- gcloud alpha compute packet-mirrorings create - create a Google Compute Engine packet mirroring
gcloud alpha compute packet-mirrorings create
(ALPHA)Create a Google Compute Engine packet mirroring.
- POSITIONAL ARGUMENTS
- Name of the packet mirroring to create.
- REQUIRED FLAGS
Forwarding rule configured as collector. This must be a regional forwarding rule
(in the same region) with load balancing scheme INTERNAL and
isMirroringCollector set to true.
You can provide this as the full URL to the forwarding rule, partial URL, or name. For example, the following are valid values:
- https://compute.googleapis.com/compute/v1/projects/myproject/ regions/us-central1/forwardingRules/fr-1
Network for this packet mirroring. Only the packets in this network will be
mirrored. It is mandatory that all mirrored VMs have a network interface
controller (NIC) in the given network. All mirrored subnetworks should belong to
the given network.
You can provide this as the full URL to the network, partial URL, or name. For example, the following are valid values:
- https://compute.googleapis.com/compute/v1/projects/myproject/ global/networks/network-1
- OPTIONAL FLAGS
- Return immediately, without waiting for the operation in progress to complete.
- Optional, textual description for the packet mirroring.
Enable or disable the packet-mirroring. Enabled by default, use
- List of IP CIDR ranges that apply as filters on the source or destination IP in the IP header for packet mirroring traffic. All traffic between the VM and the IPs listed here will be mirrored using this configuration. This can be a Public IP as well. If unspecified, the config applies to all traffic.
List of IP protocols that apply as filters for packet mirroring traffic. If
unspecified, the packet mirroring applies to all traffic.
PROTOCOLmust be one of:
List of instances to be mirrored. You can provide this as the full or valid
partial URL to the instance. For example, the following are valid values:
- https://compute.googleapis.com/compute/v1/projects/myproject/ zones/us-central1-a/instances/instance-
List of subnets to be mirrored. You can provide this as the full URL to the
subnet, partial URL, or name. For example, the following are valid values:
- https://compute.googleapis.com/compute/v1/projects/myproject/ regions/us-central1/subnetworks/subnet-1
List of virtual machine instance tags to be mirrored.
To read more about configuring network tags, read this guide: https://cloud.google.com/vpc/docs/add-remove-network-tags
The virtual machines with the provided tags must live in zones contained in the same region as this packet mirroring.
Priority of applying this packet mirroring. Priority is used to break ties in
cases where there is more than one matching policy. In the case of two policies
that apply for a given Instance, the one with the lowest-numbered priority value
wins. Mirroring all instances in a region for the network may produce a lot of
mirrored traffic. If you want to "zoom in" on a subset of that traffic you can
create another packet mirroring with a more restricted set of mirrored instances
(using the --mirrored-
flags) or a more restrictive CIDR filter and send that traffic to a dedicated collector. Because we cannot mirror traffic to multiple sets of collector, you should set the priority for the more specific packet mirroring configuration to a lower value to ensure the packets are sent to the desired collector. Default value is 1000. Valid range is 0 through 65535. If multiple policies end up having the same priority, then one of the policies is picked non-deterministically.
Region of the packet mirroring to create. Overrides the default
property value for this command invocation.
- GCLOUD WIDE FLAGS
These flags are available to all commands: --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account,
--log-http, --project, --quiet, --trace-token, --user-output-enabled,
$ gcloud helpfor details.
Mirror all tcp traffic to/from all instances in subnet my-subnet in us-central1,
and send the mirrored traffic to the collector-fr Forwarding Rule.
$ gcloud alpha compute packet-mirrorings create my-pm --network my-network --region us-central1 --mirrored-subnets my-subnet --collector-ilb collector-fr --filter-protocols tcp
Mirror all traffic between instances with tag t1 and external server with IP 220.127.116.11 in us-central1, and send the mirrored traffic to the collector-fr Forwarding Rule.
$ gcloud alpha compute packet-mirrorings create my-pm --network my-network --region us-central1 --mirrored-tags t1 --collector-ilb collector-fr --filter-cidr-ranges 18.104.22.168/32
- This command is currently in ALPHA and may change without notice. If this command fails with API permission errors despite specifying the right project, you may be trying to access an API with an invitation-only early access whitelist. This variant is also available:
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2020-01-07.