Integration Spotlight: Microsoft Azure Network Watcher

Migrating to the cloud often results in a lack of visibility into the health of the network. These blind spots can result in incidents taking longer to resolve. Microsoft Azure includes a powerful service you can use to remotely monitor and diagnose conditions in, to, and from Azure. Network Watcher informs you of reachability problems, latency, and network topology changes between Azure and a given endpoint – such as a Catchpoint node. This additional insight is even more valuable in hybrid cloud applications, making it much easier to answer the question “Is the problem on-premise, or the cloud, or the application?”

You can now run the full set of Network Watcher tools from Catchpoint, either continuously or ad-hoc, in response to incidents to accelerate the time to detect and resolve issues. By feeding Network Watcher data to Catchpoint, you can take advantage of Catchpoint’s powerful analytics, intelligence, and alerting platform to help detect network problems within Azure and in bidirectional routes between Azure locations & Catchpoint’s 700+ global nodes. Correlating real-time end-user experience metrics with Network Watcher data helps you measure the results of network optimizations and understand the impact the network has on end users.

This post shows you how to check connectivity from your Azure machine to any endpoint and report the results in Catchpoint.

Prerequisites:

• Microsoft Azure portal access.
• One or two Azure VMs.
• Network Watcher extension installed on the VM/s
• Azure Rest API access.
• Catchpoint API test.

Setting up Azure’s Network Watcher

1. Install the Network Watcher extension in your Azure VM.

Here are some of the ways to install the extensions:

• Network Watcher Agent virtual machine extension for Windows
• Network Watcher Agent virtual machine extension for Linux

You can also install the extension when creating/setting up the VM as described here.

1. Create an Azure Network Watcher instance.

Generate Tenant ID, Client ID, and Client Secret

1. Go to Azure Active Directory -> Properties.
2. The Directory ID in the properties’ page is the Tenant ID.

1. To generate the Client ID and Client Secret, go to App registrations. Click on New Application Registration.

1. Give a name to your new app, set Application type to “Web app/API “ and give a single sign-on URL.

1. After saving it, you will see your application properties as shown below. Copy the Application ID, click on Settings and then go to Keys.

1. Enter any Description, select “Never expires” and then paste the Application ID in the Value.

1. Upon saving it, you will see a new value generated. This is the Client Secret value. Copy and save it on a notepad.

Give Azure Active Directory App permission to Azure subscription

1. Go to Azure Portal, click Subscriptions, then click on the Subscription that contains the assets you want to access with the App.
2. Click on Access control (IAM) and then click Add.

1. Select the Role as “Contributor.”
2. Select the Application you have registered in the previous step.
3. Click on Save.

Obtain resource ID of your VM

1. Login to the Catchpoint portal and run an API instant test using the script below . Please make sure that you initialize the required variables.

var subscription_id = “<YOUR_SUBSCRIPTION_ID>”;

var resource_group = “<RESOURCE_GROUP_NAME>”;

var client_id = “<CLIENT_ID>”;

var client_secret = “<CLIENT_SECRET>”;

var tenant_id = “<TENANT_ID>”;

// Step – 1

open(“https://login.microsoftonline.com/${var(tenant_id)}/oauth2/token”)

setNavigatePostData(“grant_type=client_credentials&client_id=${var(client_id)}&client_secret=${var(client_secret)}&resource=https://management.core.windows.net/”)

var token = ${extract(‘resp-content’,’regexp:access_token”:”(.*)”‘)};

// Step – 2

open(“https://management.azure.com/subscriptions/${var(subscription_id)}/ResourceGroups/${var(resource_group)}/providers/Microsoft.Compute/virtualMachines?api-version=2015-05-01-preview”)

setHeader(“Authorization”, “Bearer ${var(token)}”)

setHeader(“Content-type”, “application/json”)

1. Check the response content of the second step and make a note of the VM’s resource ID from which you want to check the connectivity.

Run API test to check the connectivity.

1. Schedule an API test using the script below.
2. Note: Make sure that “Enforce test failure” is set to 120 secs since it takes time to run and obtain the result of this test.

// Step – 1

// Initializations

var subscription_id = “<YOUR_SUBSCRIPTION_ID>”;

var resource_group = “<RESOURCE_GROUP_NAME>”;

var client_id = “<CLIENT_ID>”;

var client_secret = “<CLIENT_SECRET>”;

var tenant_id = “<TENANT_ID>”;

var nw_resrcgrp = “<NETWORK_WATCHER_RESOURCE_GROUP_NAME>”;

var nwatcher_name = “<NETWORK_WATCHER_NAME>”;

var src_resourceId = “<RESOURCE_ID_OF_THE_SOURCE_VM>”;

var src_port = “<SOURCE_PORT>”;//Specify either the dest_address or dest_resourceId. If you are using dest_address, make sure to replace “resourceId” with “address” in the payload of the second step.

