How can I monitor packet loss and latency from AWS to an on-premises network over an internet gateway or NAT gateway?
The AWSSupport-SetupIPMonitoringFromVPC automation document continuously runs ping, MTR, traceroute, and tracetcp tests to any IPv4 or IPv6 target IP address. An Amazon Elastic Compute Cloud (Amazon EC2) instance created in a VPC subnet you specify runs the tests automatically. For more information, see Debugging tool for network connectivity from Amazon VPC.
The results of the tests are stored in Amazon CloudWatch logs. Metric filters are added to a CloudWatch dashboard, so you can review latency and packet loss metrics.
To configure the AWSSupport-SetupIPMonitoringFromVPC automation document:
- Open the AWS Systems Manager console.
- Choose the AWS Region that you want to monitor your on-premises targets from.
- Choose Documents from the left navigation pane.
- Search for AWSSupport-SetupIPMonitoringFromVPC.
- Choose the document title to view details.
- Choose Execute Automation, and then choose Simple execution.
- In the Input parameters view, enter the following:
SubnetId: Enter a VPC subnet ID to run the tests from. This is a required field.
TargetIPs: Enter a comma-separated list (no spaces) of IPv4 or IPv6 addresses that you want to monitor. This is a required field. The maximum size is 255 characters. If the IP address is invalid, the automation will fail and rollback the test setup.
- Choose Execute. It can take up to 15 minutes for the execution to complete.
Wait until the Execution status changes from Pending to Success. Then, expand Outputs and open the CloudWatch dashboard link in a new browser tab to view the test results.
You can now refer to the CloudWatch logs and see the test results. To view the output of individual steps, under Executed Steps, choose the Step ID. You can also view the CloudWatch dashboard to check the packet loss and the latency metrics.