Network Telemetry

Google Cloud Network Telemetry provides visibility into your network traffic with tools like VPC Flow Logs, Firewall Rules Logging, and Packet Mirroring. These tools help you monitor, troubleshoot, and secure your GCP network infrastructure.

Network Telemetry Tools:

1. VPC Flow Logs - Records network flows sent from and received by VM instances, including GKE nodes. Useful for network monitoring, forensics, and security analysis.

2. Firewall Rules Logging - Logs allowed and denied connections based on your firewall rules. Helps audit firewall policy and investigate security incidents.

3. Packet Mirroring - Clones traffic from specific VMs and sends it to a collector (IDS, security appliance) for deep packet inspection without affecting the original traffic.

4. Network Intelligence Center - Provides network topology visualization, connectivity testing, and performance monitoring.

The below example shows how to enable VPC Flow Logs and query them using gcloud.

It gives the following output,

Updated subnet [my-subnet] with flow logs enabled.
Flow log sample entry:
  src_ip: 10.128.0.2
  dest_ip: 142.250.80.46
  src_port: 54321
  dest_port: 443
  protocol: TCP
  bytes_sent: 1420
  packets_sent: 12
  start_time: 2024-01-15T10:00:00Z

Best Practices:

VPC Flow Logs sampling - Set to 0.5 (50%) for balanced cost vs visibility. Use 1.0 (100%) only for security-sensitive subnets.

Log retention - Export flow logs to BigQuery for long-term analysis and correlation with security events.

Packet Mirroring - Use for IDS/IPS integration; only mirror traffic from critical VMs to control cost.