Network¶
The network module supports viewing network traffic between hosts, Pods, Deployments, and Services. Based on server and client views, it shows the network traffic and data connections between source IPs and destination IPs in real-time through visualization. This helps businesses understand their system's network operation status, quickly analyze, trace, and locate issues, and prevent or avoid business problems caused by performance degradation or interruptions.
The Guance network module includes three main sections: Summary, Topology, and Network Flow, providing you with a comprehensive analysis of real-time network data.
Prerequisites¶
You need to first register and log in to Guance, and then install DataKit on your host, enabling the eBPF collector.
Concepts¶
| Parameter | Description | Statistical Method |
|---|---|---|
| IP/Port | Targets are aggregated based on IP+port, with up to 100 data entries returned | Grouped statistics by IP/port |
| Sent Bytes | Number of bytes sent from the source host to the target | Sum of all records' sent bytes |
| Received Bytes | Number of bytes received by the source host from the target | Sum of all records' received bytes |
| TCP Delay | TCP delay from the source host to the target | Average value |
| TCP Fluctuation | Fluctuation in TCP delay from the source host to the target | Average value |
| TCP Connections | Number of TCP connections from the source host to the target | Total sum |
| TCP Retransmissions | Number of TCP retransmissions from the source host to the target | Total sum |
| TCP Closures | Number of TCP closures from the source host to the target | Total sum |
Summary¶
Navigate to Infrastructure > Network, and by default, you will enter the Host Summary page:
You can click on the host to switch to Pod, Deployment, and Service components:
Network Path¶
Using the host network as an example, you can view the network traffic and data connections between client and server in the list, including the client, server, TCP retransmission count, TCP connection count, TCP closure count, TCP delay, sent bytes, and received bytes.
Clicking settings allows you to customize the displayed columns:
Note: Changes to customized display fields are user-level and not globally saved.
Analysis Chart¶
On the current host network summary page, you can view trend changes for different parameters over various time periods.
Quick Filter¶
On the summary page, quick filtering mainly includes transmission direction, transmission protocol, host, PID, and related fields for client and server filters:
Combinations of Transmission Direction and Protocol
Currently, network performance monitoring based on TCP and UDP protocols is supported. Combined with incoming and outgoing, there are six selection options:
incoming + no protocol distinction
incoming + TCP protocol
incoming + UDP protocol
outgoing + no protocol distinction
outgoing + TCP protocol
outgoing + UDP protocol
Time Widget¶
Under the summary mode, the time widget allows you to control the data display range of the current list according to your needs. You can quickly select built-in time ranges or set custom time ranges.
For more details, refer to How to Use the Time Widget.
List Details¶
Using the host network as an example, after successful collection of host network data, it will be reported to the Guance console. Clicking on a network data entry in the list opens the details page where you can view all network performance monitoring data information within the workspace, including the top section showing client-server transmission direction, analysis charts, and network connection analysis.
To avoid query failures due to excessive return query quantities, you can choose to statistically summarize by IP dimension for the current data.
Warning
-
Currently, only Linux systems are supported, and except for CentOS 7.6+ and Ubuntu 16.04, other distributions require a Linux kernel version higher than 4.0.0;
-
Host network traffic data is retained for the last 48 hours by default; Free Plan retains data for the last 24 hours by default;
-
In the host details page, when entering Network, the time widget defaults to fetching data from the last 15 minutes and does not support automatic refreshes, requiring manual clicks to refresh and obtain new data.
Within the details page, it also includes other operations such as the time widget, search, binding to built-in views, and export. Refer to Effective Use of the Details Page.
Pod, Deployment, Service Data Details¶
Within the details page, you can view the corresponding object names and switch between L4 and L7 networks for data viewing.
Network Connection Analysis¶
Within the details page > Network Connection Analysis, you can further view network connection data, including clients, servers, transmission direction, sent bytes, received bytes, TCP delay, and TCP retransmission counts.
Additionally, you can customize displayed fields via the Settings button or add filter conditions for connection data to filter all string-type keyword fields. If you need to view more detailed network connection data, clicking on that data will allow you to view its corresponding network flow data.
Topology¶
Click to navigate to Infrastructure > Network > Topology to view upstream and downstream distribution.
Using the host as an example, it supports visual querying of network traffic between hosts within the current workspace, allowing for rapid analysis of TCP delays, TCP fluctuations, TCP retransmission counts, TCP connection counts, and TCP closure counts between different hosts.
