Monitor Packet Mirroring

Packet Mirroring exports monitoring data about mirrored traffic to Cloud Monitoring. You can use monitoring metrics to check whether traffic from a VM instance is being mirrored as intended. For example, you can view the mirrored packet or byte count for a particular instance.

You can view the monitoring metrics of mirrored VM instances or instances that are part of the collector destination (internal passthrough Network Load Balancer). For mirrored VM instances, Packet Mirroring provides metrics specific to mirrored packets, such as /mirroring/mirrored_packets_count, /mirroring/mirrored_bytes_count, and /mirroring/dropped_packets_count. For more information, see the metrics list for Compute Engine in the Monitoring documentation.

The metrics for the collector destination provides an aggregate view of all mirrored traffic that it collects. However, for the individual mirrored instances, you can view the number of mirrored packets that were dropped. Metrics for the collector destination don't include dropped packets. For more information about monitoring the collector destination, see Internal TCP/UDP Load Balancing monitoring.

View packet mirroring metrics in the Compute Engine console

  1. Go to the VM instances page.

    Go to the VM instances page

  2. Select the project that contains the mirrored instance.
  3. Click the name of the mirrored instance to view its details.
  4. Click the Monitoring tab.
  5. View the Mirrored Network Bytes and Mirrored Network Packets charts to see the mirrored bytes and mirrored packets. The Mirrored Network Packets chart shows the number of successful and dropped mirrored packets.

View the monitoring dashboard for a mirrored instance

  1. Go to Monitoring in the Google Cloud console.
    Go to Monitoring
  2. Select Resources > Instances.
  3. Click the name of a mirrored instance.

When you access the dashboard, Cloud Monitoring shows time series charts, such as the number of packets mirrored.

Define Monitoring alerts

You can define alerts over the packet mirroring metrics:

  1. Go to Monitoring in the Google Cloud console.
    Go to Monitoring
  2. Click Alerting.
  3. Click Create Policy.
  4. Click Add Condition and select condition type.
  5. In the Metric tab, select a target.

    1. For the resource type, VM Instance.
    2. Select a packet mirroring metric.
  6. Click Save Condition.

  7. Enter a policy name in the Name this policy field and click Save Policy.

Define custom dashboards

In addition to the predefined dashboards in Cloud Monitoring, you can create custom dashboards, set up alert policies, and query the metrics through the Cloud Monitoring API.

On the Cloud Monitoring dashboard, Open Incidents are driven by the alerting policies that you configure. Alerts appear as incidents on the dashboard when the alert is triggered. These are general functions of Cloud Monitoring.

You can create custom Cloud Monitoring dashboards over packet mirroring metrics:

  1. Go to Monitoring in the Google Cloud console.
    Go to Monitoring
  2. Click Dashboards.
  3. Click Create Dashboard.
  4. Select a chart type to create.
  5. Give the chart a title.
  6. In the Metric tab, select a target.

    1. For the resource type, VM Instance.
    2. Select a packet mirroring metric.
  7. Click Save.

Metric reporting frequency and retention

Metrics for the VPC security policies are exported to Cloud Monitoring in 1-minute granularity batches. Monitoring data is retained for six weeks. The dashboard provides data analysis in the following default intervals:

  • 1H (one hour)
  • 6H (six hours)
  • 1D (one day)
  • 1W (one week)
  • 6W (six weeks)

Using the controls in the upper-right hand corner of the Cloud Monitoring page, you can manually request analysis in any interval from 6W to 1 minute.

What's next

For more information about Cloud Monitoring, see the Cloud Monitoring documentation.