Stay organized with collections
Save and categorize content based on your preferences.
You can run Connectivity Tests directly from Flow Analyzer to
validate the connectivity between two endpoints. You can also run these tests
to understand the path between two resources. When you run Connectivity Tests,
note that the tests uses the existing configuration. So, if you run the tests
two weeks after the actual log event, Connectivity Tests does not use
the historical configuration.
While running a test, the following attributes are used in the test
definition:
Source IP
Source Project
Source Network (for internal IP addresses)
Destination IP (for internal IP addresses)
Destination Project (for internal IP addresses)
Destination Network (for internal IP addresses)
Destination Port
Protocol
If these parameters are not available in the traffic information, the
Connectivity Test fails. For example, if you group traffic in
Flow Analyzer only by Source VPC and Destination
VPC, this information
is not sufficient to run Connectivity Tests.
Connectivity Tests can fail due to the following reasons:
If the resources shown in VPC Flow Logs no longer exist.
If the test is executed from server to client and traffic in that
direction (other than return traffic) cannot be initiated.
Before you begin
In the Google Cloud console, on the project selector page,
select or create a Google Cloud project.
Make sure the user role has the following permissions:
compute.networks.list
Because the tests are run through internal API, the results are ephemeral and
users are not billed for running the tests. The results are not stored
and are not accessible after closing the results panel.
Run Connectivity Tests
To run Connectivity Tests from Flow Analyzer, do the following:
Console
In the Google Cloud console, go to the Flow Analyzer page.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-28 UTC."],[],[],null,["# Run Connectivity Tests\n\nYou can run Connectivity Tests directly from Flow Analyzer to\nvalidate the connectivity between two endpoints. You can also run these tests\nto understand the path between two resources. When you run Connectivity Tests,\nnote that the tests uses the existing configuration. So, if you run the tests\ntwo weeks after the actual log event, Connectivity Tests does not use\nthe historical configuration.\n\nWhile running a test, the following attributes are used in the test\ndefinition:\n\n- Source IP\n- Source Project\n- Source Network (for internal IP addresses)\n- Destination IP (for internal IP addresses)\n- Destination Project (for internal IP addresses)\n- Destination Network (for internal IP addresses)\n- Destination Port\n- Protocol\n\nIf these parameters are not available in the traffic information, the\nConnectivity Test fails. For example, if you group traffic in\nFlow Analyzer only by Source VPC and Destination\nVPC, this information\nis not sufficient to run Connectivity Tests.\n| **Note:** The existing resource configuration is used to perform the analysis.\n\nConnectivity Tests can fail due to the following reasons:\n\n- If the resources shown in VPC Flow Logs no longer exist.\n- If the test is executed from server to client and traffic in that direction (other than return traffic) cannot be initiated.\n\nBefore you begin\n----------------\n\n1. In the Google Cloud console, on the project selector page,\n select or create a Google Cloud project.\n\n | **Note**: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.\n\n [Go to project selector](https://console.cloud.google.com/projectselector2/home/dashboard)\n2. [Enable the Network Management API](/network-intelligence-center/docs/connectivity-tests/reference/enable-api).\n\n3. Make sure the user role has the following permissions:\n `compute.networks.list`\n\n Because the tests are run through internal API, the results are ephemeral and\n users are not billed for running the tests. The results are not stored\n and are not accessible after closing the results panel.\n\nRun Connectivity Tests\n----------------------\n\nTo run Connectivity Tests from Flow Analyzer, do the following: \n\n### Console\n\n1. In the Google Cloud console, go to the **Flow Analyzer** page.\n\n [Go to Flow Analyzer](https://console.cloud.google.com/net-intelligence/flow-analyzer)\n2. Select a log bucket. By default, flow logs are stored in\n the **_Default** log bucket and accessible in the **_Default** log view.\n\n3. Select the time range for which you want to run the query.\n\n4. In the **Traffic** menu, select one of the following options:\n\n - **Source - Destination:** Aggregate the traffic from the source to the destination.\n - **Client - Server:** Aggregate the traffic in both directions by considering the resources with lower port numbers and service definitions as servers.\n5. Optional: In the **Filter** lists, select one or more filters.\n\n6. Organize the query results by using the **Organize flows by** lists.\n The following fields are required:\n\n - Source IP address\n - Source VPC network or VPC network project ID\n - Destination IP address\n7. Click **Run new query**.\n\n8. In the **All data flows** table, click **Run** for any flow.\n\nWhat's next\n-----------\n\n- [Analyze your traffic flows](/network-intelligence-center/docs/flow-analyzer/analyze-traffic-flows)\n- [Monitor your traffic flows](/network-intelligence-center/docs/flow-analyzer/monitor-traffic-flows)\n- [Troubleshoot data issues in Flow Analyzer](/network-intelligence-center/docs/flow-analyzer/manage-flow-analyzer)"]]
