Kentik Map

The Kentik Map module in the Kentik portal is discussed in the following topics:

Note: The "health" features mentioned above under Benefits are not implemented at initial release.

This topology view in the Kentik Map shows details about AWS cloud resources.
 

About Kentik Map

A high-level look at the Kentik map is provided in the following topics:


Purpose: Visualize every aspect of network infrastructure, both on-prem and cloud, to enable fast understanding of how components are interconnected and how that affects traffic patterns, network health, and performance, including application delivery and customer experience.
Benefits: - Unified view into traffic, performance, and health between and within cloud, on-prem, internet and WAN networks.
- See connections between on-prem networks and VPCs, as well as between different cloud providers, to understand patterns, investigate problems, discover application dependencies, and reveal unintended Internet traffic.
- Get insight into expensive, brittle, or bandwidth-constrained flow connections.
- Answer questions about traffic in and between any environment, to and through ASNs, and out to the Internet, as well as north/south and east/west flows in data centers.
- Identify at a glance links that are down or interfaces whose health or utilization are in a critical state, then identify potential causes with a few clicks.
Use Cases: - Hybrid network architecture visualization and mapping
- Network health visualization
- Network traffic visualization
Relevant Roles: Network Admin/Engineer, Network Architect, Site Reliability Engineering (Traffic Engineer, Net SRE, NetOps Engineer)

 
top  |  section

Kentik Map Overview

The Kentik Map module of the Kentik portal is an environment for the display of diagrams that illustrate the relationship between three main aspects of your Hybrid IT network infrastructure:

  • Clouds: The cloud providers you use for compute and/or storage (AWS, GCP, Azure).
  • Internet: The external sources and destinations of traffic to and from your network, broken down by Origin Network, Next Hop Network, and Provider (see Provider Classification).
  • On Prem: The sites where your data center infrastructure is located (see About Sites).

In the main (top-level) Kentik map, each of the above areas of your network is represented as a grey rectangle, referred to as a "block," in which you can drill down to get further details about the network's structure and traffic. As a network engineer, this enables you to better understand what's happening on your network in real time, to compare current and historical traffic for specific network elements, and to see common adverse conditions without having to run queries.

 
top  |  section

Kentik Map Views

The views available in the Kentik map represent the structure of your overall network, the components within that structure, and the traffic between those components. These views enable you to quickly drill down into your infrastructure at any level, where you can see information including the following:

  • The existence and volume of traffic between your sites, such as data centers and branch offices (On Prem block), your clouds (Clouds block), and external networks (Internet block).
  • The sites that make up your on-prem infrastructure, including the architecture and individual devices of each site, as well as details about the traffic on the individual network elements or between elements.
  • The health of network elements and of the connections between elements.
  • The cloud providers you use, including region breakdowns for each cloud provider.
  • The top ASNs (origin and next-op) and service providers (transit, peering, or IX) that account for your network's incoming and outgoing traffic.
 
top  |  section

Kentik Map Health

The Kentik Map includes network health indicators that are based on a real-time Kentik service that watches key metrics that impact the health of network infrastructure elements. We are currently monitoring health via SNMP polling of network device and interface metrics. The metrics are evaluated and compared to expected ranges to determine what is considered "healthy" and what should be drawn to your attention as an issue, either "warning" or "critical." These issues currently fall into the following categories:

  • Site health - Derived from the devices and interfaces in the site.
  • Device health - Derived from the device metrics and interface metrics on this device:
    - Device Availability: Whether metrics are available for this device.
    - Device Metrics: CPU Utilization, Memory Utilization.
  • Interface health - Derived from the interface metrics for this interface:
    - Interface Availability: Whether metrics are available for this interface.
    - Interface Metrics: Input Interface Utilization, Output Interface Utilization.

Notes:
- In order to be evaluated for health your devices must allow SNMP polling from Kentik (see Enabling SNMP Polling), with the polling interval set to Standard (see SNMP Polling Intervals).
- Current health status as represented by indicators in the Network Map UI reflect status as of the most recent 10 minutes.

 
top  |  section

Kentik Map Prerequisites

Kentik's mapping capability is built on the core features of the Kentik system. To use Kentik maps effectively, you'll first need to ensure that your overall Kentik setup is as complete as possible:

  • Register all devices: Physical devices (e.g. routers and switches) and host agents (e.g. kprobe) must be registered with Kentik in order for us to receive traffic data:
    - To register devices via the Kentik Onboarding wizard, see Device Setup.
    - To register via the portal's device admin UI, choose Settings from the portal nav menu, then on the resulting Admin page click the Add button for the kind of device (router or host) that you'd like to add (see Adding a Device).
  • Configure SNMP on all devices: SNMP polling enables Kentik to enrich traffic data (flow records) with data about the interfaces via which traffic is entering, transiting, and leaving your network:
    - To activate SNMP on a device via the Kentik Onboarding wizard, see Device SNMP Setup.
    - To activate SNMP via the portal's device admin UI, enable polling on the device with the device-specific SNMP configs provided in our Device Configs Directory, and also set the device's Device IP & SNMP Settings.
    Note: To take advantage of the health status feature of Kentik maps, set the SNMP polling interval to Standard (see SNMP Polling Intervals).
  • Register all clouds: A cloud in Kentik represents one or more cloud resources (e.g. VPCs or subnets) used by your network on a given cloud provider (e.g. AWS, GCP, Azure). To gain visibility into those resources you must register them in Kentik (see About Clouds).
  • Assign data sources to sites: A site is a specific user-defined physical location (e.g. the address of a data center) to which one or more data sources (devices, hosts, or clouds) may be assigned (see About Sites).
  • Run Interface Classification (see Using Interface Classification): Interface Classification assigns a Network Boundary and Connectivity Type value to every interface in the network:
    - Network Boundary: Classifies interfaces as Internal or External, which enables you to see whether the source and destination of the traffic are both fully within your network or if the traffic crossed a network boundary (came from or went to a different AS; see Network Boundary Attribute).
    - Connectivity Type: Classifies interfaces by their role in the overall network (see Connectivity Type Attribute), such as Transit, IX, Paid Peering, Cloud Interconnect, etc. (see Understanding Connectivity Types).
    Note: Links will be drawn between two sites in the On Prem block if the interfaces that connect them are assigned a Connectivity Type of either Backbone or Datacenter Interconnect.
 

Kentik Map Page

The Kentik Map page includes the following main UI elements, which are — except as noted — also present on the pages for Topology Views:

  • Breadcrumbs (in the SubNav): An indicator of your current location within the Kentik portal. As you drill down deeper you can click on a breadcrumb to go back to a higher level.
  • Full width (in the SubNav): A toggle button that expands the map to the maximum horizontal space available within the browser window.
  • View Logical Map (not present on Cloud Topology views): A link to the Logical Map, formerly known as the Network Map.
  • Details (in the SubNav): Toggle visibility of the right-side Details drawer, which contains details about the currently selected map element (see Kentik Map Elements). If no element is selected this button is inactive.
  • Filters: A button that opens a popup showing the filters applied to the data displayed on this page:
    - If no filters are currently applied you can add a filter by clicking the Add Filter button.
    - If filters already exist, each will be represented as a card in the popup. You can remove a filter using the red X at the right of its card, or you can modify or add filters by clicking the Edit Filters button.
    Both of the above buttons open a Filtering Options Dialog.
  • Draw Links Using (not present on cloud topology views): A drop-down interface that enables you to change how the system draws lines between sites in the On Prem block (see Draw Links Options).
  • Color by (present only on AWS Topology views): The traffic volume of the VPCs in an AWS cloud region is represented by color intensity (greater intensity indicates greater volume). This control lets you choose whether the color intensity is based on bits/second inbound, outbound, or total.
  • Time range: A control that indicates the current time range of the data displayed on this page and pops up a calendar form enabling you to specify the time range (see Time Range Control).
  • Kentik map: Occupying the page's main display area, this diagram graphically represents your network environment, including network elements and the links between them (see Kentik Map Diagram).
The Kentik Map shows the on-prem, cloud, and Internet elements that handle your network's traffic.
 

Kentik Map Diagram

The main parts of a Kentik map diagram are covered in the following topics:

 
top  |  section

Kentik Map Elements

A Kentik map diagram is made up of the following main types of parts:

