All Products
Search

This Product

    VPN Gateway:Query and analyze the data transfer information of a VPN gateway based on ENI flow logs

    Document Center

    VPN Gateway:Query and analyze the data transfer information of a VPN gateway based on ENI flow logs

    Last Updated:Jul 05, 2024

    When you establish network connections by using a VPN gateway in dual-tunnel mode, the system creates elastic network interfaces (ENIs) in the vSwitches of the virtual private cloud (VPC) that is associated with the VPN gateway. The ENIs enable data transfer between the VPN gateway and the VPC. You can use the flow log feature of VPC to record the information about data transfer over the ENIs. Then, you can query and analyze the flow logs of the ENIs to know more about the data transfer information of the VPN gateway. For example, you can query and analyze the flow logs of the ENIs to find out the servers that communicate with each other by using the VPN gateway, servers that access resources in the VPC, and Elastic Compute Service (ECS) instances that consume the top amount of traffic.

    Example

    This topic describes how to use the flow log feature of VPC to record the information about data transfer over the ENIs of a VPN gateway and how to query and analyze the flow logs of the ENIs to know more about the data transfer information of the VPN gateway.

    As shown in the following figure, two VPCs are connected by using an IPsec-VPN connection. A flow log is created for each ENI of VPN Gateway 1 and records the data transfer information of VPN Gateway 1.

    Note

    For more information about how to connect two VPCs by using an IPsec-VPN connection, see Enable communication between two VPCs by using an IPsec-VPN connection in dual-tunnel mode.

    image

    Step 1: View the ENI information of a VPN gateway

    After you establish network connections by using a VPN gateway in dual-tunnel mode, you can view the information about the ENIs created by the system on the details page of the VPN gateway.

    1. Log on to the VPN gateway console.

    2. In the top navigation bar, select the region in which the VPN gateway resides.

    3. On the VPN Gateways page, find the VPN gateway that you want to manage and click its ID.

    4. In the Basic Information section of the VPN gateway details page, view the IDs and names of the ENIs that are created by the system.ENI

      Note

      If only the IPsec-VPN or SSL-VPN feature is enabled for the VPN gateway, the system creates two ENIs in the vSwitches of the VPC. If both the IPsec-VPN and SSL-VPN features are enabled for the VPN gateway, the system creates four ENIs in the vSwitches of the VPC.

      In this example, only the IPsec-VPN feature is enabled for the VPN gateway.

    Step 2: Create a flow log

    Before you create a flow log, make sure that Simple Log Service is activated.

    Create a flow log for each ENI of VPN Gateway 1. After a flow log is created for an ENI, the flow log feature is enabled by default and automatically starts to record the information about data transfer over the ENI. For more information about the fields in a flow log, see the Feature description section of the "Overview of flow logs" topic.

    1. Log on to the VPC console.

    2. In the left-side navigation pane, choose O&M and Monitoring > Flow Log.

    3. If you use the flow log feature for the first time, click Activate Now to enable the flow log feature.

      Note

      If you have created flow logs, the flow logs are displayed after you click Activate Now.

    4. In the top navigation bar, select the region in which the VPN gateway resides.

    5. On the Flow Log page, click Create a flow log.

    6. In the Create a flow log dialog box, configure the parameters that are described in the following table and click OK.

      The following table describes only the parameters that are strongly related to this topic. You can use the default values for other parameters or leave them empty. For more information, see the Create a flow log section of the "Create and manage a flow log" topic.

      Parameter

      Description

      Resource Type

      The type of the resource that you want to log.

      In this example, ENI is selected.

      Resource Instance

      The ENI of the VPN gateway.

      Data Transfer Type

      The type of the traffic that you want to log. Valid values:

      • All Traffic: captures information about all traffic of the specified resource.

      • Allowed Traffic: captures information about traffic that is allowed by the security group rules and network access control list (ACL) rules of the specified resource.

      • Denied Traffic: captures information about traffic that is denied by the security group rules and network ACL rules of the specified resource.

      In this example, All Traffic is selected. You can select a traffic type based on your business requirements.

      Project

      The Simple Log Service project that is used to manage the flow log. Valid values:

      • Select Project: selects an existing project to manage the flow log.

      • Create Project: creates a project to manage the flow log.

      In this example, Create Project is selected.

      Logstore

      The Simple Log Service Logstore that is used to store the flow log. Valid values:

      • Select Logstore: selects an existing Logstore from the existing project to store the flow log.

      • Create Logstore: creates a Logstore to store the flow log.

      In this example, Create Logstore is selected. In this example, all ENI flow logs of VPN Gateway 1 are delivered to the same Logstore to facilitate subsequent log query and analysis.

      Enable Log Analysis Report

      Specifies whether to enable indexing and create a dashboard for the Logstore. If you enable the log analysis report feature, you can consume the log data by using SQL queries and analyze the log data on the dashboard.

      Simple Log Service dashboards are free of charge. However, you are charged for the indexing feature of Simple Log Service based on data usage. For more information, see Billable items of pay-by-feature.

      In this example, the log analysis report feature is enabled. This feature helps you query and analyze the flow log.

      Sampling Interval (Minutes)

      The time interval at which traffic information is captured for the flow log.

      In this example, the interval is set to 1 minute.

    Step 3: Query and analyze the flow log

    The traffic information recorded by the flow log feature is automatically delivered to Simple Log Service in the form of a flow log. You can go to the Simple Log Service console to query and analyze the ENI flow logs of a VPN gateway.

    1. Log on to the VPC console.

    2. In the left-side navigation pane, choose O&M and Monitoring > Flow Log.

    3. In the top navigation bar, select the region in which the flow log is created.

    4. On the Flow Log page, find the flow log that you want to manage and click the name of the Logstore in the Simple Log Service column. You are navigated to the Simple Log Service console.

      logstore

    5. On the Logstore details page, you can query and analyze the ENI flow log to know more about the data transfer information of VPN Gateway 1.

      In this example, data is queried from the flow log of each ENI of VPN Gateway 1. You can also query the flow log based on your business requirements.

      • Scenario

        In this example, the information about servers connected over each ENI of VPN Gateway 1 and the number of bytes transmitted by each pair of the source and destination servers are queried.

      • Query statements

        * | select "eni-id",srcaddr,dstaddr,direction,sum(bytes) as byte from log GROUP BY
"eni-id",srcaddr,dstaddr,direction ORDER BY "eni-id" DESC limit 10

      • Procedure

        2024-05-31_10-57-18-CN

        Step

        Description

        1

        Select the time range in which you want to query the flow log.

        2

        Enter SQL statements.

        3

        Click Search & Analyze.

        4

        On the General Configurations tab, use the default values for all the configurations.

        You can use a custom statistical chart to display data based on your business requirements. For more information, see Overview of charts (Pro).

        5

        In the Preview Chart section, you can view, filter, or sort the query results. Then, you can view the data transfer information of the VPN gateway based on the query results. For example:

        • VPN Gateway 1 uses an NEI named eni-7xv1sg8m****39 to transfer data.

        • ECS Instance 2 in VPC 1 does not communicate with other ECS instances within the previous 15 minutes.

        • ECS Instance 1 and ECS Instance 4 communicate with each other within the previous 15 minutes and occupy a large amount of bandwidth.

        Note

        Directions of data transfer:

        in: data transfer from the VPC to the ENI.

        out: data transfer from the ENI to the VPC.

        6

        Optional. In this example, the query scenario is added to a dashboard. This way, you can view the query results at any time.

        Click Add to New Dashboard and configure the following parameters in the dialog box that appears:

        • Operation: the type of the operation. Create Dashboard is used in this example.

        • Layout Mode: the layout mode of the dashboard. Grid Layout is used in this example.

        • Dashboard Name: the name of the dashboard. In this example, VPN Gateway 1 is used as the dashboard name.

        For more information, see Dashboard.

    References

    For more information about how to query and analyze logs, see Query and analyze logs in index mode.