Gaining Visibility into Your Network Topology
When you build your Aviatrix Multicloud Transit Network by launching Aviatrix Gateways and other constructs, Aviatrix CoPilot automatically draws a topology map that shows your current network environment. In Topology, you can search for any objects that are plotted. This allows you to quickly isolate and identify resources that you are looking for in your entire environment and across clouds.
You can run diagnostics for individual gateways in your multicloud network directly from the topology map. Performing diagnostics from Topology can dramatically reduce the time spent troubleshooting issues.
You can use views to show only the parts of your network environment you want to see. You can filter the views using the various properties of your managed resources.
Working with Topology
This section describes the Topology feature of Aviatrix CoPilot.
Topology provides a visual representation of deployed networks, gateways, instances, and gateway connections.
The New Topology Experience option is On by default, and the views on the Overview page described below relate to the New Topology Experience. If you turn this Off, you will see the Classic topology map (if the Old Topology Experiences toggle under Settings > Configuration > General is On).
The Topology feature gives you visibility into your network as follows:
-
Network View (Overview page)
In Topology > Overview > Network View, CoPilot displays a network topology map that shows the logical and physical layout of how managed network resources are connected across multiple clouds. Topology provides a visual representation of deployed networks (VPCs/VNets/VCNs), gateways, instances, and gateway connections. CoPilot automatically draws the map when it connects to Aviatrix Controller.
In the right-hand pane, you can alter the content of the topology map by creating and saving views with selected filters, including latency.
-
Geo View (Overview page)
In Topology > Overview > Geo View, CoPilot displays a geographical map that shows the regions of your managed network resources and their related connections. You can click on the regions to display their VPC/VNets.
As with the dashboard, you can configure the layers to view VPC/VNets, threats, and geoblocked countries.
If Geoblocking is disabled (from Configuration > License tab) this layer is not available. Users with admin permissions can enable the feature. -
Transit View (Transit page)
This view is deprecated. Using the New Topology Experience on the Overview page is recommended instead.
Under Topology > Transit, CoPilot shows the topology of your Aviatrix transit network in relation to your deployed Aviatrix Transit Gateways. By clicking on the Aviatrix transit icon, you can see all the transit VPCs/VNets that are managed by Aviatrix Controller. By clicking on a region icon, you can see the spoke VPC/VNets that the Controller currently manages. By clicking on a spoke VPC/VNet, you can see all network constructs inside that spoke. You can use the search field to find specific resources.
-
Topology Replay (Replay page)
In Topology Replay, CoPilot shows what changed in your environment and when it changed. CoPilot shows when route, credential, and other metrics in your cloud network constructs have changed over time. A timeline panel shows you all of the changes (as change sets) that were recorded over the last month. You can analyze the additions, modifications, and deletions recorded in each change set. You can delete change sets when you no longer need them.
Show Managed Resources by Using Filters
You can filter your network managed resources in the topology map to show only the resources you want.
Topology Resource Field Reference
The topology map’s supported filter fields include identifiers and tags for constructs, health and status metrics, and associative properties like CSP Vendor and Region. This section describes the properties of managed resources you can filter on in the map for Transit Gateway VPC/VNets, Spoke Gateway VPC/VNets, AWS TGWs, and user instances (virtual machines).
Transit VPC/VNet Field Reference
You can filter your Transit VPC/VNet topology in the topology map using the following fields for Transit VPCs (innermost circle of the topology map).
| Transit VPC/VNet Property | Description |
|---|---|
Account Name |
The CSP Account associated with this VPC. |
Cloud |
The CSP that this VPC/VNet belongs to (AWS, Azure, etc.). |
Managed |
Whether or not this VPC is managed by an Aviatrix Gateway. |
Name |
The VPC’s name tag. |
NAT Gateways |
List of the VPC’s NAT Gateways. |
Peer Connections |
List of the VPC’s peer connections. |
Region |
The CSP region where the VPC is located. |
S2C (Site2Cloud) Connections |
List of the VPC’s Site2Cloud tunnels. |
Type |
The Topology construct type (in this case, VPC). |
Virtual Machines |
Number of VM’s (instances) the VPC contains. |
VPC/VNet CIDR |
List of the VPC/VNet’s CIDRs. |
VPC/VNet ID |
The VPC/VNet’s unique identifier. |
Spoke VPC/VNet Field Reference
You can filter your Spoke VPC topology in the topology map using the following fields for Spoke VPC/VNets (second from inner circle in the topology map).
