View the network configuration for an instance

Use the instructions on this page to view the network interfaces, networks, subnets, and IP addresses for a compute instance.

Before you begin

  • If you haven't already, then set up authentication. Authentication is the process by which your identity is verified for access to Google Cloud services and APIs. To run code or samples from a local development environment, you can authenticate to Compute Engine by selecting one of the following options:

    Select the tab for how you plan to use the samples on this page:

    Console

    When you use the Google Cloud console to access Google Cloud services and APIs, you don't need to set up authentication.

    gcloud

    1. Install the Google Cloud CLI, then initialize it by running the following command: 

      gcloud init
    2. Set a default region and zone.

    REST

    To use the REST API samples on this page in a local development environment, you use the credentials you provide to the gcloud CLI.

      Install the Google Cloud CLI, then initialize it by running the following command: 

      gcloud init

    For more information, see Authenticate for using REST in the Google Cloud authentication documentation.

Required roles

To get the permissions that you need to view the network configuration for an instance, ask your administrator to grant you the Compute Instance Admin (v1) (roles/compute.instanceAdmin.v1) or Compute Network Admin (roles/compute.networkAdmin) IAM role on the project. For more information about granting roles, see Manage access to projects, folders, and organizations.

This predefined role contains the permissions required to view the network configuration for an instance. To see the exact permissions that are required, expand the Required permissions section:

Required permissions

The following permissions are required to view the network configuration for an instance:

  • View network configuration for an instance: compute.instances.get on the instance
  • View IP addresses for an instance: compute.instances.list on the project

You might also be able to get these permissions with custom roles or other predefined roles.

View IP addresses

You can view the internal and external IP addresses for your instance. The IP addresses can be either IPv4 or IPv6 addresses.

Console

  1. In the Google Cloud console, go to the VM instances page.

    Go to VM instances

  2. Optional: Use the Filter box to restrict the number of instances shown.

  3. If the instance has an external IP address, it appears under the External IP column.

    If the instance doesn't have an external IP address, you can assign one.

VM instances page showing internal and external IPs.

Depending on the column display options, you might see more columns or fewer columns than appear in the previous image.

gcloud

There are two commands you can use to view the IP addresses for an instance:

  • gcloud compute instances list shows all IP addresses used by a compute instance, either static or ephemeral.
  • gcloud compute addresses list shows all the reserved IP addresses that are assigned to a compute instance.

This task shows how to view IP addresses using gcloud compute instances commands.

  1. To view the internal and external IP addresses for your instances use the gcloud compute instances list command.

    gcloud compute instances list

    You can append the --filter clause to restrict the number of instances returned by the command, for example, --filter='zone:us-central1-c'.

    The output is similar to the following:

    NAME           ZONE            MACHINE_TYPE    PREEMPTIBLE  INTERNAL_IP                EXTERNAL_IP                     STATUS
webapp1        us-central1-c   c3-highmem-88   true         192.0.2.11                                                 RUNNING
my-instance    us-central1-c   n4-standard-2                192.0.2.126                203.0.113.6                     RUNNING
my-dual-stack  us-central1-a   e2-micro                     192.0.2.54                 203.0.113.7                     RUNNING
                                                                                      2001:db8:2:2:2:2:2:2/96
new-ipv6-only  us-central1-a   n4-standard-2                2001:db8:1:1:1:1:1:1/96                                    RUNNING

  2. To view the internal or external IP address for a specific instance, use the gcloud compute instances describe command with a --format flag to filter the output.

