AWS Site-to-Site VPN Monitoring
AWS Site-to-Site VPN - An Overview
AWS Site-to-Site VPN is a fully managed service that enables customers to securely connect their on-premises data centers or branch offices to AWS resources using IP Security (IPSec) tunnels. It supports connections to both Amazon Virtual Private Clouds (VPCs) and AWS Site-to-Site VPN, providing a reliable and scalable networking solution. Additionally, each VPN connection uses two tunnels to enhance redundancy and ensure high availability.
Creating a new AWS Site-to-Site VPN monitor
To learn how to create a new AWS Site-to-Site VPN monitor, refer here.
Monitored Parameters
Go to the Monitors Category View by clicking the Monitors tab. Click on Site-to-Site VPN from the 'Child Monitors' under the Cloud Apps table. Displayed is the bulk configuration view distributed into three tabs:
- Availability tab gives the Availability history for the past 24 hours or 30 days.
- Performance tab gives the Health Status and events for the past 24 hours or 30 days.
- List view enables you to perform bulk admin configurations.
Click on the monitor name to see all the Amazon Site-to-Site VPN metrics listed under the following tabs:
Performance Overview
| Parameter | Description |
|---|
| VPN CONNECTION INFORMATION |
| VPN Connection State | The current state of the VPN connection.
Possible values: pending | available | deleting | deleted |
| Gateway Association State | The current state of the gateway association.
Possible values: Associated | Not-associated | Associating | Disassociating |
| VPN Tunnel State | The state of the VPN tunnels.
Possible values: UP | DOWN |
| TUNNEL INGRESS |
| Tunnel Data Ingress Rate | The total amount of kilobytes received per second on the AWS side of the connection through the VPN tunnel from the customer gateway (in kB/s). |
| Tunnel Data Ingress | The total amount of kilobytes received on the AWS side of the connection through the VPN tunnel from the customer gateway (in kB). |
| TUNNEL EGRESS |
| Tunnel Data Egress Rate | The total amount of kilobytes sent per second from the AWS side of the connection through the VPN tunnel to the customer gateway (in kB/s). |
| Tunnel Data Egress | The total amount of kilobytes sent from the AWS side of the connection through the VPN tunnel to the customer gateway (in kB). |
Tunnel Details
| Parameter | Description |
|---|
| Tunnel Details |
| Outside IP Address | The public IP address used to establish the VPN tunnel connection.
Possible values: Valid PrivateIpv4 | PublicIpv4 | Ipv6 addresses |
| Status | The current state of the tunnel. |
| Tunnel Data Egress Rate | The total amount of data sent through the VPN tunnel between the poll interval (kB/s). |
| Tunnel Data Ingress Rate | The total amount of data received through the VPN tunnel between the poll interval (kB/s). |
| Accepted Routes | The number of routes successfully propagated to the tunnel from the route table. |
| Details | Additional information or reason codes for the current tunnel status. |
| Last Status Change Time | The timestamp of the most recent status change for the tunnel. |
Note: Line charts will be displayed for both Tunnel Data Egress Rate and Tunnel Data Ingress Rate.
Configuration
| Parameter | Description |
|---|
| CONFIGURATION |
| Virtual Gateway ID | The ID of the virtual private gateway on the AWS side of the VPN connection. |
| Customer Gateway ID | The ID of the customer gateway on the user's end of the VPN connection. |
| Transit Gateway ID | The ID of the transit gateway associated with the VPN connection. |
| Type | The type of VPN connection. |
| Category | The category of the VPN connection.
Possible values: VPN | VPN-Classic |
| Routing | Indicates whether the VPN connection uses static routes only. |
| Acceleration | Indicates whether acceleration is enabled for the VPN connection. |
| Local IPv4 Network CIDR | The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection. |
| Remote IPv4 Network CIDR | The IPv4 CIDR on the AWS side of the VPN connection. |
| Tunnel Inside IP Version | Indicates whether the VPN tunnels process IPv4 or IPv6 traffic.
Possible values: IPv4 | IPv6 |
