{"id":15222379,"url":"https://github.com/googlecloudplatform/vpc-network-tester","last_synced_at":"2025-10-03T15:30:52.194Z","repository":{"id":49943221,"uuid":"299446403","full_name":"GoogleCloudPlatform/vpc-network-tester","owner":"GoogleCloudPlatform","description":"Deploy VPC Network Tester to App Engine or Cloud Run to investigate the traffic flow. This app demonstrates how to package network tools as a serverless service.","archived":true,"fork":false,"pushed_at":"2020-09-28T22:59:38.000Z","size":22,"stargazers_count":30,"open_issues_count":0,"forks_count":14,"subscribers_count":6,"default_branch":"main","last_synced_at":"2024-12-18T08:41:33.883Z","etag":null,"topics":["appengine","cloudrun","diagnostic","serverless","vpc"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/GoogleCloudPlatform.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-09-28T22:30:00.000Z","updated_at":"2024-12-10T13:24:22.000Z","dependencies_parsed_at":"2022-08-19T21:51:18.279Z","dependency_job_id":null,"html_url":"https://github.com/GoogleCloudPlatform/vpc-network-tester","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoogleCloudPlatform%2Fvpc-network-tester","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoogleCloudPlatform%2Fvpc-network-tester/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoogleCloudPlatform%2Fvpc-network-tester/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoogleCloudPlatform%2Fvpc-network-tester/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/GoogleCloudPlatform","download_url":"https://codeload.github.com/GoogleCloudPlatform/vpc-network-tester/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":235146583,"owners_count":18943283,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appengine","cloudrun","diagnostic","serverless","vpc"],"created_at":"2024-09-28T15:11:46.917Z","updated_at":"2025-10-03T15:30:51.888Z","avatar_url":"https://github.com/GoogleCloudPlatform.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Serverless VPC Access Diagnostic Tools\n\nThis repository contains Google App Engine and Google Cloud Run services\nthat are deployable in a customer's project to diagnose and debug the\nconfiguration of serverless networking for the serverless services\nincluding the VPC Access connectors in the customer's\nproject.\n\nGoogle Cloud serverless solutions including App Engine, Cloud Functions, \nand Cloud Run are able to be optionally connected to a customer's\nVPC network through use of [Serverless VPC Access connectors](https://cloud.google.com/vpc/docs/configure-serverless-vpc-access).\n\n## Installation in your Google Cloud Project\n\nThis repository includes the same Python application packaged for use with either\nApp Engine or Cloud Run. Choose one of the two technologies and deploy\nthe service into your Google Cloud project. Once deployed, you will be able\nto run the same diagnostics with either solution.\n\n### Install Cloud Run service\n\nThe Cloud Run version builds a container image with Google Cloud Build that is\npushed to your project's Google Cloud Container Registry. It is possible to\nbuild this container image with the provided Dockerfile on your local machine\nbut the instructions below are for Cloud Build:\n\n1. Clone this repository from GitHub.\n1. Build container image (using Cloud Build):\n ```sh\n cd cloudrun\n gcloud builds submit --tag gcr.io/[PROJECT]/vpc-network-tester\n ```\n \n1. Deploy Cloud Run service to your project\n ```sh\n cd cloudrun\n gcloud run deploy [SERVICE_NAME] \\\n --platform=managed \\\n --region=[REGION] \\\n --image gcr.io/[PROJECT]/vpc-network-tester \\\n --vpc-connector=projects/[PROJECT]/locations/[REGION]/connectors/[CONNECTOR_NAME]\n ```\n\n### Install App Engine service\n\nThe App Engine version assumes you are already using Google App Engine and that\nyou already have a default service deployed. The instructions below include\noptionally choosing a different service name, and it is possible to use this as\nthe default service in your project.\n\n1. Clone this repository from GitHub.\n1. Modify appengine/app.yaml to:\n * Optionally: change the App Engine service name\n * Optionally: increase the instance class\n * Instance class in App Engine is the ammount of a CPU core and memory\n provided to your code. Latency (especially at the 95-99 percentile)\n and single-instance throughput\n can be impacted by the CPU availability, but connectivity testing\n won't be affected by increasing instance class.