What are key considerations, strategies, technologies and tactics for network management as dependence on the cloud for tools and revenue increases?

1. Cloud-Aware
Network Management
Alex Henthorn-Iwane
VP Marketing
KentikTechnologies
alex@kentik.com

2. The Cloud is a Digital Supply Chain
• SaaS, PaaS, IaaS are major
suppliers for your users
• Enterprises are offering more
cloud-based services
• Mobile apps
• E-commerce
• Which function and depend on
Web APIs
• Maps, Search, Ads, etc.
• The Internet is the global freight
routing system
• Must be high performing

3. Cloud-Aware Net Mgmt:Strategic Considerations
• Assures delivery of performance and user experience
• Deals with reality of Internet security
• Particularly DDoS because it is as much an operational
availability issue as a security challenge
• Leverages redundancy via multi-homing and CDN
infrastructure

4. Cloud-Aware Net Mgmt:Tactics
• Collect detailed traffic flow
information
• Instrument key nexus servers with
performance metrics collection
• Utilize advanced analytics
• Deploy synthetic testing to
understand availability
• Limited reliance on traditional
deep packet capture techniques,
which are cumbersome for cloud
networking

5. Elements of Cloud NetworkManagement
• NetFlow, sFlow, IPFIX traffic
flow data export
• Sampled flows are fine
• Passive BGP peering
• Cost-effective server-side
network instrumentation
• Granular, tune-able alerts for
anomalies & attacks
• Deep analytical visibility
• Automated remediation

6. MonitoringConsiderations
• Global visibility
• Top-down visibility
• Full details for drill-downs
• More than just summaries
• Not siloed
• Integrate with other tools,
dashboards, etc.
• Data/views easily shared with many
functional teams
• Supports fully hybrid environments

7. Alerting Considerations
• Network-wide
• Scalable with detail
• Host-level capable
• Dynamic anomaly detection
(self-learning what is normal
behavior)
• Flexible integration with your
choice of notification as well as
automated remediation
• E.g. DDoS scrubbers, load
balancers, network orchestration
• Alerting & detection needs to be
complemented by deep analytics

8. Reality of NetworkBig Data
• Network data is big data
• Commonplace to generate hundreds
of millions of data records per day
• Traditional approaches very limited
• Only produced roll-up summaries
• Okay for top-level views
• Useless for real action
• Compute/storage scale means big data
analytics are now relevant
• Recent announcement by Cisco on
Tetration Analytics is major signal
• Key is to go past BI and have
operational speed

9. Big Data Challenges for NetworkAnalytics
• Ingest speed
• Latency to query
• Time to query response
• Pre-computed cubes
• On the fly

10. Advanced (Big Data) NetworkAnalytics
• Need to enable engineers to leverage
their technical and institutional
knowledge effectively
• Ad-hoc queries across massive datasets
in a timely manner
• Multi-dimensional analytics
• Combine and visualize multiple fields
• Like a massive pivot table
• Complemented by automated analyses
that reveal complex relationships
• Practically speaking, turning insightful
ad-hoc queries into dashboards

11. Cloud-BasedAnalytics
• SaaS network management is now becoming more common
• Big data approaches: DIY or SaaS
• Very easy to adopt, fast time to value, but not feasible for all

12. A Case Study:
Advanced Analytics of a DDoS Attack

13. Starting from Top-Level View
• Seemingly Normal Variations over Several Days….?

14. Geo-Based Analytics
• Looking at only SRC=CN (China)

15. A Closer Look
• Zooming in time range on Second Spike

16. Checking AnotherDimension
• Number of Unique Source IP Addresses

17. Where is the Traffic Going?
• Flip to: Destination Addresses

18. PullingBack to Gauge the Situation
• Looking at all inbound traffic to the target victim Dest IP

19. Narrowing in on the Actual Attack
• Attack details by protocol

20. The Finding: Multi-LayerAttack
• Multiple simultaneous vectors at hand

21. The MitigationPlan
• Finding the Necessary Details for Setting Filter
Policies

22. Case Example: Summary
- Unusual traffic patterns from suspect Geo
- Turned out to be DNS Amplification targeting a specific dest IP
- But main attack was hiding other attacks/exploits
- Data harvested for mitigation
- Time required to complete this analysis: 3 minutes!

23. Closing Thoughts
• Cloud isn’t just an external
resource, it’s a way of business
• Internet traffic should be more
top of mind
• Summary level views are
insufficient and behind the
curve
• Big data analytics and SaaS
network management tools are
now
WE HAVE MET
THE CLOUD AND
HE IS US

24. www.kentik.com
Thank
You!