Skip to content

AWS VPC NAT Gateway

Collect AWS VPC NAT Gateway Metrics

Configuration

Install Func

It is recommended to activate TrueWatch Integration - Extensions - DataFlux Func (Automata): All prerequisites are automatically installed, please proceed with script installation

If deploying Func manually, refer to Manual Deployment of Func

Install Script

Note: Please prepare the required Amazon AK in advance (for simplicity, you can directly grant global read-only permission ReadOnlyAccess)

Automata Activation Script

  1. Log in to the TrueWatch console
  2. Click the 【Integration】 menu, select 【Cloud Account Management】
  3. Click 【Add Cloud Account】, select 【AWS】, and fill in the required information on the interface. If the cloud account information has been configured before, ignore this step
  4. Click 【Test】, after successful testing, click 【Save】. If the test fails, please check the relevant configuration information and retest
  5. Click 【Cloud Account Management】 list to see the added cloud account, click the corresponding cloud account to enter the details page
  6. Click the 【Integration】 button on the cloud account details page, find AWS VPC NAT Gateway under the Not Installed list, click the 【Install】 button, and install it in the pop-up installation interface.

Manual Activation Script

  1. Log in to the Func console, click 【Script Market】, enter the TrueWatch script market, search for integration_aws_vpc_nat_gateway

  2. Click 【Install】, then enter the corresponding parameters: AWS AK ID, AK Secret, and account name.

  3. Click 【Deploy Startup Script】, the system will automatically create the Startup script set and automatically configure the corresponding startup scripts.

  4. After enabling, you can see the corresponding automatic trigger configuration in 「Management / Automatic Trigger Configuration」. Click 【Execute】 to immediately execute once without waiting for the scheduled time. After a while, you can view the execution task records and corresponding logs.

Verification

  1. In 「Management / Automatic Trigger Configuration」, confirm whether the corresponding task has the corresponding automatic trigger configuration, and you can also check the corresponding task records and logs for any abnormalities
  2. In TrueWatch, check if there is asset information in 「Infrastructure - Resource Catalog」
  3. In TrueWatch, check if there is corresponding monitoring data in 「Metrics」

Metrics

Configure Amazon CloudWatch to collect more metrics Amazon CloudWatch Metrics Details

NAT Gateway metrics are under the aws_AWS/NATGateway Measurement, the description column includes the description of each metric, as well as the unit and statistics.

Metric Description Unit
ActiveConnectionCount The total number of concurrent TCP connections activated through the NAT Gateway. A value of zero indicates that no connections are activated through the NAT Gateway. Count
BytesInFromDestination The number of bytes received by the NAT Gateway from the destination. If the value of BytesOutToSource is less than the value of BytesInFromDestination, it indicates that there may be data loss during NAT Gateway processing, or there may be traffic actively blocked by the NAT Gateway. Bytes
BytesInFromSource The number of bytes received by the NAT Gateway from the client in the VPC. If the value of BytesOutToDestination is less than the value of BytesInFromSource, there may be data loss during NAT Gateway processing. Bytes
BytesOutToDestination The number of bytes sent to the destination through the NAT Gateway. A value greater than zero indicates that there is traffic from the client behind the NAT Gateway to the Internet. If the value of BytesOutToDestination is less than the value of BytesInFromSource, there may be data loss during NAT Gateway processing. Bytes
BytesOutToSource The number of bytes sent to the client in the VPC through the NAT Gateway. A value greater than zero indicates that there is traffic from the Internet to the client behind the NAT Gateway. If the value of BytesOutToSource is less than the value of BytesInFromDestination, it indicates that there may be data loss during NAT Gateway processing, or there may be traffic actively blocked by the NAT Gateway. Bytes
ConnectionAttemptCount The number of connection attempts through the NAT Gateway. This only includes the initial SYN. In some cases, ConnectionAttemptCount may be lower than ConnectionEstablishedCount due to SYN retransmissions. If the value of ConnectionEstablishedCount is less than the value of ConnectionAttemptCount, it indicates that the client behind the NAT Gateway has attempted to establish a new connection for an unresponsive connection. Count
ConnectionEstablishedCount The number of connections established through the NAT Gateway. This includes SYN and SYN retransmissions. If the value of ConnectionEstablishedCount is less than the value of ConnectionAttemptCount, it indicates that the client behind the NAT Gateway has attempted to establish a new connection for an unresponsive connection. Count
ErrorPortAllocation The number of times the NAT Gateway failed to allocate a source port. A value greater than zero indicates that there are too many concurrent connections opened through the NAT Gateway. Count
IdleTimeoutCount The number of connections that transitioned from active to idle. If an active connection is not properly closed and there is no activity for the first 350 seconds, the active connection will transition to idle. Count
PacketsDropCount The number of packets dropped by the NAT Gateway. To calculate the percentage of dropped packets out of the total packet traffic, use the following formula: PacketsDropCount/(PacketsInFromSource+PacketsInFromDestination)*100 Count
PacketsInFromDestination The number of packets received by the NAT Gateway from the destination. If the value of PacketsOutToSource is less than the value of PacketsInFromDestination, it indicates that there may be data loss during NAT Gateway processing, or there may be traffic actively blocked by the NAT Gateway. Count
PacketsInFromSource The number of packets received by the NAT Gateway from the client in the VPC. If the value of PacketsOutToDestination is less than the value of PacketsInFromSource, there may be data loss during NAT Gateway processing. Count
PacketsOutToDestination The number of packets sent to the destination through the NAT Gateway. A value greater than zero indicates that there is traffic from the client behind the NAT Gateway to the Internet. If the value of PacketsOutToDestination is less than the value of PacketsInFromSource, there may be data loss during NAT Gateway processing. Count
PacketsOutToSource The number of packets sent to the client in the VPC through the NAT Gateway. A value greater than zero indicates that there is traffic from the Internet to the client behind the NAT Gateway. If the value of PacketsOutToSource is less than the value of PacketsInFromDestination, it indicates that there may be data loss during NAT Gateway processing, or there may be traffic actively blocked by the NAT Gateway. Count
PeakBytesPerSecond This metric reports the highest 10-second average of bytes per second within a given minute. Count
PeakPacketsPerSecond This metric calculates the average packet rate (packets processed per second) every 10 seconds for 60 seconds, and then reports the maximum of the six rates (the highest average packet rate). Count

Object

The collected AWS VPC NAT Gateway object data structure can be seen in 「Infrastructure - Resource Catalog」

{
  "measurement": "aws_vpc_nat_gateway",
  "tags": {
    "ConnectivityType": "public",
    "RegionId"        : "cn-north-1",
    "NatGatewayId"    : "nat-xxx",
    "NatGatewayName"  : "xxxxxxx",
    "State"           : "available",
    "SubnetId"        : "subnet-xxx",
    "VpcId"           : "vpc-xxx",
    "name"            : "nat-xxx"
  },
  "fields": {
    "CreateTime"         : "2023-11-22T05:44:44Z",
    "NatGatewayAddresses": "[Information about IP addresses and network interfaces associated with the NAT Gateway]",
    "Tags"               : "[Tags of the NAT Gateway]",
    "message"            : "{Instance JSON Data}"
  }
}

Note: The fields in tags and fields may change with subsequent updates