Learn how to run Connectivity Tests by following the steps on this page.
To edit or delete one or more tests, see Update or delete tests.
To learn about Connectivity Tests, see the overview.
Before you begin
Before you can use Connectivity Tests, set up the following items in Google Cloud:
In the Google Cloud console, go to the project selector page.
Select or create a Google Cloud project.
- Ensure that billing is enabled for your Google Cloud project.
Install the Google Cloud CLI, which is part of the Google Cloud CLI. To install the latest version of the gcloud CLI, see the gcloud CLI documentation.
For a list of all commands, see the
gcloud
command reference.Enable the Network Management API. Enabling the API provides you with the following:
Example API calls that use the Network Management API
You can test Network Management API commands by using the API Explorer. In the Network Management API reference document, use the
Try this API
column to explore API fields and run a test.Sample code that uses the API Python client
The example code assumes that you have constructed a resource named
api
to interact with the Network Management API. To construct a resource, use thebuild
function. See the following example:from googleapiclient.discovery import build api = build('networkmanagement', 'v1')
For more information about the API Python client, see the following:
- Google API Client Library for Python Docs in GitHub, which includes installation and authentication instructions.
- The Network Management API reference documentation for the API Python client.
- Obtain the permissions that you need to run and view tests. For details, see Assign access.
Run Connectivity Tests
When you run a Connectivity Test, you provide test inputs as a 5-tuple without the source port.
The following sections show you how to run a test for source and destination endpoints described in Common use cases.
From the Google Cloud console, you can run Connectivity Tests by using either of the following:
The Connectivity Tests page, which is available from the Networking > Network Intelligence Center menu.
The Network interface details page for a network interface of a Compute Engine virtual machine (VM) instance. If you use this page, you must use the current network interface as either the Source or Destination of the test. This page only lists tests relevant to the current network interface.
Each test that you create runs immediately after you create it and is stored in the Connectivity Tests resource. A test exists until you delete it.
To check the status of a test operation while the operation runs, see
Check a running test operation. Some
examples of test operations are create
and rerun
.
When you use an IP address for the source or destination endpoint, you might need to specify additional fields.
Best practices
When you test an endpoint (a VM or IP address) located in a Shared VPC service project, it's more convenient to run the test from the service project. This is because you can select the VM or IP address from the drop-down box in the Google Cloud console.
However, you still must specify the host project before specifying the Virtual Private Cloud (VPC) network, because the network is in the host project. For details, see Test IP addresses in a Shared VPC network.
When running a test between your VPC network and your peer or on-premises network, it can help to run another Connectivity Test by using the on-premises IP address as the source, and a VM instance or IP address in your VPC network as the destination.
This type of test verifies that Google Cloud is advertising routes as expected to your on-premises network. However, Connectivity Tests doesn't verify that your on-premises network has received and implemented those routes.
It takes between 20 and 120 seconds for Connectivity Tests to receive a configuration update and incorporate it into analysis. If you run a test immediately after making a configuration change, you might not see the results that you expect. Make sure that you wait long enough between making the configuration change and running your tests.
This delay does not apply to live data plane analysis. Therefore, you might see a temporary mismatch between the results shown by live data plane analysis and configuration analysis. For example, if you add a firewall rule, it might be reachable for live data plane analysis. However, you might have to wait for some time before the firewall rule is reachable for configuration analysis.
Test to or from a VM with multiple network interfaces
This section describes how to test to or from a VM's non-primary network interface.
Console
If you specify a VM instance with multiple network interfaces as the source or destination of a test, Connectivity Tests prompts you to select a network interface from a list.
Alternatively, you can run a test from the Network interface details page for a network interface of a Compute Engine VM instance. If you use this page, you must use the current network interface as either the Source or Destination of the test.
gcloud and API
You must specify the network interface to use for the test in one of the following ways:
- IP address and network URI
- IP address and VM URI
- Network URI and VM URI
Providing only the URI for a VM with multiple interfaces selects only the VM's primary interface.
List all tests for a project
Console
- In the Google Cloud console, go to the Connectivity Tests page.
- At the top of the page, in the drop-down project menu, select a project.
- The Connectivity Tests page refreshes and shows you the tests for that project.
gcloud
To list all tests owned by a project, enter the following gcloud
command.
This command shows tests in the currently selected project.
gcloud network-management connectivity-tests list
To list tests in a specific project, specify the
PROJECT_ID
.
gcloud network-management connectivity-tests list --project=PROJECT_ID
API
To list all existing tests owned by a project, use the
projects.locations.global.connectivityTests.list
method.
GET https://networkmanagement.googleapis.com/v1/{parent=projects/PROJECT_ID/locations/global}/connectivityTests
- Replace
PROJECT_ID
with the project ID of the project that contains the tests that you want to list.
Python
The following example code lists all existing tests owned by a project. For
more information, see list
in the Google API Client Library for Python.
project_id = "PROJECT_ID" parent = 'projects/%s/locations/global' % project_id request = api.projects().locations().global_().connectivityTests().list(parent=parent)
print(json.dumps(request.execute(), indent=4))
Replace PROJECT_ID
with the project ID of the project
that contains the tests that you want to list.
Test between VM instances in a VPC network
These steps assume that both VM instances are in the same Google Cloud project.
Console
From the main Connectivity Tests page
-
In the Google Cloud console, go to the Connectivity Tests page.
- Select Create Connectivity Test.
- In the Test name field, enter a name for the test.
- In the Protocol list, select a protocol.
-
For Source, do the following:
- In the Source endpoint menu, select VM instance.
- In the Source VM instance menu, select the specific source VM instance.
In the Source network interface menu, select the network interface.
If the VM instance has multiple network interfaces, select a VM network interface that uniquely identifies the source location.
- Optional: Select the Source IP address from the list. The default is the IP address of the source VM instance.
-
For Destination, do the following:
- In the Destination endpoint menu, select VM instance.
- In the Destination VM instance menu, select the specific destination VM instance.
In the Destination network interface menu, select the network interface.
If the VM instance has multiple network interfaces, select a VM network interface to identify the destination location uniquely.
- Optional: Select the Destination IP address from the list. The default is the IP address of the destination VM instance.
- In the Destination port field, enter a destination port.
- Click Create.
Note: For a dual-stack instance, the source and the destination IP address must be of the same type. For example, you cannot test from a VM with an IPv4 address to a VM with an IPv6 address.
After the test finishes, the main Connectivity Tests page loads and shows a list that contains this test and other tests. Continue to View test results.
From the Network interface details page
- In the Google Cloud console, go to the VM instances page.
- If it is not already selected, select the project that contains the instance for which you want to run a test.
- Click the instance that you want to use to run a test.
For Network interfaces, select the network interface that you want to use to run a test.
If the VM instance has multiple network interfaces, select a VM network interface to uniquely identify the destination location.
For Network analysis, click Create Connectivity Test, and do the following:
- In the Test name field, enter a name for the test.
- In the Protocol list, select a protocol.
For Source, you can select either Current network interface or Other.
If you select Current network interface, do the following:
- In the Destination endpoint menu, select VM instance.
- In the Destination VM instance menu, select the instance.
- In the Destination network interface menu, select the network interface.
- Optional: Select the destination IP address. The default is the IP address of the destination VM instance.
If you select Other, do the following:
- In the Source endpoint menu, select VM instance.
- In the Source VM instance menu, select the instance.
- In the Source network interface menu, select the network interface.
- Optional: Select source IP address. The default is the IP address of the source VM instance.
In the Destination port field, enter a destination port for your specified destination.
Click Create.
After the test finishes, the main Connectivity Tests page loads and shows a list that contains this test and other tests. Continue to View test results.
gcloud
Replace the sample values with values from your VPC network.
gcloud network-management connectivity-tests create NAME \ --source-instance=SOURCE_INSTANCE \ --source-ip-address=SOURCE_IP_ADDRESS \ --destination-instance=DESTINATION_INSTANCE \ --destination-ip-address=DESTINATION_IP_ADDRESS \ --destination-port=DESTINATION_PORT \ --protocol=PROTOCOL
Replace the following:
NAME
: the name of the Connectivity Test.SOURCE_INSTANCE
: the URI for the source VM—for example,projects/myproject/zones/us-east1-b/instances/instance-1
.SOURCE_IP_ADDRESS
: the IP address of the source VM instance that you are testing from. The IP address should be one of the IP addresses of the source VM instance.DESTINATION_INSTANCE
: the URI for the destination VM—for example,projects/myproject/zones/us-east1-b/instances/instance-2
.DESTINATION_IP_ADDRESS
: the IP address of the destination VM instance that you are testing to. The IP address should be one of the IP addresses of the destination VM instance.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.
Terraform
You can use a Terraform resource to create a test between two VM instances in a VPC network.
API
The following sample test determines if the existing network configuration
allows VM instance1
to ping VM instance2
.
Use the projects.locations.global.connectivityTests.create
method.
POST https: //networkmanagement.googleapis.com/v1/projects/PROJECT_ID/locations/global/connectivityTests?testId=TEST_ID' { "source": { "instance": "SOURCE_INSTANCE", "ipAddress": "SOURCE_IP_ADDRESS", }, "destination": { "instance": "DESTINATION_INSTANCE", "ipAddress": "DESTINATION_IP_ADDRESS", }, "protocol": "PROTOCOL", }'
Replace the following:
PROJECT_ID
: the project ID of the source VM.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.SOURCE_INSTANCE
: the URI for the source VM—for example,projects/myproject/zones/us-east1-b/instances/instance-1
.SOURCE_IP_ADDRESS
: the IP address of the source VM instance that you are testing from. The IP address should be one of the IP addresses of the source VM instance.DESTINATION_INSTANCE
: the URI for the destination VM—for example,projects/myproject/zones/us-east1-b/instances/instance-2
.DESTINATION_IP_ADDRESS
: the IP address of the destination VM instance that you are testing to. The IP address should be one of the IP addresses of the destination VM instance.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.
Python
The following example code creates a test between two VM instances. For more
information, see create
in the Google API Client Library for Python.
test_input = { "source": { "instance": "SOURCE_INSTANCE", "ipAddress": "SOURCE_IP_ADDRESS", "projectId": "SOURCE_INSTANCE_PROJECT_ID" }, "destination": { "instance": "DESTINATION_INSTANCE", "ipAddress": "DESTINATION_IP_ADDRESS", "projectId": "DESTINATION_INSTANCE_PROJECT_ID" }, "protocol": "PROTOCOL", } request = api.projects().locations().global_().connectivityTests().create( parent="projects/PROJECT_ID/locations/global", testId="TEST_ID", body=test_input) print(json.dumps(request.execute(), indent=4))
Replace the following:
SOURCE_INSTANCE
: the URI for the source VM—for example,projects/myproject/zones/us-east1-b/instances/instance-1
.SOURCE_IP_ADDRESS
: the IP address of the source VM instance that you are testing from. The IP address should be one of the IP addresses of the source VM instance.SOURCE_INSTANCE_PROJECT_ID
: the project ID of the source VM.DESTINATION_INSTANCE
: the URI for the destination VM—for example,projects/myproject/zones/us-east1-b/instances/instance-2
.DESTINATION_IP_ADDRESS
: the IP address of the destination VM instance that you are testing to. The IP address should be one of the IP addresses of the destination VM instance.DESTINATION_INSTANCE_PROJECT_ID
: the project ID of the destination VM.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.PROJECT_ID
: the project ID of the project in which you are creating the test.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.
Test between private IP addresses in a VPC network
This example assumes that both IP addresses are private IP addresses in the same Google Cloud project and in the same VPC network.
If you are testing between peered VPC networks, select the source and destination networks for each peer.
Console
-
In the Google Cloud console, go to the Connectivity Tests page.
The remaining steps appear in the Google Cloud console.
-
Select Create Connectivity Test.
- In the Test name field, enter a name for the test.
- In the Protocol list, select a protocol.
-
For Source, do the following:
- In the Source endpoint list, select IP address.
- In the Source IP address field, enter the source IP address.
-
If the VPC network of the source IP address is in the current project, clear the This is an IP address used in Google Cloud checkbox.
If the VPC network is in another project, in the Source IP address or service project field, select the project where the network is located.
