Notes from MS Learn AZ-700 Module 8: Design and Implement Network Monitoring – Unit 4: Monitor Your Networks Using Azure Network Watcher
Azure Network Watcher is regional service enabling you to monitor/diagnose network conditions. Allows to diagnose problems at end-to-end network level. Network dianostic and visual tools are available with Network Watcher helping understand, diagnose, and gain. Insight to your Azure network. Designed to monitor/repair network health of IaaS including VMs, VNets, App Gateways, and LB
- Azure Network Watcher scenarios (example)
- Automate remote network monitor with packet capture
- Monitor/Diag network issues without logging into VMs
- Trigger PCAP by setting alerts
- Gain real-time perf info at packet level
- Investigate in detail when issue observed
- Gain insight into network traffic using flow logs
- Build deep understanding of traffic patterns using NSG flow logs
- Info helps gather data for compliance,auditing,monitoring of sec profile
- Diagnose VPN connectivity
- Provides ability to diagnose most common VPN GW/Connection issues
- Allows identifying issue using details logs for further investigation
- Automate remote network monitor with packet capture
- Azure Network Watcher Tools
- Network Topology
- Generates visual of resources in VNet as well as relationship between resources
- Verify IP Flow
- Diagnose connectivity issues from/to INET and from/to On-prem
- Next Hop
- Determine if traffic directed as intended
- Info helps determine routing
- Next hop could be INET/VirtualAppliance/Virtual Network Gateway/VNet/VNet Peering/None
- Effective Security Rules
- NSG are associated at subnet or NIC.
- Effect rules returns all configured NSGs/rules associated to VM
- Allows accessing things like open ports
- VPN Diags
- Returns info to aid tshoot of Gateways and connections
- Summary info includes
- Connection statistics
- CPU Info
- Memory Info
- IKE errors
- Packet Drops
- Buffers
- Events
- Packet Capture
- Capture sessions to track traffic to/from VM
- Aids in diagnosing network anomalies
- Gather network stats
- Info on network intrusions
- Debug client-server comms
- Connection Troubleshooting
- More recent addition to Watcher suite
- Provides net perf data
- NSG Flow Logs
- Maps IP traffic through NSGs
- Network Monitoring
- Identify unknown or undesired traffic
- Monitor traffic/bandwidth consumption
- Filter logs by IP & port to understand app behavior
- Export Flow Logs to tools for dashboards
- Usage Monitoring/Optimization
- Identify top talkers
- Combine with data to identify cross-region traffic
- Understand traffic growth for forcasting
- Use to remove overtly restrictive rules
- Compliance
- Use flow data to verify isolation/compliance with enterprise rules
- Network forensics/security analysis
- Flows analyzed from compromised IP/NICs
- Explort logs to SIEM/IDS tools
- Network Monitoring
- Maps IP traffic through NSGs
- Network Topology
- Connection Monitor Overview
- Provides unified e-to-e monitoring in Network Watcher
- Connection Monitor supports hybrid and Azure cloud
- Provides tools to monitor/diagnose/view connectivity related metrics for Azure deployments
- Benefits of Connection Monitor
- Unified, Intuitive experience in Azure and Hybrid
- Cross-region/workspace connectivity monitoring
- High probing freq and better viz into network perf
- Faster alerting for hybrid
- Support connectivity checks based on HTTP/TCP/ICMP
- Metrics/Log Analytics for both Azure and non-Azure tests
- Example Use Cases
- Front end web server VM communicating with DB in multi-tier app
- Test connectivity between the two VMs
- VMs in East US ping VMs in Central US
- Compare cross-region latency
- Multi on-premises office in diff locations
- Office connect to MS 365 Url
- Compare latency between locations
- Hybrid app required connectivity to Azure storage
- On-prem site and Azure app connect to same endpoint
- Compare latency between the two
- Check connectivity between on-prem and Azure VM’s hosting cloud app
- Front end web server VM communicating with DB in multi-tier app
- Connection Monitor Components
- Connection Monitor Resource
- Region specific Azure resource
- All following entities are properties of this
- Endpoint
- SRC/DST participating in connectivity checks
- VM
- On-prem agent
- URL
- IP’s
- SRC/DST participating in connectivity checks
- Test config
- Protocol-specific config for test
- Based on chosen protocol
- Define port/threshold/frequency/etc
- Test group
- Group containing SRC/DST endpoints and test configs
- Connection Minotir can contain multiple test groups
- Test
- Combo of SRC/DST endpoint and test config
- Most granular
- Includes percentage of checks failed and RTT
- Connection Monitor Resource
- Traffic Analytics
- Cloud-based providing visibility into user/app activity in cloud networks
- Traffic Analytics looks at Network Watcher NSG flow logs to provide insight into traffic flow
- Abilities
- Visualize network activity across subscriptions and identify hot spots
- Identify sec threat to and secure network with info such as
- Open Ports
- Apps attempting INET access
- VMs connecting to rouge nets
- Determine traffic flow patterns over Azure regions and INET
- Pinpoint misconfigs leading to failed connections
- How Traffic Analytics Works
- Examines raw NSG flow logs
- Aggregated and then enhanced
- Enhancements
- Geography
- Security
- Topology Info
- Info stored in Log Analytics workspace