How do I calculate throughput and set a CloudWatch alarm for Site-to-Site VPN?

3 minute read

I have an AWS Site-to-Site VPN Connection. I want to use Amazon CloudWatch metrics to calculate throughput and set up a throughput-based notification.

Short description

Each tunnel in an AWS Site-to-Site VPN connection supports a maximum throughput of up to 1.25 Gbps. Use CloudWatch metrics to calculate throughput for an AWS Site-to-Site VPN connection. To create an alert for when throughput exceeds your specified values, create a CloudWatch alarm with an Amazon Simple Notification Service (Amazon SNS) notification.

Important: Throughput calculation is approximate and doesn't provide exact bandwidth usage up to the moment. A CloudWatch metrics alarm is effective for connections that exceed throughput for a duration of 15 minutes or more.

Resolution

Access the CloudWatch console, and choose the AWS Region that's associated with your virtual private network (VPN).
In the navigation pane, choose Metrics. Then, choose All metrics.
Under All Metrics, choose VPN. Then, choose VPN Tunnel Metrics.
Choose the TunnelDataIn and TunnelDataOut metrics for the VPN tunnel that you want to measure.
Choose the Graphed metrics tab, and then set the following parameters:
Statistics: SUM
Period: 5 minutes
Choose Add Math. From the dropdown list, choose Start with an empty expression.
After you choose Start with an empty expression, you see a math expression box. In this box, enter (m1+m2)*8/300.
This formula converts bytes per second (Bps) to bits per second (bps) to calculate the output. The variables represent the following values:
m1 = TunnelDataIn (in bytes)
m2 = TunnelDataOut (in bytes)
Choose Apply.
In the graphed metrics section, you see the expression that you added and the metrics in the expression. To see the representation in the graph section, select only the expression you added: (m1+m2)*8/300. The output result is in bits per second.
Note: Make sure to clear m1 and m2 so that you select only the math expression.
Configure your CloudWatch alarm for VPN connections. When you create the alarm, set the following values:
For Select metric, enter the expression that you created in step 7. Select only this expression.
In the Conditions section, set throughput value you want to monitor as a condition. For example, to get a notification when throughput reaches 100 Mbps, enter Greater/Equal(>=) 1,000,000,00.
In the Additional configuration section, set Datapoints to alarm to 3 out of 3.
(Optional) Set up Amazon SNS notifications for the CloudWatch alarm.

Related information

VPN tunnel metrics and dimensions

Topics

Management & Governance Networking & Content Delivery

Relevant content

VPN tunnel switching setting
Accepted Answer
rePost-User-6096129
asked 2 years ago
What is the maximum supported throughput of a transit gateway
AWS-User-787786
asked 2 years ago
Unable to establish a connection on VPN Tunnel 2
DB
asked a year ago
How to get a single Notification Alert through cloudwatch alarms, when the Site-To-Site VPN Tunnel is back to normal
Krishabh080
asked 10 days ago
Maximum throughput for incrementing an atomic counter in DynamoDB with On-Demand Capacity Throughput default quotas
Accepted Answer
Thomas_W
asked 4 years ago
How do I calculate throughput and set a CloudWatch alarm for AWS Direct Connect?
AWS OFFICIALUpdated a year ago
How can I calculate the maximum IOPS and throughput for an Amazon EBS volume?
AWS OFFICIALUpdated 2 years ago
How do I calculate throughput and set a CloudWatch alarm for Transit Gateway?
AWS OFFICIALUpdated a year ago
How do I monitor AWS VPN tunnels using Amazon CloudWatch alarms?
AWS OFFICIALUpdated a year ago
Efficiently way to use a dynamic BGP to create a VPN tunnel between AWS and Oracle Cloud Infrastructure
EXPERT
Vinay Gugueoth
published 6 months ago