Monitor Private Service Connect connections

Private Service Connect exposes key metrics to Cloud Monitoring that give you insights into your Private Service Connect connections.

Metrics are sent automatically to Monitoring. There, you can create custom dashboards, set up alerts, and query the metrics.

Monitor published services

You can monitor published services by using predefined dashboards or Google Cloud metrics.

View dashboards for published services

Private Service Connect provides a set of predefined dashboards that display the following metrics for a published service:

  • Connected forwarding rules
  • NAT IP addresses in use

To view predefined dashboards from the details page of a particular Private Service Connect published service, follow these steps:

Console

  1. In the Google Cloud console, go to the Private Service Connect page.

    Go to Private Service Connect

  2. Click the Published services tab.

  3. Click an existing service.

  4. Click the Monitoring tab.

    You can change the view of the charts by using the control at the top of the page. Hovering over a point on the graph gives you details for that specific time.

Metrics for published services

The "metric type" strings in this table must be prefixed with compute.googleapis.com/. That prefix has been omitted from the entries in the table.

For a full list of Google Cloud metrics, see Google Cloud metrics.

Metric type Launch stage
Display name
Kind, Type, Unit
Monitored resources
Description
Labels
private_service_connect/producer/closed_connections_count BETA
Closed connections count
DELTAINT64{connection}
gce_service_attachment
Count of connections closed over a PSC Attachment ID. Sampled every 60 seconds. After sampling, data is not visible for up to 315 seconds.
ip_protocol: The protocol of the connection. Can be TCP or UDP.
psc_connection_id: The Private Service Connect connection ID of the Private Service Connect Forwarding Rule.
private_service_connect/producer/connected_consumer_forwarding_rules GA
Connected consumer forwarding rules
GAUGEINT641
gce_service_attachment
Number of Consumer Forwarding Rules connected to a PSC Attachment ID. Sampled every 60 seconds. After sampling, data is not visible for up to 165 seconds.
private_service_connect/producer/dropped_received_packets_count BETA
Received packets dropped count
DELTAINT64{packet}
gce_service_attachment
Count of received packets dropped by a PSC Attachment ID. Sampled every 60 seconds. After sampling, data is not visible for up to 315 seconds.
ip_protocol: The protocol of the connection. Can be TCP or UDP.
psc_connection_id: The Private Service Connect connection ID of the Private Service Connect Forwarding Rule.
private_service_connect/producer/dropped_sent_packets_count BETA
Sent packets dropped count
DELTAINT64{packet}
gce_service_attachment
Count of sent packets dropped by a PSC Attachment ID. Sampled every 60 seconds. After sampling, data is not visible for up to 315 seconds.
ip_protocol: The protocol of the connection. Can be TCP or UDP.
psc_connection_id: The Private Service Connect connection ID of the Private Service Connect Forwarding Rule.
private_service_connect/producer/new_connections_count BETA
New connections count
DELTAINT64{connection}
gce_service_attachment
Count of new connections created over a PSC Attachment ID. Sampled every 60 seconds. After sampling, data is not visible for up to 315 seconds.
ip_protocol: The protocol of the connection. Can be TCP or UDP.
psc_connection_id: The Private Service Connect connection ID of the Private Service Connect Forwarding Rule.
private_service_connect/producer/open_connections BETA
Open connections
GAUGEINT64{connection}
gce_service_attachment
Number of connections currently open on a PSC Attachment ID. Sampled every 60 seconds. After sampling, data is not visible for up to 315 seconds.
ip_protocol: The protocol of the connection. Can be TCP or UDP.
psc_connection_id: The Private Service Connect connection ID of the Private Service Connect Forwarding Rule.
private_service_connect/producer/received_bytes_count BETA
Received bytes count
DELTAINT64By
gce_service_attachment
Count of bytes received (PSC -> Service) over a PSC Attachment ID. Sampled every 60 seconds. After sampling, data is not visible for up to 315 seconds.
ip_protocol: The protocol of the connection. Can be TCP or UDP.
psc_connection_id: The Private Service Connect connection ID of the Private Service Connect Forwarding Rule.
private_service_connect/producer/received_packets_count BETA
Received packets count
DELTAINT64{packet}
gce_service_attachment
Count of packets received (PSC -> Service) over a PSC Attachment ID. Sampled every 60 seconds. After sampling, data is not visible for up to 315 seconds.
ip_protocol: The protocol of the connection. Can be TCP or UDP.
psc_connection_id: The Private Service Connect connection ID of the Private Service Connect Forwarding Rule.
private_service_connect/producer/sent_bytes_count BETA
Sent bytes count
DELTAINT64By
gce_service_attachment
Count of bytes sent (Service -> PSC) over a PSC Attachment ID. Sampled every 60 seconds. After sampling, data is not visible for up to 315 seconds.
ip_protocol: The protocol of the connection. Can be TCP or UDP.
psc_connection_id: The Private Service Connect connection ID of the Private Service Connect Forwarding Rule.
private_service_connect/producer/sent_packets_count BETA
Sent packets count
DELTAINT64{packet}
gce_service_attachment
Count of packets sent (Service -> PSC) over a PSC Attachment ID. Sampled every 60 seconds. After sampling, data is not visible for up to 315 seconds.
ip_protocol: The protocol of the connection. Can be TCP or UDP.
psc_connection_id: The Private Service Connect connection ID of the Private Service Connect Forwarding Rule.
private_service_connect/producer/used_nat_ip_addresses GA
Used nat ip addresses
GAUGEINT641
gce_service_attachment
IP usage of the monitored service attachment. Sampled every 60 seconds. After sampling, data is not visible for up to 165 seconds.

