Calculate Path Across AWS Network
NetworkBrain supports end-to-end path calculation in a hybrid/multi-cloud environment, and you can analyze the traffic flow between two endpoints.
- Click Path next to the search bar.
- Enter the IP address of endpoint A in the Source field and the IP address of endpoint B in the Destination field. The available gateways are auto-identified, and you can select the desired one from the Gateway list.
|
Tip: To change the path direction, click the  icon and select the  icon. By default, the system calculates one-way paths.
|
- Click Path to start calculating. Then you can view the diagrammed path on the map with a detailed summary log and the related routing and security check details.
- To view more information about the object or make desired changes, click on the link of each object, and you will be directed to the AWS console.
An AWS VPC consists of an IP range and subnets, and it may also contain cloud-native networking services such as NAT gateway, IGW, VGW, and so on. NetworkBrain can create an AWS VPC router for each VPC to simulate the routing and security check function for this VPC. The subnet is visualized in NetworkBrain's dynamic map via the concept called LAN media. From the dynamic map, you can view different networking objects and how they are connected. NetworkBrain can also support VPC peering and visualize the corresponding peering ID on the dynamic map.
The following sections will introduce a variety of paths that can be calculated and visualized in your AWS network.
Traffic Path Across AWS and On-Premises Network
The following path diagram demonstrates a path from an EC2 instance to an end system in the on-premises network. This transit VPC architecture builds an IPsec tunnel between the customer gateway with the CSR1000v sitting in the transit VPC. The underlay communication is achieved via direct connections via ATT Netbound.
Access Internet Directly
The following path diagram demonstrates how an EC2 instance in a public subnet accesses the Internet directly.
Access Internet via NAT Gateway
The following path diagram demonstrates how NetworkBrain can help you identify the traffic flow when an EC2 instance tries to access the Internet via the NAT gateway. From the path log, you will better understand how the NAT works.
The key to supporting the end-to-end path for the public cloud environment is understanding all routing and security checks across the entire network. You may know AWS does not provide the routing tables for the following networking objects:
- Virtual private gateway
- Direct connect gateway
- Direct connect router
NetworkBrain uses a unique algorithm to build the virtual routing table based on the topology information and route advertisement it captures for the surrounding devices.
Internal Path via TGW
The following path diagram demonstrates how NetworkBrain can help you identify the traffic flow between two EC2s inside AWS via Transit Gateway (TGW).
Network Virtual Appliance Path
The following path diagram demonstrates how NetworkBrain can help you identify the traffic flow across Network Virtual Appliance (NVA) like Cisco ASA Firewall.
