Network Topology overview

Network Topology is a visualization tool that shows the topology of your Virtual Private Cloud (VPC) networks and their associated metrics. It combines configuration information with real-time operational data in a single view. This view makes it easier to understand networking relationships between various workloads on Google Cloud and their current state, such as the traffic paths and throughput between virtual machine (VM) instances.

Network Topology lays out information in a graph format, where the nodes and lines represent entities and connections in your network.

How it works

Network Topology collects real-time telemetry and configuration data from Google's infrastructure to visualize your resources. It captures elements such as configuration information, metrics, and logs to infer relationships between resources in a project or in multiple projects. After collecting each element, Network Topology combines them to generate a graph that represents your deployment.

Benefits

Using Network Topology provides the following benefits:

  • You can quickly view the topology of your deployments. No additional configurations or agents are required to use Network Topology.

  • You can use Network Topology graphs to understand your Google Cloud infrastructure. You don't need to view multiple logs or use third-party tools.

  • You can use Network Topology to help you analyze the performance of your network. You can drill down and view various metrics that can help you identify unexpected patterns.

  • You can use filters to help you quickly highlight and focus on specific resources, especially when you need to quickly diagnose and troubleshoot issues.

Considerations

Network Topology captures six weeks of history.

Network Topology visualizes entities and connections only if they have communicated (sent or received traffic) during the selected time period. A connection between entities exists if base entities in their respective hierarchies are in communication. For example, Network Topology connects regions us-east4 and europe-west1 if at least one VM instance in each region communicates with the other. Although other resources might exist, Network Topology doesn't show them if they didn't receive or send traffic.

For more information, see Data collection and freshness.

Resources and traffic

A Network Topology graph shows your resources and traffic as entities and connections. Network Topology aggregates related resources into hierarchical entities, where each resource type has its own hierarchy. The following sections describe the resources (entities) and traffic paths (connections) that Network Topology can graph.

Entities

A base entity is the lowest level of a particular hierarchy and represents a resource that can directly communicate with other resources over a network, such as a VM instance.

When you have multiple networks and a large number of base entities, displaying everything in a flat view can be overwhelming. To address this issue, Network Topology aggregates base entities into hierarchical entities that you can expand or collapse. When you first view a Network Topology graph, it aggregates all of the base entities into their top-level hierarchy.

For example, Network Topology aggregates VM instances into their instance group, then aggregates instance groups into a Google Cloud zone, and so on.

Network Topology represents a base or hierarchical entity as a circular node in a graph. Each base entity possesses its own hierarchy. For example, load balancers have a different hierarchy than VM instances.

The following table shows the base entities and their aggregation hierarchies. In a graph, Network Topology represents each base entity by using an icon shown in the table.

Base entity Icon Description Aggregation hierarchy
(top to bottom)
VM instance Icon for VM instance. A Compute Engine VM instance region >
network >
subnet >
zone >
instance group >
instance
  • External External HTTP(S) load balancer
  • External network load balancer
  • TCP proxy load balancer
  • SSL proxy load balancer
Icon for load balancer. The base entity for external load balancer components, such as the forwarding rule and backend service. external load balancing >
load balancer
Internal load balancer Icon for load balancer. The base entity for internal load balancer components, such as the forwarding rule and backend service. internal load balancing >
load balancer
Cloud NAT gateway Icon for NAT gateway. A NAT gateway region >
network >
NATs >
NAT gateway
Network peering Icon for peer networks. A VPC peering endpoint that is shown when you don't have permissions to view the peer network. If you do, Network Topology shows the resources of the peer network. peer networks >
network
Country Icon for countries where external clients are located. Network Topology shows the country where external clients are located. These clients are outside of Google Cloud. They are typically hosts that communicate with resources in your network over external IP addresses. business region1 >
country2

1A business region can be one of the following entities: Americas for North and South America, APAC for Asia and Oceania, and EMEA for Europe, the Middle East, and Africa.
2Google uses the external IP addresses to categorize the origin of the external client. However, the IP address might not indicate the actual location of the client. For example, if you deliver content through Cloud CDN, the IP address observed by Network Topology might not be the actual address of the external client.

Connections

Network Topology represents traffic between entities as lines, such as traffic between VM instances. Network Topology connects entities if at least one side of the connection is sending traffic.

Network Topology shows connections at various levels of a hierarchy as long as their base entities are in communication. For example, Network Topology shows a connection between two regions if at least one VM instance in each region is communicating with the other.

Network Topology supports only TCP traffic for certain traffic paths. The following list describes the paths that Network Topology visualizes between entities:

  • Traffic in a VPC network such as traffic between VM instances and internal load balancers that are in the same network.
  • Traffic across peered VPC networks such as traffic between VM instances and internal load balancers that are in peer VPC networks.
  • Traffic between Google Cloud and the internet such as traffic between clients on the internet and entities (for example, VM instances or external HTTP(S) load balancers that have external IP addresses).

Network Topology doesn't show, for example, traffic to or from Cloud VPN gateways, Cloud Interconnect connections, and Google-managed services like Cloud Storage.