-
Time widget: Defaults to fetching data from the last 48 hours and does not support automatic refreshes, requiring manual clicks to refresh and obtain new data;
-
Search and Filtering: You can quickly search hostnames using fuzzy matching based on keywords or display host nodes and their associated relationships based on filtered tags;
-
Filling: You can fill host nodes with custom values. The size and custom range of the fill value will determine the color of the filled host nodes. Multiple filling indicators such as TCP delay, TCP fluctuation, TCP retransmission counts, TCP connection counts, and TCP closure counts are supported;
-
Host Nodes:
-
Host node icons are divided into regular hosts and cloud hosts, with cloud hosts displaying the logo of the cloud service provider;
-
The edge color of host nodes displays corresponding segment colors based on the field values and custom ranges;
-
Host nodes are connected by lines representing network traffic. The lines are bidirectional curves showing the incoming/outgoing direction of traffic from the source host to the target host;
-
The size of host nodes is determined based on the inbound traffic volume of the current node;
-
The thickness of host nodes is determined based on the inbound/outbound traffic data of the acquired nodes.
-
-
Custom Range: You can enable Custom Range to define legend color ranges for the selected filling indicator. The legend colors will be equally divided into five segments based on the maximum and minimum values, each automatically corresponding to five different colors. Lines and nodes outside the data range will be grayed out.
-
Mouse Hover: Hovering over a host object node displays the number of sent bytes, received bytes, TCP delay, TCP fluctuation, TCP retransmission count, TCP connection count, and TCP closure count.
Note: If the target host is not in the current workspace but the target domain exists and the port number is less than 10,000, the target domain will be displayed in the topology diagram.
Correlation Analysis¶
Clicking on the host/Pod/Deployment/Services icon and selecting View Upstream and Downstream, you can view the upstream and downstream node associations of the current node. Additionally, you can view host/Pod/Deployment/Services details, correlated logs, correlated traces, and correlated events, navigating accordingly upon clicking.
Clicking the Return to Summary button in the upper-left corner returns you to the original network map. Searching or filtering in the search box filters the associated upstream and downstream nodes, displaying matching associated upstream and downstream nodes based on the search or filtering results.
Network Flow Data¶
As mentioned earlier, you can view network flow data in the list details page. Additionally, on the Summary or Topology page, clicking the View Network Flow Data button in the upper-right corner navigates you to the corresponding page. You can view L4 (netflow) and L7 (httpflow) network flow data on the timeline. All network flow data auto-refreshes every 30 seconds, displaying data from the last 15 minutes by default.
Switching between L4 Network Flow and L7 Network Flow above allows you to switch between different schedules for data viewing.
On the current page, it also includes other operations such as the time widget, search, saving snapshots, and displaying columns. Refer to The Power of the Explorer.
<!--
Host Network List¶
In Infrastructure > Network, selecting Host allows switching to the host network list to view network traffic and data connections between source host IP/ports and target IP/ports, including TCP retransmission counts, TCP connection counts, TCP closure counts, TCP delays, sent bytes, and received bytes.
Note: Due to the network pre-aggregation time unit being minutes, there may be slight differences between data in network list mode and the details page. In case of discrepancies, please refer to the content of the details page.
Pods Network¶
Pods Topology Diagram¶
In Infrastructure > Network, selecting Pods allows you to view the Pods network distribution. In the Pods Network Map, you can visually query network traffic between Pods in the current workspace, quickly analyzing TCP delays, TCP fluctuations, TCP retransmission counts, TCP connection counts, TCP closure counts, sent bytes, received bytes, requests per second, error rates, and average response times between different Pods.
-
Time widget: Defaults to fetching data from the last 15 minutes and does not support automatic refreshes, requiring manual clicks to refresh and obtain new data;
-
Search and Filtering: You can quickly search Pods names using fuzzy matching based on keywords or display Pods and their associated relationships based on filtered tags;
-
Filling: You can fill host nodes with custom values. The size and custom range of the fill value will determine the color of the filled host nodes. Indicators such as TCP delay, TCP fluctuation, TCP retransmission counts, TCP connection counts, TCP closure counts, sent bytes, received bytes, requests per second, error rates, and average response times for seven-layer network fills are supported.
-
Pods Nodes:
-
The edge color of Pods nodes displays corresponding segment colors based on the field values and custom ranges;
-
Pods nodes are connected by lines representing network traffic. The lines are bidirectional curves showing the incoming/outgoing direction of traffic from the source Pods to the target Pods;
-
The size of Pods nodes is determined based on the inbound traffic volume of the current node;
-
The thickness of Pods nodes is determined based on the inbound/outbound traffic data of the acquired nodes;
-
-
Custom Range: You can enable Custom Range to define legend color ranges for the selected filling indicator. The legend colors will be equally divided into five segments based on the maximum and minimum values, each automatically corresponding to five different colors. Lines and nodes outside the data range will be grayed out.
