VNets are the spine of Azure’s networking infrastructure, enabling secure connectivity between Azure and on-premises resources. Monitoring and troubleshooting VNets is the key to maintaining network health, securing connections, and identifying issues that could impact network performance.
In this blog post, I’ll illustrate various tools and methods for monitoring and troubleshooting Azure VNets.
Azure VNet quick overview
Before getting into monitoring and troubleshooting, it is necessary to understand the basic architecture of VNets. A VNet is a logically isolated network in Azure, similar to a legacy network in a data center. Within a VNet, you can deploy resources such as virtual machines (VMs), application services, and databases, and define subnets, routing tables, and network security groups (NSGs) to control traffic flow.
VNet Monitoring Tools
Monitoring Azure VNets involves gathering performance, availability, and security data to proactively identify and resolve issues. Azure provides various tools and services to help monitor network traffic, performance, and configuration.
Azure Network Watcher
Azure Network Watcher is a tool that provides monitoring and troubleshooting of Azure VNets. It has diagnostic and visualization tools to monitor and log traffic, diagnose routing issues, and ensure that your network security settings are as expected.
Network Watcher has three main subsets of tools and features:
Monitoring
- Topology
- It helps to visualize the entire network to understand the network architecture.
- Connection monitor
- It helps by providing end-to-end connection monitoring for Azure and hybrid endpoints.
- Traffic Analytics
- It helps by providing rich visualization of the flow log data.
Network diagnostic tools
- IP flow verify
- It helps to verify whether a traffic flow is allowed or denied based on the rules in NSGs and Azure Network Manager admin rules.
- NSG diagnostics
- It helps to detect traffic filtering issues on VMs, VM Scale-set, or App gateways.
- Next hop
- It helps to detect any routing issues by checking the traffic is routed correctly and providing information about Next hope type, IP address, etc.
- Effective security rules
- It helps to highlight effective security rules that are applied to the network interface.
- VPN troubleshoot
- It helps to troubleshoot when experiencing Azure VNet Gateway connectivity issues.
- Packet capture
- It helps with packet logging and allows create remote packet-logging sessions to monitor traffic to and from a VM or VM Scale-set.
- Connection troubleshoot
- It helps diagnose connectivity issues between VMs or VM Scale-Set, Bastion host, etc.