OCI VCN monitoring
Virtual Cloud Network (VCN) is a customizable private network in Oracle Cloud Infrastructure (OCI). It lets you define IP ranges, subnets, route tables, security rules, and gateways to control how resources communicate within OCI and with external networks.
Overview
As OCI environments grow, network configurations become more complex. Issues like misconfigured routes, restrictive security rules, or unhealthy network interfaces can lead to application downtime or connectivity failures. Native tools often require switching between multiple views and services to isolate the problem.
Site24x7’s OCI VCN monitoring brings all VCN-related components into a single view. It helps you track network health, configuration changes, and availability across regions and availability domains. This makes it easier to detect issues early, understand network dependencies, and troubleshoot faster.
This integration provides you with the following monitors:
- OCI VCN: Monitors the overall health and configuration of each VCN. It tracks CIDR blocks, DNS settings, life cycle state, and configuration changes to help you ensure the VCN is set up as intended.
- OCI VCN Subnet: Monitors subnets within a VCN. It provides visibility into CIDR usage, availability state, and subnet-level configuration so you can identify IP exhaustion risks or misconfigured subnets.
- OCI VCN Region: Gives a region-level view of VCN resources. It helps you understand how network components are distributed across a region and spot region-wide network issues.
- OCI VCN Availability Domain: Tracks VCN-related resources within each availability domain. This helps you compare network health across availability domains and detect localized connectivity issues.
- OCI VCN Security List: Monitors ingress and egress rules defined in security lists. It tracks rule changes and configuration status so you can quickly identify overly restrictive or risky rules affecting traffic flow.
- OCI VCN Network Security Group: Provides visibility into network security groups and their associated rules. It helps you monitor fine grained security policies applied to specific resources and detect unintended rule changes.
- OCI VCN Route Table: Monitors route tables and their rules. It helps you validate traffic paths to gateways, service endpoints, or on-premises networks and quickly spot routing misconfigurations.
- OCI Virtual Network Interface Card (VNIC): Monitors VNICs attached to compute instances. It tracks attachment status, private and public IP details, and life cycle state to help identify connectivity issues at the instance level.
Only VNICs associated with OCI Compute instances are discovered and monitored. Service-managed VNICs created by OCI services are currently not included in this integration.
Benefits of Site24x7’s OCI VCN integration
You can leverage the following benefits with Site24x7's OCI VCN integration:
- Centralized visibility into all VCN components from a single dashboard, helping you manage cloud networking with more clarity and less effort.
- Faster troubleshooting by correlating issues across subnets, routes, and security rules.
- Early detection of configuration changes that can impact connectivity.
- Better control over network security with continuous monitoring of security lists and network security groups.
- Improved planning by tracking subnet usage and network distribution across regions and availability domains.
Use cases
Here's how integrating OCI VCN with Site24x7 can change the game for IT teams:
- A team running a production application on OCI notices intermittent connectivity issues between application tiers. With Site24x7’s OCI VCN monitoring, they quickly identify that a recent update to a network security group introduced a restrictive ingress rule. By spotting the change early, they restore traffic flow before users are widely impacted.
- A cloud operations team is scaling workloads across multiple availability domains for high availability. Using VCN Availability Domain and Subnet monitors, they compare network configurations across domains and ensure consistent routing and security policies. This helps the team avoid deployment issues caused by uneven network setups.
- For organizations managing hybrid connectivity, VCN Route Table monitoring helps validate routes to on-premises networks. When a route rule is accidentally removed, Site24x7 highlights the change, allowing the team to fix it before it leads to a prolonged outage.
Setup and configuration
To get started with OCI VCN monitoring, complete the following setup steps:
- Site24x7 uses cross-tenancy access to monitor your resources using Site24x7's tenancy user. Log in to your Site24x7 account and create a specific policy to allow Site24x7 to view your resources without affecting your security.
- On the Integrate OCI Monitor page, select OCI VCN from the Services to be discovered list.
Permissions
Ensure that Site24x7 receives the following permission to monitor the OCI VCN:
- virtual-network-family
Polling frequency
Site24x7 queries OCI service-level APIs according to the set polling frequency (from once a minute to once a day) to collect metrics from an OCI VCN monitor.
Supported metrics
VCN, VCN Subnet, and VCN Region
The supported metrics for VCN, VCN Subnet, and VCN Region monitors are provided below.
