network observatory

One vantage point
for the entire network.

From BGP routes crossing the open internet down to packets inside your kernel, probectl maps five planes of signal onto a single live view — synthetic, routing, flow, device, and eBPF. Self-hosted, so the map is yours alone.

Get early access → ↳ getting started ↳ see the signals

signal planes

phone-home · ever

live view

01 / SIGNALS

Five signals. One map.

Each one is gathered by your own agents — no external collectors, no third-party cloud — and plotted onto the same correlated view.

01 · Active

Synthetic & path

ICMP, TCP, UDP, DNS, HTTP, agent-to-agent, voice quality and last-mile WiFi — plus ECMP/MPLS-aware hop-by-hop traces.

02 · Routing

BGP intelligence

Live RIS / RouteViews monitoring for hijacks, leaks, and origin changes — RPKI-aware, with ASN and geo context.

03 · Flow

Flow analytics

Passive NetFlow, IPFIX and sFlow — top-talkers, link capacity and egress anomalies, with sampling corrected.

04 · Device

Device telemetry

SNMP plus streaming gNMI / OpenConfig — interface health, errors and capacity for every box in the fabric.

05 · Kernel

eBPF · L3–L7

A kernel sensor that sees L3 through L7 and maps service dependencies — with zero changes to your applications.

+ correlation

All on one
OpenTelemetry-based
control plane.

02 / ANSWERS

Built for the questions you ask at 2 a.m.

“Berlin says the app is slow — network, path, or server?”

Synthetic probes, ECMP/MPLS-aware path discovery, and flow analytics show where the latency lives, not just that it exists.

“Did the 14:03 deploy cause this?”

Change intelligence pulls deploy/config events from GitHub, GitLab, CI and IaC, and correlates them with the symptoms that followed.

“Why did this prefix go dark — us, or the internet?”

BGP intelligence from RouteViews/RIPE RIS, RPKI validity, and a collective outage view separate a you-problem from an everyone-problem.

“What breaks if I drain this node?”

The topology what-if simulates the blast radius on the live dependency graph — before you touch production.

“Who's saturating this link, and what does it cost?”

Flow top-talkers plus per-tenant FinOps egress attribution — capacity and dollars in the same view.

“…or just ask it.”

The assistant answers in plain language with cited evidence, scoped to what you're allowed to see — and an MCP server hands the same map to your own AI tools.

03 / CORRELATION

From signal to cause.

A flare on the map isn't an answer. probectl folds every plane's signal into one tenant-scoped incident, then walks the live topology to find the cause — and cites the evidence behind each step.

→

Traced across planes

A route change, a path shift, and an egress spike become one story — not three pages.

→

Cited, never guessed

Every claim links to the exact signal that supports it. A reading you can audit.

→

Observe-only by default

It reads the network and explains it. It never acts without an explicit, audited go-ahead.

→

Ask it in plain language

The built-in assistant answers with cited, tenant-scoped evidence. Its default engine is deterministic and local — no LLM is contacted unless you connect one (Ollama/vLLM for full air-gap) — and an MCP server hands the same map to your own AI tools.

OBSERVATION LOG · incident 4471SAMPLE

14:01:48Z api-gateway p99 latency +6.2×

14:02:11Z ⤷ bgp origin change observed, AS64500

14:02:13Z ⤷ path +2 hops via transit (#8821)

14:02:20Z ⤷ flow egress +340% · 203.0.113.0/24

14:02:34Z ⤷ ebpf retransmits up · svc/gateway

──────────────────────────────

resolved → cause: AS64500 origin change

confidence high · 1 incident, not 31 alerts

04 / AI

Ask your network.
It answers with evidence.

Most "AI-powered" observability sends your telemetry to someone else's model and returns prose. probectl's assistant is built the other way around: it answers only with citations to signals you're allowed to see, says "insufficient evidence" instead of inventing a story, and runs air-gapped by default.

→

Cited, or silent

Every claim links to a real incident or change event. Ungrounded model claims are rejected before you see them — "I don't know" is a first-class answer.

→

The sovereignty ladder

Deterministic built-in engine (zero config, no LLM) → a model on your hardware (Ollama / vLLM, loopback, no consent needed) → a cloud model only behind an explicit operator acknowledgment and per-tenant consent, every call audited.

→

Your AI, your map — MCP

An MCP server hands the live network map to Claude or any MCP client as eight tenant-scoped tools: read-only queries, one gated analysis, one proposal-only remediation. The AI sees exactly what its token's user may see.

ASK PROBECTL · /v1/ai/askSAMPLE

you why is checkout slow?

──────────────────────────────

root_cause AS64500 origin change shifted the egress path

grounded true · confidence high

cites → incident 4471 · change evt 8821 (deploy 14:03Z)

engine: builtin (air-gapped) · no data left the network

05 / PERIMETER

The map never leaves the room.

probectl is self-hosted by design. Your telemetry stays inside your perimeter — no phone-home, ever, right down to license checks, which are offline math. Point the AI at a local model and the whole observatory runs air-gapped.

No phone-home

Zero outbound beacons or analytics — verified at the boundary.

Local AI

Run RCA on Ollama or vLLM. Nothing crosses the perimeter.

mTLS everywhere

Every channel mutually authenticated and encrypted, with SPIFFE-based agent identity.

FIPS-ready

Builds against a FIPS 140-3 validated crypto module.

06 / DEPLOY

~ / first data in one command

$ docker compose -f deploy/compose/eval.yml up --build -d

✓ control plane online loopback only · eval stack

✓ eBPF agent replaying labelled SAMPLE flows · no kernel needed

$ docker compose -f deploy/compose/eval.yml --profile tools run --rm viewer

"edges": [{"from": "service:10.0.1.5", "to": "service:10.0.2.9", "kind": "flow"}, …

→ your first data: a live service map · full walkthrough

Command the observatory.

Source-available and self-hosted. The evaluation stack on the left is real — sample data, loopback-only, sixty seconds to a service map. Production is the same idea grown up: one static Go binary per agent, Docker or Helm, HTTPS by default — single-tenant for one team, or multi-tenant and white-labeled for MSPs.

The five-plane core is free. Enterprise adds the FIPS build, BYOK, and multi-region HA; Provider/MSP adds the management plane, metering, and white-label — see editions.

source-available docker / helm multi-tenant / MSP MCP server OpenTelemetry / OTLP

07 / TRUST

Built like infrastructure, not a demo.

Signed releases

Every artifact is keyless-signed (cosign) and self-verified in the release pipeline — check the signature before you run anything.

SBOM + provenance

Images ship with an SPDX SBOM and SLSA build provenance; every dependency is version-pinned by policy.

Isolation, gated in CI

A cross-tenant isolation suite runs on every change — a query crossing a tenant line fails the build, not the customer.

Multi-tenant to resell

Pooled, siloed, or hybrid isolation per tenant; white-label theming and per-tenant metering for MSPs.

No silent access

Provider operators get zero implicit access to tenant telemetry — break-glass is explicit, time-bounded, and separately audited.

Accessible by gate

The UI holds a WCAG 2.2 AA baseline enforced by CI — keyboard-first, with a command palette.

probectl.com

Claim your vantage point.

Early access is opening for self-hosted and MSP deployments. Tell us about your network and we'll send you a build.

↳ read the docs

One vantage pointfor the entire network.