Diagnose and Solve Network Problems
This article provides an overview of how to use the Diagnose and Solve Network Problems feature in Azure Network Watcher to identify and resolve common network connectivity issues.
What is Diagnose and Solve Network Problems?
Diagnose and Solve Network Problems is a tool within Azure Network Watcher that helps you quickly identify the root cause of network connectivity issues. It provides automated diagnostics for various scenarios, including:
- Virtual machine to virtual machine connectivity
- Virtual machine to internet connectivity
- Virtual machine to Azure service connectivity (e.g., Storage, SQL Database)
- NSG rule issues
- UDR route issues
- Gateway and VPN connectivity
How to Use the Tool
1. Accessing the Feature
You can access the Diagnose and Solve Network Problems feature through the Azure portal:
- Navigate to Network Watcher.
- Select your subscription and region.
- In the left-hand menu, click on Diagnose and solve problems.
2. Selecting a Scenario
Once the feature is loaded, you will see a list of common network problems. Click on the scenario that best matches your issue. For example, if a virtual machine cannot connect to the internet, you might select "VM to Internet Connectivity".
3. Providing Input
For each scenario, you'll be prompted to provide specific information, such as:
- The source virtual machine
- The destination IP address or FQDN
- The protocol (TCP or UDP) and port number
- The destination virtual machine (if applicable)
4. Analyzing Results
After providing the necessary input, the tool will run a series of diagnostic tests. The results will be displayed, highlighting potential causes for the connectivity issue. This may include:
- Network Security Group (NSG) rules blocking traffic
- User Defined Routes (UDRs) misconfigured
- Firewall rules
- Routing issues
- IP configuration problems
Common Scenarios and Solutions
Scenario: VM to Internet Connectivity Failure
If your virtual machine cannot reach the internet, check the following:
- NSG Rules: Ensure that outbound NSG rules allow traffic to the internet (e.g., port 80, 443).
- Route Tables: Verify that your route table has a default route (0.0.0.0/0) pointing to the Internet or a Network Virtual Appliance (NVA).
- Firewall: If you are using an NVA firewall, ensure its rules permit the outbound traffic.
The tool will analyze these aspects and highlight any misconfigurations.
Scenario: VM to VM Connectivity Failure
To troubleshoot connectivity between two VMs within the same virtual network:
- NSG Rules: Check inbound and outbound NSG rules on both the source and destination VMs' subnets or network interfaces.
- Subnet Peering: If VMs are in different peered virtual networks, ensure peering is configured correctly.
- OS Firewall: Verify that the operating system's firewall on the destination VM allows traffic from the source VM.
Scenario: NSG Rule Blocking
If you suspect an NSG is blocking traffic, use the tool to specify the source, destination, protocol, and port. The tool will analyze the NSG rules applied to the relevant network interfaces and subnets to identify the blocking rule.
Example Diagnostic Output
A typical output might look like this:
Diagnosing: VM to VM Connectivity
Source VM: myVM1 (10.0.1.4)
Destination VM: myVM2 (10.0.2.4)
Protocol: TCP, Port: 80
Analysis:
- NSG on Subnet 'Subnet1' allows inbound TCP port 80 from '10.0.2.0/24'.
- NSG on Network Interface 'myVM1-nic' allows outbound TCP port 80 to '10.0.2.0/24'.
- NSG on Subnet 'Subnet2' allows inbound TCP port 80 from '10.0.1.0/24'.
- NSG on Network Interface 'myVM2-nic' allows outbound TCP port 80 to '10.0.1.0/24'.
Potential Issue Found:
No NSG rule blocking detected. Consider checking OS-level firewall or application configuration on myVM2.
Conclusion
The Diagnose and Solve Network Problems tool is an invaluable asset for quickly diagnosing and resolving network connectivity issues in Azure. By understanding its capabilities and how to use it effectively, you can minimize downtime and ensure the reliable operation of your network resources.