Azure Network Watcher is a powerful tool that helps you monitor and troubleshoot your network resources in Azure. It provides real-time visibility into network traffic, allowing you to identify potential issues and optimize your network performance.
With Azure Network Watcher, you can monitor network traffic, diagnose connectivity issues, and even detect potential security threats. It's a game-changer for anyone managing complex Azure networks.
To get started with Azure Network Watcher, you'll need to set it up in your Azure subscription. This involves creating a Network Watcher resource and assigning it to your virtual network.
What Is Azure Network Watcher?
Azure Network Watcher is a regional service in Azure that operates within specific Azure regions. It's designed to help you monitor and diagnose network conditions at both a network and scenario level.
Network Watcher is a central tool that combines all the necessary tools to diagnose the health of your Azure network. With it, you can monitor, diagnose, view metrics, and enable or disable logs for your Azure Virtual Network (VNET).
Azure Network Watcher provides tools to monitor, diagnose, view metrics, and enable or disable logs for resources in an Azure virtual network. It also allows you to log information about IP traffic flowing through a network security group.
Here are some key features of Azure Network Watcher:
- Vendor: Microsoft Azure
- Supported environment: SaaS
- Detection based on: Telemetry
- Supported application or feature: Host network interface, Netflow/Enclave netflow, Network device logs, Network protocol analysis
Features and Tools
Azure Network Watcher offers a suite of tools designed to enhance the monitoring, diagnostics, and visualization of Azure network environments. These tools include IP flow verify, NSG diagnostics, Next hop, Effective security rules, Connection troubleshoot, Packet capture, and VPN troubleshoot.
Network Watcher's diagnostic tools can be used to identify issues with network traffic and security rules. For example, the IP flow verify tool can be used to test communication between endpoints and identify which security rule is blocking traffic.
The Network Watcher offers seven network diagnostic tools that help troubleshoot and diagnose network issues: IP flow verify, NSG diagnostics, Next hop, Effective security rules, Connection troubleshoot, Packet capture, and VPN troubleshoot.
Here are the diagnostic tools available in Network Watcher:
- IP Flow Verify Tool: It identifies whether a particular packet is allowed or denied in a virtual machine.
- Next Hop Tool: Using this, users can determine how a packet will get from one VM to any other.
- Effective Security Tool: It displays all the effective NSG rules which are to be applied on the network interface.
- Packet Capture Tool: It is used to record all the packets received and sent from the VM.
- Connection Troubleshoot Tool: It is used to check the TCP connectivity between the source and destination virtual machines.
- VPN troubleshoot Tool: This tool can diagnose problems with virtual network gateway connections.
Topology
Topology is an interactive interface that provides a visualization of the entire network for understanding network configuration.
It allows you to view resources and their relationships in Azure, spanning across multiple subscriptions, resource groups, and locations.
For a more detailed look, you can see View topology for more information.
Topology provides a comprehensive view of your network, making it easier to manage and troubleshoot issues.
Diagnostic Tools
Diagnostic Tools are a crucial part of Azure Network Watcher, helping you troubleshoot and diagnose network issues. IP flow verify is a diagnostic tool that identifies connectivity issues by verifying IP flow against network security group (NSG) rules.
Network Watcher offers several diagnostic tools, including IP flow verify, NSG diagnostics, Next hop, Effective security rules, Connection troubleshoot, Packet capture, and VPN troubleshoot. These tools help you diagnose network traffic issues and identify security rule conflicts.
IP flow verify checks if a packet is allowed or denied to or from an IP address, telling you which security rule allowed or denied the traffic. It's particularly useful for troubleshooting and ensuring compliance with security policies.
Here are some of the key features of the diagnostic tools:
- IP flow verify: Identifies connectivity issues by verifying IP flow against NSG rules.
- NSG diagnostics: Detects traffic filtering issues at a virtual machine level.
- Next hop: Determines how a packet will get from one VM to another.
- Effective security rules: Displays all the effective NSG rules applied on the network interface.
- Connection troubleshoot: Checks TCP connectivity between source and destination virtual machines.
- Packet capture: Records all packets received and sent from a VM.
- VPN troubleshoot: Diagnoses problems with virtual network gateway connections.
These diagnostic tools are essential for maintaining optimal network health, security, and performance. By using them, you can quickly resolve connectivity problems and ensure compliance with security policies.
Pricing and Limits
Pricing for Azure Network Watcher is based on region and availability of services. In the East US Azure region, collecting up to 5 GB per month of network logs incurs a charge of $0.50 per GB.
Microsoft charges $1 per 1,000 checks when you reach the Network Diagnostic Tool limit of 1,000 checks per month. Connections Monitor has tier-based charging depending on the number of tests performed.
Here's a breakdown of the Connections Monitor pricing tiers:
- 10 to 240,010 tests – $0.30 per test per month
- 240,010 to 750,010 tests – $0.10 per test per month
- 750,010 to 1,000,010 tests – $0.05 per test per month
- 1,000,010 and up tests – $0.02 per test per month
Network Watcher has several limits to keep in mind, including a limit of 1 instance per region per subscription, and 100 Connection Monitors per region per subscription. You can check your current usage and limits through the Usage + quotas capability of Network Watcher.
Pricing
Pricing is a crucial aspect of using Azure Network Watcher. There are no additional charges for enabling Network Watcher, but some features incur costs.
Network Watcher charges $0.50 per GB of logs collected, with a maximum of 5 GB per month. If you don't set a retention policy, Azure maintains logs forever, which can add up quickly.
The Network Diagnostic Tool has a limit of 1,000 checks per month, after which Microsoft charges $1 per 1,000 checks. This can be a significant cost if you're using the tool extensively.
Connections Monitor has tier-based charging, with the following rates:
These prices are subject to change based on region and availability of services. It's essential to factor in these costs when planning your Azure Network Watcher usage.
Limits
Network Watcher has a set limit of 1 instance per region per subscription, which enables access to the service in that region.
You can have up to 100 connection monitors per region per subscription, but be mindful of the other limits to ensure you're within the allowed range.
Here are the key limits to keep in mind:
Packet capture sessions have a separate limit of 10,000 per region per subscription, which is the number of sessions only, not saved captures.
Network Watcher's Usage + quotas capability provides a summary of your deployed network resources within a subscription and region, including current usage and corresponding limits for each resource.
What Is Microsoft?
Microsoft Azure Network Watcher is a valuable tool for monitoring and diagnosing network issues.
It offers a centralized hub to identify problems, providing a single location to troubleshoot network issues.
The tools in Azure Network Watcher are divided into two categories: Monitoring tools and Diagnostic tools.
These tools are used to monitor and diagnose issues in network watchers, helping you stay on top of your network's performance.
By providing a centralized hub, you can quickly identify and resolve issues before they impact your business.
Getting Started
Getting Started with Azure Network Watcher is a breeze. If you have an Azure subscription with a VNET, Network Watcher is automatically enabled, which means you don't have to lift a finger to get started.
This auto-enabling feature is a game-changer for seamless network monitoring, and the best part is it doesn't incur any additional costs. Network Watcher's functionality relies on the Microsoft Insights resource provider, which must be registered within your Azure subscription for it to work effectively.
To access Network Watcher, simply navigate to the Azure portal and search for "Network Watcher" in the search box at the top. This will take you directly to the Network Watcher resource, where you can start exploring its features and functionality.
Monitoring and Troubleshooting
Network Watcher offers two monitoring tools: Topology and Connection monitor. Topology generates graphical images of the Azure virtual network with its resources used, interconnection formed, and relationships.
You can use Connection Monitor to check the connection health between two Azure resources, including virtual machines, FQDN, URI, or IPv4 address. It captures changes in network configuration or NSG rules and alerts you to any failures or changes.
Network Performance Monitor verifies and reports on the performance between various network infrastructure endpoints, detecting issues like traffic blackholing and routing errors.
Here are the three tools used for monitoring tasks in Network Watcher:
- Topology Tool: Generates graphical images of the Azure virtual network.
- Connection Monitor Tool: Checks the connection health between two Azure resources.
- Network Performance Monitor: Verifies and reports on network performance between endpoints.
Network Watcher also offers seven network diagnostic tools to troubleshoot and diagnose network issues, including IP flow verify, NSG diagnostics, and packet capture.
Monitoring
Monitoring is a crucial aspect of ensuring your Azure resources are running smoothly. Network Watcher offers two primary tools for monitoring: Topology and Connection Monitor.
Topology provides a graphical representation of your Azure virtual network, allowing you to visualize and understand your infrastructure. This can be especially helpful for new users who need to troubleshoot issues.
Connection Monitor, on the other hand, checks the connection health between two Azure resources. If you're experiencing issues with communication between resources, Connection Monitor can help you identify the problem and provide guidance on how to fix it.
Network Watcher also offers a Network Performance Monitor, which verifies and reports on the performance between various network infrastructure endpoints. This can help you detect issues like traffic blackholing and routing errors.
In addition to these tools, Network Watcher provides a range of diagnostic tools to help you troubleshoot and diagnose network issues. These include IP Flow Verify, Next Hop, Effective Security Rules, Connection Troubleshoot, Packet Capture, and VPN Troubleshoot.
Here are some of the key features of Network Watcher's diagnostic tools:
These diagnostic tools can help you quickly identify and resolve network issues, ensuring your Azure resources are running smoothly and efficiently.
Event Categories
Monitoring and troubleshooting can be a daunting task, but understanding the different types of events that occur can make a big difference. The type of events produced by the integration can be broken down into several categories.
The data source for these events can come from various places, including the host network interface, Netflow/Enclave netflow, network device logs, and network protocol analysis. Each of these sources provides a unique perspective on the traffic flowing through the Network Security Group.
The host network interface logs every packet passing through the Network Security Group, giving you a detailed view of the traffic. Netflow/Enclave netflow, on the other hand, provides Netflow-like data, which can be analyzed to understand the flow of traffic.
Network device logs also provide packet data, while network protocol analysis takes it a step further by analyzing traffic at levels 2/3/4.
Here are the different types of events that can be produced by this integration:
These events are categorized as network events, which can be further broken down into allowed and denied types.
Frequently Asked Questions
What is the alternative to Azure network Watcher?
The best alternative to Azure Network Watcher is AWS Global Accelerator, offering similar network monitoring capabilities. Other alternatives include Wireshark, Datadog, NinjaOne, and Atera, each with unique features and benefits.
What is the difference between connection monitor and network watcher?
Connection Monitor is a feature that supports hybrid and Azure cloud deployments, while Network Watcher is a toolset that provides connectivity-related metrics and diagnostic capabilities for Azure deployments.
Sources
- https://www.varonis.com/blog/azure-network-watcher
- https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-overview
- https://www.ituonline.com/blogs/exploring-azure-network-watcher/
- https://docs.sekoia.io/integration/categories/network_security/azure_network_watcher/
- https://www.educba.com/azure-network-watcher/
Featured Images: pexels.com