Network metrics listed below are aggregated from Compute VNIC metrics. They do not represent overall network transfer at the VCN or subnet level. Only VNICs attached to OCI Compute instances are considered. Metrics from service-managed VNICs created by OCI services are not fetched.
| Metric name | Description | Statistics | Unit |
|---|---|---|---|
| Total Receive Volume | Total bytes received by all VNICs in the VCN/Subnet. | Sum | Bytes |
| Total Transmit Volume | Total bytes transmitted by all VNICs in the VCN/Subnet. | Sum | Bytes |
| Total Packets | Total packets transferred (sum of inbound and outbound). | Sum | Count |
| Inbound Traffic | Inbound traffic rate. | Average | Bps |
| Outbound Traffic | Outbound traffic rate. | Average | Bps |
| Total Traffic | Total traffic rate (sum of inbound and outbound). | Average | Bps |
| Total Drop Packets | Total packets dropped in the VCN/Subnet. | Sum | Count |
| Drop Rate | Percentage of packets dropped. | Average | Percentage |
| Total Network Interfaces | Total number of network interfaces (VNICs) in the VCN/Subnet. | N/A | Count |
| Private IP Utilization | Percentage of private IP addresses utilized in the subnet. | Average | Percentage |
VCN Security List
| Metric name | Description | Statistics | Unit |
|---|---|---|---|
| Number of Ingress Rules | Number of ingress (inbound) security rules in the list. | N/A | Count |
| Number of Egress Rules | Number of egress (outbound) security rules in the list. | N/A | Count |
VCN Network Security Group
| Metric name | Description | Statistics | Unit |
|---|---|---|---|
| Number of Ingress Rules | Number of ingress (inbound) security rules in the network security group. | N/A | Count |
| Number of Egress Rules | Number of egress (outbound) security rules in the network security group. | N/A | Count |
VCN Route Table
| Metric name | Description | Statistics | Unit |
|---|---|---|---|
| Number of Route Rules | Number of route rules configured in the route table. | NA | Count |
VNIC
| Metric name | Description | Statistics | Unit |
|---|---|---|---|
| Bytes From Network | Bytes received from the network by the VNIC. | Sum | Bytes |
| Bytes To Network | Bytes transmitted to the network by the VNIC. | Sum | Bytes |
| Packets From Network | Packets received from the network by the VNIC. | Sum | Count |
| Packets To Network | Packets transmitted to the network by the VNIC. | Sum | Count |
| Egress Drops - Security List | Egress packets dropped due to security list rules. | Sum | Count |
| Ingress Drops - Security List | Ingress packets dropped due to security list rules. | Sum | Count |
| Egress Drops - Throttle | Egress packets dropped due to bandwidth throttling. | Sum | Count |
| Ingress Drops - Throttle | Ingress packets dropped due to bandwidth throttling. | Sum | Count |
| Egress Drops - Conntrack Full | Egress packets dropped due to full connection tracking table. | Sum | Count |
| Ingress Drops - Conntrack Full | Ingress packets dropped due to full connection tracking table. | Sum | Count |
| Connection Tracking Utilization | Percentage utilization of the connection tracking table. | Average | Percentage |
| Connection Tracking Is Full | Indicates if connection tracking table is full (1/0). | NA | Boolean |
| SmartNIC Buffer Drops From Network | Packets dropped from network due to SmartNIC buffer overflow. | Sum | Count |
| SmartNIC Buffer Drops From Host | Packets dropped from host due to SmartNIC buffer overflow. | Sum | Count |
| Total Bytes | Total bytes transferred (sum of inbound and outbound). | Sum | Bytes |
| Total Packets | Total packets transferred (sum of inbound and outbound). | Sum | Count |
| Total Drops | Total packets dropped (sum of all drop types). | Sum | Count |
| Drop Rate | Percentage of packets lost during transmission. | Average | Percentage |
Threshold Configuration
To configure thresholds for a VCN monitor:
- Log in to your Site24x7 account and navigate to Admin > Configuration Profiles > Threshold and Availability.
- Click Add Threshold Profile.
- Select the applicable monitor type from the Monitor Type drop-down menu. The applicable monitor types are VCN, VCN Subnet, VCN Region, VCN Availability Domain, VCN Security List, VCN Network Security Group, VCN Route Table, and VNIC. The supported metrics are displayed in the Threshold Configuration section. You can set threshold values for all the metrics mentioned above.
- Click Save.
Licensing
- Each VCN monitor utilizes one basic monitor license.
- For VNIC monitor, five monitors utilize one basic monitor license.
- VCN Subnet, VCN Region, VCN Availability Domain, VCN Security List, VCN Network Security Group, and VCN Route Table are free monitors.
Viewing OCI VCN data
To monitor your VCN environment, log in to your Site24x7 account and navigate to Cloud > OCI > OCI VCN.
Monitor data
VCN
Summary
The Summary tab gives a consolidated view of all VCN resources across regions, including VCNs, subnets, and network interfaces. It also shows the events timeline and a visual breakdown to help you quickly understand the overall network distribution and health.
Regions
The Regions tab lists all VCN Region monitors along with their configured traffic metrics. Click a monitor name to drill down into detailed OCI Region monitor data.
