Monitor AWS Direct Connect and Site-to-Site VPN Network Performance

Jean-François Lévesque
Jean-François Lévesque Aug. 7, 2019

Monitor AWS Direct Connect and Site-to-Site VPN Network Performance

AWS Customers can use the AWS Direct Connect service to connect their on-premise infrastructure with their infrastructure hosted in AWS Cloud. With AWS Direct Connect, customers can privately communicate with their EC2 instances and other services located in private VPC Subnets. This can also be done with AWS Site-to-Site VPN but without the benefit of the cost reduction and enhanced network performance that AWS Direct Connect can offer.

Today, we will explain why and how to monitor the network performance of AWS Direct Connect between on-premise infrastructure up to the AWS Cloud. You can follow the exact same steps to do it with the AWS Site-to-Site VPN configuration.

Why configure network performance monitoring?

You probably already have some kind of monitoring system that probes your devices and alerts you if the device is down or if the CPU is too high. That's a good thing and you must keep it. However, what happens if your provider has some kind of issues such as a congestion that causes packet drops? The sooner you know, the faster you will start working on fixing the issue, therefore reducing the time it affects your customers or end-users. Without a good performance monitoring system, you just keep having intermitent issues you don't really understand and can't measure. Measuring things is the first step to make them better. Learn more on the differences between Fault Monitoring and Performance Monitoring.

Monitoring Setup

As with every Obkio monitoring setup, you need to deploy some agents. If you are not familiar with our Agents, you can find more details at The Agent - Introduce a key player to your team.

Since we want to monitor the network performance between AWS Cloud and the on-premise infrastructure, we will deploy two agents:

  • AWS Cloud Agent: We recommend the Software (Linux) agent that can be installed on your favorite Linux distribution, including Amazon Linux and Amazon Linux 2.
  • On-Premise Agent: If you have Linux servers, the Software (Linux) version is perfect. If you have an Hyper-V or VMware environment, the Virtual Appliance is ideal. Otherwise, we have hardware agents that are very easy to deploy.

Once the agents are installed, two configurations are required in the App:

  1. The agents must be in the same Network. When two agents are in the same Network, they will communicate using private IPs instead of Public IPs.
  2. A Network Monitoring Template must be configured to create the network performance monitoring session.

End-to-end Network Performance Monitoring Results

That's it! It's as simple as that. Now, the agents will send packets to each other every 500ms to measure network performance metrics such as latency, jitter, packet loss and VoIP quality. Outages can be detected within 5 seconds and network degradation within a minute. It is also possible to go back in time and see the exact network performance for every minute of the previous week. Traceroutes are also executed periodically in both directions to identify hop-by-hop issues and to keep track of the historial latency between hops. With all these features, it will be much easier to identify and troubleshoot network performance issues.

This monitoring setup also allows you to schedule speedtests between the agents to test the available throughput on the connection between the on-premise infrastructure and the AWS Cloud.

Expand this monitoring setup

Now that you have the monitoring setup in place, it is very easy to install more agents in branch offices, datacenters and other clouds providers to monitor network performance. There are also Public Agents available to monitor performance to your favorite service provider on the Internet.