0
0
GCPcloud~5 mins

Network intelligence tools in GCP - Commands & Configuration

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Introduction
Network intelligence tools help you understand and troubleshoot your cloud network. They show how data moves and where problems might be, so you can fix issues faster and keep your apps running smoothly.
When you want to check if your cloud servers can talk to each other without problems
When you need to find out why your app is slow or not connecting
When you want to see the path your data takes across the network
When you want to monitor network health and spot unusual traffic
When you need to verify firewall rules and network settings
Commands
This command lists all subnets in the us-east1 region to understand your network layout.
Terminal
gcloud compute networks subnets list --region us-east1
Expected OutputExpected
NAME REGION NETWORK RANGE default us-east1 default 10.128.0.0/20 custom-subnet us-east1 custom-network 10.10.0.0/16
--region - Specifies the region to list subnets from
This shows any network peerings for the default network, helping you see connections between networks.
Terminal
gcloud compute networks peerings list --network default
Expected OutputExpected
NAME NETWORK PEER_NETWORK STATE peering-1 default peer-network ACTIVE
--network - Specifies the network to check peerings for
This lists firewall rules for the default network so you can check what traffic is allowed or blocked.
Terminal
gcloud compute firewall-rules list --filter="network=default"
Expected OutputExpected
NAME NETWORK DIRECTION PRIORITY ALLOW default-allow-ssh default INGRESS 1000 tcp:22 default-allow-internal default INGRESS 65534 tcp:0-65535,udp:0-65535,icmp
--filter - Filters firewall rules by network
This command shows detailed info about the default subnet in us-east1, including IP ranges and flow logs.
Terminal
gcloud compute networks subnets describe default --region us-east1
Expected OutputExpected
name: default region: us-east1 network: default ipCidrRange: 10.128.0.0/20 privateIpGoogleAccess: false flowLogsConfig: aggregationInterval: INTERVAL_5_SEC flowSampling: 0.5 metadata: INCLUDE_ALL_METADATA
--region - Specifies the region of the subnet
This enables flow logs on the default subnet to collect network traffic data for analysis.
Terminal
gcloud compute networks subnets update default --region us-east1 --enable-flow-logs
Expected OutputExpected
Updated [https://www.googleapis.com/compute/v1/projects/my-project/regions/us-east1/subnetworks/default].
--enable-flow-logs - Turns on flow logs for the subnet
--region - Specifies the region of the subnet
Key Concept

If you remember nothing else from this pattern, remember: network intelligence tools let you see and understand your cloud network traffic and settings to find and fix problems.

Common Mistakes
Not specifying the region when listing or describing subnets
The command will fail or show no results because subnets are regional resources.
Always include the --region flag with the correct region name.
Trying to enable flow logs on a subnet without proper permissions
The command will fail with a permission error, blocking flow log setup.
Ensure you have the Compute Network Admin role or equivalent before enabling flow logs.
Filtering firewall rules without specifying the correct network name
You might get no results or rules from the wrong network, causing confusion.
Use the exact network name in the --filter flag to get accurate firewall rules.
Summary
Use gcloud commands to list and describe your networks and subnets to understand your cloud network layout.
Check network peerings and firewall rules to see how networks connect and what traffic is allowed.
Enable flow logs on subnets to collect detailed network traffic data for troubleshooting and monitoring.