This topic describes how to query traffic between virtual private clouds (VPCs) by using flow logs.

Prerequisites

  • Two VPCs are created in the same region. In this example, VPC 1 and VPC 2 are created in the China (Hangzhou) region and a vSwitch is created in each VPC. For more information, see Create an IPv4 VPC.
  • Elastic Compute Service (ECS) instances are created in the vSwitches and applications are deployed on the ECS instances. For more information, see Create an instance by using the wizard.

Background information

The following scenario is used as an example in this topic. You can allow two VPCs that belong to the same Alibaba Cloud account and the same region to communicate with each other by attaching them to the same Cloud Enterprise Network (CEN) instance. After the VPCs are attached to the same CEN instance, you can query the traffic between the VPCs by using flow logs. Flow logs

Procedure

Procedure

Step 1: Create a CEN instance

In this example, network instances that belong to the same Alibaba Cloud account and the same region are attached to the same CEN instance. For more information about other scenarios, see Plan networks.

  1. Log on to the CEN console.
  2. On the Instances page, click Create CEN Instance.
  3. Set the following parameters in the Create CEN Instance panel to create a CEN instance:
    1. Name: Enter a name for the CEN instance.
      The name must be 2 to 128 characters in length. It must start with a letter. It can contain digits, underscores (_), and hyphens (-).
    2. Description: Enter a description for the instance.
    3. Attach Network: Attach network instances that belong to the same Alibaba Cloud account to the CEN instance. After the network instances are attached to the CEN instance, they can communicate with each other over private networks.
      • Network Type: Select the type of instance to be attached to the CEN instance. In this example, VPC is selected.
      • Region: Select the region where the VPC is deployed. In this example, China (Hangzhou) is selected.
      • Networks: Select the instance to be attached to the CEN instance. In this example, VPC 1 is selected.
      Note Make sure that the instance is not attached to another CEN instance.
    4. Click OK.

Step 2: Attach network instances to the CEN instance

Attach network instances to be connected to the same CEN instance. After you attach network instances to a CEN instance, the CEN instance automatically learns routes from the network instances. Then, the network instances can communicate with each other.

  1. Log on to the CEN console.
  2. On the Instances page, click the ID of the CEN instance that you created in Step1.
  3. Click the Networks tab and click Attach Network.
  4. Click the Your Account tab.
  5. Network Type: Select the type of instance to be attached. In this example, VPC is selected.
  6. Region: Select the region where the VPC is deployed. In this example, China (Hangzhou) is selected.
  7. Networks: Select the network instance to be attached to the CEN instance. In this example, VPC 2 is selected.
  8. Click OK.

Step 3: Create a flow log

Before you can create a flow log, you must log on to the Log Service product page and activate Log Service.

  1. Log on to the VPC console.
  2. In the left-side navigation pane, choose O&M and Monitoring > Flow Log.
  3. In the top navigation bar, select the China (Hangzhou) region.
  4. On the Flow Log page, click Create FlowLog.
  5. In the Create FlowLog dialog box, set the following parameters and click OK.
    • Name: Enter a name for the flow log. In this example, VPC_to_each_other is used.
    • Resource Type: Select the type of resource whose traffic you want to capture, and then select the resource. In this example, VPC and VPC 2 are selected. In this case, the flow log of VPC 2 is queried.

      To query the flow log of VPC 1, select VPC, and then select VPC 1.

    • Traffic Type: Select the type of traffic that you want to capture. In this example, All is selected.
    • Project: Select the type of project that is used to store the captured traffic. In this example, Create Project is selected.
    • Logstore: Select the Logstore that is used to store the captured traffic. In this example, Create Logstore is selected.
    • Turn on FlowLog Analysis Report Function: After you enable this feature, Log Service indexing is enabled and a dashboard for the Logstore is created. Then, you can consume the log data by using SQL queries and analyze the log data in the dashboard. Log Service dashboards are free of charge. However, Log Service indexing is billed based on data transfer. For more information, see Log Service billing. In this example, this feature is enabled.
    • Description: Enter a description for the flow log.

Step 4: Query the flow log

  1. On the Flow Log page, find the flow log and click the name of the Logstore in the LogStore column.
    NAT gateways
  2. Query the traffic generated when VPC 1 accesses VPC 2 based on the procedure described in the following figure.
    Procedure
    Number Description
    Enter the following SQL statement to aggregate and align the flow log and filter the chart that displays the traffic generated when VPC 1 accesses VPC 2.
    vpc-xxx and srcaddr: 172.16.* and action: ACCEPT | select date_format(from_unixtime(__time__ - __time__% 60), '%H:%i:%S') as time, sum(bytes*8/("end"-start)) as bandwidth group by time order by time asc limit 1000
    The SQL statement defines the following parameters: time, bandwidth (bit/s), and srcaddr (source address). The parameters are sorted in ascending order of time. In this case, 1,000 log entries are queried. The following section describes the parameters:
    • vpc-xxx: the ID of VPC 2.
    • srcaddr: the private CIDR block of VPC 1.
    • Set other parameters to the same values shown in this example.
    Note
    • Enter the following SQL statement to filter the chart that displays the traffic generated when each ECS instance in VPC 1 accesses VPC 2.
      vpc-xxx and srcaddr: 172.16.* and action: ACCEPT | select date_format(from_unixtime(__time__ - __time__% 60), '%H:%i:%S') as time, srcaddr,sum(bytes*8/("end"-start)) as bandwidth group by time,srcaddr order by time asc limit 1000
      • vpc-xxx: the ID of VPC 2.
      • srcaddr: the private CIDR block of VPC 1.
      • When the chart is generated, set Aggregate Column to scrddr.
    • To filter the chart that displays the traffic generated when VPC 2 accesses VPC 1, select VPC and then select VPC 1 when you create a flow log. When you enter the SQL statement, set vpc-xxx to the ID of VPC 1 and set srcaddr to the private CIDR block of VPC 2. Other operations remain unchanged.
    Select the period of time for which you want to query the flow log.
    Click the Graph tab and click Chart to select the chart type.
    In the Properties section, set the following parameters:
    • Chart Types: Line Chart is used in this example.
    • X Axis: Set the value to time.
    • Y Axis: Set the value to bandwidth.
    • Aggregate Column: Leave this parameter empty.
    • Format: Set the value to bps, Kbps, Mbps.
    Keep the default values for other parameters.
    Click Add to New Dashboard and set the following parameters in the dialog box that appears.
    • Operation: Create Dashboard is used in this example.
    • Dashboard Name: Enter a name for the dashboard. In this example, VPC1_to_VPC2 is used.
    • Chart Name: Enter a name for the chart. In this example, VPC1_to_VPC2 is used.
    You can view information about the flow log on the dashboard.
    Click Search & Analyze to view the traffic generated when VPC 1 accesses VPC 2.