var dest_address = “<DESTINATION_ADDRESS_(IP/URL)>”;

var dest_resourceId = “< RESOURCE_ID_OF_THE_DESTINATION_VM >”;

var dest_port = “<DESTINATION_PORT>”;open(“https://login.microsoftonline.com/${var(tenant_id)}/oauth2/token”)

setNavigatePostData(“grant_type=client_credentials&client_id=${var(client_id)}&client_secret=${var(client_secret)}&resource=https://management.core.windows.net/”)

var token = ${extract(‘resp-content’,’regexp:access_token”:”(.*)”‘)};

setStepName(“Generate Token”)// Step – 2

open(“https://management.azure.com/subscriptions/${var(subscription_id)}/resourceGroups/${var(nw_resrcgrp)}/providers/Microsoft.Network/networkWatchers/${var(nwatcher_name)}/connectivityCheck?api-version=2018-02-01”)

setHeader(“Authorization”, “Bearer ${var(token)}”)

setHeader(“Content-type”, “application/json”)

setNavigatePostData(“{ ‘source’: { ‘resourceId’: ‘${var(src_resourceId)}’, ‘port’: ${var(src_port)} }, ‘destination’: { ‘resourceId’: ‘${var(dest_resourceId)}’, ‘port’: ${var(dest_port)} } }”)

pause(“30000”)

var location = ${extract(‘resp-header’,’regexp:Location:[\s](.*)’)};

pause(“30000”)

setStepName(“Check Connectivity”)

// Step – 3

openWhile(“${var(location)}”, “${var(loopCounter, nequals(200))}”)

setHeader(“Authorization”, “Bearer ${var(token)}”)

setHeader(“Content-type”, “application/json”)

var loopCounter = ${Extract(resp-header,”regexp:HTTP\/1\.[01]\s+(\d+)”)};

setStepName(“Wait for Result”)

// Step – 4

open(“${var(location)}”)

setHeader(“Authorization”, “Bearer ${var(token)}”)

setHeader(“Content-type”, “application/json”)

setStepName(“Extract Information”)

//Extract the information from the Response.

//Replace <TOKEN> with the token value generated on the insight setting

var avgLatency = ${extract(“resp-content”,”regexp:avgLatencyInMs\”:[\s](\d+)”)};

setIndicator(“<TOKEN>”, “${var(avgLatency)}”)

var minLatency = ${extract(“resp-content”,”regexp:minLatencyInMs\”:[\s](.*)”)};

setIndicator(“<TOKEN>”, “${var(minLatency)}”)

var connection = ${extract(“resp-content”,”regexp:connectionStatus\”:[\s]\”(.*)\””)};

setTracepoint(“<TOKEN>”, “${var(connection)}”)

var maxLatency = ${extract(“resp-content”,”regexp:maxLatencyInMs\”:[\s](.*)”)};

setIndicator(“<TOKEN>”, “${var(maxLatency)}”)

1. The response of the 4thstep will contain the result of the connectivity check.

1. The JSON response below is an example of the result.

{

“hops”: [

{

“type”: “Source”,

“id”: “8014a48e-4e29-40e4-bea8-24ff5dbbb7c0”,

“address”: “10.0.0.4”,

“resourceId”: “/subscriptions/8ab15bba-509e-4b43-8c3d-84de9f4e3e06/resourceGroups/myresource/providers/Microsoft.Compute/virtualMachines/vm1”,

“nextHopIds”: [

“ccb11459-4a76-4657-8b7e-30d9b7bec637”

],

“links”: [

{

“nextHopId”: “ccb11459-4a76-4657-8b7e-30d9b7bec637”,

“properties”: {

“roundTripTimeMin”: 0,

“roundTripTimeAvg”: 0,

“roundTripTimeMax”: 1

}

}

],

“issues”: []

},

{

“type”: “VirtualNetwork”,

“id”: “ccb11459-4a76-4657-8b7e-30d9b7bec637”,

“address”: “10.0.0.5”,

“resourceId”: “/subscriptions/8ab15bba-509e-4b43-8c3d-84de9f4e3e06/resourceGroups/myresource/providers/Microsoft.Network/networkInterfaces/vm2297/ipConfigurations/ipconfig1”,

“nextHopIds”: [],

“links”: [],

“issues”: [

{

“origin”: “Local”,

“severity”: “Error”,

“type”: “NoListenerOnDestination”,

“context”: []

}

]

}

],

“connectionStatus”: “Reachable”,

“avgLatencyInMs”: 239,

“minLatencyInMs”: 1,

“maxLatencyInMs”: 1003,

“probesSent”: 58,

“probesFailed”: 37

}

Chart the results using Catchpoint

Finally, we can make use of our Insight feature to capture the meaningful data from the response and display it in the portal as metrics.

In the Catchpoint portal, go to Settings->Insights and set up the Tracepoints and Indicators as shown below:

We can make use of the ${Extract} macro to extract the information and store it as a metric. The below-given code snippet is an example that extracts the average latency time and set it as an indicator with the help of setIndicator command.

var avgLatency = ${extract(“resp-content”,”regexp:avgLatencyInMs\”:[\s](\d+)”)};

setIndicator(“i9976”, “${var(avgLatency)}”)

Now, we can draw different charts for the captured custom metrics and analyse it in the Catchpoint portal as the examples given below.