  • Blocks: Gray rectangles that function as containers for different buckets of infrastructure (see Kentik Map Blocks).
  • Network Elements: The individual network components that are shown within blocks:
    - Physical elements: The sites and data sources (devices and hosts) in your data centers.
    Note: Physical elements are each marked with a health indicator; see Element Health Indicators.
    - Virtual elements: The Regions, gateways, VPCs and subnets in your clouds.
    - Logical elements: The ASes and service providers to which your network connects to send or receive traffic.
    Note: Click an element to either open the Details drawer for that element (see Kentik Map Details) or pop up a menu listing possible Network Element Actions.
  • Links: Lines representing the connections between blocks and between network elements. Each link is made up of two segments that each have an arrow representing the direction of the traffic. When you hover over a link the volume of traffic in each direction is displayed over the corresponding segment. Links are gray by default, but when a given network element is selected in the diagram the links for that element are rendered in blue.
  • Topology: A variation of the map that shows the internal architecture of a given map element as well as that element's relationship to other sites and clouds in your network and to external networks. Topology Views are accessed via a View Topology button in a Details popup. Topology views are available for the following elements:
    - Site: Shows the architecture of the data sources in a given site (see Site Topology).
    - Devices: Shows the relationship of the device to other connected devices, and how the device's interfaces connect to other devices (see Device Topology)
    - Cloud provider: Shows the regions within a given provider, as well as the count of each region's active VPCs and instances (AWS, Azure, IBM) or subnets and VMs (GCP).

Note: In the AWS Topology view, each VPC is represented as an expandable card.

Element Health Indicators

Each map element representing physical infrastructure (a site, device, or interface) is marked with an indicator giving that element's current health status (see Kentik Map Health). The indicator is a small disk whose color gives the overall health status of the network element:

  • Healthy (green): All health metrics for this element are within normal ranges.
  • Warning (orange): One or more metrics are out of normal range, but no metrics are in critical range.
  • Critical (red): One or more metrics are in critical range.
  • Unknown (gray): This network element is not currently configured to allow SNMP polling by Kentik.

Further detail about the health status of a given element is available on the Health tab of the element's Details popup (see Health Pane UI).

Network Element Actions

Clicking on a network element pops up a menu from which you can choose the following actions:

  • View Topology (not present for logical elements): Takes you to a topology view for the element (see Topology Views).
  • Show Details: Display information about the element in the Details drawer.
  • Show Connections: Draws traffic indicator lines between the selected entities and other blocks. In the case of the AWS map, Show Connections also draws traffic indicator lines between a selected subnet and other subnets and gateways within the selected VPC.
  • Show in AWS Console (only in AWS Topology view): Open the selected element in the AWS console to make configuration changes.

Note: In the AWS Topology view, clicking on the following types of Interconnection Elements will directly open the Details drawer (see Kentik Map Details) rather than the actions menu: Direct Connection, Customer Gateway, Direct Connect Gateway, VPN Connection.

 
top  |  section

Kentik Map Blocks

The following Kentik map blocks each contain different types of network elements:

  • Clouds: A container for cloud providers (AWS, GCP, Azure, IBM Cloud).
  • Internet: A container for external sources and destinations of traffic to and from your network (ASNs and service providers).
  • On Prem: A container for sites where your data center infrastructure is located (see About Sites).
  • Site (shown only in site topology map): A container for the devices in an individual Site.
  • Other Sites (currently shown only in site topology map): A container for your sites other than the site shown in the Site block.
 
top  |  section

Inter-block Traffic Volume

The links between the blocks on your main (top-level) Kentik map are labeled with the traffic volume between blocks. The following traffic is considered when calculating the volume between the various blocks:

  • On-Prem » Internet: Includes all flows that leave your on-prem infrastructure via an interface whose Network Boundary (see Interface Classification Dimensions) is External, except for the following:
    - Flows whose Connectivity Type (see Understanding Connectivity Types) is Cloud Interconnect;
    - Flows whose Traffic Profile (see Network Classification Dimensions) is From Inside to Cloud.
  • Internet » On-Prem: Includes all flows that enter your on-prem infrastructure via an interface whose Network Boundary is External, except for the following:
    - Flows whose Connectivity Type is Cloud Interconnect;
    - Flows whose Traffic Profile is From Cloud to Inside.
  • On-Prem » Cloud: Includes the following traffic that is leaving your on-prem infrastructure:
    - Flows whose Connectivity Type is Cloud Interconnect;
    - Flows whose Traffic Profile is From Inside to Cloud.
  • Cloud » On-Prem: Includes the following traffic that is entering your on-prem infrastructure:
    - Flows whose Connectivity Type is Cloud Interconnect;
    - Flows whose Traffic Profile is From Cloud to Inside.
  • Cloud » Internet: Include all flows leaving any cloud with a Traffic Profile of From Cloud to Outside.
  • Internet » Cloud: Include all flows entering any cloud with a Traffic Profile of From Outside to Cloud.
  • Regions » On Prem: For Azure, GCP, and IBM Clouds, a line will be drawn between the Cloud Regions Block and the On Prem block.
    Note: These lines do not currently display data rates (coming soon).
  • Regions » Other Clouds: Visualizations for Azure, GCP, and IBM Cloud include a line between the selected cloud’s region block and Other Clouds.
    Note: These lines do not currently display data rates (coming soon).
 

