You can monitor the health, capacity, and performance of your Site-to-Site VPN by using metrics, alarms, and notifications. For more information, see Monitoring and Notifications.
This topic describes the metrics emitted by the metric namespace oci_vpn.
Resources: IPSec connections.
Overview of Metrics: oci_vpn
The available metrics help you determine quickly if your Site-to-Site VPN is up, how much data is flowing over the
connection, and if packets are being dropped for unexpected errors.
Site-to-Site VPN includes these resources:
An IPSec connection, which you can think of as the parent resource (identified by parentResourceId in the following discussion).
One or more individual tunnels associated with that IPSec connection (each identified by the tunnel's publicIp in the following discussion).
Required IAM Policy
To monitor resources, you must be granted the required type of access in a policy written by an administrator, whether you're using the Console or the REST API with an SDK, CLI, or other tool. The policy must give you access to both the monitoring services and the resources being monitored. If you try to perform an action and get a message that you don't have permission or are unauthorized, contact the administrator to find out what type of access you were granted and which compartment you need to work in. For more information about user authorizations for monitoring, see IAM Policies.
Available Metrics: oci_vpn 🔗
The metrics listed in the following table are automatically available for any Site-to-Site VPN that you create. You do not need to enable
monitoring on the resource to get these metrics.
You also can use the Monitoring service to create custom queries. See Building Metric Queries.
Each metric includes the following dimensions:
PARENTRESOURCEID
The OCID of the IPSec connection (the parent resource). The connection has multiple individual tunnels.
PUBLICIP
Although each tunnel has its own OCID , it can be easier to use the publicIp dimension to identify a specific IPSec tunnel in the connection. The value is the public IP address of the Oracle end of the tunnel (also known as the Oracle VPN headend).
Metric
Metric Display Name
Unit
Description
Dimensions
TunnelState
IPSec Tunnel State
Binary (1 or 0)
Whether the tunnel is up (1) or down (0).
parentResourceId
publicIp
PacketsReceived
Packets Received
Packets
Number of packets received at the Oracle end of the connection.
BytesReceived
Bytes Received
Bytes
Number of bytes received at the Oracle end of the connection.
PacketsSent
Packets Sent
Packets
Number of packets sent from the Oracle end of the connection.
BytesSent
Bytes Sent
Bytes
Number of bytes sent from the Oracle end of the connection.
PacketsError
Packets with Errors
Packets
Number of packets dropped at the Oracle end of the connection. Dropped
packets indicate a misconfiguration in some part of the overall
system. Check if there's been a change to the configuration of your
VCN, Site-to-Site VPN, or your CPE.