Last Thursday, Google introduced a new feature to its Virtual Private Cloud (VPC) users for tracking network operations between their servers in the Google Cloud. Called VPC Flow Logs, the tool logs and monitors all network flows sent from and received by the virtual machines (VM) inside a VPC in five-second intervals.
The new feature is set to improve monitoring by Google Cloud Platform (GCP) admins and increase transparency in the VPC network, including traffic between Google Cloud regions. It is similar to Cisco’s NetFlow “but with additional features,” as explained in the company’s blog post.
According to Google,“It also allows you to collect network telemetry at various levels. You can choose to collect telemetry for a particular VPC network or subnet or drill down further to monitor a specific VM Instance or virtual interface.”
Aside from capturing telemetry data at each level, VPC Flow Logs can also track internal VPC traffic, flows between a VPC and on-premise deployments, flows between servers and any Internet endpoint, and exchange between servers and Google services.
Users can then export the collected data to Stackdriver Logging or BigQuery if they opt to keep it on the Google Cloud server. They can also use Cloud Pub/Sub in exporting the logs to other real-time analytics or security platforms. Moreover, VPC Flow Logs has integrated with two leading logging and analytics platforms, Cisco Stealthwatch and Sumo Logic. The data updates every five seconds without any effect on the performance of deployed applications.
VPC Flow Logs lets network operators gain more insight about the network, as well as debug and troubleshoot app-related issues. The tool allows them to optimize network usage with more available information about global traffic. It also allows GCP admins to perform network forensics in investigating suspicious behavior, such as traffic from unusual sources or substantial volumes of data migration.