NETWORK¶
The network feature allows real-time monitoring of network traffic between hosts, Pods, Deployments, and Services. It displays the flow of traffic and data connections from source IP to destination IP.
Prerequisites¶
Before using the network feature, ensure that you have completed the following steps:
- Register and log in to Guance;
- Install DataKit on the host;
- Enable the eBPF collector.
Concepts¶
| Parameter | Description | Aggregation Method |
|---|---|---|
| IP/Port | Aggregation based on IP+port, up to 100 entries returned | Grouped by IP/Port |
| Sent Bytes | Bytes sent from the source host to the target | Sum of all sent bytes |
| Received Bytes | Bytes received by the source host from the target | Sum of all received bytes |
| TCP Latency | TCP latency from source host to target | Average |
| TCP Jitter | TCP jitter from source host to target | Average |
| TCP Connections | Number of TCP connections from source to target | Total |
| TCP Retransmissions | Number of TCP retransmissions from source to target | Total |
| TCP Closures | Number of TCP closures from source to target | Total |
Start Analysis¶
The network module contains three major components:
Overview
Topology
Network Flow
Pod Network¶
Pod Topology Map¶
Under Infrastructure > Network, select Pods to view the network distribution among Pods. In the Pods Network Map, you can visually query the network traffic between Pods within the current workspace, quickly analyze metrics such as TCP latency, TCP jitter, TCP retransmission count, TCP connection attempts, TCP closures, sent bytes, received bytes, requests per second, error rate, and average response time across different Pods.
-
Time Widget: By default, the last 15 minutes of data are fetched and auto-refresh is not supported; manually click refresh to get new data;
-
Search and Filtering: You can quickly search Pod names via keyword fuzzy matching or filter Pods and their relationships using tags;
-
Fill: You can customize the filling of host nodes through the Fill function. The size and custom range of fill values determine the color of the filled host nodes. Supported metrics include TCP latency, TCP jitter, TCP retransmission count, TCP connection attempts, TCP closures, sent bytes, received bytes, requests per second, error rate, and average response time for layer-7 network fill indicators.
-
Pod Nodes:
-
Pod node edge colors display corresponding segment colors based on the selected fill field value and custom ranges;
-
Pod nodes are connected with lines representing network traffic, shown as bidirectional curves indicating incoming/outgoing directions from source Pods to target Pods;
-
Pod node sizes reflect the volume of incoming traffic, determining the node's dimensions;
-
Line thickness reflects the volume of incoming and outgoing traffic between nodes.
-
-
Custom Ranges: You can enable Custom Ranges to define custom legend color intervals for the selected fill metric. Legend colors will be divided into five equal intervals based on maximum and minimum values. Each interval corresponds to a different color. Lines and nodes outside the defined range appear grayed out;
-
Mouse Hover: Hovering over a Pod node displays sent bytes, received bytes, TCP latency, TCP jitter, TCP retransmission count, TCP connection attempts, TCP closures, sent bytes, received bytes, requests per second, error rate, and average response time.
Pod Network List¶
Under Infrastructure > Network, select Pods to switch to the Pod network list view. This allows viewing network traffic and data connection details between source Pod IPs/ports and target IPs/ports, including TCP latency, sent/received bytes, request count, 3xx status codes, and 4xx status codes.
Note: The data in the network list mode and detail page may slightly differ due to minute-level pre-aggregation of network data. In case of discrepancies, please refer to the content of the detail page for accurate information.
Pod Network Details¶
Pod networks support viewing traffic between Pods. You can analyze network traffic and data connection status between source and target IPs/ports in a visualized manner, helping enterprises monitor network performance in real time, quickly analyze, trace, and locate issues, and prevent or avoid business problems caused by network degradation or interruptions.
After successful collection of Pod network data, it will be reported to the Guance console. Under Network > Pods, click to view network details to access all Pod network performance monitoring data within the workspace.
