Map Screen
Invariant generates a visual network map for all uploaded network snapshots. The generated network map includes all on-prem devices, cloud network devices, and hosts. It includes any artificial additions to the network snapshot such as ISPs (see section Model Fine-Tuning).
To access the maps screen for a snapshot:
- Navigate to the Networks section.
- Select the Network which contains the snapshot you want.
- Click on the network health graph to access the snapshot list for the network.
- Select the target snapshot from the snapshot list.
The snapshot network map is now visible in the UI.
Network Health Information
The Invariant UI provides a visual Network Health graph for each Network on the main dashboard / map screen.
- The graph x-coordinate follows the date.
- The graph y-coordinate counts the number of rules evaluated when the snapshot was uploaded.
- The marker color can appear black (errors prevented evaluation), yellow (some rules were skipped or errors present), red (one or more rules failed), or green (all rules OK).
Validation Results
On the left side of the network map screen in the floating panel is a section which summarizes the validation result. It might say something like:
Rule Checks 1 / 1 access policy rule failed. 0 critical flow rules OK.
This summary is clickable. Clicking it opens the Traces view.
Traces View
The traces view contains a list of rules which passed or failed.
Each rule is summarized with a table which looks like:
#0 - FAILED
Policy validate-mcs-acl
Comment Validate mcs acl on cores
Type egress-deny-others
Packet UDP 172.20.131.4:49152 -> 172.18.5.192:33434
Start @enter((us-sfo101-cs1)[irb.150]),
@enter((us-sfo101-cs2)[irb.150])
Each rule has two buttons, "View Data" and "Visualize".
The "Visualize" button highlights the path or paths taken by traceroutes in the rule result.
The "View Data" button displays the full result data, similar to what would appear in the critical_flows_details or access_policy_details pages.