Y | N |
Subnets | N | N | Y |
Traffic Details
The Traffic pane includes the following UI elements:
Expand/Collapse: Toggles visibility between the title bar only and the full pane.
- Open in modal (diagonal arrows icon): Opens the pane in a modal.
- Traffic selector: A drop-down menu from which to choose the set of traffic that will be evaluated for the query whose results will be displayed in the pane. Options (e.g. All Traffic, External Traffic, etc.) will vary depending on the entity type of the details drawer (see list in About Kentik Map Details).
- Dimension selector: A drop-down from which to choose the dimension of the query.
- Metric selector: The metric used to quantify the query results shown in the pane.
- Sync Chart Scales: A checkbox that causes the vertical axis of the Ingress and Egress charts to be the same scale.
- Traffic charts: Two time-series stacked charts (or one if traffic is set to All Traffic), the top for ingress and the bottom for egress, showing traffic over the time period specified in the Time pane of the Options sidebar. The charts include the following elements:
- Heading: Shows the direction and volume of the traffic to or from this entity.
- Time scale (bottom chart only): A time scale representing the time period specified in the Time pane of the Options sidebar.
- Time-point details: A popup, which opens when hovering over either chart, that shows values for the Total and Historical Total (7 days prior) at that point in the time range.
- View in Data Explorer (icon; on hover only): Opens a new browser tab to show the query in the portal's Data Explorer module. - Traffic table (not shown for total traffic queries): A list of the top-X results returned from the current query. This table is similar to the traffic table in Data Explorer (see Explorer Table Overview).
Note: The query results returned in this pane are affected by the settings in the Kentik Map's Time and Filter controls (see Kentik Map Page).
Device Details
Information about the devices in a site, including:
- A summary of device health showing the number of devices with various health statuses.
- A list of devices in the site, each of which can be expanded to show the following:
- Information table: IP address, site, sample rate, machine type, and device ID.
- Utilization charts: SNMP-discovered average utilization over time for CPU and memory.
Health Details
The Health pane gives an entity's current health status (see Kentik Map Health):
- If the status of all health metrics for the entity is Healthy then the tab will contain a single indicator stating that all is well.
- If status of any health metric is not Healthy then tab will contain a card, with values and sparkline, for each metric whose status is either Warning or Critical.

This pane also includes the following controls:
- Expand/Collapse: Toggles visibility between the title bar only and the full pane.
- Open in modal (diagonal arrows icon): Opens the pane in a modal.
Note: If the total number of health issues for the entity is greater than zero the count of issues will be displayed in an indicator in the Health tab head.
Metrics Details
The contents of the Metrics pane vary depending on whether it's in the Details drawer for a network entity that is in physical infrastructure or an entity on the Topology page for a cloud provider (see Cloud Metrics Details).
Metrics for Links
In physical infrastructure, the Metrics pane for links shows the following information from SNMP polling of the devices on which the interfaces exist (for descriptions see SNMP Interface Metrics). The information is presented in two columns, one each for the interfaces at either end of the link):
SNMP Bits/s In
- SNMP Bits/s Out
- Input Errors
- Output Errors
- Input Discards
- Output Discards
The links version of this pane also includes the following controls:
- Expand/Collapse: Toggles visibility between the title bar only and the full pane.
- Open in modal (diagonal arrows icon): Opens the pane in a modal.
- View in Data Explorer: A button that opens the portal's Data Explorer module in a new browser tab to show a query illustrating traffic over the link.
Metrics for Interfaces
For interfaces, the pane contains the same SNMP information listed above for links, but for only one interface. For devices, the pane contains charts showing SNMP-derived information on utilization over time, including average CPU utilization and average memory utilization.
Cloud Metrics Details
For a network entity that is on the Topology page for AWS and Azure, the Metrics pane shows the metrics associated with network entities in the cloud. AWS CloudWatch metrics are displayed for AWS entities and Azure Monitor is used for Azure entities. (There's no Metrics pane in GCP topology.) The pane includes the following UI elements:
- Expand/Collapse: Toggles visibility between the title bar only and the full pane.
- Interval: The frequency (e.g. 1 minute) at which the data is sampled.
- Refresh: Updates the table to show the most recent data available.
- Open in modal (diagonal arrows icon): Opens the pane in a modal (see Metrics Modal).
- Filter: A field at the top of the Metrics table into which you can enter text to filter the listed metrics by name.
- Metrics table: A table that displays the different types of metrics depending on the entity type (see Metrics Pane Table).
Metrics Pane Table
This table can be sorted by column and includes the following headings:
- Metric: The measurement being analyzed. Hover over the metric icon to display a sparkline of the metric.
Note: The metric icon is greyed out if there is no data collected for the metric. - Avg: The average value over the specified interval.
- Sum (Azure only): The sum value over the specified interval.
Metrics Modal
The metrics modal contains the following fields and controls:
- Title: The name of the entity and the metric.
- Close: (X at the upper right): Closes the modal and returns to the main view.
- Time and interval: Shows a timestamp and the frequency (e.g. 1 minute) at which the metric is reported.
- Filter: A field at the top of the Metrics table into which you can enter text to filter the listed metrics by name.
- Metrics table: A table that displays the different types of metrics depending on the entity type (see Metrics Modal Table).
Metrics Modal Table
The table in the metrics modal can be sorted by column and includes the following columns:
- Metric: The measurement being visualized.
Note: The metric icon is greyed out if there is no data collected for the metric. - Trend: A sparkline of the metric.
- Avg: The average value over the specified interval.
- Sum (Azure only): The sum value over the specified interval.
Interface Metadata Details
The Interface Metadata pane includes information about the link whose details are currently shown in the Details drawer, as well as about the interfaces at each end of the link, details for which are shown in two columns (one for each interface):
- Layer: Indicates the layer (2 or 3) of this link's connection. If the Draw Links Using drop-down (see Kentik Map Page) is set to "All Layers" and connections between the entities at either end of the link exist on both layers then this pane will include a metadata section for Layer 2 and a section for Layer 3.
- Interface name: The name of the interface.
- Interface description: The interface description as either defined in the device and retrieved via SNMP or specified manually. Capped at 128 characters.
- Device: The name of the device to which this interface belongs.
- IP Address: The primary IP address of this interface.
- Capacity: The maximum capacity in Mbps as reported by SNMP.
- Network Boundary: The network boundary value assigned to the interface by interface classification (see Network Boundary Attribute).
- Connectivity Type: The network boundary value assigned to the interface by interface classification (see Connectivity Type Attribute).


This pane also includes the following controls:
- Expand/Collapse: Toggles visibility between the title bar only and the full pane.
- Open in modal (diagonal arrows icon): Opens the pane in a modal.
Route Table Details
The Route Tables details pane includes indicators and controls related to route tables on a VPC or transit gateway. The contents of the pane is similar for all Kentik-supported cloud providers, but with some variation between AWS/Azure vs. GCP.
The pane's title bar includes the following :
- Expand/Collapse: Toggles visibility between the title bar only and the full pane.
State: Lozenges that indicate the number and state of the following:
- Tables (blue): The number of tables (if more than one).
- Active routes (green): The number of routes with a good destination.
- Blackholed (red): The number of routes that are programmed in a table but whose destination can't be reached.- Azure Console (Azure only): A button that takes you to your organization's console in Azure.
- Open in modal (diagonal arrows icon): Opens the pane in a modal (with identical UI).
Below the title bar is a table made up of the following:
- Filter: A field in which you can enter text to filter the routes shown in the table.
- In AWS and Azure this matches against the Route Target column.
- In GCP this matches against the Destination column. - Header rows (AWS/Azure only): A collapsible/expandable header row precedes the list of routes for one route table. A header row includes the following:
- State: An icon representing the state of the table's routes (see State above).
- Name: The name of the route table.
Note: Header rows are not used in CGP because there is only one group per network. - Route rows: Rows that each represent an individual route in a route table.
The information in the individual route rows is presented in the following columns:
State: Active (checkmark) or blackholed (exclamation point).
- Destination: The destination CIDR block against which traffic is evaluated to determine the route target to which it should be forwarded.
- Route target (AWS/Azure only): Content depends on the cloud provider and the type of network entity:
- VPC (AWS): The ID of the gateway that will handle the different routing functions within a VPC.
- Transit gateway (AWS): The Attachment (the transit gateway extension that "lives" in a VPC) and the Next Hop Resource (the next resource that the traffic will enter).
- VPC (GCP): The route target VPC.
- Default internet gateway (GCP): The entity's default internet gateway. - Next Hop (Azure only): The network entity's next hop in the route table.
Notes:
- Subnets can either use a main route table (indicated by "Main" in parentheses after the table's name in the header row) or a dedicated route table.
- For additional information on route tables in AWS, see AWS docs on VPC Route Tables.
Security Groups & NACLs Details
This pane includes the following UI elements:
- Expand/Collapse: Toggles visibility between the title bar only and the full pane.
- Open in modal (diagonal arrows icon): Opens the pane in a modal.
- Filter: A field in which you can enter text to filter the Denied Traffic table. The table displays any rows with a match in the Source or Destination column.
- Denied Traffic: A table showing flows that were denied as a result of a rule in a security group or a network ACL (see Denied Traffic Table).
- View Security Groups: Open the Security Groups Tab of the Security Groups & Network ACLs dialog.
- View Network ACLs: Opens the Network ACLs Tab of the Security Groups & Network ACLs dialog.
Denied Traffic Table
Each row of this table shows a set of flows that were denied as a result of a rule in a security group or a network ACL. The flows in a given row share a direction, source, and destination. Click on any row to open the Security Groups & Network ACLs dialog (see Security Groups & NACLs).
The table can be sorted by its column headings, which include the following:
- Direction: The direction of traffic.
- Source: The IP address of the source.
- Destination: The IP address of the destination.
- Total Flows: The number of denied flows.
- View in Data Explorer: An icon that opens Data Explorer, where the query settings will be set to show these flows.
NSG Details
The Network Security Groups pane includes information showing flows that were denied as a result of a rule in a security group. The pane includes the following UI elements:
- Expand/Collapse: Toggles visibility between the title bar only and the full pane.
- Open in modal (diagonal arrows icon): Opens the pane in a modal.
- Filter: A field in which you can enter text to filter the Denied Traffic table. The table displays any rows with a match in the Source or Destination column.
- Denied Traffic Table: A table showing flows that were denied as a result of a rule in a security group (see Denied Traffic Table).
Denied Traffic Details
The Denied Traffic pane has the same UI elements as the Network Security Group pane (see NSG Details) but displays information on flows denied as a result of a firewall rule.
Firewall Rules Details
The Firewall Rules pane includes indicators and information related to GCP firewall rules. The pane includes the following UI elements:
- Expand/Collapse: Toggles visibility between the title bar only and the full pane.
- Rule count indicators: A lozenge that indicates the number of active rules.
- Open in modal (diagonal arrows icon): Opens the pane in a modal.
- Firewall Rules Table: A table that displays the firewall rules (see Firewall Rules Table).
Firewall Rules Table
The following controls are found at the top of the table:
- Group By: A dropdown to group the rules based on column. Each group will start with a header row that states the value that's common to the rules in the group and the number of rules in the group.
- Filter: A field with which you can filter the table to rows containing the entered text in the Resource or Protocol columns.
The table can be sorted by column headings, which include the following:
- Direction: The direction of traffic.
- Rule Action: The policy of the rule.
- Resource: The IP address of the destination.
- Port: The port number.
- Protocol: The traffic protocol.
