AWS ALB
Introduction
Amazon Application Load Balancer (ALB) is a managed load balancing service provided by Amazon Web Services (AWS). It operates at the application layer (Layer 7) of the OSI model, enabling it to route traffic based on various request attributes. ALB is designed to distribute incoming application traffic across multiple targets, such as EC2 instances, containers, IP addresses, and Lambda functions, within one or more Availability Zones.
Getting Started
Compatibility
The ALB metricsets were tested with AWS Load Balancer of type Applications Load Balnacer.
Data Collection Method
vuSmartmaps collect health and performance data for AWS ALB O11ySource using an internal agent. This agent collects data based on the source's configuration.
Prerequisites
Dependent Configuration
To configure this O11ySource, create a 'credential' of type 'aws' under the 'Definition' tab.
Inputs for Configuring Data Source
- Data Source Name: The AWS ALB data source that will uniqly identify the source.
- AWS Region: AWS Region where the instance of this component is running. For eg: Asia Pacific (Mumbai), the region would be ap-south-1.
- AWS Credential: AWS credential that provides Access key and Secret key to access Cloudwatch.
- Period (in minutes): Specifies the interval in minutes at which data is collected. Data collection occurs once every specified period. The period should be between 1 - 60 minutes.
Firewall Requirement
To collect data from this O11ySource, ensure the following ports are opened:
| Source IP | Destination IP | Destination Port | Protocol | Direction |
|---|---|---|---|---|
| vuSmartMaps IP | AWS CloudWatch IPs | 443* | TCP | Outbound |
*Before providing the firewall requirements, please update the port based on the customer environment.
Configuring the Target
Health and Performance metrics of AWS ALB is collected through CloudWatch service. So AWS CloudWatch services must be enabled in your AWS account.
An IAM role or user with the following permissions to access CloudWatch metrics:
- cloudwatch:GetMetricData
- cloudwatch:ListMetrics
Configuration Steps
- Enable the O11ySource.
- Select the Sources tab and press the
+button to add a new ALB instance to be monitored. - Populate all the configurations. Click on
Saveto create the instance.
Metrics Collected
| Name | Description | Data Type |
|---|---|---|
| ActiveConnectionCountMax | The total number of concurrent TCP connections active from clients to the load balancer and from the load balancer to targets. | UInt64 |
| ActiveConnectionCountSum | The total number of concurrent TCP connections active from clients to the load balancer and from the load balancer to targets. | UInt64 |
| AnomalousHostCountMax | The number of hosts detected with anomalies. | UInt64 |
| AnomalousHostCountSum | The number of hosts detected with anomalies. | UInt64 |
| ClientTLSNegotiationErrorCount | The number of TLS connections initiated by the client that did not establish a session with the load balancer due to a TLS error. Possible causes include a mismatch of ciphers or protocols or the client failing to verify the server certificate and closing the connection. | UInt64 |
| ConsumedLCUs | The number of load balancer capacity units (LCU) used by your load balancer. You pay for the number of LCUs that you use per hour. | Float64 |
| DesyncMitigationMode_NonCompliant_Request_Count | The number of requests that do not comply with RFC 7230. | UInt64 |
| DroppedInvalidHeaderRequestCount | The number of requests where the load balancer removed HTTP headers with header fields that are not valid before routing the request. The load balancer removes these headers only if the routing.http.drop_invalid_header_fields.enabled attribute is set to true. | UInt64 |
| MitigatedHostCountMax | The number of targets under mitigation. | UInt64 |
| MitigatedHostCountSum | The number of targets under mitigation. | UInt64 |
| ForwardedInvalidHeaderRequestCount | The number of requests routed by the load balancer that had HTTP headers with header fields that are not valid. The load balancer forwards requests with these headers only if the routing.http.drop_invalid_header_fields.enabled attribute is set to false. | UInt64 |
| GrpcRequestCount | The number of gRPC requests processed over IPv4 and IPv6. | UInt64 |
| HTTP_Fixed_Response_Count | The number of fixed-response actions that were successful. | UInt64 |
| HTTP_Redirect_Count | The number of redirect actions that were successful. | UInt64 |
| HTTP_Redirect_Url_Limit_Exceeded_Count | The number of redirect actions that couldn't be completed because the URL in the response location header is larger than 8K. | UInt64 |
| HTTPCode_ELB_3XX_Count | The number of HTTP 3XX redirection codes that originate from the load balancer. This count does not include response codes generated by targets. | UInt64 |
| HTTPCode_ELB_4XX_Count | The number of HTTP 4XX client error codes that originate from the load balancer. This count does not include response codes generated by targets. Client errors are generated when requests are malformed or incomplete. These requests were not received by the target, other than in the case where the load balancer returns an HTTP 460 error code. This count does not include any response codes generated by the targets. | UInt64 |
| HTTPCode_ELB_5XX_Count | The number of HTTP 5XX server error codes that originate from the load balancer. This count does not include any response codes generated by the targets. | UInt64 |
| HTTPCode_ELB_500_Count | The number of HTTP 500 error codes that originate from the load balancer. | UInt64 |
