Google Cloud Hybrid Connectivity
Monitor Google Cloud to Multi-Cloud Networking
Not Included in the BindPlane with Google Cloud Monitoring offering
All of the Google Cloud Platform sources listed within this documentation are not included with the BindPlane with Google Cloud Monitoring offering.
For more information on how to use the below LPU and other Google Cloud Data Collection setup. See the Google Cloud Platform Sources
Least Privileged User
A user role with the at least the following permissions is required:
Deploying a Least Privileged User
To learn more about how to deploy a role with these permissions to a GCP Organization, or a GCP Project, please refer to this documentation:
Deploy an Individual LPU role to a GCP Project, or GCP Organization
- cloudnotifications.activities.list
- monitoring.alertPolicies.get
- monitoring.alertPolicies.list
- monitoring.dashboards.get
- monitoring.dashboards.list
- monitoring.groups.get
- monitoring.groups.list
- monitoring.metricDescriptors.get
- monitoring.metricDescriptors.list
- monitoring.monitoredResourceDescriptors.get
- monitoring.monitoredResourceDescriptors.list
- monitoring.notificationChannelDescriptors.get
- monitoring.notificationChannelDescriptors.list
- monitoring.notificationChannels.get
- monitoring.notificationChannels.list
- monitoring.publicWidgets.get
- monitoring.publicWidgets.list
- monitoring.timeSeries.list
- monitoring.uptimeCheckConfigs.get
- monitoring.uptimeCheckConfigs.list
- resourcemanager.projects.get
- resourcemanager.projects.list
- stackdriver.projects.get
- compute.addresses.get
- compute.addresses.list
- compute.backendBuckets.get
- compute.backendBuckets.list
- compute.backendServices.get
- compute.backendServices.list
- compute.firewalls.get
- compute.firewalls.list
- compute.forwardingRules.get
- compute.forwardingRules.list
- compute.globalAddresses.get
- compute.globalAddresses.list
- compute.globalForwardingRules.get
- compute.globalForwardingRules.list
- compute.healthChecks.get
- compute.healthChecks.list
- compute.httpHealthChecks.get
- compute.httpHealthChecks.list
- compute.httpsHealthChecks.get
- compute.httpsHealthChecks.list
- compute.instanceGroups.get
- compute.instanceGroups.list
- compute.instances.get
- compute.instances.getGuestAttributes
- compute.instances.getSerialPortOutput
- compute.instances.list
- compute.instances.listReferrers
- compute.interconnectAttachments.get
- compute.interconnectAttachments.list
- compute.interconnectLocations.get
- compute.interconnectLocations.list
- compute.interconnects.get
- compute.interconnects.list
- compute.networks.get
- compute.networks.list
- compute.projects.get
- compute.regionBackendServices.get
- compute.regionBackendServices.list
- compute.regions.get
- compute.regions.list
- compute.routers.get
- compute.routers.list
- compute.routes.get
- compute.routes.list
- compute.sslCertificates.get
- compute.sslCertificates.list
- compute.sslPolicies.get
- compute.sslPolicies.list
- compute.sslPolicies.listAvailableFeatures
- compute.subnetworks.get
- compute.subnetworks.list
- compute.targetHttpProxies.get
- compute.targetHttpProxies.list
- compute.targetHttpsProxies.get
- compute.targetHttpsProxies.list
- compute.targetInstances.get
- compute.targetInstances.list
- compute.targetPools.get
- compute.targetPools.list
- compute.targetSslProxies.get
- compute.targetSslProxies.list
- compute.targetTcpProxies.get
- compute.targetTcpProxies.list
- compute.targetVpnGateways.get
- compute.targetVpnGateways.list
- compute.urlMaps.get
- compute.urlMaps.list
- compute.vpnTunnels.get
- compute.vpnTunnels.list
- compute.zones.get
- compute.zones.list
- serviceusage.quotas.get
- serviceusage.services.get
- serviceusage.services.list
Connection Parameters
| Name | Required? | Description |
|---|---|---|
| Private Key JSON | Required | The contents of the private key JSON file created when setting up a service account. |
| Metric Collection | Controls which metrics get requested from GCP's Stackdriver API. | |
| Projects | Required | A comma separated whitelist of project IDs. If the wildcard "*" is used, resources will be collected from all available projects. |
| Regions | Required | A comma separated whitelist of regions. At least one region must be specified. |
| Connection Timeout | The number of seconds to allow for connecting to the target. |
Metrics
Cloud Router
| Name | Description |
|---|---|
| BGP Received Routes | Current number of routes received on a bgp session. |
| BGP Sent Routes | Current number of routes sent on a bgp session. |
| BGP Session Status | Indicator for successful bgp session establishment. |
