gcloud compute packet-mirrorings create
- NAME
- gcloud compute packet-mirrorings create - create a Compute Engine packet mirroring policy
- SYNOPSIS
gcloud compute packet-mirrorings createNAME--collector-ilb=COLLECTOR_ILB--network=NETWORK[--async][--description=DESCRIPTION][--no-enable][--filter-cidr-ranges=[CIDR_RANGE,…]][--filter-direction=DIRECTION][--filter-protocols=[PROTOCOL,…]][--mirrored-instances=[INSTANCE,…]][--mirrored-subnets=[SUBNET,…]][--mirrored-tags=[TAG,…]][--region=REGION][GCLOUD_WIDE_FLAG …]
- DESCRIPTION
- Create a Compute Engine packet mirroring policy.
- EXAMPLES
- Mirror all tcp traffic to/from all instances in subnet my-subnet in us-central1,and send the mirrored traffic to the collector-fr Forwarding Rule.
gcloudcomputepacket-mirroringscreatemy-pm--networkmy-network--regionus-central1--mirrored-subnetsmy-subnet--collector-ilbcollector-fr--filter-protocolstcpMirror all traffic between instances with tag t1 and external server with IP11.22.33.44 in us-central1, and send the mirrored traffic to the collector-frForwarding Rule.
gcloudcomputepacket-mirroringscreatemy-pm--networkmy-network--regionus-central1--mirrored-tagst1--collector-ilbcollector-fr--filter-cidr-ranges11.22.33.44/32 - POSITIONAL ARGUMENTS
NAME- Name of the packet mirroring to create.
- REQUIRED FLAGS
--collector-ilb=COLLECTOR_ILB- Forwarding rule configured as collector. This must be a regional forwarding rule(in the same region) with load balancing scheme INTERNAL andisMirroringCollector set to true.
You can provide this as the full URL to the forwarding rule, partial URL, orname. For example, the following are valid values:
- https://compute.googleapis.com/compute/v1/projects/myproject/regions/us-central1/forwardingRules/fr-1
- projects/myproject/regions/us-central1/forwardingRules/fr-1
- fr-1
--network=NETWORK- Network for this packet mirroring. Only the packets in this network will bemirrored. It is mandatory that all mirrored VMs have a network interfacecontroller (NIC) in the given network. All mirrored subnetworks should belong tothe given network.
You can provide this as the full URL to the network, partial URL, or name. Forexample, the following are valid values:
- https://compute.googleapis.com/compute/v1/projects/myproject/global/networks/network-1
- projects/myproject/global/networks/network-1
- network-1
- OPTIONAL FLAGS
--async- Return immediately, without waiting for the operation in progress to complete.
--description=DESCRIPTION- Optional, textual description for the packet mirroring.
--enable- Enable or disable the packet-mirroring. Enabled by default, use
--no-enableto disable. --filter-cidr-ranges=[CIDR_RANGE,…]- One or more IPv4 or IPv6 CIDR ranges that apply as filters on the source(ingress) or destination (egress) IP in the IP header. If no ranges arespecified, all IPv4 traffic that matches the specified IPProtocols is mirrored.If neither cidrRanges nor IPProtocols is specified, all IPv4 traffic ismirrored. To mirror all IPv4 and IPv6 traffic, use 0.0.0.0/0,::/0
--filter-direction=DIRECTION- For
ingress, only ingress traffic is mirrored. - For
egress, only egress traffic is mirrored. - For
both(default), both directions are mirrored.DIRECTIONmust be one of:both,egress,ingress.
- For
--filter-protocols=[PROTOCOL,…]- List of IP protocols that apply as filters for packet mirroring traffic. Ifunspecified, the packet mirroring applies to all traffic. PROTOCOL can be one oftcp, udp, icmp, esp, ah, ipip, sctp, or an IANA protocol number.
--mirrored-instances=[INSTANCE,…]- List of instances to be mirrored. You can provide this as the full or validpartial URL to the instance. For example, the following are valid values:
- https://compute.googleapis.com/compute/v1/projects/myproject/zones/us-central1-a/instances/instance-
- projects/myproject/zones/us-central1-a/instances/instance-1
--mirrored-subnets=[SUBNET,…]- List of subnets to be mirrored. You can provide this as the full URL to thesubnet, partial URL, or name. For example, the following are valid values:
- https://compute.googleapis.com/compute/v1/projects/myproject/regions/us-central1/subnetworks/subnet-1
- projects/myproject/regions/us-central1/subnetworks/subnet-1
- subnet-1
--mirrored-tags=[TAG,…]- List of virtual machine instance tags to be mirrored.
To read more about configuring network tags, read this guide:https://cloud.google.com/vpc/docs/add-remove-network-tags
The virtual machines with the provided tags must live in zones contained in thesame region as this packet mirroring.
--region=REGION- Region of the packet mirroring to create. Overrides the default
compute/regionproperty value for this command invocation.
- GCLOUD WIDE FLAGS
- These flags are available to all commands:
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run
$gcloud helpfor details. - NOTES
- These variants are also available:
gcloudalphacomputepacket-mirroringscreategcloudbetacomputepacket-mirroringscreate
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-05-07 UTC.