Monitor endpoints and backends

You can monitor endpoints and backends by using Google Cloud metrics.

Metrics for endpoints and backends

Both Private Service Connect endpoints and backends are monitored as Private Service Connect Endpoint resources.

The "metric type" strings in this table must be prefixed with compute.googleapis.com/. That prefix has been omitted from the entries in the table.

For a full list of Google Cloud metrics, see Google Cloud metrics.

Metric type Launch stage
Display name
Kind, Type, Unit
Monitored resources
Description
Labels
private_service_connect/consumer/closed_connections_count BETA
Closed connections count
DELTAINT64{connection}
compute.googleapis.com/PrivateServiceConnectEndpoint
Count of TCP/UDP connections closed over a PSC connection ID. Sampled every 60 seconds. After sampling, data is not visible for up to 315 seconds.
ip_protocol: The protocol of the connection. Can be TCP or UDP.
private_service_connect/consumer/dropped_received_packets_count BETA
Received packets dropped count
DELTAINT64{packet}
compute.googleapis.com/PrivateServiceConnectEndpoint
Count of received packets dropped by a PSC connection ID. Sampled every 60 seconds. After sampling, data is not visible for up to 315 seconds.
ip_protocol: The protocol of the connection. Can be TCP or UDP.
private_service_connect/consumer/dropped_sent_packets_count BETA
Sent packets dropped count
DELTAINT64{packet}
compute.googleapis.com/PrivateServiceConnectEndpoint
Count of sent packets dropped by a PSC connection ID. Sampled every 60 seconds. After sampling, data is not visible for up to 315 seconds.
ip_protocol: The protocol of the connection. Can be TCP or UDP.
private_service_connect/consumer/new_connections_count BETA
New connections count
DELTAINT64{connection}
compute.googleapis.com/PrivateServiceConnectEndpoint
Count of new TCP/UDP connections created over a PSC connection ID. Sampled every 60 seconds. After sampling, data is not visible for up to 315 seconds.
ip_protocol: The protocol of the connection. Can be TCP or UDP.
private_service_connect/consumer/open_connections BETA
Open connections
GAUGEINT64{connection}
compute.googleapis.com/PrivateServiceConnectEndpoint
Number of TCP/UDP connections currently open on a PSC connection ID. Sampled every 60 seconds. After sampling, data is not visible for up to 315 seconds.
ip_protocol: The protocol of the connection. Can be TCP or UDP.
private_service_connect/consumer/received_bytes_count BETA
Received bytes count
DELTAINT64By
compute.googleapis.com/PrivateServiceConnectEndpoint
Count of bytes received (PSC -> Clients) over a PSC connection ID. Sampled every 60 seconds. After sampling, data is not visible for up to 315 seconds.
ip_protocol: The protocol of the connection. Can be TCP or UDP.
private_service_connect/consumer/received_packets_count BETA
Received packets count
DELTAINT64{packet}
compute.googleapis.com/PrivateServiceConnectEndpoint
Count of packets received (PSC -> Clients) over a PSC connection ID. Sampled every 60 seconds. After sampling, data is not visible for up to 315 seconds.
ip_protocol: The protocol of the connection. Can be TCP or UDP.
private_service_connect/consumer/sent_bytes_count BETA
Sent bytes count
DELTAINT64By
compute.googleapis.com/PrivateServiceConnectEndpoint
Count of bytes sent (Clients -> PSC) over a PSC connection ID. Sampled every 60 seconds. After sampling, data is not visible for up to 315 seconds.
ip_protocol: The protocol of the connection. Can be TCP or UDP.
private_service_connect/consumer/sent_packets_count BETA
Sent packets count
DELTAINT64{packet}
compute.googleapis.com/PrivateServiceConnectEndpoint
Count of packets sent (Clients -> PSC) over a PSC connection ID. Sampled every 60 seconds. After sampling, data is not visible for up to 315 seconds.
ip_protocol: The protocol of the connection. Can be TCP or UDP.

Define alerting policies

To create a metrics-based alerting policy, follow these steps. Use a resource type of Service Attachment for metrics about published services. Use a resource type of Private Service Connect Endpoint for metrics about endpoints or backends.

Console

You can create alerting policies to monitor the values of metrics and to notify you when those metrics violate a condition.

  1. In the navigation panel of the Google Cloud console, select Monitoring, and then select  Alerting:

    Go to Alerting

  2. If you haven't created your notification channels and if you want to be notified, then click Edit Notification Channels and add your notification channels. Return to the Alerting page after you add your channels.
  3. From the Alerting page, select Create policy.
  4. To select the metric, expand the Select a metric menu and then do the following:
    1. To limit the menu to relevant entries, enter the resource type into the filter bar. If there are no results after you filter the menu, then disable the Show only active resources & metrics toggle.
    2. For the Resource type, select the resource type.
    3. For the Metric category, select Private_service_connect.
    4. For the Metric, select the metric to use for this policy.
    5. Select Apply.
  5. Click Next.
  6. The settings in the Configure alert trigger page determine when the alert is triggered. Select a condition type and, if necessary, specify a threshold. For more information, see Create metric-threshold alerting policies.
  7. Click Next.
  8. Optional: To add notifications to your alerting policy, click Notification channels. In the dialog, select one or more notification channels from the menu, and then click OK.
  9. Optional: Update the Incident autoclose duration. This field determines when Monitoring closes incidents in the absence of metric data.
  10. Optional: Click Documentation, and then add any information that you want included in a notification message.
  11. Click Alert name and enter a name for the alerting policy.
  12. Click Create Policy.
For more information, see Alerting policies.

What's next