The DDoS alerting was, at first, the most useful. It was able to alert the entire team of more than 20 that the issues with the website were actually network based, instead of, say, bad code. In time, we mitigated the DDoS attack surface, so the usefulness is still there. We just don't see it every day.
Now we use Kentik for more nuanced traffic insight. This is ad hoc usually, but we do email 'peering' reports daily to the lead network engineers. This gives them some view into new traffic patterns we are picking up in IXes.
Improvements to My Organization:
I find it very useful to see when traffic destined for a prefix that we prefer ingress on in the East Coast actually ingresses or egresses on the West Coast. It shows the difference between BGP paths vs. regional expectations.
Room for Improvement:
The alerting ability is greatly improved. I think there is some movement still to make this into a 'dumb mode' vs 'expert mode'. There is the SQL-like syntax, but that is expert+.
Use of Solution:
I have used Kentik for 2.5 years.
We rarely, if ever, had any stability issues.
I have not had any scalability issues.
Technical support is second to none.
We used in-house, hand-built things. All based on binary RRDs or worse.
Initial setup was very straightforward. Nothing I needed too much help with.
Cost and Licensing Advice:
There is a large difference between BGP and normal nodes. I don't think this plays out to the best for the customer or Kentik. To be able to split off the BGP vs PPS requirements would be good.
Other Solutions Considered:
We've evaluated almost everything except SiLK.
Use the technical support if you need it. They are excellent.
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.