SlideShare a Scribd company logo

Network Troubleshooting in the Cloud: Tools, Techniques and Gotchas

K
Khash Nakhostin

When someone reports an EC2 connectivity failure, what do you do? Open your Amazon VPC Console, launch an SSH session, and start typing CLI commands in search of clues. Common root causes include problems related to: Route table updates Phantom network ACLs Security policies Missing BGP routes Overfilling route tables or summarization mistakes Moreover, in many cases, networking is not an issue, but valuable time is lost eliminating the network as a cause before you can progress. Unfortunately, AWS does not natively provide the visibility and troubleshooting features needed by CloudOps and DevOps teams to identify and resolve problems quickly.

Technology
1 of 15
Download to read offline
Network Troubleshooting In the Cloud: Tools, Techniques, and Gotchas AWS Bootcamp #8 – September 6, 2018 Sherry Wei, Founder & CTO Neel Kamal, Head of Field Operations Frank Cabri, VP Product Marketing
© 2017 AVIATRIX SYSTEMS, INC. | 2© 2017 AVIATRIX SYSTEMS, INC. | 2 • Introductions • Understanding VPC Networking Elements • Common Troubleshooting Scenarios • Demo • Q & A Welcome & Agenda SHERRY WEI Founder & CTO NEEL KAMAL Head of Field Operations FEATURED SPEAKERS
© 2017 AVIATRIX SYSTEMS, INC. | 3© 2017 AVIATRIX SYSTEMS, INC. | 3 Check Out More Bootcamps – Available On-Demand www.aviatrix.com/bootcamps
© 2017 AVIATRIX SYSTEMS, INC. | 4© 2017 AVIATRIX SYSTEMS, INC. | 4 Network Problems Often Appear at the App Layer … “My production app can’t reach the on-prem database. It was working yesterday. Can you fix the network?” “My instance is running but I can’t reach the Internet. Is the network down?” “From my QA instance, I can no longer SSH into production. You need to fix the network fast!” “VPN performance really sucks. Joe moved to Japan and he’s griping that remote access to dev is way too slow.”
© 2017 AVIATRIX SYSTEMS, INC. | 5© 2017 AVIATRIX SYSTEMS, INC. | 5 … and Gets Progressively Harder as You Dig Deeper “A customer’s route table propagated to my cloud environment and collided with my CIDR range.” “I hit a VGW limit on entries. That led to a BGP crash. And THAT brought down the entire cloud network.” “Internet-bound packets from the production VPC are getting dropped.” “I can’t get any friggin’ trace logs out of VGW!” “A partner says that IPsec connectivity keeps going up and down.”
© 2017 AVIATRIX SYSTEMS, INC. | 6© 2017 AVIATRIX SYSTEMS, INC. | 6 IGW NAT SERVICE/GATEWAY ROUTING TABLES (PCX/BGP/VGW) NETWORK ACLs SECURITY POLICIES EC2 Understanding VPC Networking Elements • All layers must work correctly for the network to work • Proving the network is not the problem requires proving each layer is not the problem • Network issues can be at any layer, but there is no easy way to tell, making root cause analysis difficult • Number of layers involved depends upon the destination (example: EC2 to EC2 vs. EC2 to Internet) • Each layer has its own scale limitation And Limitations…
© 2017 AVIATRIX SYSTEMS, INC. | 7© 2017 AVIATRIX SYSTEMS, INC. | 7 Troubleshooting | Common Connectivity Scenarios 3. VPC to On-Prem 2. EC2 to Internet 1. EC2 to EC2 4. VPC to VNET (multicloud)
© 2017 AVIATRIX SYSTEMS, INC. | 8© 2017 AVIATRIX SYSTEMS, INC. | 8 What can go wrong? • Security Group Policies – for example, ports are not open • Network ACLs – for example, inbound port is open, outbound not open (not stateful) • Route Table – for example, human error and limitation on number of entries What Does AWS Provide Natively for Troubleshooting? • Flow Log (minimal information) • AWS X-Ray What’s Missing? • Tools to gather and compare both EC2 instance attributes (security, network ACLs and route table entries) side by side • Guardrails – validation prior to making updates to route tables 1. EC2 to EC2 – Network Troubleshooting EC2EC2
© 2017 AVIATRIX SYSTEMS, INC. | 9© 2017 AVIATRIX SYSTEMS, INC. | 9 What can go wrong? • Unable to see what URLs should be allowed & denied • All Internet-bound egress traffic is getting blocked • Security policy (EC2 level/NAT Gateway) exceeds max limit of 200 • My proxy cannot filter non HTTP/S traffic (e.g. SFTP) What Does AWS Provide Natively for Troubleshooting? • Flow Log (minimal information) What’s Missing? • Visualization – Reporting on allowed/denied URLs • Alerting on URL access policy violations • Egress traffic discovery • Domain-level filtering 2. EC2 to Internet – Network Troubleshooting EC2 Internet
© 2017 AVIATRIX SYSTEMS, INC. | 10© 2017 AVIATRIX SYSTEMS, INC. | 10 What can go wrong? • Network connection (IPsec) is down (VGW or on prem router) • Direct Connect / Internet goes down • Mismatched Ipsec parameters • Route table is misconfigured OR unwanted routes propagated by BGP • Exceeded route table limits • Poor performance (latency and/or throughput) What Does AWS Provide Natively for Troubleshooting? • VGW up/down status and number of routes What is Missing? • VGW is a black box – no trace logs • No alerts for route table limit • No error checking for route table entries • Automation - guardrails for updating route tables; error checks 3. VPC to On-Prem – Network Troubleshooting VPC On-Premises Data Center Direct Connect or Internet
© 2017 AVIATRIX SYSTEMS, INC. | 11© 2017 AVIATRIX SYSTEMS, INC. | 11 What can go wrong? • Route table is misconfigured OR unwanted routes propagated by BGP • Exceeded route table limits • Poor performance (latency and/or throughput) • Azure VNet or AWS VGW goes down/maintenance schedule What Do AWS/Azure Provide Natively for Troubleshooting? • VGW up/down status and number of routes What is Missing? • No trace logs for cloud provider gateways • No alerts for route table limit • No error checking for route table entries • Automation - guardrails for updating route tables; error checks 4. VPC to VNet (Multicloud) – Network Troubleshooting VNet VPC
© 2017 AVIATRIX SYSTEMS, INC. | 12© 2017 AVIATRIX SYSTEMS, INC. | 12 A Consolidated View for Troubleshooting all Layers of AWS Networking Demo: Aviatrix Controller
© 2017 AVIATRIX SYSTEMS, INC. | 13© 2017 AVIATRIX SYSTEMS, INC. | 13 • Today you have lots of log data … and no insight • Coming soon: correlated log data, with suggested expert remediation Coming Soon – Problem Identification and Insights
© 2017 AVIATRIX SYSTEMS, INC. | 14© 2017 AVIATRIX SYSTEMS, INC. | 14 • You’ll receive email w/ a link to a replay and slides • Take 5 minutes and start a free 14-day trial …. https://www.aviatrix.com/trial • To view other bootcamps: https://www.aviatrix.com/bootcamps Next Steps with Aviatrix Use the Chat widget to talk live with a Solution Architect
Thank You!

