All Products
Search

This Product

    Network Intelligence Service:Network inspection

    Document Center

    Network Intelligence Service:Network inspection

    Last Updated:Oct 14, 2024

    Network Intelligence Service (NIS) provides the network inspection feature to allow you to diagnose cloud networks in terms of stability, security, performance, cost optimization, and operational excellence. You can use the cloud network architecture observability service provided by network inspection to identify exceptions and obtain suggestions.

    Use scenarios

    When you deploy or maintain networks or resources, your network configurations may not meet the requirement for best practices if you are unfamiliar with the cloud services that you use. After continuous network optimizations, you may need to manage an excessive number of network instances. Configuring, verifying, and inspecting these resources require large amounts of manpower. To meet this challenge, you can use the network inspection feature, which can help you diagnose the network architecture and resources deployed in the network and provide network optimization suggestions.

    Inspection items

    Inspected resource

    Inspection category

    Inspection item

    Description

    Risks

    Severity level

    Elastic IP Address (EIP)

    Stability

    EIP bandwidth usage check

    Check the bandwidth usage of EIPs and the frequency of packet loss due to high or excess usage of bandwidth within an inspection cycle. This helps you assess whether the current bandwidth usage meets the business development requirement and identify network risks that may cause business interruptions due to insufficient bandwidth.

    An alert indicating that the usage of Internet bandwidth is about to exceed the upper limit is triggered within the last inspection cycle.

    Medium

    An alert indicating that packet loss occurs because the usage of Internet bandwidth exceeds the upper limit is triggered within the last inspection cycle.

    High

    NAT Gateway

    Stability

    NAT gateway load check

    Check the loads of NAT gateways within an inspection cycle, including the number of concurrent connections, number of new connections, traffic processing rate, and loads of SNAT source ports. This helps you assess whether the current resource configuration meets the business development requirements and identify network risks that may cause business interruptions due to insufficient resources.

    An alert indicating that connections are dropped because the number of NAT sessions exceeds the upper limit is triggered within the last inspection cycle.

    Medium

    An alert indicating that new NAT sessions are dropped because the number of new NAT sessions exceeds the upper limit is triggered within the last inspection cycle.

    High

    An alert indicating an SNAT source port allocation failure is triggered within the last inspection cycle.

    High

    The bandwidth usage of the NAT gateway exceeds the upper limit.

    Medium

    NAT gateway high availability check

    The cloud networking solution of Alibaba Cloud suggests that you create a NAT gateway in each zone and configure SNAT and DNAT rules to ensure that resources can use the NAT gateway in the same zone. This way, when a zone is down, resources in other zones can still communicate as normal.

    Resources in different zones share the same NAT gateway.

    Medium

    Cloud Enterprise Network (CEN)

    Stability

    Transit router inter-region bandwidth usage check

    Check the usage of the inter-region bandwidth of CEN instances and the frequency of packet loss due to high or excessive bandwidth usage within an inspection cycle. This helps you assess whether the current bandwidth limit meets the business development requirements and identify network risks that may cause business interruptions due to insufficient bandwidth.

    The usage of inter-region child bandwidth plans is excessively high.

    Medium

    The usage of inter-region bandwidth is excessively high.

    Medium

    An alert indicating that packet loss occurs because the bandwidth usage of inter-region connections exceeds the upper limit is triggered within the last inspection cycle.

    High

    Packet loss occurs because traffic throttling is triggered by the QoS queues of inter-region connections.

    High

    VPC connection bandwidth usage check

    Check the bandwidth usage of connections between virtual private clouds (VPCs) and CEN instances and the frequency of packet loss due to excessive bandwidth usage within an inspection cycle. This helps you assess whether the current bandwidth meets the business development requirements and identify network risks that may cause business interruptions due to insufficient bandwidth.

    An alert indicating that packet loss occurs because the bandwidth usage of VPC connections exceeds the upper limit is triggered within the last inspection cycle.

    High

    Express Connect circuits

    Stability

    BGP connection status check

    Check the status of BGP connections created over Express Connect circuits and the frequency of Express Connect circuit failures within an inspection cycle. This helps you monitor the quality of leased lines and identify stability risks at the earliest opportunity.

    An alert indicating a BGP connection failure is triggered within the last inspection cycle.

    High

    Express Connect circuit check

    Check the status of Express Connect circuits and the frequency of BGP connection failures within an inspection cycle. This helps you monitor the quality of leased lines and identify stability risks at the earliest opportunity.