Kentik Map Details

The Kentik Map Details drawer is covered in the following topics:

 
top  |  section

About Kentik Map Details

The Details drawer displays information about the currently selected Kentik map element. Details are available for the following element types:

  • Site elements: Details about network elements in your physical (on-prem) infrastructure:
    - Site: Overall traffic to and from one of your sites.
    - Device (via site topology): Traffic to and from an individual router or host.
    - Interface (via device topology): Traffic to and from an individual interface.
  • Cloud elements: Details about traffic to and from your organization's resources in a cloud provider such as AWS, GCP, Azure, or IBM:
    - Provider: Overall traffic to and from the cloud resources.
    - Region (via cloud topology): Traffic to and from your resources in one of the provider's cloud regions.
    - Subnet (via cloud region topology): Traffic to and from an individual subnet in the cloud region.
  • Internet elements: Details about your traffic to and from network elements beyond your own physical infrastructure or cloud resources:
    - Origin Network: Traffic to and from an origin AS.
    - Provider: Traffic to and from a service provider.
    - Next-hop Network: Traffic to and from a next-hop AS.
  • Links: Details about a direct link between two individual map elements, e.g. sites, devices, or interfaces.

Note: To close the drawer, click anywhere outside it or click the Details button in the SubNav (see Kentik Map Page).

 
top  |  section

Details Types

The information displayed in a Kentik map Details drawer varies depending on the specifics of the current element (see Element-specific Details). Two main categories of details are currently displayed:

  • Link details: Contains details about the link between two map elements (see Link Details). Hovering anywhere on the line directly connecting two elements will cause the line to become bold, and clicking on the line will open the drawer.
  • Element details: Contains details (see Element Details) about an individual map element (one of the types listed in About Kentik Map Details). To open the Details drawer for an element, click directly on the element and choose Show Details from the popup Network Element Actions menu.
 
top  |  section

Element Details

The Details drawer for elements includes the following main parts:

  • Element type: Located at the top left of the drawer, this field indicates the type of element for which details are displayed in the drawer (e.g. Site, Cloud, ASN, Data Center, etc.; see list in About Kentik Map Details).
  • Name: The name (just under the type) of the map element for which the drawer is showing details. The name is a link; click it to open, in a new tab, the Network Explorer detail view for the current device (see Core Detail Views).
  • Element-specific details: Additional information that varies depending on the type of the element (see Element-specific Details).
  • Query Results panes: A set of one or more panes with graphs and visualizations showing the results returned from queries that are automatically run on the element being detailed (see Result Pane Details).
    Note: The results reflect the Kentik Map's current time range and filters settings (see Kentik Map Page).

Element-specific Details

In addition to the general information above, the following additional details or links may be included in the element information, depending on the type of the element:

  • Site elements:
    - Site (Kentik Map only): The Type (e.g. Data Center) and Address (physical location).
    - Device (Kentik Map and topology views): The Type (e.g. Cisco ASA), device name, device ID, and any Device Labels assigned to the device.
    - Interface (topology views only): A drop-down Connection list from which you can choose the link for which information will be displayed in the panes of the Details sidebar (see Result Pane Details).
  • Cloud elements (non AWS):
    - Cloud (Kentik Map only): Name.
    - Region (topology views only): Name.
    - Subnet (topology views only): Name.
    - VNet (Azure topology only): Name.
  • Cloud elements (AWS):
    - Cloud (Kentik Map only): Name.
    - Interconnections (topology views only; see Interconnection Elements): Name plus details that vary depending on type of interconnection, including ID, Account ID, VPC ID, State, Tags, Destinations.
    - VPC (topology views only): Name, ID, Account ID, CIDR, State, Tags.
    - Subnet (topology views only): Name, ID, Account ID, CIDR, State, Tags.
  • Internet elements: Details about your traffic to and from network elements beyond your own physical infrastructure or cloud resources:
    - Origin Network: Name and View Peering Analysis link, which opens a new tab showing the Potential Peer Page for the ASN.
    - Provider: Name.
    - Next-hop Network: Name and View Peering Analysis link, which opens a new tab showing the Potential Peer Page for the ASN.

