MSDN Azure Tutorials

Getting Started with Azure Network Watcher

This tutorial will guide you through the essential features and functionalities of Azure Network Watcher, a powerful tool for monitoring and diagnosing your Azure network performance.

What is Azure Network Watcher?

Azure Network Watcher provides a comprehensive set of tools for network monitoring, diagnostics, and visualization. It allows you to detect issues, understand network traffic patterns, and troubleshoot connectivity problems within your Azure virtual networks.

Key Features:

Tutorial: Using Connection Monitor

Connection Monitor is an invaluable tool for proactively monitoring the health of your network connections.

Step 1: Enable Network Watcher

Network Watcher is enabled by default for all subscriptions. If for some reason it's not available in your region, you might need to enable it through the Azure portal.

Navigate to the Azure portal, search for "Network Watcher", and select the region where your virtual machines are deployed.

Step 2: Create a Connection Monitor

In Network Watcher, select "Connection monitor" from the left-hand menu.

Click on "Create".

Configure the following:

  • Connection Monitor name: A descriptive name for your monitor (e.g., "VM-to-Internet-Monitor").
  • Workspace: Select an Azure Log Analytics workspace to store the connection data.
  • Monitored end: Choose "Azure virtual machine".
  • Resource group and Virtual machine: Select the source virtual machine you want to monitor from.
  • Destination: You can select "Internet", "Azure service", or "Custom endpoint". For this tutorial, select "Internet".
  • Protocol: Choose "TCP" or "HTTP".
  • Port: Specify the destination port (e.g., 80 for HTTP, 443 for HTTPS).
  • Frequency: How often the connection should be checked (e.g., every 1 minute).

Click "Create" to start the monitor.

Step 3: Analyze Connection Data

Once the monitor is active, you can view the results in the Connection Monitor dashboard. It will show the reachability percentage, round-trip time, and any failed checks.

Click on the name of your connection monitor to see detailed logs and troubleshoot specific failures.

If you are monitoring to a custom endpoint or an Azure service, you will need to configure the destination address and port accordingly.

Note: Ensure that Network Security Groups (NSGs) and Azure Firewall rules allow traffic for the protocol and port you are using for monitoring.

Other Useful Tools

IP Flow Verify

Use IP Flow Verify to troubleshoot connectivity issues by checking if traffic is allowed or denied by NSG rules.

To use IP Flow Verify:

  1. In Network Watcher, select "IP flow verify".
  2. Provide the source IP address, destination IP address, protocol, and destination port.
  3. Click "Check". The tool will indicate whether the traffic is allowed or denied and by which NSG rule.

Packet Capture

Packet Capture allows you to capture network traffic to and from a virtual machine for in-depth analysis using tools like Wireshark.

To use Packet Capture:

  1. In Network Watcher, select "Packet capture".
  2. Click "Add" to create a new capture.
  3. Select the target virtual machine, provide a capture name, and configure filters if needed (e.g., filter by IP address or port).
  4. Start the capture. You can download the capture file from the specified storage location once it's complete or stopped.

Topology

The Topology feature provides a visual representation of your virtual network resources, including virtual machines, network interfaces, load balancers, and VPN gateways.

To view topology:

  1. In Network Watcher, select "Topology".
  2. Choose the virtual network you want to visualize.
  3. The diagram will show how your resources are connected, helping you understand the network layout.

By mastering Azure Network Watcher, you can significantly improve your ability to manage, monitor, and troubleshoot your Azure network infrastructure, ensuring optimal performance and reliability.