Network connection check without SSH/kubectl access

Streamlining Network Connectivity Validation in Enterprise Environments

Pain Area

In many enterprises, SOC compliance dictates that the engineers who develop code should not be the ones who deploy it. This segregation of duties is essential for maintaining security and compliance, but it introduces significant inefficiencies, especially when it comes to network connectivity and firewall requests.

Typically, developers need to open network connectivity or firewall requests but lack the necessary permissions to validate these connections. Instead, they rely on DevOps, SRE, or operations teams to test and validate the connections once the firewall or network team has opened them. This process is fraught with delays and inefficiencies:

  • Coordination Challenges: Developers must coordinate with multiple teams, each with its own schedule and priorities.
  • Wasted Time: Operations teams often find themselves waiting idly for the firewall team to complete their tasks before they can perform their validations.
  • Productivity Loss: The constant back-and-forth reduces overall productivity, as both developers and operations teams spend more time on administrative coordination than on actual development and operations work.

Task

The goal was to create a solution that empowers developers to independently validate network connections without breaching SOC compliance guidelines or relying on operations teams. The solution needed to:

  • Reduce Dependency: Eliminate the need for operations teams to perform routine connection validations.
  • Increase Efficiency: Enable developers to quickly and independently verify network connectivity.
  • Enhance Productivity: Allow all teams to focus on their core responsibilities without unnecessary delays.

Action

To address this pain point, I developed a code-based solution that automates the network connectivity validation process. This solution utilizes the code available in the tcpcheck repository on GitHub and leverages a ready-to-use Docker image from Docker Hub. The key steps involved in the solution are:

  1. Deploy Docker Container: Use the tcpcheck Docker image to deploy a container within the enterprise network. This container provides an internal DNS URL that can be accessed by anyone within the network.
  2. HTTP Call Functionality: Allow any user within the network to make an HTTP call to the internal DNS URL, passing the desired DNS and port number to check TCP or HTTPS connections.
  3. Automated Validation: The script within the Docker container automatically performs the connection validation and returns the results, indicating whether the connection is successful or not.

The tcpcheck tool is designed to be straightforward and easy to use. By integrating it into the internal DNS URL, it enables seamless and efficient network connectivity checks. Here’s how to use the Docker image:


codedocker pull jayeshmahajan/tcpcheck:latest
docker run -d -p 8080:8080 jayeshmahajan/tcpcheck

Once the container is running, you can check a connection by making an HTTP request to the internal DNS URL. For example:

curl http://<internal_dns_url>:8080/check?host=<target_host>&port=<target_port>

curl 'http://<internal_dns_url/check_http_connection?domain=www.google.com'


"message": "HTTP connection successful",
"dns_result": {
"cname": null,
"ips": [
"142.250.81.238"
]
}
}=============================
http://<internal_dns_url/check_http_connection?protocol=https&domain=wrong.host.badssl.com
{
"message": "SSL connection failed",
"dns_result": {
"cname": null,
"ips": [
"104.154.89.105"
]
},
"error": "[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'wrong.host.badssl.com'. (_ssl.c:1133)"
}=============================
http://<internal_dns_url/check_http_connection?protocol=https&domain=www.ge.com
{
"message": "HTTP connection successful",
"dns_result": {
"cname": "www.ge.com.cdn.cloudflare.net.",
"ips": [
"104.18.31.171",
"104.18.30.171"
]
}
}

Result

The implementation of this solution yielded significant benefits:

  • Reduced Dependency on Operations Teams: Developers can now independently validate network connections, eliminating the need for constant coordination with operations teams.
  • Faster Feature Delivery: By empowering developers to perform their own validations, the solution speeds up the development and deployment process, allowing features to be delivered more quickly.
  • Improved Productivity: Both developers and operations teams can now focus on their primary tasks, reducing downtime and increasing overall productivity.
  • Enhanced Responsiveness During Outages: In the event of a network outage, any team member, including leadership, can quickly validate network connections without waiting for the operations team, leading to faster issue resolution.

This innovative solution has proven to be particularly useful during network outages, where time is of the essence. By removing unnecessary dependencies and streamlining the validation process, it ensures that everyone in the organization can contribute to maintaining a robust and reliable network infrastructure.


This approach not only enhances operational efficiency but also aligns with SOC compliance requirements, demonstrating that security and productivity can go hand in hand with the right solutions in place. The tcpcheck tool and its Docker image exemplify how a simple yet effective solution can make a significant impact on enterprise operations.