If the IP address is outside of the RFC 1918 address space, select the I confirm that the source endpoint resides in a range outside of the RFC 1918 address space checkbox. Then, in the Source network list, select the network that contains the source IP address.
-
For Destination, do the following:
- In the Destination endpoint list, select IP address.
- In the Destination IP address field, enter the destination IP address.
-
If the VPC network of the destination IP address is in the current project, clear the This is an IP address used in Google Cloud checkbox.
If the VPC network is in another project, in the Destination IP address or service project field, select the project where the network is located.
If the IP address is outside of the RFC 1918 address space, select the I confirm that the destination endpoint resides in a range outside of the RFC 1918 address space checkbox. Then, in the Destination network list, select the network that contains the destination IP address.
- In the Destination port field, enter a valid destination port number. The number must be between 0 and 65535, inclusive.
- Click Create.
After the test finishes, the main Connectivity Tests page loads and shows a list that contains this test and other tests. Continue to View test results.
gcloud
Replace variables for the command options with values from your VPC network.
gcloud network-management connectivity-tests create NAME \ --source-ip-address=SOURCE_IP_ADDRESS \ --source-network=SOURCE_NETWORK \ --destination-ip-address=DESTINATION_IP_ADDRESS \ --destination-network=DESTINATION_NETWORK \ --destination-port=DESTINATION_PORT \ --protocol=PROTOCOL
Replace the following:
NAME
: the name of the Connectivity Test.SOURCE_IP_ADDRESS
: the source IP address that you are testing from.SOURCE_NETWORK
: the URI for the VPC network where the source IP address is located—for example,projects/myproject/global/networks/default
.DESTINATION_IP_ADDRESS
: the internal or external destination IP address that you are testing to.DESTINATION_NETWORK
: the URI for the VPC network where the destination IP address is located—for example,projects/myproject/global/networks/network-a
.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols. The default is port80
.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.
If the network is unknown, or you don't have permission to access the network,
you can specify the network as GCP_NETWORK
, instead of providing a network
URI.
You do not have to confirm whether your IP address is in Google Cloud or whether the source and destination endpoints are outside the RFC 1918 address space. These parameters are automatically selected based on your source and destination IP addresses.
gcloud network-management connectivity-tests create NAME \ --source-ip-address=SOURCE_IP_ADDRESS \ [--source-network-type=GCP_NETWORK] \ --destination-instance=DESTINATION_INSTANCE \ --destination-ip-address=DESTINATION_IP_ADDRESS \ --destination-port=DESTINATION_PORT \ --protocol=PROTOCOL
Replace the following:
NAME
: the name of the Connectivity Test.SOURCE_IP_ADDRESS
: the source IP address that you are testing from.SOURCE_NETWORK_TYPE
: the type of network where the source is located. In this case, use a value ofGCP_NETWORK
.DESTINATION_INSTANCE
: the URI for the destination VM—for example,projects/myproject/zones/us-east1-b/instances/instance-2
.DESTINATION_IP_ADDRESS
: the internal or external destination IP address that you are testing to.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols. The default is port80
.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.
When you specify a source IP address that is an external IP address outside
Google Cloud, you must specify a networkType
of
NON_GCP_NETWORK
. Replace the values in the following command
with values from your VPC network.
gcloud network-management connectivity-tests create NAME \ --source-ip-address=SOURCE_IP_ADDRESS \ --source-network-type=NON_GCP_NETWORK \ --destination-ip-address= DESTINATION_IP_ADDRESS \ --destination-network=DESTINATION_NETWORK \ --destination-port=DESTINATION_PORT \ --protocol=PROTOCOL
Replace the following:
NAME
: the name of the Connectivity Test.SOURCE_IP_ADDRESS
: the source IP address that you are testing from.SOURCE_NETWORK_TYPE
: the type of network where the source is located. In this case, use a value ofNON_GCP_NETWORK
.DESTINATION_IP_ADDRESS
: the internal or external destination IP address that you are testing to.DESTINATION_NETWORK
: a URI for the VPC network where the destination IP address is located—for example,projects/myproject/global/networks/default
.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.
Terraform
You can use a Terraform resource to create a test between two IP addresses in a VPC network.
You do not have to confirm whether your IP address is in Google Cloud or whether the source and destination endpoints are outside the RFC 1918 address space. These parameters are automatically selected based on your source and destination IP addresses.
API
This example tests the ability to ping from the source IP address to the destination IP address.
Use the projects.locations.global.connectivityTests.create
method.
POST https://reachability.googleapis.com/v1/projects/PROJECT_ID/locations/global/connectivityTests?testId=TEST_ID' { "source": { "ipAddress": "SOURCE_IP_ADDRESS", "network": "SOURCE_NETWORK" }, "destination": { "ipAddress": "DESTINATION_IP_ADDRESS", "network": "DESTINATION_NETWORK", "port": "DESTINATION_PORT", }, "protocol": "PROTOCOL". }'
Replace the following:
PROJECT_ID
: the project ID of the source VM.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.SOURCE_IP_ADDRESS
: the source IP address that you are testing from.SOURCE_NETWORK
: the URI for the VPC network where the source IP address is located—for example,projects/myproject/global/networks/default
.DESTINATION_IP_ADDRESS
: the internal or external destination IP address that you are testing to.DESTINATION_NETWORK
: a URI for the VPC network where the destination IP address is located—for example,projects/myproject/global/networks/network-a
.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.
If the VPC network is unknown, or you don't have permission
to access the network, you can specify the network as GCP_NETWORK
, instead
of providing a network URI.
You do not have to confirm whether your IP address is in Google Cloud or whether the source and destination endpoints are outside the RFC 1918 address space. These parameters are automatically selected based on your source and destination IP addresses.
POST https://reachability.googleapis.com/v1/projects/PROJECT_ID/locations/global/connectivityTests?connectivityTestId=TEST_ID' { "source": { "ipAddress": "SOURCE_IP_ADDRESS", "networkType": "GCP_NETWORK" }, "destination": { "instance": "DESTINATION_INSTANCE", "ipAddress": "DESTINATION_IP_ADDRESS" }, "protocol": "PROTOCOL" }'
Replace the following:
PROJECT_ID
: the project ID of the source VM.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.SOURCE_IP_ADDRESS
: the source IP address that you are testing from.SOURCE_NETWORK_TYPE
: the type of network where the source is located. In this case, use a value ofGCP_NETWORK
.DESTINATION_INSTANCE
: the URI for the destination VM—for example,projects/myproject/zones/us-east1-b/instances/instance-2
.DESTINATION_IP_ADDRESS
: the internal or external destination IP address that you are testing to.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.
When you specify a source IP address that is an external IP address outside
Google Cloud, you must specify a networkType
of
NON_GCP_NETWORK
. Replace the values in the following command
with values for your Google Cloud network.
POST https://reachability.googleapis.com/v1/projects/PROJECT_ID/locations/global/connectivityTests?testId=TEST_ID' { "source": { "ipAddress": "SOURCE_IP_ADDRESS", "networkType": "NON_GCP_NETWORK", }, "destination": { "ipAddress": "DESTINATION_IP_ADDRESS", "network": "DESTINATION_NETWORK", "port": "DESTINATION_PORT", }, "protocol": "PROTOCOL", }'
Python
The following example code creates a test between two IP addresses. For more
information, see create
in the Google API Client Library for Python.
test_input = { "source": { "ipAddress": "SOURCE_IP_ADDRESS", "projectId": "SOURCE_IP_PROJECT_ID" }, "destination": { "ipAddress": "DESTINATION_IP_ADDRESS", "port": "DESTINATION_PORT", "projectId": "DESTINATION_IP_PROJECT_ID" }, "protocol": "PROTOCOL", } request = api.projects().locations().global_().connectivityTests().create( parent="projects/PROJECT_ID/locations/global", testId="TEST_ID", body=test_input) print(json.dumps(request.execute(), indent=4))
Replace the following:
SOURCE_IP_ADDRESS
: the source IP address that you are testing from.SOURCE_IP_PROJECT_ID
: the project ID for the source IP address.DESTINATION_IP_ADDRESS
: the internal or external destination IP address that you are testing to.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols.DESTINATION_IP_PROJECT_ID
: the project ID for the destination IP address.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.PROJECT_ID
: the project ID of the project in which you are creating the test.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.
If the VPC network is unknown, or you don't have permission
to access the network, you can specify the network as GCP_NETWORK
, instead
of providing a network URI.
You do not have to confirm whether your IP address is in Google Cloud or whether the source and destination endpoints are outside the RFC 1918 address space. These parameters are automatically selected based on your source and destination IP addresses.
The following example creates a test between two IP addresses:
test_input = { "source": { "ipAddress": "SOURCE_IP_ADDRESS", "networkType": "GCP_NETWORK" }, "destination": { "ipAddress": "DESTINATION_IP_ADDRESS", "port": "DESTINATION_PORT", "projectId": "DESTINATION_IP_PROJECT_ID" }, "protocol": "PROTOCOL", } request = api.projects().locations().global_().connectivityTests().create( parent="projects/PROJECT_ID/locations/global", testId="TEST_ID", body=test_input) print(json.dumps(request.execute(), indent=4))
Replace the following:
SOURCE_IP_ADDRESS
: the source IP address that you are testing from.SOURCE_NETWORK_TYPE
: the type of network where the source is located. In this case, use a value ofGCP_NETWORK
.DESTINATION_IP_ADDRESS
: the IP address of the destination VM.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols.DESTINATION_IP_PROJECT_ID
: the project ID for the destination IP address.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.PROJECT_ID
: the project ID of the project in which you are creating the test.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.
When you specify a source IP address that is an external IP address outside
Google Cloud, you must specify a networkType
of
NON_GCP_NETWORK
.
Test IP addresses in a Shared VPC network
When you have a Shared VPC network, you can create and run a test from the host project or from the service project.
The following example shows both cases and uses a destination IP address allocated in the service project. The field values in the Google Cloud console are slightly different for each case. However, the command options for the Google Cloud CLI and for API calls are the same.
Console: from host
- In the Google Cloud console, from the host project, go to the Connectivity Tests page.
- Select Create Connectivity Test.
- In the Test name field, enter a name for the test.
- In the Protocol list, select a protocol.
- For Source, do the following:
- In the Source endpoint menu, select IP address.
- Enter source IP address.
- Select the This is an IP address used in Google Cloud checkbox.
- If this is an internal IP address that is not accessible from the internet, select the VPC network where the address is located.
- If your private IP address is outside of the RFC 1918 address space, select I confirm that the source endpoint resides in a range outside of the RFC 1918 address space, and then select the destination network that contains the IP address.
- For Destination, do the following:
- In the Destination endpoint menu, select IP address.
- Enter destination IP address.
- Select the This is an IP address used in Google Cloud checkbox.
- If this is an internal IP address that is not accessible from the internet, select the VPC network where the address is located.
- If your private IP address is outside of the RFC 1918 address space, select I confirm that the source endpoint resides in a range outside of the RFC 1918 address space, and then select the destination network that contains the IP address.
- In the Destination port field, enter a destination port for your specified destination.
- Click Create.
- After the test finishes, the main Connectivity Tests page loads and shows a list that contains this test and other tests. Continue to View test results.
Console: from service
- In the Google Cloud console, from the service project, go to the Connectivity Tests page.
- Select Create Connectivity Test.
- In the Test name field, enter a name for the test.
- In the Protocol list, select a protocol.
- For Source, do the following:
- In the Source endpoint menu, select IP address.
- Enter the Source IP address.
- Select the This is an IP address used in Google Cloud checkbox.
- If this is an internal IP address that is not accessible from the internet, select the VPC network where the address is located.
- For Destination, do the following:
- In the Destination endpoint menu, select IP address.
- Enter the Destination IP address.
- Select the This is an IP address used in Google Cloud checkbox.
- Specify the Destination IP address or service project where the IP address is located.
- If your private IP address is outside of the RFC 1918 address space, select the checkbox labeled I confirm that the source endpoint resides in a range outside of the RFC 1918 address space, and then select the destination network that contains the IP address.
- In the Destination port field, enter a destination port for your specified destination.
- Click Create.
- After the test finishes, the main Connectivity Tests page loads and shows a list that contains this test and other tests. Continue to View test results.
gcloud
Enter the following command to test between two private IP addresses in a host and in a service project where the destination IP address is located in the service project. Replace variables for the command options with values from your VPC network.
Because the destination IP address is in the service project, specify the
service project and the network URI of the host project. In this case,
default
represents the default VPC network
for the host-project
.
gcloud network-management connectivity-tests create NAME \ --source-ip-address=SOURCE_IP_ADDRESS \ --source-project=SOURCE_PROJECT \ --destination-ip-address=DESTINATION_IP_ADDRESS \ --destination-network=DESTINATION_NETWORK \ --destination-project=DESTINATION_PROJECT \ --destination-port=DESTINATION_PORT \ --protocol=PROTOCOL
Replace the following:
NAME
: the name of the Connectivity Test.SOURCE_IP_ADDRESS
: the source IP address that you are testing from.SOURCE_PROJECT
: the project ID of the source endpoint.DESTINATION_IP_ADDRESS
: the internal or external destination IP address that you are testing to in the service project.DESTINATION_NETWORK
: a URI for the VPC network for the host project—for example,projects/host-project/global/networks/default
.DESTINATION_PROJECT
: the project ID of the destination endpoint—for example, a project calledservice-project
that represents the service project used for this Shared VPC network.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.
API
Use the projects.locations.global.connectivityTests.create
method.
POST https: //networkmanagement.googleapis.com/v1/projects/PROJECT_ID/locations/global/connectivityTests?testId=TEST_ID' { "source": { "ipAddress": "SOURCE_IP_ADDRESS", "projectId": "SOURCE_PROJECT", }, "destination": { "ipAddress": "DESTINATION_IP_ADDRESS", "projectId": "DESTINATION_PROJECT", "network": "DESTINATION_NETWORK", "port": "DESTINATION_PORT", }, "protocol": "PROTOCOL", }'
Replace the following:
PROJECT_ID
: the project ID of the source VM.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.SOURCE_IP_ADDRESS
: the source IP address that you are testing from.SOURCE_PROJECT
: the project ID of the source endpoint.DESTINATION_IP_ADDRESS
: the internal or external destination IP address that you are testing to in the service project.DESTINATION_PROJECT
: the project ID of the destination endpoint—for example, a project calledservice-project
that represents the service project used for this Shared VPC network.DESTINATION_NETWORK
: a URI for the VPC network for the host project—for example,projects/host-project/global/networks/default
.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.
Python
The following example code creates a test between two IP addresses. For more
information, see create
in the Google API Client Library for Python.
test_input = { "source": { "ipAddress": "SOURCE_IP_ADDRESS", "projectId": "SOURCE_IP_PROJECT_ID" }, "destination": { "ipAddress": "DESTINATION_IP_ADDRESS", "projectId": "DESTINATION_IP_PROJECT_ID", "network": "DESTINATION_NETWORK", "port": "DESTINATION_PORT", }, "protocol": "PROTOCOL", } request = api.projects().locations().global_().connectivityTests().create( parent="projects/PROJECT_ID/locations/global", testId="TEST_ID", body=test_input) print(json.dumps(request.execute(), indent=4))
Replace the following:
SOURCE_IP_ADDRESS
: the source IP address that you are testing from.SOURCE_IP_PROJECT_ID
: the project ID of the source endpoint.DESTINATION_IP_ADDRESS
: the internal or external destination IP address that you are testing to in the service project.DESTINATION_IP_PROJECT_ID
: the project ID of the destination endpoint—for example, a project calledservice-project
that represents the service project used for this Shared VPC network.DESTINATION_NETWORK
: a URI for the VPC network for the host project—for example,projects/host-project/global/networks/default
.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.PROJECT_ID
: the project ID of the project in which you are creating the test.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.
Test from a VM to a Google-managed service
This section describes how to test from a VM in your VPC network to a service that runs in a Google-owned VPC network. For example, you can follow the steps in this section to test connectivity to a Cloud SQL instance or a GKE cluster control plane. You can also run a test by using a Google-managed service endpoint as the source and an endpoint in your VPC network as the destination.
By default, Connectivity Tests attempts to run a test by using the private IP address of the Google-managed service endpoint. If the endpoint does not have a private IP address, Connectivity Tests uses the public IP address. Connectivity Tests analyzes whether the packet can reach the endpoint, which includes analyzing the configuration within the Google-owned VPC network. If configuration issues are detected within your project, the analysis stops before analyzing the Google-owned network configuration.
To test from a VM to a Google-managed service, see the following instructions.
Console
From the main Connectivity Tests page
- In the Google Cloud console, go to the Connectivity Tests page.
- Select Create Connectivity Test.
- In the Test name field, enter a name for the test.
- In the Protocol list, select a protocol.
For Source, do the following:
- In the Source endpoint menu, select VM instance.
- In the Source VM instance menu, select the specific source VM instance.
In the Source network interface menu, select the network interface.
If the VM instance has multiple network interfaces, select a VM network interface that uniquely identifies the source location.
Optional: Select the Source IP address from the list. The default is the IP address of the source VM instance.
For Destination, do the following:
- In the Destination endpoint menu, select a type of Google-managed service resource such as GKE cluster control plane.
- In the Destination GKE cluster control plane menu, select the cluster for which you want to test connectivity to the GKE control plane.
- Optional: Select the Destination GKE cluster control plane endpoint from the list. The default is the IP-based endpoint of the GKE cluster.
In the Destination port field, enter a destination port for your specified destination.
Click Create.
After the test finishes, the main Connectivity Tests page loads and shows a list that contains this test and other tests. Continue to View test results.
From the Network interface details page
- In the Google Cloud console, go to the VM instances page.
- If it is not already selected, select the project that contains the instance for which you want to run a test.
- Click the instance that you want to use to run a test.
- For Network interfaces, select the network interface that you want to use to run a test.
- For Network analysis, click Create Connectivity Test.
- In the Test name field, enter a name for the test.
- In the Protocol list, select a protocol.
- For Source, select Current network interface.
- For Destination, do the following:
- In the Destination endpoint menu, select a type of Google-managed service resource such as GKE cluster control plane.
- In the Destination GKE cluster control plane menu, select the cluster for which you want to test connectivity to the GKE control plane.
- Optional: Select the Destination GKE cluster control plane endpoint from the list. The default is the IP-based endpoint of the GKE cluster.
- In the Destination port field, enter a destination port for your
specified destination.
- Click Create.
- After the test finishes, the main Connectivity Tests page loads and shows a list that contains this test and other tests. Continue to View test results.
gcloud
Replace the variables for the command options according to the following guidance:
gcloud network-management connectivity-tests create NAME \ --source-instance=SOURCE_INSTANCE \ --source-ip-address=SOURCE_IP_ADDRESS \ DESTINATION_RESOURCE_FLAG=DESTINATION_ENDPOINT \ --destination-port=DESTINATION_PORT \ --protocol=PROTOCOL
Replace the following:
NAME
: the name of the Connectivity Test.SOURCE_INSTANCE
: the URI for the source VM—for example,projects/myproject/zones/us-east1-b/instances/instance-1
.SOURCE_IP_ADDRESS
: the IP address of the source VM instance that you are testing from. The IP address should be one of the IP addresses of the source VM instance.DESTINATION_RESOURCE_FLAG
: the flag that specifies the type of Google-managed service resource.For available options, see the following:
--destination-gke-master-cluster
--destination-cloud-sql-instance
For more information, see the
gcloud network-management connectivity-tests create
reference.DESTINATION_ENDPOINT
: the URI for the destination endpoint—for example,projects/myproject/locations/us-central1/clusters/cluster-1
for the flag--destination-gke-master-cluster
.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.
API
Use the projects.locations.global.connectivityTests.create
method.
POST https: //networkmanagement.googleapis.com/v1/projects/PROJECT_ID/locations/global/connectivityTests?testId=TEST_ID' { "source": { "instance": "SOURCE_INSTANCE", "ipAddress": "SOURCE_IP_ADDRESS", }, "destination": { "DESTINATION_RESOURCE_FIELD": "DESTINATION_ENDPOINT", "port": DESTINATION_PORT }, "protocol": "PROTOCOL", }'
Replace the following:
PROJECT_ID
: the project ID of the source VM.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.SOURCE_INSTANCE
: the URI for the source VM—for example,projects/myproject/zones/us-east1-b/instances/instance-1
.SOURCE_IP_ADDRESS
: the IP address of the source VM instance that you are testing from. The IP address should be one of the IP addresses of the source VM instance.DESTINATION_RESOURCE_FIELD
: the field that specifies the type of Google-managed service resource.For available options, see the following:
gkeMasterCluster
cloudSqlInstance
redisInstance
redisCluster
For more information, see the Endpoint reference.
DESTINATION_ENDPOINT
: the URI for the destination endpoint—for example,projects/myproject/locations/us-central1/clusters/cluster-1
for the fieldgkeMasterCluster
.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.
Python
The following example code creates a test between a VM instance and a
Google-managed service endpoint. For more
information, see create
in the Google API Client Library for Python.
test_input = { "source": { "instance": "SOURCE_INSTANCE", "ipAddress": "SOURCE_IP_ADDRESS", "projectId": "SOURCE_INSTANCE_PROJECT_ID" }, "destination": { "DESTINATION_RESOURCE_FIELD": "DESTINATION_ENDPOINT", "port": "DESTINATION_PORT" }, "protocol": "PROTOCOL", } request = api.projects().locations().global_().connectivityTests().create( parent="projects/PROJECT_ID/locations/global", testId="TEST_ID", body=test_input) print(json.dumps(request.execute(), indent=4))
Replace the following:
SOURCE_INSTANCE
: the URI for the source VM—for example,projects/myproject/zones/us-east1-b/instances/instance-1
.SOURCE_IP_ADDRESS
: the IP address of the source VM instance that you are testing from. The IP address should be one of the IP addresses of the source VM instance.SOURCE_INSTANCE_PROJECT_ID
: the project ID of the source VM.DESTINATION_RESOURCE_FIELD
: the field that specifies the type of Google-managed service resource.For available options, see the following:
gkeMasterCluster
cloudSqlInstance
redisInstance
redisCluster
For more information, see the Endpoint reference.
DESTINATION_ENDPOINT
: the URI for the destination endpoint—for example,projects/myproject/locations/us-central1/clusters/cluster-1
for the fieldgkeMasterCluster
.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.PROJECT_ID
: the project ID of the project in which you are creating the test.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.
Test from a VM to Private Service Connect endpoints
This section describes how to test from a VM to a Private Service Connect endpoint.
For example, you can follow the steps in this section to test if a packet could be delivered to a published service that uses Private Service Connect. Connectivity Tests analyzes whether a packet can reach the endpoint, which includes analyzing connected endpoints, published services, and the proxy connection. The analysis ends early if the connection to a published service that uses Private Service Connect is not accepted.
You can test connectivity to the following:
Console
- In the Google Cloud console, go to the Connectivity Tests page.
- Select Create Connectivity Test.
- In the Test name field, enter a name for the test.
- In the Protocol list, select a protocol.
For Source, do the following:
- In the Source endpoint menu, select VM instance.
- In the Source VM instance menu, select the specific source VM instance.
In the Source network interface menu, select the network interface.
If the VM instance has multiple network interfaces, select a VM network interface that uniquely identifies the source location.
Optional: Select the Source IP address from the list. The default is the IP address of the source VM instance.
For Destination, do the following:
- In the Destination endpoint menu, select PSC endpoint.
In the Destination PSC endpoint menu, select the PSC endpoint.
If the destination endpoint is in a project other than the current project, select Endpoint is in a project other than "
PROJECT_NAME
". Then, in the Destination endpoint project field, select the project where the endpoint is located.
In the Destination port field, enter a destination port for your specified destination.
Click Create.
After the test finishes, the main Connectivity Tests page loads and shows a list that contains this test and other tests. Continue to View test results.
gcloud
Use the gcloud network-management connectivity-tests create
command.
