Is Network the Problem?

By Sherry Wei
Founder and CTO, Aviatrix
January 16, 2018

If you are part of a CloudOps team or a cloud network engineer, you probably receive daily tickets from developers that look something like this:

  1. My instance suddenly cannot “ssh” into this server. Is something wrong with the network? Please help resolve.
  2. I get my instance up and running, but it cannot access the Internet. Is something wrong with the network? Please help resolve.
  3. No one can access my application. Is something wrong with the network? Please help resolve.
  4. ….

You get the idea. For any connectivity problem, the network is always the first to be blamed.

To resolve the ticket, you need to login to the AWS console and the respective cloud accounts, go to the region, find the problem instance, look at its security groups, associated route table and route entries, check the network ACL, etc. You often need to switch to a different AWS account console and repeat the same process on the other instance. More often than not, the problem lies in the user’s own environment, and has nothing to do with networking.

This troubleshooting process is not super difficult, but it is repetitive and time consuming, and it gets tiresome quickly.

Wouldn’t it be nice to have a tool that can pull up this information simultaneously and help you get to the heart of the problem quickly?

Introducing Aviatrix FlightPath.

Aviatrix FlightPath is a handy troubleshooting tool designed specifically with the above trouble tickets in mind.

From the Aviatrix Controller browser console, you specify a source AWS account, region, and VPC, and it automatically retrieves all instances by using AWS APIs. You do the same for the destination side as well. After you specify the source and destination instances, the tool automatically retrieves the latest information associated with each instance, again using AWS APIs and presents the information on the same page side by side so you can eye ball it and identify the problem quickly.
Here is one example to show how FlightPath works. Say a developer from a BusinessOps account filed a ticket that says one instance of “DevOps Server” in the Oregon region cannot run “ssh” into the Prod instance in the California region.
From the Aviatrix Controller browser console, click FlightPath under Troubleshooting on the navigation menu. Specify the above info and you’ll see something similar to the screenshot below. The highlights on each panel are the instances in question. Note the DevOps Server has IP address

Now run FlightPath Test, and you’ll see the FlightPath Report.

First, check the routing table – in this example all appears to be fine related to connectivity:

Continue by scrolling up and down the FlightPath Report to check other fields. Next check the Security Groups. Here we find that the California Prod instance does not have its “ssh” port open to the Oregon DevOps instance IP address

Problem identified in minutes!

Upon further inspection, you’ll notice the problem instance has a “ssh” open to the entire world. You may need to notify the ticket issuer to reduce the source address scope.

Aviatrix FlightPath is our tool for CloudOps and cloud network engineers. It saves time in dealing with daily networking trouble tickets.  Check it out within our free trial version on AWS Marketplace.


Comments are closed for this post.