The document discusses the importance of cloud-aware network management in ensuring high performance and user experience amid increasing reliance on cloud services. It outlines key strategies and tactics for efficient network management, such as collecting detailed traffic flow data and utilizing advanced analytics for anomaly detection. The document emphasizes that traditional approaches are insufficient for managing large network data, advocating for big data analytics to improve operational responses and enhance visibility across hybrid environments.

1. Cloud-Aware
Network Management
Alex Henthorn-Iwane
VP Marketing
KentikTechnologies
alex@kentik.com

2. The Cloud is a Digital Supply Chain
• SaaS, PaaS, IaaS are major
suppliers for your users
• Enterprises are offering more
cloud-based services
• Mobile apps
• E-commerce
• Which function and depend on
Web APIs
• Maps, Search, Ads, etc.
• The Internet is the global freight
routing system
• Must be high performing

3. Cloud-Aware Net Mgmt:Strategic Considerations
• Assures delivery of performance and user experience
• Deals with reality of Internet security
• Particularly DDoS because it is as much an operational
availability issue as a security challenge
• Leverages redundancy via multi-homing and CDN
infrastructure

4. Cloud-Aware Net Mgmt:Tactics
• Collect detailed traffic flow
information
• Instrument key nexus servers with
performance metrics collection
• Utilize advanced analytics
• Deploy synthetic testing to
understand availability
• Limited reliance on traditional
deep packet capture techniques,
which are cumbersome for cloud
networking

5. Elements of Cloud NetworkManagement
• NetFlow, sFlow, IPFIX traffic
flow data export
• Sampled flows are fine
• Passive BGP peering
• Cost-effective server-side
network instrumentation
• Granular, tune-able alerts for
anomalies & attacks
• Deep analytical visibility
• Automated remediation

6. MonitoringConsiderations
• Global visibility
• Top-down visibility
• Full details for drill-downs
• More than just summaries
• Not siloed
• Integrate with other tools,
dashboards, etc.
• Data/views easily shared with many
functional teams
• Supports fully hybrid environments

7. Alerting Considerations
• Network-wide
• Scalable with detail
• Host-level capable
• Dynamic anomaly detection
(self-learning what is normal
behavior)
• Flexible integration with your
choice of notification as well as
automated remediation
• E.g. DDoS scrubbers, load
balancers, network orchestration
• Alerting & detection needs to be
complemented by deep analytics

8. Reality of NetworkBig Data
• Network data is big data
• Commonplace to generate hundreds
of millions of data records per day
• Traditional approaches very limited
• Only produced roll-up summaries
• Okay for top-level views
• Useless for real action
• Compute/storage scale means big data
analytics are now relevant
• Recent announcement by Cisco on
Tetration Analytics is major signal
• Key is to go past BI and have
operational speed

9. Big Data Challenges for NetworkAnalytics
• Ingest speed
• Latency to query
• Time to query response
• Pre-computed cubes
• On the fly

10. Advanced (Big Data) NetworkAnalytics
• Need to enable engineers to leverage
their technical and institutional
knowledge effectively
• Ad-hoc queries across massive datasets
in a timely manner
• Multi-dimensional analytics
• Combine and visualize multiple fields
• Like a massive pivot table
• Complemented by automated analyses
that reveal complex relationships
• Practically speaking, turning insightful
ad-hoc queries into dashboards

11. Cloud-BasedAnalytics
• SaaS network management is now becoming more common
• Big data approaches: DIY or SaaS
• Very easy to adopt, fast time to value, but not feasible for all

12. A Case Study:
Advanced Analytics of a DDoS Attack

13. Starting from Top-Level View
• Seemingly Normal Variations over Several Days….?

14. Geo-Based Analytics
• Looking at only SRC=CN (China)

15. A Closer Look
• Zooming in time range on Second Spike

16. Checking AnotherDimension
• Number of Unique Source IP Addresses

17. Where is the Traffic Going?
• Flip to: Destination Addresses

18. PullingBack to Gauge the Situation
• Looking at all inbound traffic to the target victim Dest IP

19. Narrowing in on the Actual Attack
• Attack details by protocol

20. The Finding: Multi-LayerAttack
• Multiple simultaneous vectors at hand

21. The MitigationPlan
• Finding the Necessary Details for Setting Filter
Policies

22. Case Example: Summary
- Unusual traffic patterns from suspect Geo
- Turned out to be DNS Amplification targeting a specific dest IP
- But main attack was hiding other attacks/exploits
- Data harvested for mitigation
- Time required to complete this analysis: 3 minutes!

23. Closing Thoughts
• Cloud isn’t just an external
resource, it’s a way of business
• Internet traffic should be more
top of mind
• Summary level views are
insufficient and behind the
curve
• Big data analytics and SaaS
network management tools are
now
WE HAVE MET
THE CLOUD AND
HE IS US

24. www.kentik.com
Thank
You!