Run Connectivity Tests

You can run Connectivity Tests directly from Flow Analyzer to validate the connectivity between two endpoints. You can also run these tests to understand the path between two resources. When you run Connectivity Tests, note that the tests uses the existing configuration. So, if you run the tests two weeks after the actual log event, Connectivity Tests does not use the historical configuration.

While running a test, the following attributes are used in the test definition:

  • Source IP
  • Source Project
  • Source Network (for internal IP addresses)
  • Destination IP (for internal IP addresses)
  • Destination Project (for internal IP addresses)
  • Destination Network (for internal IP addresses)
  • Destination Port
  • Protocol

If these parameters are not available in the traffic information, the Connectivity Test fails. For example, if you group traffic in Flow Analyzer only by Source VPC and Destination VPC, this information is not sufficient to run Connectivity Tests.

Connectivity Tests can fail due to the following reasons:

  • If the resources shown in VPC Flow Logs no longer exist.
  • If the test is executed from server to client and traffic in that direction (other than return traffic) cannot be initiated.

During the Flow Analyzer Public Preview, Connectivity Tests executed from Flow Analyzer are not billed.

Before you begin

  1. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  2. Enable the Network Management API.

  3. Make sure the user role has the following permissions: compute.networks.list

    Because the tests are run through internal API, the results are ephemeral and users are not billed for running the tests. The results are not stored and are not accessible after closing the results panel.

Run Connectivity Tests

To run Connectivity Tests from Flow Analyzer, do the following:

Console

  1. In the Google Cloud console, go to the Flow Analyzer page.

    Go to Flow Analyzer

  2. Optional: Select a log bucket.

  3. Select the timeline for which you'd want to run the query.

  4. In the Traffic menu, select one of the following options:

    • Source - Destination: Aggregate the traffic from the source to the destination.
    • Client - Server: Aggregate the traffic in both directions by considering the resources with lower port numbers and service definitions as servers.

  5. In the source and destination or client and server fields, select a field from the menu.

  6. Enter the value you'd like to use to filter. Add one or more filter expressions to filter the traffic flows that match all the selected key-value pairs.

  7. Organize flow by properties. Select a field to organize the flow details.

  8. Click Run new query.

  9. In the All data flows table, click the ellipsis next to Show details.

  10. Click Run Connectivity Tests.

What's next