IP address considerations

For traffic between VM instances in Google Cloud that communicate using external IP addresses, Network Topology does not display a single connection directly between the VMs. Instead, Network Topology displays the traffic as if it were to and from an external location by using two connections: one connection between the first VM and the country of the second VM, and another connection between the second VM and the country of the first VM.

Network interface considerations

Network Topology only visualizes traffic to or from the first network interface (nic0) of a VM.

For VMs that use internal IP addresses to communicate, Network Topology only displays a connection if both VMs are communicating by using their first network interface (nic0-to-nic0).

For VMs that use external IP addresses to communicate, Network Topology normally displays two connections as described in IP address considerations. However, if only one of the VMs is using nic0, Network Topology only displays a connection for that VM. For example, if one VM is communicating through nic0 and the other VM is communicating through nic1, Network Topology only displays a connection between the nic0 VM and a country.

Multiple projects

Network Topology visualizes resources in your project or for a Cloud Monitoring Workspace, which can include one or more Google Cloud projects. When you add multiple projects to a Workspace, Network Topology can show network traffic that crosses multiple projects.

For example, assume that you have two VM instances in two different projects. vm-a is in project-a, and vm-b is in project-b. Both VM instances communicate with each other and are in a Shared VPC network. If you only have visibility into project-b, Network Topology shows vm-b but nothing to indicate that it communicated with vm-a. However, if you create a Workspace that includes both projects, Network Topology shows vm-a, vm-b, and their communication.

A Cloud Monitoring Workspace is especially useful for Shared VPC and VPC Network Peering scenarios, where resources or networks can be in different projects. For information about creating a Workspace, see Managing Workspaces in the Cloud Monitoring documentation.

Project aggregation

When you view multiple projects in a Network Topology graph, you can aggregate Google Cloud entities by project and then by their standard hierarchies. This option enables you to view resources by project. Entities outside of Google Cloud, such as external clients, aren't included in project aggregation.

As an example, if you aggregate by project and then expand a project, the graph shows a region entity for each region that contains a VM instance. If you don't use project aggregation, the graph shows all of the entities as if they were in the same project. To enable project aggregation, see Aggregating projects.

Data collection and freshness

Network Topology captures six weeks of history.

The Network Topology history is divided into hourly segments, which start at the beginning of an hour. For each hourly segment, the graph shows base entities and their communication that occurred during that hour. For example, if two instances communicated with each other and then were destroyed during the hour, they would appear for that hour even though they no longer exist.

The visualization of entities and their connections includes overlaid metrics on the connections where applicable. Network Topology also displays separate time series charts that show metrics such as the traffic throughput between communicating entities or the CPU utilization of VM instances. The time series charts do not have the same hourly constraints as the visualized entities, connections, and overlaid metrics.

For more information about viewing metrics, see Using Network Topology.

Present segment

When you view the present time, the Network Topology graph shows an hourly segment from the previous hour. Each time that you load a graph, Network Topology shows the latest available segment.

For more details about each component and its data during the present segment, see the following table.

For this component Data comes from this time period And is available at this time Example
Entities and connections The previous hour Immediately after each hour1 If the current time is 01:19 PM, the graph visualizes entities that communicated from 12:00 AM to 01:00 PM, but the graph can change. At 01:20 PM the graph is fixed and won't change.
Overlaid metric values Last 5 minutes of the previous hour2 As entities and connections become available If the current time is 10:37 AM and the currently selected metric is Traffic, the overlaid values are an average from 09:55 AM to 10:00 AM.
Time series charts Real-time, with historical data from a timeframe that you specify. The default timeframe shows minute-by-minute metric values from the past hour. The available timeframes range from 1 hour to 6 weeks3. At most 7 minutes after an activity If the current time is 10:37 AM and you open the time series charts for a VM, you see minute-by-minute metric values for the hour from 09:37 AM to 10:37 AM.

1The graph can change up to 20 minutes after the end of an hour.
2The traffic and packet loss metrics use the average of the last 5 minutes, while latency uses the median.
3The aggregation interval, or how often the data is sampled, depends on the timeframe. For example, the 1 hour timeframe has an aggregation interval of 1 minute, while the 1 day timeframe has an aggregation interval of 5 minutes.

Past segments

For details about each component and its data when viewing past segments, see the following table.

For this component Data comes from this time period Example
Entities and connections An hour that you select from the past 11:00 AM to 12:00 PM from the previous day
Overlaid metric values Last 5 minutes of the selected hour1 If you select the segment that runs from 11:00 AM to 12:00 PM on the previous day and the currently selected metric is Traffic, the overlaid values are an average from 11:55 AM to 12:00 PM.
Time series charts Real-time, with historical data from a timeframe that you specify. The default timeframe shows minute-by-minute metric values from the past hour. The available timeframes range from 1 hour to 6 weeks2. If you set the timeframe of the time series chart to 1 day, the chart shows metric values from the current time to 24 hours ago using a 5-minute aggregation interval.

1The traffic and packet loss metrics use the average of the last 5 minutes, while latency uses the median.
2The aggregation interval, or how often the data is sampled, depends on the timeframe. For example, the 1 hour timeframe has an aggregation interval of 1 minute, while the 1 day timeframe has an aggregation interval of 5 minutes.

What's next