DEV Community

Masaki Okuda
Masaki Okuda

Posted on

[Research]simple test on VPC Reachability Analyzer[AWS]

#aws #network #vpc

Introduction

Thank you for always reading our articles!
I was curious about VPC Reachability Analyzer, so I would like to do a simple technical investigation. I will write this article as easy to understand as possible, so I would appreciate it if you would read it.

Target audience

  • Those who want to know about the behavior of VPC Reachability Analyzer.
  • Want to know more about usage scenarios

What's VPC Reachability Analyzer

This feature was released in December 2020. The official AWS blog states the following

Amazon Virtual Private Cloud (VPC) allows customers to launch a logically isolated, dedicated virtual network on the AWS cloud. As customers expand their footprint on the cloud and deploy increasingly complex network architectures, network connectivity issues caused by misconfigurations become time-consuming to resolve. We are excited to announce VPC Reachability Analyzer, a network diagnostic tool that helps resolve reachability issues between two endpoints within a VPC or across multiple VPCs.

Blogs

To put it very simply, it might be easier to understand if you think of it as a tool for analyzing the reachability of communication between resources.

The usage fee is $0.10 per use.
Therefore, running it frequently can result in unexpected increases in costs.

In addition, as stated in the official documentation, there are also some points to note regarding load balancers and firewalls.

Docs

Verification details

There are four things I would like to verify this time:

  • 1. VPC Peering in the same region (same account)

  • 2: VPC Peering between different regions (same account)

  • 3. VPC Peering in the same region (different accounts)

  • 4: VPC Peering between different regions (different accounts)

Verification

We will not go into the details of the preparations that were made prior to the verification, but we did set up the VPC and peering settings.

After setting up, we set up the VPC Reachability Analyzer from TEST-A to each peering connection.
The results are as follows:

1. VPC Peering in the same region (same account)

2: VPC Peering between different regions (same account)

3. VPC Peering in the same region (different accounts)

4: VPC Peering between different regions (different accounts)

Impressions

  • You can check in different regions or in the same region.
  • Analysis costs $0.10 (per session), but the amount of information obtained is limited
  • It is unclear which protocol is used by default (probably UDP)

In my personal opinion, as an analysis tool it is expensive and provides little information, so I don't feel there is much value in using VPC Reachability Analyzer alone.

However, I think that combining it with Amazon Q will help speed up the process of troubleshooting communication problems.
(However, I would like to see improvements made to the inability to troubleshoot BGP issues and check the health of the load balancer.)

Since the scope of this verification was limited to AWS resources, I would like to verify whether it is possible to perform analysis that takes into account on-premises environments.

Thank you for reading this article to the end!!

Digression

There were six updates to the VPC Reachability Analyzer.

Top comments (0)