Configuration Drift Notifications and Faults
Once Cloud Network Controller is deployed, you will perform most of the configuration either via its GUI or REST API interface. However, there may be cases where you or another cloud administrator changes the deployed configuration directly in the cloud provider's GUI using the tools provided by AWS or Azure. In these cases, the intended configuration you deployed from the Cloud Network Controller and the actual configuration in the cloud site may become out of sync, we call this a configuration drift.
Cloud Network Controller provides visibility into any security policy (contracts) configuration discrepancy between what you deploy from the Cloud Network Controller and what is actually configured in the cloud site. Configuration drift is enabled by default, and configuration drift information is available for EPGs, VRFs, and contracts with or without Layer 4 to Layer 7 service graphs attached.
Configuration drift information is consolidated under a single page, located at
.See Accessing the Main Configuration Drift Page for more information.
There are two aspects to analyzing configuration drift:
-
Have all the fabric elements configured in the Cloud Network Controller and intended to be deployed in the cloud fabric been properly deployed?
This scenario can occur due to user configuration errors in Cloud Network Controller that could not be deployed in the cloud, connection or API issues on the cloud provider end, or if a cloud administrator manually deletes or modifies security rules directly in the cloud provider's UI. Any intended but missing configurations may present an issue for the Cloud Network Controller fabric.
-
Are there any additional configurations that exist in the cloud but were not intended to be deployed from the Cloud Network Controller?
Similarly to the previous scenario, this can occur if there are connection or API issues or if a cloud administrator manually creates additional security rules directly in the cloud provider's UI. Any existing but not intended configuration may present issues.