Azure Monitor Network Insights

Azure Monitor Network Insights provides a comprehensive and visual representation through topologies, of health and metrics for all deployed network resources, without requiring any configuration. It also provides access to network monitoring capabilities like Connection Monitor, flow logging for network security groups (NSGs), and Traffic Analytics. And it provides other network diagnostic features.

Azure Monitor Network Insights is structured around these key components of monitoring:

• Topology
• Network health and metrics
• Connectivity
• Traffic
• Diagnostic Toolkit

Topology

Topology helps you visualize how a resource is configured. It provides a graphic representation of the entire hybrid network for understanding network configuration. Topology is a unified visualization tool for resource inventory and troubleshooting.

It provides an interactive interface to view resources and their relationships in Azure, spanning across multiple subscriptions, resource groups, and locations. You can also drill down to the basic unit of each topology and view the resource view diagram of each unit.

Network health and metrics

The Azure Monitor Network Insights Overview page provides an easy way to visualize the inventory of your networking resources, together with resource health and alerts. It's divided into four key functional areas: search and filtering, resource health and metrics, alerts, and resource view.

Search and filtering

You can customize the resource health and alerts view by using filters like Subscription, Resource Group, and Type.

You can use the search box to search for resources and their associated resources. For example, a public IP is associated with an application gateway. A search for the public IP's DNS name will return both the public IP and the associated application gateway:

Resource health and metrics

In the following example, each tile represents a resource type. The tile displays the number of instances of that resource type deployed across all selected subscriptions. It also displays the health status of the resource. In this example, there are 105 ER and VPN connections deployed. 103 are healthy, and 2 are unavailable.

If you select the unavailable ER and VPN connections, you'll see a metric view:

You can select any item in the grid view. Select the icon in the Health column to get resource health for that connection. Select the value in the Alert column to go to the alerts and metrics page for the connection.

Alerts

The Alert box on the right side of the page provides a view of all alerts generated for the selected resources across all subscriptions. Select the alert counts to go to a detailed alerts page.

Resource view

The Resource view helps you visualize how a resource is configured. The Resource view is currently available for Azure Application Gateway, Azure Virtual WAN, and Azure Load Balancer. For example, for Application Gateway, you can access the resource view by selecting the Application Gateway resource name in the metrics grid view. You can do the same thing for Virtual WAN and Load Balancer.

The resource view for Application Gateway provides a simplified view of how the front-end IPs are connected to the listeners, rules, and backend pool. The connecting lines are color coded and provide additional details based on the backend pool health. The view also provides a detailed view of Application Gateway metrics and metrics for all related backend pools, like Virtual Machine Scale Sets and VM instances.

The dependency graph provides easy navigation to configuration settings. Right-click a backend pool to access other information. For example, if the backend pool is a VM, you can directly access VM Insights and Azure Network Watcher connection troubleshooting to identify connectivity issues:

The search and filter bar on the resource view provides an easy way to search through the graph. For example, if you search for AppGWTestRule in the previous example, the view will scale down to all nodes connected via AppGWTestRule:

Various filters help you scale down to a specific path and state. For example, select only Unhealthy from the Health status list to show all edges for which the state is unhealthy.

Select View detailed metrics to open a preconfigured workbook that provides detailed metrics for the application gateway, all backend pool resources, and front-end IPs.

Connectivity

The Connectivity tab provides an easy way to visualize all tests configured via Connection Monitor and Connection Monitor (classic) for the selected set of subscriptions.

Tests are grouped by Sources and Destinations tiles and display the reachability status for each test. Reachable settings provide easy access to configurations for your reachability criteria, based on checks failed (%) and RTT (ms). After you set the values, the status for each test updates based on the selection criteria.

You can select any source or destination tile to open a metric view:

You can select any item in the grid view. Select the icon in the Reachability column to go to the Connection Monitor portal page and view the hop-by-hop topology and connectivity affecting issues identified. Select the value in the Alert column to go to alerts. Select the graphs in the Checks Failed Percent and Round-Trip Time (ms) columns to go to the metrics page for the selected connection monitor.

The Alert box on the right side of the page provides a view of all alerts generated for the connectivity tests configured across all subscriptions. Select the alert counts to go to a detailed alerts page.

Traffic

The Traffic tab provides access to all NSGs configured for NSG flow logs and Traffic Analytics for the selected set of subscriptions, grouped by location. The search functionality provided on this tab enables you to identify the NSGs configured for the searched IP address. You can search for any IP address in your environment. The tiled regional view will display all NSGs along with the NSG flow logs and Traffic Analytics configuration status.

If you select any region tile, a grid view appears. The grid provides NSG flow logs and Traffic Analytics in a view that's easy to read and configure:

You can select any item in the grid view. Select the icon in the Flowlog Configuration Status column to edit the NSG flow log and Traffic Analytics configuration. Select the value in the Alert column to go to the traffic alerts configured for the selected NSG. Similarly, you can go to the Traffic Analytics view by selecting the Traffic Analytics Workspace.

The Alert box on the right side of the page provides a view of all Traffic Analytics workspace-based alerts across all subscriptions. Select the alert counts to go to a detailed alerts page.

Diagnostic Toolkit

Diagnostic Toolkit provides access to all the diagnostic features available for troubleshooting the network. You can use this drop-down list to access features like packet capture, VPN troubleshooting, connection troubleshooting, next hop, and IP flow verify:

Availability of resources

By default, all networking resources are visible in Network Insights. Customers can select the resource type for viewing resource health and metrics (if available), subscription details, location, etc. A subset of networking resources has been Onboarded. For Onboarded resources, customers have access to a resource specific topology view and a built-in metrics workbook. These out-of-the-box experiences make it easier to explore resource metrics and troubleshoot issues.

Resources that have been onboarded are:

• Application Gateway
• Azure ExpressRoute
• Azure Firewall
• Azure Private Link
• Load Balancer
• Local Network Gateway
• Network Interface
• Network Security Groups
• Public IP addresses
• Route Table / UDR
• Traffic Manager
• Virtual Network
• Virtual Network NAT
• Virtual WAN
• ER/VPN Gateway
• Virtual Hub

Next steps

• Learn more about network monitoring: What is Azure Network Watcher?.
• Learn the scenarios workbooks are designed to support, how to create reports and customize existing reports, and more: Create interactive reports with Azure Monitor workbooks.