Note: The network element name at the top of a Details pane is a link that takes you to that element's detail page in the Core section of the portal (see Core Detail Pages).

 
top  |  section

Result Pane Details

Every Details drawer includes at least one pane that displays the results of queries that Kentik runs regarding the element or link that is the subject of the drawer. The collection of available panes, which will be expanded over time, currently includes the following:

  • Traffic pane (all detail types): Ingress, egress, and top-X for traffic on the selected network element or link (see Traffic Pane UI).
  • Health pane (Site, Device, and Interface detail types): Health status based on SNMP metrics (see Health Pane UI).
  • Metrics pane (link detail types): SNMP counter data (see Counter SNMP OIDs) on input and output traffic between interfaces on the devices at each end of the link, including bitrate, errors, and discards (see Metrics Pane UI).
  • Interface Metadata pane (link detail types): Information about the interfaces (see Interface Metadata Pane UI).
  • Route table pane (AWS topology only): Indicators and controls related to route tables on a VPC or transit gateway (see Route Table Pane UI).

Traffic Pane UI

The Traffic pane includes the following UI elements:

  • Expand/Collapse: Toggles visibility between the title bar only and the full pane.
  • Open in modal (diagonal arrows icon): Opens the pane in a modal.
  • Traffic selector: A drop-down menu from which to choose the set of traffic that will be evaluated for the query whose results will be displayed in the pane. Options (e.g. All Traffic, External Traffic, etc.) will vary depending on the element type of the details drawer (see list in About Kentik Map Details).
  • Dimension selector: A drop-down from which to choose the dimension of the query.
  • Metric selector: The metric used to quantify the query results shown in the pane.
  • Sync Chart Scales: A checkbox that causes the vertical axis of the Ingress and Egress charts to be the same scale.
  • Traffic charts: Two time-series stacked charts (or one if traffic is set to All Traffic), the top for ingress and the bottom for egress, showing traffic over the time period specified in the Time pane of the Options sidebar. The charts include the following elements:
    - Heading: Shows the direction and volume of the traffic to or from this network element.
    - Time scale (bottom chart only): A time scale representing the time period specified in the Time pane of the Options sidebar.
    - Time-point details: A popup, which opens when hovering over either chart, that shows values for the Total and Historical Total (7 days prior) at that point in the time range.
    - View in Data Explorer (icon; on hover only): Opens a new browser tab to show the query in the portal's Data Explorer module.
  • Traffic table (not shown for total traffic queries): A list of the top-X results returned from the current query. This table is similar to the traffic table in Data Explorer (see Explorer Table Overview).

Note: The query results returned in this pane are affected by the settings in the Kentik Map's Time and Filter controls (see Kentik Map Page).

Health Pane UI

The Health pane gives an element's current health status (see Kentik Map Health):

  • If the status of all health metrics for the element is Healthy then the tab will contain a single indicator stating that all is well.
  • If status of any health metric is not Healthy then tab will contain a card, with values and sparkline, for each metric whose status is either Warning or Critical.

This pane also includes the following controls:

  • Expand/Collapse: Toggles visibility between the title bar only and the full pane.
  • Open in modal (diagonal arrows icon): Opens the pane in a modal.

Note: If the total number of health issues for the element is greater than zero the count of issues will be displayed in an indicator in the Health tab head.

Metrics Pane UI

The Metrics pane shows the following information from SNMP polling of the devices on which the interfaces exist (for descriptions see SNMP Interface Metrics). The information is presented in two columns, one each for the interfaces at either end of the link):

  • SNMP Bits/s In
  • SNMP Bits/s Out
  • Input Errors
  • Output Errors
  • Input Discards
  • Output Discards

This pane also includes the following controls:

  • Expand/Collapse: Toggles visibility between the title bar only and the full pane.
  • Open in modal (diagonal arrows icon): Opens the pane in a modal.
  • View in Data Explorer: A button that opens the portal's Data Explorer module in a new browser tab to show a query illustrating traffic over the link.

