Speaker
Description
NS1 has introduced a new platform feature providing its authoritative DNS customers with a live telemetry stream of deep DNS analytics like traffic volume by QNAME, Top client IPs, Geo Location information, Client Subnet, ASNs, and much more. Customers get broad traffic analysis as well as the ability to create custom “edge queries” that represent a specific dimension of telemetry relevant to them. A key difference from other solutions is that the traffic is analyzed in real time at the edge, and the result is delivered directly to customer time series databases using OpenTelemetry.
All this is made possible by Orb (https://orb.community), a free and open source network observability platform created at NS1 Labs. As discussed in previous OARC talks, Orb is based on the open source pktvisor and combines deep traffic analysis (pcap, dnstap, flow) with dynamic policies across a fleet of analyzers, all controlled and automated centrally, allowing delivery of actionable telemetry to modern observability stacks through OpenTelemetry.
In this practical talk we will walk you through how Orb is deployed at NS1, from the control plane in Kubernetes to the anycast edge observability architecture, which analyzes more than 1 million queries per second in real time. We’ll also discuss how NS1 is able to efficiently process multi-tenant traffic at wire speed to deliver valuable telemetry to both internal teams for operational purposes, as well as directly to external customer databases.
Throughout, we’ll point out how OARC members and the broader community could also be using open source Orb to provide similar telemetry in support of their own use cases, for free.
