Azure Tip: Use Azure Network Watcher to view or download the network topology of a VNet : wmatthyssen

August 09, 2022 August 09, 2022

Azure Tip: Use Azure Network Watcher to view or download the network topology of a VNet
by: wmatthyssen
blow post content copied from Wim Matthyssen
click here to view original post

Most of you will probably at some point require a visual overview of the network topology of one or more virtual networks (VNet)s in your own, your companies or even a customer Azure environment. Luckily, you can use the topology capability of Network Watcher for this.

Like some of you will know, Azure Network Watcher provides tools that allow you to monitor, diagnose, view metrics and gain insight in the performance of network resources in a VNet.

You can use tools like the Connection troubleshoot, which enables you to for example test a connection between an Azure virtual machine (VM) and another Azure VM. Or you can use NSG flow logs, which allows you to log information about IP traffic flowing through an Azure network security group (NSG).

But in this Azure tip blog post, I will show you how easy it is to get a view of a VNet’s network topology by using Network Watcher Topology*.

If you want to read some more about Azure Network Watcher, you can do so via the following Microsoft Docs link: Azure Network Watcher documentation

* You should also keep in mind that Network Watcher Topology supports a limited set of Azure networking resources, which include all of the following: VNet, Subnet, Network Interface, NSG, Load Balancer, Load Balancer Health probe, Public IP, Virtual Network Peering, Virtual network gateway, VPN Gateway Connection, Virtual Machine, and Virtual Machine Scale Set.

Prerequisites

An Azure subscription.
An Azure Administrator account with the necessary RBAC roles.
An existing VNet.
A network watcher enabled in the same region as the VNet you want to generate a topology for.

View a network topology with Network Watcher using the Azure Portal

Logon to the Azure Portal and type in “network watcher” in the Global search bar. Then click on Network Watcher.

In the Network Watcher screen (blade), select Topology under the Monitoring section.

Select a Subscription, the Resource Group of a VNet (all resource groups under the chosen subscription that have a VNet are automatically shown in a drop-down list) you want to view the topology for, and then select the VNet itself. When all are selected the topology of the selected VNet will be shown, like you can also see on the below picture. You can now use this generated topology to analyze, troubleshoot issues, or even identify misconfigurations in this VNet.

Next to this, if you also want to download the topology in SVG file format, you just need to click on Download topology.

When the topology.svg file is downloaded just click on it to see the VNEt’s network topology (you can view an .svg file with Edge or any other modern web browser). Afterwards, you can also use this image to add it in any documentation you want, like for example an Azure environment assessment or Low-Level Design (LLD).

View a network topology in JSON format with Network Watcher using an Azure PowerShell script

You can use the below Azure PowerShell script to get the network topology of a VNet in a JSON output. This output will give you a network level view of all networking resources and their relationships from a specific resource group.
If resources from multiple regions reside in the resource group, only the resources in the same region as the Network Watcher will be included in the JSON output.

To use the script copy and save it as Get-Network-Topology-of-a-VNet-in-JSON-format.ps1 or download it from GitHub. Then run the script with Administrator privileges from Windows Terminal, Visual Studio Code, or Windows PowerShell. Or you can simply run it from Cloud Shell.

Keep in mind that if you are not running the script from Cloud Shell, like when you’re using Windows Terminal, you first need to sign in with the Connect-AzAccount cmdlet to connect with an authenticated account. Next to that if you are using multiple Azure subscriptions, select the proper subscription with the Get-AzSubscription cmdlet before running the script.

## ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Connect to Azure with an authenticated account

Connect-AzAccount

## Select an Azure Subscription

Get-AzSubscription -SubscriptionId <"your Azure Subscirption ID here"> -TenantId <"your Tenant ID here"> | Set-AzContext

## ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Then run the script to get the network topology of a specific VNet in a JSON output.

<#
.SYNOPSIS

An Azure PowerShell script used to get the network topology of a VNet in a JSON output.

.DESCRIPTION

An Azure PowerShell script used to get the network topology of a VNet in a JSON output.
This output will give you a network level view of all networking resources and their relationships from a specific resource group.
If resources from multiple regions reside in the resource group, only the resources in the same region as the Network Watcher will be included in the JSON output.

.NOTES

Filename:       Get-Network-Topology-of-a-VNet-in-JSON-format.ps1
Created:        07/08/2022
Last modified:  07/08/2022
Author:         Wim Matthyssen
Version:        1.0
PowerShell:     Azure PowerShell and Cloud Shell
Requires:       PowerShell Az (v8.1.0) and Az.Network (v4.18.0)
Action:         Change variables were needed to fit your needs.
Disclaimer:     This script is provided "As Is" with no warranties.

.EXAMPLE

Connect-AzAccount
Get-AzSubscription -SubscriptionId <"your Azure Subscirption ID here"> -TenantId <"your Tenant ID here"> | Set-AzContext
.\Get-Network-Topology-of-a-VNet-in-JSON-format.ps1 <your network watcher name here> <your networking resource group here>

-> .\Get-Network-Level-View-of-a-VNet.ps1 nw-hub-myh-we-01 rg-hub-myh-networking-01

.LINK


#>

## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Parameters

param(
    [parameter(Mandatory =$true)][ValidateNotNullOrEmpty()] [string] $networkWatcherName,
    [parameter(Mandatory =$true)][ValidateNotNullOrEmpty()] [string] $vnetResourceGroupName
)

## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Variables

$global:currenttime= Set-PSBreakpoint -Variable currenttime -Mode Read -Action {$global:currenttime= Get-Date -UFormat "%A %m/%d/%Y %R"}
$foregroundColor1 = "Red"
$foregroundColor2 = "Yellow"
$writeEmptyLine = "`n"
$writeSeperatorSpaces = " - "

## ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Retrieve a VNet network level view

# Get the properties of the Network Watcher
$networkWatcher = Get-AzNetworkWatcher -Name $networkWatcherName -ResourceGroupName $networkWatcherResourceGroup

#Get network topology
Get-AzNetworkWatcherTopology -NetworkWatcher $networkWatcher -TargetResourceGroupName $vnetResourceGroupName

Write-Host ($writeEmptyLine + "# VNet network level view created " + $writeSeperatorSpaces + $currentTime)`
-foregroundcolor $foregroundColor2 $writeEmptyLine

## ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Write script completed

Write-Host ($writeEmptyLine + "# Script completed" + $writeSeperatorSpaces + $currentTime)`
-foregroundcolor $foregroundColor1 $writeEmptyLine 

## ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

If you want to export the output to a JSON file, run the script with the Out-File cmdlet at the end, like shown in the below example.

.\Get-Network-Topology-of-a-VNet-in-JSON-format.ps1 nw-hub-myh-we-01 rg-hub-myh-networking-01 | Out-File -FilePath C:\Temp\networkview.json

I hope this tip and Azure PowerShell script can help you whenever you need to get a network topology of a VNet in an Azure environment.

If you have any questions or recommendations about it, feel free to contact me through my Twitter handle (@wmatthyssen) or to just leave a comment.

August 10, 2022 at 01:44AM
Click here for more details...

=============================
The original post is available in Wim Matthyssen by wmatthyssen
this post has been published as it is through automation. Automation script brings all the top bloggers post under a single umbrella.
The purpose of this blog, Follow the top Salesforce bloggers and collect all blogs in a single place through automation.
============================

wmatthyssen

Dotnet Reader

Azure Tip: Use Azure Network Watcher to view or download the network topology of a VNet : wmatthyssen

Prerequisites

View a network topology with Network Watcher using the Azure Portal

View a network topology in JSON format with Network Watcher using an Azure PowerShell script

Post a Comment