Replace the sample values with values from your VPC network.
gcloud network-management connectivity-tests create NAME \ --source-instance=SOURCE_INSTANCE \ --source-ip-address=SOURCE_IP_ADDRESS \ --destination-ip-address=DESTINATION_IP_ADDRESS \ --destination-network=DESTINATION_NETWORK \ --protocol=PROTOCOL
Replace the following:
NAME
: the name of the Connectivity Test.SOURCE_INSTANCE
: the URI for the source VM—for example,projects/myproject/zones/us-east1-b/instances/instance-1
.SOURCE_IP_ADDRESS
: the IP address of the source VM instance that you are testing from. The IP address should be one of the IP addresses of the source VM instance.DESTINATION_IP_ADDRESS
: the IP address of the endpoint or backend that you want to test.DESTINATION_NETWORK
: a URI for the VPC network where the destination IP address is located—for example,projects/myproject/global/networks/default
.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.
If the endpoint or backend is used to access published services, you must specify the DESTINATION_NETWORK because the endpoint or backend has an internal IP address.
API
The following sample test determines whether the existing network configuration
allows VM instance1
to ping the IP address of the
Private Service Connect endpoint.
Use the projects.locations.global.connectivityTests.create
method.
POST https: //networkmanagement.googleapis.com/v1/projects/PROJECT_ID/locations/global/connectivityTests?testId=TEST_ID' { "source": { "instance": "SOURCE_INSTANCE", "ipAddress": "SOURCE_IP_ADDRESS", }, "destination": { "forwardingRule": "DESTINATION_FORWARDING_RULE", "port": "DESTINATION_PORT", }, "protocol": "PROTOCOL", }'
Replace the following:
PROJECT_ID
: the project ID of the source VM.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.SOURCE_INSTANCE
: the URI for the source VM—for example,projects/myproject/zones/us-east1-b/instances/instance-1
.SOURCE_IP_ADDRESS
: the IP address of the source VM instance that you are testing from. The IP address should be one of the IP addresses of the source VM instance.DESTINATION_IP_ADDRESS
: the IP address of the endpoint or backend that you want to test.DESTINATION_NETWORK
: a URI for the VPC network where the destination IP address is located—for example,projects/myproject/global/networks/default
.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.
If the endpoint or backend is used to access published services, you must specify the DESTINATION_NETWORK because the endpoint or backend has an internal IP address.
Python
The following example code creates a test between a VM instance and a
Private Service Connect endpoint. For more information,
see create
in the Google API Client Library for Python.
test_input = { "source": { "instance": "SOURCE_INSTANCE", "ipAddress": "SOURCE_IP_ADDRESS", "projectId": "SOURCE_INSTANCE_PROJECT_ID" }, "destination": { "forwardingRule": "DESTINATION_FORWARDING_RULE", "port": "DESTINATION_PORT", }, "protocol": "PROTOCOL", } request = api.projects().locations().global_().connectivityTests().create( parent="projects/PROJECT_ID/locations/global", testId="TEST_ID", body=test_input) print(json.dumps(request.execute(), indent=4))
Replace the following:
SOURCE_INSTANCE
: the URI for the source VM—for example,projects/myproject/zones/us-east1-b/instances/instance-1
.SOURCE_IP_ADDRESS
: the IP address of the source VM instance that you are testing from. The IP address should be one of the IP addresses of the source VM instance.SOURCE_INSTANCE_PROJECT_ID
: the project ID of the source VM.DESTINATION_IP_ADDRESS
: the IP address of the endpoint or backend that you want to test.DESTINATION_NETWORK
: a URI for the VPC network where the destination IP address is located—for example,projects/myproject/global/networks/default
.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.PROJECT_ID
: the project ID of the project in which you are creating the test.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.
If the endpoint or backend is used to access published services, you must
specify the DESTINATION_NETWORK
because the endpoint or backend
has an internal IP address.
Test from an App Engine standard environment version to a destination
This section describes how to test connectivity from an App Engine standard environment version to a VM instance, an IP address, or a Google-managed service.
An App Engine standard environment app is made up of a single application resource that consists of one or more services. Within each service, you deploy versions of that service. You can test reachability from a version of an App Engine standard environment service to a VM instance, an IP address, or a Google-managed service.
To see a detailed configuration analysis, you must configure your service to use a Serverless VPC Access connector. A Connectivity Test result might be different for each version of the service. You can only test reachability for test packets that use the UDP or the TCP protocol.
Test connectivity from a version of an App Engine standard environment service to a VM instance
Console
- In the Google Cloud console, go to the Connectivity Tests page.
- Select Create Connectivity Test.
- Enter a name for the test.
- Select a protocol.
- In the Source endpoint menu, select App Engine.
- In the App Engine service menu, select the
specific App Engine standard environment service from which you want to test
connectivity. For example, select
helloworld-service
.- If the source endpoint is in a project other than the current project,
select the Endpoint is in a project other than
"
PROJECT_NAME
" checkbox. - Select a project where the endpoint exists.
- If the source endpoint is in a project other than the current project,
select the Endpoint is in a project other than
"
- In the App Engine version menu, select a version of the App Engine standard environment service from which you want to test connectivity.
- In the App Engine service menu, select the
specific App Engine standard environment service from which you want to test
connectivity. For example, select
For Destination, select a Destination VM instance from the list.
If the VM instance has multiple network interfaces, select a VM network interface to uniquely identify the destination location.
Optional: Select the Destination IP address from the list. The default is the IP address of the destination VM instance.
In the Destination port field, enter a destination port for your specified destination.
Click Create.
After the test finishes, the main Connectivity Tests page loads and shows a list that contains this test and other tests. Continue to View test results.
gcloud
Use the gcloud network-management connectivity-tests create
command.
Replace the sample values with values from your VPC network.
gcloud network-management connectivity-tests create NAME \ --source-app-engine-version=APP_ENGINE_VERSION \ --destination-instance=DESTINATION_INSTANCE \ --destination-ip-address=DESTINATION_IP_ADDRESS \ --protocol=PROTOCOL
Replace the following:
NAME
: the name of the Connectivity Test.APP_ENGINE_VERSION
: the URI for the source App Engine standard environment version—for example,apps/myproject/services/service-name/versions/version-name
.DESTINATION_INSTANCE
: the URI for the destination VM—for example,projects/myproject/zones/us-east1-b/instances/instance-2
.DESTINATION_IP_ADDRESS
: the IP address of the destination VM instance that you are testing to. The IP address should be one of the IP addresses of the destination VM instance.PROTOCOL
: the networking protocols supported by Serverless VPC Access connectors—TCP
orUDP
.
API
Use the projects.locations.global.connectivityTests.create
method.
POST https: //networkmanagement.googleapis.com/v1/projects/PROJECT_ID/locations/global/connectivityTests?testId=TEST_ID' { "source": { "appEngineVersion": { "uri": "APP_ENGINE_VERSION", }, }, "destination": { "instance": "DESTINATION_INSTANCE", "ipAddress": "DESTINATION_IP_ADDRESS", }, "protocol": "PROTOCOL", }'
Replace the following:
PROJECT_ID
: the project ID of the source Cloud Run function.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.APP_ENGINE_VERSION
: the URI for the source App Engine standard environment version—for example,apps/myproject/services/service-name/versions/version-name
.DESTINATION_INSTANCE
: the URI for the destination VM—for example,projects/myproject/zones/us-east1-b/instances/instance-2
.DESTINATION_IP_ADDRESS
: the IP address of the destination VM instance that you are testing to. The IP address should be one of the IP addresses of the destination VM instance.PROTOCOL
: the networking protocols supported by Serverless VPC Access connectors—TCP
orUDP
.
Test connectivity from a version of an App Engine standard environment service to an IP address
Console
- In the Google Cloud console, go to the Connectivity Tests page.
- Select Create Connectivity Test.
- Enter a name for the test.
- Select a protocol.
- In the Source endpoint menu, select an App Engine.
- In the App Engine service menu, select the
specific App Engine standard environment service from which you want to test
connectivity. For example, select
helloworld-service
.- If the source endpoint is in a project other than the current project,
select Endpoint is in a project other than
"
PROJECT_NAME
". - Select a project where the endpoint exists.
- If the source endpoint is in a project other than the current project,
select Endpoint is in a project other than
"
- In the App Engine version menu, select a version of the App Engine standard environment service from which you want to test connectivity.
- In the App Engine service menu, select the
specific App Engine standard environment service from which you want to test
connectivity. For example, select
- For Destination, select IP address, and then enter an IP address.
- Enter a destination port.
- Click Create.
- After the test finishes, the main Connectivity Tests page loads and shows a list that contains this test and other tests. Continue to View test results.
gcloud
Use the gcloud network-management connectivity-tests create
command.
Replace the sample values with values from your VPC network.
gcloud network-management connectivity-tests create NAME \ --source-app-engine-version=APP_ENGINE_VERSION \ --destination-ip-address=DESTINATION_IP_ADDRESS \ --protocol=PROTOCOL
Replace the following:
NAME
: the name of the Connectivity Test.APP_ENGINE_VERSION
: the URI for the source App Engine standard environment version—for example,apps/myproject/services/service-name/versions/version-name
.DESTINATION_IP_ADDRESS
: the external destination IP address that you are testing to.PROTOCOL
: the networking protocols supported by Serverless VPC Access connectors—TCP
orUDP
.
API
Use the projects.locations.global.connectivityTests.create
method.
POST https: //networkmanagement.googleapis.com/v1/projects/PROJECT_ID/locations/global/connectivityTests?testId=TEST_ID' { "source": { "appEngineVersion": { "uri": "APP_ENGINE_VERSION", }, }, "destination": { "ipAddress": "DESTINATION_IP_ADDRESS", }, "protocol": "PROTOCOL", }'
Replace the following:
PROJECT_ID
: the project ID of the source Cloud Run function.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.APP_ENGINE_VERSION
: the URI for the source App Engine standard environment version—for example,apps/myproject/services/service-name/versions/version-name
.DESTINATION_IP_ADDRESS
: the external destination IP address that you are testing to.PROTOCOL
: the networking protocols supported by Serverless VPC Access connectors—TCP
orUDP
.
Test connectivity from a version of an App Engine standard environment service to Google-managed service
Console
- In the Google Cloud console, go to the Connectivity Tests page.
- Select Create Connectivity Test.
- Enter a name for the test.
- Select a protocol.
- In the Source endpoint menu, select an App Engine.
- In the App Engine service menu, select the
specific App Engine standard environment service from which you want to test
connectivity. For example, select
helloworld-service
.- If the source endpoint is in a project other than the current project,
select Endpoint is in a project other than
"
PROJECT_NAME
". - Select a project where the endpoint exists.
- If the source endpoint is in a project other than the current project,
select Endpoint is in a project other than
"
- In the App Engine version menu, select a version of the App Engine standard environment service from which you want to test connectivity.
- In the App Engine service menu, select the
specific App Engine standard environment service from which you want to test
connectivity. For example, select
- For Destination, do the following:
- In the Destination endpoint menu, select a type of Google-managed service resource such as GKE cluster control plane.
- In the Destination GKE cluster control plane menu, select the cluster for which you want to test connectivity to the GKE control plane.
- Optional: Select the Destination GKE cluster control plane endpoint from the list. The default is the IP-based endpoint of the GKE cluster.
- In the Destination port field, enter a destination port for your specified destination.
- Click Create.
- After the test finishes, the main Connectivity Tests page loads and shows a list that contains this test and other tests. Continue to View test results.
gcloud
Use the gcloud network-management connectivity-tests create
command.
Replace the sample values with values from your VPC network.
gcloud network-management connectivity-tests create NAME \ --source-app-engine-version=APP_ENGINE_VERSION \ --destination-ip-address=DESTINATION_IP_ADDRESS \ DESTINATION_RESOURCE_FLAG=DESTINATION_ENDPOINT \ --destination-port=DESTINATION_PORT \ --protocol=PROTOCOL
Replace the following:
NAME
: the name of the Connectivity Test.APP_ENGINE_VERSION
: the URI for the source App Engine standard environment version—for example,apps/myproject/services/servicename/versions/version-number
.DESTINATION_IP_ADDRESS
: the internal or external destination IP address that you are testing to.DESTINATION_RESOURCE_FLAG
: the flag that specifies the type of Google-managed service resource.For available options, see the following:
--destination-gke-master-cluster
--destination-cloud-sql-instance
For more information, see the
gcloud network-management connectivity-tests create
reference.DESTINATION_ENDPOINT
: the URI for the destination endpoint—for example,projects/myproject/locations/us-central1/clusters/cluster-1
for the flag--destination-gke-master-cluster
.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols. The default is port80
.PROTOCOL
: the networking protocols supported by Serverless VPC Access connectors—TCP
orUDP
.
