External passthrough Network Load Balancer logging and monitoring
This document shows you how to configure and useCloud LoggingandCloud Monitoring for external passthrough Network Load Balancers.
Backend service-based external passthrough Network Load Balancers support both Loggingand Monitoring. However, target pool-based external passthrough Network Load Balancerssupport only Monitoring.
Logging
Logs provide useful information for troubleshootingand monitoring your backend service-based external passthrough Network Load Balancer. Logs areaggregated per connection and exported in near real time. Logs are generated foreach load-balanced instance's TCP, UDP, ESP, GRE, ICMP, and ICMPv6 flows for bothingress and egress traffic. For more information about the fields provided inthe log entry, seeLog fields.
There are no additional charges for using logs. Based on how you importlogs, standard pricing forCloud Logging,BigQuery, or Pub/Sub apply. Enabling logs has no effect on theperformance of the load balancer.
Logging provides the following benefits:
External passthrough Network Load Balancer traffic monitoring. Per-connection logging gives you insight into how eachconnection is routed to serving backends.
Network troubleshooting. You can utilize external passthrough Network Load Balancer logs for troubleshooting.For more information, seeTroubleshoot external passthrough Network Load Balancers.
Sample log format for an external client to VM flows
The following diagram shows the inbound and outbound traffic for an externalclient (203.0.113.7), external passthrough Network Load Balancer (198.51.100.99),and backend instance (10.240.0.2).
External passthrough Network Load Balancer logs for connections from the client to the backendinstance are formatted as follows:
connection.clientIp: 203.0.113.7connection.serverIp: 198.51.100.99bytesSent: 1256bytesReceived: 4521
Logs sampling and collection
Google Cloud samples the packets that leave and enter load balancer backendVMs. Those sampled packets are processed to generate logs.
Not every packet is sampled. Google Cloud samples a variable subset ofpackets depending on the amount of traffic on the physical host.The lowest possible sampling rate is one out of 1,024 packets. The sampling rateis dynamically controlled by Google Cloud. You cannot adjust the samplingrate.
The packet sampling interacts with firewall rules in the following ways:
- Packets are sampledbefore egress firewall rules are applied.
- Packets are sampledafter ingress firewall rules are applied.
After packet sampling, Google Cloud processes the sampled packetsaccording to the following procedure:
Aggregation: Sampled packets are aggregated over a five-second intervalto produce a single flow entry.
Configurable (secondary) log sampling: This is a second samplingprocess, sampling the flows. You control the fraction of the flow entriesthat are emitted as log entries according to thelogConfig.sampleRateparameter. When
logConfig.sampleRateis1.0(100%), this means thatallof the sampled packets are processed.Write to logging: The log entries are written to Cloud Logging.
Optional fields
Log records contain required fields and optional fields. TheLogfields section lists which fields are optional and which are required. All requiredfields are always included. You can customize which optional fields you keep.
If you selectinclude all optional, all optional fields in the logrecord format are included in the flow logs. When new optional fields are addedto the record format, the flow logs automatically include the new fields.
If you selectexclude all optional, this omits all optional fields.
If you selectcustom, you can specify the optional fieldsthat you want to include by the parent field, such as
serverInstance, or bytheir full names, such asserverInstance.vm.
When new optional fields are added to the record format, the logs won'tinclude these fields, unless they are a new field within a parent field thatyou have specified to include.
If you specify a custom optional field using parent fields, when new optionalfields are added to the record format within that parent field, the logs willautomatically include the new fields. For example, if you choose to includeoptionalFieldA, then a new field added to the logs with the nameoptionalFieldA.subField1 will be included automatically.
For instructions about customizing optional fields, seeEnable logging on a new backend service.
Response packet source IP address requirements
Logging samples the response packets from the backendVMs only if the source IP address for those packets matches the load balancer'sforwarding rule IP address.For TCP connections, response packets must always have sources that match therequest packet's destination; however, for other protocols, it's possible forresponse packets to use a different source IP address.For more information, seeIP addresses for request and return packets.
The packet sampling process used by external passthrough Network Load Balancer logging omits anyresponse packets from backend VMs if those response packets have sources thatdon't match an IP address of a forwarding rule for an external passthrough Network Load Balancer.
Enable logging on a new backend service
Console
In the Google Cloud console, go to theLoad balancing page.
- Click the name of your load balancer.
- ClickEdit, and then clickBackend Configuration.
- SelectCreate a backend service, and then complete the required backend service fields.
- In theLogging section, select theEnable logging checkbox.
- Set aSample rate fraction. You can set a rate to
0.0through1.0(default). - Optional: To include all the optional fields in the logs, in theOptional fields section, clickInclude all optional fields.
Pro tip: To specify theCUSTOM option, use the gcloud CLI and the REST API.
- To finish editing the backend service, clickUpdate.
- To finish editing the load balancer, clickUpdate.
gcloud
Create the backend service to enable logging with thegcloud compute backend-services create command.
gcloud compute backend-services createBACKEND_SERVICE \ --region=REGION \ --enable-logging \ --logging-sample-rate=SAMPLE_RATE \ --logging-optional=LOGGING_OPTIONAL \ --logging-optional-fields=OPTIONAL_FIELDS
Replace the following:
BACKEND_SERVICE: the name of the backend service.REGION: the region of the backend service to create.SAMPLE_RATE: this field can only be specified if logging is enabled for this backend service.The value of the field must be from
0.0 to 1.0, where0.0means that no logs are generated and1.0means that logs are generated for all of thesampled packets. Enabling logging but setting the sampling rate to0.0is equivalent to disabling logging. The default value is1.0.LOGGING_OPTIONAL: the optional fields that you want to include in the logs:INCLUDE_ALL_OPTIONALto include all optional fields.EXCLUDE_ALL_OPTIONAL(default) to exclude all optional fields.CUSTOMto include a custom list of optional fields that you specify inOPTIONAL_FIELDS.
OPTIONAL_FIELDS: a comma-separated list of optional fields that you want to include in the logs.For example,
serverInstance.vm,serverGkeDetails. Can only be set ifLOGGING_OPTIONALis set toCUSTOM.
API
Make aPOST request to theregionBackendServices.insert method.
POST https://compute.googleapis.com/compute/v1/projects/`PROJECT_ID`/regions/`REGION`/backendServices
Exclude all optional fields
{ "name": "BACKEND_SERVICE", "loadBalancingScheme": "EXTERNAL", "logConfig": { "enable": true, "sampleRate":SAMPLE_RATE } }Include all optional fields
{ "name": "BACKEND_SERVICE", "loadBalancingScheme": "EXTERNAL", "logConfig": { "enable": true, "sampleRate":SAMPLE_RATE, "optionalMode": "INCLUDE_ALL_OPTIONAL" } }Include a custom list of optional fields
{ "name": "BACKEND_SERVICE", "loadBalancingScheme": "EXTERNAL", "logConfig": { "enable": true, "sampleRate":SAMPLE_RATE, "optionalMode": "CUSTOM", "optionalFields": ["field1","field2",...] } }Enable logging on an existing backend service
Console
In the Google Cloud console, go to theLoad balancing page.
- Click the name of your load balancer.
- ClickEdit, and then clickBackend Configuration.
- Next to your backend service, clickEdit.
- In theLogging section, select theEnable logging checkbox.
- Set aSample rate fraction. You can set a rate to
0.0through1.0(default). - Optional: To include all the optional fields in the logs, in theOptional fields section, clickInclude all optional fields.
Pro tip: To specify theCUSTOM option, use the gcloud CLI and the REST API.
- To finish editing the backend service, clickUpdate.
- To finish editing the load balancer, clickUpdate.
gcloud
Enable logging on an existing backend service with thegcloud compute backend-services update command.
gcloud compute backend-services updateBACKEND_SERVICE \ --region=REGION \ --enable-logging \ --logging-sample-rate=SAMPLE_RATE \ --logging-optional=LOGGING_OPTIONAL \ --logging-optional-fields=OPTIONAL_FIELDS
Replace the following:
BACKEND_SERVICE: the name of the backend service.REGION: the region of the backend service to create.SAMPLE_RATE: this field can only be specified if logging is enabled for this backend service.The value of the field must be from
0.0 to 1.0, where0.0means that no logs are reported and1.0means that logs are generated for all of thesampled packets. Enabling logging but setting the sampling rate to0.0is equivalent to disabling logging. The default value is1.0.LOGGING_OPTIONAL: the optional fields that you want to include in the logs:INCLUDE_ALL_OPTIONALto include all optional fields.EXCLUDE_ALL_OPTIONAL(default) to exclude all optional fields.CUSTOMto include a custom list of optional fields that you specify inOPTIONAL_FIELDS.
OPTIONAL_FIELDS: a comma-separated list of optional fields that you want to include in the logs.For example,
serverInstance.vm,serverGkeDetails. Can only be set ifLOGGING_OPTIONALis set toCUSTOM.
API
Make aPATCH request to theregionBackendServices/patch method.
PATCH https://compute.googleapis.com/compute/v1/projects/`PROJECT_ID`/regions/`REGION`/backendServices/`BACKEND_SERVICE`
Exclude all optional fields
"logConfig": { "enable": true, "sampleRate":SAMPLE_RATE, "optionalMode": "EXCLUDE_ALL_OPTIONAL" }Include all optional fields
{ "name": "BACKEND_SERVICE", "loadBalancingScheme": "EXTERNAL", "logConfig": { "enable": true, "sampleRate":SAMPLE_RATE, "optionalMode": "INCLUDE_ALL_OPTIONAL" } }Include a custom list of optional fields
{ "name": "BACKEND_SERVICE", "loadBalancingScheme": "EXTERNAL", "logConfig": { "enable": true, "sampleRate":SAMPLE_RATE, "optionalMode": "CUSTOM", "optionalFields": ["field1","field2",...] } }Disable logging on an existing backend service
Console
In the Google Cloud console, go to theLoad balancing page.
Click the name of your load balancer.
ClickEdit, and then clickBackend Configuration.
To disable logging entirely, in theLogging section, clear theEnable logging checkbox.
If you leave logging enabled, you can set a differentSample ratefraction. You can set the rate to
0.0through1.0(default).To only generate logs for 20% of thesampled packets, set thevalue to0.2.To finish editing the backend service, clickUpdate.
To finish editing the load balancer, clickUpdate.
gcloud
Disable logging on the backend service with thegcloud compute backend-services update command.
gcloud compute backend-services updateBACKEND_SERVICE \ --region=REGION \ --no-enable-logging
Replace the following:
BACKEND_SERVICE: the name of the backend service.REGION: the region of the backend service.
API
Make aPATCH request to theregionBackendServices/patch method.
PATCH https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/backendServices/BACKEND_SERVICE
{ "logConfig": { "enable": false } }View logs
When logs are ingested into Cloud Logging and not excluded through aLog router sink, you can read logs by using theCloud Logging API and theGoogle Cloud CLI.
To view all the external passthrough Network Load Balancer logs:
Console
In the Google Cloud console, go to theLogs Explorer page.
Select theExternal Passthrough Network Load Balancer Rule resource type.
Select theloadbalancing.googleapis.com/flows log name.
Console query
In the Google Cloud console, go to theLogs Explorer page.
Click theShow query toggle.
Paste the following into the query field. Replace
PROJECT_IDwith your project ID.resource.type="loadbalancing.googleapis.com/ExternalNetworkLoadBalancerRule"logName="projects/PROJECT_ID/logs/loadbalancing.googleapis.com%2Fflows"
ClickRun query.
View logs for a specific backend service
To view the external passthrough Network Load Balancer logs for a specific backend service:
Console query
In the Google Cloud console, go to theLogs Explorer page.
Click theShow query toggle.
Paste the following into the query field. Replace
PROJECT_IDwith your project ID andBACKEND_SERVICE_NAMEwith thename of your backend service.resource.type="loadbalancing.googleapis.com/ExternalNetworkLoadBalancerRule"logName="projects/PROJECT_ID/logs/loadbalancing.googleapis.com%2Fflows"resource.labels.backend_service_name="BACKEND_SERVICE_NAME"
ClickRun query.
View logs for a backend instance group
To view the external passthrough Network Load Balancer logs for a specific backend instance group:
Console query
In the Google Cloud console, go to theLogs Explorer page.
Click theShow query toggle.
Paste the following into the query field. Replace
PROJECT_IDwith your project ID andBACKEND_GROUP_NAMEwith the name of the instance group.resource.type="loadbalancing.googleapis.com/ExternalNetworkLoadBalancerRule"logName="projects/PROJECT_ID/logs/loadbalancing.googleapis.com%2Fflows"resource.labels.backend_group_name="BACKEND_GROUP_NAME"
ClickRun query.
Log fields
Log records contain required fields, which are the default fields of every logrecord, and optional fields that add additional information. Optional fields canbe omitted to save storage costs.
Some log fields are in a multi-field format, with more than one piece of datain a given field. For example, theconnection field is of theIpConnectionformat, which contains the source and destination IP address and port, plus theprotocol, in a single field. These multi-field fields are described in thefollowing record format table.
The monitored resource isloadbalancing.googleapis.com/ExternalNetworkLoadBalancerRule.
| Field | Field format | Field type: Required or Optional | Description |
|---|---|---|---|
| connection | IpConnection | Required | 5-Tuple describing this connection. |
| startTime | string | Required | Timestamp (RFC 3339 date string format) of the first observed packet during theaggregated time interval. |
| endTime | string | Required | Timestamp (RFC 3339 date string format) of the last observed packet during theaggregated time interval. |
| bytesSent | int64 | Required | Number of bytes sent from the server to the client. |
| bytesReceived | int64 | Required | Number of bytes received by the server from the client. |
| packetsSent | int64 | Required | Number of packets sent from the server to the client. |
| packetsReceived | int64 | Required | Number of packets received by the server from the client. |
| rtt | string | Required | Latency is measured only for TCP connections. Latency is the sum of estimatednetwork round-trip time (RTT) plus time consumed processing the packet withinthe client's operating system. For sampled packets, the RTT is calculated from the perspective of a load-balanced backendby measuring time differences between the backend sending a TCPsegment and the backend receiving a TCP acknowledgment for the sequence numberof the sent segment. Latency is formatted as a string that begins with the number ofseconds and ends with "s" to indicate seconds. Nanoseconds isexpressed as fractional seconds—for example, latency of 250 milliseconds isformatted as "0.250000000s". |
| serverInstance | InstanceDetails | Optional | The backend VM instance details. |
| clientLocation | GeographicDetails | Optional | The available location metadata of the client. |
| serverGkeDetails | GkeDetails | Optional | GKE metadata for the server backend. Only available if thebackend is a GKE endpoint. |
| networkTier | NetworkTierDetails | Optional | Network tier for external connections, filled only when the client is not withinGoogle Cloud. |
IpConnection field format
| Field | Type | Description |
|---|---|---|
| clientIp | string | Client IP address |
| clientPort | int32 | Client port. Set for TCP and UDP connections only. |
| serverIp | string | Server IP address (forwarding rule IP) |
| serverPort | int32 | Server port. Set for TCP and UDP connections only. |
| protocol | int32 | IANA protocol number |
InstanceDetails field format
| Field | Type | Description |
|---|---|---|
| projectId | string | ID of the project containing the VM |
| vm | string | Instance name of the VM |
| region | string | Region of the VM |
| zone | string | Zone of the VM |
| vmIp | string | Primary internal IPv4 address of the network interface that served the connection |
GeographicDetails field format
| Field | Type | Description |
|---|---|---|
| continent | string | Continent name |
| regionCode | string | A Unicode CLDR region code such asUS orFR. For most countries, these codes correspond directly toISO-3166-2 codes. |
| subRegion | string | A Unicode CLDR subdivision ID—for example, a province or state of the country such asUSCA orCAON. These Unicode codes are derived from the subdivisions defined by theISO-3166-2 standard. |
| city | string | Name of the city—for example,Mountain View for Mountain View, California. There is no canonical list of valid values for this variable. The city names can contain US-ASCII letters, numbers, spaces, and the following characters:!#$%&'*+-.^_`|~. |
| asn | int32 | The autonomous system number (ASN) of the external network to which this endpoint belongs. |
GkeDetails field format
| Field | Type | Description |
|---|---|---|
| cluster | ClusterDetails | GKE cluster metadata |
| pod | PodDetails | GKE Pod metadata, populated when the source or destination of the traffic is a Pod |
| service | ServiceDetails | GKE service metadata, populated in service endpoints only. The record contains up to two services. If there are more than two relevant services, this field contains a single service with a specialMANY_SERVICES marker. |
ClusterDetails field format
| Field | Type | Description |
|---|---|---|
| cluster | string | GKE cluster name |
| clusterLocation | string | Location of the cluster. The cluster location can be a zone or a region. |
PodDetails field format
| Field | Type | Description |
|---|---|---|
| pod | string | Name of the Pod |
| podNamespace | string | Namespace of the Pod |
ServiceDetails field format
| Field | Type | Description |
|---|---|---|
| service | string | Name of the service. If there are more than two relevant services, the field is set to a specialMANY_SERVICES marker. |
| serviceNamespace | string | Namespace of the service |
NetworkTierDetails field format
| Field | Type | Description |
|---|---|---|
| networkTier | string | NetworkTier used in the connection, one of [PREMIUM, STANDARD, FIXED_STANDARD, UNKNOWN]. |
Monitoring
External passthrough Network Load Balancers export key metrics toCloud Monitoring.
Monitoring metrics can be used for the following purposes:
- Evaluate configuration, usage, and performance of a load balancer
- Troubleshoot problems
- Improve resource utilization and user experience
In addition to the predefined dashboards in Monitoring, you cancreate custom dashboards, set up alerts, and query the metrics through theMonitoring API.
View Monitoring dashboards
Console
In the Google Cloud console, go to theMonitoring page.
In the navigation pane, selectDashboards.
Select theGoogle Cloud Load Balancers dashboard. All the load balancers aredisplayed.
Select the load balancer name from the list of load balancers.
In theExternal passthrough Network Load Balancer details pane, you can see various details forthe selected load balancer. This pane displays your current configurations.
In theKey metrics pane, you can see charts for each key metric. To seespecific breakdowns, clickBreakdowns. This pane presents data informed byhistorical configurations, while theExternal passthrough Network Load Balancer details paneonly displays the current configurations.For more information, seeDashboards and charts.
Note: Monitoring collects external passthrough Network Load Balancer data every 15minutes. However, it might take up to two hours after you create your firstexternal passthrough Network Load Balancer for data to be available in Cloud Logging andMonitoring.Define Monitoring custom dashboards
You can create custom Monitoring dashboards overexternal passthrough Network Load Balancer metrics.
Refer toMetrics and resource types for a list ofcollected metrics. Refer toFilters for lists of attributes you canuse to filter your results.
Console
In the Google Cloud console, go to theMonitoring page.
SelectDashboards> Create Dashboard.
ClickAdd chart.
Give the chart a title.
Select metrics and filters.
To find external passthrough Network Load Balancer metrics, search for the
loadbalancing.googleapis.com/l3/externalprefix.ClickSave.
Define Monitoring alerts
You can defineMonitoring alerts overvarious external passthrough Network Load Balancer metrics:
Console
In the Google Cloud console, go to theMonitoring page.
SelectAlerting> Create a Policy.
Select resource types and metrics.
To find external passthrough Network Load Balancer resource types and metrics, searchfor
loadbalancing.googleapis.com/l3/externalin theFind resource type and metric field.Specify aConfiguration to set when an alert should be triggered.
AddFilters if needed.
ClickSave.
Metric reporting frequency and retention
Metrics for the external passthrough Network Load Balancers are exported to Monitoring inone-minute granularity batches. Monitoring data is retained for six weeks.Metrics are based on sampled traffic (sampling rate is dynamic and cannot beadjusted).The dashboard provides data analysis in default intervals of one hour (1H), sixhours (6H), one day (1D), one week (1W), and six weeks (6W). You can manuallyrequest analysis in any interval from six weeks to sixty seconds.
Metrics and resource types
This section describes the metrics and resource types for external passthrough Network Load Balancers.
Metrics
The following metrics for external passthrough Network Load Balancers arereported into Monitoring. You can usethese metric names when makingAPI requests.
| metric_name | Type | Description |
|---|---|---|
loadbalancing.googleapis.com/l3/external/ingress_bytes_count | counter | The number of bytes sent from a client to an external passthrough Network Load Balancer backend. For TCP flows, only bytes in the application stream are counted. |
loadbalancing.googleapis.com/l3/external/ingress_packets_count | counter | The number of packets sent from a client to an external passthrough Network Load Balancer backend. |
loadbalancing.googleapis.com/l3/external/egress_bytes_count | counter | The number of bytes sent from an external passthrough Network Load Balancer backend to a client. For TCP flows, only bytes in the application stream are counted. |
loadbalancing.googleapis.com/l3/external/egress_packets_count | counter | The number of packets sent from an external passthrough Network Load Balancer backend to a client. |
loadbalancing.googleapis.com/l3/external/rtt_latencies | distribution | A distribution of rtt measured over TCP connections for external passthrough Network Load Balancer flows. Available only for TCP traffic. |
Resource types
External passthrough Network Load Balancers use the following resource types:
tcp_lb_ruleudp_lb_ruleloadbalancing.googleapis.com/ExternalNetworkLoadBalancerRule
An external passthrough Network Load Balancer can support TCP, UDP, ESP, GRE, ICMP, and ICMPv6 traffic.
You can specify the resource type astcp_lb_rule orudp_lb_rule to limitmonitored data to either TCP or UDP protocols.You can specify the resource type asloadbalancing.googleapis.com/ExternalNetworkLoadBalancerRuleto monitor all the supported protocols including TCP, UDP, ESP, GRE, ICMP, and ICMPv6protocols.
Filters
Metrics are aggregated for each external passthrough Network Load Balancer. You can filter aggregatedmetrics by the following dimensions.
Resource labels fortcp_lb_rule orudp_lb_rule
You can restrict your query by resource. You can also group results by thesevalues.
resource.label.<var>LABEL_KEY</var>:| label_key | Type | Description |
|---|---|---|
project | string | The identifier of the Google Cloud project associated with this resource. |
load_balancer_name | string | The name of the load balancer. |
region | string | Theregion where the load balancer's backend is located—for example,us-central1,europe-west1,asia-east1. |
network_name | string | The VPC network in which the load balancer backend resides. |
backend_target_type | string | Indicates whether the external passthrough Network Load Balancer is target pool-based or backend service-based. Valid values areBACKEND_SERVICE orTARGET_POOL. |
backend_target_name | string | For target pool-based external passthrough Network Load Balancers, the name of the target pool. For backend service-based external passthrough Network Load Balancers, the name of the backend service. |
forwarding_rule_name | string | The name of the forwarding rule. |
forwarding_rule_network_tier | string | Thenetwork tier of the forwarding rule. |
backend_name | string | The name of the backend that handled the connection. For a backend service-based external passthrough Network Load Balancer, the value is the name of the backend instance group or network endpoint group (NEG) that handled the connection. For a target pool-based external passthrough Network Load Balancer, the value is the name of the target pool. |
backend_type | string | The type of backend that handled the connection. For a backend service-based external passthrough Network Load Balancer, the value can be either For a target pool-based external passthrough Network Load Balancer, the value is |
backend_scope | string | For a backend service-based external passthrough Network Load Balancer, the zone or region of the backend instance group or NEG. For a target pool-based network load balancer, the value is |
backend_scope_type | string | The type of scope of the backend group that handled the connection. Valid values are For a target pool-based network load balancer, the value is |
backend_failover_configuration | string | The failover configuration of the backend group that handled the connection. Valid values arePRIMARY,BACKUP, orUNKNOWN. |
backend_subnetwork_name | string | The name of the subnetwork of the backend that received the connection. |
endpoint_zone | string | The zone of the backend VM that handled the connection. |
Resource labels forloadbalancing.googleapis.com/ExternalNetworkLoadBalancerRule
You can restrict your query by resource. You can also group results by thesevalues.
resource.label.<var>LABEL_KEY</var>:| label_key | Type | Description |
|---|---|---|
project | string | The identifier of the Google Cloud project associated with this resource. |
region | string | Theregion where the load balancer's backend is located—for example,us-central1,europe-west1,asia-east1. |
backend_network_name | string | The VPC network in which the load balancer backend resides. |
backend_target_type | string | The type of backend target that handled the connection. Valid values areBACKEND_SERVICE orTARGET_POOL. |
backend_service_name | string | The name of the backend service that handled the connection. If thebackend_target_type isTARGET_POOL, then the value isUNSUPPORTED_FOR_TARGET_POOL. |
primary_target_pool | string | The name of the primary target pool. If thebackend_target_type isBACKEND_SERVICE, then the value isUNSUPPORTED_FOR_BACKEND_SERVICE. |
target_pool | string | The name of the target pool. If thebackend_target_type isBACKEND_SERVICE, then the value isUNSUPPORTED_FOR_BACKEND_SERVICE. |
forwarding_rule_name | string | The name of the external passthrough Network Load Balancer's forwarding rule. |
backend_group_name | string | The name of the backend group that handled the connection. If thebackend_target_type isTARGET_POOL, then the value isUNSUPPORTED_FOR_TARGET_POOL. |
backend_group_type | string | The type of backend group that handled the connection. If the If the |
backend_group_scope | string | The scope of the backend group (name of the zone or region) that handled the connection. If thebackend_target_type isTARGET_POOL, then the value isUNSUPPORTED_FOR_TARGET_POOL. |
backend_subnetwork_name | string | The name of the subnetwork of the backend that received the connection. |
backend_zone | string | The zone of the backend VM that handled the connection. |
Metric labels
You can restrict your query by metric label. You can also group results by thesevalues.
metric.label.<var>LABEL_KEY</var>:| label_key | Type | Description |
|---|---|---|
client_country | string | The country of the client that initiated the connection to the external passthrough Network Load Balancer. |
client_continent | string | The continent of the client that initiated the connection to the external passthrough Network Load Balancer. |
protocol | string | The protocol in the connection for the This field is left blank for the |
Monitoring API requests
You can construct arbitrary queries over external passthrough Network Load Balancer metricsby using theMonitoring API`s v3 projects.timeSeries.list request.The exact structure of the various definitions follows the genericmonitoring filters semantics.
Example API requests
Get all bytes sent from all external passthrough Network Load Balancers in the project during 12:00-12:02 PM UTC on 2019-07-01with 1m aggregates.
timeSeries.list parameters:
- name: projects/
PROJECT_ID - Filter:
resource.type = "tcp_lb_rule"ANDmetric.name="loadbalancing.googleapis.com/l3/external/egress_bytes_count" - interval.start_time:
2019-07-01T12:00:00Z - interval.end_time:
2019-07-01T12:02:00Z - aggregation.alignmentPeriod:
60s - aggregation.crossSeriesReducer:
REDUCE_SUM - aggregation.perSeriesAligner:
ALIGN_SUM
- name: projects/
Get median RTT measurement over all external passthrough Network Load Balancers in theproject during 12:19-12:20 PM UTC on 2019-07-01, broken down by client country.
timeSeries.list parameters:
- name: projects/
PROJECT_ID - Filter:
resource.type = "tcp_lb_rule"ANDmetric.name="loadbalancing.googleapis.com/l3/external/rtt_latencies" - interval.start_time:
2019-07-01T12:19:00Z - interval.end_time:
2019-07-01T12:20:00Z - aggregation.alignmentPeriod:
60s - aggregation.crossSeriesReducer:
REDUCE_SUM - aggregation.groupByFields:
metric.label.client_country - aggregation.perSeriesAligner:
ALIGN_PERCENTILE_50
- name: projects/
Get total bytes from a specific external passthrough Network Load Balancer during12:19-12:20 PM UTC on 2019-07-01, broken down by endpoint zone and client continent.
timeSeries.list parameters:
- name: projects/
PROJECT_ID - Filter:
resource.type = "tcp_lb_rule"ANDresource.label.load_balancer_name = "netlb-bs-1"ANDmetric.name="loadbalancing.googleapis.com/l3/external/ingress_bytes_count" - interval.start_time:
2019-07-01T12:19:00Z - interval.end_time:
2017-07-01T12:20:00Z - aggregation.alignmentPeriod:
60s - aggregation.crossSeriesReducer:
REDUCE_SUM - aggregation.groupByFields:
metric.label.client_continent - aggregation.groupByFields:
resource.label.endpoint_zone - aggregation.perSeriesAligner:
ALIGN_SUM
- name: projects/
What's next
- Readconceptual information about external passthrough Network Load Balancers
- Set up an external passthrough Network Load Balancer
- Read about MonitoringMetrics, time series, and resources
- Read aboutforwarding rules
- Read abouttroubleshoot logging issues
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-12-15 UTC.