Oracle has recently introduced Network Path Analyzer (NPA) as the newest member of the family of operations tools for easy network troubleshooting and configuration validation.
In this blog, we will look into what Network Path Analyzer is, its benefits, use cases, and how to set it up in the Oracle Cloud console.
Network Path Analyzer (NPA) Overview
Network Path Analyzer is a network reachability analysis tool based on real-time network configuration. The primary data input in NPA is the network routing and security configuration in a customer tenancy, augmented with key network runtime state data. Underneath this, NPA uses Batfish (an open-source network configuration analysis tool) for reachability analysis and identifying configuration errors.
Two important elements are required for successful communication between endpoints in a network:
- Network Connectivity- It builds possible paths between endpoints to reach each other.
- Appropriate security policies- The appropriate security policies along the path permit communication between the endpoints.
So when the two pieces are both readily in place, the required reachability between the endpoints for the higher-level application functions is established.
NPA Benefits
The following benefits can be seen when armed with Network Path Analyzer:
- Network Path Analyzer (NPA) is a free service offered to customers in all OCI regions.
- Customers can troubleshoot reachability issues caused by misconfiguration faster and significantly reduce the Mean Time to Resolution (MTTR) for this type of outage
- Users can proactively verify and validate the network routing and security policy configuration for their reachability intents before starting to send the application traffic
- NPA acts as a tool to perform on-demand validation of the logical network paths to match the intent
- Network Path Analyzer can be used to analyze network paths within your OCI networks, or your hybrid cloud or multi-cloud networks where your on-premises sites or third-party cloud sites are connected to your OCI network through FastConnect virtual circuits or VPN tunnels.
- To support the common network designs with redundant paths, the Network Path analyzer can analyze and visualize up to eight equal-cost-multi-pathing (ECMP) network paths between a pair of endpoints.
Working With Network Path Analyzer in Oracle Cloud
You can create network path analysis via console or API. In this blog, we will check how we can create and run network path analysis using the Oracle Cloud console.
Network Path Analyzer is directly available in the console under Networking on the Oracle Cloud Console, where you only need to create a path analysis and run it.
When creating a path analysis, specify the source and destination endpoints, the network protocol, and the source and the destination ports. For endpoints, you can select an IP address or an OCI resource. The viable OCI resource options include an IP address from a VCN subnet, a compute instance virtual network interface card (VNIC), an application load balancer, or a network load balancer.
The following example creates an analysis between an on-premises IP device 10.251.1.163 and a network load balancer in OCI. The communication travels through TCP from any source port to the destination port 443.
Once the path analysis is created, you can run it directly by clicking the Run Analysis button and leave the rest to Network Path Analyzer. Depending on the complexity and the scale of your tenancy network configuration, it can take a few minutes to complete the analysis. The results are rendered with a visual graph of the path that’s enriched with hop-by-hop routing and policy information.
If no valid end-to-end path exists between the source and destination endpoints, Network Path Analyzer shows the partial path until the first missing link. It also tells you what’s missing, either a missing route in a routing table or a missing security policy in an NSG or a security list.
NPA Use-Cases & Limitations
With the analyzer customers can:
- Troubleshoot routing and security misconfigurations that cause connectivity issues
- Validate that the logical network paths match your intent
- Verify that the virtual network connectivity setup works as expected before starting to send traffic
NPA has certain limitations wherein some scenarios we cannot use it, which are:
- It does not support IPv6, so IPv6 cannot be used as a source or destination. And thus its routing and security settings are ignored and do not affect the results.
- With a network path analyzer, users cannot detect routing loops, and even if they are present the results can be inconclusive or indicate a failure.
- Intra-VCN routing and internet gateway routing are not yet supported in NPA and can cause inaccurate Path Analysis results.
- Source and destinations that are within the same subnet and with a different Private IP will produce incorrect results.
Conclusion
Network Path Analyzer is a tool to assist in troubleshooting reachability issues by quickly identifying misconfiguration and reducing the MTTR caused by configuration issues. It is also helpful for customers to verify their network configuration against their reachability intents so it becomes easier for them to identify and correct misconfiguration and reduce outages.
Related/References
- 1Z0-1072-22 Oracle Cloud Infrastructure 2022 Architect Associate: All You Need To Know About
- Transit Routing: Access To Multiple VCNs From On-Premise
- OCI Networking | OCI Networking Architecture Overview
- OCI Gateways & OCI NAT Gateway
- OCI Load Balancer & How To Create: Step By Step
Begin Your Cloud Journey
Begin your journey towards becoming a Certified Oracle Cloud Infrastructure Architect and earn a lot more in 2022 by joining our FREE CLASS. You will also know more about the Roles and Responsibilities, Job opportunities for OCI Architects in the market, and what to study Including Hands-On labs you must perform to clear the Oracle Cloud Architect Associate Certification (OCI) certification exam by registering for our FREE Masterclass.
Click on the below image to Register for Our FREE Class on Master Oracle Cloud (OCI) and Get a Higher Paying Job!
The post Oracle Cloud Network Path Analyzer appeared first on Cloud Training Program.