API
Use the projects.locations.global.connectivityTests.create
method.
POST https: //networkmanagement.googleapis.com/v1/projects/PROJECT_ID/locations/global/connectivityTests?testId=TEST_ID' { "source": { "appEngineVersion": { "uri": "APP_ENGINE_VERSION", }, }, "destination": { "DESTINATION_RESOURCE_FIELD": "DESTINATION_ENDPOINT", "ipAddress": "DESTINATION_IP_ADDRESS", "port": DESTINATION_PORT, }, "protocol": "PROTOCOL", }'
Replace the following:
PROJECT_ID
: the project ID of the source Cloud Run function.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.APP_ENGINE_VERSION
: the URI for the source App Engine standard environment version—for example,apps/myproject/services/servicename/versions/version-number
.DESTINATION_RESOURCE_FIELD
: the field that specifies the type of Google-managed service resource.For available options, see the following:
gkeMasterCluster
cloudSqlInstance
redisInstance
redisCluster
For more information, see the Endpoint reference.
DESTINATION_ENDPOINT
: the URI for the destination endpoint—for example,projects/myproject/locations/us-central1/clusters/cluster-1
for the fieldgkeMasterCluster
.DESTINATION_IP_ADDRESS
: the internal or external destination IP address that you are testing to.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols. The default is port80
.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.
Test from a Cloud Run function to a destination
This section describes how to test connectivity from a Cloud Run function that is
deployed in a specific Google Cloud region to a VM instance, an IP address,
or a Google-managed service. For example, you can follow the steps in this
section to test connectivity from a Cloud Run function that is deployed in
us-central1
as the source to an endpoint in your VPC network
as the destination.
To see a detailed configuration analysis, ensure that your Cloud Run function is active and that you have configured a Serverless VPC Access connector for your Cloud Run function.
Egress settings for Cloud Run functions control the routing of outbound HTTP requests from a Cloud Run function and control the traffic types routed through the connector to your VPC network. For more information, see Cloud Run functions egress settings.
Test connectivity from a Cloud Run function to a VM instance
Console
- In the Google Cloud console, go to the Connectivity Tests page.
- Select Create Connectivity Test.
- In the Test name field, enter a name for the test.
- In the Protocol list, select a protocol.
- For Source, do the following:
- In the Source endpoint menu, select Cloud Function 1st gen.
- In the Cloud Function menu, select the
specific Cloud Run function from which you want to test
connectivity. For example, select
function-1
. - In the Cloud Function location menu, select the Google Cloud region where you have deployed the Cloud Run function. You can deploy Cloud Run functions to multiple regions that have different configurations but have the same name.
For Destination, do the following:
- In the Destination endpoint menu, select VM instance.
- In the Destination VM instance menu, select a VM instance.
In the Destination network interface menu, select the network interface.
If the VM instance has multiple network interfaces, select a VM network interface that uniquely identifies the destination location.
Optional: Select the Destination IP address from the list. The default is the IP address of the destination VM instance.
In the Destination port field, enter a destination port for your specified destination.
Click Create.
After the test finishes, the main Connectivity Tests page loads and shows a list that contains this test and other tests. Continue to View test results.
gcloud
Use the gcloud network-management connectivity-tests create
command.
Replace the sample values with values from your VPC network.
gcloud network-management connectivity-tests create NAME \ --source-cloud-function=SOURCE_CLOUD_FUNCTION \ --destination-instance=DESTINATION_INSTANCE \ --destination-ip-address=DESTINATION_IP_ADDRESS \ --destination-port=DESTINATION_PORT \ --protocol=PROTOCOL
Replace the following:
NAME
: the name of the Connectivity Test.SOURCE_CLOUD_FUNCTION
: the URI of the Cloud Run function—for example,projects/myproject/locations/us-central1/functions/function-1
.DESTINATION_INSTANCE
: the URI for the destination VM—for example,projects/myproject/zones/us-east1-b/instances/instance-2
.DESTINATION_IP_ADDRESS
: the IP address of the destination VM instance that you are testing to. The IP address should be one of the IP addresses of the destination VM instance.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.
API
Use the projects.locations.global.connectivityTests.create
method.
POST https: //networkmanagement.googleapis.com/v1/projects/PROJECT_ID/locations/global/connectivityTests?testId=TEST_ID' { "source": { "cloudFunction": { "uri": "SOURCE_CLOUD_FUNCTION", }, }, "destination": { "instance": "DESTINATION_INSTANCE", "ipAddress": "DESTINATION_IP_ADDRESS", }, "protocol": "PROTOCOL", }'
Replace the following:
PROJECT_ID
: the project ID of the source Cloud Run function.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.SOURCE_CLOUD_FUNCTION
: the URI of the Cloud Run function—for example,projects/myproject/locations/us-central1/functions/function-1
.DESTINATION_INSTANCE
: the URI for the destination VM—for example,projects/myproject/zones/us-east1-b/instances/instance-2
.DESTINATION_IP_ADDRESS
: the IP address of the destination VM instance that you are testing to. The IP address should be one of the IP addresses of the destination VM instance.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.
Test connectivity from a Cloud Run function to an IP address
Console
- In the Google Cloud console, go to the Connectivity Tests page.
- Select Create Connectivity Test.
- In the Test name field, enter a name for the test.
- In the Protocol list, select a protocol.
- For Source, do the following:
- In the Source endpoint menu, select Cloud Function 1st gen.
- In the Cloud Function menu, select the
specific Cloud Run function from which you want to test
connectivity. For example, select
function-1
. - In the Cloud Function location menu, select the Google Cloud region where you have deployed the Cloud Run function. You can deploy Cloud Run functions to multiple regions that have different configurations but have the same name.
- For Destination, select IP address, and then enter an IP address.
- In the Destination port field, enter a destination port for your specified destination.
- Click Create.
- After the test finishes, the main Connectivity Tests page loads and shows a list that contains this test and other tests. Continue to the View test results section later on this page.
gcloud
Use the gcloud network-management connectivity-tests create
command.
Replace the sample values with values from your VPC network.
gcloud network-management connectivity-tests create NAME \ --source-cloud-function=SOURCE_CLOUD_FUNCTION \ --destination-ip-address==DESTINATION_IP_ADDRESS \ --protocol=PROTOCOL
Replace the following:
NAME
: the name of the Connectivity Test.SOURCE_CLOUD_FUNCTION
: the URI of the Cloud Run function—for example,projects/myproject/locations/us-central1/functions/function-1
.DESTINATION_IP_ADDRESS
: the destination IP address that you are testing to.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.
API
Use the projects.locations.global.connectivityTests.create
method.
POST https: //networkmanagement.googleapis.com/v1/projects/PROJECT_ID/locations/global/connectivityTests?testId=TEST_ID' { "source": { "cloudFunction": { "uri": "SOURCE_CLOUD_FUNCTION", }, }, "destination": { "ipAddress": "DESTINATION_IP_ADDRESS", }, "protocol": "PROTOCOL", }'
Replace the following:
PROJECT_ID
: the project ID of the source Cloud Run function.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.SOURCE_CLOUD_FUNCTION
: the URI of the Cloud Run function—for example,projects/myproject/locations/us-central1/functions/function-1
.DESTINATION_IP_ADDRESS
: the destination IP address that you are testing to.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.
Test connectivity from a Cloud Run function to a Google-managed service
Console
- In the Google Cloud console, go to the Connectivity Tests page.
- Select Create Connectivity Test.
- In the Test name field, enter a name for the test.
- In the Protocol list, select a protocol.
- For Source, do the following:
- In the Source endpoint menu, select Cloud Function 1st gen.
- In the Cloud Function menu, select the
specific Cloud Run function from which you want to test
connectivity. For example, select
function-1
. - In the Cloud Function location menu, select the Google Cloud region where you have deployed the Cloud Run function. You can deploy Cloud Run functions to multiple regions that have different configurations but have the same name.
- For Destination, do the following:
- For Destination endpoint menu, select a type of Google-managed service resource such as Cloud SQL instance.
- In the Destination Cloud SQL instance menu, select the Cloud SQL instance from which you want to test connectivity.
- Optional: Select the Destination Cloud SQL instance IP address from the list. The default is the IP address of the source Cloud Run function.
- In the Destination port field, enter a destination port for your specified destination.
- Click Create.
- After the test finishes, the main Connectivity Tests page loads and shows a list that contains this test and other tests. Continue to the View test results section later on this page.
gcloud
Use the gcloud network-management connectivity-tests create
command.
Replace the sample values with values from your VPC network.
gcloud network-management connectivity-tests create NAME \ --source-cloud-function=SOURCE_CLOUD_FUNCTION \ DESTINATION_RESOURCE_FLAG=DESTINATION_ENDPOINT \ --destination-ip-address=DESTINATION_IP_ADDRESS \ --destination-port=DESTINATION_PORT \ --protocol=PROTOCOL
Replace the following:
NAME
: the name of the Connectivity Test.SOURCE_CLOUD_FUNCTION
: the URI of the Cloud Run function—for example,projects/myproject/locations/us-central1/functions/function-1
.DESTINATION_RESOURCE_FLAG
: the flag that specifies the type of Google-managed service resource.For available options, see the following:
--destination-gke-master-cluster
--destination-cloud-sql-instance
For more information, see the
gcloud network-management connectivity-tests create
reference.DESTINATION_ENDPOINT
: the URI for the destination endpoint—for example,projects/myproject/locations/us-central1/clusters/cluster-1
for the flag--destination-gke-master-cluster
.DESTINATION_IP_ADDRESS
: the internal or external destination IP address that you are testing to.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols. The default is port80
.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.
Test from a Cloud Run revision to a destination
This section describes how to test connectivity from a Cloud Run revision to a VM instance, an IP address, or a Google-managed service.
You can deploy multiple Cloud Run services
in a single project. Every Cloud Run service has an HTTPS endpoint on
a unique subdomain of the *.run.app
domain. Each deployment of the
Cloud Run service creates a new immutable revision. You can test
reachability from a revision to a VM instance, an IP address, or a
Google-managed service. To see a detailed configuration
analysis, you must configure a Serverless VPC Access connector
for your revision. The Connectivity Test results might be different
for each revision.
For example, a Cloud Run service named cloud_run_test
has a revision
first-revision
configured to use a Serverless VPC Access
connector, and another revision second-revision
that isn't configured to use a
Serverless VPC Access connector. The overall reachability result
might be reachable for first-revision
but unreachable for
second-revision
.
When you create a Connectivity Test, you can select from a list of revisions for a Cloud Run service.
Test connectivity from a revision of a Cloud Run service to a VM instance
Console
- In the Google Cloud console, go to the Connectivity Tests page.
- Select Create Connectivity Test.
- Enter a name for the test.
- Select a protocol.
- For Source, do the following:
- In the Source endpoint menu, select Cloud Run.
- In the Cloud Run service menu, select the
specific Cloud Run service from which you want to test
connectivity. For example, select
helloworld-run
.- If the source endpoint is in a project other than the current project,
select Endpoint is in a project other than
"
PROJECT_NAME
". - Select a project where the endpoint exists.
- If the source endpoint is in a project other than the current project,
select Endpoint is in a project other than
"
- In the Cloud Run revision menu, select a Cloud Run revision that you are testing from.
For Destination, do the following:
- In the Destination endpoint menu, select VM instance.
- In the Destination VM instance menu, select the specific destination VM instance.
In the Destination network interface menu, select the network interface.
If the VM instance has multiple network interfaces, select a VM network interface to uniquely identify the destination location.
Optional: Select the Destination IP address from the list. The default is the IP address of the destination VM instance.
In the Destination port field, enter a destination port for your specified destination.
Click Create.
