Monitoring Azure Virtual WAN
Effective monitoring is crucial for maintaining the health, performance, and security of your Azure Virtual WAN (vWAN) deployment. Azure provides a comprehensive suite of tools and services to help you gain deep insights into your vWAN resources.
Key Monitoring Areas
- Connectivity Health: Monitor the status of your Virtual Hubs, VPN gateways, ExpressRoute connections, and site-to-site VPN tunnels.
- Performance Metrics: Track bandwidth utilization, latency, packet loss, and other performance indicators for your network connections.
- Traffic Flow: Analyze traffic patterns to understand data flow between your branch offices, Azure regions, and on-premises networks.
- Security Events: Monitor firewall logs, security alerts, and intrusion detection events to ensure your network is protected.
- Resource Utilization: Keep an eye on CPU, memory, and other resource utilization for your vWAN components.
Azure Monitor for Virtual WAN
Azure Monitor is the central platform for collecting, analyzing, and acting on telemetry from your Azure and on-premises environments. For Virtual WAN, it offers:
- Metrics: Visualize and analyze metrics for your Virtual Hubs, VPN gateways, and other vWAN resources. You can create custom dashboards and set alerts based on metric thresholds.
- Logs: Collect diagnostic logs from your vWAN components for detailed analysis and troubleshooting. This includes connection logs, route logs, and diagnostic logs for security features.
- Azure Network Insights: A unified view for network monitoring and troubleshooting across your Azure networking services, including Virtual WAN. It provides topology diagrams, health status, and diagnostic capabilities.
Log Collection Configuration
To enable log collection, you need to configure diagnostic settings for your Virtual Hubs and associated resources (like VPN gateways). You can send these logs to Log Analytics workspaces, Azure Storage, or Event Hubs.
# Example of setting diagnostic settings via Azure CLI
az monitor diagnostic-settings create --name <diagnostic-setting-name> \
--resource <resource-id> \
--workspace <log-analytics-workspace-id> \
--logs '[{ "category": "VpnGatewayDiagnosticLog", "enabled": true }]'
Log Analytics and Kusto Query Language (KQL)
Once logs are sent to a Log Analytics workspace, you can use Kusto Query Language (KQL) to perform powerful ad-hoc queries and analyze your vWAN data. This is invaluable for root cause analysis and identifying trends.
Example KQL Queries
Check active VPN connections:
VpnGatewayConnection
| where Timestamp > ago(1h)
| where EventType == "TunnelConnected"
| project Timestamp, ConnectionName, RemoteVpnSite, LocalVpnGateway, TunnelUptime
| order by Timestamp desc
Analyze traffic volume by connection:
NetworkFlowLog
| where TimeGenerated > ago(24h)
| summarize TotalBytes = sum(BytesSent + BytesReceived) by FlowEndTime, VPCId, ComputerName
| order by TotalBytes desc
Alerting
Configure alerts in Azure Monitor to proactively notify you of critical events or performance degradations. You can set up alerts based on metrics (e.g., gateway health, bandwidth saturation) or log queries.
Common Alert Scenarios:
- VPN tunnel down
- High gateway CPU utilization
- Increased latency
- Traffic anomalies
Azure Network Watcher
While Azure Monitor provides broad insights, Azure Network Watcher offers specific tools for network diagnostics and monitoring, including:
- Connection Troubleshoot: Test connectivity between two endpoints within Azure or between Azure and an on-premises location.
- IP Flow Verify: Determine if traffic is allowed or denied to a virtual machine based on network security group rules.
- Next Hop: Identify the next hop for traffic from a virtual machine to a specified destination.
These tools can be particularly useful when troubleshooting specific connectivity issues within your vWAN setup.
By combining the power of Azure Monitor, Log Analytics, KQL, and Network Watcher, you can establish a robust monitoring strategy for your Azure Virtual WAN, ensuring its reliability and performance.