| BGP Sessions Down | Number of BGP sessions on the router that are down. |
| BGP Sessions Up | Number of BGP sessions on the router that are up. |
| Creation Timestamp | Creation timestamp in RFC3339 text format. |
| Description | An optional description of this resource. Provide this property when you create the resource. |
| Name | Name of the resource. Provided by the client when the resource is created. |
| Network | URI of the network to which this router belongs. |
| Project ID | The identifier of the project that the router belongs to. |
| Received Routes | Current number of best routes received by router. |
| Region | The region in which the router is present. |
| Router ID | The unique ID of the router. |
| Router Status | Router status, up or down. |
| Sent Routes | Current number of routes sent by router. |
VPN Gateway
| Name | Description |
|---|---|
| Creation Timestamp | Creation timestamp in RFC3339 text format. |
| Description | An optional description of this resource. Provide this property when you create the resource. |
| Forwarding Rules | A list of URLs to the ForwardingRule resources. ForwardingRules are created using compute.forwardingRules.insert and associated to a VPN gateway. |
| Gateway ID | The unique identifier for the gateway. |
| Gateway Name | The name of the gateway. |
| Incoming Packets Dropped (Packets per Second) | Ingress (received from peer VPN) packets dropped for tunnel. |
| Kind | Type of resource. Always compute#targetVpnGateway for target VPN gateways. |
| Network | URL of the network to which this VPN gateway is attached. Provided by the client when the VPN gateway is created. |
| Outgoing Packets Dropped (Packets per Second) | Egress (directed to peer VPN) packets dropped for tunnel. |
| Project ID | The identifier for the project this gateway belongs to. |
| Received Data (Bytes per Second) | Ingress (received from peer VPN) data for tunnel. |
| Region | The region in which the gateway resides. |
| Self Link | Server-defined URL for the resource. |
| Sent Data (Bytes per Second) | Egress (directed to peer VPN) data for tunnel. |
| Status | The status of the VPN gateway. |
| Tunnel Established | Indicates successful tunnel establishment if > 0. |
| Tunnels | A list of URLs to VpnTunnel resources. VpnTunnels are created using compute.vpntunnels.insert method and associated to a VPN gateway. |
VPN Tunnel
| Name | Description |
|---|---|
| Creation Timestamp | Creation timestamp in RFC3339 text format. |
| Description | An optional description of this resource. Provide this property when you create the resource. |
| Detailed Status | Detailed status message for the VPN tunnel. |
| Gateway ID | The unique identifier for the parent gateway. |
| Gateway Name | The name of the parent gateway. |
| Ike Version | IKE protocol version to use when establishing the VPN tunnel with peer VPN gateway. Acceptable IKE versions are 1 or 2. Default version is 2. |
| Incoming Packets Dropped (Packets per Second) | Ingress (received from peer VPN) packets dropped for tunnel. |
| Kind | Type of resource. Always compute#vpnTunnel for VPN tunnels. |
| Local Traffic Selector | Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example: 192.168.0.0/16. The ranges should be disjoint. Only IPv4 is supported. |
| Outgoing Packets Dropped (Packets per Second) | Egress (directed to peer VPN) packets dropped for tunnel. |
| Peer Ip | IP address of the peer VPN gateway. Only IPv4 is supported. |
| Project ID | The identifier for the project this gateway belongs to. |
| Received Data (Bytes per Second) | Ingress (received from peer VPN) data for tunnel. |
| Region | The region in which the tunnel resides. |
| Remote Traffic Selector | Remote traffic selectors to use when establishing the VPN tunnel with peer VPN gateway. The value should be a CIDR formatted string, for example: 192.168.0.0/16. The ranges should be disjoint. Only IPv4 is supported. |
| Router | URL of router resource to be used for dynamic routing. |
| Self Link | Server-defined URL for the resource. |
| Sent Data (Bytes per Second) | Egress (directed to peer VPN) data for tunnel. |
| Shared Secret | Shared secret used to set the secure session between the Cloud VPN gateway and the peer VPN gateway. |
| Shared Secret Hash | Hash of the shared secret. |
| Status | The status of the VPN tunnel. |
| Target VPN Gateway | URL of the Target VPN gateway with which this VPN tunnel is associated. Provided by the client when the VPN tunnel is created. |
| Tunnel Established | Indicates successful tunnel establishment if > 0. |
| Tunnel Name | The name of the tunnel. |
Updated almost 4 years ago