| Spoke VPC/VNet Property | Description |
|---|---|
Account Name |
The CSP Account associated with this VPC. |
Cloud (not shown in list) |
The CSP that this VPC/VNet belongs to (AWS, Azure, etc.). |
Managed |
Whether or not this VPC is managed by an Aviatrix Gateway. |
Name |
The VPC’s name tag. |
NAT Gateways |
List of the VPC’s NAT Gateways. |
Peer Connections |
List of the VPC’s peer connections. |
Region (in a different drop down) |
The CSP region where the VPC is located. |
S2C Connections |
List of the VPC’s Site2Cloud tunnels. |
Type |
The Topology construct type (in this case, VPC). |
Virtual Machines |
Number of VM’s (instances) the VPC contains. |
VPC CIDR |
List of the VPC’s CIDRs. |
VPC ID |
The VPC’s unique identifier. |
Transit Gateway Field Reference
You can filter your Transit Gateway topology in the topology map using the following fields for Transit Gateways virtual machines (second from outermost circle in the topology map).
| Transit Gateway VM Field | Description |
|---|---|
Account Name |
The CSP Account associated with this VPC. |
Associated Gateway |
The Aviatrix Gateway with which this VM is associated. |
Cloud |
The CSP that this VPC belongs to (AWS, Azure, etc.). |
Hypervisor |
The instance’s hypervisor. |
Image ID |
ID of the image from which the instance was built. |
Insane Mode (High Performance Encryption Mode) |
Whether the gateway has high performance encryption active. |
Instance ID |
ID of the image from which the instance was built. |
Instance Size |
The size of the instance (e.g. “t2.micro,"). |
Kernel |
The Linux kernel version of the Gateway instance. |
Launch Time |
The timestamp when the VM (Gateway in this case) was launched. |
License Expiry |
The timestamp when the gateway’s license expires. |
License ID |
The unique identifier of the instance’s license. |
Name |
The name of the instance. |
Private IP |
The private IP of the instance. |
Private DNS Name |
The Private DNS name of the instance. |
Public DNS Name |
The Public DNS name of the instance. |
Public IP |
The Public IP of the instance. |
Region |
The CSP region in which the instance is located. |
Source NAT |
Denotes whether Source NAT is active on this gateway. |
Stateful Firewall |
Denotes whether stateful firewall rules are enabled or disabled on the gateway. |
Status |
Denotes whether the instance is running. |
Subnet ID |
The ID of the instance’s subnet. |
Type |
The Topology construct type (in this case, VPC). |
VPC ID |
The ID of the instance’s VPC. |
VPC Name |
The name of the instance’s VPC. |
Spoke Gateway Field Reference
You can filter your Spoke Gateway topology in the topology map using the following fields for Spoke Gateways virtual machines (second from outermost circle in the topology map).
| Spoke Gateway VM Field | Description |
|---|---|
Account Name |
The CSP Account associated with this VPC. |
Associated Gateway |
The Aviatrix Gateway with which this VM is associated. |
Cloud |
The CSP that this VPC belongs to (AWS, Azure, etc.). |
Hypervisor |
The instance’s hypervisor. |
Image ID |
ID of the image from which the instance was built. |
Insane Mode (High Performance Encryption Mode) |
Whether the gateway has high performance encryption active. |
Instance ID |
ID of the image from which the instance was built. |
Instance Size |
The size of the instance (e.g. “t2.micro,"). |
Kernel |
The Linux kernel version of the Gateway instance. |
Launch Time |
The timestamp when the VM (Gateway in this case) was launched. |
License Expiry |
The timestamp when the gateway’s license expires. |
License ID |
The unique identifier of the instance’s license. |
Name |
The name of the instance. |
Private IP |
The private IP of the instance. |
Private DNS Name |
The Private DNS name of the instance. |
Public DNS Name |
The Public DNS name of the instance. |
Public IP |
The Public IP of the instance. |
Region |
The CSP region in which the instance is located. |
Source NAT |
Denotes whether Source NAT is active on this gateway. |
Stateful Firewall |
Denotes whether stateful firewall rules are enabled or disabled on the gateway. |
Status |
Denotes whether the instance is running. |
Subnet ID |
The ID of the instance’s subnet. |
Type |
The Topology construct type (in this case, Virtual Machine). |
VPC ID |
The ID of the instance’s VPC. |
VPC Name |
The name of the instance’s VPC. |
External Connection Field Reference
You can filter your Site2Cloud external connection topology using the following fields (outermost circle on the topology map).