Interface Metadata Pane UI

The Interface Metadata pane includes information about the link whose details are currently shown in the Details drawer, as well as about the interfaces at each end of the link, details for which are shown in two columns (one for each interface):

  • Layer: Indicates the layer (2 or 3) of this link's connection. If the Draw Links Using drop-down (see Kentik Map Page) is set to "All Layers" and connections between the entities at either end of the link exist on both layers then this pane will include a metadata section for Layer 2 and a section for Layer 3.
  • Interface name: The name of the interface.
  • Interface description: The interface description as either defined in the device and retrieved via SNMP or specified manually. Capped at 128 characters.
  • Device: The name of the device to which this interface belongs.
  • IP Address: The primary IP address of this interface.
  • Capacity: The maximum capacity in mbps as reported by SNMP.
  • Network Boundary: The network boundary value assigned to the interface by interface classification (see Network Boundary Attribute).
  • Connectivity Type: The network boundary value assigned to the interface by interface classification (see Connectivity Type Attribute).
Using the Expand button, a Details pane can be opened in a modal.

This pane also includes the following controls:

  • Expand/Collapse: Toggles visibility between the title bar only and the full pane.
  • Open in modal (diagonal arrows icon): Opens the pane in a modal.

Route Table Pane UI

This pane includes indicators and controls related to route tables on a VPC or transit gateway. The pane's title bar includes the following :

  • Expand/Collapse: Toggles visibility between the title bar only and the full pane.
  • State indicators: Two lozenges that indicate the current state of the routes in the tables:
    - Active: A healthy route with a good destination.
    - Blackholed: A route that is programmed in a table but that can’t be exercised because the destination has disappeared.
  • Open in modal (diagonal arrows icon): Opens the pane in a modal.

The main body of the pane is made up of one or more expandable/collapsible tables. The table name and the state of its routes is shown in a header row, below which each individual row represents a route. The tables each include the following columns:

  • State: Active (green checkmark) or blackholed (red exclamation point).
  • Destination: The destination CIDR block against which traffic is evaluated to determine the route target to which it should be forwarded.
  • Route target: Content depends on whether the Details pane is for a VPC or a transit gateway:
    - VPC: The ID of the gateway that will handle the different routing functions within a VPC.
    - Transit gateway: The Attachment (the transit gateway extension that "lives" in a VPC) and the Next Hop Resource (the next resource that the traffic will enter).

Notes:
- Subnets can either use a main route table (indicated by "Main" in parentheses after the table's name in the header row) or a dedicated route table.
- For additional information on route tables in AWS, see AWS docs on VPC Route Tables.

 

Topology Views

Kentik Map topology views are covered in the following topics:

Note: The topology view for AWS is distinct from that of other cloud providers.

 
top  |  section

About Topology Views

Topology views provide a picture of the relationships between sites, devices, and interfaces in your on prem infrastructure, as well as the cloud resources in each of your cloud providers. Topology views are available for the following elements:

  • Site: Shows the architecture of the data sources in a given site (see Site Topology).
  • Devices: Shows the relationship of the device to other connected devices, and how the device's interfaces connect to other devices (see Device Topology).
  • Cloud provider: Shows the regions within a given provider, as well as the count of each region's active VPCs and instances (AWS, Azure) or subnets and VMs (GCP).

The UI elements of topology views are basically the same as those of the main Kentik map, which are covered in Kentik Map Page.

 
top  |  section

Site Architecture

To provide a meaningful on-prem topology view for sites and devices, Kentik relies on user-provided information about the architecture of a site, which is defined in the Edit Site dialog. To define a site's architecture:

  1. From the main Kentik Map, click on a site to open the site's Details drawer.
  2. Click the View Topology button, which will take you to the site's topology view.
  3. Assuming that the site architecture hasn't already been defined, the block for the site will show a number of devices under the heading Unassigned, beneath which is a Configure Site link. Click the link, which will open the Edit Site dialog.
  4. In the Type section (below the address field), click the button that most closely corresponds to your overall concept of how the site is organized (e.g. Data Center, Cloud, etc.).
  5. In the Architecture section, click the Edit Architecture button, which will open the Edit Architecture dialog.
  6. The dialog contains multiple tabs, each of which provides modifiable templates for different "typical" architectures. Click on the template that seems closest to your situation (or choose Custom from the Other tab), which will open the Architecture Edit UI for that template.
  7. Use the architecture edit UI to assign devices to the layers and to rename each layer as needed, then click the Save Architecture button to save your changes.

