Run Application Path Across Azure Network
NetworkBrain uses the concept of Virtual Network Distributed Router (VNet Router) with various resources and features to simplify the Azure Cloud network connections inside and outside the Virtual Network. NetworkBrain also creates a unique algorithm to build the virtual routing table based on the topology info and route advertisement it captures for the surrounding devices. By strictly following Azure’s route selection priority rules, you can choose the best path available if multiple paths exist to the destination.
- Click Path next to the search bar.
- Enter the IP address of endpoint A in the Source field and the IP address of endpoint B in the Destination field. The available gateways are auto-identified, and you can select the desired one from the Gateway list.
|
Tip: To change the path direction, click the  icon and select the  icon. By default, the system calculates one-way paths.
|
- Click Path to start calculating. Then you can view the diagrammed path on the map with a detailed summary log and the related routing and security check details.
The following sections will introduce a variety of paths that can be calculated and visualized in your Azure network.
Traffic Path Across Azure and On-Premises Network
There are different ways to connect an on-premises network to an Azure Virtual Network (VNet):
- Virtual Network Gateway (Type: VPN)
VPN Gateway is a virtual network gateway that sends encrypted traffic between an Azure virtual network and an on-premises location. The encrypted traffic goes over the public Internet. NetworkBrain supports visualizing the topology and path of VPN Gateway as well as the following data tables:
- Azure Neighbor Relationship Table
- Azure Route Dependency Table
- Azure Virtual Route Table
- Azure VNG BGP Advertised Route Table
- Azure VNG BGP learned Route Table
- Azure VNG BGP Peering Table
- IPsec VPN Table
- ExpressRoute Circuit
ExpressRoute circuits connect your on-premises infrastructure to Microsoft through a connectivity provider. NetworkBrain supports visualizing the topology and path of Microsoft Enterprise Edge (MSEE), which connects to ExpressRoute Circuit, as well as the following data tables:
- Azure MSEE ARP Table
- Azure MSEE Route Summary Table
- Azure MSEE Route Table
- Azure Virtual Route Table
- BGP Advertised Routes Table
- Network Virtual Appliance (NVA)
NVA can be loaded with any vendor's virtual machine (VM) images to support networking, security, and other functions. NetworkBrain supports visualizing the topology and path of the VPN Tunnel connection between Azure NVA and on-premises edge devices.
The following diagram demonstrates the path between Azure and the on-premises network, connected by the VPN, ExpressRoute, and VNA.
The following is an example of the path connecting an on-premises network to an Azure Virtual Network (VNet).
Hub-Spoke Network Path
You can visualize the abstract cloud traffic path between different Azure nodes and enhance your efficiency in troubleshooting cloud network issues. The Hub provides a secure network boundary using Network Virtual Appliance (NVA) such as Cisco ASA by checking all inbound and outbound network traffic and passing only the traffic that meets network security rules.
Azure Virtual Network (VNet) Path
Azure Virtual Network (VNet) can be connected via VPC peering or a VPN connection (VNet-to-VNet). NetworkBrain supports visualizing the topology and path of inter and intra Azure Virtual Networks, as well as the following data tables:
- Azure Neighbor Relationship Table
- Azure Route Dependency Table
- Azure Virtual Route Table
- Azure VNet Network Security Groups Table
- Azure VNet Peering Table
- Azure VNet Route Table
- Azure VNet Effective Route Table
The following path demonstrates Azure VNet peering, which connects virtual networks so that workloads in different virtual networks can communicate internally. Thus, the traffic stays within the Azure backbone and does not traverse the public Internet.
Azure Load Balancer Path
Azure Cloud Load Balancing is a fully distributed, software-defined managed service. NetworkBrain supports visualizing the topology and path of both External and Internal Load Balancer, as well as the following data tables:
- Azure LoadBalancer Backend Pools Table
- Azure LoadBalancer Inbound NAT Rules Table
- Azure LoadBalancer Load Balancing Rules Table
- Azure LoadBalancer Outbound Rules Table
- Azure Virtual Route Table
Virtual WAN Path
Azure Virtual WAN is a networking service that combines networking, security, and routing functionalities to provide a single operational interface. NetworkBrain supports visualizing the topology and path of Virtual Hub (VHub), ExpressRoute Gateway, and VPN Gateway of virtual WAN, as well as the following data tables:
- Azure VHub Effective Route Table
- Azure VHub Route Table
- Azure Virtual Route Table
Path Across Subscriptions/Tenants
Azure subscription is an agreement with Microsoft to use one or more Microsoft cloud platforms or services, for which charges accrue based on a per-user license fee or cloud-based resource consumption.
Azure tenant represents an organization, a dedicated and trusted instance of Azure AD automatically created when your organization signs up for a Microsoft cloud service subscription, such as Microsoft Azure, Microsoft Intune, or Microsoft 365.
NetworkBrain supports a dynamic map to visualize the cloud networking resource topology or path crossing different subscriptions or tenants.
- Path across Subscriptions
- Path Across Tenants
