Network Intelligence Center pricing
This page describes pricing for all Network Intelligence Center modules.
Important: The three Network Intelligence Center modules (Network Topology, Network Analyzer, and Performance Dashboard) are available to all users for 100% discount. The cost of these modules will be shown in your billing details, but you will not be charged for them. Any changes to the discount structure will be effective with a 90 days prior notice. The updates to the discount rates will appear in your billing information only after you choose to re-enable the modules.
Cloud Network Insights
Cloud Network Insights
Note: Cloud Network Insights is offered without usage fees for the duration of the Preview.
Cloud Network Insights uses a single license type: active path. Licenses are consumed by the specific web and network paths you choose to monitor.
- For each web path created in web monitoring,
- Targets can be URLs, FQDNs, or IP addresses
- For each network path created in network monitoring,
- For every web path you create, a corresponding network path is automatically generated at no additional cost
Licensing models
The following table outlines the different licensing model options based on monitoring frequency and scale. All models are billed monthly.
Licensing Model | Pay-as-you-go (Paygo) | Enterprise | Enterprise Unlimited |
|---|---|---|---|
Best For | Trials & intermittent monitoring | Continuous monitoring (< 4,000 paths) | Large scale deployments (> 4,000 paths) |
Rate | $0.10 per path / hour | $275 per path / year | $1.1M flat fee / year |
Billing | Monthly (usage-based) | Monthly subscription | Monthly subscription |
Flexibility | High (pay only for what you use) | Low (credit-based consumption; overages at Paygo rates) | Unlimited |
Note: Cloud Network Insights logs for alerts and events are written to Cloud Logging. You will be charged for these logs based on Cloud Logging pricing.
How Enterprise licensing works
The Enterprise model uses a monthly credit system, providing the flexibility to scale your monitoring up or down throughout the month without losing value.
- Credit allocation: At the start of the month, you receive credits based on your subscription
- 1 Path = 30 (days) * 24 (hours) credits.
- Hourly consumption: We measure active paths every hour and deduct that amount from your credit balance.
- Overage protection: If you exceed your monthly credit pool, additional monitoring is seamlessly covered at the standard Paygo rate.
Calculation example
If you subscribe to 100 active paths for a 30-day month:
100 { paths} * 30 { days} * 24 { hours} =72,000 { credits}
- Hour 1: Monitor 100 paths , 100 credits used (71,900 remaining).
- Hour 2: Burst to 1,000 paths, 1,000 credits used (70,900 remaining).
- Hour 3: Scale down to 10 paths, 10 credits used (70,890 remaining).
Note: This "burn-down" approach allows you to burst your monitoring during high-traffic events or troubleshooting windows using your pre-purchased capacity.
Total monthly paths | Paygo monthly cost | Enterprise monthly cost | Savings with Enterprise |
|---|---|---|---|
100 paths | $7,200 | $2,292 | ~68% |
500 paths | $36,000 | $11,458 | ~68% |
1,000 paths | $72,000 | $22,917 | ~68% |
4,000 paths | $288,000 | $91,667 | ~68% |
Calculations based on 720 hours per month. Enterprise monthly cost is $275/12 { months} *{path count}.
Understanding the thresholds
Choosing the right tier depends largely on your volume and whether your monitoring is persistent or bursty.
- The break-even point: If you monitor a path for more than ~230 hours per month (roughly 9.5 days), the Enterprise model becomes cheaper than Paygo.
- Once you exceed 4,000 paths, the Enterprise Unlimited flat fee of $1.1M per year ($91,666/month) becomes more economical than paying the per-path price of the standard Enterprise tier.
Connectivity Tests
Connectivity Tests
Charges for Connectivity Tests are based on the number of tests that are run during the month.
Price per test |
|---|
0 count to 21 count $0.00 (Free) / 1 count, per 1 month / account 21 count and above $0.15 / 1 count, per 1 month / account |
Pricing example
The following table shows an example usage pattern where you run 100 Connectivity Tests in a single month.
Resources | Usage | Estimated cost for this billing period |
|---|---|---|
Connectivity Tests | 100 tests - 20 free tests = 80 tests | Total bill is 80 tests * $0.15 per test = $12.00 |
Network Topology and Performance Dashboard
Network Topology and Performance Dashboard
Note: The Network Topology and Performance Dashboard modules are available to all users for 100% discount. The cost of these modules will be shown in your billing details, but you will not be charged for them. Any changes to the discount structure will be effective with a 90 days prior notice. The updates to the discount rates will appear in your billing information only after you choose to re-enable the modules.
Charges for Network Topology and Performance Dashboard are based on the number of resource-hours for the resource types in the following table.
Unit | Price |
|---|---|
Total Compute Engine virtual machine (VM) instance resource-hours per month | $0.0011 per resource-hour |
Add-on: Total VM instance resource-hours per month for the traffic between Internet and Google Cloud | $0.0008 per resource-hour |
- The base unit covers Network Topology visualization and Performance Dashboard monitoring within Google Cloud performance metrics including packet loss and latency.
- The add-on unit covers Performance Dashboard monitoring for Internet to Google Cloud performance metrics (latency). These metrics can also be overlaid on the topology. The pricing for add-ons such as Internet to Google Cloud traffic will be calculated in addition to the base units.
