Introducing Network Analyzer: One stop shop to detect service and network issues
With networking at the foundation of all cloud deployments and business processes, proactively maintaining network health is mission-critical. The cloud is powerful and dynamic, but can sometimes feel complex, as customers often encounter network issues from unintentionally deploying suboptimal or error-prone configurations. For example, organizations may deploy changes that unknowingly introduce misconfigurations, contradict best practices, exceed IP address utilization quotas, or suboptimally allocate unused external IPs. To mitigate such network issues, teams often rely on reactive workflows - manually running time-consuming diagnostics to troubleshoot and resolve issues after a service disruption.
Google Cloud Networking developed a solution to prevent manual, time-intensive, reactive status quo - which is why we are excited to introduce Network Intelligence Center (NIC)’s newest module: Network Analyzer. With Network Analyzer, customers can transform reactive workflows into proactive processes and reduce network and service downtime. Network Analyzer empowers you by auto-detecting failures caused by the underlying network, surfacing root cause analyses, and suggesting best practices to improve the availability, performance, and security of services.
Network Analyzer offers an out-of-the-box suite of always-on analyzers that continuously monitor GCE and GKE network configuration. These analyzers run in the background, monitoring network services like load balancers, hybrid connectivity, and connectivity to Google services like Cloud SQL. As users continually push out config changes or the metrics for their deployment changes, the relevant analyzers will automatically surface failure conditions or suboptimal configurations.
Get automatic, proactive notification of service and network issues
Network Analyzer detects failures that can be caused by misconfigurations like setup errors or regressions caused by unintended changes. Customers can automatically detect if Google services like Cloud SQL are not reachable, or if network services like load balancing are not functioning as intended. Network Analyzer also detects the root cause for this failure, such as an invalid route or firewall rule blocking the service reachability.
For example, Network Analyzer can detect:
- Connectivity issues to Google Services like Cloud SQL. This issue could be due to an egress firewall rule or a routing issue.
- Common misconfigurations with load balancer health checks like firewall is not configured on the VPC network to allow health check probes used by the load balancer, or user-configured firewall rule is blocking the health check IP address range
- Invalid next hop of a route due to misconfigurations like stopped or deleted VM instance, VM instance with IP forwarding disabled, deleted Internal Load Balancer, deleted VPN tunnel
- Dynamic routes shadowed by a subnet or static routes as a result of which the dynamic route is not effective
- GKE networking misconfigurations like connectivity between GKE nodes and their control plane is blocked by misconfigured firewall or routing issues.
Improve availability and efficiency of your services
Network Analyzer codifies Google Cloud’s best practice guidelines for improved availability and performance and helps you optimize usage of Google Cloud resources. It offers best practice recommendations that are relevant to your deployment.
For example, Network Analyzer surfaces suggestions like:
External IP address is reserved but not allocated to a resource
GKE cluster needs additional authorized network after expanding IP address range
Enabling Private Google Access for a private GKE cluster's subnet after the cluster has been created
Predict resource and capacity issues
Network Analyzer detects suboptimal configurations and capacity trends which may lead to network issues in the future. For example, it can detect high IP address utilization of a subnet, which can prevent automatically creating VMs or upgrading GKE clusters.
Surfacing insights through Network Analyzer
Network Analyzer prioritizes and proactively surfaces insights to users at a project level or across multiple projects.
It identifies the root cause of the surfaced insight and provides a link to the documentation with recommendations to fix the insight.
You can refer to the complete list of analyzers here. We are continuously adding new analyzers to this module.
Moving towards Proactive Operations
We are excited to see customers use Network Intelligence Center’s Network Analyzer to adopt a more proactive, event-driven approach to network health and automatically detect and predict network and service issues. View insights for your organization in the Google Cloud Console. Learn more about Network Analyzer and view our complete list of analyzers in our documentation
And as always, please feel free to reach out to the Network Intelligence Center team with your questions and feedback.