After the test finishes, the main Connectivity Tests page loads and shows a list that contains this test and other tests. Continue to View test results.
gcloud
Use the gcloud network-management connectivity-tests create
command.
Replace the sample values with values from your VPC network.
gcloud network-management connectivity-tests create NAME \ --source-cloud-run-revision=CLOUD_RUN_REVISION \ --destination-instance=DESTINATION_INSTANCE \ --destination-ip-address=DESTINATION_IP_ADDRESS \ --protocol=PROTOCOL
Replace the following:
NAME
: the name of the Connectivity Test.CLOUD_RUN_REVISION
: the URI for the source Cloud Run revision—for example,projects/myproject/locations/us-central1/revisions/cloudrun-revision
.DESTINATION_INSTANCE
: the URI for the destination VM—for example,projects/myproject/zones/us-east1-b/instances/instance-2
.DESTINATION_IP_ADDRESS
: the IP address of the destination VM instance that you are testing to. The IP address should be one of the IP addresses of the destination VM instance.PROTOCOL
: the networking protocols supported by Serverless VPC Access connectors—TCP
orUDP
.
API
Use the projects.locations.global.connectivityTests.create
method.
POST https: //networkmanagement.googleapis.com/v1/projects/PROJECT_ID/locations/global/connectivityTests?testId=TEST_ID' { "source": { "cloudRunRevision": { "uri": "CLOUD_RUN_REVISION", }, }, "destination": { "instance": "DESTINATION_INSTANCE", "ipAddress": "DESTINATION_IP_ADDRESS" }, "protocol": "PROTOCOL", }'
Replace the following:
PROJECT_ID
: the project ID of the source Cloud Run function.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.CLOUD_RUN_REVISION
: the URI for the source Cloud Run revision—for example,projects/myproject/locations/us-central1/revisions/cloudrun-revision
.DESTINATION_INSTANCE
: the URI for the destination VM—for example,projects/myproject/zones/us-east1-b/instances/instance-2
.DESTINATION_IP_ADDRESS
: the IP address of the destination VM instance that you are testing to. The IP address should be one of the IP addresses of the destination VM instance.PROTOCOL
: the networking protocols supported by Serverless VPC Access connectors—TCP
orUDP
.
Test connectivity from a revision of a Cloud Run service to an IP address
Console
- In the Google Cloud console, go to the Connectivity Tests page.
- Select Create Connectivity Test.
- Enter a name for the test.
- Select a protocol.
- For Source, do the following:
- In the Source endpoint menu, select Cloud Run.
- In the Cloud Run service menu, select the
specific Cloud Run service from which you want to test
connectivity. For example, select
helloworld-run
.- If the source endpoint is in a project other than the current project,
select Endpoint is in a project other than
"
PROJECT_NAME
". - Select a project where the endpoint exists.
- If the source endpoint is in a project other than the current project,
select Endpoint is in a project other than
"
- In the Cloud Run revision menu, select a Cloud Run revision that you are testing from.
- For Destination, select IP address, and then enter an IP address.
- In the Destination port field, enter a destination port for your specified destination.
- Click Create.
- After the test finishes, the main Connectivity Tests page loads and shows a list that contains this test and other tests. Continue to View test results.
gcloud
Use the gcloud network-management connectivity-tests create
command.
Replace the sample values with values from your VPC network.
gcloud network-management connectivity-tests create NAME \ --source-cloud-run-revision=CLOUD_RUN_REVISION \ --destination-ip-address=DESTINATION_IP_ADDRESS \ --protocol=PROTOCOL
Replace the following:
NAME
: the name of the Connectivity Test.CLOUD_RUN_REVISION
: the URI for the source Cloud Run revision—for example,projects/myproject/locations/us-central1/revisions/cloudrun-revision
.DESTINATION_IP_ADDRESS
: the external destination IP address that you are testing to.PROTOCOL
: the networking protocols supported by Serverless VPC Access connectors—TCP
orUDP
.
API
Use the projects.locations.global.connectivityTests.create
method.
POST https: //networkmanagement.googleapis.com/v1/projects/PROJECT_ID/locations/global/connectivityTests?testId=TEST_ID' { "source": { "cloudRunRevision": { "uri": "CLOUD_RUN_REVISION", }, }, "destination": { "ipAddress": "DESTINATION_IP_ADDRESS", }, "protocol": "PROTOCOL", }'
Replace the following:
PROJECT_ID
: the project ID of the source Cloud Run function.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.CLOUD_RUN_REVISION
: the URI for the source Cloud Run revision—for example,projects/myproject/locations/us-central1/revisions/cloudrun-revision
.DESTINATION_IP_ADDRESS
: the external destination IP address that you are testing to.PROTOCOL
: the networking protocols supported by Serverless VPC Access connectors—TCP
orUDP
.
Test connectivity from a revision of a Cloud Run service to a Google-managed service
Console
- In the Google Cloud console, go to the Connectivity Tests page.
- Select Create Connectivity Test.
- Enter a name for the test.
- Select a protocol.
- For Source, do the following:
- In the Source endpoint menu, select Cloud Run.
- In the Cloud Run service menu, select the
specific Cloud Run service from which you want to test
connectivity. For example, select
helloworld-run
.- If the source endpoint is in a project other than the current project,
select Endpoint is in a project other than
"
PROJECT_NAME
". - Select a project where the endpoint exists.
- If the source endpoint is in a project other than the current project,
select Endpoint is in a project other than
"
- In the Cloud Run revision menu, select a Cloud Run revision that you are testing from.
- For Destination, do the following:
- In the Destination endpoint menu, select a type of Google-managed service resource such as GKE cluster control plane.
- In the Destination GKE cluster control plane menu, select the cluster for which you want to test connectivity to the GKE control plane.
- Optional: Select the Destination GKE cluster control plane endpoint from the list. The default is the IP-based endpoint of the GKE cluster.
- In the Destination port field, enter a destination port for your specified destination.
- Click Create.
- After the test finishes, the main Connectivity Tests page loads and shows a list that contains this test and other tests. Continue to View test results.
gcloud
Use the gcloud network-management connectivity-tests create
command.
Replace the sample values with values from your VPC network.
gcloud network-management connectivity-tests create NAME \ --source-cloud-run-revision=CLOUD_RUN_REVISION \ DESTINATION_RESOURCE_FLAG=DESTINATION_ENDPOINT \ --destination-port=DESTINATION_PORT \ --protocol=PROTOCOL
Replace the following:
NAME
: the name of the Connectivity Test.CLOUD_RUN_REVISION
: the URI for the source Cloud Run revision—for example,projects/myproject/locations/us-central1/revisions/cloudrun-revision
.PROJECT_NAME
: the project name where the endpoint is located—for example,myproject
.DESTINATION_RESOURCE_FLAG
: the flag that specifies the type of Google-managed service resource.For available options, see the following:
--destination-gke-master-cluster
--destination-cloud-sql-instance
For more information, see the
gcloud network-management connectivity-tests create
reference.DESTINATION_ENDPOINT
: the URI for the destination endpoint—for example,projects/myproject/locations/us-central1/clusters/cluster-1
for the flag--destination-gke-master-cluster
.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols. The default is port80
.PROTOCOL
: the networking protocols supported by Serverless VPC Access connectors—TCP
orUDP
.
API
Use the projects.locations.global.connectivityTests.create
method.
POST https: //networkmanagement.googleapis.com/v1/projects/PROJECT_ID/locations/global/connectivityTests?testId=TEST_ID' { "source": { "cloudRunRevision": { "uri": "CLOUD_RUN_REVISION", }, }, "destination": { "DESTINATION_RESOURCE_FIELD": "DESTINATION_ENDPOINT", "port": DESTINATION_PORT, }, "protocol": "PROTOCOL", }'
Replace the following:
PROJECT_ID
: the project ID of the source Cloud Run function.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.CLOUD_RUN_REVISION
: the URI for the source Cloud Run revision—for example,projects/myproject/locations/us-central1/revisions/cloudrun-revision
.DESTINATION_RESOURCE_FIELD
: the field that specifies the type of Google-managed service resource.For available options, see the following:
gkeMasterCluster
cloudSqlInstance
redisInstance
redisCluster
For more information, see the Endpoint reference.
DESTINATION_ENDPOINT
: the URI for the destination endpoint—for example,projects/myproject/locations/us-central1/clusters/cluster-1
for the fieldgkeMasterCluster
.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols. The default is port80
.PROTOCOL
: the networking protocols supported by Serverless VPC Access connectors—TCP
orUDP
.
Test from a VPC network to a non-Google Cloud network
To test from a VPC network to a non-Google Cloud network, follow these steps.
Console
- In the Google Cloud console, go to the Connectivity Tests page.
- Select Create Connectivity Test.
- In the Test name field, enter a name for the test.
- In the Protocol list, select a protocol.
- For Source, select IP address, and then enter an
IP address.
- If the VPC network is in another project, select This is an IP address used in Google Cloud. Then, in the Source IP address or service project field, select the project where the network is located.
- If your private IP address is outside of the RFC 1918 address space, check the box labeled I confirm that the source endpoint resides in a range outside of the RFC 1918 address space, and select the source network that contains the IP address.
- For Destination, select IP address, and then enter an external IP address.
- Clear This is an IP address used in Google Cloud.
- In the Destination port field, enter a destination port for your specified destination.
- Click Create.
- After the test finishes, the main Connectivity Tests page loads and shows a list that contains this test and other tests. Continue to View test results.
gcloud
Enter the following command to test between an internal and external IP addresses. Replace variables for the command options with values from your VPC network.
gcloud network-management connectivity-tests create NAME \ --source-ip-address=SOURCE_IP_ADDRESS \ --source-network=SOURCE_NETWORK \ --destination-ip-address=DESTINATION_IP_ADDRESS \ --protocol=PROTOCOL
Replace the following:
NAME
: the name of the Connectivity Test.SOURCE_IP_ADDRESS
: the source IP address that you are testing from.SOURCE_NETWORK
: the URI for the VPC network where the source IP address is located—for example,projects/myproject/global/networks/default
.DESTINATION_IP_ADDRESS
: the external destination IP address that you are testing to.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.
You do not have to confirm whether your IP address is in Google Cloud or whether the source and destination endpoints are outside the RFC 1918 address space. These parameters are automatically selected based on your source and destination IP addresses.
API
This example tests the ability to ping from the source IP address to the destination IP address.
Use the projects.locations.global.connectivityTests.create
method.
POST https://reachability.googleapis.com/v1/projects/PROJECT_ID/locations/global/connectivityTests?testId=TEST_ID' { "source": { "ipAddress": "SOURCE_IP_ADDRESS", "network": "SOURCE_NETWORK" }, "destination": { "ipAddress": "DESTINATION_IP_ADDRESS", "port": "DESTINATION_PORT", }, "protocol": "PROTOCOL". }'
Replace the following:
PROJECT_ID
: the project ID of the source VM.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.SOURCE_IP_ADDRESS
: the source IP address that you are testing from.SOURCE_NETWORK
: the URI for the VPC network where the source IP address is located—for example,projects/myproject/global/networks/default
.DESTINATION_IP_ADDRESS
: the external destination IP address that you are testing to.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.
Python
The following example code creates a test between two IP addresses. For more
information, see create
in the Google API Client Library for Python.
test_input = { "source": { "ipAddress": "SOURCE_IP_ADDRESS", "projectId": "SOURCE_IP_PROJECT_ID" }, "destination": { "ipAddress": "DESTINATION_IP_ADDRESS", "port": "DESTINATION_PORT", }, "protocol": "PROTOCOL", } request = api.projects().locations().global_().connectivityTests().create( parent="projects/PROJECT_ID/locations/global", testId="TEST_ID", body=test_input) print(json.dumps(request.execute(), indent=4))
Replace the following:
SOURCE_IP_ADDRESS
: the source IP address that you are testing from.SOURCE_IP_PROJECT_ID
: the project ID for the source IP address.DESTINATION_IP_ADDRESS
: the external destination IP address that you are testing to.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.PROJECT_ID
: the project ID of the project in which you are creating the test.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.
You do not have to confirm whether your IP address is in Google Cloud or whether the source and destination endpoints are outside the RFC 1918 address space. These parameters are automatically selected based on your source and destination IP addresses.
