Views
Cloud Insights offers a detailed topology of how your cloud native assets are connected together logically, your historical inventory, and a comprehensive end-to-end traffic flow. Events occuring within your cloud infrastructure, such as configuration changes and operational scaling events, are represented in the topology view as well as in the timeline. These visualizations are available in the Cloud Insights section of the ThousandEyes app and as the Cloud layer in Cloud and Enterprise Agents > Views.
Inventory
The inventory shows the cloud topology discovered through your integration with your cloud provider. Inventory reports the last 30 days of ingested data and it is refreshed every 5 minutes.
Amazon Web Services (AWS)
With the Cloud Insights inventory, you can see all your AWS networking, content delivery, and compute assets grouped by asset type, including ALB, NAT Gateway, Internet Gateway, across all AWS accounts, in one dashboard. You can see all your AWS assets in the context of their respective public or private subnets, availability zones (AZ), virtual private cloud instances (VPC), AWS regions, and AWS accounts. The inventory view shows what assets your presently have available in your AWS cloud infrastructure as well as assets from the past that may not be presently available.
Hover over an item to display a tooltip that shows additional details. Click on a security group or subnet to see its details. Filtering assets by service and filtering by tags is also supported.
For more information about Amazon Virtual Private Cloud (VPC), see What is Amazon VPC?.
Traffic Flow Log Analysis
Cloud Insights metrics can be used to visualize change events and traffic flow over time by ingesting VPC flow logs. In addition to the timeline, Cloud Insights provides a traffic table in the area below the timeline. Filters and grouping are also available.
Filtering and Grouping
Traffic views can be filtered by several dimensions, such as by cloud account, region, availability zone, VPC, application, enabling flexible and contextual views of performance. Filter options are available for each local and remote resource. Local resources are where the VPC flow logs are captured. Remote resources are where the VPC flow logs are destined.
Filtering selections are available both above the timeline and below. Click on the ... for additional options.
IP address, Service, and Resource change the view to a 6-hour window. For these metrics, only history for the past 6 hours is rendered in the timeline.
Traffic Flow Metrics
The following traffic flow metrics are available under Cloud Insights views:
Metric
Total Throughput
Sum of VPC Accept Actions for traffic going to or coming from outside AWS. Limited to traffic going through the test ingress point in AWS.
Rejected Bandwidth
Sum of VPC Reject Actions
Connections per Second
Sum of new TCP connections
Rejected connections per second
connections that were dropped to policy enforcement.
Flows per second
The rate at which network flows (sequences of packets with the same 5-tuple: source IP, destination IP, source port, destination port, protocol) are observed in the cloud environment, measured in flows per second.
Skipped Data
Flows that were dropped by AWS due to performance issues, unlike “rejected” that were dropped due to policy enforcement.
For Outside Cloud Throughput, see CEA Cloud Configuration Layer.
Change Event Metrics
Cloud Insights tracks configuration change and operational scaling events and state changes across any element of the virtual infrastructure that serves your application. In addition to problematic infrastructure elements, a common cause for application downtime is changes made by an automated process or a live human. Monitoring change events not only allows you to determine what changed at what time, but also to correlate that change with application availability and other metrics.
To view change event metrics, select All Events from the pop-up menu.
A view of change events is also available in the Cloud layer of the Cloud and Enterprise Agents views. Configuration changes and operational changes are colored on the topology view. Note that not all changes negatively impact applications and services.
Viewing Configuration Changes
You can view a diff of the change, before and after the change event occurred. To view a diff, select a row containing a configuration change from the Events table located below the timeline.
You can also use the Inventory view to show the diff. Click on any row located under the Asset Name header.
Use the Events view to track configuration changes and operational events due to adding or removing instances. You can also back-test the impact of a change on a specific network instance for root cause analysis and troubleshooting.
Table Tab
The table tab displays a list of resources that meet the filter and grouping criteria specified just below the timeline. With the table tab view you can:
Use the grouping and filter criteria to determine what is displayed.
Click on column headers to change the sort order.
Hover over a row to display more details about the row item.
Click the
...at the end of the row to filter based on the selected row item.
Map Tab
The map tab groups cloud environment resources by region and displays them using a map visualization. Use the + and - buttons in the upper right to zoom in and zoom out, respectively. Hover over any item to display more details about the resource.
Cloud and Enterprise Agents (CEA) Views
Cloud Insights are integrated with the Cloud and Enterprise Agents (CEA) views both as a swimlane below the timeline showing configuration change and operational events, and as a traffic topology map.
