Version 1.6. This version is no longer supported. For information about how to upgrade to version 1.7, see Upgrading Anthos on bare metal in the 1.7 documentation. For more information about supported and unsupported versions, see the Version history page in the latest documentation.
Google Distributed Cloud requires an internet connection for operational purposes.
Google Distributed Cloud retrieves cluster components from Container Registry and the cluster is
registered with Connect.
You can connect to Google using the public internet (with HTTPS), through a
Virtual Private Network (VPN), or through a
Dedicated Interconnect.
Internal network requirements
Google Distributed Cloud can work with L2 or L3 connectivity between cluster nodes and
requires load balancer nodes be in the same L2 domain. The load balancer nodes
can be the control plane nodes or a dedicated set of nodes. See Choosing and
configuring load balancers for
configuration information.
The L2 network requirement applies whether you run the load balancer on the
control plane node pool or in a dedicated set of nodes.
The requirements for load balancer machines are:
All load balancers for a given cluster are in the same L2 domain.
All VIPs must be in the load balancer machine subnet and routable to the
gateway of the subnet.
Users are responsible to allow ingress load balancer traffic.
Single user cluster deployment with high availability
The following diagram illustrates a number of key networking concepts for
Google Distributed Cloud in one possible network configuration.
The control plane nodes run load balancers, and they are all on the same L2
network, while other connections, including worker nodes, only require L3
connectivity.
Configuration files define IP addresses for worker node pools, as well as
virtual IP addresses for Services, for ingress and for control plane
(Kubernetes API) access.
A connection to Google Cloud is also required.
Port usage
This section shows how UDP and TCP ports are used on cluster and load balancer
nodes.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eGoogle Distributed Cloud requires an internet connection to retrieve cluster components and register the cluster.\u003c/p\u003e\n"],["\u003cp\u003eConnectivity to Google can be established via the public internet (HTTPS), VPN, or Dedicated Interconnect.\u003c/p\u003e\n"],["\u003cp\u003eLoad balancer nodes in Google Distributed Cloud must reside within the same L2 domain, regardless of whether they are control plane nodes or a separate set.\u003c/p\u003e\n"],["\u003cp\u003eMaster, worker, and load balancer nodes utilize specific UDP and TCP ports for various functions, including GENEVE encapsulation, cluster management, and health checks.\u003c/p\u003e\n"],["\u003cp\u003eVirtual IP addresses for services, ingress, and control plane access are defined in configuration files.\u003c/p\u003e\n"]]],[],null,["# Network requirements\n\n\u003cbr /\u003e\n\nNetwork requirements\n--------------------\n\n### External network requirements\n\nGoogle Distributed Cloud requires an internet connection for operational purposes.\nGoogle Distributed Cloud retrieves cluster components from [Container Registry](/container-registry/docs) and the cluster is\nregistered with [Connect](/anthos/multicluster-management/connect/overview).\n\nYou can connect to Google using the public internet (with HTTPS), through a\nVirtual Private Network (VPN), or through a [Dedicated Interconnect](/network-connectivity/docs/interconnect/concepts/dedicated-overview).\n\n### Internal network requirements\n\nGoogle Distributed Cloud can work with L2 or L3 connectivity between cluster nodes and\nrequires load balancer nodes be in the same L2 domain. The load balancer nodes\ncan be the control plane nodes or a dedicated set of nodes. See [Choosing and\nconfiguring load balancers](/anthos/clusters/docs/bare-metal/1.6/installing/load-balance) for\nconfiguration information.\n\nThe L2 network requirement applies whether you run the load balancer on the\ncontrol plane node pool or in a dedicated set of nodes.\n\nThe requirements for load balancer machines are:\n\n- All load balancers for a given cluster are in the same L2 domain.\n- All VIPs must be in the load balancer machine subnet and routable to the gateway of the subnet.\n- Users are responsible to allow ingress load balancer traffic.\n\nSingle user cluster deployment with high availability\n-----------------------------------------------------\n\nThe following diagram illustrates a number of key networking concepts for\nGoogle Distributed Cloud in one possible network configuration.\n\n- The control plane nodes run load balancers, and they are all on the same L2 network, while other connections, including worker nodes, only require L3 connectivity.\n- Configuration files define IP addresses for worker node pools, as well as virtual IP addresses for Services, for ingress and for control plane (Kubernetes API) access.\n- A connection to Google Cloud is also required.\n\nPort usage\n----------\n\nThis section shows how UDP and TCP ports are used on cluster and load balancer\nnodes.\n\n### Master nodes\n\n### Worker nodes\n\n### Load balancer nodes"]]
