All Products
Search
Document Center

Virtual Private Cloud:Query traffic data between VPCs

Last Updated:Sep 21, 2023

This topic describes how to use flow logs to query traffic data between virtual private clouds (VPCs) that are attached to the same Cloud Enterprise Network (CEN) instance in the same region. You can analyze the traffic data to adjust your services or troubleshoot issues.

Prerequisites

Scenarios

The following figure shows the scenario that is used in this example. VPC 1 and VPC 2 are created in the China (Hangzhou) region. You want to query traffic data between the VPCs. You can use an Enterprise Edition transit router to connect VPC 1 and VPC 2. Then, you can query traffic data between the VPCs by using flow logs.

This example describes how to query the flow logs generated when VPC 1 accesses VPC 2.

CEN流日志

Procedure

配置步骤

Step 1: Create a CEN instance

  1. Log on to the CEN console.

  2. On the Instances page, click Create CEN Instance.

  3. In the Create CEN Instance dialog box, configure the following parameters and click OK:

    1. Name: Enter a name for the CEN instance.

    2. Description: Enter a description for the CEN instance.

Step 2: Attach network instances to the same CEN instance

Attach the network instances to be connected to the same CEN instance. After you attach the network instances to the same CEN instance, the CEN instance automatically learns routes from the network instances. Then, the network instances can communicate with each other.

  1. Log on to the CEN console.

  2. On the Instances page, click the ID of the CEN instance that you created in Step 1.

  3. On the details page of the CEN instance, click the 添加 icon under VPC.

  4. On the Connection with Peer Network Instance page, configure the following parameters and click OK:

    • Network Type: By default, VPC is selected.

    • Region: Select the region in which the VPC to be attached is deployed. In this example, China (Hangzhou) is selected.

    • Transit Router: The system automatically creates a transit router in the selected region.

    Note

    When you perform this operation, the system automatically creates the service-linked role AliyunServiceRoleForCEN. The service-linked role allows the transit router to create elastic network interfaces (ENIs) in the vSwitches of the VPC. ENIs are used to direct network traffic from the VPC to the transit router. For more information, see AliyunServiceRoleForCEN.

    • Resource Owner ID: Select the Alibaba Cloud account to which the VPC belongs. In this example, Current Account is selected.

    • Billing Method: The default value Pay-As-You-Go is used in this example.

    • Attachment Name: Enter a name for the connection.

    • Network Instance: Select the ID of the VPC. In this example, VPC 1 is selected.

    • VSwitch: Select a vSwitch separately from the primary zone and secondary zone.

    • Advanced Settings: By default, the system automatically enables the advanced features. In this example, the default advanced settings are used for VPC 1.

  5. After you attach VPC 1 to the CEN instance, click Create More Connections. Then, repeat Step 4 to attach VPC 2 to the same CEN instance.

Step 3: Create a flow log instance

  1. Log on to the VPC console.
  2. In the top navigation bar, select the China (Hangzhou) region.

  3. In the left-side navigation pane, choose O&M and Monitoring > Flow Log.
  4. On the Flow Log page, click Create a flow log.

  5. In the Create a flow log dialog box, configure the following parameters and click OK:

    • Flow Log Name: Enter a name for the flow log instance. In this example, VPC_to_each_other is used.

    • Resource Type: Select the type of resource whose traffic data you want to capture and select a resource. In this example, VPC is selected and VPC 2 is selected from the Resource Instance drop-down list. In this case, the flow logs of VPC 2 can be queried.

    • Data Transfer Type: Select the type of traffic data that you want to capture. In this example, All Traffic is selected.

    • Project: Select the project that is used to store the captured traffic data. In this example, Create Project is selected.

    • Logstore: Select the Logstore that is used to store the captured traffic data. In this example, Create Logstore is selected.

    • Enable Log Analysis Report: After you enable this feature, indexing is enabled and a dashboard is created for the Logstore. Then, you can query log data by executing SQL statements and analyze the log data on the dashboard. In this example, this feature is enabled.

    • Sampling Interval (Minutes): Select the time interval at which the traffic data is captured to generate flow logs. Valid values: 1, 5, and 10. In this example, 10 is selected.

    • Description: Enter a description for the flow log instance.

Step 4: Query flow logs

  1. Log on to the VPC console.
  2. In the left-side navigation pane, choose O&M and Monitoring > Flow Log.
  3. On the Flow Log page, find the flow log instance that you created and click the name of the Logstore in the Simple Log Service column.

    NAT网关
  4. Perform the steps that are described in the following table to query the traffic data generated when VPC 1 accesses VPC 2.

    查看流图

    No.

    Description

    1

    • Enter the following SQL statement to aggregate and sort the flow logs, and filter the traffic data to generate a chart that displays the traffic data generated when VPC 1 accesses VPC 2:

      vpc-xxx and srcaddr: 172.16.* and action: ACCEPT | select date_format(from_unixtime(__time__ - __time__% 60), '%H:%i:%S') as time, sum(bytes*8/("end"-start+1)) as bandwidth group by time order by time asc limit 1000

      The SQL statement contains the following parameters: time, bandwidth (bit/s), and srcaddr. The flow logs are sorted in ascending order of time. In this example, 1,000 log entries are retrieved. The following section describes the parameters:

      • : the ID of VPC 2.

      • : the private CIDR block of VPC 1.

      • Set other parameters to the values shown in this example.

      • Chart Types: Select Flow Chart Pro.

    • Enter the following SQL statement to filter the traffic data to generate a chart that displays the traffic data generated when each ECS instance in VPC 1 accesses VPC 2:

      vpc-xxx and srcaddr: 172.16.* and action: ACCEPT | select date_format(from_unixtime(__time__ - __time__% 60), '%H:%i:%S') as time, srcaddr,sum(bytes*8/("end"-start+1)) as bandwidth group by time,srcaddr order by time asc limit 1000
      • : the ID of VPC 2.

      • : the private CIDR block of VPC 1.

      • Set the Aggregate Column parameter to srcaddr when you generate the chart.

    2

    Select the time period during which you want to query flow logs.

    3

    Click the Graph tab and click the 流图 icon to select a chart type.

    4

    In the Common Settings section, configure the following parameters:

    • Axis X Field: Set this parameter to time.

    • Axis Y Field: Set this parameter to bandwidth.

    • Aggregate Column: Set this parameter to srcaddr.

    • Format: Set this parameter to bps,Kbps,Mbps.

    Keep the default values for other parameters.

    5

    Click Add to New Dashboard and configure the following parameters in the dialog box that appears:

    • Operation: Create Dashboard is used in this example.

    • Layout Mode: Grid Layout is used in this example.

    • Dashboard Name: Enter a name for the dashboard. In this example, Each_ECS_instance_in_VPC_1_to_VPC_2 is used.

    You can view information about the flow logs on the dashboard.

    6

    Click Search & Analyze to query the traffic data generated when each ECS instance in VPC 1 accesses VPC 2.

  5. Optional. To generate a chart that displays the traffic data generated when VPC 2 accesses VPC 1, set the Resource Type parameter to VPC and select VPC 1 from the Resource Instance drop-down list when you create a flow log instance. When you enter the SQL statement, set the vpc-xxx parameter to the ID of VPC 1, set the srcaddr parameter to the private CIDR block of VPC 2, and then keep other parameter values unchanged.