| External Connection Property | Description |
|---|---|
Name |
The name of the external connection. |
Type |
The Topology construct type (in this case, external connection). |
Cloud |
The cloud that the external connnection belongs to (AWS, Azure, etc.). |
Status |
Denotes whether the external connection is running. |
Remote CIDR |
The CIDR of the external device. |
Associated Gateway |
Column 2, row 6 |
Tunnel Type |
Column 2, row 7 |
Auth Type |
Column 2, row 8 |
IKE Version |
Column 2, row 9 |
AWS TGW Field Reference
You can filter your AWS TGW topology in the topology map using the following fields for AWS TGWs (innermost circle on the topology map).
| AWS TGW Property | Description |
|---|---|
Name |
The name of the AWS Transit Gateway. |
Account Name |
The Aviatrix account that corresponds to an IAM role or account in AWS. |
Region |
One of the AWS regions. |
AWS TGW ASN |
TGW ASN number. The default AS number is 64512. |
AWS TGW CIDR |
The TGW CIDR ranges. |
Instance ID |
ID of the image from which the AWS TGW was built. |
User Virtual Machine Field Reference
You can filter your Virtual Machine topology in the topology map using the following fields for user virtual machines that are in Aviatrix-managed VPCs/VNets (second from outermost circle on the topology map).
| User Virtual Machine Field | Description |
|---|---|
Account Name |
The CSP Account associated with this VPC. |
Associated Gateway |
The Aviatrix Gateway with which this VM is associated. |
Cloud |
The CSP that this VPC belongs to (AWS, Azure, etc.). |
Hypervisor |
The instance’s hypervisor. |
Image ID |
ID of the image from which the instance was built. |
Instance ID |
ID of the image from which the instance was built. |
Instance Size |
The size of the instance (e.g. “t2.micro,"). |
Kernel |
The Linux kernel version of the Gateway instance. |
Launch Time |
The timestamp when the VM (Gateway in this case) was launched. |
Name |
The name of the instance. |
Private IP |
The private IP of the instance. |
Private DNS Name |
The Private DNS name of the instance. |
Public DNS Name |
The Public DNS name of the instance. |
Public IP |
The Public IP of the instance. |
Region |
The CSP region in which the instance is located. |
Status |
Denotes whether the instance is running. |
Subnet ID |
The ID of the instance’s subnet. |
Type |
The Topology construct type (in this case, Virtual Machine). |
VPC ID |
The ID of the instance’s VPC. |
VPC Name |
The name of the instance’s VPC. |
Subnets Field Reference
You can filter your Subnet topology in the topology map using the following fields for subnets that are Aviatrix-managed (third from outermost circle on the topology map).
| Subnet Field | Description |
|---|---|
Account Name |
The CSP Account associated with this VPC. |
Cloud |
The CSP that this VPC belongs to (AWS, Azure, etc.). |
Interface ID |
The ID of the gateway interface the subnet is on. |
Name |
The name of the subnet. |
Region |
The CSP region in which the instance is located. |
Subnet CIDR |
The CIDR of the subnet. |
Subnet ID |
The ID of the instance’s subnet |
Type |
The Topology construct type (in this case, Subnet). |
VPC ID |
The ID of the instance’s VPC. |
VPC Name |
The name of the instance’s VPC. |
Edge Gateway Field Reference
You can filter your Edge Gateway topology in the topology map using the following fields for Edge Gateways (innermost circle on the topology map).
| Edge Gateway Field | Description |
|---|---|
Name |
The name of the Edge Gateway. |
Instance ID |
ID of the image from which the instance was built. |
Associated Gateway |
The Edge Gateway with which this VM is associated. |
Type |
The topology construct type (in this case, Virtual Machine). |
Cloud |
The CSP that the Edge Gateway belongs to (self-managed, Equinix). |
Account Name |
The CSP account associated with this Edge Gateway. |
VPC/VNet ID |
Equals site name. |
Site ID |
Site name for the Edge/Equinix Gateway |
Public IP |
WAN interface IP |
Public DNS Name |
There are Primary/Secondary DNS fields if you add a WAN interface to your Edge Gateway. |
Insane Mode (High Performance Encryption) |
Yes/No |
Source NAT |
True/False |
Status |
Up or Down |
Latencies for Links in Your Network Topology
In Cloud Fabric > Toplogy > Overview (New Topology Experience), you can click the links between resources to show the Connection and Average Latency information.
