Skip to content

AWS VPC NAT Gateway

Collect metrics data of AWS VPC NAT Gateway

Configuration

Install Func

It is recommended to activate Guance Integration - Extensions - Hosted Func: All prerequisites are automatically installed. Please proceed with script installation.

If you choose to deploy Func yourself, refer to Self-deploy Func

Install Script

Tip: Please prepare an Amazon AK meeting the requirements in advance (for simplicity, you may directly grant global read-only permission ReadOnlyAccess)

  1. Log in to the Func console, click 【Script Market】, enter the official script market, search for: guance_aws_vpc_nat_gateway

  2. Click 【Install】 and then enter the corresponding parameters: AWS AK ID, AK Secret, and account name.

  3. Click 【Deploy Startup Script】; the system will automatically create a Startup script set and configure the corresponding startup script.

  4. Once enabled, you can see the corresponding auto-trigger configuration under 「Management / Auto Trigger Configuration」. Click 【Execute】 to run it immediately without waiting for the scheduled time. After a short while, you can check the execution task records and corresponding logs.

Verification

  1. In 「Management / Auto Trigger Configuration」, confirm whether there is already an automatic trigger configuration for the corresponding task. You can also check the task records and logs for any abnormalities.
  2. In Guance, view whether asset information exists under 「Infrastructure - Resource Catalog」.
  3. In Guance, view whether corresponding monitoring data exists under 「Metrics」.

Metrics

Configure Amazon CloudWatch, more metrics can be collected through configuration Amazon CloudWatch Metrics Details

NAT gateway metrics fall under the aws_AWS/NATGateway measurement. The description column includes descriptions, units, and statistics for each metric.

Metric Description Unit
ActiveConnectionCount Total number of active TCP connections through the NAT gateway. A zero value indicates no connections are active through the NAT gateway. Count
BytesInFromDestination Number of bytes received by the NAT gateway from destinations. If the value of BytesOutToSource is less than that of BytesInFromDestination, data loss might have occurred during NAT gateway processing or there could be traffic actively blocked by the NAT gateway. Bytes
BytesInFromSource Number of bytes received by the NAT gateway from clients within the VPC. If the value of BytesOutToDestination is less than that of BytesInFromSource, data loss might occur during NAT gateway processing. Bytes
BytesOutToDestination Number of bytes sent by the NAT gateway to destinations. A value greater than zero indicates traffic flowing from clients behind the NAT gateway to the Internet. If the value of BytesOutToDestination is less than that of BytesInFromSource, data loss might occur during NAT gateway processing. Bytes
BytesOutToSource Number of bytes sent by the NAT gateway to clients within the VPC. A value greater than zero indicates traffic flowing from the Internet to clients behind the NAT gateway. If the value of BytesOutToSource is less than that of BytesInFromDestination, data loss might have occurred during NAT gateway processing, or there could be traffic actively blocked by the NAT gateway. Bytes
ConnectionAttemptCount Number of attempted connections through the NAT gateway. This includes only initial SYNs. In some cases, due to SYN retransmissions, ConnectionAttemptCount may be lower than ConnectionEstablishedCount. If the value of ConnectionEstablishedCount is less than that of ConnectionAttemptCount, it indicates clients behind the NAT gateway have attempted to establish new connections for unresponsive ones. Count
ConnectionEstablishedCount Number of connections established through the NAT gateway. This includes SYNs and SYN retransmissions. If the value of ConnectionEstablishedCount is less than that of ConnectionAttemptCount, it indicates clients behind the NAT gateway have attempted to establish new connections for unresponsive ones. Count
ErrorPortAllocation Number of times the NAT gateway failed to allocate source ports. A value greater than zero indicates too many concurrent connections opened through the NAT gateway. Count
IdleTimeoutCount Number of connections transitioning from active to idle status. Active connections transition to idle if they aren't closed properly and remain inactive for the first 350 seconds. Count
PacketsDropCount Number of packets dropped by the NAT gateway. To calculate the percentage of dropped packets relative to total packet traffic, use the following formula: PacketsDropCount/(PacketsInFromSource+PacketsInFromDestination)*100 Count
PacketsInFromDestination Number of packets received by the NAT gateway from destinations. If the value of PacketsOutToSource is less than that of PacketsInFromDestination, data loss might have occurred during NAT gateway processing or there could be traffic actively blocked by the NAT gateway. Count
PacketsInFromSource Number of packets received by the NAT gateway from clients within the VPC. If the value of PacketsOutToDestination is less than that of PacketsInFromSource, data loss might occur during NAT gateway processing. Count
PacketsOutToDestination Number of packets sent by the NAT gateway to destinations. A value greater than zero indicates traffic flowing from clients behind the NAT gateway to the Internet. If the value of PacketsOutToDestination is less than that of PacketsInFromSource, data loss might occur during NAT gateway processing. Count
PacketsOutToSource Number of packets sent by the NAT gateway to clients within the VPC. A value greater than zero indicates traffic flowing from the Internet to clients behind the NAT gateway. If the value of PacketsOutToSource is less than that of PacketsInFromDestination, data loss might have occurred during NAT gateway processing, or there could be traffic actively blocked by the NAT gateway. Count
PeakBytesPerSecond This metric reports the highest 10-second average bytes per second over a given minute. Count
PeakPacketsPerSecond This metric calculates the average packet rate (packets processed per second) every 10 seconds over 60 seconds and then reports the maximum of the six rates (highest average packet rate). Count

Objects

The collected AWS VPC NAT Gateway object data structure can be viewed in 「Infrastructure - Resource Catalog」

{
  "measurement": "aws_vpc_nat_gateway",
  "tags": {
    "ConnectivityType": "public",
    "RegionId"        : "cn-north-1",
    "NatGatewayId"    : "nat-xxx",
    "NatGatewayName"  : "xxxxxxx",
    "State"           : "available",
    "SubnetId"        : "subnet-xxx",
    "VpcId"           : "vpc-xxx",
    "name"            : "nat-xxx"
  },
  "fields": {
    "CreateTime"         : "2023-11-22T05:44:44Z",
    "NatGatewayAddresses": "[Information about IP addresses and network interfaces associated with the NAT gateway]",
    "Tags"               : "[Tags of the NAT gateway]",
    "message"            : "{Instance JSON Data}"
  }
}

Note: Fields in tags and fields may change with subsequent updates

Feedback

Is this page helpful? ×