Updated March 8, 2023
Introduction to Azure Network Watcher
Azure Network Watcher is an azure cloud service that diagnoses the health of the azure network by combining all the tools in one central tool. With tools to monitor, diagnose, view metrics and also logs in, the Azure virtual network can be enabled and disabled. Azure network watcher is created to repair the network health cloud infrastructure and monitor Virtual Machines(VMs), Virtual Networks, Load Balancer, App Gateway etc. Network watcher does not monitor and maintain PaaS monitoring and Web Analysis.
What is Microsoft Azure Network Watcher?
Azure network watcher has tools which are divided into two categories as Monitoring tools and Diagnostic tools. These tools are used to monitor and diagnose issues in network watchers by providing a centralized hub to identify problems.
To perform monitoring tasks network watcher uses three tools as below:
- Topology Tool: It generates graphical images of the Azure virtual network with its resources used, interconnection formed, and relationships. Hence topology tools can be used to visualize and understand the infrastructure so that new users can troubleshoot easily.
- Connection Monitor Tool: It is used to check the connection health between two azure resources. If needed, users can check if the two VMs communicate with each other. It can capture the changes in the network configuration or NSG rules and looks for any failures or changes. Any failure/issue occurs, then it informs why it occurred and how it can be fixed.
- Network Performance Monitor: It monitors endpoint-to-endpoint connectivity of the resources and enables you to track or alert in system latency. It gives users a centralized view of the network.
There are six diagnostics tools in Network Watcher as below:
- IP Flow Verify Tool: It identifies whether a particular packet is allowed or denied in a virtual machine. If packers are denied in NSG, the tools give you the name of that group.
- Next Hop Tool: Using this, users can determine how a packet will get from one VM to any other. Using source network, source IP address and destination VM IP tool determines the packet’s destination and can be used to diagnose the incorrect routing tables.
- Effective Security Tool: It displays all the effective NSG rules which are to be applied on the network interface. NSG filters the azure networks based on source and destination.
- Packet Capture Tool: It is used to record all the packets received and sent from the VM, and you can then review the network traffic or diagnose anomalies.
- Connection Troubleshoot Tool: It is used to check the TCP connectivity between the source and destination virtual machines, and by using the FQDN, a URI or IP address user can specify the destination VM.
- VPN troubleshoot Tool: This tool can diagnose problems with virtual network gateway connections by running diagnostics on a virtual network which returns health diagnosis.
How to Use Network Watcher in Azure?
Here we will see how to diagnose the Virtual Machine Network using the Network watcher in Azure using the Azure portal:
- Users should have a valid username and password.
- Users should have Azure Subscription to Diagnose resources using Network Watcher.
Steps Using Azure Portal
Given below are the steps using Azure Portal:
Create a VM:
Step 1: Login into the Azure Portal using the below URL:
Step 2: From the Azure portal home page, select the +Create a resource.
Step 3: In the Azure Marketplace, select the Compute and then click on either Window Server 2016 Datacenter or Ubuntu Server.
Step 4: Here, we have selected Ubuntu Server 108.04, and the user is migrated to the create virtual machine page.
Step 5: Enter the Virtual Machine details to configure the basic parameters like Subscription Name, Vm name, Size, Region, Availability Option as per your subscriptions and requirement and click on the Review+Create.
Step 6: If entered detail is correct, validation will pass and then select the create to create a VM. It will start deploying the VM.
Step 7: It will redirect to the VM creation page you can track the status.
Step 8: Once deployment is complete, click on the Go to resources to check the VM.
Test Network Communication
Given below is the test network communication:
Step 1: In the Azure Portal search box, enter Network Watcher and when it appears in the result section, select the same.
Step 2: Here, in the network watchers, click on the drop-down list of the region section and select the region where you have created the VM.
Step 3: Enable Network watcher in that specific region.
Use IP Flow Verify Tool
Given below shows the use of the IP flow verify tool:
Step 1: Once the Network Watcher is enabled, Select IP flow to verify from the Network Diagnostic Tool section.
Step 2: Select subscription, Resource group, VM name, protocol and also enter the Remote IP Address to test the connection with his IP and click on the Check:
After Some time, it will return a result that access is allowed because of the security rule as AllowedInternetOutbound.
Step 3: You can try adding some other Remote IP and Check the connection; it will return defaultOutboundDenyAll because of the security rule.
Step 4: Once the watcher is enabled, the user can select from the Monitoring tool using which the user can monitor. Under the Monitoring section, all the tools are listed.
Users can also use other Diagnostics tools from the Diagnostics section to diagnose the resources.
Uses of Azure Network Watcher
- To troubleshoot the connectivity issues in the single Virtual Machine network, the user can use the IP Flow verify tools to identify the issue as the user can specify remote and local ports. This tool will also provide the solution.
- Network Watcher automates the network monitoring and captures the packet. Hence without logging into the VM, monitor and diagnosis are automated.
- Using the flow logs, you can get insight into your network traffic.
- VPN connectivity issues diagnosis is easy as Network Watcher diagnoses the VPN gateway and connectivity issues.
In conclusion, complexities to diagnose or monitor the resources manually or from the particular region are completely removed using the Network Watcher. As it is already integrated into the Azure services, users just have to pay for what they are using.
This is a guide to Azure Network Watcher. Here we discuss the introduction, steps, test network communication, use the IP flow verify tool uses. You may also have a look at the following articles to learn more –