This topic describes how to use CloudMonitor to monitor Internet NAT gateways. CloudMonitor monitors Internet NAT gateways, collects data on various metrics in real time, and generates time sequence curves in the Public NAT Gateway console. You can troubleshoot issues based on the metrics. In this topic, the term NAT gateway refers to an Internet NAT gateway.

Enhanced NAT gateway

View monitoring data

  1. Log on to the NAT Gateway console.
  2. In the top navigation bar, select the region where you want to deploy the NAT gateway.
  3. On the Public NAT Gateway page, find the NAT gateway that you want to manage and click in the Monitoring column.

    The metrics vary based on the type of NAT gateway.

    Table 1. Enhanced NAT gateway
    Metric category Metric Description
    Session Monitor SessionActiveConnection The maximum number of concurrent TCP and UDP connections that are supported by the NAT gateway.
    SessionLimitDropConnection The rate of concurrent connections that are dropped due to the limit of concurrent connections to the NAT gateway.
    SessionNewConnection/SessionNewLimitDropConnection
    • SessionNewConnection: the number of TCP and UDP connections that are established to the NAT gateway per second.
    • SessionNewLimitDropConnection: the number of new connections that are dropped per second due to the limit of new connections that can be established to the NAT gateway per second.
    SessionNewConnectionWater/SessionNewLimitDropConnectionWater
    • SessionNewConnectionWater: the ratio of established connections to the upper limit of connections.
    • SessionNewLimitDropConnectionWater: the ratio of established new connections to the upper limit of new connections.
    Out Internet Monitor BWRateToInside The amount of inbound traffic per second, including the following two metrics:
    • Traffic Rate from the Internet: the amount of traffic per second from the Internet to the NAT gateway.
    • Traffic Rate to VPC: the amount of traffic per second from the NAT gateway to the VPC.
    BytesToInside The total amount of inbound traffic, including the following two metrics:
    • Traffic from the Internet: the amount traffic from the Internet to the NAT gateway.
    • Traffic to VPC: the amount of traffic from the NAT gateway to the VPC.
    PacketsPerSecond The number of inbound packets per second, including the following two metrics:
    • Packet Rate from the Internet: the number of packets per second from the Internet to the NAT gateway.
    • Packet Rate to VPC: the number of packets per second from the NAT gateway to the VPC.
    Packets The total number of inbound packets, including the following two metrics:
    • Packets from the Internet: the number of packets from the Internet to the NAT gateway.
    • Packets to VPC: the number of packets from the NAT gateway to the VPC.
    Out Vpc Monitor BWRateToOutside The amount of outbound traffic per second, including the following two metrics:
    • Traffic Rate to the Internet: the amount of traffic per second from the NAT gateway to the Internet.
    • Traffic Rate from VPC: the amount of traffic per second from the VPC to the NAT gateway.
    BytesToOutside The total amount of outbound traffic, including the following two metrics:
    • Traffic to the Internet: the amount of traffic from the NAT gateway to the Internet.
    • Traffic from VPC: the amount of traffic from the VPC to the NAT gateway.
    PacketsPerSecond The number of outbound packets per second, including the following two metrics:
    • Packet Rate to the Internet: the number of packets per second from the NAT gateway to the Internet.
    • Packet Rate from VPC: the number of packets per second from the VPC to the NAT gateway.
    Packets The number of outbound packets, including the following two metrics:
    • Packets to the Internet: the number of packets from the NAT gateway to the Internet.
    • Packets from VPC: the number of packets from the VPC to the NAT gateway.
    Table 2. Standard NAT gateway
    Metric Description
    SnatConnection The number of SNAT connections to the NAT gateway per minute.
    SnatConnectionDrop_ConcurrentConnectionLimit The size of a NAT gateway determines the maximum number of SNAT connections supported by the NAT gateway. This metric displays the number of SNAT connections that are dropped when the upper limit of SNAT connections is reached.
    Note This metric is cumulative and the collected statistics cannot be cleared.
    • If the value of this metric continues to increase within a period of time, we recommend that you upgrade your NAT gateway.
    • If the value of this metric remains unchanged within a period of time, the upper limit of SNAT connections is not reached. Therefore, no SNAT connection is dropped.
    SnatConnectionDrop_ConnectionRateLimit The size of a NAT gateway determines the maximum number of new SNAT connections that can be established to the NAT gateway per second. This metric displays the number of new SNAT connections that are dropped when the maximum number of new SNAT connections per second is reached.
    Note This metric is cumulative and the collected statistics cannot be cleared.
    • If the value of this metric continues to increase within a period of time, we recommend that you upgrade your NAT gateway.
    • If the value of this metric remains unchanged within a period of time, the upper limit of new SNAT connections per second is not reached. Therefore, no new SNAT connection is dropped.

