Is Network the Problem?

sherry
By Sherry Wei
Founder and CTO, Aviatrix
January 16, 2018

If you are part of a CloudOps team or a cloud network engineer, you probably receive daily tickets from developers that look something like this:

  1. My instance suddenly cannot “ssh” into this server. Is something wrong with the network? Please help resolve.
  2. I get my instance up and running, but it cannot access the Internet. Is something wrong with the network? Please help resolve.
  3. No one can access my application. Is something wrong with the network? Please help resolve.
  4. ….

You get the idea. For any connectivity problem, the network is always the first to be blamed.

To resolve the ticket, you need to login to the AWS console and the respective cloud accounts, go to the region, find the problem instance, look at its security groups, associated route table and route entries, check the network ACL, etc. You often need to switch to a different AWS account console and repeat the same process on the other instance. More often than not, the problem lies in the user’s own environment, and has nothing to do with networking.

This troubleshooting process is not super difficult, but it is repetitive and time consuming, and it gets tiresome quickly.

Wouldn’t it be nice to have a tool that can pull up this information simultaneously and help you get to the heart of the problem quickly?

Introducing Aviatrix FlightPath.

Aviatrix FlightPath is a handy troubleshooting tool designed specifically with the above trouble tickets in mind.

From the Aviatrix Controller browser console, you specify a source AWS account, region, and VPC, and it automatically retrieves all instances by using AWS APIs. You do the same for the destination side as well. After you specify the source and destination instances, the tool automatically retrieves the latest information associated with each instance, again using AWS APIs and presents the information on the same page side by side so you can eye ball it and identify the problem quickly.
Here is one example to show how FlightPath works. Say a developer from a BusinessOps account filed a ticket that says one instance of “DevOps Server” in the Oregon region cannot run “ssh” into the Prod instance in the California region.
From the Aviatrix Controller browser console, click FlightPath under Troubleshooting on the navigation menu. Specify the above info and you’ll see something similar to the screenshot below. The highlights on each panel are the instances in question. Note the DevOps Server has IP address 10.10.0.121.

Now run FlightPath Test, and you’ll see the FlightPath Report.

First, check the routing table – in this example all appears to be fine related to connectivity:

Continue by scrolling up and down the FlightPath Report to check other fields. Next check the Security Groups. Here we find that the California Prod instance does not have its “ssh” port open to the Oregon DevOps instance IP address 10.10.0.121.

Problem identified in minutes!

Upon further inspection, you’ll notice the problem instance has a “ssh” open to the entire world. You may need to notify the ticket issuer to reduce the source address scope.

Aviatrix FlightPath is our tool for CloudOps and cloud network engineers. It saves time in dealing with daily networking trouble tickets.  Check it out within our free trial version on AWS Marketplace.


Comments

Comments are closed for this post.

Latest Posts


Understanding AWS VPC Egress Filtering Methods
By Khash Nakhostin, November 14, 2018

Implementing a Secure Transit DMZ Architecture with Next-Gen Firewalls
By Josh Hammer, October 16, 2018

Talking Innovation, Disruption and Software Defined Cloud Routing with Steve Mullaney
By Frank Cabri, September 28, 2018

Why the Economics of Adding a Network Engineer to the Cloud Engineering Team Doesn’t Add Up
By Neel Kamal, September 18, 2018

Navigating the New Networking Landscape In the Era of Public Cloud Computing
By Frank Cabri, September 7, 2018


Top Tags


Active Directory (AD)Amazon Partner Network (APN)Amazon Virtual Private Cloud (Amazon VPC)Amazon Web Services (AWS)Amazon WorkSpacesApplication VisibilityAviatrix Cloud InterconnectAviatrix ControllerAviatrix FlightPathAviatrix Hosted ServiceAWS Direct ConnectAWS Egress ControlAWS VPNAzure ExpressRouteCasachekChefCiscoCisco Live 2018Cloud Architectscloud burstingCloud ComputingCloud GatewayCloud MigrationCloud NetworkingCloudOpsCSRDevOpsEgress TrafficElon MuskEnterprise Strategy Group (ESG)GartnerGCP Next 16Google Cloud PlatformHub-and-Spoke NetworkHybrid CloudHyperFlex Multi-Cloud EcosystemInternational Data Corporation (IDC)Intrusion Detection System (IDS)Intrusion Preventions Systems (IPS)IPmotionJenkinsMalware DetectionMesh NetworkMicrosoft AzureMulticloudNetworking as a Servicenetworking infrastructureNiciraNoOpsNutanixNutanix CalmOpenVPN Access ServerPalo Alto NetworksPCI CompliancePci DssPublic CloudPublic Cloud NetworkingPuppetRemote AccessSD Cloud RouterSD-WANSoftware Defined Cloud RoutingSoftware-Defined Cloud RoutersSquidSSL VPN to AWSstorage and computeTransit DMZ Architecturetransit networkTransit VPCURL FilteringVirtual Cloud NetworkVirtual Desktop Infrastructure (VDI)Virtual RoutersVLANVMwareVPCVPC PeeringVPN