-
Mouse Hover: Hovering over a Pods node displays sent bytes, received bytes, TCP delay, TCP fluctuation, TCP retransmission counts, TCP connection counts, TCP closure counts, sent bytes, received bytes, requests per second, error rates, and average response times.
Pods Network List¶
In Infrastructure > Network, selecting Pods allows switching to the Pods network list to view network traffic, data connections, and status codes between source Pods IP/ports and target IP/ports, including TCP delays, sent bytes, received bytes, request counts, 3xx status codes, and 4xx status codes.
Note: Due to the network pre-aggregation time unit being minutes, there may be slight differences between data in network list mode and the details page. In case of discrepancies, please refer to the content of the details page.
Pods Network Details¶
The Pods network supports viewing network traffic between Pods. It supports viewing network traffic and data connections between source IPs and target IPs based on IP/ports, displaying them in real-time through visualization to help businesses understand their system's network operation status, quickly analyze, trace, and locate issue faults, and prevent or avoid business problems caused by performance degradation or interruptions.
After successful collection of Pods network data, it will be reported to the Guance console. In Network > Pods, clicking to view network details allows you to see all Pods network performance monitoring data information within the workspace.
Warning
- Currently, only Linux systems are supported, and except for CentOS 7.6+ and Ubuntu 16.04, other distributions require a Linux kernel version higher than 4.0.0;
- Pods network traffic data is retained for the last 48 hours by default; Free Plan retains data for the last 24 hours by default;
- In the Pods details page, clicking to enter Network, the time widget defaults to fetching data from the last 15 minutes and does not support automatic refreshes, requiring manual clicks to refresh and obtain new data;
TCP, UDP Protocols¶
The Pods network supports network performance monitoring based on TCP and UDP protocols. Combined with incoming and outgoing, there are six selection options:
- incoming + no protocol distinction
- incoming + tcp protocol
- incoming + udp protocol
- outgoing + no protocol distinction
- outgoing + tcp protocol
- outgoing + udp protocol
Parameter Description¶
| Parameter | Description | Statistical Method |
|---|---|---|
| IP/Port | Targets are aggregated based on IP+port, with up to 100 data entries returned | Grouped statistics by IP/port |
| Sent Bytes | Number of bytes sent from the source host to the target | Sum of all records' sent bytes |
| Received Bytes | Number of bytes received by the source host from the target | Sum of all records' received bytes |
| TCP Delay | TCP delay from the source host to the target | Average value |
| TCP Fluctuation | Fluctuation in TCP delay from the source host to the target | Average value |
| TCP Connections | Number of TCP connections from the source host to the target | Total sum |
| TCP Retransmissions | Number of TCP retransmissions from the source host to the target | Total sum |
| TCP Closures | Number of TCP closures from the source host to the target | Total sum |
Network Connection Analysis¶
Guance supports viewing Pods network connection data, including source IP/port, destination IP/port, sent bytes, received bytes, TCP delay, and TCP retransmission counts.
Additionally, you can customize displayed fields via the Settings button or add filter conditions for connection data to filter all string-type keywords. If you need to view more detailed network connection data, clicking on that data or View Network Flow Data allows you to see the corresponding network flow data.
HTTP Protocol¶
The Pods network supports seven-layer network performance monitoring based on the HTTP protocol.
Parameter Description¶
| Parameter | Description | Statistical Method |
|---|---|---|
| Request Count | Total number of requests within the time range for the current Pods | Sum |
| Average Requests Per Second | "Total number of requests for the current Pods / total request duration" within the time range | Average Value |
| Average Response Time | Response time for the current Pods within the time range | Average Value |
| Error Count | Total number of request errors within the time range for the current Pods, i.e., the sum of status_code fields with values of 4xx, 5xx | Sum |
| Error Rate | "Request error count / total number of requests" value within the time range for the current Pods | Percentage |
Network Connection Analysis¶
Guance supports viewing visualized trends of Pods network request counts, error counts, and error rates. It also supports viewing Pods network connection analysis, including source IP/port, destination IP/port, status code, request method, and response time.
Additionally, you can customize displayed fields via the Settings button or add filter conditions for connection data to filter all string-type keywords. If you need to view more detailed network connection data, clicking on that data or View Network Flow Data allows you to see the corresponding network flow data.
