AWS VPN Monitoring

Monitoring the performance of your AWS network devices helps you ensure that you have fast and reliable connectivity between your on-premises infrastructure and AWS. Obkio’s AWS Network Device Monitoring feature is your trusty lookout, keeping your network performance on course!

Identify issues faster with alarms that notify you of specific metrics. Reduce MTTR by enabling cloud engineers to view and respond to alerts from a single console.

Virtual Private Cloud (VPC)

VPC offers a highly secure way to connect your on-premises networks, distant offices, and customer devices to the Amazon Web Services global network. It consists of several components, including customer gateways (CGW), site-to-site VPN tunnels, Internet Gateways, and NAT Gateways. These gateways provide a private connection to the Amazon Web Services infrastructure that is separate from the public Internet.

Using the VPC integration for Datadog, you can monitor the status of your virtual private cloud components. The integration collects metrics automatically and displays them alongside metrics from your EC2-classic instances in the dashboard. It also enables you to create custom monitors and notifications to alert you when VPC metrics change.

The state of your CGWs and NAT gateways is also important to know. Using the Cloud Conformity VPC monitoring solution, you can easily track their availability and ensure that the connections between your VPCs are working properly. This way, you can quickly identify issues before they become serious and minimize the impact of any potential outages.

For example, the VPC integration for Cloud Conformity continuously monitors your AWS VPN tunnels and notifies you when they are down (DOWN). The state of each tunnel is displayed as a value between 0 and 1. A value of 1 indicates that the tunnel is UP. The number of bytes sent from the AWS side to the customer gateway is also monitored and displayed.

Customer Gateway (CGW)

A Customer Gateway is a physical device or software application that you install on your on-premises network. It encrypts traffic to and from your VPCs, and provides security services such as authentication, authorization, and access control. It supports a variety of VPN clients, including Microsoft Windows, macOS, iOS, and Android. You can also use a CGW to connect your branch offices to your VPCs.

You can create a CGW using the VPN wizard in the left menu of the AWS Management Console. Choose the option to create a new gateway or choose an existing one. Then enter the public IP address of your on-premises network device and click Next.

If you chose a new Customer Gateway, select the VPC where you want to attach it. Then enter the information about your device, such as the public IP address, routing type, and BGP or static routes. You can also enable route propagation to update the VPC’s routing table with information from the Customer Gateway.

Alternatively, you can use an existing transit gateway (TGW) to connect your on-premises network to the Amazon cloud. The TGW must be located in the same region as the VPC. The TGW must run BGP and advertise the appropriate routes to the VPC. It should have an Amazon default AS number to allow dynamic routing or you can use your own private AS number.

Site-to-Site VPN

Site-to-Site VPN is a secure connection between your on-premises network and an Amazon Virtual Private Cloud (VPC). It uses industry-standard IPsec to encrypt data. This ensures that only authorized users can access your data over the Internet. It also allows you to connect multiple locations together with a single connection, and scale to meet changing business needs without additional infrastructure investment.

To set up a Site-to-Site VPN, you need a VPC with an attached Customer Gateway and an on-premises network with a Customer gateway device. The local customer gateway device can be either hardware or software. In some industries, this device is called customer-premises equipment (CPE). The Customer Gateway object in AWS provides a virtual representation of the device.

Once you have a VPC with a Customer Gateway attached, you can create a Site-to-Site VPN by using the VPC portal. Select the VPN connection type and specify the –VNetName value, the -LocalNetworkSiteName value, and the -SharedKey value. The -SharedKey value must be the same key used to configure your customer gateway device.

Once you have created the connection, you can check its status by selecting the VPN gateway in the VPC portal. The status should show UP. If it doesn’t, you need to check the routing tables in your on-premises router configuration and in your VPC route table to make sure that traffic destined for the VPN gateway instance and to the remote Transit Gateway is routed correctly.

Transit Gateway

Transit Gateway provides a high-performance, private network connection between your on-premises data center and the AWS cloud. This solution reduces your network’s dependency on the public internet and enables you to deliver applications with low latency, security, and performance. It can also help you avoid costly data transfer charges by leveraging VPC peering, which routes traffic between your on-premises data centers and the AWS cloud through private IP addresses.

The service also supports multi-account networking, enabling you to connect VPCs and VPNs from different AWS accounts. This simplifies network architecture and improves collaboration between departments that use different AWS accounts. Transit Gateway also offers a flexible multicast capability that broadcasts the same content to numerous destinations simultaneously, which reduces bandwidth utilization and cost.

Using Site24x7’s AWS network monitoring solution, you can monitor your Transit Gateway infrastructure with ease. The solution uses tags to discover your AWS resources and organize them into logical groupings for easy monitoring. Its centralized dashboards let you see key metrics in a single location, and you can customize thresholds to receive alerts via email, SMS, Slack, Jira, ConnectWise, and other third-party integrations.

Whether you’re looking to monitor AWS Transit Gateway, VPC-VPC connections, or VPN tunnels, Site24x7’s comprehensive platform delivers deep visibility and actionable insights. The platform can also help you optimize your AWS costs through traffic filtering and prioritization.