The new sweet pricing for the Cloud NAT: need a clarification

[Kirill Katsnelson]

The Cloud NAT documentation explains the new pricing that just came into effect:

Starting January 1st, 2020, Google Cloud will start charging you based on the number VM instances that are using your Cloud NAT. Google Cloud only counts VM instances that get a NAT assignment. [...]

Google Cloud will charge $0.0014/hr for each VM instance up to a maximum of $0.044/hr (32 or more instances). Gateways that are serving instances beyond the maximum number are charged at the maximum rate. Compared to the current pricing model, you will be charged less if you have less than 32 instances that are using a Cloud NAT gateway. If you have 32 or more instances using a gateway, you will be charged the same rate.

The bold highlighting is mine. What does exactly constitute the “using” of the gateway when access is intermittent? Suppose the hypothetical:

The VM A calls out to the Internet (let's assume some short-lived activity, like doing an apt-upgrade). Then the next day, a different VM, B, is doing same thing, downloads data for a few minutes then becomes quiescent. How many VM are using the gateway? And how long each of them is considered using the gateway it after it ceased public internet access? tcp-established-idle-timeout?

Thanks,

 -kkm

[Anurag Sharma]

Total cost for running the NAT gateway and running traffic through it is as follows:

total cost for running the gateway = hourly cost for the NAT gateway + cost per GB for traffic processed by the gateway + egress costs for any traffic leaving the network. Once the VM has ceased public internet access, it is no longer considered to be using the gateway. 

Cloud NAT is not used in following cases [1]

[1]:  https://cloud.google.com/nat/docs/overview#nat-not-performed

[Kirill Katsnelson]

On Friday, January 3, 2020 at 7:49:04 AM UTC-8, Anurag Sharma wrote:

 Once the VM has ceased public internet access, it is no longer considered to be using the gateway. 

Aha, thank you Anurag! That what is missing from the documentation!

I guess the word "ceased" here precisely means that all VM's connections through the gateway have either been closed (in the case of TCP), or expired due to idle timeouts (those configured with --tcp-established-idle-timeout and --{udp,icmp}-idle-timeout)? Is this correct?

 -kkm

[Anurag Sharma]

That is correct. 

[Kirill Katsnelson]

Thank you Anurag, this info is super-helpful. I'm always trying to get to the bottom of things to understand what the machinery I use is doing precisely, and this discussion made everything crystal-clear.

May I put up an FR to add these points to the documentation? It's going to be touched up by someone in the near future anyway--it currently says the change will take effect on 01/01, but it already have. Maybe it's a good time to add mode clarity on what "using" a gateway is: it did not matter, but now it is because it's not prix fixe anymore :). I'll post a feedback under the pricing page with a link to this thread, if that's all to be done--but maybe you'll consider to register the FR internally, if you feel it would be helpful. I have seen a few of my docs feedback suggestions implemented, so I know you guys take it very seriously; thank you very much for listening to us the users.

Thanks again,

 -kkm

[Anurag Sharma]

I appreciate that you were satisfied with the answer. Please note that the explanation provided to you in my previous comments was out of my understanding of the product. However, if you want to go through the documentation about when the NAT is not performed on the traffic, please go through the article [1]

 

[1]: https://cloud.google.com/nat/docs/overview#nat-not-performed 

[Kirill Katsnelson]

Thank you, this board is great, and you guys are doing awesome work helping the users understand the system! I've been using only a small part of GCP. GCE primarily, a couple of Cloud Funtcions to do some admin tasks for me, like cleaning up stuff that is too old, or has piled up too many versions, or has a special temporary label left over from scripts that did not complete), KMS, GS--and that's basically it. And it's still overwhelming, even after nearly a year of using it--and I'm far from being a novice in IT, and an ex-Google SWE. [Insert that dog-in-the-lab meme here :)].

Just to keep you in the loop, I posted a feedback item under the pricing page with a request to update it (it's stale anyway, so someone is going to touch it up soon), with a link to this thread.

Thanks for your help, really appreciate it!

 -kkm