View Network Flow Data¶
Guance supports viewing network flow data, automatically refreshing every 30 seconds, displaying data from the last day by default, including time, source IP/port, destination IP/port, status code, request method, and response time.
Additionally, you can customize displayed fields via the Settings button or add filter conditions for network flow data to filter all string-type keywords.
Deployments Network¶
Deployments Topology Diagram¶
In Infrastructure > Network, selecting Deployment allows you to view the Deployments network distribution. In the Deployments Network Map, you can visually query network traffic between Deployments in the current workspace, quickly analyzing TCP delays, TCP fluctuations, TCP retransmission counts, TCP connection counts, TCP closure counts, sent bytes, received bytes, requests per second, error rates, and average response times between different Deployments.
-
Time widget: Defaults to fetching data from the last 15 minutes and does not support automatic refreshes, requiring manual clicks to refresh and obtain new data;
-
Search and Filtering: You can quickly search Deployments names using fuzzy matching based on keywords or display Deployments and their associated relationships based on filtered tags;
-
Filling: You can fill host nodes with custom values. The size and custom range of the fill value will determine the color of the filled host nodes. Indicators such as TCP delay, TCP fluctuation, TCP retransmission counts, TCP connection counts, TCP closure counts, sent bytes, received bytes, requests per second, error rates, and average response times for seven-layer network fills are supported;
-
Deployments Nodes:
-
The edge color of Deployments nodes displays corresponding segment colors based on the field values and custom ranges;
-
Deployments nodes are connected by lines representing network traffic. The lines are bidirectional curves showing the incoming/outgoing direction of traffic from the source Deployments to the target Deployments;
-
The size of Deployments nodes is determined based on the inbound traffic volume of the current node;
-
The thickness of Deployments nodes is determined based on the inbound/outbound traffic data of the acquired nodes.
-
-
Custom Range: You can enable Custom Range to define legend color ranges for the selected filling indicator. The legend colors will be equally divided into five segments based on the maximum and minimum values, each automatically corresponding to five different colors. Lines and nodes outside the data range will be grayed out;
-
Mouse Hover: Hovering over a Deployments node displays sent bytes, received bytes, TCP delay, TCP fluctuation, TCP retransmission counts, TCP connection counts, TCP closure counts, sent bytes, received bytes, requests per second, error rates, and average response times.
Deployments Network List¶
In Infrastructure > Network, selecting Deployment allows switching to the Deployments network list to view network traffic, data connections, and status codes between source Deployments IP/ports and target IP/ports, including TCP delays, sent bytes, received bytes, request counts, 3xx status codes, and 4xx status codes.
Warning
Due to the network pre-aggregation time unit being minutes, there may be slight differences between data in network list mode and the details page. In case of discrepancies, please refer to the content of the details page.
Deployments Network Details¶
The Deployments network supports viewing network traffic between Deployments. It supports viewing network traffic and data connections between source IPs and target IPs based on IP/ports, displaying them in real-time through visualization to help businesses understand their system's network operation status, quickly analyze, trace, and locate issue faults, and prevent or avoid business problems caused by performance degradation or interruptions.
After successful collection of Deployments network data, it will be reported to the Guance console. You can view the network performance monitoring data information for the current Deployments in Network > Deployment by clicking to view network details.
Warning
- Currently, only Linux systems are supported, and except for CentOS 7.6+ and Ubuntu 16.04, other distributions require a Linux kernel version higher than 4.0.0;
- Deployments network traffic data is retained for the last 48 hours by default; Free Plan retains data for the last 24 hours by default;
- In the Deployments details page, clicking to enter Network, the time widget defaults to fetching data from the last 15 minutes and does not support automatic refreshes, requiring manual clicks to refresh and obtain new data.
TCP, UDP Protocols¶
The Deployments network supports network performance monitoring based on TCP and UDP protocols. Combined with incoming and outgoing, there are six selection options:
- incoming + no protocol distinction
- incoming + tcp protocol
- incoming + udp protocol
- outgoing + no protocol distinction
- outgoing + tcp protocol
- outgoing + udp protocol
Parameter Description¶
| Parameter | Description | Statistical Method |
|---|---|---|
| IP/Port | Targets are aggregated based on IP+port, with up to 100 data entries returned | Grouped statistics by IP/port |
| Sent Bytes | Number of bytes sent from the source host to the target | Sum of all records' sent bytes |
| Received Bytes | Number of bytes received by the source host from the target | Sum of all records' received bytes |
| TCP Delay | TCP delay from the source host to the target | Average value |
| TCP Fluctuation | Fluctuation in TCP delay from the source host to the target | Average value |
| TCP Connections | Number of TCP connections from the source host to the target | Total sum |
| TCP Retransmissions | Number of TCP retransmissions from the source host to the target | Total sum |
| TCP Closures | Number of TCP closures from the source host to the target | Total sum |
Network Connection Analysis¶
Guance supports viewing Deployments network connection data, including source IP/port, destination IP/port, sent bytes, received bytes, TCP delay, and TCP retransmission counts.
