Several built-in tools in Azure are available to troubleshoot network connectivity, most of which can be accessed through Network Watcher. In this post, I will focus on one essential tool Network Watcher offer: Connection Troubleshoot.
With the Connection Troubleshoot feature, you can test the connectivity between an Azure VM, App Gateway, and Azure VMSS, such as a different Azure VM, URIs, FQDNs, or any IP address. Using this tool several issues can be detected, including problems with guest VMs such as firewall configuration or memory allocation, Azure configuration challenges like network security groups blocking traffic, or routing problems diverting traffic. Additionally, DNS failures may also be diagnosed.
This tool provides a comprehensive method of troubleshooting connections and reduces the Mean Time To Resolution (MTTR) by detecting issues relating to network security groups, blocked ports, UDRs, etc.
To perform a connectivity test for connection troubleshooting, the virtual machine running the test must have the Network Watcher agent VM extension installed.
The matrix below contains instructions for installing the Network Watcher agent VM extension.
Network Watcher agent VM extension for Windows |
Network Watcher agent VM extension for Linux. |
Update Network Watcher agent VM extension to the latest version. |
The table below displays some of the primary properties obtained after troubleshooting the connection.
Property | Description |
ConnectionStatus | The status of the connectivity check indicates whether a connection is successful. The possible results are “Reachable” and “Unreachable.” |
AvgLatencyInMs | The average latency measured in milliseconds during the connectivity check. |
MinLatencyInMs | The minimum latency for the connectivity check is measured in milliseconds. |
MaxLatencyInMs | The maximum allowable latency during the connectivity check is measured in milliseconds. |
ProbesSent | During the check, the number of probes sent cannot exceed 100. |
ProbesFailed | The number of probes that failed during the check. The maximum possible value is 100. |
Hops | The path from the source to the destination (hop by hop). |
SourcePortStatus | This evaluates whether the source port is reachable. The possible values are: Unknown,Reachable,Unstable,NoConnection,Timeout |
DestinationPortStatus | This checks the accessibility of the port at the destination. Possible values include:Unknown,Reachable,Unstable,NoConnection,Timeout |
Read all responsies in the Microsoft official document here.
Demo: Use the Connection Troubleshoot for the connectivity diagnostic test.
On the Network Watcher, choose Network diagnostic tools – Connection troubleshoot
I have spun up an Azure VM to show how connection troubleshooting can assist. It’s straightforward to verify if the connection to my VM is successful. The screenshot below shows a ping (ICMP) test to my blog, cloudopszone.com.
Finally, the following image shows that my VM is reachable and has no connection issues.