Monitoring

dashboards network dashboards provide a wealth of helpful information data that can assist to monitor, tune, and troubleshoot networks in your tenant they provide at a glance information and allow many clickable areas for "drilling down" to access more specific information where needed all networks the networks dashboard contains summary information for all the networks in the tenant to access the all networks dashboard from the top menu , click networks > dashboard historical graphs network statistics are collected in 5 second intervals, with sums/averages/maxes processed and stored in 5 minute intervals, corresponding to 95th percentile standards to access network graphs from the top menu , click networks > list select the desired network from the left menu , click view from the left menu , click history you can adjust the time period by adjusting the filter dropdown port mirroring port mirroring replicates a network's traffic to a vm nic, allowing packet captures for monitoring and/or diagnostics configure port mirror from the top menu , click networks > list select the desired network from the left menu , click edit set port mirroring north/south copy packets that traverse the network router east/west copy packets that traverse the network router and all intranetwork packets ⚠️ east/west port mirroring is typically only recommended as a temporary setting for diagnostic purposes using it for long durations can impact network performance click submit when port mirroring rules are modified, you must restart the network before they are live configure network from the top menu , click networks > list select the desired network from the left menu , click edit set port mirroring north/south copy packets that traverse the network router east/west copy packets that traverse the network router and all intranetwork packets ⚠️ east/west port mirroring is typically only recommended as a temporary setting for diagnostic purposes using it for long durations can impact network performance click submit restart network when port mirroring rules are modified, you must restart the network before they are live configure vm from the top menu , click virtual machines > list select the desired vm from the left menu , click view from the left menu , click nics from the left menu , click new enter a name for the nic set network to the desired network mirror ℹ️ network mirrors will have mirror suffix click submit restart the vm diagnostics the network diagnostic tools provide comprehensive network troubleshooting capabilities with your tenant these diagnostic commands allow administrators to perform real time network analysis, troubleshoot connectivity issues, and monitor network performance from within the platform's ui accessing diagnostics from the top menu , click networks > list select the desired network from the left menu , click view from the left menu , click diagnostics using diagnostic commands select the desired query from the dropdown menu configure any available parameters on the right side click send toggle the show command to view the exact command being executed this can be useful for script automations command reference arp scan purpose discovers active devices on the local network using arp (address resolution protocol) packets when to use device discovery on network segments verifying network connectivity identifying unauthorized devices parameters target ip range (automatically populated based on network configuration) cli syntax nmap sn \[ip range] arp scans can be disruptive to network performance use carefully in production environments arp table purpose displays the current arp cache showing ip to mac address mappings when to use troubleshooting connectivity issues verifying device mac addresses checking for arp conflicts cli syntax arp a dhcp release/renew purpose forces dhcp lease release and renewal for networks configured as dhcp clients when to use after network reconfiguration resolving ip addressing issues following power outages or network interruptions edge installations requiring ip refresh cli syntax dhclient r && dhclient this command only applies to networks configured to receive ip addresses via dhcp dns lookup purpose tests dns resolution functionality and queries specific hostnames when to use troubleshooting name resolution issues verifying dns server configuration testing external connectivity parameters hostname target hostname to resolve query type a, aaaa, mx, ns, ptr, etc cli syntax nslookup \[hostname] \[dns server] dig \[hostname] \[query type] frrouting bgp/ospf purpose displays routing protocol information for networks using dynamic routing when to use troubleshooting routing issues verifying bgp/ospf neighbor relationships monitoring route advertisements cli syntax vtysh c "show ip bgp" vtysh c "show ip ospf neighbor" this command is primarily used in environments with complex routing requirements ip purpose provides access to linux ip command for advanced interface and routing troubleshooting when to use advanced network interface diagnostics routing table analysis low level network configuration verification parameters command various ip command options (route, addr, link, etc ) cli syntax ip \[command] \[options] common commands ip route show display routing table ip addr show show interface addresses ip link show display network interfaces ipsec purpose controls and monitors ipsec vpn connections and ike daemon when to use troubleshooting vpn connectivity monitoring ipsec tunnel status verifying encryption parameters cli syntax ipsec \[command] logs purpose displays the network container's system logs when to use troubleshooting network service issues reviewing error messages monitoring network events cli syntax journalctl u \[service name] nmap purpose network discovery and security auditing tool for mapping network topology when to use network reconnaissance port scanning service discovery security assessments parameters target ip address or range to scan options various nmap scanning options cli syntax nmap \[options] \[target] ping purpose tests network connectivity using icmp echo requests when to use basic connectivity testing measuring round trip time verifying network path availability parameters destination target ip address or hostname count number of ping packets to send interval time between packets cli syntax ping c \[count] \[destination] show firewall rules purpose displays low level nft format firewall rules when to use advanced firewall troubleshooting verifying rule translation debugging complex firewall configurations cli syntax nft list ruleset tcp connection test purpose tests tcp connectivity to specific ports on remote hosts when to use verifying service availability testing firewall rules troubleshooting application connectivity parameters host target hostname or ip address port tcp port number to test cli syntax telnet \[host] \[port] nc zv \[host] \[port] tcp dump purpose captures and analyzes network packet traffic when to use deep packet inspection protocol analysis security incident investigation performance troubleshooting parameters interface network interface to monitor filter berkeley packet filter (bpf) expression count number of packets to capture cli syntax tcpdump i \[interface] \[filter] packet capture can impact network performance use judiciously in production environments top cpu usage purpose displays processes consuming the most cpu resources on the network container when to use performance troubleshooting identifying resource intensive processes system monitoring cli syntax top o %cpu top network usage purpose shows processes with highest network utilization when to use identifying bandwidth heavy applications network performance analysis troubleshooting network saturation cli syntax iftop nethogs trace route purpose traces the network path packets take to reach a destination when to use identifying routing issues troubleshooting packet loss network path analysis latency troubleshooting parameters destination target ip address or hostname max hops maximum number of hops to trace cli syntax traceroute \[destination] mtr \[destination] trace/debug firewall rules purpose enables detailed logging and tracing of firewall rule processing when to use debugging firewall rule behavior troubleshooting packet filtering issues security policy verification cli syntax nft add rule \[table] \[chain] log prefix "debug " firewall debugging can generate large volumes of log data enable only when necessary and disable after troubleshooting what's my ip purpose displays the network's external ip address as seen by internet services when to use verifying nat configuration confirming external connectivity troubleshooting external access issues cli syntax curl ifconfig me curl ipinfo io/ip