Leveraging OMS Network performance monitor to detect network loss

So a new interesting feature came up in my workspace (Network performance monitor) which allows us to monitor network performance between different endpoints. You can read more about it here –> https://azure.microsoft.com/en-us/documentation/articles/log-analytics-network-performance-monitor/#installing-and-configuring-agents-for-the-solution

But in case we can install the OMS agent on two nodes and the OMs agent will then be used to monitor and probe between the two nodes, it then creates a baseline of the health and can also be used to create a network topology map.

NOTE: At this time, this feature is only available for Windows agents, and if you have the OMS agent installed you need to run this PowerShell script to setup iplister on port 8084 and configure some registry keys this feature uses –> https://gallery.technet.microsoft.com/OMS-Network-Performance-04a66634/file/156805/1/EnableRules.ps1

After the PowerShell script has run, it takes about 2 – 5 minutes before the network mapping appears in the OMS workspace

In my case I only have two agents installed on the same virtual network spanning across multiple hosts using VMware NSX so its the same layer two network, but across multiple layer 3 networks. So after you have defined the subnet and given it a network name and attached the subnet and clicked SAVE button you are good to go.

image

By default the network performance monitor includs a default monitor which doesn’t do much, it just checks for sudden changes (network los etc) but we can add our own rules which we can add to particular networks. Such as look at particular network loss or latency.

image

Now if we go back to the workspace portal, we play the waiting game…

 image

And we have confirmed!

image

So to determine if this monitoring worked properly I added a 50 MS latency using a Windows tools on one my agents. Which meant that it would increase the latency between the two agents. And voila! It deteced the latency and triggered an alert!

image

I can also see the baseline change on that particular subnet

image

So what if we change the latency back to zero but change the packet loss to 15% ?

And here we go!

image

I see this feature as an excellent addition to the other features in OMS and with the upcoming release of Wire Data as well, this tool will allow for some great insight, just need some suppor for common flow protocols!

Leave a Reply

Scroll to Top