Enhanced visualization and troubleshooting with Network Visualizer 2.0

We’re excited to announce the availability of Network Visualizer 2.0, which makes visualizing, understanding, and troubleshooting your virtual network environment much easier. We first launched Network Visualizer in April 2021 and it allows you to visualize your virtual network topology within your tenancy. You can find more information about the first release in our announcement blog post.

As a cloud network administrator or a cloud architect, you’re always looking for capabilities that can help you to design and operate your virtual network environment efficiently. The complexity is real because so many components exist: Virtual cloud networks (VCNs), subnets, gateways, route tables, security lists, and network security groups (NSGs) to name a few. These entities are often interconnected through complex routing and security configurations. Some of the key features included in this Network Visualizer 2.0 release, such as the security mode, the new subnet view, and the DRG transit routing information, are designed to minimze this complexity and simplify your virtual network operations.

These capabilities help you with the following use cases:

• Visualize and troubleshoot network security configuration issues: The security mode shows the relationship of security lists and NSGs with other virtual network resources.

• Aid with network planning and network changes: Deeper insights help you visualize the relationships among VCN resources and understand the impact of any changes.

• Troubleshoot any transit routing configuration issues: Enhanced view of dynamic routing gateway (DRG) attachments

Visualizing and troubleshooting a security misconfiguration

In this Network Visualizer release, we have introduced a new security mode in addition to the routing mode. Using the security mode, complex security list and NSG configurations involving multiple rulesets can be visualized allowing for easier troubleshooting. Let's say you want to confirm if the security configuration allows an instance in your subnet to connect to your on-premises application on a TCP port, you can do that quickly and intuitively with this Network Visualizer enhancement.

The following diagram shows how you can visualize all the security lists applied to a given subnet. In this diagram, we selected the subnet SNet2. Two security lists are applied to that subnet. You can use a security list to control the access for all resources in a subnet.

You can visualize all the security rules for this subnet with a single click through “Open security details for resource.” Using this feature, you can view the ingress and egress rules from both the security lists in a single panel and then confirm if the required rules to allow the connectivity exists.

^{Figure 1: Representation of security lists applied to a subnet}

You can apply additional security configurations to instances in a subnet using NSGs. A NSG can be applied to one or more virtual network interface card (VNIC) resources in a subnet. If you want only a specific instance or instances in a subnet to be able to communicate to a resource, then NSGs are the way to go.

In the subnet security view, you can view the applied NSGs to a resource. The following diagram shows two NSGs applied to the instance, “instance-demo-1.” By clicking the “Open security details for resource” option, you can see the security rules from both the NSGs and security lists in a single panel. This unified view makes it easy to confirm if the required security rules are there to allow the connectivity.

^{Figure 2: Network security groups applied to an instance}

This illustration shows the benefits of visually representing these complex security rules, which can have one or many relationships at multiple layers for troubleshooting. You can also get to the security list or NSG and update the configuration by simply clicking the resource name.

Introducing subnet level visualization

When you’re planning for virtual network changes, Network Visualizer can provide the required information about the virtual network resources and its relationship to minimize the possibility of misconfigurations. The new subnet view enhances the visual model to provide detailed resource information about the instances and load balancers in the subnet. Whether you want to get an idea of the resources in the subnet or details about a specific resource, this view provides you flexibility. The search capability using name, IP address, or OCID comes handy to find a resource and get to the resource page in single click.

The following diagram shows how you can select a resource and visualize the details in the resource information panel.

^{Figure 3: Subnet inventory view and resource summary}

Troubleshooting network transit issues

In April 2021, we launched a new version of dynamic routing gateways, which allows you to create transit routing across your virtual network and to your on-premises environment. This release of network visualizer enhances the visual representation of your DRG to include this transit routing information. This enhanced view provides details for each attachment and associated route table in a simple to view format. This representation makes it easier for you to troubleshoot any transit routing issues.

The following diagram shows you can easily confirm that the required routes are advertised and learned though the site-to-site VPN tunnels. If you have any issues with routing, you can get to the route table that needs to be updated from the Network Visualizer itself.

^{Figure 4: DRG transit routing information view}

Conclusion

The features and capabilities available with Network Visualizer 2.0 significantly simplify your virtual network operations, overall troubleshooting process, and network design and planning. Network Visualizer is a free service, and you can get started with it today in all regions. For more information, see the Network Visualizer documentation.

Your public cloud requirements are unique. The only way to know if Oracle Cloud Infrastructure is right for you is to try it. We welcome you to sign up for and Oracle Cloud Free Trial or sign in to your account to get started with a range of services, including Network Visualizer.

On behalf of Oracle Cloud Infrastructure, we encourage you to share any product feedback that you have in the comments.