View traffic monitoring data collected by NAT gateways

If your Elastic Compute Service (ECS) instances access the Internet through SNAT, abnormal traffic on some ECS instances can affect other ECS instances. After you enable the traffic monitoring feature, you can view the traffic monitoring data of ECS instances that access the Internet through SNAT. This allows you to find the ECS instances with the highest data transfer. You can manage data transfer rules of these ECS instances to handle issues and improve stability. Before you view traffic monitoring data, make sure that the following requirements are met:

  1. Log on to the NAT Gateway console.
  2. In the top navigation bar, select the region where you want to deploy the NAT gateway.
  3. On the Public NAT Gateway page, find the NAT gateway that you want to manage and click Manage in the Actions column.
  4. On the Basic Information page, click the Monitor tab.
  5. Click the Traffic Details tab and turn on Traffic Monitoring.
    You can view traffic monitoring data at a time granularity level of minutes. For example, you can view traffic monitoring data between 18:30:00 on January 26, 2021 to 18:31:00 on January 26, 2021.
    Note
    • After you enable traffic monitoring, you must wait about 15 minutes before you can view the traffic monitoring data.
    • The monitoring data may be delayed by 3 to 5 minutes. For example, if you want to view traffic monitoring data at 18:30 on January 26, 2021, you can view only the data collected before 18:25 on January 26, 2021. You cannot view the data collected after 18:25 on January 26, 2021.
    • The traffic monitoring feature can display the top 100 ECS instances with the highest data transfer.
    Monitoring metric Unit Description
    Concurrent Connections Connections The number of concurrent connections established by an ECS instance that accesses the Internet through the NAT gateway.
    New Connections per Second Connections/second The number of new connections established per second by an ECS instance that accesses the Internet through the NAT gateway.
    Inbound Traffic Kbps The amount of traffic from the Internet to ECS instances per second.
    Outbound Traffic Kbps The amount of traffic from an ECS instance to the Internet per second.
    Inbound Packets per Second Packets/second The number of packets from the Internet to an ECS instance per second.
    Outbound Packets per Second Packets/second The number of packets from an ECS instance to the Internet per second.

View the monitoring data of EIPs that are associated with NAT gateways

  1. Log on to the NAT Gateway console.
  2. In the top navigation bar, select the region where you want to deploy the NAT gateway.
  3. On the Public NAT Gateway page, find the NAT gateway that you want to manage and click Manage in the Actions column.
  4. Click the Monitor tab.
  5. Click the EIP Monitoring Associated with NAT Service tab to view the monitoring metrics.
    Metric Description
    Inbound Bandwidth The bandwidth for traffic from the Internet to ECS instances. Unit: bit/s.
    Outbound Bandwidth The bandwidth for traffic from ECS instances to the Internet. Unit: bit/s.
    Inbound Packet Rate The number of packets sent from the Internet to ECS instances per second.
    Outbound Packet Rate The number of packets sent from ECS instances to the Internet per second.
    Out Ratelimit Drop Speed The rate of packets that are dropped due to the upper limit of packets that can be transmitted per second.
    InternetInRatePercentage The bandwidth usage of inbound traffic from the Internet to ECS instances.
    InternetOutRatePercentage The bandwidth usage of outbound traffic from ECS instances to the Internet.

Create an alert rule

You can create alert rules to monitor the usage and status of NAT gateways in real time. This ensures the stability of your workloads.

  1. Log on to the CloudMonitor console.
  2. In the left-side navigation pane, choose Alerts > Alert Rules.
  3. On the Threshold Value Alert tab, click Create Alert Rule.
  4. On the Create Alert Rule page, set the parameters for an alert rule.
    Parameter Description
    Product The name of the service that can be monitored by CloudMonitor. Example: enhanced_nat_gateway.
    Resource Range The resources to which the alert rule applies. Valid values:
    • All Resources: The alert rule applies to all the instances of the specified service. For example, if you set the Resource Range parameter to All Resources and the alert threshold for CPU utilization to 80% for ApsaraDB for MongoDB, CloudMonitor sends an alert when the CPU utilization of an ApsaraDB for MongoDB instance exceeds 80%. If you set the Resource Range parameter to All Resources, the alert rule applies to up to 1,000 instances. If the specified service has more than 1,000 instances, you may not receive alerts when the value of the specified metric reaches the threshold. We recommend that you add resources to application groups before you create alert rules.
    • Instances: The alert rule applies to a specific instance. For example, if you set the Resource Range parameter to Instances and the alert threshold of CPU utilization to 80% for an ECS instance, CloudMonitor sends an alert when the CPU utilization of the ECS instance exceeds 80%.
    Alert Rule Specify the name of the alert rule.
    Rule Description The content of the alert rule. This parameter defines the conditions that trigger an alert. For example, if the condition specifies that the average CPU utilization in 5 minutes is greater than or equal to 90% for three consecutive cycles, CloudMonitor checks whether the condition is met for only three times every 5 minutes.
    Mute for The period during which an alert is muted. This parameter specifies the interval at which an alert notification is sent to the specified contacts if the alert is not cleared.
    Effective Period The period when the alert rule takes effect. The system monitors the metrics and generates alerts only if the alert rule is effective.
    Notification Contact The contact group to which alert notifications are sent.
    Notification Methods

    Email + DingTalk (Info) is selected by default.

    Auto Scaling If you select Auto Scaling, the specified scaling rule is triggered when an alert is generated. You must set the Region, ESS Group, and ESS Rule parameters.
    Log Service If you select Log Service, the alert message is written to Log Service when an alert is generated. You must set the Region, Project, and Logstore parameters.

    For more information about how to create a project and a Logstore, see Quick Start.

    Email Remark The custom remarks that you want to include in the alert notification email.
    HTTP WebHook The URL that can be accessed over the Internet. CloudMonitor sends a POST request to push an alert message to the specified URL. Only HTTP requests are supported.
  5. Click Confirm.

References