pktvisor’s real-time visibility into network traffic is ideal for distributed edge environments
NS1, the leader in modern application and access networking, today announced that pktvisor, a lightweight, open source tool for real-time network visibility, is available on GitHub. Updates have also been made to NS1’s open source DNS testing tool, Flamethrower, which now supports DNS over HTTPS.
The importance of applications and digital services has skyrocketed in 2020. Connectivity and resilience are imperative to keeping people connected and business moving forward. Visibility into network traffic, especially in distributed edge environments and with malicious attacks on the rise, is a critical part of ensuring uptime and performance.
“NS1 created pktvisor to address our need for more visibility across our global anycast network,” said Shannon Weyrick, vice president of architecture at NS1. “By efficiently summarizing and collecting key metrics at all of our edge locations we gain a deep understanding of traffic patterns in real time, enabling rich visualization and fast automation which further increase our resiliency and performance. We are big users of and believers in open source software. As this tool will benefit other organizations leveraging distributed edge architectures, we’ve made it open and we invite the developer community to help drive future updates and innovation.”
More About pktvisor
Pktvisor summarizes network traffic in real time directly on edge nodes with Apache data sketches. The summary information may be visualized locally via the included CLI UI, and simultaneously centrally collected via HTTP to your time series database of choice, to drive global visualizations and automation.
Packet counts and rates (w/percentiles), breakdown by ingress/egress, protocol
DNS counts and rates, breakdown by protocol, response code
Cardinality: Source and destination IP, DNS Qname
DNS transaction timings (w/percentiles)
Top 10 heavy hitters for IPs and ports; DNS Qnames, Qtypes, Result Codes; slow DNS transactions, NX, SRVFAIL, REFUSED Qnames; and GeoIP and ASN
The metrics pktvisor provides can help network and security teams by supplementing existing metrics to help understand traffic patterns, identify attacks, and gather information on how to mitigate them.
Available as a Docker container, it is easy to install and has low network and storage requirements. Due to its summarizing design, the amount of data collected is a function of the number of hosts being collected, not a function of traffic rates, so spikes or even DDoS attacks will not affect downstream collection systems.
Pktvisor is available on GitHub at http://github.com/ns1/pktvisor, with API documentation on SwaggerHub at http://app.swaggerhub.com/apis/ns1labs/pktvisor.
In 2019, NS1 released Flamethrower, a lightweight, configurable open source tool for functional testing, benchmarking, and stress testing DNS servers and networks. Thanks to a community contribution, it now supports DNS over HTTPS, in addition to IPv4, IPv6, UDP, TCP, DNS over TLS, and experimental support for DNS over QUIC.
“Increasing concerns over privacy and security are driving adoption of recursive DNS over HTTPS. Flamethrower’s new functionality allows organizations to simulate realistic traffic patterns over DoH to provide a better understanding of the impact of potential changes to applications and infrastructure in actual production situations,” said Weyrick.
Flamethrower has a modular system for generating the queries used in tests, allowing for rich and realistic test scenarios that can plug into automation pipelines. It simulates multiple concurrent clients and generates actionable metrics, including send and receive counts, timeouts, and errors and data on minimum, maximum, and average latency. The metric output format is suitable for ingestion into databases, such as Elastic, for further processing or visualization. Flamethrower remains an open source project, and community contributions are welcome and encouraged.
The source code is hosted on GitHub alongside other DNS-related tools at the DNS-OARC (Operations, Analysis, and Research Center) community.
NS1 automates the deployment and delivery of the world’s most trafficked internet and enterprise applications. Its software-defined, next-generation application networking stack modernizes DNS, DHCP, and IPAM — the familiar and universal foundations of all network and internet services — to unlock unprecedented automation, visibility, and control in today’s complex, heterogeneous environments. NS1 has more than 650 enterprise customers worldwide, including LinkedIn, Dropbox, Pitney Bowes, Bleacher Report, and The Guardian, and is backed by investments from Energy Impact Partners, Dell Technologies Capital, Cisco Investments, and GGV Capital.