Simple Log Service and Cloud Enterprise Network (CEN) jointly launch the flow log feature that is used to capture the cross-region traffic data between transit routers and traffic data over Virtual Border Router (VBR) connections. This helps you analyze bandwidth usage, troubleshoot network errors, and reduce traffic costs. This topic describes the assets, billing, and limits of the flow log feature.
Introduction
The flow log feature aggregates traffic data that is captured within a specified time window and writes the aggregated traffic data as flow logs to Simple Log Service. You can query and analyze the logs in the Simple Log Service console.
The traffic data that is captured varies based on the object from which the traffic data is captured.
Assets
Custom project and Logstore
ImportantDo not delete the project or Logstore that is related to flow logs. Otherwise, flow logs cannot be sent to Simple Log Service.
When you create a custom Logstore, note that billable items that are involved vary based on the billing mode of the Logstore. For more information, see Billable items.
Dedicated dashboards
None
Billing
After you enable the flow log feature for a transit router, you are charged the following fees:
Fee of network log extraction
The fee is generated based on the amount of log data that is extracted. The fee is included in the bills of CEN transit routers.
NoteNetwork log extraction is currently free of charge. Alibaba Cloud will announce updates if any.
Fee of Simple Log Service usage
The traffic data that is captured by the flow log feature is stored as flow logs in Simple Log Service. You can view and analyze the logs in Simple Log Service. If the custom Logstore uses the pay-by-feature billing mode, you are charged for storage and indexes. The fees are included in the bills of Simple Log Service. For more information, see Billable items of pay-by-feature.
The traffic data that is captured by the flow log feature is stored as flow logs in Simple Log Service. You can view and analyze the logs in Simple Log Service. If the custom Logstore uses the pay-by-ingested-data billing mode, you are charged for storage. The fees are included in the bills of Simple Log Service. For more information, see Billable items of pay-by-ingested-data.
Limits
Only Enterprise Edition transit routers support the flow log feature. Basic Edition transit routers do not support the flow log feature.
If you want to use flow logs in a region where a Basic Edition transit router is deployed, upgrade the transit router from Basic Edition to Enterprise Edition first. For more information, see Upgrade transit routers from Basic Edition to Enterprise Edition.
Only flow logs in the following regions can capture the information about network traffic over VBR connections:
China (Hangzhou), China (Shanghai), China (Nanjing-Local Region), China (Shenzhen), China (Heyuan), China (Guangzhou), China (Qingdao), China (Beijing), China (Zhangjiakou), China (Hohhot), China (Ulanqab), China (Chengdu), Singapore, China (Hong Kong), Malaysia (Kuala Lumpur), Indonesia (Jakarta), Philippines (Manila), Japan (Tokyo), Germany (Frankfurt), UK (London), US (Virginia), US (Silicon Valley), and Australia (Sydney) Closing Down.
Flow logs are used to capture information about outbound traffic on transit routers. Information about inbound traffic on transit routers is not captured.
For example, an Elastic Compute Service (ECS) instance in the US (Silicon Valley) region accesses an ECS instance in the US (Virginia) region through CEN. After you enable the flow log feature for the transit router in the US (Virginia) region, you can check the log entries about packets sent from the ECS instance in the US (Virginia) region to the ECS instance in the US (Silicon Valley) region. However, packets sent from the ECS instance in the US (Silicon Valley) region to the ECS instance in the US (Virginia) region are not recorded. If you want to record the packets sent from the ECS instance in the US (Silicon Valley) region to the ECS instance in the US (Virginia) region, you must also enable the flow log feature on the transit router that is in the US (Silicon Valley) region.
If a TCP connection only contains packets for connection establishment, connection reset, or connection closure, the flow logs of the forwarding router will not record the TCP connection.
For example, if a TCP connection does not complete the three-way handshake, or if the client connection request is reset by a firewall, the flow logs will not record the connection. This is designed to prevent a large number of flow logs from being generated due to TCP scanning attacks.