top of page
download.png

CloudMates Blog

AWS Direct connect virtual interface monitoring

AWS Direct connect is a service which allows you to private connectivity between AWS and your datacenter, office, or colocation environment using a dedicated network connection.While it can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections, it is also important that the connectivity is monitored consistently to ensure the benefits are consistent.You can monitor the physical connectivity using status i.e the port status from AWS side using the ConnectionState Cloudwatch metric .

However many times there will times when you would want to monitor more than just the physical connectivity by monitoring the status of the virtual interface which is the BGP based layer-3 connectivity on top of your direct connect .There can be more than 1 virtual interfaces configured on a physical direct connect connection which may be configured in same or difference account than the account owning the physical connection.While the account owning the physical connection may be able to monitor the status of DX using the ConnectionState metrics ,the account with the virtual interface may not have any clue about its status and it is a good add on to have custom monitoring in place for a virtual interface .

This solution is a AWS CloudFormation template which creates the following;

1) A lambda function which runs describe virtual-interfaces api call and picks up the BGP status of each of the VIF. Based on status value puts 0/1 on a custom metric in the namespace DirectConnectVif with the VIF name as dimension.

2)An Amazon CloudWatch metric plotting the status of the virtual interface every 1 minute.

3) CloudWatch event rule which triggers the lambda function every 1 minute to update the metric.

The CloudFormation template can be downloaded from here and the details of the code as as below ,you can modify it with a more restrictive IAM role for your Lambda function is required.

AWSTemplateFormatVersion: 2010-09-09
Description: >-
  This template creates a lambda function along with an IAM role for the Lambda to monitor the VIF BGP status by creating custom CW metrics.
Resources:
  LambdaFunctionIAMRole:
    Type: AWS::IAM::Role
    Properties: 
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement: 
          - 
            Effect: "Allow"
            Principal: 
              Service: 
                - "lambda.amazonaws.com"
            Action: 
              - "sts:AssumeRole"
      ManagedPolicyArns:
      - "arn:aws:iam::aws:policy/CloudWatchFullAccess"
      - "arn:aws:iam::aws:policy/AWSDirectConnectReadOnlyAccess"
      Path: "/"
  
  LambdaFunction:
    Type: "AWS::Lambda::Function"  
    Properties: 
      Code:
        ZipFile: !Sub |
          import boto3
          def lambda_handler(event, context):
            client = boto3.client('directconnect')
            responsedx = client.describe_virtual_interfaces()
            for v in responsedx['virtualInterfaces']:
              vifid = (v['virtualInterfaceId'])
              for bgppeer in v['bgpPeers']:
                ConnectionState = bgppeer['bgpStatus']
                if ConnectionState == "up":
                  statevalue = 1
                else:
                  statevalue = 0
              print ("VIF :",vifid,"state is :",statevalue)
              client2 = boto3.client('cloudwatch')
              responsecw = client2.put_metric_data(
              Namespace="DirectConnectVif",
              MetricData=[
                {
                    'MetricName' : "VirtualInterfaceState",
                    'Dimensions' : [
                        {
                            'Name' : "VirtualInterfaceId",
                            'Value' : vifid
                            },
                        ],
                      'Value' :  statevalue  
                            
                        }]
                    )
            return "VirtualInterfaceState successfully published"
      Description: "Lambda function to check DX vif BGP state and publish custom metric for the state"
      FunctionName: "DirectConnectVifMonitor"
      Handler: "index.lambda_handler"
      Role: !GetAtt LambdaFunctionIAMRole.Arn
      Runtime: "python3.6"
      Timeout: 10
  
  CloudWatchEventSchedulerRule:
    Type: AWS::Events::Rule
    Properties: 
      Description: "Cloudwatch Event Rule to trigger Direct Connect Monitoring Lambda every minute"
      Name: DXVifMonitorSchedule
      ScheduleExpression:  "rate(1 minute)"
      State: "ENABLED"
      Targets:
        - Arn: !GetAtt
            - LambdaFunction
            - Arn
          Id: LambdaDXMonitor
  
  PermissionsToCWEForLambda:  
    Type: AWS::Lambda::Permission
    Properties: 
      Action: 'lambda:InvokeFunction'
      FunctionName: !GetAtt 
        - LambdaFunction
        - Arn
      Principal: "events.amazonaws.com"
      SourceArn: !GetAtt
        - CloudWatchEventSchedulerRule
        - Arn 

In order to set this up, please go to services > CloudFormation and click on Create Stack button

Click on the option to upload template to S3 and browse the DirectConnectVirtualInterfaceMonitoring.yaml file. Click Next.

Give a logical stack name and click next

On the next page keep the settings as default and click next

On the Review page, tick the checkbox for “I acknowledge that AWS CloudFormation might create IAM resources” .This is for the IAM role which the CloudFormation template is going to create in your account.

Click Create.

If you select the CloudFormation stack, then you will be able to see the events and the overall status. Wait for this to change to CREATE COMPLETE. If typically takes around 2 minutes and you might want to refresh to see the updated status.

Once done, go to CloudWatch dashboard after a minute or so (Lambda is triggered every 1 minute).You will see a new custom Namespace under the metrics section (All metrics)

Click on the dimension and you will see the metrics for each of the virtual interfaces. Please give it a minute or two to start seeing those metrics here after the creation of CloudFormation template .

By clicking on graphed metrics tab, you can adjust the granularity of the metrics to 1 minute instead of default 5 minutes from the Period column. You can also create alarms for this metrics to send you a notification every time the metric value is less than 1 by clicking on the Bell icon next to the metric.

0 comments

Recent Posts

See All

Comments


bottom of page