A mirroring deployment is a zonal deployment of a producer's third-party appliances. Mirroring deployment acts as a backend to an internal passthrough Network Load Balancer, providing network services on the traffic mirrored from the consumer networks.
The mirroring deployments are grouped in mirroring deployment groups across different locations within a project for easier consumption and management.
This document provides a detailed overview of mirroring deployments and their capabilities.
Specifications
-
A mirroring deployment is a project-level resource created at the zonal-level.
-
You can deploy only one mirroring deployment per zone and group.
-
Each mirroring deployment is associated with a mirroring deployment group. You can associate a mirroring deployment with exactly one deployment group.
-
A mirroring deployment references the forwarding rule that points to the backend services where the third-party appliances are deployed to provide mirroring services. This forwarding rule handles the traffic sent to the mirroring deployment. The forwarding rule must use the network specified in the mirroring deployment group.
-
Each mirroring deployment is uniquely identified by a URL with the following elements:
- Project ID: ID of the project.
- Location: scope of the mirroring deployment. Location is always set to the zone it resides in.
- Name: mirroring deployment name in the following format:
- A string 1-63 characters long
- Includes only lowercase alphanumeric characters or hyphens (-)
- Must start with a letter
To construct a unique URL identifier for a mirroring deployment, use the following format:
projects/ PROJECT_ID /locations/ ZONE /mirroringDeployments/ DEPLOYMENTReplace the following:
-
PROJECT_ID: ID of the project -
ZONE: zone of the mirroring deployment -
DEPLOYMENT: name of the mirroring deployment
For example, project
2345678432in zoneus-east1-awith mirroring deploymentexample-mirroring-deploymentshas the following unique identifier:projects/2345678432/locations/us-east1-a/mirroringDeployments/example-mirroring-deployments
Identity and Access Management roles
Identity and Access Management (IAM) roles govern the following actions for managing the mirroring deployments:
- Creating a mirroring deployment in a project
- Modifying or deleting a mirroring deployment
- Viewing details about a mirroring deployment
- Viewing all the mirroring deployments configured in your project
The following table describes the roles that are necessary for each step.
networksecurity.mirroringDeploymentAdmin
)
on the project where the mirroring deployment is created.networksecurity.mirroringDeploymentAdmin
)
on the project where the mirroring deployment is created.- Mirroring Deployment Admin role (
networksecurity.mirroringDeploymentAdmin) - Mirroring Deployment Viewer role (
networksecurity.mirroringDeploymentViewer)
- Mirroring Deployment Admin role (
networksecurity.mirroringDeploymentAdmin) - Mirroring Deployment Viewer role (
networksecurity.mirroringDeploymentViewer)
networksecurity.mirroringDeploymentAdmin
)
on the project.Quotas
To view quotas associated with mirroring deployments, see Quotas and limits .