Viewing a Map of your Network Topology
When you build your Aviatrix Multicloud Transit Network by launching Aviatrix Gateways and other constructs, Aviatrix CoPilot automatically draws a map to show your current network topology.
To view the topology map, go to Cloud Fabric > Topology or type Topology in the navigation search. The Network View is displayed by default.
You can filter the topology map on multiple fields to show only the gateways and constructs you want to see in your network. You can save the conditions to create a topology filter.
Topology Map (New Topology Experience)
In CoPilot release 3.0.1, a new topology map was introduced (Topology New Experience). Use the New Topology Experience toggle to switch to the new map. The new map can display large network topologies.
The illustration below shows the network constructs that are laid out in the five circles of the topology map (Network View).
The following constructs are placed on the circle working from the outermost circle to the innermost circle:
1) External Connections (S2C) (outermost circle)
2) Instances (Virtual Machine instances for Transit, Spoke, and Edge Gateways)
3) Subnets
4) Spoke Gateway VPC/VNets
5) Transit Gateway VPC/VNets (innermost circle)
The following illustration shows a topology map populated with nodes that represent the constructs in the network architecture:
You can apply any number of filters to search for resources in the map.
Topology Legend
Network View
The topology legend in the Network View shows what the colored lines and icons in the Topology indicate.
The colored lines in the Topology map (Network View) denote the following:
-
Green solid line: the attached gateways have Max Performance enabled, and the connection is up.
-
Green dotted line: there is a peering or gateway attachment connection between the two gateways and the connection is up.
-
Red solid line: the attached gateways have Max Performance enabled, and the connection is down.
-
Red dotted line: there is a peering or gateway attachment connection between the two gateways and the connection is down. If you click this connection you see a No data found message.
The colored icons represent the various cloud providers, resource types, Edge resources, and unmanaged assets.
-
User VMs are virtual machines that are not associated with a gateway. They display as Virtual Machine in the Topology.
-
Gateways display as Gateway Virtual Machine in the Topology.
-
Unmanaged assets are VPC/VNets and their related resources that do not contain any Aviatrix gateways and were not created by Aviatrix CoPilot or Controller.
Geo View
The topology legend in the Geo View shows what the colored lines and icons in the topology indicate.
The colored lines in the topology map (Geo View) indicate:
-
Green solid line: all the connections between the regions are up.
-
Orange solid line: some connections between the regions are up, and others are not.
-
Red solid line: all connections between the regions are down.
Topology Map Controls
The following shows the zoom-in, zoom-out, node-expand, and node-collapse topology controls.
For large topologies that have many constructs, you can zoom in to the map for selection of granular nodes to display their properties.
For smaller monitors, you can zoom out of the map to better see the external connections in the outermost circle.
By default, all nodes for your constructs are plotted on the map when you open the Topology page. You can show or hide all subnets and instances under VPC/VNets in your map by using the expand-node and collapse-node controls.
You can also show, hide, or truncate labels in the Topology map.
Diagnostics Tools from Topology Map
When you select a gateway instance (the gateway VMs, in the outermost circle of the map) in your topology map, a Tools button displays below the Properties table.
Click Tools > Gateway Diagnostics to run relevant diagnostics on the selected instance.
| The Tools button displays only when you select individual, not grouped, gateway VMs in the Topology. You might need to drill down into the Topology map before the Tools button displays. |
Viewing Connections in the Topology Map
Gateways that have a peering connection (Transit-Transit, Transit-Spoke, Spoke-Spoke), or a gateway attachment connection (such as Specialty Gateways) show a green or red solid or dotted connection between them. You click the connection to display the Connection and Average Latency details in the right pane.
The table below the average latency graph shows the attachments for the connected gateways and the latency between them in milliseconds (ms).
|
Connections for Transit-Spoke/Spoke-Spoke peerings are merged when you zoom out on the Topology (make sure no filter criteria are applied). You can click on the connection while zoomed out to display hyperlinks for the connections in the right pane. You can click the hyperlinks in the right pane to display latency details for each connection. After you are finished you can click the icon shown to go back to the previous view. |
Setting the Default Topology View
If you have created and saved any Topology views, you can make one of these views the default.
-
On the Topology Network View (New Topology Experience), expand the Views drop-down and select Manage Views. The Manage Views dialog displays.
-
Click the vertical ellipsis
next to the view that you want to use as the default. -
Click Set as Default View.
-
Click Close.
In the Manage Views dialog, you can also remove a view as the default, or delete the view entirely.