Cloud Pathfinder: A Key to Cloud Network Intelligence
Summary
Cloud Pathfinder simplifies cloud troubleshooting by visually mapping connectivity paths between cloud endpoints and integrating the power of AI, identifying where and why traffic is being blocked. By analyzing cloud configuration metadata, it provides instant, actionable insights into routing and security issues — saving engineers hours of manual work.
Today’s network engineers face a daunting challenge: ensuring reliable connectivity across increasingly complex cloud and hybrid environments. When an application can’t communicate with a service, the first question is often where the problem lies. Is there a misconfigured security rule? Is there a missing route?
Kentik’s Cloud Pathfinder is designed to answer these questions and serves as an important component of overall network observability. This way, engineers can quickly and visually troubleshoot connectivity in their cloud environments.
Cloud Pathfinder and network intelligence
In a comprehensive network observability platform, connectivity monitoring is as important as understanding traffic and performance. Cloud Pathfinder provides fast, detailed insights into connectivity problems and helps facilitate a quick resolution. In practice, this means when an issue occurs, engineers can use Cloud Pathfinder to quickly visualize where a connection is failing, rather than manually piecing together data from cloud consoles or network devices.
Cloud Pathfinder is integrated into Kentik’s network intelligence platform and built to match the mix of infrastructure we typically see in modern networks. Instead of sending test packets, it analyzes configuration metadata from cloud environments to simulate the network path between two endpoints. It ingests data from sources like cloud routing tables, subnet and VPC configurations, security groups, and network access control lists in AWS or Azure.
Cloud optimization is crucial to delivering software with lean infrastructure operating margins and enhanced customer experiences.
With this data, Cloud Pathfinder builds a detailed map of the forward and return paths between the source and destination with a cloud environment. In the image below, we can see the result is a map that visually highlights each hop and clearly shows where any policy or routing issue is blocking traffic. And because it’s using metadata, it can do this without actually injecting traffic into the network, which is useful for testing hypothetical paths or troubleshooting in sensitive environments.
Key capabilities of Cloud Pathfinder
Cloud Pathfinder provides on-demand path testing so you can check live connectivity between any two cloud endpoints (instances, subnets, or network interfaces). Within only a few seconds, tests produce a visualization of blockages so we can see exactly where connectivity is failing. In the image below, notice how we have a visual indication of the point at which the connection is blocked on the return path – in this case, a specific firewall rule.
We can search or select endpoints by IP address, CIDR block, VPC ID, Subnet ID, or even DNS name to pinpoint the paths to analyze. This makes it easy to troubleshoot by logical application names or network segments.
We can also trace both the outbound and return paths between the points. This bidirectional view can show us any asymmetric routing or one-way connectivity issues that single-direction tests might miss.
Because the point here is operations, we can also configure continuous monitoring of specific paths that are critical to an environment. Cloud Pathfinder analyses can then be saved as reports and shared with other teams.
AI-driven path assessment
Cloud Pathfinder is integrated with Kentik Journeys to form an AI-powered path assessment service. So after tracing the path between cloud endpoints, Kentik AI instantly provides a human-readable analysis and recommends a step-by-step resolution. In the image below, notice how we have an AI overview along with detailed analysis and resolution for this specific troubleshooting workflow.
Troubleshooting scenarios and use cases
Cloud Pathfinder is helpful for several scenarios. For example, a simple misconfiguration in an AWS security group can cause an application (or a service an application relies on) to be unreachable, and the challenge is to figure out which piece of the puzzle is responsible.
In the image below, notice how we can simply select a source and destination within the same cloud instance and run the checker. In this case we’re selecting network interface as the source and target and testing connectivity to port 80. The tool traces the path through the VPC and identifies if something is blocking it. Instead of manually checking dozens of security group rules, this reduces the time needed to resolve and restore services.
When paired with Kentik’s synthetic monitoring, we can also monitor these critical paths proactively. For example, before deploying a new application, we can run a Cloud Pathfinder test between the app servers and the services they need to reach, ensuring all the necessary ports and routes are open.
Beyond security policies, Cloud Pathfinder will also catch routing issues. If a subnet’s route table lacks a route to a required network (such as a missing route to an internal service network or a misconfigured default gateway), the tool will flag that as the point of failure.
Practical benefits for network and cloud engineers
Lastly, we can start by running Cloud Pathfinder to determine the validity of paths through our cloud environment. Then, we can deploy synthetic agents at each point to run continuous monitoring to alert us if a connection issue occurs.
In this way, the Kentik Network Intelligence Platform can be used for deep insight and continuous monitoring of critical paths through our public cloud environments. This proactive approach is essential for teams to catch and resolve connectivity issues before they impact users.
Kentik’s Cloud Pathfinder brings a connectivity lens to cloud network observability. By focusing on the connectivity aspect — essentially answering “Can X talk to Y, and if not, why?” — it complements other monitoring data like performance metrics and traffic analytics. For network and cloud engineers, this provides an informative way to quickly solve connectivity puzzles that would otherwise consume hours of tedious troubleshooting.
