BrainyBeeBrainyBee
Exam Cram Sheet820 words

ANS-C01 Cram Sheet: Network Monitoring & Troubleshooting (Task 3.2)

Monitor and analyze network traffic to troubleshoot and optimize connectivity patterns

ANS-C01 Cram Sheet: Network Monitoring & Troubleshooting

This sheet covers Task 3.2: Monitor and analyze network traffic to troubleshoot and optimize connectivity patterns. Focus on tool selection, metric interpretation, and identifying bottlenecks in AWS and hybrid environments.

Topic Weighting

  • Domain 3: Network Management and Operation (Overall): 20% of the exam.
  • Task 3.2 Priority: High. You will likely see 5-8 questions specifically focused on identifying which tool to use for a specific connectivity failure (e.g., Reachability Analyzer vs. Flow Logs).

Key Concepts Summary

  • VPC Flow Logs: Captures IP traffic metadata (Src/Dest IP, Port, Protocol, Bytes, Action [ACCEPT/REJECT]). Does not capture packet payloads.
  • Reachability Analyzer: A static configuration analysis tool. It checks if a path exists between source and destination without sending actual packets. Great for checking Security Groups and NACLs.
  • VPC Traffic Mirroring: Copying actual raw packets from an ENI to a security appliance. Used for deep packet inspection (DPI), IDS/IPS, and troubleshooting application-level errors.
  • Network Insights Access Analyzer: Identifies if your network resources are reachable from outside your VPC or account.
  • CloudWatch Metrics: Monitors performance values like Volume, Throughput, and Latency (using tools like X-Ray for the latter).
  • Transit Gateway Network Manager: Provides a central dashboard to visualize global networks across regions and on-premises sites via AWS Site-to-Site VPN or Direct Connect.

Visual Selection Logic

Loading Diagram...

Common Pitfalls

  • Confusing Flow Logs with Mirroring: Remember: Flow Logs = Metadata (The "Envelope"); Traffic Mirroring = Payload (The "Letter").
  • MTU Mismatches: Standard MTU is 1500 bytes. Jumbo frames (9001 bytes) are only supported within a VPC or over Direct Connect/Peering if supported by all segments. Mismatches cause packet drops (silent failures).
  • Asymmetric Routing: Traffic enters via one path (Direct Connect) and tries to exit via another (Internet Gateway). Reachability Analyzer helps find these logical breaks.
  • Security Group 'Statefulness': Security groups are stateful. If traffic is allowed IN, return traffic is automatically allowed. If a Flow Log shows REJECT on return traffic, the issue is likely a NACL (stateless).

Mnemonics / Memory Triggers

  • R.A.N. (Reachability Analyzer Network): Checks the Logic (Is the road built?).
  • F.L.O.W. (Follow Logs On Web): Checks the Traffic (Who is driving on the road?).
  • M.I.R.R.O.R. (Manual Inspection of Raw Records): Checks the Cargo (What is inside the truck?).
  • J.L.P.T.: Jitter, Latency, Packet Loss, Throughput (The four horsemen of performance degradation).

Formula / Equation Sheet

MetricDefinitionThreshold/Behavior
LatencyTime for data travel (Source → Dest)Increases with physical distance or congestion.
JitterVariance in delay between packetsCritical for Voice/Video; caused by queueing.
ThroughputActual data rate (bits/sec)Limited by ENI type or bandwidth caps.
Standard MTU1500 BytesUsed for Internet/Inter-region traffic.
Jumbo MTU9001 Bytesintra-VPC, Direct Connect, VPC Peering.

Practice Set

  1. Scenario: A web server in a private subnet cannot reach an S3 bucket via a Gateway Endpoint. Which tool should you use first to verify if the route exists? (Answer: Reachability Analyzer)
  2. Scenario: You suspect a security breach and need to inspect the HTTP headers of incoming traffic. Which feature do you enable? (Answer: VPC Traffic Mirroring)
  3. Scenario: A VPC Flow Log shows a high volume of REJECT actions on port 443. Where should you look first? (Answer: Security Group or NACL inbound rules)
  4. Scenario: Users report intermittent "choppy" audio on a VoIP app. Which metric is likely the culprit? (Answer: Jitter)
  5. Scenario: You need a global view of your hybrid network health including on-prem VPN branches. (Answer: Transit Gateway Network Manager)

Fact Recall Blanks

  • VPC Flow Logs can be published to __________ or __________. (Answers: CloudWatch Logs, Amazon S3)
  • The __________ is a static analysis tool that does not send packets. (Answer: Reachability Analyzer)
  • To trace application-level requests through multiple services, use __________. (Answer: AWS X-Ray)
  • NACLs are __________, meaning you must define both inbound and outbound rules. (Answer: Stateless)

Worked Examples

Example 1: Analyzing a Flow Log Entry

Log Entry: 2 123456789010 eni-1235b8ca 192.168.1.5 10.0.0.1 443 22 6 20 1000 1418530010 1418530070 REJECT OK

  • Analysis:
    1. Source: 192.168.1.5 (On-prem or another subnet)
    2. Dest: 10.0.0.1 (Your instance)
    3. Dest Port: 443 (HTTPS)
    4. Action: REJECT
  • Conclusion: The Security Group or NACL on 10.0.0.1 is blocking incoming HTTPS traffic.

Example 2: Reachability Comparison

\begin{tikzpicture}[node distance=2cm, every node/.style={draw, rectangle, align=center, fill=blue!10}] \node (src) {Source\ENI}; \node (logic) [right=of src, fill=green!10] {Reachability\Analyzer$Logic Check)}; \node (mirror) [below=of logic, fill=orange!10] {Traffic\Mirroring$Packet Copy)}; \node (dest) [right=of logic] {Destination\ENI};

\draw[->, thick] (src) -- (logic); \draw[->, thick] (logic) -- (dest); \draw[->, dashed] (src) |- (mirror);

\node[draw=none, fill=none, font=\small] at (3.5, 0.5) {Checking ACLs/Routes}; \node[draw=none, fill=none, font=\small] at (3.5, -2.5) {Deep Packet Inspection}; \end{tikzpicture}

[!TIP] If the exam asks how to troubleshoot "Connection Refused" (TCP RST), look for application issues or OS firewalls. If it asks about "Connection Timeout," look for AWS Security Groups/NACLs/Routing.

All AWS Certified Advanced Networking - Specialty (ANS-C01) Study Resources

Ready to study AWS Certified Advanced Networking - Specialty (ANS-C01)?

Practice tests, flashcards, and all study notes — free, no sign-up needed.

Start Studying — Free