\n * Update vpc_access_connector name to reference your connector \n ([see instructions for where to find it](https://cloud.google.com/vpc/docs/configure-serverless-vpc-access))\n1. Optionally: Build iperf3 binary:\n * This step requires a local docker install to build the iperf3 binary.\n You can skip this step if you don't want to run iperf3 throughput tests.\n ```sh\n docker run -it --name iperf3-build alpine sh -c 'apk add gcc make git musl-dev \u0026\u0026 git clone https://github.com/esnet/iperf.git \u0026\u0026 cd iperf \u0026\u0026 LDFLAGS=-static ./configure --enable-shared=no --enable-static-bin \u0026\u0026 make \u0026\u0026 strip src/iperf3'\n docker cp iperf3-build:/iperf/src/iperf3 appengine\n docker rm iperf3-build\n ```\n1. Deploy App Engine service to your project\n ```sh\n cd appengine\n gcloud app deploy\n ```\n\n## Usage\n\nThis application presents a simple HTML UI on it's '/' path. Point a browser\nat this Cloud Run or App Engine SERVICE_HOSTNAME reported from either\n`gcloud run deploy` or `gcloud app deploy` command above to interact with the\nuser interface. This currently presents the ability to diagnose HTTP(s) GET\nan arbitrary URL, ICMP ping an arbitrary host or IP address, or run iperf3\nclient against an arbirary host.\n\nIn order to use iperf3, you must have an iperf3 server running on the host specified.\nThis can be a VM instance started in your VPC or anywhere reachable via the VPC\nconnector (or public internet).\n\n### Validating Serverless VPC Access\n\nThe examples below reference public hostnames, but private IP addresses are just as possible.\nIf the customer wishes to validate access to their services on their VPC or over a VPN to\ntheir on-premise services via an IP address (or GCE DNS custom domain) they can do so. An\nexample of NGINX running on a VM in a VPC Network attached by VPC Access:\n\nhttps://[SERVICE_HOSTNAME]/http?url=http%3A%2F%2F10.128.0.2\n\n```\ncurl --silent --verbose http://10.128.0.2\n\n* Rebuilt URL to: http://10.128.0.2/\n* Trying 10.128.0.2...\n* TCP_NODELAY set\n* Connected to 10.128.0.2 (10.128.0.2) port 80 (#0)\n\u003e GET / HTTP/1.1\n\u003e Host: 10.128.0.2\n\u003e User-Agent: curl/7.58.0\n\u003e Accept: */*\n\u003e\n\u003c HTTP/1.1 200 OK\n\u003c Server: nginx/1.10.3\n\u003c Date: Fri, 31 Jul 2020 21:39:24 GMT\n\u003c Content-Type: text/html\n\u003c Content-Length: 612\n\u003c Last-Modified: Fri, 27 Mar 2020 21:14:20 GMT\n\u003c Connection: keep-alive\n\u003c ETag: \"5e7e6cac-264\"\n\u003c Accept-Ranges: bytes\n\u003c\n{ [612 bytes data]\n* Connection #0 to host 10.128.0.2 left intact\n\u003c!DOCTYPE html\u003e\n\u003chtml\u003e\n\u003chead\u003e\n\u003ctitle\u003eWelcome to nginx!\u003c/title\u003e\n\u003cstyle\u003e\n body {\n width: 35em;\n margin: 0 auto;\n font-family: Tahoma, Verdana, Arial, sans-serif;\n }\n\u003c/style\u003e\n\u003c/head\u003e\n\u003cbody\u003e\n\u003ch1\u003eWelcome to nginx!\u003c/h1\u003e\n\u003cp\u003eIf you see this page, the nginx web server is successfully installed and\nworking. Further configuration is required.\u003c/p\u003e\n\n\u003cp\u003eFor online documentation and support please refer to\n\u003ca href=\"http://nginx.org/\"\u003enginx.org\u003c/a\u003e.\u003cbr/\u003e\nCommercial support is available at\n\u003ca href=\"http://nginx.com/\"\u003enginx.com\u003c/a\u003e.\u003c/p\u003e\n\n\u003cp\u003e\u003cem\u003eThank you for using nginx.\u003c/em\u003e\u003c/p\u003e\n\u003c/body\u003e\n\u003c/html\u003e\n```\n\n### Example HTTP Probe\n\nThe following is not left alive when I am not testing, but an example\nURL of https://[SERVICE_HOSTNAME]/ping?host=yahoo.com\noutputs:\n\n```\ncurl --silent --verbose http://yahoo.com\n\n* Rebuilt URL to: http://yahoo.com/\n* Trying 2001:4998:58:1836::10...\n* TCP_NODELAY set\n* Connected to yahoo.com (2001:4998:58:1836::10) port 80 (#0)\n\u003e GET / HTTP/1.1\n\u003e Host: yahoo.com\n\u003e User-Agent: curl/7.58.0\n\u003e Accept: */*\n\u003e\n\u003c HTTP/1.1 301 Moved Permanently\n\u003c Date: Fri, 31 Jul 2020 21:36:03 GMT\n\u003c Connection: keep-alive\n\u003c Server: ATS\n\u003c Cache-Control: no-store, no-cache\n\u003c Content-Type: text/html\n\u003c Content-Language: en\n\u003c X-Frame-Options: SAMEORIGIN\n\u003c Location: https://yahoo.com/\n\u003c Content-Length: 8\n\u003c\n{ [8 bytes data]\n* Connection #0 to host yahoo.com left intact\nredirect\n```\n\n### Example Ping\n\nThe following is not left alive when I am not testing, but an example\nURL of https://[SERVICE_HOSTNAME]/ping?host=yahoo.com\noutputs:\n\n```\nPING yahoo.com(media-router-fp2.prod1.media.vip.gq1.yahoo.com (2001:4998:c:1023::5)) 56 data bytes\n64 bytes from media-router-fp2.prod1.media.vip.gq1.yahoo.com (2001:4998:c:1023::5): icmp_seq=1 time=52.1 ms\n64 bytes from media-router-fp2.prod1.media.vip.gq1.yahoo.com (2001:4998:c:1023::5): icmp_seq=2 time=98.5 ms\n64 bytes from media-router-fp2.prod1.media.vip.gq1.yahoo.com (2001:4998:c:1023::5): icmp_seq=3 time=50.7 ms\n64 bytes from media-router-fp2.prod1.media.vip.gq1.yahoo.com (2001:4998:c:1023::5): icmp_seq=4 time=50.6 ms\n\n--- yahoo.com ping statistics ---\n4 packets transmitted, 4 received, 0% packet loss, time 3002ms\nrtt min/avg/max/mdev = 50.695/63.049/98.581/20.524 ms\n```\n\n### Example IPerf3\n\nThis example requires having an IPerf3 server running for the client to connect to. The most relevant\nuse case is via VPC Access to a VM on a VPC in the same region. This specific example runs a single\ninstance communicating to the default iperf3 port on a single server. To perform more exhaustive and\nrepresentative performance testing, multiple instances should be run in parallel via an HTTP automation\ntrigger that can trigger multiple HTTP requests in parallel (e.g. Apache Bench)\n\nhttps://[SERVICE_HOSTNAME]/iperf?host=10.128.0.2\n\n```\nConnecting to host 10.128.0.2, port 5201\n[ 4] local 169.254.8.1 port 30011 connected to 10.128.0.2 port 5201\n[ ID] Interval Transfer Bandwidth Retr Cwnd\n[ 4] 0.00-1.00 sec 73.6 MBytes 616 Mbits/sec 0 0.00 Bytes\n[ 4] 1.00-2.00 sec 78.6 MBytes 660 Mbits/sec 0 0.00 Bytes\n[ 4] 2.00-3.00 sec 49.0 MBytes 411 Mbits/sec 0 0.00 Bytes\n[ 4] 3.00-4.00 sec 69.6 MBytes 584 Mbits/sec 0 0.00 Bytes\n[ 4] 4.00-5.00 sec 71.0 MBytes 594 Mbits/sec 0 0.00 Bytes\n[ 4] 5.00-6.00 sec 71.1 MBytes 598 Mbits/sec 0 0.00 Bytes\n[ 4] 6.00-7.00 sec 67.4 MBytes 565 Mbits/sec 0 0.00 Bytes\n[ 4] 7.00-8.01 sec 83.6 MBytes 697 Mbits/sec 0 0.00 Bytes\n[ 4] 8.01-9.00 sec 82.1 MBytes 693 Mbits/sec 0 0.00 Bytes\n[ 4] 9.00-10.00 sec 77.4 MBytes 648 Mbits/sec 0 0.00 Bytes\n- - - - - - - - - - - - - - - - - - - - - - - - -\n[ ID] Interval Transfer Bandwidth Retr\n[ 4] 0.00-10.00 sec 723 MBytes 607 Mbits/sec 0 sender\n[ 4] 0.00-10.00 sec 723 MBytes 606 Mbits/sec receiver\n\niperf Done.\n```\n\nIPERF3 URL above supports additional query string parameters that are not exposed in the UI:\n\n| Query String Parameter | Description | Default |\n|------------------------|---------------------------------------------------------|-----------|\n| udp | Run bandwidth generator with UDP packets instead of TCP | off |\n| bandwidth | Attempt to meet specified bandwidth (mbps) | max (tcp) |\n| plen | Packet size to send (bytes) | MTU |\n| npackets | Finish after sending specified number of packets | use time |\n| streams | Number of parallel TCP sessions to use | 1 |\n| port | Port number of the iperf3 server | 5201 |\n| time | Length of type to send bandwidth traffic for (sec) | 10 |\n\n\nExample of running 20 simultaneous instances each running 20 simultaneous TCP streams for 30\nseconds each and repeating the invocations to generate load for an hour:\n\n```\nfor i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20; do\n ab -s 600 -n 1000 https://[SERVICE_HOSTNAME]/iperf?host=10.128.0.2\\\u0026streams=20\\\u0026time=30\\\u0026port=$((i+5200)) \u003e\u0026 log_$((i)) \u003c /dev/null \u0026\ndone\n```\n\n## Uninstallation from your Google Cloud Project\n\n### Uninstall Cloud Run Service\n\n```sh\ngcloud run --platform=managed --region=[REGION] services delete [SERVICE_NAME]\n```\n\n### Uninstall App Engine Service\n\n```sh\ngcloud app services delete [SERVICE_NAME]\n```\n\nThis is not an official Google product.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgooglecloudplatform%2Fvpc-network-tester","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgooglecloudplatform%2Fvpc-network-tester","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgooglecloudplatform%2Fvpc-network-tester/lists"}