All Products
Search
Document Center

NAT Gateway:Monitor and maintain Internet NAT gateways

Last Updated:Feb 20, 2024

You can use CloudMonitor to monitor Internet NAT gateways, collect information about inbound and outbound traffic, collect data on various metrics in real time, and generate time sequence curves in the NAT Gateway console. This allows you to troubleshoot issues.

增强型NAT网关

View monitoring data

  1. Log on to the NAT Gateway console.
  2. In the top navigation bar, select the region where you want to create the NAT gateway.
  3. On the Internet NAT Gateway page, find the Internet NAT gateway that you want to manage and click 监控 in the Monitor column.

    The following table describes the metrics.

    Category

    Metric

    Description

    Session Monitor

    SessionActiveConnection/ErrorPortAllocationCount(count)

    The maximum number of concurrent TCP and UDP connections that are supported by the NAT gateway.

    SessionLimitDropConnection(countS)

    The rate of concurrent connections that are dropped due to the limit of concurrent connections to the NAT gateway.

    SessionNewConnection/SessionNewLimitDropConnection(countS)

    • SessionNewConnection: the number of new TCP and UDP connections that are established to the NAT gateway per second.

    • SessionNewLimitDropConnection: the number of new connections that are dropped per second due to the limit of new connections that can be established to the NAT gateway per second.

    SessionNewConnectionWater/SessionNewLimitDropConnectionWater(%)

    • SessionNewConnectionWater: the percentage of established connections to the upper limit of connections.

    • SessionNewLimitDropConnectionWater: the percentage of established new connections to the upper limit of new connections.

    ErrorPortAllocationCount(count)

    The number of times that the NAT gateway fails to allocate a TCP or UDP port when the number of concurrent connections to the destination address exceeds the upper limit.

    Note
    • Each elastic IP address (EIP) provides a limited number of ports for SNAT. If the number of user sessions that access the same destination address is excessively large and the number of EIPs specified in SNAT entries is insufficient, port allocation may fail.

    • If the number of port allocation failures keeps increasing, we recommend that you specify more EIPs in SNAT entries. For more information, see Create an SNAT IP address pool.

    Incoming Flow Statistics

    BWRateToInside

    The amount of inbound traffic per second, including the following two metrics:

    • Rate of Traffic from Internet: the amount of traffic per second from the Internet to the NAT gateway.

    • Rate of Traffic to VPC: the amount of traffic per second from the NAT gateway to the VPC.

    BytesToInside(bytes)

    The total amount of inbound traffic, including the following two metrics:

    • Traffic from Internet: the amount of traffic from the Internet to the NAT gateway.

    • Traffic to VPC: the amount of traffic from the NAT gateway to the VPC.

    PacketsPerSecond(countS)

    The number of inbound packets per second, including the following two metrics:

    • Rate of Packets from Internet: the number of packets per second from the Internet to the NAT gateway.

    • Rate of Packets to VPC: the number of packets per second from the NAT gateway to the VPC.

    Packets(count)

    The total number of inbound packets, including the following two metrics:

    • Packets from Internet: the number of packets from the Internet to the NAT gateway.

    • Packets to VPC: the number of packets from the NAT gateway to the VPC.

    Outlet Flow Statistics

    BWRateToOutside(bps)

    The amount of outbound traffic per second, including the following two metrics:

    • Rate of Traffic to Internet: the amount of traffic per second from the NAT gateway to the Internet.

    • Rate of Traffic from VPC: the amount of traffic per second from the VPC to the NAT gateway.

    BytesToOutside(bytes)

    The total amount of outbound traffic, including the following two metrics:

    • Traffic to Internet: the amount of traffic from the NAT gateway to the Internet.

    • Traffic from VPC: the amount of traffic from the VPC to the NAT gateway.

    PacketsPerSecond(countS)

    The number of outbound packets per second, including the following two metrics:

    • Rate of Data Packets to Internet: the number of packets per second from the NAT gateway to the Internet.

    • Rate of Packets from VPC: the number of packets per second from the VPC to the NAT gateway.

    Packets(count)

    The number of outbound packets, including the following two metrics:

    • Packets to Internet: the number of packets from the NAT gateway to the Internet.

    • Packets from VPC: the number of packets from the VPC to the NAT gateway.

View traffic monitoring data collected by NAT gateways

If your Elastic Compute Service (ECS) instances access the Internet through SNAT, abnormal traffic on some ECS instances can affect other ECS instances. After you enable the traffic monitoring feature, you can view the traffic monitoring data of ECS instances that access the Internet through SNAT. This allows you to find the ECS instances with the highest data transfer. You can manage data transfer rules of these ECS instances to identify and handle issues and improve service stability. Before you view traffic monitoring data, make sure that the following requirements are met:

  1. Log on to the NAT Gateway console.
  2. In the top navigation bar, select the region where you want to create the NAT gateway.
  3. On the Internet NAT Gateway page, find the NAT gateway that you want to manage and click Manage in the Actions column.
  4. On the Basic Information page, click the Monitor tab.

  5. Click the Traffic Details tab to view the traffic monitoring data.

    • You can view traffic monitoring data at a time granularity level of minutes. For example, you can view traffic monitoring data between 18:30:00 on January 26, 2022 to 18:31:00 on January 26, 2022.