| HTTPCode_ELB_502_Count | The number of HTTP 502 error codes that originate from the load balancer. | UInt64 |
| HTTPCode_ELB_503_Count | The number of HTTP 503 error codes that originate from the load balancer. | UInt64 |
| HTTPCode_ELB_504_Count | The number of HTTP 504 error codes that originate from the load balancer. | UInt64 |
| IPv6ProcessedBytes | The total number of bytes processed by the load balancer over IPv6. This count is included in ProcessedBytes. | UInt64 |
| IPv6RequestCount | The number of IPv6 requests received by the load balancer. | UInt64 |
| NewConnectionCount | The total number of new TCP connections established from clients to the load balancer and from the load balancer to targets. | UInt64 |
| NonStickyRequestCount | The number of requests where the load balancer chose a new target because it couldn't use an existing sticky session. For example, the request was the first request from a new client and no stickiness cookie was presented, a stickiness cookie was presented but it did not specify a target that was registered with this target group, the stickiness cookie was malformed or expired, or an internal error prevented the load balancer from reading the stickiness cookie. | UInt64 |
| ProcessedBytes | The total number of bytes processed by the load balancer over IPv4 and IPv6 (HTTP header and HTTP payload). This count includes traffic to and from clients and Lambda functions, and traffic from an Identity Provider (IdP) if user authentication is enabled. | UInt64 |
| RejectedConnectionCount | The number of connections that were rejected because the load balancer had reached its maximum number of connections. | UInt64 |
| RequestCount | The number of requests processed over IPv4 and IPv6. This metric is only incremented for requests where the load balancer node was able to choose a target. Requests that are rejected before a target is chosen are not reflected in this metric. | UInt64 |
| RuleEvaluations | The number of rules processed by the load balancer given a request rate averaged over an hour. | UInt64 |
| HealthyHostCount | The number of targets that are considered healthy. | UInt64 |
| HTTPCode_Target_2XX_Count | The number of HTTP 2xx response codes generated by the targets. This does not include any response codes generated by the load balancer | UInt64 |
| HTTPCode_Target_3XX_Count | The number of HTTP 3xx response codes generated by the targets. This does not include any response codes generated by the load balancer | UInt64 |
| HTTPCode_Target_4XX_Count | The number of HTTP 4xx response codes generated by the targets. This does not include any response codes generated by the load balancer | UInt64 |
| HTTPCode_Target_5XX_Count | The number of HTTP 5xx response codes generated by the targets. This does not include any response codes generated by the load balancer | UInt64 |
| RequestCountPerTarget | The average request count per target, in a target group. You must specify the target group using the TargetGroup dimension. This metric does not apply if the target is a Lambda function. This count uses the total number of requests received by the target group, divided by the number of healthy targets in the target group. If there are no healthy targets in the target group, the total number of targets is reported. | UInt64 |
| TargetConnectionErrorCount | The number of connections that were not successfully established between the load balancer and target. This metric does not apply if the target is a Lambda function. | UInt64 |
| TargetResponseTimeAvg | The time elapsed, in seconds, after the request leaves the load balancer until the target starts to send the response headers. This is equivalent to the target_processing_time field in the access logs. | Float64 |
| TargetResponseTimeMax | The time elapsed, in seconds, after the request leaves the load balancer until the target starts to send the response headers. This is equivalent to the target_processing_time field in the access logs. | Float64 |
| TargetTLSNegotiationErrorCount | The number of TLS connections initiated by the load balancer that did not establish a session with the target. Possible causes include a mismatch of ciphers or protocols. This metric does not apply if the target is a Lambda function. | UInt64 |
| UnHealthyHostCount | The number of targets that are considered unhealthy. | UInt64 |
| HealthyStateDNS | The number of zones that meet the DNS healthy state requirements. | UInt64 |
| HealthyStateRouting | The number of zones that meet the routing healthy state requirements. | UInt64 |
| UnhealthyRoutingRequestCount | The number of requests that are routed using the routing failover action (fail open). | UInt64 |
| UnhealthyStateDNS | The number of zones that do not meet the DNS healthy state requirements and therefore were marked unhealthy in DNS. | UInt64 |
| UnhealthyStateRouting | The number of zones that do not meet the routing healthy state requirements, and therefore the load balancer distributes traffic to all targets in the zone, including the unhealthy targets. | UInt64 |
| Timestamp | Timestamp at metricsets collected | DateTime |
| Tenant ID | Tenant ID | String |
| BU ID | BU ID | String |
| Interval | Time interval at which data are polling | UInt8 |
| Region | AWS Region of Load Balancer | String |
| Availability Zone | Availabilty zone of Load Balancer | String |
| Load Balancer | Load balancer name | String |
| Target Group | Target group of load balancer | String |
| O11ySource Name | Vublock Name | String |