Warning
- Currently supports only Linux systems, and except for CentOS 7.6+ and Ubuntu 16.04, other distributions require a Linux kernel version higher than 4.0.0;
- Pod network data is retained for the last 48 hours by default, while the Free Plan retains data for the last 24 hours;
- When entering Network from the Pod detail page, the Time Widget defaults to fetching the last 15 minutes of data and does not support automatic refresh; manual refresh is required to fetch new data;
TCP and UDP Protocols¶
Pod networks support network performance monitoring based on TCP and UDP protocols. Combined with incoming and outgoing directions, there are six combinations available:
- incoming + protocol unspecified
- incoming + tcp protocol
- incoming + udp protocol
- outgoing + protocol unspecified
- outgoing + tcp protocol
- outgoing + udp protocol
Parameter Description¶
| Parameter | Description | Aggregation Method |
|---|---|---|
| IP/Port | Aggregation based on IP+port, up to 100 entries returned | Grouped by IP/Port |
| Sent Bytes | Bytes sent from the source host to the target | Sum of all sent bytes |
| Received Bytes | Bytes received by the source host from the target | Sum of all received bytes |
| TCP Latency | TCP latency from source host to target | Average |
| TCP Jitter | TCP jitter from source host to target | Average |
| TCP Connections | Number of TCP connections from source to target | Total |
| TCP Retransmissions | Number of TCP retransmissions from source to target | Total |
| TCP Closures | Number of TCP closures from source to target | Total |
Network Connection Analysis¶
Guance supports viewing Pod network connection data, including source IP/port, destination IP/port, sent bytes, received bytes, TCP latency, TCP retransmission count, etc.
Additionally, you can customize displayed fields using the Settings button or apply filters to connection data to match any string-type keywords. If more detailed network connection data is needed, click the entry or View Network Flow Data to check the corresponding network flow records.
HTTP Protocol¶
Pod networks support Layer-7 network performance monitoring based on the HTTP protocol.
Parameter Description¶
| Parameter | Description | Aggregation Method |
|---|---|---|
| Request Count | Total number of requests from the current Pod within the time window | Sum |
| Avg Requests Per Second | "Total requests / total duration" for the current Pod within the time window | Average |
| Avg Response Time | Response time of the current Pod within the time window | Average |
| Error Count | Number of request errors from the current Pod (status_code values 4xx, 5xx) within the time window | Sum |
| Error Rate | Ratio of request errors ("error count / total requests") for the current Pod within the time window | Percentage |
Network Connection Analysis¶
Guance supports viewing visualization trend charts for Pod network request count, error count, and error rate. It also allows analyzing network connections, including source IP/port, destination IP/port, status code, request method, and response time.
Additionally, you can customize displayed fields using the Settings button or apply filters to connection data to match any string-type keywords. If more detailed network connection data is needed, click the entry or View Network Flow Data to check the corresponding network flow records.
View Network Flow Data¶
Guance supports viewing network flow data, which automatically refreshes every 30 seconds. By default, the last 1 day of data is displayed, including time, source IP/port, destination IP/port, status code, request method, and response time.
Additionally, you can customize displayed fields using the Settings button or apply filters to network flow data to match any string-type keywords.
Deployment Network¶
Deployment Topology Map¶
Under Infrastructure > Network, select Deployment to view the network distribution of Deployments. In the Deployments Network Map, you can visually query the network traffic between Deployments within the current workspace, quickly analyze metrics such as TCP latency, TCP jitter, TCP retransmission count, TCP connection attempts, TCP closures, sent bytes, received bytes, requests per second, error rate, and average response time across different Deployments.
-
Time Widget: By default, the last 15 minutes of data are fetched and auto-refresh is not supported; manually click refresh to get new data;
-
Search and Filtering: You can quickly search Deployment names via keyword fuzzy matching or filter Deployments and their relationships using tags;
-
Fill: You can customize the filling of host nodes through the Fill function. The size and custom range of fill values determine the color of the filled host nodes. Supported metrics include TCP latency, TCP jitter, TCP retransmission count, TCP connection attempts, TCP closures, sent bytes, received bytes, requests per second, error rate, and average response time for layer-7 network fill indicators.
