We’ve operated a large, globally distributed edge network at NS1 for over 8 years. My own background before NS1 was building edge services like CDN, globally distributed public cloud, and of course, global DNS. One of the most challenging problems in operating global edge infrastructure is understanding what is happening in that infrastructure in real time, to diagnose and solve problems before they become catastrophes.
Orb and its cousin pktvisor are tools we developed at NS1 specifically to solve that problem because no existing technology in the market could meet our needs for real time edge visibility, with dynamic policy, at scalable cost. pktvisor in particular was built to find the needles in the haystack of our gigantic stream of global DNS traffic - millions of queries per second - so we can respond to malicious activity like DDoS attacks on a second to second basis. And it is rock solid - pktvisor has formed the core of our edge observability strategy for more than 5 years.
As NS1’s customers increasingly build their own global edge footprints leveraging our application traffic steering technologies, time and again we hear from them about observability challenges that to us are eerily familiar. Either they are swamped with data that’s too expensive to process to derive insights in time to take action, or they need to sample so aggressively they miss most of the key events they’re seeking to observe in the first place.
Pktvisor solves those problems by moving the analysis of streams of data - especially, network traffic - to the edge, distributing the workload across the fleet. And Orb multiplies the power of pktvisor’s edge observability by making it dynamic with a global orchestration layer that can adjust the observability strategy across a fleet of pktvisors, and collate the data from the fleet, on a second to second basis.
We believe any Dynamic Edge Observability solution must meet four basic principles:
Small Data: Compute analytics at the edge to find the needles in the haystack and ignore the noise
Highly Distributed: Widespread fleets across global edge footprints
Globally Orchestrated: Get the visibility you need, where and when you need it with dynamic management of the fleet
Real Time: Find the signal as it appears with the power of small data - no more expensive and slow batch analysis
Orb and pktvisor are our investments to make Dynamic Edge Observability a reality. The projects are led by Shannon Weyrick, our VP of Research on the NS1 Labs team. Pktvisor is open sourced and available today. Orb will be released - fully open source - later this year.
Here’s how you can get engaged with Orb:
Check out Pktvisor’s docs and get started with the ready-made docker image or other options
Star Orb and pktvisor on Github and contribute, open issues, or read the code
Bookmark GetOrb.io for future releases
Join the NS1 Labs Slack to engage with Shannon and the rest of the Orb community
Learn more about NS1 Labs in my recent blog post: A Wave of Open Source Innovation at NS1 Labs with Orb and NetBox.
Learn More About Orb at INS1GHTS2021: Build the Better Future
Watch the replay of our VP Research Shannon Weyrick's session on Orb at INS1GHTS2021: Build the Better Future