Network Telemetry

In-depth network telemetry to keep your services secure.

VPC Flow Logs

Network Telemetry: VPC Flow Logs

Identify traffic and access patterns that may impose security or operational risks to your organization in near real time. Network Telemetry provides both network and security operations with in-depth, responsive VPC Flow Logs for Google Cloud Platform networking services.

Firewall Logging

Firewall Logging

VPC Firewall Logs allows users to log firewall access and deny events with the same responsiveness of VPC Flow Logs.

Monitoring At Peak Performance

Monitoring at peak performance

VPC Flow Logs allow you to monitor your deployments with no impact to your system performance. With our unique implementation, enabling VPC Flow Logs provides you in-depth visibility with no performance overhead.

Rich Annotation Support

Rich annotation support

With VPC Flow Logs, you can log flows based on a rich set of annotations, such as geolocation, BGP (Border Gateway Protocol) AS (Autonomous System) Numbers, project, network or subnetwork names, regions or zones, all the way down to VM instance names. This enables you to choose the granularity that is right for your deployment.

Exporting Logs

Exporting logs

VPC Flow Logs is very flexible and supports exporting of logs to many of our partner products. You can either choose to use Stackdriver to ingest your logs and analyze them, or you could choose to export them to your existing partner of choice.

Network Telemetry features

Traffic coverage

Monitor network traffic to and from Compute Engine VMs, including internal VPC traffic, flows leaving the VPC network through Cloud VPN or Cloud Interconnect, flows from an endpoint on the internet to the Compute Engine VMs, and flows between Compute Engine VMs and Google services in production.

No performance impact

VPC Flow Logs is natively built in the networking stack of the VPC network infrastructure. There is no extra delay and no performance penalty to route the original IP packets to the destination.

Annotations

Annotates network and subnetwork name, region and zone (if within the VPC), VM instance name, and Geo annotations such as continent, country, region, and city.

Protocols

You will be able to monitor the network flows for TCP and UDP.

Metrics

Supports metrics such as number of packets, number of bytes, and RTT (Round Trip Time) for TCP flows.

Flow definition parameters

Define flows based on 5-tuple: source and destination IP addresses, ports, and the IANA protocol number.

Filters

Selectively export flow logs to logging storage/APIs, using the filters.

Partners

Network Telemetry supports exporting of logs to supported Partners.

Network Telemetry pricing

For Google Cloud Platform pricing, visit our pricing page.

VPC network logs, including VPC flow logs and firewall logs, generation charges (TIERED)
Firewall logs are free during Beta. Charges on firewall logs will not take effect until General Availability.

VPC Flow Log and Firewall Log generation (TIERED)
0–10 TB / month $0.50 / GB
10–30 TB / month $0.25 / GB
30–50 TB / month $0.10 / GB
>50 TB / month $0.05 / GB

Resources

Explore tutorials, launch quickstarts, and reviews.

VPC Flow Logs — network transparency in near real-time

Google Cloud

Get started

Learn and build

New to GCP? Get started with any GCP product for free with a $300 credit.

Need more help?

Our experts will help you build the right solution or find the right partner for your needs.