Oracle Cloud Infrastructure Documentation

VNIC Metrics

You can monitor the health, capacity, and performance of your Networking service VNICs by using metrics, alarms, and notifications.

This topic describes the metrics emitted by the metric namespace oci_vcn (the Networking service).

Resources: virtual network interface cards (VNICs).

Overview of Metrics for an Instance and Its Network Devices

If you're not already familiar with the different types of metrics available for an instance and its storage and network devices, see Compute Metrics.

Overview of Metrics: oci_vcn

Each Compute instance has one or more Networking service VNICs. A VNIC connects the instance to a subnet in a virtual cloud network (VCN). A given VNIC controls how the instance communicates with endpoints inside the VCN (other instances) and endpoints outside the VCN (hosts on the internet, in your on-premises network, in another VCN, and so on).

With the Networking service metrics (in metric namespace oci_vcn), you can get this information for a VNIC:

  • Traffic to and from the network: Per-VNIC traffic levels (packets and bytes), which can help you identify meaningful increases or decreases in traffic coming in and out of your instances
  • Packets dropped due to security list violations: Per-VNIC drops (dropped packets), which can help you identify changes in traffic caused by security list changes

The following diagram illustrates the general concept. A given instance resides in a subnet within a VCN that has one or more gateways to communicate with other networks. The instance is enlarged to show its VNIC, which the instance uses to communicate with the network. In this context, the term network means both the other instances in the VCN and hosts outside the VCN available through the gateways.

The VNIC receives traffic from the network and sends traffic to the network. The Networking service drops packets according to security list rules you set up for the instance's subnet. Traffic coming to the VNIC from the network is measured after the Networking service drops the packets that violate the subnet's security list rules. Traffic leaving the VNIC is measured before the Networking service drops the packets that violate the subnet's security list rules.

This image shows instances in a VCN, and a single instance enlarged with the VNIC and traffic following in and out.

The Compute service separately reports network-related metrics as measured on the instance itself and aggregated across all the attached VNICs. Those metrics are available in the oci_computeagent metric namespace. For more information, see Compute Metrics.

Required IAM Policy

When writing an IAM policy for viewing VNIC metrics, it's important to remember that:

  • The VNIC and the VNIC's metrics (emitted by the oci_vcn metric namespace) reside in the subnet's compartment, and not the instance's compartment.
  • The VNIC attachment (which is an object different from the VNIC itself) resides in the instance's compartment.

If the instance and subnet are in the same compartment, these details aren't so important when you write the IAM policy.

Minimum required policy for getting VNIC metrics
Policy for viewing a VNIC's details and metrics in the Console

Available Metrics: oci_vcn

The metrics listed in the following table are automatically available for any VNIC on any instance you create. You do not need to enable monitoring on the instance to get these metrics for the VNIC or VNICs on the instance.

You also can use the Monitoring service to create custom queries.

Each metric includes the following dimension: 

resourceId
The An Oracle-assigned unique ID called an Oracle Cloud Identifier (OCID). This ID is included as part of the resource's information in both the Console and API. of the VNIC.
Metric Metric Display Name Unit Description Dimensions

VnicEgressDropsSecurityList

Egress Packets Dropped by Security List

packets

Packets sent by the VNIC, destined for the network, dropped due to security rule violations.

resourceId

VnicIngressDropsSecurityList

Ingress Packets Dropped by Security List

packets

Packets received from the network, destined for the VNIC, dropped due to security rule violations.

VnicFromNetworkBytes*

Bytes from Network

bytes

Bytes received at the VNIC from the network, after drops.

VnicFromNetworkPackets*

Packets from Network

packets

Packets received at the VNIC from the network, after drops.

VnicToNetworkBytes*

Bytes to Network

bytes

Bytes sent from the VNIC to the network, before drops.

VnicToNetworkPackets*

Packets to Network

packets

Packets sent from the VNIC to the network, before drops.

* The Compute service separately reports network-related metrics as measured on the instance itself and aggregated across all the attached VNICs. Those metrics are available in the oci_computeagent metric namespace. For more information, see Compute Metrics.

Using the Console

To view default metric charts for a single VNIC
To view default metric charts for multiple VNICs

Using the API

For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.

Use the following APIs for monitoring: