GCP Network Topology “Top Talkers” : Your friend for common questions on Network Traffic

In one of my earlier blogs , I walked through various types of networking spend on GCP. This blog extends that topic with an overview of a new feature that helps with GCP Network cost analysis . This tool can be interesting for CTO , CIO , CFO , Technology manager , Networking lead , Network architect, Network admin, and cloud-operations engineer roles. Often, the following questions are top of mind:

1. Which type of traffic is my workload sending ? (internal to GCP / external to GCP )
2. How much traffic of each type is my workload sending ( how much MB internal traffic Vs how much MB external traffic )
3. Are my on-premise workloads sending / receiving too much traffic from GCP ?
4. Are my GCP workloads sending too much traffic to Google services ? If yes , which are those workloads ?
5. How can I find top N contributors to my Network egress traffic (and hence contributors to my cost)

I coalesce these key questions into few common use cases, with intel on how GCP Network Intelligence Center may be able to help.

UseCase 1 : “Network Traffic towards Internet”

In GCP , the egress cost towards the Internet is different for subscribers of Standard tier Vs subscribers of Premium tier

For Standard Tier : Egress pricing is per GiB delivered. Pricing is based on source geolocation of traffic

For Premium Tier : Pricing is based on source geolocation of traffic and also is a factor of Network (egress) worldwide destination

TASK : A member of the finance team of a larger enterprise was reading about Network egress SKUs and wants to better understand spend done under the category of ‘Network Egress’ in GCP . He asks the Cloud Networking lead of his company to report the top VMs which are contributing the most for Internet Traffic ?

Solution : The ‘Top Talkers’ feature of Network Topology module under ‘Network Intelligence Centre’

Explanation : GCP Network Intelligence Centre ( NIC ) is the single pane for everything related to Network Observability . The module ‘Network Topology’ under NIC gives the real time view of cloud network topology .

NIC network topology has a feature called ‘Metrics and insights’ which allow users to see high egress instances towards the internet . This is shown as below

Capture 1 : GCP Network Topology for “High egress instances to Internet “

Important information that can be analyzed using this are -

1. Current top instances sending traffic towards internet along with traffic stats
2. This data can be seen for last 6 week historical period as well
3. Clicking on the instance can also help users to navigate through the trends of internet egress traffic stats .One such example is shown below

Capture 2 : GCP Network Topology : Details for a instance under “High egress instances to Internet “

Please note that these stats are for absolute traffic volume towards the Internet and are not intended to show the absolute $ cost value . But this is the quickest and most efficient way to find top cost contributors.

Use case 2 : Network Traffic moving out of zone

For traffic remaining inside of Google cloud backbone , the cost distribution is as follows -

• No charge if Egress to the same Google Cloud zone when using the internal IP addresses of the resources
• There are charges when traffic goes outside of the zone. The charges differ if traffic goes to different Google Cloud zone in the same Google Cloud region Vs the scenario when traffic goes to a different cloud region

TASK : With the above definition in mind ; a technology manager of a digital native startup asks the Cloud Networking lead to report the VMs which are contributing the most for traffic that remain within GCP . He understands that intra-zone traffic is not charged (is free) , but there is a charge for each byte that crosses the local GCP zone . He wish to use this findings to see if there is any optimization possible by talking to technical teams if there can be some data that remains within local GCP zone .

Solution : The ‘Top Talkers’ feature of Network Topology module under ‘Network Intelligence Centre’

Explanation : NIC network topology has a feature called ‘Metrics and insights’ which allow users to see high cross-zonal traffic . This is shown as below

Capture 3 : GCP Network Topology metrics for cross-zonal high egress instances

Important pieces of information from this are as follows :

1. The example above top instances contributing towards cross-zonal egress cost
2. Breaking it down per instance , the example above shows info for one of instances “db-instance-eu” . Further , it shows that this db instance is sending traffic towards asia-east1 and us-central1 along with traffic stats
3. The same topology diagram shows info about how much traffic was sent by this instances towards Google service. If you wish to see which Google service is this traffic going towards , the same can be shown by clicking on Google service.
4. All this can be queried for historical period of last 6 weeks

Use case 3 : Network Traffic moving on Interconnect / VPN

For traffic that goes over internet (using VPN tunnel) , following are price components-

• An hourly charge for each Cloud VPN gateway
• A monthly charge for IPsec traffic
• An hourly charge for any external IP address assigned to a VPN gateway but not used by a tunnel

TASK : With the above definition in mind ; a manager of a large enterprise , who has an on-prem footprint and also operates in a multi-cloud environment has called for a meeting with Cloud Networking teams to report the VMs which are contributing the most for traffic over VPN / interconnect . He wants to use this data to see if some of this traffic can be localized within GCP rather than going out over VPN / interconnect

Solution : The ‘Top Talkers’ feature of Network Topology module under ‘Network Intelligence Centre’ .

Explanation :NIC network topology has a feature called ‘Metrics and insights’ which allow users to see high hybrid traffic contributors . This is shown as below

Capture 4: GCP Network Topology metrics for hybrid high egress instances

Important analytics shown are as follows :

1. This topology shows the instance(s) which are sending the most traffic over VPN
2. This topology shows the GCP VPN peer IP address
3. The respective traffic stats are shown for current time as well as for historical 6 week period
4. The same info can be shown for Interconnect as well in similar fashion
5. User can click on instance and see trends of ingress and egress traffic from/towards VPN endpoint as follows

Capture 5 : GCP Network Topology metrics : Details for hybrid high egress instances

Use case 4 : Total GCP Network cost

TASK : The CFO and CTO of a large enterprise are jointly discussing a long term roadmap for digitization and one of the discussion points is to put aggressive timelines on migrating everything to the cloud. They wished to see more details on spend under ‘Networking’ and are interested to see which project workloads are contributing the most to overall Network spend . They ask the Cloud Networking Business Unit lead to provide details of top spenders of GCP Networking cost in order to do a technical analysis of application traffic flows and also to use this data in their efforts to keep networking spend under control.

Solution : The ‘Top Talkers’ feature of Network Topology module under ‘Network Intelligence Centre’ .

Explanation :NIC network topology has a feature called ‘Metrics and insights’ which allow users to see top contributors for entire egress networking cost . This is shown as below

Capture 6 : Capture 3 : GCP Network Topology metrics for instances contributing to “total high egress”

Important analytics are as follows :

1. This view tell the workloads which are contributing to overall Network egress (including cross-zone , towards Internet , towards VPN / interconnect )
2. This overall view is able to present historical data of the last 6 weeks . Hence in a quick time , a viewer can see the change in egress contribution by a given workload
3. A quick analysis of the selected workload can give a snapshot of the breakup of internal vs external traffic as follows

Usecase 5

TASK : During analysis of the last few weeks of GCP spend , one member of the finance team of an Asia based digital enterprise notices an increase of spend on 2 line items (detailed below), and wants to better understand what might be contributing to the increase. He calls upon his technical teams to help him better understand the spend by analyzing the top workloads.

Example line items from monthly GCP bill

SOLUTION

Correlating the findings from the ‘Top talkers’ module under Network Intelligence Center with the billing SKUs to better understand what contributed to the aforementioned line items in the monthly GCP bill.

EXPLANATION

The team analyzed the spend using the following steps :

(a) As per the networking SKUs mentioned at this link , the traffic towards Internet are priced as per following -

(b) Similarly this URL describes inter zone traffic -

At this point , the finance and technical teams better understand the unit rate of SKUs seen in the bill, as well as why certain SKU’s are listed as contributors to total spend.

( c) To better understand the key workloads contributing to spend, the team used Network Intelligence Center’s Topology feature of ‘top talker’ to identify the top contributors for traffic type ‘To the Internet’ . This showed that there is one particular instance which is contributing to 96 % of internet traffic currently .

d) The team also wants to understand how much data this workload has sent to the Internet in the last month. Topology also provides valuable insights for this use case, as shown below:

The above details shown by Network Intelligence Center reflect the total data sent by this workload towards the internet over the last 4 weeks.

Key Takeaways

To operate efficiently in the cloud, it’s important to understand the various components of Network traffic within and outside your network that contribute to cost. Thus, it’s important to have a SPOG that visualizes which workloads are contributing to which kinds of traffic . Network Intelligence Center’s “topology view” is a quick and efficient way of addressing this by listing top contributors to various traffic types . Technical / commercial teams can use the information shown in their daily workflows and decision making.

Disclaimer: This is to inform readers that the views, thoughts, and opinions expressed in the text belong solely to the author, and not necessarily to the author’s employer, organization, committee or other group or individual.

At the time of writing , the feature is under ‘Public Preview’. Please follow Google cloud documentation for official information