cloudonaut Posted August 15, 2022 Share Posted August 15, 2022 Many VPC designs make use of public and private subnets. A NAT gateway is needed to communicate from a private subnet with the Internet. /images/2022/08/network-device.jpg A VPC NAT gateway is a finite resource that can be exhausted. That’s why you need to add monitoring to be alerted if the NAT gateway gets a bottleneck. CloudWatch metrics Each NAT gateway sends metrics to CloudWatch that we can monitor with CloudWatch alarms. We recommend creating alarms for the following metrics: ErrorPortAllocation: The number of times the NAT gateway could not allocate a source port. PacketsDropCount: The number of packets dropped by the NAT gateway. Monitoring throughput utilization Unfortunately, NAT gateways do not report a single metric on the throughput utilization of bandwidth and packets. The maximum bandwidth is 45 Gbit/second and 4,000,000 packets/second. Luckily, we can calculate throughput by using CloudWatch metric math. To calculate the bandwidth utilization, we use the following metrics: ID metric statistic period in1 BytesInFromDestination Sum 60 in2 BytesInFromSource Sum 60 out1 BytesOutToDestination Sum 60 out2 BytesOutToSource Sum 60 And the following expressions: ID expression comment bandwidth (in1+in2+out1+out2)/60*8/1000/1000/1000 Bytes/min to Gbit/s utilization bandwidth/45*100 to %; 45 Gbit/s is the hard limit marbot’s Monitoring Setup Assistant CloudWatch metric math sounds complicated? We have you covered! Monitor NAT gateways and receive alerts in Slack or Microsoft Teams with our ChatOps bot marbot! PS: If marbot is not your thing, you can still find inspiration in marbot’s CloudFormation template. View the full article Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.