gcloud compute packet-mirrorings create - create a Compute Engine packet mirroring policy
gcloud compute packet-mirrorings create NAME --collector-ilb=COLLECTOR_ILB --network=NETWORK [--async] [--description=DESCRIPTION] [--no-enable] [--filter-cidr-ranges=[CIDR_RANGE,...]] [--filter-direction=DIRECTION] [--filter-protocols=[PROTOCOL,...]] [--mirrored-instances=[INSTANCE,...]] [--mirrored-subnets=[SUBNET,...]] [--mirrored-tags=[TAG,...]] [--region=REGION] [GCLOUD_WIDE_FLAG ...]
Create a Compute Engine packet mirroring policy.
Mirror all tcp traffic to/from all instances in subnet my-subnet in us-central1, and send the mirrored traffic to the collector-fr Forwarding Rule.
$ gcloud compute packet-mirrorings create my-pm \ --network my-network --region us-central1 \ --mirrored-subnets my-subnet --collector-ilb collector-fr \ --filter-protocols tcp
Mirror all traffic between instances with tag t1 and external server with IP 11.22.33.44 in us-central1, and send the mirrored traffic to the collector-fr Forwarding Rule.
$ gcloud compute packet-mirrorings create my-pm \ --network my-network --region us-central1 --mirrored-tags t1 \ --collector-ilb collector-fr --filter-cidr-ranges 11.22.33.44/32
- NAME
Name of the packet mirroring to create.
- --collector-ilb=COLLECTOR_ILB
Forwarding rule configured as collector. This must be a regional forwarding rule (in the same region) with load balancing scheme INTERNAL and isMirroringCollector set to true.
You can provide this as the full URL to the forwarding rule, partial URL, or name. For example, the following are valid values:
- —
https://compute.googleapis.com/compute/v1/projects/myproject/ regions/us-central1/forwardingRules/fr-1
- —
projects/myproject/regions/us-central1/forwardingRules/fr-1
- —
fr-1
- --network=NETWORK
Network for this packet mirroring. Only the packets in this network will be mirrored. It is mandatory that all mirrored VMs have a network interface controller (NIC) in the given network. All mirrored subnetworks should belong to the given network.
You can provide this as the full URL to the network, partial URL, or name. For example, the following are valid values:
- —
https://compute.googleapis.com/compute/v1/projects/myproject/ global/networks/network-1
- —
projects/myproject/global/networks/network-1
- —
network-1
- --async
Return immediately, without waiting for the operation in progress to complete.
- --description=DESCRIPTION
Optional, textual description for the packet mirroring.
- --enable
Enable or disable the packet-mirroring. Enabled by default, use --no-enable to disable.
- --filter-cidr-ranges=[CIDR_RANGE,...]
List of IP CIDR ranges that apply as filters on the source or destination IP in the IP header for packet mirroring traffic. All traffic between the VM and the IPs listed here will be mirrored using this configuration. This can be a Public IP as well. If unspecified, the config applies to all traffic.
- --filter-direction=DIRECTION
- —
For ingress, only ingress traffic is mirrored.
- —
For egress, only egress traffic is mirrored.
- —
For both (default), both directions are mirrored. DIRECTION must be one of: both, egress, ingress.
- --filter-protocols=[PROTOCOL,...]
List of IP protocols that apply as filters for packet mirroring traffic. If unspecified, the packet mirroring applies to all traffic. PROTOCOL can be one of tcp, udp, icmp, esp, ah, ipip, sctp, or an IANA protocol number.
- --mirrored-instances=[INSTANCE,...]
List of instances to be mirrored. You can provide this as the full or valid partial URL to the instance. For example, the following are valid values:
- —
https://compute.googleapis.com/compute/v1/projects/myproject/ zones/us-central1-a/instances/instance-
- —
projects/myproject/zones/us-central1-a/instances/instance-1
- --mirrored-subnets=[SUBNET,...]
List of subnets to be mirrored. You can provide this as the full URL to the subnet, partial URL, or name. For example, the following are valid values:
- —
https://compute.googleapis.com/compute/v1/projects/myproject/ regions/us-central1/subnetworks/subnet-1
- —
projects/myproject/regions/us-central1/subnetworks/subnet-1
- —
subnet-1
- --mirrored-tags=[TAG,...]
List of virtual machine instance tags to be mirrored.
To read more about configuring network tags, read this guide: https://cloud.google.com/vpc/docs/add-remove-network-tags
The virtual machines with the provided tags must live in zones contained in the same region as this packet mirroring.
- --region=REGION
Region of the packet mirroring to create. Overrides the default compute/region property value for this command invocation.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
These variants are also available:
$ gcloud alpha compute packet-mirrorings create
$ gcloud beta compute packet-mirrorings create