Navigating the AWS network with the right tools for the job (NET212)

Navigating the AWS Network with the Right Tools for the Job

Observing the Network

Resource Map

  • Resource Map is a VPC feature that helps visualize VPC resources and associated routing on a single page.
  • It enables quick understanding of the architectural layout of a VPC, including subnets, route tables, and connectivity services.
  • Useful for troubleshooting, as it allows quickly identifying issues like a subnet not being connected to a NAT gateway.

AWS Network Manager

  • Provides a single view of the end-to-end network topology, including AWS resources and on-premises connections.
  • Visualizes the logical network topology as well as the geographical locations of network elements.
  • Monitors network health, including identifying issues like VPN tunnel failures.
  • Allows registering and visualizing on-premises devices connecting to the AWS network.
  • Provides visibility into key metrics for Transit Gateway and VPC Edge, enabling monitoring and alerting.
  • Generates near real-time events for network changes, enabling automation workflows.

Analyzing Network Traffic

VPC Flow Logs

  • Collects information about all traffic flows within a VPC.
  • Can be used for monitoring traffic patterns, troubleshooting, cost analysis, planning, and archiving.
  • Supports various storage options (CloudWatch, Kinesis Data Firehose, S3) based on use case.
  • Different versions provide increasing metadata, like which AWS service the traffic is going to.

Analyzing Flow Logs

  • CloudWatch Logs Insights provides a query generator to easily analyze flow log data.
  • Other options include QuickSight and Athena for more advanced analysis.

Troubleshooting the Network

VPC Reachability Analyzer

  • Connectivity testing tool to identify why two resources cannot communicate.
  • Performs configuration analysis and automated validations.
  • Can be used manually or automated via EventBridge to trigger on network changes.
  • Also available through Amazon QuickSight for users without networking background.

Network Access Analyzer

  • Provides visibility into all possible network paths, including VPC egress, ingress, and internet gateway traffic.
  • Allows defining custom scopes to analyze specific network access requirements.
  • Identifies any network paths that do not meet the defined requirements.

Network Performance Troubleshooting

  • Internet Monitor: Provides insight into how internet issues impact the performance and availability of AWS applications.
  • Synthetic Monitoring: Monitors network performance between AWS and on-premises destinations, identifying sources of degradation.
  • Network Flow Analyzer: Analyzes network traffic between EC2 instances and AWS services, providing insights into performance, packet loss, and latency.

The session covered a wide range of AWS networking features and tools to help customers observe, analyze, and troubleshoot their network effectively. Key takeaways include the importance of visualization, traffic analysis, and proactive troubleshooting capabilities provided by these services.

Your Digital Journey deserves a great story.

Build one with us.

Talks
reinvent24
Navigating the AWS network with the right tools for the job (NET212)
Cookies Icon

This website stores cookies on your computer.

These cookies are used to collect information about how you interact with this website and allow us to remember you. We use this information to improve and customize your browsing experience, as well as for analytics.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference.

 Talk to us