Virtual Private Cloud:Query traffic between VPCs

Scenarios

The following scenario is used as an example. VPC 1 and VPC 2 are created in the China (Hangzhou) region. You want to query traffic between the VPCs. You can use an Enterprise Edition transit router to connect VPC 1 to VPC 2. Then you can query traffic between the VPCs by using flow logs.

This example describes how to view the flow logs generated when VPC 1 accesses VPC 2.

Procedure

Step 1: Create a CEN instance

In this example, network instances that belong to the same Alibaba Cloud account and the same region are attached to the same CEN instance. Step 1: Create a CEN instance and Step 2: Attach network instances to the same CEN instance are performed in the new CEN console.

1. Log on to the CEN console.
2. On the Instances page, click Create CEN Instance.
3. In the Create CEN Instance dialog box, set the following parameters and click OK to create a CEN instance.
   1. Name: Enter a name for the CEN instance.
   2. Description: Enter a description for the CEN instance.

Step 2: Attach network instances to the same CEN instance

Attach the network instances to be connected to the same CEN instance. After you attach network instances to the same CEN instance, the CEN instance automatically learns routes from the network instances. Then, the network instances can communicate with each other.

1. Log on to the CEN console.
2. On the Instances page, click the ID of the CEN instance that you created in Step 1: Create a CEN instance.
3. On the details page of the CEN instance, click the icon next to VPC.
4. On the Connection with Peer Network Instance page, set the following parameters and click OK.
   • Network Type: Select VPC.
   • Region: Select the region where the network instances are deployed. In this example, China (Hangzhou) is selected.
   • Transit Router: The system automatically creates a transit router in the selected region.
   • Select the primary and secondary zones for the transit router: Select a primary and secondary zone for the transit router.
     Note When you perform this operation, the system automatically creates the service-linked role AliyunServiceRoleForCEN. The service-linked role allows the transit router to create elastic network interfaces (ENIs) in the vSwitches of the VPC. ENIs are used to direct network traffic from the VPC to the transit router. For more information, see AliyunServiceRoleForCEN.
   • Resource Owner ID: Select the Alibaba Cloud account to which the VPC belongs. Your Account is selected in this example.
   • Billing Method: The default value Pay-As-You-Go is used in this example.
   • Attachment Name: Enter a name for the connection.
   • Networks: Select the ID of the VPC to be connected. In this example, VPC 1 is selected.
   • vSwitch: Select a vSwitch from the primary zone and secondary zone.
   • Advanced Settings: By default, the system automatically enables the advanced features. In this example, the default setting is used for VPC 1.
5. After you attach VPC 1 to the CEN instance, click Create More Connections. Then, repeat Step 4 to attach VPC 2 to the same CEN instance.

Step 3: Create a flow log

1. Log on to the VPC console.
2. In the top navigation bar, select the China (Hangzhou) region.
3. In the left-side navigation pane, choose O&M and Monitoring > Flow Log.
4. On the Flow Log page, click Create FlowLog.
5. In the Create FlowLog dialog box, set the following parameters and click OK.
   • Flow Log Name: Enter a name for the flow log. In this example, VPC_to_each_other is used.
   • Resource Type: Select the type of resource whose traffic you want to capture, and then select the resource. In this example, VPC is selected and VPC 2 is selected in the Resource Instance drop-down list. In this case, the flow log of VPC 2 is queried.
     Note If you want to query the flow log of VPC 1, set Resource Type to VPC and select VPC 1 from the Resource Instance drop-down list. When you enter the SQL statement in Step 4: Query the flow log, set vpc-xxx to the ID of VPC 1 and set srcaddr to the private CIDR block of VPC 2. Do not change other operations.
   • Traffic Type: Select the type of traffic data that you want to capture. In this example, All is selected.
   • Project: Select the project that is used to store the captured traffic. In this example, Create Project is selected.
   • Logstore: Select the Logstore that is used to store the captured traffic. In this example, Create Logstore is selected.
   • Turn on FlowLog Analysis Report Function: After you enable this feature, Log Service indexing is enabled and a dashboard is created for the Logstore. Then, you can consume the log data by using SQL queries and analyze the log data in the dashboard. In this example, this feature is enabled.
   • Description: Enter a description for the flow log.

Step 4: Query the flow log

1. Log on to the VPC console.
2. In the left-side navigation pane, choose O&M and Monitoring > Flow Log.
3. On the Flow Log page, find the flow log and click the name of the Logstore in the LogStore column.
   
4. Query the traffic generated when VPC 1 accesses VPC 2 based on the procedure described in the following figure.
   

   Number	Description
   ①	Enter the following SQL statement to aggregate and sort the flow log entries and filter the chart that displays the traffic generated when VPC 1 accesses VPC 2. vpc-xxx and srcaddr: 172.16.* and action: ACCEPT | select date_format(from_unixtime(__time__ - __time__% 60), '%H:%i:%S') as time, sum(bytes*8/("end"-start+1)) as bandwidth group by time order by time asc limit 1000 The SQL statement defines the following parameters: time, bandwidth (bit/s), and srcaddr (source address). The parameters are sorted in ascending order of time. In this case, 1,000 log entries are retrieved. The following section describes the parameters: vpc-xxx: the ID of VPC 2. srcaddr: the private CIDR block of VPC 1. Set other parameters to the values shown in this example. Enter the following SQL statement to filter the chart that displays the traffic generated when each ECS instance in VPC 1 accesses VPC 2. vpc-xxx and srcaddr: 172.16.* and action: ACCEPT | select date_format(from_unixtime(__time__ - __time__% 60), '%H:%i:%S') as time, srcaddr,sum(bytes*8/("end"-start+1)) as bandwidth group by time,srcaddr order by time asc limit 1000 vpc-xxx: the ID of VPC 2. srcaddr: the private CIDR block of VPC 1. When the chart is generated, set Aggregate Column to scrddr.
   ②	Select the time period that you want to query.
   ③	Click the Graph tab and click to select a chart type.
   ④	In the Properties section, set the following parameters: Chart Types: Line Chart is selected in this example. X Axis: Set the value to time. Y Axis: Set the value to bandwidth. Aggregate Column: Leave this parameter empty. Format: Set the value to bps, Kbps, Mbps. Keep the default values for other parameters.
   ⑤	Click Add to New Dashboard and set the following parameters in the dialog box that appears: Operation: Create Dashboard is used in this example. Dashboard Name: Enter a name for the dashboard. In this example, VPC1_to_VPC2 is used. Chart Name: Enter a name for the chart. In this example, VPC1_to_VPC2 is used. You can view information about the flow log on the dashboard.
   ⑥	Click Search & Analyze to view the traffic generated when VPC 1 accesses VPC 2.

5. Optional:To view the chart that displays the traffic generated when VPC 2 accesses VPC 1, you can set Resource Type to VPC and select VPC 1 from the drop-down list. When you enter the SQL statement, set vpc-xxx to the ID of VPC 1 and set srcaddr to the private CIDR block of VPC 2. Do not change other operations.