      Note
      • After you enable traffic monitoring, you must wait about 15 minutes before you can view the traffic monitoring data.

      • The monitoring data may not be up-to-date and has a delay of 3 to 5 minutes. For example, if you want to view traffic monitoring data at 18:30 on January 26, 2022, you can view only the data collected before 18:25 on January 26, 2022. You cannot view the data collected after 18:25 on January 26, 2022.

      • The traffic monitoring feature can display the top 100 ECS instances with the largest amount of data transfer.

    • The following table describes the metrics of the traffic monitoring feature.

      Metric

      Unit

      Description

      Inbound Traffic

      bps

      Note

      The unit in the console prevails.

      The amount of traffic from the Internet to an ECS instance per second.

      Outbound Traffic

      bps

      Note

      The unit in the console prevails.

      The amount of traffic from an ECS instance to the Internet per second.

      Inbound Packets Per Second

      Packets/second

      The number of packets from the Internet to ECS instances per second.

      Outbound Packets Per Second

      Connections/second

      The number of packets from an ECS instance to the Internet per second.

      Concurrent Connections

      Connections

      The number of concurrent connections established by an ECS instance that accesses the Internet through the NAT gateway.

      New Connections per Second

      Connections/second

      The number of new connections established per second by an ECS instance that accesses the Internet through the NAT gateway.

View the monitoring data of EIPs that are associated with NAT gateways

  1. Log on to the NAT Gateway console.
  2. In the top navigation bar, select the region where you want to create the NAT gateway.
  3. On the Internet NAT Gateway page, find the NAT gateway that you want to manage and click Manage in the Actions column.
  4. Click the Monitor tab. Then, click the EIP Monitoring Associated with NAT Service tab to view the monitoring metrics.

    Metric

    Description

    VBRInternetInRate

    The bandwidth for traffic from the Internet to ECS instances. Unit: bit/s.

    VBRInternetOutRate

    The bandwidth for traffic from ECS instances to the Internet. Unit: bit/s.

    Inbound Packet Rate

    The number of packets from the Internet to ECS instances. Unit: packets per second (PPS).

    Outbound Packet Rate

    The number of packets from ECS instances to the Internet. Unit: PPS.

    Rate of Outbound Packet Dropped

    The number of packets dropped per second due to throttling. Unit: PPS.

    In Ratelimit Drop Speed

    The number of packets dropped per second due to throttling. Unit: PPS.

    InternetInRatePercentage

    The bandwidth usage of inbound traffic from the Internet to ECS instances.

    InternetOutRatePercentage

    The bandwidth usage of outbound traffic from ECS instances to the Internet.

Create an alert rule

You can create alert rules to monitor the usage and status of Internet NAT gateways in real time. This ensures the stability of your workloads.

  1. Log on to the CloudMonitor console.

  2. In the left-side navigation pane, choose Alerts > Alert Rules.

  3. On the Alert Rules page, click Create Alert Rule.

  4. In the Create Alert Rule panel, set the following parameters and click Confirm:

    This topic describes only the key parameters. For more information about the other parameters, see Create an alert rule.

    Parameter

    Description

    Product

    The name of the service that you want to monitor by using CloudMonitor. Example: enhanced_nat_gateway.

    Resource Range

    The resources to which the alert rule is applied. Valid values:

    • All Resources: The alert rule is applied to all your instances of the specified type. For example, if you set the Resource Range parameter to All Resources and the alert threshold for CPU utilization to 80% for ApsaraDB for MongoDB, CloudMonitor sends an alert notification when the CPU utilization of an ApsaraDB for MongoDB instance exceeds 80%. If you set the Resource Range parameter to All Resources, the alert rule is applied to up to 1,000 instances. If the specified service has more than 1,000 instances, you may not receive an alert notification when the value of the specified metric reaches the threshold. We recommend that you add resources to application groups before you create alert rules.

    • Instances: The alert rule is applied to a specific instance. For example, if you set the Resource Range parameter to Instances and the alert threshold of CPU utilization to 80% for an ECS instance, CloudMonitor sends an alert notification when the CPU utilization of the ECS instance exceeds 80%.

    Rule Name

    Enter a name for the alert rule.

    Rule Description

    The content of the alert rule. This parameter specifies the conditions that are used to trigger the alert rule. For example, if the condition specifies that the average CPU utilization in 5 minutes is greater than or equal to 90% for three consecutive cycles, CloudMonitor checks whether the condition is met for only three times every 5 minutes.

    Mute For

    The period during which an alert is muted. This parameter specifies the interval at which an alert notification is sent to the specified contacts if the alert is not cleared.

    Effective Period

    Set the period during which the alert rule is effective. The system monitors the metrics and generates alerts only during the effective period.

    Alert Contact Group

    The contact group to which alert notifications are sent.

    Advanced Settings

    HTTP Callback

    The webhook URL that can be accessed over the Internet. CloudMonitor sends a POST request to push an alert notification to the webhook URL that you specify. Only HTTP requests are supported.

    Method to handle alerts when no monitoring data is found

    Specify the method that is used to handle alerts if no monitoring data exists. Valid values:

    • Do not do anything (default)

    • Send alert notifications

    • Treated as normal

    Tag

    Specify tags for the alert rule. A tag consists of a key and a value.

References