Introducing Network Analyzer: One stop shop to detect service and network issues

With networking at the foundation of all cloud deployments and business processes, proactively maintaining network health is mission-critical. The cloud is powerful and dynamic, but can sometimes feel complex, as customers often encounter network issues from unintentionally deploying suboptimal or error-prone configurations.  For example, organizations may deploy changes that unknowingly introduce misconfigurations, contradict best practices, exceed IP address utilization quotas, or suboptimally allocate unused external IPs.  To mitigate such network issues, teams often rely on reactive workflows - manually running time-consuming diagnostics to troubleshoot and resolve issues after a service disruption.  

Google Cloud Networking developed a solution to prevent manual, time-intensive, reactive status quo - which is why we are excited to introduce Network Intelligence Center (NIC)’s  newest module: Network Analyzer.  With Network Analyzer, customers can transform reactive workflows into proactive processes and reduce network and service downtime. Network Analyzer empowers you by auto-detecting failures caused by the underlying network, surfacing  root cause analyses, and suggesting  best practices to improve the availability, performance, and security of services. 

Network Analyzer offers an out-of-the-box  suite of always-on analyzers that continuously monitor GCE and GKE network configuration. These analyzers run in the background, monitoring network services like load balancers, hybrid connectivity, and connectivity to Google services like Cloud SQL. As users continually push out config changes or the metrics for their deployment changes, the relevant analyzers will  automatically surface failure conditions or suboptimal configurations.

Get automatic, proactive notification of service and network issues

Network Analyzer detects failures that can be caused by misconfigurations like setup errors or regressions caused by unintended changes. Customers can automatically detect if Google services like Cloud SQL are not reachable, or if network services like load balancing are not functioning as intended. Network Analyzer also detects the root cause for this failure, such as an invalid route or firewall rule blocking the service reachability.

For example, Network Analyzer can detect:

1. Connectivity issues to Google Services like Cloud SQL. This issue could be  due to an egress firewall rule or a routing issue. 
2. Common misconfigurations with load balancer health checks like firewall is not configured on the VPC network to allow health check probes used by the load balancer, or user-configured firewall rule is blocking the health check IP address range
3. Invalid next hop of a route due to misconfigurations like stopped or deleted VM instance, VM instance with IP forwarding disabled, deleted Internal Load Balancer, deleted VPN tunnel
4. Dynamic routes shadowed by a subnet or static routes as a result of which the dynamic route is not effective
5. GKE networking misconfigurations like connectivity between GKE nodes and their control plane is blocked by misconfigured firewall or routing issues.

Improve availability and efficiency of your services

Network Analyzer codifies Google Cloud’s best practice guidelines for improved availability and performance and helps you optimize usage of Google Cloud resources. It offers best practice recommendations that are relevant to your deployment.

For example, Network Analyzer surfaces suggestions like:

1. External IP address is reserved but not allocated to a resource

2. GKE cluster needs additional authorized network after expanding IP address range

3. Enabling Private Google Access for a private GKE cluster's subnet after the cluster has been created

Predict resource and capacity issues

Network Analyzer detects suboptimal configurations and capacity trends which may lead to network issues in the future. For example, it can detect high IP address utilization of a subnet, which can prevent automatically creating VMs or upgrading GKE clusters.

Surfacing insights through Network Analyzer

Network Analyzer prioritizes and proactively surfaces insights to users at a project level or across multiple projects.

It identifies the root cause of the surfaced insight and provides a link to the documentation with recommendations to fix the insight.

You can refer to the complete list of analyzers here. We are continuously adding new analyzers to this module.

Moving towards Proactive Operations

We are excited to see customers use Network Intelligence Center’s Network Analyzer to adopt a more proactive, event-driven approach to network health and automatically detect and predict network and service issues. View insights for your organization in the Google Cloud Console. Learn more about Network Analyzer and view our complete list of analyzers in our documentation

And as always, please feel free to reach out to the Network Intelligence Center team with your questions and feedback.