How do I troubleshoot Amazon VPC network performance issues across AWS PrivateLink?

3 minute read

I want to troubleshoot Amazon Virtual Private Cloud (Amazon VPC) network performance issues when I access resources across AWS PrivateLink connections.

Resolution

Monitor PrivateLink metrics

To identify performance bottlenecks or issues with PrivateLink endpoints and endpoint services, monitor the following metrics in the Amazon CloudWatch console:

Check the endpoint PacketDropCount for rates greater than your baseline. High packet drop rates can indicate network congestion.
Track strong>BytesProcessed metric to determine if your traffic exceeds your bandwidth quota. PrivateLink endpoints support 10 Gbps and can automatically scale up to 100 Gbps per Availability Zone.
Review the endpoint and endpoint service ResetPacketsReceived. A high number of TCP reset packets received indicate issues with your application or network configuration.

Create CloudWatch alarms to notify you about high packet drops, bandwidth exceeded, or TCP reset packets.

For more information, see CloudWatch metrics for AWS PrivateLink.

Check for SSL/TLS issues

Verify that your applications and AWS PrivateLink connections use supported SSL/TLS protocols and ciphers. For a list of supported protocols and ciphers, see Infrastructure security in Amazon VPC.

Note: AWS requires TLS 1.2 or later for all connections to AWS endpoints.

Check your application logs or capture your network traffic for SSL/TLS errors. You can also use the tcpdump command to check for handshake failures and negotiation errors. For more information, see How do I troubleshoot network performance issues between EC2 Linux or Windows instances in a VPC and an on-premises host over the internet gateway?

Check your MTU settings

If you incorrectly configure your maximum transmission unit (MTU) settings, the settings can cause packet drops and degrade your network’s performance.

Make sure that you correctly configured the MTU size for the following resources:

Amazon Elastic Compute Cloud (Amazon EC2) instances
On-premises networking devices or servers
AWS Direct Connect or AWS Site-to-Site VPN connections in the AWS PrivateLink connection

Check for Availability Zone latency

Network latency exists between Availability Zones (AZs) in the same AWS Region. This latency can lead to high latency between resources in different AZs. To minimize latency, adjust your application architecture and ue resources in the same AZ.

Troubleshoot other network performance issues

To troubleshoot other network performance issues, take the following actions:

Verify that inefficient code or configurations in your applications don't introduce latency.
Check for network throttling or security group rules that limit network performance.
If you use a Network Load Balancer (NLB), then verify that your NLB doesn't exceed its performance quotas.

Topics: Networking & Content Delivery
Tags: Amazon VPC
Language: English

AWS OFFICIALUpdated 2 months ago

No comments

Relevant content

How do I confirm interface VPC endpoint usage?
Accepted Answer
cloudy2024
asked 5 years ago
Latency performances between VPC peering vs. PrivateLink
Accepted Answer
Yann
asked 2 years ago
Guidence on protecting privatelink endpoint service
rePost-User-6949150
asked 3 months ago
Use of AWS Network Firewall for East West Scanning when using AWS Privatelink
Accepted Answer
rePost-User
asked 2 years ago
What is AWS PrivateLink interface VPC endpoint?
meallhour
asked 2 years ago
How do I delete my Network Load Balancer that's associated with PrivateLink endpoint services?
AWS OFFICIALUpdated a year ago
How do I configure cross-Region Amazon VPC interface endpoints to access AWS PrivateLink resources?
AWS OFFICIALUpdated 3 days ago
How do I set up end-to-end HTTPS connectivity with AWS PrivateLink?
AWS OFFICIALUpdated a year ago
How do I troubleshoot connectivity issues when I use interface VPC endpoints to connect to my Amazon S3 bucket?
AWS OFFICIALUpdated 2 years ago
AWS PrivateLink: Enhancing Security and Connectivity with AWS PrivateLink
EXPERT
kranthi putti
published 8 months ago