37_N‐W_Troubleshooting‐Using Network_Path_Analyzer - Nirvan-Pandey/OCI_DOC GitHub Wiki

Network Path Analyzer in Oracle Cloud Infrastructure (OCI)

37_1: Introduction

The Network Path Analyzer is a diagnostic tool in Oracle Cloud Infrastructure (OCI) that simplifies the process of analyzing and troubleshooting network connectivity. This tool allows users to test the reachability between two instances or resources within their OCI network environment on specific ports. Unlike traditional methods where such testing is performed manually using Linux utilities like ping, telnet, or curl, OCI's Network Path Analyzer automates and visually represents the results, making it easier to identify connectivity issues.

This document explains how to use the Network Path Analyzer to test connectivity between two compute instances on port 80 (HTTP) and includes step-by-step instructions with screenshots.

37_2: Overview of Network Path Analyzer

The Network Path Analyzer:

  • Verifies network reachability between two resources, such as compute instances, subnets, or load balancers.
  • Simulates network traffic to determine if firewalls, security lists, or route tables are blocking communication.
  • Provides detailed results, including hop-by-hop network path analysis and error detection.

37_3: Use Case

Scenario

We have two compute instances in OCI:

Instance A (Application_Server) Instance B (User_Sysytem)

image

We will use the Network Path Analyzer to:

Test the reachability from Instance B (User Server) to Instance A (Application Server).

Please note that traffic on port 80 (HTTP) is allowed between the two instances Ingress rules.

This will help ensure that network configurations like route tables, security lists, and firewalls are set up correctly.

37_4: Steps to Use Network Path Analyzer

37_4_1: Accessing Network Path Analyzer

  • Navigate to Networking > Network Command Center > Network Path Analyzer.

image

  • Alternatively you can choose instance and in more actions choose create a source in path analysis . For example, here User_System is the source and we

are trying to reach Application_Server(destination server) at port 80.

image

37_4_2: Policy Creation

  • OCI is stating that 'You are missing some policies that Network Path Analyzer requires in order to run path tests.'

image

  • Click on Setup Network Path Analyzer policies

OCI gives the list of the policies needed to run the path analyzer test. We will set up the network path analyzer policies.

image

Policies are created.

image

image

37_4_3: Setting Up the Test1

  • Specify the name, compartment and protocol(TCP)

image

  • Specify Source and Destination:

For the Source, select Instance User_System, private ip

image

For the Destination, select Instance Application_Server, private ip and port 80

image

image

Set the port to 80 (HTTP).

image

  • Run the Analysis:

image

image

37_4_4: Analyzing the Results1

After running the test, the Network Path Analyzer will display the results, including:

image

Forward Path (User to Application)

image

image

Return Path (Application to User)

image

image

37_4_5: Setting up the Test2

We will disable the port 80 in ingress and will see.

image

Rule Removed.

image

Run the test.

37_4_6: Analyzing the Results2

It did not found the return path, so it failed.

image

37_5: Benefits of Network Path Analyzer

  • Simplified Troubleshooting: Eliminates the need for manual network diagnostics using Linux tools.

  • Real-Time Visualization: Provides a graphical representation of the network path, making it easier to pinpoint issues.

  • Enhanced Accuracy: Identifies issues caused by incorrect security lists, route tables, or NAT configurations.

37_6: Best Practices

  • Use Specific Ports: Always specify the port you need to test (e.g., 80 for HTTP or 443 for HTTPS) to ensure precise diagnostics.

  • Review Security Configurations: Verify that security rules and access control lists (ACLs) allow the required traffic.

  • Document Results: Use screenshots and logs from the tool to document findings and share with your team for resolution or audits.

37_7: Conclusion

The Network Path Analyzer in OCI is a valuable tool for testing and troubleshooting connectivity between resources. By automating the process and providing visual insights, it simplifies network diagnostics and ensures faster resolution of issues. In this example, we successfully tested HTTP connectivity between two instances, demonstrating how the tool can be used for similar scenarios in real-world environments.