Availability Domains
The Availability Domains tab lists all VCN Availability Domain monitors along with their configured traffic metrics. Click a monitor name to drill down into detailed OCI Availability Domain monitor data.
VCNs
The VCNs tab lists all VCN monitors along with their configured traffic metrics. Click a monitor name to drill down into detailed OCI VCN monitor data.
Subnets
The Subnets tab lists all Subnet monitors along with their configured traffic metrics. Click a monitor name to drill down into detailed OCI Subnet monitor data.
VNICS
The VNICS tab lists all VNIC monitors along with their configured traffic metrics. Click a monitor name to drill down into detailed OCI VNIC monitor data.
NAT Gateways
The NAT Gateways tab displays the NAT Gateway monitor availability details and the list of NAT Gateway monitors. Click any monitor name hyperlink to view the NAT Gateway monitor data.
Route Tables
The Route Tables tab lists all route table monitors associated with the VCN and shows their current status and the number of configured route rules. Click a monitor name to drill down into detailed OCI Route Table monitor data.
Security Lists
The Security Lists tab displays all security list monitors associated with the VCN along with the count of ingress and egress rules. Click a monitor name to drill down into detailed OCI Security Lists monitor data.
VCN Regions
Summary
The Summary tab provides an overview of the selected OCI region, showing availability, recent events, and the count of VCNs, subnets, and network interfaces.
VCNs
The VCNs tab lists all VCN monitors along with their configured traffic metrics. Click a monitor name to drill down into detailed OCI VCN monitor data.
Subnets
The Subnets tab lists all Subnet monitors along with their configured traffic metrics. Click a monitor name to drill down into detailed OCI Subnet monitor data.
VNICS
The VNICS tab lists all VNIC monitors along with their configured traffic metrics. Click a monitor name to drill down into detailed OCI VNIC monitor data.
Outages
The Outages tab provides details on an outage's Start Time, End Time, Duration, and Comments, if any.
Notes
The Notes tab provides details like Regional VCN ID, Region, Monitor Licensing Category, and much more. The Threshold and Availability Profile and the Notification Profile can be set according to the user and viewed in this tab.
Log Report
The Log Report tab provides a consolidated report of the VCN Regions monitor's log status, which can be downloaded as a CSV file.
Alert Logs
The Alert Logs tab displays a chronological list of all triggered alerts related to the VCN Regions monitor. This tab helps you trace alert history and severity to assess issues and validate threshold settings.
VCN Availability Domain
Summary
The Summary tab shows the availability and key details of the VCN within the selected availability domain. It highlights the number of subnets and network interfaces, helping you understand the network footprint at the availability domain level.
Subnets
The Subnets tab lists all Subnet monitors along with their configured traffic metrics. Click a monitor name to drill down into detailed OCI Subnet monitor data.
VNICS
The VNICS tab lists all VNIC monitors along with their configured traffic metrics. Click a monitor name to drill down into detailed OCI VNIC monitor data.
Outages
The Outages tab provides details on an outage's Start Time, End Time, Duration, and Comments, if any.
Notes
The Notes tab provides details like Availability Domain Name, Region, Monitor Licensing Category, and much more. The Threshold and Availability Profile and the Notification Profile can be set according to the user and viewed in this tab.
Log Report
The Log Report tab provides a consolidated report of the VCN Availability Domain monitor's log status, which can be downloaded as a CSV file.
Alert Logs
The Alert Logs tab displays a chronological list of all triggered alerts related to the VCN Availability Domain monitor. This tab helps you trace alert history and severity to assess issues and validate threshold settings.
VCN Subnet
Summary
The Summary tab provides an overview of the selected subnet, showing its availability, network interface count, and private IP utilization. It helps you quickly assess subnet health and IP usage trends.
Configuration
The Configuration tab displays the configuration details of the VCN Subnet monitor such as Region, Availability Domain, and State.
Route Tables
The Route Tables tab lists all route table monitors associated with the VCN and shows their current status and the number of configured route rules. Click a monitor name to drill down into detailed OCI Route Table monitor data.
Security Lists
The Security Lists tab displays all security list monitors associated with the VCN along with the count of ingress and egress rules. Click a monitor name to drill down into detailed OCI Security Lists monitor data.
VNICS
The VNICS tab lists all VNIC monitors along with their configured traffic metrics. Click a monitor name to drill down into detailed OCI VNIC monitor data.
Outages
The Outages tab provides details on an outage's Start Time, End Time, Duration, and Comments, if any.
Notes
The Notes tab provides details like Subnet ID, Region, Monitor Licensing Category, and much more. The Threshold and Availability Profile and the Notification Profile can be set according to the user and viewed in this tab.
