2

Trying out Google Container Engine, and in my 'billing' section I see some traffic 'egress' charges for data from America to China.

I have a web portal up. Does 'egress' traffic means anything that's coming out (i.e. even web traffic not just ssh/ftp or others) ?

is there a way to monitor where this traffic is going / coming from, besides the web server logs? I mean Google has a way to measure that so is there a place to look up these connections?

If that's not so obvious, what are the recommended tools to setup to log all this traffic.

MrE
  • 418
  • 1
  • 6
  • 14

1 Answers1

4

Egress means all traffic leaving your network to the Internet. Any requests for web pages from your portal by users in China will cause egress to China because the responses are sent there from your network.

Google Cloud doesn't have any built-in service detailing your external connections. If the only thing you're running is a web site, then your site's access logs should presumably have IPs in them that you could use to determine which accesses came from different countries.

Alex Robinson
  • 311
  • 1
  • 4
  • Thanks alex. I run a boatload if services but the Web site is very very limited , so when I see 60mb of egress traffic I get worried that I'm being hacked. Is GKE running anything like fail2ban for example? Ssh is open on all IPs by default and only protected by password it seems. – MrE Sep 05 '15 at 16:27
  • What happens if you have 30 VMs? How do you narrow it down? – Frank Barcenas Feb 24 '17 at 03:42
  • Nowadays you could use VPC flow logs to diagnose this (possibly feeding into Stackdriver Monitoring, for which there is a free tier). In my experience there is traffic from China probing at SSH pretty much 24/7. – GreenReaper Jan 11 '20 at 11:50