AWS NLB
Introduction
An Amazon Network Load Balancer (NLB) is a highly scalable and robust load balancing service provided by Amazon Web Services. It is specifically designed to handle large volumes of network traffic and operate at the transport layer (Layer 4) of the OSI model, making it suitable for distributing TCP, UDP, and TLS traffic.
Getting Started
Compatibility
vuSmartMaps supports the monitoring of the flow of traffic in your AWS Network Load Balancer (NLB)
Data Collection Method
vuSmartMaps collects health and performance data for AWS NLB using VuNet's Internal Data Collector.
Prerequisites
Dependent Configuration
To configure this O11ySource, create a 'credential' of type 'aws' under the 'Definition' tab.
Inputs for Configuring Data Source
- NLB Data Source Name: The NLB data source name that will uniqly identify the source.
- AWS Region: AWS Region where the instance of this component is running. For eg: Asia Pacific (Mumbai), the region would be ap-south-1.
- AWS Credential: AWS credential that provides Access key and Secret key to access Cloudwatch.
- Period (in minutes): Specifies the interval in minutes at which data is collected. Data collection occurs once every specified period. The period should be between 1 - 60 minutes.
Firewall Requirement
To collect data from this O11ySource, ensure the following ports are opened:
| Source IP | Destination IP | Destination Port | Protocol | Direction |
|---|---|---|---|---|
| vuSmartMaps IP | AWS CloudWatch IPs | 443* | TCP | Outbound |
*Before providing the firewall requirements, please update the port based on the customer environment.
Configuring the Target
Health and Performance metrics of AWS NLB is collected through CloudWatch service. So AWS CloudWatch services must be enabled in your AWS account.
An IAM role or user with the following permissions to access CloudWatch metrics:
- cloudwatch:GetMetricData
- cloudwatch:ListMetrics
Configuration Steps
Enablethe O11ySource.- Select the sources tab and press the
+button to add a new instance that has to be monitored. - Provide the required configurations:
- *NLB Data Source Name
- *AWS Region
- *Credential
- *Period
- Click
Saveto close the data source window.
Metrics Collected
| Name | Description | Data Type |
|---|---|---|
| Timestamp | Timestamp at which metrics are collected from source. | DateTime |
| O11ySource Name | The name of the observability source. | String |
| Tenant ID | Tenant ID. | String |
| BU ID | BU ID. | String |
| Target | Target server at which the agent is running. | String |
| Interval | Time interval at which data are polling. | UInt8 |
| Region | AWS Region at which the load balancer instance is configured. | String |
| Load Balancer Name | The availability zone of the load balancer instance. | String |
| Target Group | The target group of the load balancer | String |
| ActiveFlowCountMaximum | The maximum number of concurrent flows (or connections) from clients to targets. This metric includes connections in the SYN_SENT and ESTABLISHED states. TCP connections are not terminated at the load balancer, so a client opening a TCP connection to a target counts as a single flow. | UInt32 |
| ActiveFlowCount_TCPMaximum | The maximum number of concurrent TCP flows (or connections) from clients to targets. This metric includes connections in the SYN_SENT and ESTABLISHED state. TCP connections are not terminated at the load balancer, so a client opening a TCP connection to a target counts as a single flow. | UInt32 |
| ActiveFlowCount_TLSMaximum | The maximum number of concurrent TLS flows (or connections) from clients to targets. This metric includes connections in the SYN_SENT and ESTABLISHED state. | UInt32 |
| ActiveFlowCount_UDPMaximum | The maximum number of concurrent UDP flows (or connections) from clients to targets. | UInt32 |
| ActiveFlowCountTotal | The total number of concurrent flows (or connections) from clients to targets. This metric includes connections in the SYN_SENT and ESTABLISHED states. TCP connections are not terminated at the load balancer, so a client opening a TCP connection to a target counts as a single flow. | UInt32 |
| ActiveFlowCount_TCPTotal | The total number of concurrent TCP flows (or connections) from clients to targets. This metric includes connections in the SYN_SENT and ESTABLISHED state. TCP connections are not terminated at the load balancer, so a client opening a TCP connection to a target counts as a single flow. | UInt32 |
| ActiveFlowCount_TLSTotal | The total number of concurrent TLS flows (or connections) from clients to targets. This metric includes connections in the SYN_SENT and ESTABLISHED state. | UInt32 |
| ActiveFlowCount_UDPTotal | The total number of concurrent UDP flows (or connections) from clients to targets. | UInt32 |
| ClientTLSNegotiationErrorCount | The total number of TLS handshakes that failed during negotiation between a client and a TLS listener. | UInt64 |
| ConsumedLCUsAverage | The average number of load balancer capacity units (LCU) used by your load balancer. You pay for the number of LCUs that you use per hour. | Float32 |
| ConsumedLCUs_TCPAverage | The average number of load balancer capacity units (LCU) used by your load balancer for TCP. You pay for the number of LCUs that you use per hour. | Float32 |
| ConsumedLCUs_TLSAverage | The average number of load balancer capacity units (LCU) used by your load balancer for TLS. You pay for the number of LCUs that you use per hour. | Float32 |
| ConsumedLCUs_UDPAverage | The average number of load balancer capacity units (LCU) used by your load balancer for UDP. You pay for the number of LCUs that you use per hour. | Float32 |
| ConsumedLCUsMaximum | The maximum number of load balancer capacity units (LCU) used by your load balancer. You pay for the number of LCUs that you use per hour. | Float32 |
| ConsumedLCUs_TCPMaximum | The maximum number of load balancer capacity units (LCU) used by your load balancer for TCP. You pay for the number of LCUs that you use per hour. | Float32 |
| ConsumedLCUs_TLSMaximum | The maximum number of load balancer capacity units (LCU) used by your load balancer for TLS. You pay for the number of LCUs that you use per hour. | Float32 |
| ConsumedLCUs_UDPMaximum | The maximum number of load balancer capacity units (LCU) used by your load balancer for UDP. You pay for the number of LCUs that you use per hour. | Float32 |
| HealthyHostCountMaximum | The maximum number of targets that are considered healthy. This metric does not include any Application Load Balancers registered as targets. | UInt32 |
| HealthyHostCountMinimum | The minimum number of targets that are considered healthy. This metric does not include any Application Load Balancers registered as targets. | UInt32 |
| NewFlowCount | The total number of new flows (or connections) established from clients to targets in the time period. | UInt64 |
| NewFlowCount_TCP | The total number of new TCP flows (or connections) established from clients to targets in the time period. | UInt64 |
| NewFlowCount_TLS | The total number of new TLS flows (or connections) established from clients to targets in the time period. | UInt64 |
| NewFlowCount_UDP | The total number of new UDP flows (or connections) established from clients to targets in the time period. | UInt64 |
| PeakPacketsPerSecond | Highest average packet rate (packets processed per second), calculated every 10 seconds during the sampling window. This metric includes health check traffic. | UInt32 |
| PortAllocationErrorCount | The total number of ephemeral port allocation errors during a client IP translation operation. A non-zero value indicates dropped client connections. Note: Network Load Balancers support 55,000 simultaneous connections or about 55,000 connections per minute to each unique target (IP address and port) when performing client address translation. To fix port allocation errors, add more targets to the target group. | UInt64 |
| ProcessedBytes | The total number of bytes processed by the load balancer, including TCP/IP headers. This count includes traffic to and from targets, minus health check traffic. | Float64 |
| ProcessedBytes_TCP | The total number of bytes processed by TCP listeners. | Float64 |
| ProcessedBytes_TLS | The total number of bytes processed by TLS listeners. | Float64 |
| ProcessedBytes_UDP | The total number of bytes processed by UDP listeners. | Float64 |
| ProcessedPackets | The total number of packets processed by the load balancer. This count includes traffic to and from targets, including health check traffic. | UInt64 |
| SecurityGroupBlockedFlowCount_Inbound_ICMP | The number of new ICMP messages rejected by the inbound rules of the load balancer security groups. | UInt64 |
| SecurityGroupBlockedFlowCount_Inbound_TCP | The number of new TCP flows rejected by the inbound rules of the load balancer security groups. | UInt64 |
| SecurityGroupBlockedFlowCount_Inbound_UDP | The number of new UDP flows rejected by the inbound rules of the load balancer security groups. | UInt64 |
| SecurityGroupBlockedFlowCount_Outbound_ICMP | The number of new ICMP messages rejected by the outbound rules of the load balancer security groups. | UInt64 |
| SecurityGroupBlockedFlowCount_Outbound_TCP | The number of new TCP flows rejected by the outbound rules of the load balancer security groups. | UInt64 |
| SecurityGroupBlockedFlowCount_Outbound_UDP | The number of new UDP flows rejected by the outbound rules of the load balancer security groups. | UInt64 |
| TargetTLSNegotiationErrorCount | The total number of TLS handshakes that failed during negotiation between a TLS listener and a target. | UInt64 |
| TCP_Client_Reset_Count | The total number of reset (RST) packets sent from a client to a target. These resets are generated by the client and forwarded by the load balancer. | UInt64 |
| TCP_ELB_Reset_Count | The total number of reset (RST) packets generated by the load balancer. | UInt64 |
| TCP_Target_Reset_Count | The total number of reset (RST) packets sent from a target to a client. These resets are generated by the target and forwarded by the load balancer. | UInt64 |
| UnHealthyHostCountMaximum | The maximum number of targets that are considered unhealthy. This metric does not include any Application Load Balancers registered as targets. | UInt32 |
| UnHealthyHostCountMinimum | The minimum number of targets that are considered unhealthy. This metric does not include any Application Load Balancers registered as targets. | UInt32 |
| UnhealthyRoutingFlowCount | The number of flows (or connections) that are routed using the routing failover action (fail open). | UInt64 |
