Views

Cloud Insights offers a detailed topology of how your cloud native assets are connected together logically, your historical inventory, and a comprehensive end-to-end traffic flow. Events occuring within your cloud infrastructure, such as configuration changes and operational scaling events, are represented in the topology view as well as in the timeline. These visualizations are available in the Cloud Insights section of the ThousandEyes app and as the Cloud layer in Cloud and Enterprise Agents > Views.

Inventory

The inventory shows the cloud topology discovered through your integration with your cloud provider. Inventory reports the last 30 days of ingested data and it is refreshed every 5 minutes.

Amazon Web Services (AWS)

With the Cloud Insights inventory, you can see all your AWS networking, content delivery, and compute assets grouped by asset type, including ALB, NAT Gateway, Internet Gateway, across all AWS accounts, in one dashboard. You can see all your AWS assets in the context of their respective public or private subnets, availability zones (AZ), virtual private cloud instances (VPC), AWS regions, and AWS accounts. The inventory view shows what assets your presently have available in your AWS cloud infrastructure as well as assets from the past that may not be presently available.

Cloud Insights inventory view

Hover over an item to display a tooltip that shows additional details. Click on a security group or subnet to see its details. Filtering assets by service and filtering by tags is also supported.

For more information about Amazon Virtual Private Cloud (VPC), see What is Amazon VPC?.

Traffic Flow Log Analysis

Cloud Insights metrics can be used to visualize change events and traffic flow over time by ingesting VPC flow logs. In addition to the timeline, Cloud Insights provides a traffic table in the area below the timeline. Filters and grouping are also available.

Cloud Insights traffic table

Filtering and Grouping

Traffic views can be filtered by several dimensions, such as by cloud account, region, availability zone, VPC, application, enabling flexible and contextual views of performance. Filter options are available for each local and remote resource. Local resources are where the VPC flow logs are captured. Remote resources are where the VPC flow logs are destined.

Filtering selections are available both above the timeline and below. Click on the ... for additional options.

IP address, Service, and Resource change the view to a 6-hour window. For these metrics, only history for the past 6 hours is rendered in the timeline.

Cloud Insights filter options above the timeline
Cloud Insights grouping and filter options below the timeline

Traffic Flow Metrics

The following traffic flow metrics are available under Cloud Insights views:

Metric

Total Throughput

Sum of VPC Accept Actions for traffic going to or coming from outside AWS. Limited to traffic going through the test ingress point in AWS.

Rejected Bandwidth

Sum of VPC Reject Actions

Connections per Second

Sum of new TCP connections

Rejected connections per second

connections that were dropped to policy enforcement.

Flows per second

The rate at which network flows (sequences of packets with the same 5-tuple: source IP, destination IP, source port, destination port, protocol) are observed in the cloud environment, measured in flows per second.

Skipped Data

Flows that were dropped by AWS due to performance issues, unlike “rejected” that were dropped due to policy enforcement.

For Outside Cloud Throughput, see CEA Cloud Configuration Layer.

Change Event Metrics

Cloud Insights tracks configuration change and operational scaling events and state changes across any element of the virtual infrastructure that serves your application. In addition to problematic infrastructure elements, a common cause for application downtime is changes made by an automated process or a live human. Monitoring change events not only allows you to determine what changed at what time, but also to correlate that change with application availability and other metrics.

To view change event metrics, select All Events from the pop-up menu.

Selecting change and operational events

A view of change events is also available in the Cloud layer of the Cloud and Enterprise Agents views. Configuration changes and operational changes are colored on the topology view. Note that not all changes negatively impact applications and services.

Event Count in the CEA views Cloud layer

Viewing Configuration Changes

You can view a diff of the change, before and after the change event occurred. To view a diff, select a row containing a configuration change from the Events table located below the timeline.

Configuration change diff

You can also use the Inventory view to show the diff. Click on any row located under the Asset Name header.

Configuration change diff from the inventory view

Use the Events view to track configuration changes and operational events due to adding or removing instances. You can also back-test the impact of a change on a specific network instance for root cause analysis and troubleshooting.

Table Tab

The table tab displays a list of resources that meet the filter and grouping criteria specified just below the timeline. With the table tab view you can:

  • Use the grouping and filter criteria to determine what is displayed.

  • Click on column headers to change the sort order.

  • Hover over a row to display more details about the row item.

  • Click the ... at the end of the row to filter based on the selected row item.

Cloud Insights Table Tab

Map Tab

The map tab groups cloud environment resources by region and displays them using a map visualization. Use the + and - buttons in the upper right to zoom in and zoom out, respectively. Hover over any item to display more details about the resource.

Cloud Insights Map Tab

Cloud and Enterprise Agents (CEA) Views

Cloud Insights are integrated with the Cloud and Enterprise Agents (CEA) views both as a swimlane below the timeline showing configuration change and operational events, and as a traffic topology map.

Configuration Change and Operational Events are visible in the swimlane below the timeline

CEA Cloud Configuration Layer

The Cloud Configuration layer shows your cloud environment behind the Load Balancer that is serving your application. For AWS environments, this can also be the Global Accelerator. This view pulls in your cloud native inventory for the specific service, providing a logical service map of how your application is being served. You can use the traffic layer to visualize how your application is distributed within your cloud provider networks.

