Menu
I've started a simple Tomcat webserver in Google Cloud Platform, this month I was charged for a service called 'Compute Engine Network Internet Egress from Americas to China: 2636.552 Gibibyte (Project:xxx)' and for the service 'Compute Engine Network Internet Egress from Americas to Americas'.
What does 'Compute Engine Network Internet Egress from America to China' really mean?
805
Egress traffic is charged based on whether the traffic uses an internal or external IP address, whether the traffic crosses zone or region boundaries within Google Cloud, whether the traffic leaves or stays inside Google Cloud, and the network tier of traffic that leaves Google's network.
Ingress rules apply to packets for new sessions where the destination of the packet is the target. The egress direction describes traffic sent from a target to a destination. Egress rules apply to packets for new sessions where the source of the packet is the target.
C. Default network, auto network, and custom network.
Compute Engine provides machine type recommendations to help you optimize the resource utilization of your virtual machine (VM) instances. Use these recommendations to resize your instance's machine type to more efficiently use the instance's resources.
Just to make sure we're on the same page regarding terminology:
As you can see from the Google Cloud Platform network pricing page, ingress traffic is free, while egress traffic is charged based on the source and destination of such traffic.
So in your examples:
Compute Engine Network Internet Egress from Americas to China [...]
means that your data, stored in Americas in Google Cloud Platform, was downloaded from China.
Compute Engine Network Internet Egress from Americas to Americas [...]
means that your data, stored in Americas in Google Cloud Platform, was downloaded from Americas.
If this was not expected or intended, i.e., you wanted to run a private server, it's possible that these are just bots hitting your server and downloading every possible HTML page, image file, clicking on every link, etc. This means that you should put some authentication/authorization in front of your Tomcat server to make sure that it's not automatically crawled or attacked by every bot out there that just scans all IPs and attempts to connect to every port in the hopes of downloading useful data.
Consider IP filtering as well, or a firewall configuration which does not respond to requests from IP ranges you won't expect to use your service. Again, remember that ingress traffic is free, so as long as you don't generate any outbound traffic for a given request, you won't be charged.
Note that you can stop good, standards-abiding web crawlers using /robots.txt approach, but you still need to protect your service from the not-so-good actors.
175
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