Recommended

Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Khash Nakhostin
 
Five Connectivity and Security Use Cases for Azure VNets
Five Connectivity and Security Use Cases for Azure VNetsFive Connectivity and Security Use Cases for Azure VNets
Five Connectivity and Security Use Cases for Azure VNets
Khash Nakhostin
 
Three Innovations that Define a “Next-Generation Global Transit Hub”
Three Innovations that Define a “Next-Generation Global Transit Hub”Three Innovations that Define a “Next-Generation Global Transit Hub”
Three Innovations that Define a “Next-Generation Global Transit Hub”
Khash Nakhostin
 
Getting the Most Value from Your Aviatrix Controller & Gateways
Getting the Most Value from Your Aviatrix Controller & GatewaysGetting the Most Value from Your Aviatrix Controller & Gateways
Getting the Most Value from Your Aviatrix Controller & Gateways
Khash Nakhostin
 
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t EnoughSecure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Khash Nakhostin
 
What You Need to Know About Operationalizing Your AWS Transit Hub
What You Need to Know About Operationalizing Your AWS Transit HubWhat You Need to Know About Operationalizing Your AWS Transit Hub
What You Need to Know About Operationalizing Your AWS Transit Hub
Khash Nakhostin
 
Securely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Securely Connecting Your Customers to Their Cloud-Hosted App – In MinutesSecurely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Securely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Khash Nakhostin
 
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Khash Nakhostin
 

Recommended

Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Khash Nakhostin
 
Five Connectivity and Security Use Cases for Azure VNets
Five Connectivity and Security Use Cases for Azure VNetsFive Connectivity and Security Use Cases for Azure VNets
Five Connectivity and Security Use Cases for Azure VNets
Khash Nakhostin
 
Three Innovations that Define a “Next-Generation Global Transit Hub”
Three Innovations that Define a “Next-Generation Global Transit Hub”Three Innovations that Define a “Next-Generation Global Transit Hub”
Three Innovations that Define a “Next-Generation Global Transit Hub”
Khash Nakhostin
 
Getting the Most Value from Your Aviatrix Controller & Gateways
Getting the Most Value from Your Aviatrix Controller & GatewaysGetting the Most Value from Your Aviatrix Controller & Gateways
Getting the Most Value from Your Aviatrix Controller & Gateways
Khash Nakhostin
 
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t EnoughSecure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Khash Nakhostin
 
What You Need to Know About Operationalizing Your AWS Transit Hub
What You Need to Know About Operationalizing Your AWS Transit HubWhat You Need to Know About Operationalizing Your AWS Transit Hub
What You Need to Know About Operationalizing Your AWS Transit Hub
Khash Nakhostin
 
Securely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Securely Connecting Your Customers to Their Cloud-Hosted App – In MinutesSecurely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Securely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Khash Nakhostin
 
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Khash Nakhostin
 
Seven Criteria for Building an AWS Global Transit Network
Seven Criteria for Building an AWS Global Transit NetworkSeven Criteria for Building an AWS Global Transit Network
Seven Criteria for Building an AWS Global Transit Network
Khash Nakhostin
 
Understanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
Understanding the New Enterprise Multi-Cloud Backbone for DevOps EngineersUnderstanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
Understanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
DevOps.com
 
How Intuit Monitors Connectivity to AWS
How Intuit Monitors Connectivity to AWS How Intuit Monitors Connectivity to AWS
How Intuit Monitors Connectivity to AWS
ThousandEyes
 
CDN Performance at eBay from Thousandeyes Connect
CDN Performance at eBay from Thousandeyes ConnectCDN Performance at eBay from Thousandeyes Connect
CDN Performance at eBay from Thousandeyes Connect
ThousandEyes
 
Demystifying Service Mesh
Demystifying Service MeshDemystifying Service Mesh
Demystifying Service Mesh
Mitchell Pronschinske
 
Cisco IT and ThousandEyes
Cisco IT and ThousandEyesCisco IT and ThousandEyes
Cisco IT and ThousandEyes
ThousandEyes
 
Network monitoring for the modern wan webinar
Network monitoring for the modern wan webinarNetwork monitoring for the modern wan webinar
Network monitoring for the modern wan webinar
ThousandEyes
 
WWT: NFV Solutions Presentation from Cisco Live 2017
WWT: NFV Solutions Presentation from Cisco Live 2017WWT: NFV Solutions Presentation from Cisco Live 2017
WWT: NFV Solutions Presentation from Cisco Live 2017
World Wide Technology
 
VPC and Datacenter Connectivity Options
VPC and Datacenter Connectivity OptionsVPC and Datacenter Connectivity Options
VPC and Datacenter Connectivity Options
john homer alvero
 
How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud
ThousandEyes
 
Automating Performance Monitoring at Microsoft
Automating Performance Monitoring at MicrosoftAutomating Performance Monitoring at Microsoft
Automating Performance Monitoring at Microsoft
ThousandEyes
 
Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012
Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012
Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012
Kemp
 
Layer 7 Observability and Centralized Configuration with Consul Service Mesh
Layer 7 Observability and Centralized Configuration with Consul Service MeshLayer 7 Observability and Centralized Configuration with Consul Service Mesh
Layer 7 Observability and Centralized Configuration with Consul Service Mesh
Mitchell Pronschinske
 
Getting Started with ThousandEyes
Getting Started with ThousandEyesGetting Started with ThousandEyes
Getting Started with ThousandEyes
ThousandEyes
 
Modern Network Compliance: Achieving Compliance in a Hybrid, Multi-Cloud World
Modern Network Compliance: Achieving Compliance in a Hybrid, Multi-Cloud WorldModern Network Compliance: Achieving Compliance in a Hybrid, Multi-Cloud World
Modern Network Compliance: Achieving Compliance in a Hybrid, Multi-Cloud World
Itential
 
Reverse Path Visibility with Agent-to-Agent Tests
Reverse Path Visibility with Agent-to-Agent TestsReverse Path Visibility with Agent-to-Agent Tests
Reverse Path Visibility with Agent-to-Agent Tests
ThousandEyes
 
Monitoring End User Experience with Endpoint Agent
Monitoring End User Experience with Endpoint AgentMonitoring End User Experience with Endpoint Agent
Monitoring End User Experience with Endpoint Agent
ThousandEyes
 
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays
 
AWS Meetup Nov 2015 - News Corp Presentation
AWS Meetup Nov 2015 - News Corp PresentationAWS Meetup Nov 2015 - News Corp Presentation
AWS Meetup Nov 2015 - News Corp Presentation
PolarSeven Pty Ltd
 
Enhanced Multisite Site Selection for Windows 10 and DirectAccess with KEMP L...
Enhanced Multisite Site Selection for Windows 10 and DirectAccess with KEMP L...Enhanced Multisite Site Selection for Windows 10 and DirectAccess with KEMP L...
Enhanced Multisite Site Selection for Windows 10 and DirectAccess with KEMP L...
Kemp
 
BRKSEC-3771 - WSA with wccp.pdf
BRKSEC-3771 - WSA with wccp.pdfBRKSEC-3771 - WSA with wccp.pdf
BRKSEC-3771 - WSA with wccp.pdf
MenakaDevi14
 
kreuzwerker AWS Modernizing Legacy Operations with Containerized Solutions 20...
kreuzwerker AWS Modernizing Legacy Operations with Containerized Solutions 20...kreuzwerker AWS Modernizing Legacy Operations with Containerized Solutions 20...
kreuzwerker AWS Modernizing Legacy Operations with Containerized Solutions 20...
kreuzwerker GmbH
 

More Related Content

What's hot

Seven Criteria for Building an AWS Global Transit Network
Seven Criteria for Building an AWS Global Transit NetworkSeven Criteria for Building an AWS Global Transit Network
Seven Criteria for Building an AWS Global Transit Network
Khash Nakhostin
 
Understanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
Understanding the New Enterprise Multi-Cloud Backbone for DevOps EngineersUnderstanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
Understanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
DevOps.com
 
How Intuit Monitors Connectivity to AWS
How Intuit Monitors Connectivity to AWS How Intuit Monitors Connectivity to AWS
How Intuit Monitors Connectivity to AWS
ThousandEyes
 
CDN Performance at eBay from Thousandeyes Connect
CDN Performance at eBay from Thousandeyes ConnectCDN Performance at eBay from Thousandeyes Connect
CDN Performance at eBay from Thousandeyes Connect
ThousandEyes
 
Demystifying Service Mesh
Demystifying Service MeshDemystifying Service Mesh
Demystifying Service Mesh
Mitchell Pronschinske
 
Cisco IT and ThousandEyes
Cisco IT and ThousandEyesCisco IT and ThousandEyes
Cisco IT and ThousandEyes
ThousandEyes
 
Network monitoring for the modern wan webinar
Network monitoring for the modern wan webinarNetwork monitoring for the modern wan webinar
Network monitoring for the modern wan webinar
ThousandEyes
 
WWT: NFV Solutions Presentation from Cisco Live 2017
WWT: NFV Solutions Presentation from Cisco Live 2017WWT: NFV Solutions Presentation from Cisco Live 2017
WWT: NFV Solutions Presentation from Cisco Live 2017
World Wide Technology
 
VPC and Datacenter Connectivity Options
VPC and Datacenter Connectivity OptionsVPC and Datacenter Connectivity Options
VPC and Datacenter Connectivity Options
john homer alvero
 
How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud
ThousandEyes
 
Automating Performance Monitoring at Microsoft
Automating Performance Monitoring at MicrosoftAutomating Performance Monitoring at Microsoft
Automating Performance Monitoring at Microsoft
ThousandEyes
 
Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012
Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012
Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012
Kemp
 
Layer 7 Observability and Centralized Configuration with Consul Service Mesh
Layer 7 Observability and Centralized Configuration with Consul Service MeshLayer 7 Observability and Centralized Configuration with Consul Service Mesh
Layer 7 Observability and Centralized Configuration with Consul Service Mesh
Mitchell Pronschinske
 
Getting Started with ThousandEyes
Getting Started with ThousandEyesGetting Started with ThousandEyes
Getting Started with ThousandEyes
ThousandEyes
 
Modern Network Compliance: Achieving Compliance in a Hybrid, Multi-Cloud World
Modern Network Compliance: Achieving Compliance in a Hybrid, Multi-Cloud WorldModern Network Compliance: Achieving Compliance in a Hybrid, Multi-Cloud World
Modern Network Compliance: Achieving Compliance in a Hybrid, Multi-Cloud World
Itential
 
Reverse Path Visibility with Agent-to-Agent Tests
Reverse Path Visibility with Agent-to-Agent TestsReverse Path Visibility with Agent-to-Agent Tests
Reverse Path Visibility with Agent-to-Agent Tests
ThousandEyes
 
Monitoring End User Experience with Endpoint Agent
Monitoring End User Experience with Endpoint AgentMonitoring End User Experience with Endpoint Agent
Monitoring End User Experience with Endpoint Agent
ThousandEyes
 
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays
 
AWS Meetup Nov 2015 - News Corp Presentation
AWS Meetup Nov 2015 - News Corp PresentationAWS Meetup Nov 2015 - News Corp Presentation
AWS Meetup Nov 2015 - News Corp Presentation
PolarSeven Pty Ltd
 
Enhanced Multisite Site Selection for Windows 10 and DirectAccess with KEMP L...
Enhanced Multisite Site Selection for Windows 10 and DirectAccess with KEMP L...Enhanced Multisite Site Selection for Windows 10 and DirectAccess with KEMP L...
Enhanced Multisite Site Selection for Windows 10 and DirectAccess with KEMP L...
Kemp
 

What's hot (20)

Seven Criteria for Building an AWS Global Transit Network
Seven Criteria for Building an AWS Global Transit NetworkSeven Criteria for Building an AWS Global Transit Network
Seven Criteria for Building an AWS Global Transit Network
 
Understanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
Understanding the New Enterprise Multi-Cloud Backbone for DevOps EngineersUnderstanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
Understanding the New Enterprise Multi-Cloud Backbone for DevOps Engineers
 
How Intuit Monitors Connectivity to AWS
How Intuit Monitors Connectivity to AWS How Intuit Monitors Connectivity to AWS
How Intuit Monitors Connectivity to AWS
 
CDN Performance at eBay from Thousandeyes Connect
CDN Performance at eBay from Thousandeyes ConnectCDN Performance at eBay from Thousandeyes Connect
CDN Performance at eBay from Thousandeyes Connect
 
Demystifying Service Mesh
Demystifying Service MeshDemystifying Service Mesh
Demystifying Service Mesh
 
Cisco IT and ThousandEyes
Cisco IT and ThousandEyesCisco IT and ThousandEyes
Cisco IT and ThousandEyes
 
Network monitoring for the modern wan webinar
Network monitoring for the modern wan webinarNetwork monitoring for the modern wan webinar
Network monitoring for the modern wan webinar
 
WWT: NFV Solutions Presentation from Cisco Live 2017
WWT: NFV Solutions Presentation from Cisco Live 2017WWT: NFV Solutions Presentation from Cisco Live 2017
WWT: NFV Solutions Presentation from Cisco Live 2017
 
VPC and Datacenter Connectivity Options
VPC and Datacenter Connectivity OptionsVPC and Datacenter Connectivity Options
VPC and Datacenter Connectivity Options
 
How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud
 
Automating Performance Monitoring at Microsoft
Automating Performance Monitoring at MicrosoftAutomating Performance Monitoring at Microsoft
Automating Performance Monitoring at Microsoft
 
Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012
Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012
Microsoft DirectAccess Remote Access (VPN) with Windows 10 and Server 2012
 
Layer 7 Observability and Centralized Configuration with Consul Service Mesh
Layer 7 Observability and Centralized Configuration with Consul Service MeshLayer 7 Observability and Centralized Configuration with Consul Service Mesh
Layer 7 Observability and Centralized Configuration with Consul Service Mesh
 
Getting Started with ThousandEyes
Getting Started with ThousandEyesGetting Started with ThousandEyes
Getting Started with ThousandEyes
 
Modern Network Compliance: Achieving Compliance in a Hybrid, Multi-Cloud World
Modern Network Compliance: Achieving Compliance in a Hybrid, Multi-Cloud WorldModern Network Compliance: Achieving Compliance in a Hybrid, Multi-Cloud World
Modern Network Compliance: Achieving Compliance in a Hybrid, Multi-Cloud World
 
Reverse Path Visibility with Agent-to-Agent Tests
Reverse Path Visibility with Agent-to-Agent TestsReverse Path Visibility with Agent-to-Agent Tests
Reverse Path Visibility with Agent-to-Agent Tests
 
Monitoring End User Experience with Endpoint Agent
Monitoring End User Experience with Endpoint AgentMonitoring End User Experience with Endpoint Agent
Monitoring End User Experience with Endpoint Agent
 
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
apidays LIVE Paris - Serverless security: how to protect what you don't see? ...
 
AWS Meetup Nov 2015 - News Corp Presentation
AWS Meetup Nov 2015 - News Corp PresentationAWS Meetup Nov 2015 - News Corp Presentation
AWS Meetup Nov 2015 - News Corp Presentation
 
Enhanced Multisite Site Selection for Windows 10 and DirectAccess with KEMP L...
Enhanced Multisite Site Selection for Windows 10 and DirectAccess with KEMP L...Enhanced Multisite Site Selection for Windows 10 and DirectAccess with KEMP L...
Enhanced Multisite Site Selection for Windows 10 and DirectAccess with KEMP L...
 

Similar to Network Troubleshooting in the Cloud: Tools, Techniques and Gotchas

BRKSEC-3771 - WSA with wccp.pdf
BRKSEC-3771 - WSA with wccp.pdfBRKSEC-3771 - WSA with wccp.pdf
BRKSEC-3771 - WSA with wccp.pdf
MenakaDevi14
 
kreuzwerker AWS Modernizing Legacy Operations with Containerized Solutions 20...
kreuzwerker AWS Modernizing Legacy Operations with Containerized Solutions 20...kreuzwerker AWS Modernizing Legacy Operations with Containerized Solutions 20...
kreuzwerker AWS Modernizing Legacy Operations with Containerized Solutions 20...
kreuzwerker GmbH
 
The Top Outages of 2022: Analysis and Takeaways
The Top Outages of 2022: Analysis and TakeawaysThe Top Outages of 2022: Analysis and Takeaways
The Top Outages of 2022: Analysis and Takeaways
ThousandEyes
 
EMEA.23.02.23_Top_Outages_of_2022_Webinar_Slides.pptx
EMEA.23.02.23_Top_Outages_of_2022_Webinar_Slides.pptxEMEA.23.02.23_Top_Outages_of_2022_Webinar_Slides.pptx
EMEA.23.02.23_Top_Outages_of_2022_Webinar_Slides.pptx
ThousandEyes
 
The Hitchhiker’s Guide to Hybrid Connectivity
The Hitchhiker’s Guide to Hybrid ConnectivityThe Hitchhiker’s Guide to Hybrid Connectivity
The Hitchhiker’s Guide to Hybrid Connectivity
Daniel Toomey
 
The Top Outages of 2022: Analysis and Takeaways
The Top Outages of 2022: Analysis and TakeawaysThe Top Outages of 2022: Analysis and Takeaways
The Top Outages of 2022: Analysis and Takeaways
ThousandEyes
 
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service MeshData Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
NGINX, Inc.
 
New ThousandEyes Product Features and Release Highlights: July 2023
New ThousandEyes Product Features and Release Highlights: July 2023New ThousandEyes Product Features and Release Highlights: July 2023
New ThousandEyes Product Features and Release Highlights: July 2023
ThousandEyes
 
NET309_Best Practices for Securing an Amazon Virtual Private Cloud
NET309_Best Practices for Securing an Amazon Virtual Private CloudNET309_Best Practices for Securing an Amazon Virtual Private Cloud
NET309_Best Practices for Securing an Amazon Virtual Private Cloud
Amazon Web Services
 
Mastering the move
Mastering the moveMastering the move
Mastering the move
Trivadis
 
AWS Community Day - Amy Negrette - Gateways to Gateways
AWS Community Day - Amy Negrette - Gateways to GatewaysAWS Community Day - Amy Negrette - Gateways to Gateways
AWS Community Day - Amy Negrette - Gateways to Gateways
AWS Chicago
 
Discover the Power of ThousandEyes on Your Meraki MX
Discover the Power of ThousandEyes on Your Meraki MXDiscover the Power of ThousandEyes on Your Meraki MX
Discover the Power of ThousandEyes on Your Meraki MX
ThousandEyes
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF Chui
MyNOG
 
The Top Outages of 2023: Analyses and Takeaways
The Top Outages of 2023: Analyses and TakeawaysThe Top Outages of 2023: Analyses and Takeaways
The Top Outages of 2023: Analyses and Takeaways
ThousandEyes
 
Level-up Your Cloud Visibility Into AWS With ThousandEyes
Level-up Your Cloud Visibility Into AWS With ThousandEyesLevel-up Your Cloud Visibility Into AWS With ThousandEyes
Level-up Your Cloud Visibility Into AWS With ThousandEyes
ThousandEyes
 
5 Best Practices for Building an AWS Global Transit Network
5 Best Practices for Building an AWS Global Transit Network 5 Best Practices for Building an AWS Global Transit Network
5 Best Practices for Building an AWS Global Transit Network
Amazon Web Services
 
Service Virtualization: What Testers Need to Know
Service Virtualization: What Testers Need to KnowService Virtualization: What Testers Need to Know
Service Virtualization: What Testers Need to Know
TechWell
 
Introduction to Windows Azure Service Bus Relay Service
Introduction to Windows Azure Service Bus Relay ServiceIntroduction to Windows Azure Service Bus Relay Service
Introduction to Windows Azure Service Bus Relay ServiceTamir Dresher
 
Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)
Christian Posta
 
Deep Dive - Usage of on premises data gateway for hybrid integration scenarios
Deep Dive - Usage of on premises data gateway for hybrid integration scenariosDeep Dive - Usage of on premises data gateway for hybrid integration scenarios
Deep Dive - Usage of on premises data gateway for hybrid integration scenarios
Sajith C P Nair
 

Similar to Network Troubleshooting in the Cloud: Tools, Techniques and Gotchas (20)

BRKSEC-3771 - WSA with wccp.pdf
BRKSEC-3771 - WSA with wccp.pdfBRKSEC-3771 - WSA with wccp.pdf
BRKSEC-3771 - WSA with wccp.pdf
 
kreuzwerker AWS Modernizing Legacy Operations with Containerized Solutions 20...
kreuzwerker AWS Modernizing Legacy Operations with Containerized Solutions 20...kreuzwerker AWS Modernizing Legacy Operations with Containerized Solutions 20...
kreuzwerker AWS Modernizing Legacy Operations with Containerized Solutions 20...
 
The Top Outages of 2022: Analysis and Takeaways
The Top Outages of 2022: Analysis and TakeawaysThe Top Outages of 2022: Analysis and Takeaways
The Top Outages of 2022: Analysis and Takeaways
 
EMEA.23.02.23_Top_Outages_of_2022_Webinar_Slides.pptx
EMEA.23.02.23_Top_Outages_of_2022_Webinar_Slides.pptxEMEA.23.02.23_Top_Outages_of_2022_Webinar_Slides.pptx
EMEA.23.02.23_Top_Outages_of_2022_Webinar_Slides.pptx
 
The Hitchhiker’s Guide to Hybrid Connectivity
The Hitchhiker’s Guide to Hybrid ConnectivityThe Hitchhiker’s Guide to Hybrid Connectivity
The Hitchhiker’s Guide to Hybrid Connectivity
 
The Top Outages of 2022: Analysis and Takeaways
The Top Outages of 2022: Analysis and TakeawaysThe Top Outages of 2022: Analysis and Takeaways
The Top Outages of 2022: Analysis and Takeaways
 
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service MeshData Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
Data Plane Matters! A Deep Dive and Demo on NGINX Service Mesh
 
New ThousandEyes Product Features and Release Highlights: July 2023
New ThousandEyes Product Features and Release Highlights: July 2023New ThousandEyes Product Features and Release Highlights: July 2023
New ThousandEyes Product Features and Release Highlights: July 2023
 
NET309_Best Practices for Securing an Amazon Virtual Private Cloud
NET309_Best Practices for Securing an Amazon Virtual Private CloudNET309_Best Practices for Securing an Amazon Virtual Private Cloud
NET309_Best Practices for Securing an Amazon Virtual Private Cloud
 
Mastering the move
Mastering the moveMastering the move
Mastering the move
 
AWS Community Day - Amy Negrette - Gateways to Gateways
AWS Community Day - Amy Negrette - Gateways to GatewaysAWS Community Day - Amy Negrette - Gateways to Gateways
AWS Community Day - Amy Negrette - Gateways to Gateways
 
Discover the Power of ThousandEyes on Your Meraki MX
Discover the Power of ThousandEyes on Your Meraki MXDiscover the Power of ThousandEyes on Your Meraki MX
Discover the Power of ThousandEyes on Your Meraki MX
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF Chui
 
The Top Outages of 2023: Analyses and Takeaways
The Top Outages of 2023: Analyses and TakeawaysThe Top Outages of 2023: Analyses and Takeaways
The Top Outages of 2023: Analyses and Takeaways
 
Level-up Your Cloud Visibility Into AWS With ThousandEyes
Level-up Your Cloud Visibility Into AWS With ThousandEyesLevel-up Your Cloud Visibility Into AWS With ThousandEyes
Level-up Your Cloud Visibility Into AWS With ThousandEyes
 
5 Best Practices for Building an AWS Global Transit Network
5 Best Practices for Building an AWS Global Transit Network 5 Best Practices for Building an AWS Global Transit Network
5 Best Practices for Building an AWS Global Transit Network
 
Service Virtualization: What Testers Need to Know
Service Virtualization: What Testers Need to KnowService Virtualization: What Testers Need to Know
Service Virtualization: What Testers Need to Know
 
Introduction to Windows Azure Service Bus Relay Service
Introduction to Windows Azure Service Bus Relay ServiceIntroduction to Windows Azure Service Bus Relay Service
Introduction to Windows Azure Service Bus Relay Service
 
Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)Kubernetes Ingress to Service Mesh (and beyond!)
Kubernetes Ingress to Service Mesh (and beyond!)
 
Deep Dive - Usage of on premises data gateway for hybrid integration scenarios
Deep Dive - Usage of on premises data gateway for hybrid integration scenariosDeep Dive - Usage of on premises data gateway for hybrid integration scenarios
Deep Dive - Usage of on premises data gateway for hybrid integration scenarios
 

Recently uploaded

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
Abida Shariff
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 

Network Troubleshooting in the Cloud: Tools, Techniques and Gotchas

  • 1. Network Troubleshooting In the Cloud: Tools, Techniques, and Gotchas AWS Bootcamp #8 – September 6, 2018 Sherry Wei, Founder & CTO Neel Kamal, Head of Field Operations Frank Cabri, VP Product Marketing
  • 2. © 2017 AVIATRIX SYSTEMS, INC. | 2© 2017 AVIATRIX SYSTEMS, INC. | 2 • Introductions • Understanding VPC Networking Elements • Common Troubleshooting Scenarios • Demo • Q & A Welcome & Agenda SHERRY WEI Founder & CTO NEEL KAMAL Head of Field Operations FEATURED SPEAKERS
  • 3. © 2017 AVIATRIX SYSTEMS, INC. | 3© 2017 AVIATRIX SYSTEMS, INC. | 3 Check Out More Bootcamps – Available On-Demand www.aviatrix.com/bootcamps
  • 4. © 2017 AVIATRIX SYSTEMS, INC. | 4© 2017 AVIATRIX SYSTEMS, INC. | 4 Network Problems Often Appear at the App Layer … “My production app can’t reach the on-prem database. It was working yesterday. Can you fix the network?” “My instance is running but I can’t reach the Internet. Is the network down?” “From my QA instance, I can no longer SSH into production. You need to fix the network fast!” “VPN performance really sucks. Joe moved to Japan and he’s griping that remote access to dev is way too slow.”
  • 5. © 2017 AVIATRIX SYSTEMS, INC. | 5© 2017 AVIATRIX SYSTEMS, INC. | 5 … and Gets Progressively Harder as You Dig Deeper “A customer’s route table propagated to my cloud environment and collided with my CIDR range.” “I hit a VGW limit on entries. That led to a BGP crash. And THAT brought down the entire cloud network.” “Internet-bound packets from the production VPC are getting dropped.” “I can’t get any friggin’ trace logs out of VGW!” “A partner says that IPsec connectivity keeps going up and down.”
  • 6. © 2017 AVIATRIX SYSTEMS, INC. | 6© 2017 AVIATRIX SYSTEMS, INC. | 6 IGW NAT SERVICE/GATEWAY ROUTING TABLES (PCX/BGP/VGW) NETWORK ACLs SECURITY POLICIES EC2 Understanding VPC Networking Elements • All layers must work correctly for the network to work • Proving the network is not the problem requires proving each layer is not the problem • Network issues can be at any layer, but there is no easy way to tell, making root cause analysis difficult • Number of layers involved depends upon the destination (example: EC2 to EC2 vs. EC2 to Internet) • Each layer has its own scale limitation And Limitations…
  • 7. © 2017 AVIATRIX SYSTEMS, INC. | 7© 2017 AVIATRIX SYSTEMS, INC. | 7 Troubleshooting | Common Connectivity Scenarios 3. VPC to On-Prem 2. EC2 to Internet 1. EC2 to EC2 4. VPC to VNET (multicloud)
  • 8. © 2017 AVIATRIX SYSTEMS, INC. | 8© 2017 AVIATRIX SYSTEMS, INC. | 8 What can go wrong? • Security Group Policies – for example, ports are not open • Network ACLs – for example, inbound port is open, outbound not open (not stateful) • Route Table – for example, human error and limitation on number of entries What Does AWS Provide Natively for Troubleshooting? • Flow Log (minimal information) • AWS X-Ray What’s Missing? • Tools to gather and compare both EC2 instance attributes (security, network ACLs and route table entries) side by side • Guardrails – validation prior to making updates to route tables 1. EC2 to EC2 – Network Troubleshooting EC2EC2
  • 9. © 2017 AVIATRIX SYSTEMS, INC. | 9© 2017 AVIATRIX SYSTEMS, INC. | 9 What can go wrong? • Unable to see what URLs should be allowed & denied • All Internet-bound egress traffic is getting blocked • Security policy (EC2 level/NAT Gateway) exceeds max limit of 200 • My proxy cannot filter non HTTP/S traffic (e.g. SFTP) What Does AWS Provide Natively for Troubleshooting? • Flow Log (minimal information) What’s Missing? • Visualization – Reporting on allowed/denied URLs • Alerting on URL access policy violations • Egress traffic discovery • Domain-level filtering 2. EC2 to Internet – Network Troubleshooting EC2 Internet
  • 10. © 2017 AVIATRIX SYSTEMS, INC. | 10© 2017 AVIATRIX SYSTEMS, INC. | 10 What can go wrong? • Network connection (IPsec) is down (VGW or on prem router) • Direct Connect / Internet goes down • Mismatched Ipsec parameters • Route table is misconfigured OR unwanted routes propagated by BGP • Exceeded route table limits • Poor performance (latency and/or throughput) What Does AWS Provide Natively for Troubleshooting? • VGW up/down status and number of routes What is Missing? • VGW is a black box – no trace logs • No alerts for route table limit • No error checking for route table entries • Automation - guardrails for updating route tables; error checks 3. VPC to On-Prem – Network Troubleshooting VPC On-Premises Data Center Direct Connect or Internet
  • 11. © 2017 AVIATRIX SYSTEMS, INC. | 11© 2017 AVIATRIX SYSTEMS, INC. | 11 What can go wrong? • Route table is misconfigured OR unwanted routes propagated by BGP • Exceeded route table limits • Poor performance (latency and/or throughput) • Azure VNet or AWS VGW goes down/maintenance schedule What Do AWS/Azure Provide Natively for Troubleshooting? • VGW up/down status and number of routes What is Missing? • No trace logs for cloud provider gateways • No alerts for route table limit • No error checking for route table entries • Automation - guardrails for updating route tables; error checks 4. VPC to VNet (Multicloud) – Network Troubleshooting VNet VPC
  • 12. © 2017 AVIATRIX SYSTEMS, INC. | 12© 2017 AVIATRIX SYSTEMS, INC. | 12 A Consolidated View for Troubleshooting all Layers of AWS Networking Demo: Aviatrix Controller
  • 13. © 2017 AVIATRIX SYSTEMS, INC. | 13© 2017 AVIATRIX SYSTEMS, INC. | 13 • Today you have lots of log data … and no insight • Coming soon: correlated log data, with suggested expert remediation Coming Soon – Problem Identification and Insights
  • 14. © 2017 AVIATRIX SYSTEMS, INC. | 14© 2017 AVIATRIX SYSTEMS, INC. | 14 • You’ll receive email w/ a link to a replay and slides • Take 5 minutes and start a free 14-day trial …. https://www.aviatrix.com/trial • To view other bootcamps: https://www.aviatrix.com/bootcamps Next Steps with Aviatrix Use the Chat widget to talk live with a Solution Architect