Troubleshooting cloud networking connectivity

If you are managing the public cloud networking of your company, you must have heard these multiple times:

• virtual machines can’t communicate
• instance can’t go out to the internet
• resources in AWS can’t talk to resources in Azure (GCP, OCI, any other combination)
• virtual machine cannot reach the DC
• firewall must be blocking connectivity for my virtual machine
• web server is receiving requests from weird addresses

… solve it!

And so you start looking at the networking configuration in the source cloud (be it AWS, Azure, OCI, GCP). You analyze the routing tables, security groups, network ACLs, effective routes, status of the tunnels, peerings, gateways, hundreds of other things, trying to figure out the path to the destination.

You spend hours looking for a needle in the haystack. Could be as simple as VM state be “down”, or as complex as a missing entry in your IPsec VPN Phase 2 configuration, tripping some route announcement.

And it all gets even more complex when this is happening in a multi-cloud environment, and suddenly you have to know how to troubleshoot the connectivity in multiple clouds.

• Aw, there’s gotta be a better way! — You think.
• And there is, Kevin! — I tell you!

Aviatrix is a Multi-Cloud Networking and Security Platform, helping you build your public cloud networking & security, and at the same time providing unprecedented visibility and troubleshooting tools.

Plenty of resources are linked at the end of this article, but let me just highlight a few features that can be used to debug and solve the issues listed in the opening.

Visualizing multi-cloud network topology

Each VPC, VNET, IPsec VPN tunnel, from any cloud, presented in a single view. You can start debugging just by checking out if a networking path exists between your source and destination.

Showing you the Multi-Cloud Network Architecture

With just a few clicks you can rearrange the visualization to show your Multi-Cloud Transit Layer and Application Layer (Core L. See where your VPN users are aggregated to access the cloud resources etc.

More details on MCNA here.

Showing the important information about all of your virtual machines

Just select the instance of interest, and we will show you which network it is running in, how long it has been up, its public/private IP addresses and most importantly its State (how many times have you spent too much time trying to figure out connectivity issue towards a VM, which eventually turned out to be powered off!).

Live troubleshooting

Have you tried running a ping, traceroute, tracepath in the public cloud? Without deploying a test instance? Some clouds offer a poor set of troubleshooting tools, which can get you started, but definitely will not be of much help in a multi-cloud network environment.

When you use Aviatrix to build your cloud network, you can simply select any of the gateways (“network nodes”) and use them as your source for test traffic (ping, tracepath, traceroute). Just type in the destination and you’re good to go.

More troubleshooting

Aviatrix platform has even more to offer, depending how difficult is the issue you are dealing with:

• packet capture in any cloud with direct view or pcap download
• automated deployment of a couple of test instances

• FlightPath (a super advanced multi-cloud traceroute, analyzing route tables, security groups, ACLs, and much more, to tell you if the specified source can communicate with the selected destination, be it in the cloud, in the public internet, or on-prem).

Aviatrix makes deployment and management of.public cloud networking and security really easy. Thanks to the power of the platform, you can build and troubleshoot much faster.

Talk to us to learn more — info@aviatrix.com

Or sign up to one of the Aviatrix Certified Engineer classes to learn about public cloud networking and security in each of the popular clouds, what challenges there are, and how Aviatrix helps solve them: https://aviatrix.com/ace-multicloud-networking-training/

About the Author

Since September 2019 I have been working as Senior Solution Architect in EMEA for Aviatrix, building up the relationships with the local European and Middle-Eastern customers and helping them on the journey towards the public cloud. Prior to Aviatrix, I had spent many years working with on-prem and telco-solutions, in the QA, SE and PM roles.

My email address: tomasz@aviatrix.com