Run Connectivity Tests

You can run Connectivity Tests directly from Flow Analyzer to validate the connectivity between two endpoints. You can also run these tests to understand the path between two resources. When you run Connectivity Tests, note that the tests uses the existing configuration. So, if you run the tests two weeks after the actual log event, Connectivity Tests does not use the historical configuration.

While running a test, the following attributes are used in the test definition:

  • Source IP
  • Source Project
  • Source Network (for internal IP addresses)
  • Destination IP (for internal IP addresses)
  • Destination Project (for internal IP addresses)
  • Destination Network (for internal IP addresses)
  • Destination Port
  • Protocol

If these parameters are not available in the traffic information, the Connectivity Test fails. For example, if you group traffic in Flow Analyzer only by Source VPC and Destination VPC, this information is not sufficient to run Connectivity Tests.

Connectivity Tests can fail due to the following reasons:

  • If the resources shown in VPC Flow Logs no longer exist.
  • If the test is executed from server to client and traffic in that direction (other than return traffic) cannot be initiated.

Before you begin

  1. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  2. Enable the Network Management API.

  3. Make sure the user role has the following permissions: compute.networks.list

    Because the tests are run through internal API, the results are ephemeral and users are not billed for running the tests. The results are not stored and are not accessible after closing the results panel.

Run Connectivity Tests

To run Connectivity Tests from Flow Analyzer, do the following:

Console

  1. In the Google Cloud console, go to the Flow Analyzer page.

    Go to Flow Analyzer

  2. Select a log bucket. By default, flow logs are stored in the _Default log bucket and accessible in the _Default log view.

  3. Select the time range for which you want to run the query.

  4. In the Traffic menu, select one of the following options:

    • Source - Destination: Aggregate the traffic from the source to the destination.
    • Client - Server: Aggregate the traffic in both directions by considering the resources with lower port numbers and service definitions as servers.

  5. Optional: In the Filter lists, select one or more filters.

  6. Organize the query results by using the Organize flows by lists. The following fields are required:

    • Source IP address
    • Source VPC network or VPC network project ID
    • Destination IP address

  7. Click Run new query.

  8. In the All data flows table, click Run for any flow.

What's next