HEX
Server: Apache/2.4.65 (Ubuntu)
System: Linux ielts-store-v2 6.8.0-1036-gcp #38~22.04.1-Ubuntu SMP Thu Aug 14 01:19:18 UTC 2025 x86_64
User: root (0)
PHP: 7.2.34-54+ubuntu20.04.1+deb.sury.org+1
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /snap/google-cloud-cli/396/help/man/man1/
Upload Files
File: //snap/google-cloud-cli/396/help/man/man1/gcloud_compute_packet-mirrorings_create.1
.TH "GCLOUD_COMPUTE_PACKET\-MIRRORINGS_CREATE" 1



.SH "NAME"
.HP
gcloud compute packet\-mirrorings create \- create a Compute Engine packet mirroring policy



.SH "SYNOPSIS"
.HP
\f5gcloud compute packet\-mirrorings create\fR \fINAME\fR \fB\-\-collector\-ilb\fR=\fICOLLECTOR_ILB\fR \fB\-\-network\fR=\fINETWORK\fR [\fB\-\-async\fR] [\fB\-\-description\fR=\fIDESCRIPTION\fR] [\fB\-\-no\-enable\fR] [\fB\-\-filter\-cidr\-ranges\fR=[\fICIDR_RANGE\fR,...]] [\fB\-\-filter\-direction\fR=\fIDIRECTION\fR] [\fB\-\-filter\-protocols\fR=[\fIPROTOCOL\fR,...]] [\fB\-\-mirrored\-instances\fR=[\fIINSTANCE\fR,...]] [\fB\-\-mirrored\-subnets\fR=[\fISUBNET\fR,...]] [\fB\-\-mirrored\-tags\fR=[\fITAG\fR,...]] [\fB\-\-region\fR=\fIREGION\fR] [\fIGCLOUD_WIDE_FLAG\ ...\fR]



.SH "DESCRIPTION"

Create a Compute Engine packet mirroring policy.



.SH "EXAMPLES"

Mirror all tcp traffic to/from all instances in subnet my\-subnet in
us\-central1, and send the mirrored traffic to the collector\-fr Forwarding
Rule.

.RS 2m
$ gcloud compute packet\-mirrorings create my\-pm \e
    \-\-network my\-network \-\-region us\-central1 \e
    \-\-mirrored\-subnets my\-subnet \-\-collector\-ilb collector\-fr \e
    \-\-filter\-protocols tcp
.RE

Mirror all traffic between instances with tag t1 and external server with IP
11.22.33.44 in us\-central1, and send the mirrored traffic to the collector\-fr
Forwarding Rule.

.RS 2m
$ gcloud compute packet\-mirrorings create my\-pm \e
    \-\-network my\-network \-\-region us\-central1 \-\-mirrored\-tags t1 \e
    \-\-collector\-ilb collector\-fr \-\-filter\-cidr\-ranges 11.22.33.44/32
.RE



.SH "POSITIONAL ARGUMENTS"

.RS 2m
.TP 2m
\fINAME\fR

Name of the packet mirroring to create.


.RE
.sp

.SH "REQUIRED FLAGS"

.RS 2m
.TP 2m
\fB\-\-collector\-ilb\fR=\fICOLLECTOR_ILB\fR

Forwarding rule configured as collector. This must be a regional forwarding rule
(in the same region) with load balancing scheme INTERNAL and
isMirroringCollector set to true.

You can provide this as the full URL to the forwarding rule, partial URL, or
name. For example, the following are valid values:
.RS 2m
.IP "\(em" 2m
https://compute.googleapis.com/compute/v1/projects/myproject/
regions/us\-central1/forwardingRules/fr\-1
.IP "\(em" 2m
projects/myproject/regions/us\-central1/forwardingRules/fr\-1
.IP "\(em" 2m
fr\-1
.RE
.sp

.TP 2m
\fB\-\-network\fR=\fINETWORK\fR

Network for this packet mirroring. Only the packets in this network will be
mirrored. It is mandatory that all mirrored VMs have a network interface
controller (NIC) in the given network. All mirrored subnetworks should belong to
the given network.