The following example creates a test between two IP addresses:
test_input = { "source": { "ipAddress": "SOURCE_IP_ADDRESS", "networkType": "GCP_NETWORK" }, "destination": { "ipAddress": "DESTINATION_IP_ADDRESS", "port": "DESTINATION_PORT", }, "protocol": "PROTOCOL", } request = api.projects().locations().global_().connectivityTests().create( parent="projects/PROJECT_ID/locations/global", testId="TEST_ID", body=test_input) print(json.dumps(request.execute(), indent=4))
Replace the following:
SOURCE_IP_ADDRESS
: the source IP address that you are testing from.SOURCE_NETWORK_TYPE
: the type of network where the source is located. In this case, use a value ofGCP_NETWORK
.DESTINATION_IP_ADDRESS
: the IP address of the destinationDESTINATION_PORT
: the destination TCP or UDP port number. This option is valid only for TCP or UDP protocols.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.PROJECT_ID
: the project ID of the project in which you are creating the test.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.
Test from a VPC spoke to another VPC spoke connected to the same Network Connectivity Center hub
To test from a VPC spoke in a Network Connectivity Center hub to another VPC spoke connected to the same hub, follow these steps.
Console
- In the Google Cloud console, go to the Connectivity Tests page.
- Select Create Connectivity Test.
- In the Test name field, enter a name for the test.
- In the Protocol list, select a protocol.
- For Source, select IP address, and then enter the IP address from the source spoke VPC network.
- For Destination, select IP address, and then enter the IP address in another spoke VPC network that you are testing to.
- In the Destination port field, enter a destination port for your specified destination.
- Click Create.
- After the test finishes, the main Connectivity Tests page loads and shows a list that contains this test and other tests. Continue to View test results.
gcloud
Enter the following command to test between two spokes. Replace variables for the command options with values from your VPC network.
gcloud network-management connectivity-tests create NAME \ --source-ip-address=SOURCE_IP_ADDRESS \ --source-network=SOURCE_NETWORK \ --destination-ip-address=DESTINATION_IP_ADDRESS \ --protocol=PROTOCOL
Replace the following:
NAME
: the name of the Connectivity TestSOURCE_IP_ADDRESS
: the source IP address that you are testing from.SOURCE_NETWORK
: the URI for the VPC network where the source IP address is located—for example,projects/myproject/global/networks/default
.DESTINATION_IP_ADDRESS
: the destination IP address in another spoke VPC network that you are testing to.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.
You do not have to confirm whether your IP address is in Google Cloud or whether the source and destination endpoints are outside the RFC 1918 address space. These parameters are automatically selected based on your source and destination IP addresses.
API
This example tests the ability to ping from the source IP address to the destination IP address.
Use the projects.locations.global.connectivityTests.create
method.
POST https://reachability.googleapis.com/v1/projects/PROJECT_ID/locations/global/connectivityTests?testId=TEST_ID' { "source": { "ipAddress": "SOURCE_IP_ADDRESS", "network": "SOURCE_NETWORK" }, "destination": { "ipAddress": "DESTINATION_IP_ADDRESS", "port": "DESTINATION_PORT", }, "protocol": "PROTOCOL". }'
Replace the following:
PROJECT_ID
: the project ID of the source VMTEST_ID
: the ID of the Connectivity Tests object (test) that you are running.SOURCE_IP_ADDRESS
: the source IP address that you are testing from.SOURCE_NETWORK
: the URI for the VPC network where the source IP address is located—for example,projects/myproject/global/networks/default
.DESTINATION_IP_ADDRESS
: the destination IP address in another spoke VPC network that you are testing to.DESTINATION_PORT
: the destination TCP or UDP port number. This option is valid only for TCP or UDP protocols.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.
Python
The following example code creates a test between two IP addresses. For more
information, see the create
method
in the Google API Client Library for Python.
test_input = { "source": { "ipAddress": "SOURCE_IP_ADDRESS", "projectId": "SOURCE_IP_PROJECT_ID" }, "destination": { "ipAddress": "DESTINATION_IP_ADDRESS", "port": "DESTINATION_PORT", }, "protocol": "PROTOCOL", } request = api.projects().locations().global_().connectivityTests().create( parent="projects/PROJECT_ID/locations/global", testId="TEST_ID", body=test_input) print(json.dumps(request.execute(), indent=4))
Replace the following:
SOURCE_IP_ADDRESS
: the source IP address that you are testing from.SOURCE_IP_PROJECT_ID
: the project ID for the source IP addressDESTINATION_IP_ADDRESS
: the destination IP address in another spoke VPC network that you are testing to.DESTINATION_PORT
: the destination TCP or UDP port number. This option is valid only for TCP or UDP protocols.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.PROJECT_ID
: the project ID of the project in which you are creating the test.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.
You do not have to confirm whether your IP address is in Google Cloud or whether the source and destination endpoints are outside the RFC 1918 address space. These parameters are automatically selected based on your source and destination IP addresses.
The following example creates a test between two IP addresses:
test_input = { "source": { "ipAddress": "SOURCE_IP_ADDRESS", "networkType": "GCP_NETWORK" }, "destination": { "ipAddress": "DESTINATION_IP_ADDRESS", "port": "DESTINATION_PORT", }, "protocol": "PROTOCOL", } request = api.projects().locations().global_().connectivityTests().create( parent="projects/PROJECT_ID/locations/global", testId="TEST_ID", body=test_input) print(json.dumps(request.execute(), indent=4))
Replace the following:
SOURCE_IP_ADDRESS
: the source IP address that you are testing from.SOURCE_NETWORK_TYPE
: the type of network where the source is located. In this case, use a value ofGCP_NETWORK
.DESTINATION_IP_ADDRESS
: the IP address of the destination VM.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.PROJECT_ID
: the project ID of the project in which you are creating the test.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.
Test from a VM to a non-Google Cloud network
This test analyzes connectivity from the source VM to a Google network edge location.
Console
- In the Google Cloud console, go to the Connectivity Tests page.
- Select Create Connectivity Test.
- In the Test name field, enter a name for the test.
- In the Protocol list, select a protocol.
For Source, do the following:
- In the Source endpoint menu, select VM instance.
- In the Source VM instance menu, select the specific source VM instance.
In the Source network interface menu, select the network interface.
If the VM instance has multiple network interfaces, select a VM network interface that uniquely identifies the source location.
Optional: Select the Source IP address from the list. The default is the IP address of the source VM instance.
For Destination, do the following:
- In the Destination endpoint menu, select IP address.
- Enter an external Destination IP address.
- Clear This is an IP address used in Google Cloud.
In the Destination port field, enter a destination port for your specified destination.
Click Create.
After the test finishes, the main Connectivity Tests page loads and shows a list that contains this test and other tests. Continue to View test results.
gcloud
To test between a VM and an external IP address, enter the following command. Replace the sample values with values from your VPC network.
gcloud network-management connectivity-tests create NAME \ --source-instance=SOURCE_INSTANCE \ --source-ip-address=SOURCE_IP_ADDRESS \ --destination-ip-address=DESTINATION_IP_ADDRESS \ --destination-port=DESTINATION_PORT \ --protocol=PROTOCOL
Replace the following:
NAME
: the name of the Connectivity Test.SOURCE_INSTANCE
: the URI for the source VM—for example,projects/myproject/zones/us-east1-b/instances/instance-1
.SOURCE_IP_ADDRESS
: the IP address of the source VM instance that you are testing from; the IP address should be one of the IP addresses of the source VM instance.DESTINATION_IP_ADDRESS
: the external destination IP address that you are testing to.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.
API
The following sample test determines if the existing network configuration
allows VM instance1
to ping the destination IP address.
Use the projects.locations.global.connectivityTests.create
method.
POST https: //networkmanagement.googleapis.com/v1/projects/PROJECT_ID/locations/global/connectivityTests?testId=TEST_ID' { "source": { "instance": "SOURCE_INSTANCE", "ipAddress": "SOURCE_IP_ADDRESS", }, "destination": { "ipAddress": "DESTINATION_IP_ADDRESS", "port": "DESTINATION_PORT", }, "protocol": "PROTOCOL", }'
Replace the following:
PROJECT_ID
: the project ID of the source VM.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.SOURCE_INSTANCE
: the URI for the source VM—for example,projects/myproject/zones/us-east1-b/instances/instance-1
.SOURCE_IP_ADDRESS
: the IP address of the source VM instance that you are testing from. The IP address should be one of the IP addresses of the source VM instance.DESTINATION_IP_ADDRESS
: the external destination IP address that you are testing to.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.
Python
The following example code creates a test between a VM instance and an
external IP address. For more information, see create
in the Google API Client Library for Python.
test_input = { "source": { "instance": "SOURCE_INSTANCE", "ipAddress": "SOURCE_IP_ADDRESS", "projectId": "SOURCE_INSTANCE_PROJECT_ID" }, "destination": { "ipAddress": "DESTINATION_IP_ADDRESS", "port": "DESTINATION_PORT", }, "protocol": "PROTOCOL", } request = api.projects().locations().global_().connectivityTests().create( parent="projects/PROJECT_ID/locations/global", testId="TEST_ID", body=test_input) print(json.dumps(request.execute(), indent=4))
Replace the following:
SOURCE_INSTANCE
: the URI for the source VM—for example,projects/myproject/zones/us-east1-b/instances/instance-1
.SOURCE_IP_ADDRESS
: the IP address of the source VM instance that you are testing from. The IP address should be one of the IP addresses of the source VM instance.SOURCE_INSTANCE_PROJECT_ID
: the project ID of the source VM.DESTINATION_IP_ADDRESS
: the external destination IP address that you are testing to.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.PROJECT_ID
: the project ID of the project in which you are creating the test.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.
Test from a VM or an IP address to a load balancer
This section describes how to test connectivity from a VM or an IP address to a Google Cloud load balancer.
Connectivity Tests configuration analysis supports tracing simulated packets to all types of Google Cloud load balancers. The trace path for an external Application Load Balancer also applies to external proxy Network Load Balancers. For more information, see the Cloud Load Balancing overview.
You can test connectivity to the following:
- External Application Load Balancer
- Internal Application Load Balancer
- External passthrough Network Load Balancer
- Internal passthrough Network Load Balancer
- External proxy Network Load Balancer
Test from a VM to a load balancer
This section analyzes connectivity from the source VM to a load balancer.
Console
- In the Google Cloud console, go to the Connectivity Tests page.
- Select Create Connectivity Test.
- In the Test name field, enter a name for the test.
- In the Protocol list, select a protocol.
For Source, do the following:
- In the Source endpoint menu, select VM instance.
- In the Source VM instance menu, select the specific source VM instance.
In the Source network interface menu, select the network interface.
If the VM instance has multiple network interfaces, select a VM network interface that uniquely identifies the source location.
Optional: Select the Source IP address from the list. The default is the IP address of the source VM instance.
For Destination, do the following:
- In the Destination endpoint menu, select Load Balancer.
In the Destination Load Balancer menu, select the load balancer.
If the destination endpoint is in a project other than the current project, select Endpoint is in a project other than "
PROJECT_NAME
". Then, in the Destination endpoint project field, select the project where the endpoint is located.Select the Destination Forwarding Rule.
In the Destination port field, enter a destination port for your specified destination.
Click Create.
After the test finishes, the main Connectivity Tests page loads and shows a list that contains this test and other tests. Continue to View test results.
gcloud
To test between a VM and a load balancer, enter the following command.
gcloud network-management connectivity-tests create NAME \ --source-instance=SOURCE_INSTANCE \ --source-ip-address=SOURCE_IP_ADDRESS \ --protocol=PROTOCOL \ --destination-ip-address=DESTINATION_IP_ADDRESS \ --destination-port=DESTINATION_PORT \
Replace the following:
NAME
: the name of the Connectivity Test.SOURCE_INSTANCE
: the URI for the source VM—for example,projects/myproject/zones/us-east1-b/instances/instance-1
.SOURCE_IP_ADDRESS
: the IP address of the source VM instance that you are testing from. The IP address should be one of the IP addresses of the source VM instance.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.DESTINATION_IP_ADDRESS
: the external destination IP address that you are testing against.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols.