The Cloud Configuration layer is available under Cloud and Enterprise Agents views. To navigate to the Cloud Configuration layer, click on the Cloud label to the left of the CEA timeline. If you do not see a Cloud Configuration layer it means you have not configured a supported cloud provider integration.

Traffic Layer in CEA Views

Available metrics for the Cloud Configuration layer timeline are Outside Cloud Throughput and Event Count. You can choose to display one or both metrics at the same time.

Outside Cloud Throughput is traffic throughput to remote endpoints that are outside of your monitored AWS accounts (could be outside of AWS or in AWS but not monitored). For example, for an externally facing load-balancer this reports how much traffic is entering the cloud and exiting the cloud through this load balancer. You can use Outside Cloud Throughput to analyze relevant traffic and to determine if there is degradation of traffic to that node that could be causing a delay.

When attempting to correlate traffic flow log data with other metrics, a related spike may show up in the next adjacent bucket. This is because traffic flow log data is aggregated every 5 minutes.

Topology Tab

When the Cloud Configuration layer view is selected, the map area below the timeline displays the traffic topology under the Topology tab. The Topology tab offers two views, Service Configuration and Network & Security. The Service Configuration view shows resources that perform different functions and their configurations, such as load balancers and EC2 instances. The Network & Security view shows how the different resources reach each other. This can include network interfaces and security groups.

Service Configuration View

The default view under the Topology tab is the Service Configuration view. Operational events are highlighted in blue while configuration change events are highlighted in green.

Operational Events used to be highlighted in red, now they are highlighted in blue
Configuration Change Events used to be highlighted in blue, now they are highlighted in green.

To view security group changes, see the Network & Security view.

You can also view a comparison of topology changes without having to manually go back in time on the timeline.

Searching in the Service Configuration View

You can use the search box to locate a specific resource by name. The Service Configuration view will show the found resource highlighted with other resources greyed out.

Searching in the Service Configuration view

Network & Security View

The Network & Security view shows the paths traffic travels between the interfaces assigned to each resource. In addition to network interfaces, the Network & Security view also shows firewalls. You can use the Network & Security view to troubleshoot reachability issues along different network paths between resources.

If network and security information available, a shield is shown on the line connecting two resources. To access the Network and Security view, click the shield icon.

Interface Details in the Network & Security View

Entrypoints can also be prefixed with interface and security group information. This is helpful for monitoring traffic passing through an outside-facing firewall.

A prefixed interface in the Service Configuration view

Click on the shield icon for the Network & Security view.

A prefixed interface in the Network & Security view

To exit the Network & Security view, click on Service Configuration on the upper left corner of the Topology tab section.

Click on "Service Configuration" to exit the Network & Security view

Searching in the Network & Security Layer

When you search for a resource that can only be displayed in the Network & Security view, shield icons where the resource can be viewed are highlighted.

Searching for a network interface

Click on a highlighted shield to switch to the Network & Security view to view the found resource.

Viewing a found network resource

Note that resources can be repeated in the Network & Security view. In the example above, multiple shield icons are highlighted for the same interface. These are repetitions of the same interface shown in different path configurations.

Amazon Web Services (AWS)

For AWS, the traffic topology tab shows what's behind the AWS Global Accelerator or Load Balancer that is serving your application. You can distinguish between traffic flow that originates outside AWS and is destined in AWS, originates and is destined in AWS, and originates in AWS and is destined outside AWS. This means that you can identify network blindspots in the context of where traffic originates and is destined. You can also see traffic flow size (bytes/sec) between each hierarchical AWS instance, e.g. AWS account, AWS region, VPC, AZ, Subnet, AWS instance, and AWS elastic network interface.

AWS Traffic Topology Map

Cross-zone Availability

If you have cross-zone availability configured, these paths are shown in the Network & Security view under the Topology tab. The topology reflects what availability zones a load balancer is actually sending traffic across.

Highlighting a single path for a load balancer with cross-zone availability configured
Additional interface detail for a load balancer with cross-zone availability configured
Second path for a load balancer with cross-zone availability configured

Even when a load balancer has two interfaces and cross-zone is off, it will only show the one configured for the same availability zone as the destination displayed in the topology. If your load balancer is not configured to cross zones, then the view will not show any traffic crossing zones.

Load Balancer with multiple instances showing a single instance in the same zone

Direct Connect

When you click on the shield next to a Direct Connect resource, the Network & Security View shows its configured VIFs (Virtual Interfaces).

A Direct Connect gateway in the Network & Security view

Events Tab

If any configuration change or operational events are selected in the traffic layer timeline, they will be listed under the events tab underneath the timeline.

List of configuration change and operational events

Click on any row to view details of the event. Configuration changes show a diff of the change that was made. For AWS resources, you can click on the blue Explore in AWS button in the upper right corner to access the AWS console.

Details of a configuration change

Traffic Tab

Use the Traffic tab to view a detailed list of servers along with specific throughput metrics. This list can be grouped and filtered using the selection menus at the top of the list. This functions in the same way as the Cloud Insights Table tab.

Last updated