-
Deployment Nodes:
-
Deployment node edge colors display corresponding segment colors based on the selected fill field value and custom ranges;
-
Deployment nodes are connected with lines representing network traffic, shown as bidirectional curves indicating incoming/outgoing directions from source Deployments to target Deployments;
-
Deployment node sizes reflect the volume of incoming traffic, determining the node's dimensions;
-
Line thickness reflects the volume of incoming and outgoing traffic between nodes.
-
-
Custom Ranges: You can enable Custom Ranges to define custom legend color intervals for the selected fill metric. Legend colors will be divided into five equal intervals based on maximum and minimum values. Each interval corresponds to a different color. Lines and nodes outside the defined range appear grayed out;
-
Mouse Hover: Hovering over a Deployment node displays sent bytes, received bytes, TCP latency, TCP jitter, TCP retransmission count, TCP connection attempts, TCP closures, sent bytes, received bytes, requests per second, error rate, and average response time.
Deployment Network List¶
Under Infrastructure > Network, select Deployment to switch to the Deployment network list view. This allows viewing network traffic and data connection details between source Deployment IPs/ports and target IPs/ports, including TCP latency, sent/received bytes, request count, 3xx status codes, and 4xx status codes.
Warning
The data in the network list mode and detail page may slightly differ due to minute-level pre-aggregation of network data. In case of discrepancies, please refer to the content of the detail page for accurate information.
Deployment Network Details¶
Deployment networks support viewing traffic between Deployments. You can analyze network traffic and data connection status between source and target IPs/ports in a visualized manner, helping enterprises monitor network performance in real time, quickly analyze, trace, and locate issues, and prevent or avoid business problems caused by network degradation or interruptions.
After successful collection of Deployment network data, it will be reported to the Guance console. Under Network > Deployment, click to view network details to access all Deployment network performance monitoring data within the workspace.
Warning
- Currently supports only Linux systems, and except for CentOS 7.6+ and Ubuntu 16.04, other distributions require a Linux kernel version higher than 4.0.0;
- Deployment network traffic data is retained for the last 48 hours by default, while the Free Plan retains data for the last 24 hours;
- When entering Network from the Deployment detail page, the Time Widget defaults to fetching the last 15 minutes of data and does not support automatic refresh; manual refresh is required to fetch new data.
TCP and UDP Protocols¶
Deployment networks support network performance monitoring based on TCP and UDP protocols. Combined with incoming and outgoing directions, there are six combinations available:
- incoming + protocol unspecified
- incoming + tcp protocol
- incoming + udp protocol
- outgoing + protocol unspecified
- outgoing + tcp protocol
- outgoing + udp protocol
Parameter Description¶
| Parameter | Description | Aggregation Method |
|---|---|---|
| IP/Port | Aggregation based on IP+port, up to 100 entries returned | Grouped by IP/Port |
| Sent Bytes | Bytes sent from the source host to the target | Sum of all sent bytes |
| Received Bytes | Bytes received by the source host from the target | Sum of all received bytes |
| TCP Latency | TCP latency from source host to target | Average |
| TCP Jitter | TCP jitter from source host to target | Average |
| TCP Connections | Number of TCP connections from source to target | Total |
| TCP Retransmissions | Number of TCP retransmissions from source to target | Total |
| TCP Closures | Number of TCP closures from source to target | Total |
Network Connection Analysis¶
Guance supports viewing Deployment network connection data, including source IP/port, destination IP/port, sent bytes, received bytes, TCP latency, TCP retransmission count, etc.
Additionally, you can customize displayed fields using the Settings button or apply filters to connection data to match any string-type keywords. If more detailed network connection data is needed, click the entry or View Network Flow Data to check the corresponding network flow records.
HTTP Protocol¶
Pod networks support Layer-7 network performance monitoring based on the HTTP protocol.
Parameter Description¶
| Parameter | Description | Aggregation Method |
|---|---|---|
| Request Count | Total number of requests from the current Pod within the time window | Sum |
| Avg Requests Per Second | "Total requests / total duration" for the current Pod within the time window | Average |
| Avg Response Time | Response time of the current Pod within the time window | Average |
| Error Count | Number of request errors from the current Pod (status_code values 4xx, 5xx) within the time window | Sum |
| Error Rate | Ratio of request errors ("error count / total requests") for the current Pod within the time window | Percentage |
Network Connection Analysis¶
Guance supports viewing visualization trend charts for Pod network request count, error count, and error rate. It also allows analyzing network connections, including source IP/port, destination IP/port, status code, request method, and response time.
Additionally, you can customize displayed fields using the Settings button or apply filters to connection data to match any string-type keywords. If more detailed network connection data is needed, click the entry or View Network Flow Data to check the corresponding network flow records.
View Network Flow Data¶
Guance supports viewing network flow data, which automatically refreshes every 30 seconds. By default, the last 1 day of data is displayed, including time, source IP/port, destination IP/port, status code, request method, and response time.
Additionally, you can customize displayed fields using the Settings button or apply filters to network flow data to match any string-type keywords.
Service Network¶
In a K8S environment, you can use the Service network topology map to visualize request relationships between Services. Based on the color of the topology, you can judge its health status. When a Service has connectivity issues, you can click to view its associated logs for troubleshooting.
Warning
Viewing Service network data is only supported in a K8S environment running Linux systems with versions above 4.0. Data retention lasts 48 hours.
Service Topology Map¶
Guance supports displaying traffic, requests, response times, and error rates between Services using a topology map based on Layer-7 network data. Under Infrastructure > Network, select Service to view the network distribution of Services, including metrics like requests per second, error rate, and average response time between Services.
- Time Widget: By default, the last 15 minutes of data are fetched and auto-refresh is not supported; manually click refresh to get new data;
- Search and Filtering: Quickly search Service names via keyword fuzzy matching or filter Services and their relationships using tags;
- Fill: Customize the filling of Service nodes. The size and custom range of fill values determine the color of the Service nodes. Supported metrics include requests per second, error rate, and average response time;
- Service Nodes: Each node represents a Service, with node size reflecting request volume—the larger the request volume, the larger the node. Thicker lines between Services indicate greater traffic volume;
- Custom Ranges: Enable Custom Ranges to define custom legend color intervals for the selected fill metric. Legend colors will be divided into five equal intervals based on maximum and minimum values. Each interval corresponds to a different color. Lines and nodes outside the defined range appear grayed out;
- Mouse Hover: Hovering over a Service network node displays requests per second, error rate, and average response time.
Service Network List¶
Under Infrastructure > Network, select Service to switch to the Service network list view. This allows viewing network traffic and data connection details between source Service IPs/ports and target IPs/ports, including request count, 3xx status codes, 4xx status codes, 5xx status codes, average response time, and P95 response time.
Warning
The data in the network list mode and detail page may slightly differ due to minute-level pre-aggregation of network data. In case of discrepancies, please refer to the content of the detail page for accurate information.
Service Network Details¶
Under Network > Service, click to view Service network details. This allows checking status codes, request methods, response times, etc., between source and target IPs/ports.
Click View Network Flow Data to check the corresponding network flow records.
Service Details¶
Under Network > Service, click to view Service details to check the host, IP address, extended attributes, and other information belonging to the Service.
Correlation Analysis¶
You can click icons for Hosts/Pods/Deployments/Services to perform correlation queries. This supports viewing upstream/downstream relationships, network details, Host/Pod/Deployment/Service details, associated logs, associated traces, and associated events.