Maximum number of connections from VM to a single internet endpoint (IP:port).
Which is somewhat confusing, because the use of VM in the docs seems to refer to a VM utilizing the Cloud NAT Gateway. I’m confused as to how this would map when we have multiple VMs behind the NAT. If was referring to the ports on the NAT, I would expect the scale to be more 0-65k per IP
Does anyone know specifically what port_usage represents?
This metric is a health indicator for your Google Cloud NAT gateway. It doesn’t measure the total number of connections going through your NAT. Instead, it gives you the highest number of ports being used by a single VM to connect to a single destination IP address and port. It helps you spot and prevent a specific type of problem called destination port exhaustion, where one of your VMs overwhelms a single external service with too many connections.
While there is no maximum number of ports a single VM can use for a single destination is determined dynamically by Cloud NAT’s internal logic, it is primarily influenced by the “Minimum ports per VM instance” setting.
Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.
Thanks for the reply, and for explaining the metric; that clears up my confusion.
If I’m understanding what you’re saying, port exhaustion is the gateway not having the capacity to accept inbound connections from VMs, not that it doesn’t have capacity for outbound connections to destinations?
Cloud NAT is for outbound (egress) connections only. It allows VMs without public IPs to initiate connections to the internet. Port exhaustion happens when a VM requests to make a new outbound connection, but the NAT gateway has no available external source ports to assign to that connection.
Understood. I think what confused me was this statement:
Instead, it gives you the highest number of ports being used by a single VM to connect to a single destination IP address and port.
But specifically, a new port is used whenever the the 5-tuple is unique (dest IP, dest Port, dest protocol, source IP, source port). If there was a large number of separate processes on the same VM to the same destination tuple, then the NAT would need an external port per-process, so-to-speak.
I think I’m straight with the metric now - I appreciate the help!