Architecture Edit UI

The edit UI for site architecture enables you to customize a site architecture template to the specifics of your site. The dialog includes the following UI elements:

  • Close (X at the upper right): Click to close the dialog without saving any changes to the architecture.
  • Layers: A box representing a layer in the architecture and containing the fields described in Layer Fields.
  • Add Layer: Click to add a box for a new layer at a level that's in between two existing layers.
  • Add Parallel Layer: Click to add a box for a new layer that at the same level as an existing layer.
  • Cancel: Click to close the dialog without saving any changes to the architecture.
  • Save Architecture: Click to save all changes to the architecture and close the dialog.

Layer Fields

Each layer of the architecture is represented as a box containing the following fields:

  • Layer: Specify the name of the layer.
  • Devices: Click in the field to choose one or more devices for the layer from a drop-down list of the Kentik-registered devices that have been assigned to this site.
  • Handle: Enables you to drag layers into a different order.
  • Remove (trash icon): Remove this layer from the architecture.
 
top  |  section

Site Topology

Once the architecture has been specified for a site (see Site Architecture) the site's layers and the relationship between the site's devices are rendered in the site's topology view. To access site topology, click the View Site Topology button in the Details drawer for the site (see Result Pane Details).

Site Topology Blocks

The topology view includes the following blocks (see Kentik Map Blocks):

  • Site: Shows the site as a block like the On Prem block in the standard Kentik Map view (see Site Block).
  • Other Sites: Shows all other sites from your infrastructure.
  • Clouds: Shows your cloud providers (AWS, GCP, Azure, and IBM).
  • Internet: Shows external sources and destinations of traffic to and from your network (ASNs and service providers).

Site Block

The site block is structured according to the layers defined in the site architecture:

  • A labeled icon is shown for each device in the layer to which the device is assigned:
    - Click the icon to open a device Details drawer for that device (see Kentik Map Details).
    - Click the View Device Topology button in the drawer to go to the Device Topology.
  • A line shows the links between connected devices. Hover over a device to highlight all of its links.
  • An Unassigned section shows the devices that haven't yet been assigned to a layer. Click the Configure Site link to assign these devices (see Site Architecture).
 
top  |  section

Device Topology

The device topology view is organized into the following blocks:

  • Upstream Connected Devices: Shows the devices in the same site that are connected to this device and assigned to a higher layer.
  • Parallel Connected Devices: Shows the devices in the same site that are connected to this device and assigned to the same layer.
  • Device: Shows information about the device (see Device Block Information) and its interfaces (see Device Block Interfaces). Click the device name to link to the Network Explorer details page for this device.
  • Downstream Connected Devices: Shows the devices in the same site that are connected to this device and assigned to a lower layer.

Device Block Information

The left side of the device block provides the following general information related to the main device of the topology view:

  • Status: The health of this device (see Element Health Indicators).
  • IP Address: The IP from which this device sends flow to Kentik.
  • Site: The site where the device is located (click to link to the Network Explorer details page for this site).
  • Sample rate: The rate at which the device is sampling flow (see Flow Sampling).
  • Machine Type: The type of the device (e.g. router, host, etc.).
  • Device ID: The device's Kentik-assigned ID.
  • Metrics: Device metrics gathered via SNMP (see Device Metrics Information).

Device Metrics Information

The Metrics section of the device block includes the following information, gathered via SNMP, and controls:

  • View Details: Pops up a view with charts detailing device metrics.
  • CPU Utilization: A chart of CPU utilization on this device during the last 24 hours, plus the highest value during that period.
  • Memory Utilization: A chart of memory utilization on this device during the last 24 hours, plus the highest value during that period.

Device Block Interfaces

The main area of the device block gives the total number of known interfaces on the device and provides a breakdown of those interfaces based on the layer of the devices to which those interfaces connect:

  • Upstream Connected Interfaces: Shows the interfaces connected to a device at a higher layer.
  • Parallel Connected Interfaces: Shows the interfaces connected to a device at the same layer.
  • Unknown Connected Interfaces: Shows interfaces that fall into one of the following categories:
    - The interface is connected to something that's not monitored by Kentik.
    - The interface is a physical member of a logical bundle (multiple physical interfaces defined as a single logical interface).
    - The interface is connected to a Layer 2 device.
  • Downstream Connected Interfaces: Shows the interfaces connected to a device at a lower layer.
 
top  |  section

Cloud Topology

The topology view is very similar at all levels from cloud provider level down to subnet. The view is organized into the blocks described in the topics below.

Note: Cloud topology for AWS resources is covered in AWS Topology.

