Network Intelligence Center pricing
This page describes pricing for all Network Intelligence Center modules.
Connectivity Tests pricing details
Charges for Connectivity Tests are based on the number of tests that are run during the month.
Connectivity Tests run per month | Price per test |
---|---|
Up to 20 tests | Free |
Over 20 tests | $0.15 |
Pricing example
The following table shows an example usage pattern where you run 100 Connectivity Tests in a single month.
Resources | Usage | Estimated cost for this billing period |
---|---|---|
Connectivity Tests | 100 tests - 20 free tests = 80 tests | Total bill is 80 tests * $0.15 per test = $12.00 |
Network Topology and Performance Dashboard pricing details
Charges for Network Topology and Performance Dashboard are based on the number of resource-hours for the resource types in the following table.
Unit | Price |
---|---|
Total Compute Engine virtual machine (VM) instance resource-hours per month | $0.0011 per resource-hour |
Add-on: Total VM instance resource-hours per month for the traffic between Internet and Google Cloud | $0.0008 per resource-hour |
- The base unit covers Network Topology visualization and Performance Dashboard monitoring within Google Cloud performance metrics including packet loss and latency.
- The add-on unit covers Performance Dashboard monitoring for Internet to Google Cloud performance metrics (latency). These metrics can also be overlaid on the topology. The pricing for add-ons such as Internet to Google Cloud traffic will be calculated in addition to the base units.
The price is the same for all machine types. All running instances that are in enabled projects are charged.
Pricing example
The following table shows an example that assumes that you are running 100 VM instances all day in a single month (730 hours), without including the Internet to Google Cloud metrics.
Resources | Usage | Estimated cost for this billing period |
---|---|---|
100 VMs | 730 hours | Total bill is $0.0011 * 100 * 730 = $80.30 |
100 VMs with the Internet to Google Cloud traffic add-on enabled | 730 hours | Bill for VM instance resource hours: Bill for Internet to Google Cloud add-on: Total bill: $80.30 + $58.40 = $138.70 |
Network Analyzer pricing details
Charges for Network Analyzer are based on the number of resource-hours for the resource types in the following table.
Unit | Price |
---|---|
Total Compute Engine virtual machine (VM) instance or GKE node resource-hours per month | $0.0011 per resource-hour |
The price is the same for all machine types. All running instances that are in enabled projects are charged.
Pricing example
The following table shows an example that assumes that you are running 100 VM instances all day in a single month (730 hours).
Resources | Usage | Estimated cost for this billing period |
---|---|---|
100 VMs | 730 hours | Total bill is $0.0011 * 100 * 730 = $80.30 |
Firewall Insights pricing details
Firewall Insights uses three pricing models, one for each of the following:
- Configuration analysis
- Analysis of overly permissive rules (overgranting analysis)
- Other logs-based analysis
The following sections describe these pricing models.
Configuration analysis
Firewall Insights uses configuration analysis to identify shadowed firewall rules. A shadowed firewall rule is one that might never be used because its attributes are overlapped by those of an equal-priority (or higher-priority) rule. Charges for configuration analysis are based on the number of firewall rules that you have, as described in the following table.
Feature | Pricing |
---|---|
Initial evaluation | $1 for each rule that exists in your project when the feature is enabled. |
Each subsequent evaluation | $0.10 per rule for each rule being evaluated. Subsequent evaluations occur on a per-network basis, only on days that you make a change to your firewall rule configuration (by adding, deleting, or modifying a firewall rule). |
Example
Suppose you have a project with two VPC networks, each containing 100 firewall rules, for a total of 200. You turn on shadowed rule detection for the project.
The charge for the initial evaluation is $1 per rule, so you pay a one-time charge of $1 * 200 rules, or $200.
The next day, you add a new firewall rule to one of your networks. Because you have changed your firewall rule configuration, Firewall Insights evaluates that network's configuration again. This time, you are charged $0.10 for each rule in the network. The charge would be $0.10 * 101 rules, or $10.10.
For the next month, you don't make any changes to your firewall rules, so you aren't changed anything during that time.
After that, on a single day, you modify two firewall rules in the same network where you previously added a rule. Because you made these changes on the same day, they trigger only one new evaluation. Because that network still has only 101 rules, the charge is again $10.10.Analysis of overly permissive rules (overgranting analysis)
Billing for analysis of overly permissive rules is based on the number of firewall log entries that are processed for insight generation.
Overly permissive rules include the following:
Allow
rules with no hitsAllow
rules with unused attributesAllow
rules with overly permissive IP address and port ranges
You are billed monthly for each million log entries that are processed.
To use log-based rule analysis, you must also have Firewall Rules Logging enabled. For details about Firewall Rules Logging charges, see the Network Telemetry pricing documentation.
Tier | Monthly rate per million log entries |
---|---|
1-10,000 million | $0.20 |
10,001-50,000 million | $0.10 |
More than 50,000 million | $0.05 |
The following examples illustrate how this pricing model is applied. These examples do not include charges for Firewall Rules Logging.
Example 1
Suppose that during one month you have 997 million log entries. Because you have between 1 and 10,000 million entries, you would be charged $0.20 per million log entries, as described in the following table.
Million log entries | Rate | Price |
---|---|---|
997 | $0.20 | $199.40 |
Example 2
Suppose that during one month you have 141,719 million log entries. In this case, you would be charged at all three rates, as described in the following table.
Million log entries | Rate | Price |
---|---|---|
First 10,000 | $0.20 | $2,000 |
Next 40,000 | $0.10 | $4,000 |
All log entries over 50,000 million (in this case, 91,719) | $0.05 | $4,585.95 |
Total | $10,585.95 |
Other logs-based analysis
In addition to overly permissive rule insights, the following features use logs-based analysis:
- All Firewall Insights metrics
- The
deny
rules with hits insight
To use these features, you must have Firewall Rules Logging enabled. For details about Firewall Rules Logging charges, see the Network Telemetry pricing documentation.
The following table describes Firewall Insights pricing for these features.
Feature | Pricing |
---|---|
firewall_hit_count metric |
Free |
firewall_last_used_timestamp metric |
Free |
Deny rules with hits |
Free |
What's next
- Read the Firewall Insights documentation.
- Try the Pricing calculator.