- View in Data Explorer: An icon to open the traffic information in Data Explorer.
Firewall Policies Details
Coming soon…
Load Balancers Details
The Load Balancers pane enables you to see — without navigating to a Load balancing page in your Google Cloud console — information about the load balancers deployed in a given GCP region or VPC (see Cloud Load Balancing overview). The fields included in the pane vary depending on the specifics of your load balancing setup. The following fields may be included:
- Load Balancer Name: The name of the load balancer
- Load Balancer Type: The type of load balancer, either Network or Application.
- Front End IP: The IP address of the load balancer.
- Protocol: The transport layer protocol used to direct traffic, such as TCP, UDP, ESP, GRE, ICMP, and ICMPv6.
- Port Range: The port on which to access the load balancer.
- Scope: The scope of the load balancer:
- Region: The balancer operates at the region level.
- Global: The balancer operates at the level of a VPC (which GCP refers to as a network). - Load Balancing Scheme: An attribute on the forwarding rule and the backend service of a load balancer that indicates whether the load balancer can be used for internal or external traffic: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, or INTERNAL_MANAGED.
- Network Tier: Network Service Tiers enable you to optimize network quality and performance vs. cost for your resources and projects. Premium is optimized for performance, Standard is optimized for cost.
- Target Proxy: Proxies that terminate incoming connections from clients and create new connections from the load balancer to the backends.
- Instance Group Count: The number of instance groups (grouped virtual machine (VM) instances) used in backend services or target pools by this load balancer.
- Network Endpoint Group Count: The number of network endpoint groups (configuration objects that specify a group of backend endpoints or services), which are used for more granular control over the distribution of traffic to the load balancer's backends.
Backend Pools Table
The Load Balancers pane also includes a table for Backend Pools that shows the groups of resources that will serve traffic for the balancer's load-balancing rules. The table, which can be filtered by IP with the Filters field, includes the following columns:
- Primary Internal Ip: The IP address of a backend VM or container in the VPC network that is connected to from the load balancer.
- External Ip: The IP address used to connect to the load balancer.
- Nat Name: The name of the NAT that the load balancer is behind.
Topology Views
Kentik Map topology views are covered in the following topics:
- About Topology Views
- Site Architecture
- Site Topology
- Device Topology
- Cloud Topology
- AWS Topology
- Azure Topology
Note: The topology view for AWS is distinct from that of other cloud providers.
About Topology Views
Topology views provide a picture of the relationships between sites, devices, and interfaces in your on prem infrastructure, as well as the cloud resources in each of your cloud providers. Topology views are available for the following entities:
- Site: Shows the architecture of the data sources in a given site (see Site Topology).
- Devices: Shows the relationship of the device to other connected devices, and how the device's interfaces connect to other devices (see Device Topology).
- Cloud provider: Shows the regions within a given provider, as well as the count of each region's active VPCs and instances (AWS, Azure) or subnets and VMs (GCP).
The UI elements of topology views are similar to those of the main Kentik map, which are covered in Kentik Map Page.
Site Architecture
To provide a meaningful on-prem topology view for sites and devices, Kentik relies on user-provided information about the architecture of a site, which is defined in the Edit Site dialog. To define a site's architecture:
- From the main Kentik Map, click on a site to open the site's Details drawer.
- Click the View Topology button, which will take you to the site's topology view.
- Assuming that the site architecture hasn't already been defined, the block for the site will show a number of devices under the heading Unassigned, beneath which is a Configure Site link. Click the link, which will open the Edit Site dialog.
- In the Type section (below the address field), click the button that most closely corresponds to your overall concept of how the site is organized (e.g. Data Center, Cloud, etc.).
- In the Architecture section, click the Edit Architecture button, which will open the Edit Architecture dialog.
- The dialog contains multiple tabs, each of which provides modifiable templates for different "typical" architectures. Click on the template that seems closest to your situation (or choose Custom from the Other tab), which will open the Architecture Edit UI for that template.