You can provide this as the full URL to the network, partial URL, or name. For
example, the following are valid values:
.RS 2m
.IP "\(em" 2m
https://compute.googleapis.com/compute/v1/projects/myproject/
global/networks/network\-1
.IP "\(em" 2m
projects/myproject/global/networks/network\-1
.IP "\(em" 2m
network\-1
.RE
.sp


.RE
.sp

.SH "OPTIONAL FLAGS"

.RS 2m
.TP 2m
\fB\-\-async\fR

Return immediately, without waiting for the operation in progress to complete.

.TP 2m
\fB\-\-description\fR=\fIDESCRIPTION\fR

Optional, textual description for the packet mirroring.

.TP 2m
\fB\-\-enable\fR

Enable or disable the packet\-mirroring. Enabled by default, use
\fB\-\-no\-enable\fR to disable.

.TP 2m
\fB\-\-filter\-cidr\-ranges\fR=[\fICIDR_RANGE\fR,...]

One or more IPv4 or IPv6 CIDR ranges that apply as filters on the source
(ingress) or destination (egress) IP in the IP header. If no ranges are
specified, all IPv4 traffic that matches the specified IPProtocols is mirrored.
If neither cidrRanges nor IPProtocols is specified, all IPv4 traffic is
mirrored. To mirror all IPv4 and IPv6 traffic, use 0.0.0.0/0,::/0

.TP 2m
\fB\-\-filter\-direction\fR=\fIDIRECTION\fR

.RS 2m
.IP "\(em" 2m
For \f5ingress\fR, only ingress traffic is mirrored.
.IP "\(em" 2m
For \f5egress\fR, only egress traffic is mirrored.
.IP "\(em" 2m
For \f5both\fR (default), both directions are mirrored. \fIDIRECTION\fR must be
one of: \fBboth\fR, \fBegress\fR, \fBingress\fR.
.RE
.sp

.TP 2m
\fB\-\-filter\-protocols\fR=[\fIPROTOCOL\fR,...]

List of IP protocols that apply as filters for packet mirroring traffic. If
unspecified, the packet mirroring applies to all traffic. PROTOCOL can be one of
tcp, udp, icmp, esp, ah, ipip, sctp, or an IANA protocol number.

.TP 2m
\fB\-\-mirrored\-instances\fR=[\fIINSTANCE\fR,...]

List of instances to be mirrored. You can provide this as the full or valid
partial URL to the instance. For example, the following are valid values:
.RS 2m
.IP "\(em" 2m
https://compute.googleapis.com/compute/v1/projects/myproject/
zones/us\-central1\-a/instances/instance\-
.IP "\(em" 2m
projects/myproject/zones/us\-central1\-a/instances/instance\-1
.RE
.sp

.TP 2m
\fB\-\-mirrored\-subnets\fR=[\fISUBNET\fR,...]

List of subnets to be mirrored. You can provide this as the full URL to the
subnet, partial URL, or name. For example, the following are valid values:
.RS 2m
.IP "\(em" 2m
https://compute.googleapis.com/compute/v1/projects/myproject/
regions/us\-central1/subnetworks/subnet\-1
.IP "\(em" 2m
projects/myproject/regions/us\-central1/subnetworks/subnet\-1
.IP "\(em" 2m
subnet\-1
.RE
.sp

.TP 2m
\fB\-\-mirrored\-tags\fR=[\fITAG\fR,...]

List of virtual machine instance tags to be mirrored.

To read more about configuring network tags, read this guide:
https://cloud.google.com/vpc/docs/add\-remove\-network\-tags

The virtual machines with the provided tags must live in zones contained in the
same region as this packet mirroring.

.TP 2m
\fB\-\-region\fR=\fIREGION\fR

Region of the packet mirroring to create. Overrides the default
\fBcompute/region\fR property value for this command invocation.


.RE
.sp

.SH "GCLOUD WIDE FLAGS"

These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.

Run \fB$ gcloud help\fR for details.



.SH "NOTES"

These variants are also available:

.RS 2m
$ gcloud alpha compute packet\-mirrorings create
.RE

.RS 2m
$ gcloud beta compute packet\-mirrorings create
.RE
@ Telegram