Agentless Monitoring of AWS VPC Traffic with AppResponse Cloud
We are in a time where companies already accept the importance of cloud-driven transformation, but gaining insights across cloud services, applications and infrastructure is still a challenge. There are cloud visibility solutions that are based on agents, which duplicate packets and send network traffic to the monitoring application. These agents are sometimes hard to deploy and manage and often degrade performance. But with Riverbed AppResponse Cloud and the AWS VPC Traffic Mirroring feature, users can now gain insight and access to network traffic in a cloud-native way without using these packet-forwarding agents.
In this article, I am going to cover how you can configure AWS VPC mirror sessions with AppResponse Cloud.
AWS VPC Traffic Mirroring Concepts
With the traffic mirroring feature, you can copy network traffic from an attached ENI in an EC2 instance and send traffic to monitoring appliances. There are four key elements of traffic mirroring:
- Source: A network resource in a particular VPC. In our case, it will be an ENI, whose traffic we want to monitor.
- Target: The destination for mirrored traffic. It can be an ENI or network load balancer.
- Filter: A set of rules that define the traffic that is copied in a traffic mirror session.
- Sessions: An entity that describes traffic mirroring from a source to a target using filters.
I will use the AWS Console for the mirror session configuration. For my test setup, I have AppResponse with a valid license and a test instance whose traffic I want to monitor. Please follow the steps below:
Step 1. Create AWS VPC Traffic Mirror Target
Choose the network interface target type and select ENI of AppResponse instance. Click create.
Step 2. Create AWS VPC Traffic Mirror Filter
You can create filters for your traffic in this step. I have created filters for traffic on ports 22, 80, and 443. You can also monitor all traffic.
Step 3. Create AWS VPC Traffic Mirror Session
In this step, I will create a mirror session with a mirror source as an ENI of test instance. You may notice that the mirror target and mirror filter have values that we created in previous steps. After feeding the required data, click create.
Step 4. Verify Traffic in AppResponse
I ran HTTP traffic in my test setup. As I have a filter for HTTP traffic, I should see that traffic in AppResponse. There are two ways to verify traffic in AppResponse.
- Insights at Home Screen: Click on home screen and you should see similar insights as shown in the image below. You can check in the applications tab to verify that the traffic is HTTP, and in the server IPs tab, that the server is an EC2 instance.
- Navigator->Apps Stats: Navigate to the navigator->apps section, where you can monitor traffic stats similar to the image below.
Summary
Today, customers have to install and manage third-party agents to monitor network traffic in their VPC. These agents impose additional operational and performance costs. In this article, I have provided the steps to configuring the AWS VPC traffic mirroring feature with AppResponse, showing you how it’s possible to monitor traffic without these agents.
Leave a Reply