Additionally, you can customize displayed fields via the Settings button or add filter conditions for connection data to filter all string-type keywords. If you need to view more detailed network connection data, clicking on that data or View Network Flow Data allows you to see the corresponding network flow data.
HTTP Protocol¶
Pods network supports seven-layer network performance monitoring based on the HTTP protocol.
Parameter Description¶
| Parameter | Description | Statistical Method |
|---|---|---|
| Request Count | Total number of requests within the time range for the current Pods | Sum |
| Average Requests Per Second | "Total number of requests for the current Pods / total request duration" within the time range | Average Value |
| Average Response Time | Response time for the current Pods within the time range | Average Value |
| Error Count | Total number of request errors within the time range for the current Pods, i.e., the sum of status_code fields with values of 4xx, 5xx | Sum |
| Error Rate | "Request error count / total number of requests" value within the time range for the current Pods | Percentage |
Network Connection Analysis¶
Guance supports viewing visualized trends of Pods network request counts, error counts, and error rates. It also supports viewing Pods network connection analysis, including source IP/port, destination IP/port, status code, request method, and response time.
Additionally, you can customize displayed fields via the Settings button or add filter conditions for connection data to filter all string-type keywords. If you need to view more detailed network connection data, clicking on that data or View Network Flow Data allows you to see the corresponding network flow data.
View Network Flow Data¶
Guance supports viewing network flow data, automatically refreshing every 30 seconds, displaying data from the last day by default, including time, source IP/port, destination IP/port, status code, request method, and response time.
Additionally, you can customize displayed fields via the Settings button or add filter conditions for network flow data to filter all string-type keywords.
Services Network¶
In K8S environments, you can use the Services network topology diagram to view the request relationships between various Services in the K8S environment and judge their status based on the topology diagram color. When you discover a Services with connection issues, you can view the corresponding logs of that Services to locate the problem.
Warning
Only supports viewing Services network data in K8S environments, operating system is Linux, and version is higher than 4.0, data retention time is 48 hours.
Services Topology Diagram¶
Guance supports displaying traffic, requests, response times, and error rates between various Services through a topology diagram based on seven-layer network data. In Infrastructure > Network, selecting "Service" allows you to view the Services network distribution, including requests per second, error rates, and average response times between Services.
- Time widget: Defaults to fetching data from the last 15 minutes and does not support automatic refreshes, requiring manual clicks to refresh and obtain new data;
- Search and Filtering: You can quickly search Services names using fuzzy matching based on keywords or display Services and their associated relationships based on filtered tags;
- Filling: You can fill Services nodes with custom values. The size and custom range of the fill value will determine the color of the filled Services nodes. Supports choosing requests per second, error rates, and average response times as filling indicators;
- Services Nodes: Each node represents a Services, defaulting to being filled by requests per second. The larger the request count, the larger the node, and the thicker the line between Services;
- Custom Range: You can enable Custom Range to define legend color ranges for the selected filling indicator. The legend colors will be equally divided into five segments based on the maximum and minimum values, each automatically corresponding to five different colors. Lines and nodes outside the data range will be grayed out;
- Mouse Hover: Hovering over a Services network node displays requests per second, error rates, and average response times.
Services Network List¶
In Infrastructure > Network, selecting "Service" allows switching to the Services network list to view network traffic, data connections, and status codes between source Services IP/ports and target IP/ports, including request counts, 3xx status codes, 4xx status codes, 5xx status codes, average response times, and P95 response times.
Warning
Due to the network pre-aggregation time unit being minutes, there may be slight differences between data in network list mode and the details page. In case of discrepancies, please refer to the content of the details page.
Services Network Details¶
In Network > Service, clicking to view Services network details supports viewing status codes, request methods, and response times based on IP/ports between source IPs and target IPs.
Clicking View Network Flow Data allows you to view the corresponding network flow data.
Services Details¶
In Network > Service, clicking to view Services details allows you to view information such as the host, IP address, and extended attributes associated with the Services.
Correlation Analysis¶
You can click on host/Pod/Deployment/Services icons for correlation queries, supporting viewing upstream and downstream, network details, host/Pod/Deployment/Services details, associated logs, associated traces, and associated events.