Common Cloud Topology Blocks

The following blocks appear in cloud topology views at all levels:

  • On Prem: Represents your on-premises infrastructure that is connected to the resources in this cloud provider.
  • Other Clouds: Shows the other cloud providers your organization has registered with Kentik, and a link representing traffic (if any) between this cloud provider and the others.
  • Internet: Shows the external sources and destinations of traffic to and from your network (origin networks, service providers, and next-hop networks).

Level-specific Topology Blocks

The following blocks appear in cloud topology views only at the indicated levels:

  • Regions (cloud provider level only): Shows the regions, each represented as a box, where you have resources within this cloud provider. To drill down, click the box for a region to open the corresponding Details drawer, then click the View Topology button. The type of network entity shown in each region box varies depending on the provider:
    - AWS: See AWS Topology.
    - Azure or IBM: The number of active VPCs and instances.
    - GCP: The number of active subnets and VMs.
  • Subnets (VPC level in Azure, and IBM; region level in GCP): Shows a labeled circle for each of your subnets within the VPC or region. For traffic data, click the circle to open the Details drawer.

Provider-specific Topology Blocks

The following block appears in the Region topology view in Azure, and IBM, but not in GCP topology views:

  • VPC: Shows a labeled circle for each of your VPCs within the region. To drill down, click the box for a VPC to open the corresponding Details drawer, then click the View Topology button.

Note: In the AWS Topology view, each VPC is represented as an expandable card.

 
top  |  section

AWS Topology

The AWS topology view is organized into the following blocks:

  • On Prem: Represents your on-premises infrastructure that is connected to the resources in this cloud provider.
  • Internet: Shows the external sources and destinations of traffic to and from your network (origin networks, service providers, and next-hop networks).
  • Regions (cloud provider level only): Shows the regions, each represented as a block, where you have resources within this cloud provider.
    - Each region block shows the VPCs in that region. VPCs are expanded (see VPCs below) unless there are more than nine rows of VPCs at the current browser window width, in which case the VPCs are collapsed.
    - Each region block shows the Transit Gateway via which traffic enters and exits.
    - Lines are drawn to and from each region on the map to denote inter-region traffic volumes.
  • VPCs: Click on an individual VPC to expand it to show its component subnets and the VPC connections (see Interconnection Elements) for that VPC. The display of VPCs in a given region block depends on whether the block is expanded or collapsed (see Regions above):
    - Expanded: Each VPC is represented as a labeled card showing VPC name, ID, and configured CIDR block.
    - Collapsed: Each VPC is represented as a square. The color intensity of the square depends on the Color by control (see Kentik Map Page). Hover over the square to see the name, ID, and CIDR.
  • Subnets: The subnets of a VPC are each represented as a card giving the subnet name and IP /CIDR. The subnets are grouped into Availability Zones which are represented by the dashed outlines around each subnet. An AZ represents a physically isolated datacenter in Amazon’s ecosystem. For traffic data about a given subnet, click the subnet and choose Show Details to open the Details drawer.
  • Gateways: AWS supports multiple gateway types (see Interconnection Elements).

Interconnection Elements

The AWS topology view includes the following interconnection elements:

  • Transit Gateway: An AWS managed high availability and scalability regional network transit hub used to interconnect VPCs and customer networks (see AWS Transit Gateway docs).
  • VPN Connection: Connect your Amazon VPC to remote networks and users (see AWS VPN connections docs).
  • Direct Connect Gateways: Aggregates one or more direct connect circuits and allows for easy connectivity between VPCs and multiple on-prem connections (see AWS Direct Connect docs).
  • Direct connection: Shows the entry/exit point for traffic to/from the On Prem block that transits an AWS Direct Connect circuit. Kentik can visualize AWS Direct Connects whose virtual interfaces extend from a given VPC directly through to an on-prem router or those connected to Transit Gateway routing devices.
  • Customer Gateways: Terminates one or more site-to-site VPN connections that are extended from virtual gateways in VPCs.
  • VPC connections: When a VPC is expanded its connection gateways (which enable instances in subnets to talk to other instances in other regions, VPCs, and subnets) are shown as labeled squares across the bottom of the VPC block. Currently supported types include: Internet, Peering, Transit, NAT Gateway, and Virtual Gateway.

The lines drawn between the above interconnection types show the links over which traffic travels to and from elements both within AWS and beyond (e.g. on prem). Most such links are drawn by default, but for the following VPC connection types links are drawn only when Show Connections is chosen from the drop-down Network Element Actions menu: Internet, NAT Gateway, and Virtual Gateway.

© 2014- Kentik

In this article: