Azure Network Watcher

Owned by Roger Cruz, created
Dec 28, 2021
1 min read

 

Intro

Azure Network Watcher provides tools to monitor, diagnose, view metrics, and enable or disable logs for resources in an Azure virtual network. Network Watcher is designed to monitor and repair the network health of IaaS (Infrastructure-as-a-Service) products which includes Virtual Machines, Virtual Networks, Application Gateways, Load balancers, etc.

Documentation

 

Tips and Tidbits

  • Endpoints can be another virtual machine (VM), a fully qualified domain name (FQDN), a uniform resource identifier (URI), or IPv4 address.

  • The connection monitor capability monitors communication at a regular interval and informs you of reachability, latency, and network topology changes between the VM and the endpoint.

    • For example, you might have a web server VM that communicates with a database server VM

  • View resources in a virtual network and their relationships

  • Diagnose network traffic filtering problems to or from a VM

  • When you deploy a VM, Azure applies several default security rules to the VM that allow or deny traffic to or from the VM.

    • You might override Azure's default rules, or create additional rules.

    • At some point, a VM may become unable to communicate with other resources, because of a security rule.

    • The IP flow verify capability enables you to specify a source and destination IPv4 address, port, protocol (TCP or UDP), and traffic direction (inbound or outbound).

    • IP flow verify then tests the communication and informs you if the connection succeeds or fails.

    • If the connection fails, IP flow verify tells you which security rule allowed or denied the communication, so that you can resolve the problem