Troubleshooting your network is one of the most important skills you can have because it allows you to take your environment to the next level. I like to think of a network as a stream that flows into bigger rivers.
Learn the basics of networking
Are you interested in networking and need a place to start, or looking to brush up on the basics? Our “Networking Foundations” course takes you through foundational networking concepts without presuming any prior knowledge.
Where should I start the network troubleshooting process?
Just like a stream, your network can become accidentally or purposely blocked up. You need to be aware of dams or debris when you’re tending to your stream. Within your network, security groups, NACLs and routeables act like dams and debris causing water to flow in specific directions. Dams, or intentional rules, point water in directions that can help with power or irrigation, while debris, or accidental or malicious rules, can block off water by accident. When you have connection issues, these are the first places to look for issues.
What are security groups?
Security groups control what direction traffic can flow in relation to your resources. For example, if you have an EC2 instance that you need to connect to, you would put in a rule for port 22 or 3309 from your IP address to allow you, and only you, to connect to that resource.
What are NACLs?
NACLs are the firewalls that help keep your environment safe. They control inbound and outbound rules for your environment that allow traffic to flow either in or out of your environment.
What are route tables?
Route tables control the flow of your environment by allowing you to connect to other VPCs, which connect to other resources giving you endpoints via gateways. There are two types of gateways: transit and internet. Transit gateways connect your VPCs together so you can connect on-premises or other devices to your cloud devices. Internet gateways allow you to connect out to the internet.
When you combine these services, you can keep your environment safe and secure while making sure you can connect to everything you need.
Is network troubleshooting difficult?
Networking is complex and changes all the time. Diagnosing a networking problem requires many kinds of knowledge, precise attention to detail, and excellent problem solving skills. Once you know where to look and what to look for, it’s easy to complete a differential diagnosis of the issue. You just have to make sure to start small and follow a clear path.
Learn more tips to troubleshoot AWS network connectivity
Whether you’re a Solutions Architect, SysOps Engineer, or a Developer, chances are you’ll encounter network connectivity issues at some point in your cloud journey. Learning how to quickly identify and solve networking issues in AWS is a great skill that will serve you well throughout your career.
What are the three most common causes of networking issues?
Ports are closed
Assuming the connection isn’t having any issues from outside sources, your NACLs and security groups control what traffic flows through your environment. Check for rules within your security groups or NACLs that allow you to connect first and foremost. On Windows devices, look for rules with RDP from port 3389. On Linux devices, look for SSH rules on port 22 with your IP address.
Rules aren’t applied to all groups
It’s easy to connect to your devices so long as you have the protocols or rules in place. Rules are often missed because they’re configured on the EC2 section of the console and need to be added to each individual group. One of the most common issues is adding rules to one group but not the other.
Traffic is blocked by rules
The other connection issue you should always look into is your NACLs and route tables, which make sure that only the traffic that you want or need to come into or out of your network is allowed. You need this for things like servers that get out to the internet or if you’re hosting one or several websites. You should also make sure you don’t have redundant rules that can make your environment more complicated.
Where can I get more help with network troubleshooting?
The AWS whitepapers on networking provide valuable, in-depth information from AWS experts. But they can take a while to comb through. For answers to specific questions, Network Engineering Stack Exchange is a forum for network engineers to collaborate on networking issues.
Prepare for AWS Certified Advanced Networking – Specialty 2020 Exam
In this course, we cover the areas of AWS networking and associated services you’ll need to know to obtain the AWS Advanced Networking – Specialty certification and become an AWS networking specialist