Network testing and validation is an important skill for any networking engineer, and in-depth knowledge is expected for you to pass the Advanced Networking exam. Network testing is an ongoing process that begins when you first configure the network. There are many monitoring, logging, and testing tools offered as services from AWS, and all host operating systems come with network testing utilities built in. In this chapter, we will expand on what you learned in Chapter 5, “Logging and Monitoring.”
The AWS Route Analyzer is a utility that examines the routes in the Transit Gateway routing tables and analyzes the route path from the source and destination IP address that you specify. The utility can be used to validate that the route table is populated with the prefixes you are expecting, as well as validate your routing configurations. Also, it is used to troubleshoot routing issues in your network. The analyzer supports both IPv4 and IPv6 protocols and can analyze both the outgoing and return paths for traffic from the specified destination back to the source.
When working with the Route Analyzer, be aware of the following rules. The analyzer analyzes only the routes in the Transit Gateway route forwarding tables and not any other routing tables such as in the VPC or your internal routers; in addition, the Transit Gateway service must be registered on your network. VPC Flow Logs are needed to capture access control lists and security group rules; the analyzer does not provide that information. You will receive return path information only if there is a valid forward path.
The VPC Reachability Analyzer is used to validate your network connectivity, troubleshoot, identify network configuration issues, and automate validations for connectivity after configuration changes or new deployments. The VPC Reachability Analyzer checks the network path taken by a packet from source to destination. The tool creates a logical model of the configuration and then checks for connectivity. It is important to note that it does not actually send data over the forwarding plane; the reachability is analyzed in code only. Refer to Chapter 5 for an in-depth review of this AWS service.
The ping utility is a command-line tool that tests for device reachability. You execute the ping command from the source using the IP address of the destination you want to test. If there is a reply, you know that there is a network path from the source to the destination. The ping utility has been around since 1983 and is included in all operating systems that support the IP protocol. Just like throwing a tennis ball against the wall and catching it after it bounces back to you, ping sends a packet using the Internet Control Message Protocol (ICMP) to a remote host and measures the time it takes for the echo to return.
ICMP is a network-level protocol that communicates information about network connectivity and sends data back to the source about compromised transmissions. It’s a control message protocol that reports impairments such as destination network unreachable, source route failed, and source quench.
Most ping programs report round-trip times, errors, any packet loss, and a summary of the results. There are switches that can be used to modify their behavior, as shown in Figure 7.7 for Windows.
When running the ping command, a packet is sent to the remote IP address or domain name you specify. The remote device will respond with an ICMP reply packet that includes the original packet sent. If there are errors, codes are given, which vary based on the operating systems and the vendor’s implementation of the utility. Here are some of the more common responses output from the command parser: