Google Cloud Introduces VPC Flow Logs to Cloud Customers for Network Visibility

April 6, 2018 Off By Hoofer
Article Written by David Marshall

Enterprise users of Google’s cloud platform have a new option for logging and monitoring network traffic for security and performance issues.  Google introduced VPC Flow Logs to the Google Cloud Platform (GCP), giving administrators a way to track network flows all the way down to an individual virtual interface, in near-real-time.

According to GCP Product Manager Ines Envid, VPC Flow Logs is like Cisco’s NetFlow, "but with more features."  It provides responsive flow-level network telemetry for GCP environments, creating logs in five-second intervals. 

Organizations can use VPC Flow Logs to collect network telemetry at various levels and they can choose to collect telemetry for a particular VPC (virtual private cloud) network or subnet or drill down further to monitor a specific VM Instance or virtual interface.

Users can capture telemetry data from a wide variety of sources, including internal VPC traffic, flows between VPC and on-premises deployments over both VPNs and Google Cloud Interconnects, flows between servers and any internet endpoint, as well as flows between servers and any Google services.

Once the data is collected, a user can export it in a highly secure manner to Google’s BigQuery or Stackdriver Logging.  With the Cloud Pub/Sub API, you can export these logs to any number of real-time analytics or SIEM platforms. It also integrates with two leading logging and analytics platforms: Cisco Stealthwatch and Sumo Logic.

Envid notes that having VPC Flow Logs in the toolbox can provide a user with a wide range of operational tasks, such as:
  • Network monitoring – VPC Flow Logs allows you to monitor your applications from the perspective of your network. From performance to debugging and troubleshooting, VPC Flow Logs can tell you how your applications are performing, to help you keep them up and running, and identify what changed should an issue arise.
  • Optimizing network usage and egress – By providing visibility into both your application’s inter-region traffic and your traffic usage globally, VPC Flow Logs lets you optimize your network costs by optimizing your bandwidth utilization, load balancing and content distribution.
  • Network forensics and security analytics – VPC Flow Logs also helps you perform network forensics when investigating suspicious behavior such as traffic from access from abnormal sources or unexpected volumes of data migration. The logs also help you ensure compliance.
  • Real-time security analysis – With the Cloud Pub/Sub API, you can easily export your logs into any SIEM ecosystem that you may already be using.

The logging and monitoring tool can ultimately help users track application performance from the perspective of the network, help optimize network usage, and help perform network forensics when investigating unusual behavior.

To learn more about VPC Flow Logs, including how to get started and pricing, visit the documentation and product page.


About the Author

David Marshall is an industry recognized virtualization and cloud computing expert, a ten time recipient of the VMware vExpert distinction, and has been heavily involved in the industry for the past 20 years.  To help solve industry challenges, he co-founded and helped start several successful virtualization software companies such as ProTier, Surgient, Hyper9 and Vertiscale. He also spent a few years transforming desktop virtualization while at Virtual Bridges.

David is also a co-author of two very popular server virtualization books: "Advanced Server Virtualization: VMware and Microsoft Platforms in the Virtual Data Center" and "VMware ESX Essentials in the Virtual Data Center" and the Technical Editor on Wiley’s "Virtualization for Dummies" and "VMware VI3 for Dummies" books.  David also authored countless articles for a number of well known technical magazines, including: InfoWorld, Virtual-Strategy and TechTarget.  In 2004, he founded the oldest independent virtualization and cloud computing news site,, which he still operates today.

Follow David Marshall

Twitter: @vmblog