The price is the same for all machine types. All running instances that are in enabled projects are charged.
Pricing example
The following table shows an example that assumes that you are running 100 VM instances all day in a single month (730 hours), without including the Internet to Google Cloud metrics.
Resources | Usage | Estimated cost for this billing period |
|---|---|---|
100 VMs | 730 hours | Total bill is $0.0011 * 100 * 730 = $80.30 |
100 VMs with the Internet to Google Cloud traffic add-on enabled | 730 hours | Bill for VM instance resource hours: $0.0011 * 100 * 730 = $80.30 Bill for Internet to Google Cloud add-on: $0.0008 * 100 * 730 = $58.40 Total bill: $80.30 + $58.40 = $138.70 |
Network Analyzer
Network Analyzer
Note: The Network Analyzer module is available to all users for 100% discount. The cost of this module will be shown in your billing details, but you will not be charged for them. Any changes to the discount structure will be effective with a 90 days prior notice. The updates to the discount rates will appear in your billing information only after you choose to re-enable the modules.
Charges for Network Analyzer are based on the number of resource-hours for the resource types in the following table.
Unit | Price |
|---|---|
Total Compute Engine virtual machine (VM) instance or GKE node resource-hours per month | $0.0011 per resource-hour |
The price is the same for all machine types. All running instances that are in enabled projects are charged.
Pricing example
The following table shows an example that assumes that you are running 100 VM instances all day in a single month (730 hours).
Resources | Usage | Estimated cost for this billing period |
|---|---|---|
100 VMs | 730 hours | Total bill is $0.0011 * 100 * 730 = $80.30 |
Firewall Insights
Firewall Insights
Firewall Insights uses three pricing models, one for each of the following:
- Configuration analysis
- Analysis of overly permissive rules (overgranting analysis)
- Other logs-based analysis
The following sections describe these pricing models.
Configuration analysis
Firewall Insights uses configuration analysis to identify shadowed firewall rules. A shadowed firewall rule is one that might never be used because its attributes are overlapped by those of an equal-priority (or higher-priority) rule. Charges for configuration analysis are based on the number of firewall rules that you have, as described in the following table.
Feature | Pricing |
|---|---|
Initial evaluation | $1 for each rule that exists in your project when the feature is en |
Each subsequent evaluation | $0.10 per rule for each rule being evaluated. Subsequent evaluations occur on a per-network basis, only on days that you make a change to your firewall rule configuration (by adding, deleting, or modifying a firewall rule). |
Example
Suppose you have a project with two VPC networks, each containing 100 firewall rules, for a total of 200. You turn on shadowed rule detection for the project.
The charge for the initial evaluation is $1 per rule, so you pay a one-time charge of $1 * 200 rules, or $200.
The next day, you add a new firewall rule to one of your networks. Because you have changed your firewall rule configuration, Firewall Insights evaluates that network's configuration again. This time, you are charged $0.10 for each rule in the network. The charge would be $0.10 * 101 rules, or $10.10.
For the next month, you don't make any changes to your firewall rules, so you aren't changed anything during that time.
After that, on a single day, you modify two firewall rules in the same network where you previously added a rule. Because you made these changes on the same day, they trigger only one new evaluation. Because that network still has only 101 rules, the charge is again $10.10.
Analysis of overly permissive rules (overgranting analysis)
Billing for analysis of overly permissive rules is based on the number of firewall log entries that are processed for insight generation.
Overly permissive rules include the following:
- Allow rules with no hits
- Allow rules with unused attributes
- Allow rules with overly permissive IP address and port ranges
You are billed monthly for each million log entries that are processed.
To use log-based rule analysis, you must also have Firewall Rules Logging enabled. For details about Firewall Rules Logging charges, see the Network Telemetry pricing documentation.
Tier | Monthly rate per million log entries |
|---|---|
1-10,000 million | $0.20 |
10,001-50,000 million | $0.10 |
More than 50,000 million | $0.05 |
The following examples illustrate how this pricing model is applied. These examples do not include charges for Firewall Rules Logging.
Example 1
Suppose that during one month you have 997 million log entries. Because you have between 1 and 10,000 million entries, you would be charged $0.20 per million log entries, as described in the following table.
Million log entries | Rate | Price |
|---|---|---|
997 | $0.20 | $199.40 |
Example 2
Suppose that during one month you have 141,719 million log entries. In this case, you would be charged at all three rates, as described in the following table.
Million log entries | Rate | Price |
|---|---|---|
First 10,000 | $0.20 | $2,000 |
Next 40,000 | $0.10 | $4,000 |
All log entries over 50,000 million (in this case, 91,719) | $0.05 | $4,585.95 |
Total | $10,585.95 |
Other logs-based analysis
In addition to overly permissive rule insights, the following features use logs-based analysis:
- All Firewall Insights metrics
- The deny rules with hits insight
To use these features, you must have Firewall Rules Logging enabled. For details about Firewall Rules Logging charges, see the Network Telemetry pricing documentation.
The following table describes Firewall Insights pricing for these features.
Feature | Pricing |
|---|---|
firewall_hit_count metric | Free |
firewall_last_used_timestamp metric | Free |
Deny rules with hits | Free |