- Use the architecture edit UI to assign devices to the layers and to rename each layer as needed, then click the Save Architecture button to save your changes.
Architecture Edit UI
The edit UI for site architecture enables you to customize a site architecture template to the specifics of your site. The dialog includes the following UI elements:
- Close (X at the upper right): Click to close the dialog without saving any changes to the architecture.
- Layers: A box representing a layer in the architecture and containing the fields described in Layer Fields.
- Add Layer: Click to add a box for a new layer at a level that's in between two existing layers.
- Add Parallel Layer: Click to add a box for a new layer that at the same level as an existing layer.
- Cancel: Click to close the dialog without saving any changes to the architecture.
- Save Architecture: Click to save all changes to the architecture and close the dialog.
Layer Fields
Each layer of the architecture is represented as a box containing the following fields:
- Layer: Specify the name of the layer.
- Devices: Click in the field to choose one or more devices for the layer from a drop-down list of the Kentik-registered devices that have been assigned to this site.
- Handle: Enables you to drag layers into a different order.
- Remove (trash icon): Remove this layer from the architecture.
Site Topology
Once the architecture has been specified for a site (see Site Architecture) the site's layers and the relationship between the site's devices are rendered in the site's topology view. To access site topology, click the View Site Topology button in the Details drawer for the site (see Details Panes).

Site Topology Blocks
The topology view includes the following blocks (see Kentik Map Blocks):
- Site: Shows the site as a block like the On Prem block in the standard Kentik Map view (see Site Block).
- Other Sites: Shows all other sites from your infrastructure.
- Clouds: Shows your cloud providers (AWS, GCP, Azure, and IBM).
- Internet: Shows external sources and destinations of traffic to and from your network (ASNs and service providers).
Site Block
The site block is structured according to the layers defined in the site architecture:
- A labeled icon is shown for each device in the layer to which the device is assigned:
- Click the icon to open a device Details drawer for that device (see Kentik Map Details).
- Click the View Device Topology button in the drawer to go to the Device Topology. - A line shows the links between connected devices. Hover over a device to highlight all of its links.
- An Unassigned section shows the devices that haven't yet been assigned to a layer. Click the Configure Site link to assign these devices (see Site Architecture).
Device Topology
The device topology view is organized into the following blocks:
- Upstream Connected Devices: Shows the devices in the same site that are connected to this device and assigned to a higher layer.
- Parallel Connected Devices: Shows the devices in the same site that are connected to this device and assigned to the same layer.
- Device: Shows information about the device (see Device Block Information) and its interfaces (see Device Block Interfaces). Click the device name to link to the Network Explorer details page for this device.
- Downstream Connected Devices: Shows the devices in the same site that are connected to this device and assigned to a lower layer.

Device Block Information
The left side of the device block provides the following general information related to the main device of the topology view:
- Status: The health of this device (see Element Health Indicators).
- IP Address: The IP from which this device sends flow to Kentik.
- Site: The site where the device is located (click to link to the Network Explorer details page for this site).
- Sample rate: The rate at which the device is sampling flow (see Flow Sampling).
- Machine Type: The type of the device (e.g. router, host, etc.).
- Device ID: The device's Kentik-assigned ID.
- Metrics: Device metrics gathered via SNMP (see Device Metrics Information).
Device Metrics Information
The Metrics section of the device block includes the following information, gathered via SNMP, and controls:
- View Details: Pops up a view with charts detailing device metrics.
- CPU Utilization: A chart of CPU utilization on this device during the last 24 hours, plus the highest value during that period.
- Memory Utilization: A chart of memory utilization on this device during the last 24 hours, plus the highest value during that period.
Device Block Interfaces
The main area of the device block gives the total number of known interfaces on the device and provides a breakdown of those interfaces based on the layer of the devices to which those interfaces connect:
- Upstream Connected Interfaces: Shows the interfaces connected to a device at a higher layer.
- Parallel Connected Interfaces: Shows the interfaces connected to a device at the same layer.
- Unknown Connected Interfaces: Shows interfaces that fall into one of the following categories:
- The interface is connected to something that's not monitored by Kentik.
- The interface is a physical member of a logical bundle (multiple physical interfaces defined as a single logical interface).
- The interface is connected to a Layer 2 device. - Downstream Connected Interfaces: Shows the interfaces connected to a device at a lower layer.
Cloud Topology
The topology view is very similar at all levels from cloud provider level down to subnet. The view is organized into the blocks described in the topics below.
Notes:
- Cloud topology for AWS resources is covered in AWS Topology.
- Cloud topology for Azure resources is covered in Azure Topology.
Common Cloud Topology Blocks
The following blocks appear in cloud topology views at all levels:
- On Prem: Represents your on-premises infrastructure that is connected to the resources in this cloud provider.
- Other Clouds: Shows the other cloud providers your organization has registered with Kentik, and a link representing traffic (if any) between this cloud provider and the others.
- Internet: Shows the external sources and destinations of traffic to and from your network (origin networks, service providers, and next-hop networks).
Level-specific Topology Blocks
The following blocks appear in cloud topology views only at the indicated levels:
- Regions (cloud provider level only): Shows the regions, each represented as a box, where you have resources within this cloud provider. Each box gives the number of VPCs and subnets within that region. To drill down further, click the box for a region and choose View Topology from the popup.
- VPC (region level in IBM only): Shows the VPCs, each represented as a box, within the region. Each box gives the number of subnets and VMs within that VPC. To drill down further, click the box for a VPC and choose View Topology from the popup.
- Subnets (region level in GCP; VPC level in IBM): Shows a box for each of your subnets within the VPC or region. For traffic data, click the box and choose Show Details from the popup.
AWS Topology
The AWS topology view is organized into the following blocks:
- On Prem: Represents your on-premises infrastructure that is connected to the resources in this cloud provider.
- Internet: Shows the external sources and destinations of traffic to and from your network (origin networks, service providers, and next-hop networks).
- Regions (cloud provider level only): Shows the regions, each represented as a block, where you have resources within this cloud provider.
- Each region block shows the VPCs in that region. VPCs are expanded (see VPCs below) unless there are more than nine rows of VPCs at the current browser window width, in which case the VPCs are collapsed.
- Each region block shows the Transit Gateway via which traffic enters and exits.
- Lines are drawn to and from each region on the map to denote inter-region traffic volumes. - VPCs: Click on an individual VPC to expand it to show its component subnets and the VPC connections (see AWS Interconnection Elements) for that VPC. The display of VPCs in a given region block depends on whether the block is expanded or collapsed (see Regions above):
- Expanded: Each VPC is represented as a labeled card showing VPC name, ID, and configured CIDR block.
- Collapsed: Each VPC is represented as a square. The color intensity of the square depends on the Color by control (see Kentik Map Page). Hover over the square to see the name, ID, and CIDR. - Subnets: The subnets of a VPC are each represented as a card giving the subnet name and IP /CIDR. The subnets are grouped into Availability Zones which are represented by the dashed outlines around each subnet. An AZ represents a physically isolated datacenter in Amazon’s ecosystem. For traffic data about a given subnet, click the subnet and choose Show Details to open the Details drawer.
- Connections: AWS supports multiple types of connections for entities within AWS as well as between AWS and on premises infrastructure (see AWS Interconnection Elements).

AWS Interconnection Elements
The AWS topology view includes the following interconnection elements:
- Customer Gateway: Terminates one or more site-to-site VPN connections that are extended from virtual gateways in VPCs.
- Link Aggregation Group: A logical interface that uses the Link Aggregation Control Protocol (LACP) to aggregate multiple connections at a single AWS Direct Connect endpoint, allowing all connections in the group to be configured and managed a single connection (see Link aggregation groups in AWS docs.
- Direct connection: Shows the entry/exit point for traffic to/from the On Prem block that transits an AWS Direct Connect circuit. Kentik can visualize AWS Direct Connects whose virtual interfaces extend from a given VPC directly through to an on-prem router or those connected to Transit Gateway routing devices.
- Direct Connect Gateway: Aggregates one or more direct connect circuits and allows for easy connectivity between VPCs and multiple on-prem connections (see AWS Direct Connect docs).
- VPN Connection: Connect your Amazon VPC to remote networks and users (see AWS VPN connections docs).
- VPC connection: When a VPC is expanded its connection gateways (which enable instances in subnets to talk to other instances in other regions, VPCs, and subnets) are shown as labeled squares across the bottom of the VPC block. Currently supported types include internet gateway, peering connection, virtual gateway, TGW attachment, NAT gateway, VPC endpoint interface, and transit gateway.
- Transit Gateway: An AWS managed high availability and scalability regional network transit hub used to interconnect VPCs and customer networks (see AWS Transit Gateway docs).
The lines drawn between the above interconnection types show the links over which traffic travels to and from entities both within AWS and beyond (e.g. on prem). Most such links are drawn by default, but for the following VPC connection types links are drawn only when Show Connections is chosen from the drop-down Network Element Actions menu: Internet, NAT Gateway, and Virtual Gateway.
Azure Topology
The Azure topology view is organized into the following blocks:
- On Prem: Represents your on-premises infrastructure that is connected to the resources in this cloud provider.
- Internet: Shows the external sources and destinations of traffic to and from your network (origin networks, service providers, and next-hop networks).
- Regions: Shows the regions, each represented as a block, where you have resources within this cloud provider. Each region block shows the VNets in that region. Click the Show Details link to open the region's Details drawer (see Kentik Map Details).
- VNets: The VNets in each region are shown within the region block. By default all VNets in a region are collapsed. Click on an individual VNet to expand it to show its component subnets. The display of the VNets depends on whether any of the VNets are currently expanded:
- Collapsed: Each VNet is represented as a rectangle showing the VNet's name, ResourceId, and CIDR.
- Expanded: The expanded VNet is represented as a blue block within which are shown the VNet's subnets and interconnection elements (gateways, etc.), as well as a Show Details link. The remaining VNets are represented as labeled cards showing VNet name, ResourceId, and configured CIDR block. - Subnets: The subnets of a VNet are each represented as a rectangle giving the subnet name and IP/CIDR. Click the subnet to open its Details drawer.
- VNet connections: Azure supports multiple interconnection types (see Azure Interconnection Elements). When a VNet is expanded its interconnections are shown as labeled rectangles across the bottom of the VNet block.
Notes:
- For an overview of Azure networks, see Azure networking services overview.
- For information about Azure virtual networks (VNets) see Microsoft documentation at What is Azure Virtual Network.


Azure Interconnection Elements
The Azure topology view includes the following interconnection elements:
- VNet Gateway: A virtual network gateway is composed of two or more VMs that are automatically configured and deployed to a specific subnet you create called the gateway subnet. The gateway VMs contain routing tables and run specific gateway services. You can't directly configure the VMs that are part of the virtual network gateway, although the settings that you select when configuring your gateway impact the gateway VMs that are created. See Microsoft documentation at What is a virtual network gateway.
- VNet Peering: Virtual network peering connects two or more VNets. The VNets appear as one for connectivity purposes. The traffic between virtual machines in peered virtual networks uses the Microsoft backbone infrastructure. Like traffic between virtual machines in the same network, traffic is routed through Microsoft's private network only. See Microsoft documentation at Virtual network peering.
- NAT Gateway: A fully managed Network Address Translation (NAT) service that simplifies outbound Internet connectivity for virtual networks. When configured on a subnet, all outbound connectivity uses the Virtual Network NAT's static public IP addresses. See Microsoft documentation at What is Virtual Network NAT.
Note: For a comparison of Azure peering and gateway options, see Microsoft documentation at VNet peering and VPN gateways.
