Is Network the Problem?

By Sherry Wei
Founder and CTO, Aviatrix
January 16, 2018

If you are part of a CloudOps team or a cloud network engineer, you probably receive daily tickets from developers that look something like this:

  1. My instance suddenly cannot “ssh” into this server. Is something wrong with the network? Please help resolve.
  2. I get my instance up and running, but it cannot access the Internet. Is something wrong with the network? Please help resolve.
  3. No one can access my application. Is something wrong with the network? Please help resolve.
  4. ….

You get the idea. For any connectivity problem, the network is always the first to be blamed.

To resolve the ticket, you need to login to the AWS console and the respective cloud accounts, go to the region, find the problem instance, look at its security groups, associated route table and route entries, check the network ACL, etc. You often need to switch to a different AWS account console and repeat the same process on the other instance. More often than not, the problem lies in the user’s own environment, and has nothing to do with networking.

This troubleshooting process is not super difficult, but it is repetitive and time consuming, and it gets tiresome quickly.

Wouldn’t it be nice to have a tool that can pull up this information simultaneously and help you get to the heart of the problem quickly?

Introducing Aviatrix FlightPath.

Aviatrix FlightPath is a handy troubleshooting tool designed specifically with the above trouble tickets in mind.

From the Aviatrix Controller browser console, you specify a source AWS account, region, and VPC, and it automatically retrieves all instances by using AWS APIs. You do the same for the destination side as well. After you specify the source and destination instances, the tool automatically retrieves the latest information associated with each instance, again using AWS APIs and presents the information on the same page side by side so you can eye ball it and identify the problem quickly.
Here is one example to show how FlightPath works. Say a developer from a BusinessOps account filed a ticket that says one instance of “DevOps Server” in the Oregon region cannot run “ssh” into the Prod instance in the California region.
From the Aviatrix Controller browser console, click FlightPath under Troubleshooting on the navigation menu. Specify the above info and you’ll see something similar to the screenshot below. The highlights on each panel are the instances in question. Note the DevOps Server has IP address

Now run FlightPath Test, and you’ll see the FlightPath Report.

First, check the routing table – in this example all appears to be fine related to connectivity:

Continue by scrolling up and down the FlightPath Report to check other fields. Next check the Security Groups. Here we find that the California Prod instance does not have its “ssh” port open to the Oregon DevOps instance IP address

Problem identified in minutes!

Upon further inspection, you’ll notice the problem instance has a “ssh” open to the entire world. You may need to notify the ticket issuer to reduce the source address scope.

Aviatrix FlightPath is our tool for CloudOps and cloud network engineers. It saves time in dealing with daily networking trouble tickets.  Check it out within our free trial version on AWS Marketplace.


Comments are closed for this post.

Latest Posts

Aviatrix Now Provides FIPS 140-2 Validated Encryption
By Sam Ghardashem, June 14, 2019

How Aviatrix’s intelligent orchestration and control eliminates unwanted tradeoffs encountered when deploying Palo Alto Networks VM-Series Firewalls with AWS Transit Gateway
By Sam Ghardashem, June 7, 2019

How to Use Aviatrix SD Cloud Routing to Build Azure Networks
By Karthik Balachandran, March 20, 2019

The Cloud in 2019 and Beyond: More of the Same, Only Better
By Steven Mih, December 6, 2018

Understanding AWS VPC Egress Filtering Methods
By Khash Nakhostin, November 14, 2018

Top Tags

Active Directory (AD)Amazon Partner Network (APN)Amazon Virtual Private Cloud (Amazon VPC)Amazon Web Services (AWS)Amazon WorkSpacesApplication VisibilityAviatrix Cloud InterconnectAviatrix ControllerAviatrix FireNetAviatrix Firewall Network ServiceAviatrix FlightPathAviatrix Hosted ServiceAWS Direct ConnectAWS Egress ControlAWS Transit Gateway (TGW)AWS VPNAzure ExpressRouteCasachekChefCiscoCisco Live 2018Cloud Architectscloud burstingCloud ComputingCloud Gatewaycloud governanceCloud MigrationCloud NetworkingCloudOpsCSRDevOpsEgress TrafficElon MuskEnterprise Strategy Group (ESG)FIPS 140-2GartnerGCP Next 16Google Cloud PlatformHub-and-Spoke NetworkHybrid CloudHyperFlex Multi-Cloud EcosystemInternational Data Corporation (IDC)Intrusion Detection System (IDS)Intrusion Preventions Systems (IPS)IPmotionJenkinsMalware DetectionMesh NetworkMicrosoft AzureMulticloudNetworking as a Servicenetworking infrastructureNext Generation Firewalls (NGFW)NiciraNoOpsNutanixNutanix CalmOpenVPN Access ServerPalo Alto NetworksPCI CompliancePci DssPublic CloudPublic Cloud NetworkingPuppetRemote AccessSafeLogicSD Cloud RouterSD-WANSoftware Defined Cloud RoutingSoftware-Defined Cloud RoutersSquidSSL VPN to AWSstorage and computeTransit DMZ Architecturetransit networkTransit VPCURL FilteringUse Casesvalidated encryptionVirtual Cloud NetworkVirtual Desktop Infrastructure (VDI)Virtual RoutersVMwareVNet ConnectivityVPCVPC PeeringVPN