How Amazon CloudWatch Network Monitor works - Amazon CloudWatch

How Amazon CloudWatch Network Monitor works

Network Monitor is fully managed by AWS, and doesn't require agents on monitored resources. When you create a monitor for AWS hosted resources, AWS creates and manages all the infrastructure in the background to perform round-trip time and packet loss measurements. Because AWS manages the required configurations, you can scale your monitoring rapidly, without needing to install or uninstall agents within your AWS infrastructure.

Network Monitor focuses monitoring on the routes taken by flows from your AWS hosted resources instead of broadly monitoring all flows from your AWS Region. If your workloads spread across multiple Availability Zones, Network Monitor can monitor routes from each of your private subnets.

Network Monitor publishes round-trip time and packet loss metrics to your Amazon CloudWatch account, based on the aggregation interval that you set when you create a monitor. You can also use CloudWatch to set individual latency and packet loss thresholds for each monitor. For example, you might create an alarm for a packet loss sensitive workload to notify you if the packet loss average is higher than a static 0.1% threshold. You can also use CloudWatch anomaly detection to alarm on packet loss or latency metrics that are outside your desired ranges.

Availability and performance measurements

Network Monitor sends periodic active probes from your AWS resource to your on-premises destinations. When you create a monitor, you specify the following:

  • Aggregation interval. The time, in seconds, that CloudWatch receives the measured results. This will be either every 30 or 60 seconds. The aggregation period you choose for the monitor applies to all probes in that monitor.

  • Probe protocol. One of the supported protocols, ICMP or TCP. For more information, see Supported communication protocols.

  • Packet size. The size, in bytes, of each packet transmitted between your AWS hosted resource and your destination on a single probe. You can specify a different packet size for each probe in a monitor.

The metrics that the monitor publishes are the following:

  • Round-trip time. This metric, measured in milliseconds, is a measure of performance. It records the time it takes for the probe to be transmitted to the destination IP address and for the associated response to be received.

  • Packet loss. This metric measures the percentage of total packets sent and records the number of transmitted probes that didn't receive an associated response. No response implies that the packets were lost along the network path.

Supported communication protocols

Network Monitor supports two protocols for probes: ICMP and TCP.

ICMP-based probes carry ICMP echo requests from your AWS hosted resources to the destination address and expect an ICMP echo reply in response. Network Monitor uses the information on the ICMP echo request and reply messages to calculate round-trip time and packet loss metrics.

TCP-based probes carry TCP SYN packets from your AWS hosted resources to the destination address and port and expect a TCP SYN+ACK or RST packet in response. Network Monitor uses the information on the TCP SYN and TCP SYN+ACK or RST messages to calculate round-trip time and packet loss metrics. Network Monitor periodically switches source TCP ports to increase network coverage, which increases the probability of detecting packet loss.

AWS Network Health Indicator

Network Monitor publishes a Network Health Indicator (NHI) metric that provides information on network performance and availability for destinations connected through AWS Direct Connect. NHI is a statistical measure of the health of the AWS controlled network path from the AWS hosted resource, where the monitor is deployed, to the Direct Connect location.

Network Monitor uses anomaly detection to calculate availability drops or lower performance along the network paths.


Each time that you create a new monitor, add a probe, or re-activate a probe, the NHI for the monitor is delayed by a few hours while AWS collects data to perform anomaly detection.

To provide the NHI metric, Network Monitor applies statistical correlation across AWS sample datasets, as well as to the packet loss and round-trip latency metrics for traffic simulating your network path. NHI can be one of two values: 1 or 0. A value of 1 indicates that Network Monitor observed a network degradation within the AWS controlled network path. A value of 0 indicates that Network Monitor did not observe any network degradation along the path. Observing the NHI value enables you to gain awareness of network issues more quickly. For example, you can set alerts on the NHI metric to be notified about ongoing issues along your network paths.

Support for IPv4 and IPv6 addresses

Network Monitor provides availability and performance metrics over IPv4 or IPv6 networks and can monitor either IPv4 or IPv6 addresses from dual-stack VPCs. Network Monitor doesn’t allow both IPv4 and IPv6 destinations to be configured in the same monitor; you can create separate monitors for IPv4-only and IPv6-only destinations.