API
Use the projects.locations.global.connectivityTests.create
method.
POST https: //networkmanagement.googleapis.com/v1/projects/PROJECT_ID/locations/global/connectivityTests?testId=TEST_ID' { "source": { "instance": "SOURCE_INSTANCE", "ipAddress": "SOURCE_IP_ADDRESS", }, "destination": { "forwardingRule": "DESTINATION_FORWARDING_RULE", "port": "DESTINATION_PORT", }, "protocol": "PROTOCOL", }'
Replace the following:
PROJECT_ID
: the project ID of the source VM.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.SOURCE_INSTANCE
: the URI for the source VM—for example,projects/myproject/zones/us-east1-b/instances/instance-1
.SOURCE_IP_ADDRESS
: the IP address of the source VM instance that you are testing from. The IP address should be one of the IP addresses of the source VM instance.DESTINATION_FORWARDING_RULE
: the destination forwarding rule that represents the endpoint.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.
Python
The following example code creates a test between a VM instance and a
load balancer endpoint. For more information, see create
in the Google API Client Library for Python.
test_input = { "source": { "instance": "SOURCE_INSTANCE", "ipAddress": "SOURCE_IP_ADDRESS", "projectId": "SOURCE_INSTANCE_PROJECT_ID" }, "destination": { "forwardingRule": "DESTINATION_FORWARDING_RULE", "port": "DESTINATION_PORT", }, "protocol": "PROTOCOL", } request = api.projects().locations().global_().connectivityTests().create( parent="projects/PROJECT_ID/locations/global", testId="TEST_ID", body=test_input) print(json.dumps(request.execute(), indent=4))
Replace the following:
SOURCE_INSTANCE
: the URI for the source VM—for example,projects/myproject/zones/us-east1-b/instances/instance-1
.SOURCE_IP_ADDRESS
: the IP address of the source VM instance that you are testing from. The IP address should be one of the IP addresses of the source VM instance.SOURCE_INSTANCE_PROJECT_ID
: the project ID of the source VM.DESTINATION_FORWARDING_RULE
: the destination forwarding rule that represents the endpoint.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.PROJECT_ID
: the project ID of the project in which you are creating the test.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.
Test from an IP address to a load balancer
Console
- In the Google Cloud console, go to the Connectivity Tests page.
- Select Create Connectivity Test.
- In the Test name field, enter a name for the test.
- In the Protocol list, select a protocol.
- For Source, do the following:
- In the Source endpoint menu, select IP address.
- In the Source IP address field, enter the source IP address.
- If the VPC network is in another project, select This is an IP address used in Google Cloud. Then, in the Source IP address or service project field, select the project where the network is located.
- If the IP address is outside of the RFC 1918 address space, select the I confirm that the source endpoint resides in a range outside of the RFC 1918 address space. Then, in the Source network list, select the network that contains the source IP address.
For Destination, do the following:
- In the Destination endpoint menu, select Load Balancer.
In the Destination Load Balancer menu, select the load balancer endpoint.
If the destination endpoint is in a project other than the current project, select Endpoint is in a project other than "
PROJECT_NAME
". Then, in the Destination endpoint project field, select the project where the endpoint is located.Select the Destination Forwarding Rule.
In the Destination port field, enter a destination port for your specified destination.
Click Create.
After the test finishes, the main Connectivity Tests page loads and shows a list that contains this test and other tests. Continue to View test results.
gcloud
Use the gcloud network-management connectivity-tests create
command.
Replace the sample values with values from your VPC network.
gcloud network-management connectivity-tests create NAME \ --source-project=SOURCE_PROJECT \ --source-ip-address=SOURCE_IP_ADDRESS \ --protocol=PROTOCOL \ --destination-ip-address=DESTINATION_IP_ADDRESS \ --destination-port=DESTINATION_PORT \
Replace the following:
NAME
: the name of the Connectivity Test.SOURCE_PROJECT
: the project ID of the source endpoint.SOURCE_IP_ADDRESS
: the IP address of the source VM instance that you are testing from. The IP address should be one of the IP addresses of the source VM instance.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.DESTINATION_IP_ADDRESS
: the external destination IP address that you are testing to.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols.
If the endpoint is used to access managed services or
services in another VPC network, you must specify the
DESTINATION_NETWORK
because the endpoint has an
internal IP address.
API
This example tests the ability to ping from the source IP address to a load balancer endpoint.
Use the projects.locations.global.connectivityTests.create
method.
When you specify a source IP address that is an external IP address outside
Google Cloud, you must specify a networkType
of
NON_GCP_NETWORK
. Replace the values in the following command
with values for your Google Cloud network.
POST https://reachability.googleapis.com/v1/projects/PROJECT_ID/locations/global/connectivityTests?testId=TEST_ID' { "source": { "ipAddress": "SOURCE_IP_ADDRESS", "networkType": "NON_GCP_NETWORK", }, "destination": { "forwardingRule": "DESTINATION_FORWARDING_RULE", "port": "DESTINATION_PORT", }, "protocol": "PROTOCOL", }'
Replace the following:
SOURCE_IP_ADDRESS
: the source IP address that you are testing from.DESTINATION_FORWARDING_RULE
: the destination forwarding rule that represents the endpoint.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.
If the endpoint is used to access published services, you must
specify the DESTINATION_NETWORK
because the endpoint
has an internal IP address.
Python
The following example code creates a test between an IP address to
a load balancer endpoint. For more
information, see create
in the Google API Client Library for Python.
When you specify a source IP address that is an external IP address outside
Google Cloud, you must specify a networkType
of
NON_GCP_NETWORK
.
test_input = { "source": { "ipAddress": "SOURCE_IP_ADDRESS", "networkType": "NON_GCP_NETWORK" }, "destination": { "forwardingRule": "DESTINATION_FORWARDING_RULE", "port": "DESTINATION_PORT", "projectId": "DESTINATION_IP_PROJECT_ID" }, "protocol": "PROTOCOL", } request = api.projects().locations().global_().connectivityTests().create( parent="projects/PROJECT_ID/locations/global", testId="TEST_ID", body=test_input) print(json.dumps(request.execute(), indent=4))
Replace the following:
SOURCE_IP_ADDRESS
: the source IP address that you are testing from.SOURCE_NETWORK_TYPE
: the type of network where the source is located. In this case, use a value ofNON_GCP_NETWORK
.DESTINATION_FORWARDING_RULE
: the destination forwarding rule that represents the endpoint.DESTINATION_PORT
: the IP protocol port of the destination. This option is valid only for TCP or UDP protocols.DESTINATION_IP_PROJECT_ID
: the project ID for the destination IP address.PROTOCOL
: a supported protocol for Connectivity Tests. The default protocol isTCP
.PROJECT_ID
: the project ID of the project in which you are creating the test.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.
If the endpoint is used to access published services, you must
specify the DESTINATION_NETWORK
because the
endpoint has an internal IP address.
You do not have to confirm whether your IP address is in Google Cloud or whether the source and destination endpoints or endpoints are outside the RFC 1918 address space. These parameters are automatically selected based on your source and destination IP addresses.
Test from a non-Google Cloud network to a VPC network
This procedure is the same as the Test between private IP addresses in a VPC network procedure except for the following steps. Use this procedure for the Google Cloud console, the Google Cloud CLI, API examples, and Python examples.
- If the source address is not located in Google Cloud but is not from your peer (on-premises) network, specify an external IP address.
- If the source address is from your peer (on-premises) network, you must select Other non-Google Cloud network.
Test from a non-Google Cloud network to a non-Google Cloud network
This procedure is the same as the Test between private IP addresses in a VPC network procedure except for the following steps. Use this procedure for the Google Cloud console, the Google Cloud CLI, API examples, and Python examples.
- Specify external IP addresses for the source IP address and destination IP address.
- In the Google Cloud console, clear This is an IP address used in Google Cloud.
View test results
This section describes how to view the results of a Connectivity Test.
Console
You can view a test from several different pages.
From the main Connectivity Tests page
- In the Google Cloud console, go to the Connectivity Tests page.
- In the Result details column, choose a test, and then click View.
The info panel for the test appears. You can view the overall result and the result cards for each Google Cloud resource in the testing path. You can click a link to the details page for some Google Cloud resources, such as VM instances or routes. If the test contains multiple traces, you can select a trace from the Trace result list.
If the test is eligible for live data plane analysis, you can view packet loss and latency metrics.
To expand or close a results card, click the arrow at the right of the card.
To interpret test results, see Configuration analysis states.
To close the info panel, at the top right of the page, click Hide info panel.
From the Connectivity Test details page
Alternatively, from the main Google Cloud console page, click the name of a test and view its results on the Connectivity Test details page.
From the Network interface details page
You can also view results from the Network interface details page for a network interface of a Compute Engine VM instance. This page only lists tests that use the current network interface as a source or destination.
To view results, you can select View in the Result details column or click the name of the test.
gcloud
To view the results of a test, enter the following command. Use the test ID that you want to view.
gcloud network-management connectivity-tests describe NAME
Replace NAME
with the name of the
Connectivity Test.
API
Use the projects.locations.global.connectivityTests.get
method to view the results of a test.
GET https://networkmanagement.googleapis.com/v1/{name=projects/PROJECT_ID/locations/global/connectivityTests/TEST_ID}
Replace the following:
PROJECT_ID
: the project ID of the source VM.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.
Python
The following example code prints the results of a test. For more information,
see get
in the Google API Client Library for Python.
project_id = "PROJECT_ID" test_id= "TEST_ID" request = api.projects().locations().global_().connectivityTests().get( name='projects/%s/locations/global/connectivityTests/%s' % (project_id, test_id))
print(json.dumps(request.execute(), indent=4))
Replace the following:
PROJECT_ID
: the project ID of the project in which the test was created.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.
Rerun one or more tests
You might want to rerun a Connectivity Test if you make configuration changes to the Google Cloud resources in the testing path and want to see results for the latest network configuration. You can rerun one or more tests at the same time.
A Connectivity Test is based on a snapshot of the network configuration at the time of execution. Rerunning a test overwrites the previous test results. If you want to preserve older results, create a new test instead.
To check the status of the rerun
test operation while it's running, see
Check a running test operation.
Console
From the main Connectivity Tests page
- In the Google Cloud console, go to the Connectivity Tests page.
- Select one or more tests from the available Connectivity Tests list.
- Click Rerun.
From the Connectivity Tests details page
- From the preceding main Connectivity Tests page, click the name of a test.
- At the top of the Connectivity Test details page, click Rerun.
From the Network interface details page
- In the Google Cloud console, go to the VM instances page.
- If it is not already selected, select the project that contains the instance for which you want to rerun a test.
- Click the instance that you want to use to rerun a test.
- For Network interfaces, select the network interface that you want to use to rerun a test.
- For Network analysis, click Connectivity Tests.
- Select one or more tests from the available Connectivity Tests list.
- Click Rerun.
gcloud
To rerun a Connectivity Test, enter the following command. Use the test ID that you want to rerun.
gcloud network-management connectivity-tests rerun NAME
Replace NAME
with the name of the
Connectivity Test.
API
When the Network Management API creates a connectivityTests
resource, it
retains that test resource until you delete it. Because of this, you can rerun
tests.
If you don't want to create persistent tests, you can use the API to create a test and delete it after viewing the test result.
Use the projects.locations.global.connectivityTests.rerun
method
to rerun a test.
POST https://networkmanagement.googleapis.com/v1/{name=projects/*/locations/global/connectivityTests/*}:rerun { "name": {projects/PROJECT_ID/connectivityTests/{TEST_ID}} }
Replace the following:
PROJECT_ID
: the project ID of the source VM.TEST_ID
: the ID of the Connectivity Tests object (test) that you are running.
Python
The following example code reruns a test. For more information, see
rerun
in the Google API Client Library for Python.
project_id = "PROJECT_ID" test_id = "TEST_ID" request = api.projects().locations().global_().connectivityTests().rerun(name='projects/%s/locations/global/connectivityTests/%s' % (project_id, test_id))
print(json.dumps(request.execute(), indent=4))
Replace the following values:
PROJECT_ID
: the project ID of the project in which the test was createdTEST_ID
: the ID of the Connectivity Tests object (test) that you are running