CEA Cloud Configuration Layer
The Cloud Configuration layer shows your cloud environment behind the Load Balancer that is serving your application. For AWS environments, this can also be the Global Accelerator. This view pulls in your cloud native inventory for the specific service, providing a logical service map of how your application is being served. You can use the traffic layer to visualize how your application is distributed within your cloud provider networks.
The Cloud Configuration layer is available under Cloud and Enterprise Agents views. To navigate to the Cloud Configuration layer, click on the Cloud label to the left of the CEA timeline. If you do not see a Cloud Configuration layer it means you have not configured a supported cloud provider integration.
Available metrics for the Cloud Configuration layer timeline are Outside Cloud Throughput and Event Count. You can choose to display one or both metrics at the same time.
Outside Cloud Throughput is traffic throughput to remote endpoints that are outside of your monitored AWS accounts (could be outside of AWS or in AWS but not monitored). For example, for an externally facing load-balancer this reports how much traffic is entering the cloud and exiting the cloud through this load balancer. You can use Outside Cloud Throughput to analyze relevant traffic and to determine if there is degradation of traffic to that node that could be causing a delay.
Topology Tab
When the Cloud Configuration layer view is selected, the map area below the timeline displays the traffic topology under the Topology tab. The Topology tab offers two views, Service Configuration and Network & Security. The Service Configuration view shows resources that perform different functions and their configurations, such as load balancers and EC2 instances. The Network & Security view shows how the different resources reach each other. This can include network interfaces and security groups.
Service Configuration View
The default view under the Topology tab is the Service Configuration view. Operational events are highlighted in blue while configuration change events are highlighted in green.
To view security group changes, see the Network & Security view.
You can also view a comparison of topology changes without having to manually go back in time on the timeline.
Searching in the Service Configuration View
You can use the search box to locate a specific resource by name. The Service Configuration view will show the found resource highlighted with other resources greyed out.
Network & Security View
The Network & Security view shows the paths traffic travels between the interfaces assigned to each resource. In addition to network interfaces, the Network & Security view also shows firewalls. You can use the Network & Security view to troubleshoot reachability issues along different network paths between resources.
If network and security information available, a shield is shown on the line connecting two resources. To access the Network and Security view, click the shield icon.
Entrypoints can also be prefixed with interface and security group information. This is helpful for monitoring traffic passing through an outside-facing firewall.
Click on the shield icon for the Network & Security view.
To exit the Network & Security view, click on Service Configuration on the upper left corner of the Topology tab section.
Searching in the Network & Security Layer
When you search for a resource that can only be displayed in the Network & Security view, shield icons where the resource can be viewed are highlighted.
Click on a highlighted shield to switch to the Network & Security view to view the found resource.
Note that resources can be repeated in the Network & Security view. In the example above, multiple shield icons are highlighted for the same interface. These are repetitions of the same interface shown in different path configurations.
Amazon Web Services (AWS)
For AWS, the traffic topology tab shows what's behind the AWS Global Accelerator or Load Balancer that is serving your application. You can distinguish between traffic flow that originates outside AWS and is destined in AWS, originates and is destined in AWS, and originates in AWS and is destined outside AWS. This means that you can identify network blindspots in the context of where traffic originates and is destined. You can also see traffic flow size (bytes/sec) between each hierarchical AWS instance, e.g. AWS account, AWS region, VPC, AZ, Subnet, AWS instance, and AWS elastic network interface.
Cross-zone Availability
If you have cross-zone availability configured, these paths are shown in the Network & Security view under the Topology tab. The topology reflects what availability zones a load balancer is actually sending traffic across.
Even when a load balancer has two interfaces and cross-zone is off, it will only show the one configured for the same availability zone as the destination displayed in the topology. If your load balancer is not configured to cross zones, then the view will not show any traffic crossing zones.
Direct Connect
When you click on the shield next to a Direct Connect resource, the Network & Security View shows its configured VIFs (Virtual Interfaces).
Events Tab
If any configuration change or operational events are selected in the traffic layer timeline, they will be listed under the events tab underneath the timeline.
Click on any row to view details of the event. Configuration changes show a diff of the change that was made. For AWS resources, you can click on the blue Explore in AWS button in the upper right corner to access the AWS console.
Traffic Tab
Use the Traffic tab to view a detailed list of servers along with specific throughput metrics. This list can be grouped and filtered using the selection menus at the top of the list. This functions in the same way as the Cloud Insights Table tab.
Last updated