How to use the path analysis feature - Cloud Enterprise Network

Cloud Enterprise Network (CEN) integrates with Network Intelligence Service (NIS) to provide a path analysis feature. You can use this feature to diagnose network connectivity between resources.

Background information

When you run a path analysis, Network Intelligence Service generates hop-by-hop details of the virtual network path between the source and destination resources. If the destination is unreachable, the service checks the location and cause of the interruption. Path analysis primarily checks the instance status and network configurations. These include the status of network instances, security group configurations, network ACL configurations, route table configurations, and Server Load Balancer configurations. Path analysis does not send data packets or analyze the data plane. You only need to specify the traffic path from the source to the destination. For more information, see Use path analysis.

This topic provides two examples of how to use the path analysis feature in the CEN console: communication between ECS instances in the same region and in different regions.

Example 1: Communication between ECS instances in the same region

路径分析-同地域

Assume that you use CEN to enable network communication between VPC1 and VPC2 in the same region. Before you set up the network for service traffic, you can use the path analysis feature to create analyses for the paths between ECS1 and ECS3, ECS1 and ECS4, ECS2 and ECS3, and ECS2 and ECS4. This helps you diagnose whether the ECS instances in VPC1 and VPC2 can communicate as expected.

The following procedure uses the path analysis between ECS1 and ECS3 as an example to show how to create and use a path analysis. The steps to create path analyses for the other connections are the same and are not repeated.

Create a path analysis between ECS1 and ECS3

Log on to the CEN console.
On the Instances page, click the ID of the CEN instance that you want to manage.
On the details page of the CEN instance, click the Path Analysis tab.
If Network Intelligence Service is not activated, follow the on-screen instructions to activate it.

On the Path Analysis tab, set the parameters as described in the following table, and then click Start Analyzing.

Note

In this example, port 80 of ECS3 is used to test the network connectivity between ECS1 and ECS3. You can select a protocol based on your network environment.

Parameter	Description
Source	Select the source of the path. Network Intelligence Service supports multiple resource types as the source for path analysis. For more information, see Create a path. In this example, set Source Type to ECS and select the ECS1 instance.
Destination	Select the destination of the path. In this example, set Destination Type to ECS and select the ECS3 instance.
Protocol	Select the protocol for the test. In this example, select TCP.
Destination Port	Select the destination port for the test. In this example, select 80.
Storage Path	Select whether to save the current path analysis. If you save the path, you can quickly run the analysis again. Default value: No. This feature is not currently supported.

On the Path Analysis tab, view the analysis result. If the result indicates any issues, fix them and then create a new path analysis to verify that the path is reachable.

Example 2: Communication between ECS instances in different regions

路径分析-跨地域

Assume that you use CEN to enable network communication between VPC1 and VPC2 in different regions. Before you set up the network for service traffic, you can use the path analysis feature to create analyses for the paths between ECS1 and ECS3, ECS1 and ECS4, ECS2 and ECS3, and ECS2 and ECS4. This helps you diagnose whether the ECS instances in VPC1 and VPC2 can communicate as expected.

Create a path analysis between ECS1 and ECS3

Log on to the CEN console.
On the Instances page, click the ID of the CEN instance that you want to manage.
On the details page of the CEN instance, click the Path Analysis tab.

On the Path Analysis tab, set the parameters as described in the following table, and then click Start Analysis.

Note

In this example, the ICMP protocol is used to test the network connectivity between ECS1 and ECS3. You can select a protocol based on your network environment.

Parameter	Description
Source	Select the source of the path. Network Intelligence Service supports multiple resource types as the source for path analysis. For more information, see Create a path. In this example, set Source Type to ECS and select the ECS1 instance.
Destination	Select the destination of the path. In this example, set Destination Type to ECS and select the ECS3 instance.
Protocol	Select the protocol for the test. In this example, select ICMP.
Destination Port	Enter the destination port for the test. This parameter is not required when Protocol is set to ICMP.
Storage Path	Select whether to save the current path analysis. If you save the path, you can quickly run the analysis again. Default value: No. This feature is not currently supported.

On the Path Analysis tab, view the analysis result. If the result indicates any issues, fix them and then create a new path analysis to verify that the path is reachable.
The first path analysis shows that the path between ECS1 and ECS3 is unreachable because the transit router in the China (Shanghai) region does not have a route to VPC2. This is because no inter-region connection exists between the transit routers in the China (Shanghai) and China (Shenzhen) regions. As a result, the transit routers cannot learn the routes of the VPC-connected instances from each other's region, which makes the path unreachable.
To resolve this issue, create an inter-region connection between the transit routers in the China (Shanghai) and China (Shenzhen) regions and enable all advanced features. The two transit routers can then automatically learn the routes of the VPC-connected instances in each other's region. If you run the path analysis again, the result shows that the path between ECS1 and ECS3 is now reachable.