Today, I will explain a little about this tool that helps us identify communication problems regarding networks in OCI.
What is Network Path Analyzer?
Network Path Analyzer is a network reachability analysis tool based on real-time network configuration. Its primary data input is the network routing and security configuration in a customer tenancy, augmented with key network runtime state data, such as the status of a load balancer backend set or the state of a FastConnect virtual circuit.
Network Path Analyzer answers the following questions that are essential for the cloud network operations team to obtain an accurate and deep understanding of endpoint reachability in their cloud networks:
- If they can’t, why? What is missing?
- If they can, how? Over which routing paths, using which security policies?
Finding the answers to these questions in a complex network can be labor-intensive and time-consuming. It involves analyzing the virtual network topologies, carefully walking through multiple route tables, and scrutinizing different network security groups (NSGs) or security lists along the multi-hop network paths. If done manually, it can be error-prone.
Network Path Analyzer is a great network troubleshooting tool. Additionally, since it doesn’t use or need any traffic along the network paths because it operates solely on the configuration and runtime state data, it is also an effective tool for proactive configuration validation.
Benefits of Network Path Analyzer
Armed with Network Path Analyzer, you can realize the following benefits:
- Troubleshoot reachability issues caused by misconfiguration much faster, significantly reducing the Mean Time to Resolution (MTTR) for this type of outage
- Proactively verify and validate the network routing and security policy configuration for your reachability intents before even starting to send application traffic.
- A tool to perform on-demand validation of the logical network paths to match your intent
How to use Network Path Analyzer
Network Path Analyzer is directly available under Networking on the Oracle Cloud Console. You only need to create a path analysis and run it. An API is available to programmatically create, manage, and run your path analyses.
When creating a path analysis, specify the source and destination endpoints, the network protocol, and the source and the destination ports. For endpoints, you can select an IP address or an OCI resource. The viable OCI resource options include an IP address from a VCN subnet, a compute instance virtual network interface card (VNIC), an application load balancer, or a network load balancer.
In my simulation, I am checking bi-directional communication between 2 compute instances.
Select the “Network Path Analyzer” option in the Network Command Center
Click “Create Path Analysis”
Now fill in the Source and Destination information.
In my case I am testing communication between 2 compute instances (VM) via port 22 (SSH).
After filling in the information, perform the analysis.
After a few minutes, a communication report will be displayed where you can identify if it is working or if there is some type of problem.
Network Path Analyzer can assist with your troubleshooting process for the following reachability-related scenarios:
- Virtual machines (VMs) in your multi-VCN applications can’t communicate with each other. You want to check the configured path.
- Your frontend web server in a multitier application can’t reach the load balancer VIP of the application tier.
- Your load balancer can’t reach some of the backends.
- An on-premises endpoint in your hybrid cloud application can’t reach an OCI instance.
- Your on-premises site can’t access a cloud application hosted by your Oracle instances.
Network Path Analyzer is a tool to assist in troubleshooting reachability issues by quickly identifying misconfiguration and reducing the MTTR caused by configuration issues. It’s also an effective tool for customers to proactively verify their network configuration against their reachability intents so that they can proactively catch and correct misconfiguration and reduce outages.
I hope this article can help you
See you in the next article.
Disclaimer: “The postings on this site are my own and do not necessarily represent my current employer positions, strategies, or opinions. The information here was edited to be useful for general purpose, specific data, and identifications was removed to allow reaching a generic audience and to be useful.