Network Analyzer overview

Stay organized with collections Save and categorize content based on your preferences.

Network Analyzer automatically monitors your VPC network configurations and detects misconfigurations and suboptimal configurations. It provides insights on network topology, firewall rules, routes, configuration dependencies, and connectivity to services and applications. It identifies network failures, provides root cause information, and suggests possible resolutions.

Network Analyzer runs continuously and triggers relevant analyses based on near real-time configuration updates in your network. If a network failure is detected, it tries to correlate the failure with recent configuration changes to identify root causes. Wherever possible, it provides recommendations to suggest details on how to fix the issues.

Network insights

Network insights are the analysis results from Network Analyzer. An insight can include one of the following outcomes from an analysis:

  • A network failure, such as service connectivity blockage by configuration issues.
  • A suboptimal configuration, such as reserved but unassigned IP addresses, or dynamic routes overlapping with static or subnet routes.
  • A preventive warning, such as IP utilization above 75 percent for a subnet range.
  • A summary of status, such as the list of reserved but unallocated IP addresses distributed by region or service projects.

Insight groups

Insights are grouped under the following categories:

  • VPC network: VPC network basic setup, including VPC Network Peering, Shared VPC, IP addresses, and static routes.
  • Network Services: Load Balancing, Cloud DNS, Cloud NAT, Private Service Connect, and other network services insights.
  • Hybrid Connectivity: Connectivity between Google Cloud and on-premises networks, including Cloud VPN, Cloud Router, Interconnect, Network Connectivity Center, and dynamic routes.
  • Kubernetes Engine: Insights related to GKE are grouped in this category.
  • Managed Services: Google managed services such as Cloud SQL, Cloud Function, and BigQuery.

Analysis schedule

Network Analyzer generates insights whenever relevant configuration changes are made, as well as periodically. Analyses are triggered approximately ten minutes after a related configuration change is made. Periodic analyses are performed at least once daily.

Analyses are batched to handle frequent configuration updates.

Insight attributes

Each insight has key attributes that help you to understand and take corrective actions.


Specifies the criticality of the insight depending on the severity of the issue.

  • Critical: Include service-impacting issues with large scope impact (such as all the VMs, global, or multi-regions).
  • High: Include service impacting issues, but may not be of a large scope.
  • Medium: Include issues that have service impact or prevent proper service usage.
  • Low: Include warnings of predictive failure in the future (such as utilization) or for optimization (such as recommendations to reduce cost and improve redundancy).

Resource name

Provides information about the resource where the issue is found.

Resource type

The type of the resource according to Google Cloud API resource definitions.


The ID of the project to which the resource belongs.

Insight type

  • Info: Provides information about the resources.
  • Warning: Indicates a warning condition, which could be service degradation or lack of redundancy.
  • Error: Indicates an error condition where service usability or performance is already impacted.

Network insight

Provides a single-line description of the issue type being reported.

First report time

Specifies the time when an issue is detected for the first time. If the issue persists, any later analysis (triggered by the system automatically) reports the same issue again with this latest analysis time as the last run time.


Indicates whether the insight is active, fixed (no longer being reported), or a user has dismissed the insight.

  • Active: The insight exists at the time of the query.
  • Fixed: The insight was reported before but was resolved at the time of the query.
  • Dismissed: The insight has been dismissed by a user.

Insight details

Provides more detailed information of the finding, and includes related configuration changes where applicable.

Shared VPC insights

For Shared VPC cases, there are two scenarios:

  • Host project: Network Analyzer provides relevant information for VPC networks in the host project, such as IP address utilization insights that display the IP address allocation percentage of subnets. For such insights, the information from service projects is automatically aggregated to derive the insight information. In the IP address utilization insights, the VMs and load balancers in the service projects are included in the calculation of IP address allocation.
  • Service project: Services and applications running in service projects have their analyses done in service projects. Example insights include: load balancer insights, GKE insights, and Cloud SQL insights. If these services use the host project VPC network, the analysis automatically includes the host VPC network information such as firewall rules and routes.

Multiple projects

To view multiple projects in Network Analyzer, configure a metrics scope and add monitored projects to it.

When you add projects to a metrics scope, then this metrics scope lets you monitor the data for the scoping project and the monitored projects. From this metrics scope, you can access the combined metrics of the scoping project and the monitored projects. For more information, see Viewing metrics for multiple projects.

To make use of an existing metrics scope and monitor multiple Google Cloud projects in a single view, select the scoping project using the Google Cloud console project picker or the Change Scope button. You can also select a single monitoring project using these options.