I want to perform route analysis and monitor my transit gateway Connect attachment. How do I do this using the Route Analyzer in AWS Network Manager?
Resolution
Perform a route analysis to verify connectivity to a transit gateway Connect attachment using the Route Analyzer in AWS Network Manager. Before you can perform route analysis, you must have already done the following:
To perform a route analysis using Network Manager
- Open the Network Manager console.
- In the navigation pane, choose Global networks.
- Select your global network ID.
- In the navigation pane, choose Transit gateway network.
- Choose the Route Analyzer tab.
- For Source, choose the transit gateway and the transit gateway attachment. Then, for IP address, enter a source IPv4 or IPv6 address.
For example, the VPC-A-Attachment can be the Source.
- For Destination, choose the transit gateway and the transit gateway attachment. Then, for IP address, enter a source IPv4 or IPv6 address.
For example, the Connect attachment can be the Destination.
- (Optional) To analyze the return path, be sure that you turn on Include return path in results. If Include return path in results is turned on, you must specify an IP address under Source.
- Choose Run route analysis.
- The results are displayed under the Results of route analysis. Choose the ID of any resource in the path to view more information about the resources.
Note: Use the Reachability Analyzer to verify the connectivity from the appliance Amazon Elastic Compute Cloud (Amazon EC2) instance (running GRE) to the transit gateway. The Reachability Analyzer can verify connectivity for any Amazon EC2 instance to the transit gateway.
Example of Transit Gateway Connect peers
In the following example, the transit gateway has two VPC attachments and one Connect attachment:
- VPC-A and Appliance-VPC are connected to the transit gateway using a VPC attachment.
- The GRE Appliance is deployed in the Appliance-VPC.
- The Connect attachment is built on top of the Appliance-VPC's VPC attachment (the transport attachment).
EC2-A(VPC-A, 172.31.0.0/16)<-->VPC-A-Attachment<-->Transit Gateway<-->Connect Attachment<-->GRE Appliance<-->Appliance-VPC(10.0.0.0/16)<-->EC2-B
IP: 172.31.28.240 IP: 10.0.0.240
For a diagram of this example, see Transit Gateway Connect peers.
Monitoring options
To view the transit gateway's Connect peer status, do the following:
- Open the Network Manager console.
- In the navigation pane, choose Global networks.
- Select your global network ID.
- Choose Transit gateways.
There are three Connect peer statuses:
- Down – The percentage of your total BGP session that is down over the Connect Peer.
- Impaired – The percentage of your total BGP session that is impaired over the Connect Peer.
- Up – The percentage of your total BGP session that is up over the Connect Peer.
To view events for your Connect peer in the global network, choose the Transit gateways tab. Then, select the transit gateway on which you have created the Connect peer. For more information, see Status update events.
You can check the event details in the Amazon CloudWatch console under Logs Insights.
To check the event details, choose /aws/events/networkmanagerloggroup in the US West (Oregon) AWS Region and then run the following command:
Note: Replace global network ARN with the ARN for your global network and transit gateway ARN with the ARN on which you have the Connect peer. Replace event name with one of the following events for Connect Peer:
- A Transit Gateway Connect peer (GRE tunnel) BGP session went down
- A Transit Gateway Connect peer (GRE tunnel) BGP session went up
fields detail.region as Region, detail.changeDescription as Message, resources.1 as Resource, @timestamp as Timestamp
| filter resources.0 = "global network ARN” and resources.1 not like 'core-network-'
and detail.transitGatewayArn= “transit gateway ARN” and detail.changeDescription= “event name”
| sort @timestamp desc
| limit 200
Note: This command works only if you already onboarded to CloudWatch Logs Insights. For more information, see Monitoring your global network with CloudWatch Events.