Log Report
The Log Report tab provides a consolidated report of the VCN Subnet monitor's log status, which can be downloaded as a CSV file.
Alert Logs
The Alert Logs tab displays a chronological list of all triggered alerts related to the VCN Subnet monitor. This tab helps you trace alert history and severity to assess issues and validate threshold settings.
VNICs
Summary
The Summary tab displays the availability and key network metrics of the selected VNIC, including traffic, packet flow, and dropped packets.
Configuration
The Configuration tab displays the configuration details of the VNIC monitor such as Region, State, and Availability Domain.
Network Security Groups
The Network Security Groups tab displays all Network Security Groups monitors associated with the VCN. Click a monitor name to drill down into detailed Network Security Groups monitor data.
Outages
The Outages tab provides details on an outage's Start Time, End Time, Duration, and Comments, if any.
Notes
The Notes tab provides details like VNIC ID, Region, Monitor Licensing Category, and much more. The Threshold and Availability Profile and the Notification Profile can be set according to the user and viewed in this tab.
Log Report
The Log Report tab provides a consolidated report of the VNIC monitor's log status, which can be downloaded as a CSV file.
Alert Logs
The Alert Logs tab displays a chronological list of all triggered alerts related to the VNIC monitor. This tab helps you trace alert history and severity to assess issues and validate threshold settings.
VCN Route Table
Summary
The Summary tab provides a quick view of the route table’s availability and recent events. It also shows the number of route rules over time, helping you track routing changes that could impact network traffic.
Configuration
The Configuration tab displays the configuration details of the VCN Route Table monitor such as Region, State, and VCN ID.
Route Rules
The Route Rules tab lists all routing rules configured for the VCN route table. It shows how traffic is directed to gateways, OCI services, or on premises networks based on destination CIDR or service CIDR.
Outages
The Outages tab provides details on an outage's Start Time, End Time, Duration, and Comments, if any.
Notes
The Notes tab provides details like Route Table ID, Region, Monitor Licensing Category, and much more. The Threshold and Availability Profile and the Notification Profile can be set according to the user and viewed in this tab.
Log Report
The Log Report tab provides a consolidated report of the VCN Route Table monitor's log status, which can be downloaded as a CSV file.
Alert Logs
The Alert Logs tab displays a chronological list of all triggered alerts related to the VCN Route Table monitor. This tab helps you trace alert history and severity to assess issues and validate threshold settings.
VCN Security List
Summary
The Summary tab shows the availability of the security list along with trends for ingress and egress rule counts.
Ingress Rules
The Ingress Rules tab lists all inbound security rules defined in the security list. It shows allowed source ranges, protocols, and port rules to help you review and validate incoming traffic permissions.
Egress Rules
The Egress Rules tab displays all outbound security rules configured for the security list. It helps you understand which destinations, protocols, and ports are allowed for outbound traffic from the VCN.
Outages
The Outages tab provides details on an outage's Start Time, End Time, Duration, and Comments, if any.
Notes
The Notes tab provides details like Security List ID, Region, Monitor Licensing Category, and much more. The Threshold and Availability Profile and the Notification Profile can be set according to the user and viewed in this tab.
Log Report
The Log Report tab provides a consolidated report of the VCN Security List monitor's log status, which can be downloaded as a CSV file.
Alert Logs
The Alert Logs tab displays a chronological list of all triggered alerts related to the VCN Security List monitor. This tab helps you trace alert history and severity to assess issues and validate threshold settings.
VCN Network Security Group
Summary
The Summary tab provides a quick view of the VCN Network Security Group monitor’s availability and recent events. It also shows the count of ingress and egress rules, helping you track security rule changes that may affect traffic access.
Configuration
The Configuration tab displays the configuration details of the VCN Network Security Group monitor such as Region, State, and VCN ID.
Ingress Rules
The Ingress Rules tab lists all inbound security rules defined in the security list. It shows allowed source ranges, protocols, and port rules to help you review and validate incoming traffic permissions.
Egress Rules
The Egress Rules tab displays all outbound security rules configured for the security list. It helps you understand which destinations, protocols, and ports are allowed for outbound traffic from the VCN.
Outages
The Outages tab provides details on an outage's Start Time, End Time, Duration, and Comments, if any.
Notes
The Notes tab provides details like Network Security Group ID, Region, Monitor Licensing Category, and much more. The Threshold and Availability Profile and the Notification Profile can be set according to the user and viewed in this tab.
Log Report
The Log Report tab provides a consolidated report of the VCN Network Security Group monitor's log status, which can be downloaded as a CSV file.
Alert Logs
The Alert Logs tab displays a chronological list of all triggered alerts related to the VCN Network Security Group monitor. This tab helps you trace alert history and severity to assess issues and validate threshold settings.
Related topics