Security Groups & NACLs
The Security Groups & Network ACLs dialog, which opens from the Security Groups & Network ACLs details pane in an AWS topology view (see Security Groups & NACLs), provides information related to flows that were denied as a result of a security rule. The dialog contains two tabs, one for security groups and the other for NACLs.

Security Groups Tab
The Security Groups tab contains the following UI elements:
- Security Groups: A drop-down selector from which to choose a security group.
- Security group information: A set of fields giving the name, description, account ID, security group ID, and VPC ID of the selected security group.
- Denied Flows: A table listing flows that were denied by the rules of this security group:
- The table gives the direction, resource, protocol, port/range, IP version, and description for each listed flow.
- The flows can be grouped by direction, protocol, or IP version.
- You can enter text in the filter field to show only rows in which the contents of a column matches the entered text.
- A View in Data Explorer button at the right of each row will take you to Data Explorer, where the query settings will be set to show the flow.
Network ACLs Tab
The Network ACLs tab contains the following UI elements:
- Network ACLs: A drop-down selector from which to choose a security group.
- Network ACL information: A set of fields giving the account ID, and VPC ID of the selected network ACL.
- Denied Flows: A table listing flows that were denied by the rules of this network ACL:
- The table gives the direction, rule action, rule number, resource, protocol, port/range, and IP version for each listed flow.
- The flows can be grouped by direction, protocol, IP version, or rule action.
- You can enter text in the filter field to show only rows in which the contents of a column matches the entered text.
- A View in Data Explorer button at the right of each row will take you to Data Explorer, where the query settings will be set to show the flow.
Health Problems Page
The Health Problems page, which is accessed from the Health indicator (heart icon) at the upper right of the Kentik Map Page, lists issues with the health status of entities on the Kentik map. The page is covered in the following topics:


About Health Problems
The Kentik Map includes a dedicated health assessment system that checks the health status of entities when you open the map (see Kentik Map Health). A link in the popup summary that appears when you click the Health indicator (heart icon) at the upper right of the Kentik Map Page takes you to the Health Problems page. The page is built around a table that shows information about each entity that has a health issue (status of either Warning or Critical).
Health Problems Page UI
The Health Problems page includes the following UI elements:
- Filter field: Enter text to narrow the issues shown in the Health Problems list to those whose alarm type, entity name, or site that text.
- Group By: Choose a property (e.g. Site) from the drop-down menu to group the issues in the table by the value of that property. The table supports grouping by alarm type, site, device name, and device label.
- Health Problems List: A list of health issues (see Health Problems List).
Health Problems List
The Health Problems page features a table that lists the issues identified by the Kentik Map health assessment. To change the sort order of the list, click a heading to select a column, and click the resulting blue up or down arrow to choose the sort direction (ascending or descending).
The Health Problems list includes the following columns (left to right):
- Alarm Type: The nature of the health issue (for descriptions, see Kentik Map Health).
- Entity name: For device-level alarms, the device name; for interface-level alarms the device name and interface name. The names are links that you can click to go to the Details page in Core that corresponds to the entity (see Core Details Pages).
- Site: The site in which the entity is located.
- Current Value: The value that triggered the health alarm, e.g. "150%" for an Alarm Type of "Interface Inbound Utilization."
- Actions: Actions that you can take to further investigate the issue (see Health Problems Actions).
Health Problems Actions
The following actions are available from the icons in the far-right columns of the Health Problems List:
- View Entity in Kentik Map: Takes you to the Kentik Map:
- If the entity is a device: You'll see the topology view for the site containing the device. The Details sidebar will be open for that device; see Kentik Map Details).
- If the entity is an interface: You'll see the topology view for the device containing the interface. The Details sidebar will be open for that interface. - View Entity Settings:
- If the entity is a device: Opens the Device Settings Dialog for the device.
- If the entity is an interface: Opens the Interface Settings Dialog for the interface.