Cloud-Aware
Network Management
Alex Henthorn-Iwane
VP Marketing
KentikTechnologies
alex@kentik.com
The Cloud is a Digital Supply Chain
• SaaS,	PaaS,	IaaS are	major	
suppliers	for	your	users
• Enterprises	are	offering	more	
cloud-based	services
• Mobile	apps
• E-commerce
• Which	function	and	depend	on	
Web	APIs
• Maps,	Search,	Ads,	etc.
• The	Internet	is	the	global	freight	
routing	system
• Must	be	high	performing
Cloud-Aware Net Mgmt:Strategic Considerations
• Assures	delivery	of	performance	and	user	experience
• Deals	with	reality	of	Internet	security
• Particularly	DDoS	because	it	is	as	much	an	operational	
availability	issue	as	a	security	challenge
• Leverages	redundancy	via	multi-homing	and	CDN	
infrastructure
Cloud-Aware Net Mgmt:Tactics
• Collect	detailed	traffic	flow	
information
• Instrument	key	nexus	servers	with	
performance	metrics	collection
• Utilize	advanced	analytics
• Deploy	synthetic	testing	to	
understand	availability
• Limited	reliance	on	traditional	
deep	packet	capture	techniques,	
which	are	cumbersome	for	cloud	
networking
Elements of Cloud NetworkManagement
• NetFlow,	sFlow,	IPFIX	traffic	
flow	data	export
• Sampled	flows	are	fine
• Passive	BGP	peering
• Cost-effective	server-side	
network	instrumentation
• Granular,	tune-able	alerts	for	
anomalies	&	attacks
• Deep	analytical	visibility
• Automated	remediation
MonitoringConsiderations
• Global	visibility
• Top-down	visibility
• Full	details	for	drill-downs
• More	than	just	summaries
• Not	siloed
• Integrate	with	other	tools,	
dashboards,	etc.
• Data/views	easily	shared	with	many	
functional	teams
• Supports	fully	hybrid	environments
Alerting Considerations
• Network-wide
• Scalable	with	detail
• Host-level	capable
• Dynamic	anomaly	detection	
(self-learning	what	is	normal	
behavior)
• Flexible	integration	with	your	
choice	of	notification	as	well	as	
automated	remediation
• E.g.	DDoS	scrubbers,	load	
balancers,	network	orchestration
• Alerting	&	detection	needs	to	be	
complemented	by	deep	analytics
Reality of NetworkBig Data
• Network	data	is	big	data
• Commonplace	to	generate	hundreds	
of	millions	of	data	records	per	day
• Traditional	approaches	very	limited
• Only	produced	roll-up	summaries
• Okay	for	top-level	views
• Useless	for	real	action
• Compute/storage	scale	means	big	data	
analytics	are	now	relevant
• Recent	announcement	by	Cisco	on	
Tetration Analytics	is	major	signal
• Key	is	to	go	past	BI	and	have	
operational	speed
Big Data Challenges for NetworkAnalytics
• Ingest	speed
• Latency	to	query
• Time	to	query	response
• Pre-computed	cubes
• On	the	fly
Advanced (Big Data) NetworkAnalytics
• Need	to	enable	engineers	to	leverage	
their	technical	and	institutional	
knowledge	effectively
• Ad-hoc	queries	across	massive	datasets	
in	a	timely	manner
• Multi-dimensional	analytics
• Combine	and	visualize	multiple	fields
• Like	a	massive	pivot	table
• Complemented	by	automated	analyses	
that	reveal	complex	relationships
• Practically	speaking,	turning	insightful	
ad-hoc	queries	into	dashboards
Cloud-BasedAnalytics
• SaaS	network	management	is	now	becoming	more	common
• Big	data	approaches:		DIY	or	SaaS
• Very	easy	to	adopt,	fast	time	to	value,	but	not	feasible	for	all
A	Case	Study:
Advanced	Analytics	of	a	DDoS	Attack
Starting from Top-Level View
• Seemingly	Normal	Variations	over	Several	Days….?
Geo-Based Analytics
• Looking	at	only	SRC=CN	(China)
A Closer Look
• Zooming	in	time	range	on	Second	Spike
Checking AnotherDimension
• Number	of	Unique	Source	IP	Addresses
Where is the Traffic Going?
• Flip	to:		Destination	Addresses
PullingBack to Gauge the Situation
• Looking	at	all	inbound	traffic	to	the	target	victim	Dest IP
Narrowing in on the Actual Attack
• Attack	details	by	protocol
The Finding: Multi-LayerAttack
• Multiple	simultaneous	vectors	at	hand
The MitigationPlan
• Finding	the	Necessary	Details	for	Setting	Filter	
Policies
Case Example: Summary
- Unusual	traffic	patterns	from	suspect	Geo
- Turned	out	to	be	DNS	Amplification	targeting	a	specific	dest IP
- But	main	attack	was	hiding	other	attacks/exploits
- Data	harvested	for	mitigation	
- Time	required	to	complete	this	analysis:		3	minutes!
Closing Thoughts
• Cloud	isn’t	just	an	external	
resource,	it’s	a	way	of	business
• Internet	traffic	should	be	more	
top	of	mind
• Summary	level	views	are	
insufficient	and	behind	the	
curve
• Big	data	analytics	and	SaaS	
network	management	tools	are	
now
WE HAVE MET
THE CLOUD AND
HE IS US
www.kentik.com
Thank
You!

Cloud Aware Network Management