Microsoft’s new Azure Network Watcher comes with various logging and diagnostic capabilities

Solving network issues is always a challenging job. It becomes even more difficult when you want to solve network issues related to a virtual machine running on the cloud. To make the life of developers easier, Microsoft is introducing Azure Network Watcher which will allow them to packet data from a virtual machine in just a few clicks. Azure Network Watcher comes with the following logging and diagnostic capabilities,

  • Topology: You can now view the network topology of your deployments with just a few clicks. For example, the figure below represents the network topology of a simple web application deployed on Azure. With Network Watcher, you can now visualize the complete network topology of your application.
  • IP flow verify: A common diagnostic need is to check whether a flow is allowed or denied to or from a virtual machine. Using “IP flow verify” you can now validate if a flow (combination of source IP, destination IP, source port, destination port and protocol) is allowed or denied.
  • Next hop: Typical issues with network connectivity is misconfiguration of user defined routes. Next hop provides the ability to get the next hop type and IP address based on a specified virtual machine, allowing you to investigate any route being black-holed and conditions caused by incorrect configuration.
  • Security Group view: Auditing your network security is vital for detecting network vulnerabilities and ensuring compliance with your IT security and regulatory governance model. With Security Group view, you can retrieve the configured Network Security Group and security rules, as well as the effective security rules.
  • Packet capture: With Network Watcher, you can trigger packet capture on virtual machines. Applying advanced rule matching options, you can capture packets that have a specific source IP, destination IP, source port or destination port, or a byte offset from the start of the packet – even a combination of all the above.
  • NSG flow logs:Flow data is a critical component for diagnosing and validating your Network Security Group configurations. You can now enable logging of NSG flow data that is allowed or denied per Network Security Group setting to help meet these needs.
  • Network Subscription limits: You can now view the usage of network resources against the limits in your subscription.
  • Diagnostic logs: You can now configure diagnostic logs for all the network resources in a resource group from a single pane.

Using the native capabilities offered by Network Watcher, organisations can also build powerful end to end network monitoring scenarios using Azure services like Azure Automation, Azure Functions and Azure Log Analytics.

Learn more about Azure Network Watcher here.