Connection Monitor Configuration - Azure Networking

Configuring Connection Monitor

This section guides you through the process of configuring Connection Monitor to monitor network connectivity between various endpoints in Azure and on-premises.

Prerequisites

Before you begin, ensure you have the following:

An Azure subscription.
Permissions to create and manage Network Watcher resources.
At least one Network Watcher instance deployed in the region where you want to create the Connection Monitor.
Target endpoints configured (e.g., Virtual Machines, Application Gateway, etc.).

Steps to Create a Connection Monitor

You can create a Connection Monitor using the Azure portal, Azure CLI, or Azure PowerShell.

Using the Azure Portal

Navigate to the Network Watcher service in the Azure portal.
Under Network monitoring, select Connection monitor.
Click Create to start the new Connection Monitor wizard.
Basics:
- Select your Subscription and Resource group.
- Provide a unique Name for your Connection Monitor.
- Choose the Region where your Network Watcher is deployed.
- Select the Workspace to store monitoring data.
Monitored items:
This is where you define the source and destination endpoints for your connectivity tests.
- Sources: Add endpoints from which to initiate the monitoring. This can include Virtual Machines, VM Scale Sets, and Azure Firewall.
- Destinations: Add endpoints to monitor connectivity to. This can include Virtual Machines, VM Scale Sets, Application Gateways, Azure Firewalls, and Log Analytics workspaces.
Configuration:
Define the parameters for your monitoring tests:
- Endpoint type: Select the type of endpoint (e.g., HTTP, TCP, ICMP).
- Protocol: Choose the protocol to use for the test (e.g., HTTP, TCP).
- Port: Specify the destination port.
- Interval: Set the frequency of the test (e.g., every 60 seconds).
- Disable log status: Enable this if you don't want to log the status of checks.
- Include IPv6: Enable if you want to test IPv6 connectivity.
Tags: (Optional) Apply tags for resource management.
Review + create: Review your configuration and click Create.

Example: Monitoring HTTP Connectivity to a Web Server

Let's say you want to monitor connectivity from a VM named WebAppVM to a web server running on port 80.

Source: Select WebAppVM.
Destination: Select the public IP address or FQDN of your web server.
Configuration:
- Endpoint type: HTTP
- Protocol: HTTP
- Port: 80
- Interval: 60 seconds

Note: For VM endpoints, ensure the Network Watcher extension is installed and configured on the respective VMs.

Advanced Configuration Options

Custom Headers: For HTTP tests, you can specify custom headers to include in the request.
Path: For HTTP tests, specify the path to the resource you want to test (e.g., /health).
Expected Status Code: Define the expected HTTP status code for a successful request.
Connection Establishment Timeout: Configure the timeout for establishing a TCP connection.

Tip: Regularly review your Connection Monitor configurations and test results to ensure optimal network performance and quickly identify any connectivity issues.

Viewing Monitoring Data

Once configured, Connection Monitor collects data on network connectivity. You can view this data in the Azure portal under your Connection Monitor resource or by querying the associated Log Analytics workspace.


-- Example Kusto Query to retrieve connection health data
AzureDiagnostics
| where ResourceProvider == "MICROSOFT.NETWORK" and Category == "NetworkWatcherConnectionMonitor"
| where TimeGenerated > ago(1h)
| project TimeGenerated, WorkspaceName, ResourceGroup, ConnectionMonitorName, Source, Destination, EndpointStatus, Latency, PacketLoss
| order by TimeGenerated desc