VPC Reachability Analyzer – Support service to debug AWS network connection – Cuongquach.com | When you manage servers or services in AWS network system, then you will have needs troubleshoot Problems related to the network connection between the service end and the service end destination in AWS.
There can be many configurations related to the network is not through such as: Security Group, NetworkACL, Routing, ENI, …. And then AWS Service Provider VPC Reachability Analyzer to assist you in handling network connectivity problems AWS.
Practice using VPC Reachability Analyzer
Assuming the lab, I have 2 VPC: VPC cuong-quach-1 and VPC cuong-quach-2. On these 2 VPCs, I have one EC2 Instance per VPC.
VPC cuong-quach-1 peering with VPC cuong-quach-2 , but in Route Table of the 2 subnets VPC has not configured the route over each other network => To test the case of network connection failure first.
Now we enter the service: VPC> Reachability Analyzer , to create one “analyze path“.
- Name: give a name to analyze path.
- Source type: source for network service here is Instance at VPC cuong-quach-1.
- Destination type: Using the destination of the network service is Instance at VPC cuong-quach-2.
- Port : 22
- Protocol: TCP
In the “Source type / Destination type”There are several network service start / end points supported AWS.
Once created, wait 1-2 minutes, AWS will analyze the network services of AWS between source and destination to show that source can connect to port destination? As shown below, the connection is not available.
See detailed information, you will see AWS The reason for this is the lack of a Route towards VPC Peering of 2 The VPC is in Route Table are associate with the subnet in the VPC, of which 2 EC2 Instances are on that subnet.
Then go to modify the route in Route Table 2 on the VPC side that has a route to go to the network side of the other VPC through VPC Peering.
Then run again “analyze path“.
After the AWS reanalysis, the results were successful.
When you click on the successful result, AWS will display a map of the route connecting the network from source to destination through devices, services, … any AWS: ENI, Security Group, NetworkACL, Route Table, VPC Peering, …
So you can use the service AWS VPC Reachability Analyzer to debug some connection problems with source and destination services in AWS network.