Site-to-Site VPN Metrics
You can monitor the health, capacity, and performance of your Site-to-Site VPN by using metrics, alarms, and notifications. For more information, see Monitoring and Notifications.
This topic describes the metrics emitted by the metric namespace oci_vpn.
Resources: IPSec connections.
Overview of Metrics: oci_vpn
The available metrics help you determine quickly if your Site-to-Site VPN is up, how much data is flowing over the connection, and if packets are being dropped for unexpected errors.
Site-to-Site VPN includes these resources:
- An IPSec connection, which you can think of as the parent resource (identified by
parentResourceIdin the following discussion). - One or more individual tunnels associated with that IPSec connection (each identified by the tunnel's
publicIpin the following discussion).
Required IAM Policy
To monitor resources, you must be granted the required type of access in a policy written by an administrator, whether you're using the Console or the REST API with an SDK, CLI, or other tool. The policy must give you access to both the monitoring services and the resources being monitored. If you try to perform an action and get a message that you don't have permission or are unauthorized, contact the administrator to find out what type of access you were granted and which compartment you need to work in. For more information about user authorizations for monitoring, see IAM Policies.
Available Metrics: oci_vpn
The metrics listed in the following table are automatically available for any Site-to-Site VPN that you create. You do not need to enable monitoring on the resource to get these metrics.
You also can use the Monitoring service to create custom queries. See Building Metric Queries.
Each metric includes the following dimensions:
- PARENTRESOURCEID
- The OCID of the IPSec connection (the parent resource). The connection has multiple individual tunnels.
- PUBLICIP
- Although each tunnel has its own OCID , it can be easier to use the
publicIpdimension to identify a specific IPSec tunnel in the connection. The value is the public IP address of the Oracle end of the tunnel (also known as the Oracle VPN headend).
| Metric | Metric Display Name | Unit | Description | Dimensions |
|---|---|---|---|---|
TunnelState
|
IPSec Tunnel State |
Binary (1 or 0) |
Whether the tunnel is up (1) or down (0). |
|
PacketsReceived
|
Packets Received |
Packets |
Number of packets received at the Oracle end of the connection. |
|
BytesReceived
|
Bytes Received |
Bytes |
Number of bytes received at the Oracle end of the connection. |
|
PacketsSent
|
Packets Sent |
Packets |
Number of packets sent from the Oracle end of the connection. |
|
BytesSent
|
Bytes Sent |
Bytes |
Number of bytes sent from the Oracle end of the connection. |
|
PacketsError
|
Packets with Errors |
Packets |
Number of packets dropped at the Oracle end of the connection. Dropped packets indicate a misconfiguration in some part of the overall system. Check if there's been a change to the configuration of your VCN, Site-to-Site VPN, or your CPE. |
Using the Console
- Open the navigation menu and select Networking. Under Customer connectivity, select Site-to-Site VPN.
- Click the IPSec connection to view its details.
- Click the tunnel you're interested in to view its details and default metrics charts.
For more information about monitoring metrics and using alarms, see Overview of Monitoring. For information about notifications for alarms, see Overview of Notifications.
- Open the navigation menu and select Observability & Management. Under Monitoring, select Service Metrics.
- For Compartment, select the compartment that contains the IPSec connection you're interested in.
-
For Metric namespace, select oci_vpn.
The Service Metrics page dynamically updates the page to show charts for each metric that is emitted by the selected metric namespace.
Each IPSec tunnel is a single line in a given chart. The tunnel is identified in the chart by the public IP address of the Oracle end of the tunnel.
For more information about monitoring metrics and using alarms, see Overview of Monitoring. For information about notifications for alarms, see Overview of Notifications.
Using the API
For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.
- Monitoring API for metrics and alarms
- Notifications API for notifications (used with alarms)