What does 'Compute Engine Network Internet Egress' mean to Google Cloud?

cloud google-cloud-platform google-cloud-storage google-compute-engine
36,552

Just to make sure we're on the same page regarding terminology:

  • ingress: traffic entering or uploaded into Google Cloud Platform
  • egress: traffic exiting or downloaded from Google Cloud Platform

As you can see from the Google Cloud Platform network pricing page, ingress traffic is free, while egress traffic is charged based on the source and destination of such traffic.

So in your examples:

Compute Engine Network Internet Egress from Americas to China [...]

means that your data, stored in Americas in Google Cloud Platform, was downloaded from China.

Compute Engine Network Internet Egress from Americas to Americas [...]

means that your data, stored in Americas in Google Cloud Platform, was downloaded from Americas.

If this was not expected or intended, i.e., you wanted to run a private server, it's possible that these are just bots hitting your server and downloading every possible HTML page, image file, clicking on every link, etc. This means that you should put some authentication/authorization in front of your Tomcat server to make sure that it's not automatically crawled or attacked by every bot out there that just scans all IPs and attempts to connect to every port in the hopes of downloading useful data.

Consider IP filtering as well, or a firewall configuration which does not respond to requests from IP ranges you won't expect to use your service. Again, remember that ingress traffic is free, so as long as you don't generate any outbound traffic for a given request, you won't be charged.

Note that you can stop good, standards-abiding web crawlers using /robots.txt approach, but you still need to protect your service from the not-so-good actors.

Share:
36,552

Related videos on Youtube

nanndoj
Author by

nanndoj

http://nanndoj.com

Updated on July 09, 2022

Comments

  • nanndoj
    nanndoj almost 2 years

    I've started a simple Tomcat webserver in Google Cloud Platform, this month I was charged for a service called 'Compute Engine Network Internet Egress from Americas to China: 2636.552 Gibibyte (Project:xxx)' and for the service 'Compute Engine Network Internet Egress from Americas to Americas'.

    What does 'Compute Engine Network Internet Egress from America to China' really mean?

  • Jigar Navadiya
    Jigar Navadiya almost 6 years
    If you have compute instance which intended to serve to global traffic (worldwide users), then what should be the configuration of GCE? So basically, how can one avoid egress charges for global website?
  • Misha Brukman
    Misha Brukman almost 6 years
    @JigarNavadiya — if you intend to serve traffic to users, then you have to pay for that network egress. If you block all egress (or ingress) traffic, then your website won't serve any users. My suggestions were about blocking unwanted egress traffic. If that does not address your question, please create a new question with more details and context.
  • Amit Singh
    Amit Singh almost 5 years
    @MishaBrukman If we are moving data outside GCP into say another cloud platform, say S3, will that be counted as network egress?
  • Misha Brukman
    Misha Brukman almost 5 years
    @AmitSingh — yes, any movement of data outside of GCP is considered "egress" regardless of the destination.
  • forresthopkinsa
    forresthopkinsa over 4 years
    For anyone looking to add firewall rules to block Chinese connections, I posted exactly that here
  • WinEunuuchs2Unix
    WinEunuuchs2Unix over 2 years
    So the first thing to do setting up a webstie on GCP is to block users from certain regions from signing on too often to view web pages? You get 1 GB of egress free per month. For all I know I have to block Google in China from accessing my Google website hosted in Iowa for free. I think GCP should provide the tools to protect against DDOS and Users / Bots out of region, etc.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Why does google CloudShell not have the same subnet IP address as my vm instance? Cannot ssh, but can get serial port login: prompt
Google Cloud : Remove account form google-sudoers
Google Compute Engine : Use snapshot from another project?
How can size of the root disk in Google Compute Engine be increased?
How can I access a file of storage with dart Google Storage API
Google Cloud Functions: Return valid JSON
Assigning scopes to a gcloud service account
GCP Deployment Manager: 403 does not have storage.buckets.get access
google compute engine tool gcloud is exceptionally slow
How can I paste from the clipboard?