    An alert indicating an Express Connect circuit or connection failure is triggered within the last inspection cycle.

    High

    VPN Gateway

    Stability

    VPN gateway load check

    Check the loads of VPN gateways, risks of excessive bandwidth usage, frequency of BGP route advertisement overage within an inspection cycle. This helps you assess the health of VPN gateways and identify network risks that may cause business interruptions due to insufficient resources.

    An alert indicating that the number of BGP dynamic routes exceeds the upper limit is triggered within the last inspection cycle.

    High

    The CIDR blocks of the SSL client and SSL server do not have sufficient idle IP addresses.

    Medium

    An alert indicating that the bandwidth usage of the VPN gateway exceeds the upper limit is triggered within the last inspection cycle.

    Medium

    Application Load Balancer (ALB)

    Stability

    ALB instance VIP load check

    Check the loads of the virtual IP addresses (VIPs) of ALB instances within an inspection cycle, including sessions, connections, QPS, and bandwidth. This helps you assess whether the current resource configuration meets the business development requirements and identify network risks that may cause business interruptions due to insufficient resources.

    An alert indicating that new connections are dropped because the number of ALB sessions exceeds the upper limit is triggered within the last inspection cycle.

    High

    An alert indicating that the number of ALB connection failures sharply increases is triggered within the last inspection cycle.

    High

    An alert indicating that the QPS of the ALB instance exceeds the upper limit is triggered within the last inspection cycle.

    High

    An alert indicating that the QPS of the ALB instance exceeds the upper limit is triggered within the last inspection cycle.

    High

    Network Load Balancer (NLB)

    Stability

    NLB instance VIP load check

    Check the loads of the VIPs of NLB instances within an inspection cycle, including new connections and concurrent connections. This helps you assess whether the current resource configuration meets the business development requirements and identify network risks that may cause business interruptions due to insufficient resources.

    An alert indicating that the number of NLB connection failures sharply increases is triggered within the last inspection cycle.

    High

    An alert indicating that new NLB connections are dropped is triggered within the last inspection cycle.

    High

    An alert indicating that the number of NLB new connections exceeds the upper limit is triggered within the last inspection cycle.

    High

    An alert indicating that the number of NLB concurrent connections exceeds the upper limit is triggered within the last inspection cycle.

    High

    Classic Load Balancer (CLB)

    Stability

    CLB instance load check

    Check the loads of CLB instances within an inspection cycle, including sessions, connections, and bandwidth. This helps you assess whether the current resource configuration meets the business development requirements and identify network risks that may cause business interruptions due to insufficient resources.

    An alert indicating that the packet loss occurs because the bandwidth usage of the CLB instance exceeds the upper limit is triggered within the last inspection cycle.

    High

    An alert indicating that new connections are dropped because the number of CLB new sessions exceeds the upper limit is triggered within the last inspection cycle.

    High

    An alert indicating that the number of CLB connection failures sharply increases is triggered within the last inspection cycle.

    High

    Disable a network inspection task

    Note

    • You cannot create custom network inspection tasks. By default, NIS creates a free network inspection task for you. The task inspects your network on a weekly basis and generates reports.

    • You can disable the default network inspection task.

    1. Log on to the NIS console.

    2. In the left-side navigation pane, click Network Inspection.

    3. On the Network Inspection page, find the default network inspection task and click Stop Inspection in the Actions column.

    4. In the message that appears, click OK.

    View network inspection reports

    Note

    The retention period of network inspection reports is one year.

    1. Log on to the NIS console.

    2. In the left-side navigation pane, click Network Inspection.

    3. On the Network Inspection page, find the default network inspection task. Then, you can perform the following operations.

      • View the details of the latest report.

        1. In the Newest Inspection Report column, click View the report to obtain network optimization suggestions.

        2. On the report details page, you can view Basic Information, Inspection Summary, and Inspection Details.

          In the Inspection Details section, you can view abnormal inspection items, optimization suggestions, and affected resources.

      • View historical network inspection reports

        1. In the Newest Inspection Report column, click View historical reports.

        2. In the Historical Inspection Reports section of the Historical Reports page, find the report that you want to view and click its ID. You can also click View Report in the Actions column of the report.

        3. On the report details page, you can view Basic Information, Inspection Summary, and Inspection Details.

          In the Inspection Details section, you can view abnormal inspection items, optimization suggestions, and affected resources.