View the topology of an Azure virtual network

In this article, you learn how to view resources and the relationships between them in an Azure virtual network. For example, a virtual network contains subnets. Subnets contain resources, such as Azure Virtual Machines (VM). VMs have one or more network interfaces. Each subnet can have a network security group and a route table associated to it. The topology tool of Azure Network Watcher enables you to view all of the resources in a virtual network, the resources associated to resources in a virtual network, and the relationships between the resources.

Note

Try the new Topology (Preview) experience which offers visualization of Azure resources across multiple subscriptions and regions. Use this Azure portal link to try Topology (Preview).

Prerequisites

View topology

  1. In the search box at the top of the portal, enter network watcher. Select Network Watcher from the search results.

    Screenshot shows how to search for Network Watcher in the Azure portal.

  2. Under Monitoring, select Topology.

  3. Select the subscription and resource group of the virtual network that you want to view its topology, and then select the virtual network.

    Screenshot shows the topology of a virtual network in the Azure portal.

    The virtual network in this example has two subnets: mySubnet and GatewaySubnet. mySubnet has three virtual machines (VMs), two of them are in the backend pool of myLoadBalancer public load balancer. There are two network security groups: mySubnet-nsg is associated to mySubnet subnet and myVM-nsg is associated to myVM virtual machine. GatewaySubnet has VNetGW virtual network gateway (VPN gateway).

    Topology information is only shown for resources that are:

    • in the same resource group and region as the myVNet virtual network. For example, a network security group that exists in a resource group other than myResourceGroup, isn't shown, even if the network security group is associated to a subnet in the myVNet virtual network.
    • in the myVNet virtual network, or associated to resources in it. For example, a network security group that isn't associated to a subnet or network interface in the myVNet virtual network isn't shown, even if the network security group is in the myResourceGroup resource group.
  4. Select Download topology to download the diagram as an editable image file in svg format.

Note

The resources shown in the diagram are a subset of the networking components in the virtual network. For example, while a network security group is shown, the security rules within it are not shown in the diagram. Though not differentiated in the diagram, the lines represent one of two relationships: Containment or associated. To see the full list of resources in the virtual network, and the type of relationship between the resources, generate the topology with PowerShell or the Azure CLI.

Relationships

All resources returned in a topology have one of the following types of relationship to another resource:

Relationship type Example
Containment A virtual network contains a subnet. A subnet contains a network interface.
Associated A network interface is associated with a VM. A public IP address is associated to a network interface.

Properties

All resources returned in a topology have the following properties:

  • Name: The name of the resource
  • ID: The URI of the resource.
  • Location: The Azure region that the resource exists in.
  • ResourceGroup: The resource group that the resource exists in.
  • Associations: A list of associations to the referenced object. Each association has the following properties:
    • AssociationType: The relationship between the child and the parent object. Valid values are Contains or Associated.
    • Name: The name of the resource referenced in the association.
    • ResourceId: The URI of the resource referenced in the association.

Supported resources

Topology supports the following resources:

  • Virtual networks and subnets
  • Virtual network peerings
  • Network interfaces
  • Network security groups
  • Load balancers and their health probes
  • Public IP
  • Virtual network gateways
  • VPN gateway connections
  • Virtual machines
  • Virtual machine scale sets.

Next steps