Developers often face the daunting task of solving network issues associated with a virtual machine that runs on the cloud. In response, Microsoft introduced Azure Network Watcher, a network performance monitoring and diagnostics service that can help developers quickly packet data from a virtual machine.
Azure Network Watcher lets you keep track of your network’s health and status through various logging and diagnostic capabilities. The suite also includes the following logging and diagnostic features:
- Topology: You can now view the network topology of your deployments with just a few clicks. For example, the figure below represents the network topology of a simple web application deployed on Azure. With Network Watcher, you can now visualize the complete network topology of your application.
- IP flow verify: A common diagnostic need is to check whether a flow is allowed or denied to or from a virtual machine. Using “IP flow verify”, you can now easily do just that.
- Next hop: Typical issues with network connectivity come from a misconfiguration of user defined routes. Next hop provides the ability to get the next hop type and IP address based on a specified virtual machine, allowing you to investigate any route being black-holed and conditions caused by incorrect configuration.
- Security Group view: Auditing your network security is vital for detecting network vulnerabilities and ensuring compliance with your IT security and regulatory governance model. With Security Group view, you can retrieve the configured Network Security Group and security rules as well as the effective security rules.
- Packet capture: With Network Watcher, you can trigger packet capture on virtual machines. Applying advanced rule matching options, you can capture packets that have a specific source IP, destination IP, source port or destination port, or a byte offset from the start of the packet – even a combination of all the above.
- NSG flow logs: Flow data is a critical component for diagnosing and validating your Network Security Group configurations. You can now enable logging of NSG flow data that is allowed or denied per Network Security Group setting to help meet these needs.
- Network Subscription limits: You can now view the usage of network resources against the limits in your subscription.
- Diagnostic logs: You can now configure diagnostic logs for all the network resources in a resource group from a single pane.
Azure Network Watcher complements other Microsoft services including Azure Automation, Azure Functions and Azure Log Analytics to help you develop more comprehensive end to end network monitoring scenarios.