    Internal addresses

    To view the internal IP address for a specific instance, use either of the following commands:

    • IPv4 addresses:

         gcloud compute instances describe INSTANCE_NAME \
       --zone=ZONE \
       --format='get(networkInterfaces[0].networkIP)'
  
      192.0.2.11

    • IPv6 addresses:

         gcloud compute instances describe INSTANCE_NAME \
       --zone=ZONE \
       --format='get(networkInterfaces[0].ipv6Address)'
  
      2001:db8:2:2:2:2:2:2

    External addresses

    To view the external IP address for a specific instance, use either of the following commands:

    • IPv4 addresses:

         gcloud compute instances describe INSTANCE_NAME \
       --zone=ZONE \
       --format='get(networkInterfaces[0].accessConfigs[0].natIP)'
  
      203.0.113.6

    • IPv6 addresses:

         gcloud compute instances describe INSTANCE_NAME \
       --zone=ZONE \
       --format='get(networkInterfaces[0].ipv6AccessConfigs[0].externalIpv6)'
  
      2001:db8:3:3:3:3:3:3

    Replace the following:

    • INSTANCE_NAME: the name of the instance whose internal or external IP you want to view
    • ZONE: the name of the zone where the instance is located.

    If the command doesn't return an IP address, then the instance doesn't have an external IP address configured.

REST

Make a GET request to the instances.get method. By appending a $fields query parameter to the request, you can restrict the output to just the fields of interest.

 GET https://compute.googleapis.com/compute/v1/projects/PROJECT_NAME/zones/ZONE/instances/INSTANCE_NAME$fields=name,networkInterfaces.networkIP,networkInterfaces.accessConfigs.natIP,networkInterfaces.ipv6AccessConfigs.externalIpv6

Replace the following:

  • PROJECT_NAME: The name of the project that contains the instance.
  • ZONE: The zone for the instance that you want to query.
  • INSTANCE_NAME: The name of the instance resource to return.

If any of the IP addresses are not configured, then that field doesn't appear in the output. For a compute instance that uses a dual-stack network with an external IPv6 address, your response body resembles the following:

{
  "name": "my-dual-stack-vm",
  "networkInterfaces": [
    {
      "networkIP": "10.0.0.2",
      "accessConfigs": [
        {
          "natIP": "104.155.21.204"
        }
      ],
      "ipv6AccessConfigs": [
        {
          "externalIpv6": "2600:1900:4010:8b2:0:0:0:0"
        }
      ]
    }
  ]
}

The following fields contain the required information:

  • networkIP: the assigned internal IPv4 address.
  • natIP: the assigned external IPv4 address.
  • externalIpv6: the assigned external IPv6 address.

Python 

from enum import Enum
from typing import List

from google.cloud import compute_v1


def get_instance(project_id: str, zone: str, instance_name: str) -> compute_v1.Instance:
    """
    Get information about a VM instance in the given zone in the specified project.

    Args:
        project_id: project ID or project number of the Cloud project you want to use.
        zone: name of the zone you want to use. For example: “us-west3-b”
        instance_name: name of the VM instance you want to query.
    Returns:
        An Instance object.
    """
    instance_client = compute_v1.InstancesClient()
    instance = instance_client.get(
        project=project_id, zone=zone, instance=instance_name
    )

    return instance


class IPType(Enum):
    INTERNAL = "internal"
    EXTERNAL = "external"
    IP_V6 = "ipv6"


def get_instance_ip_address(
    instance: compute_v1.Instance, ip_type: IPType
) -> List[str]:
    """
    Retrieves the specified type of IP address (ipv6, internal or external) of a specified Compute Engine instance.

    Args:
        instance (compute_v1.Instance): instance to get
        ip_type (IPType): The type of IP address to retrieve (ipv6, internal or external).

    Returns:
        List[str]: Requested type IP addresses of the instance.
    """
    ips = []
    if not instance.network_interfaces:
        return ips
    for interface in instance.network_interfaces:
        if ip_type == IPType.EXTERNAL:
            for config in interface.access_configs:
                if config.type_ == "ONE_TO_ONE_NAT":
                    ips.append(config.nat_i_p)
        elif ip_type == IPType.IP_V6:
            for ipv6_config in getattr(interface, "ipv6_access_configs", []):
                if ipv6_config.type_ == "DIRECT_IPV6":
                    ips.append(ipv6_config.external_ipv6)

        elif ip_type == IPType.INTERNAL:
            # Internal IP is directly available in the network interface
            ips.append(interface.network_i_p)
    return ips

Java 


import com.google.cloud.compute.v1.AccessConfig;
import com.google.cloud.compute.v1.AccessConfig.Type;
import com.google.cloud.compute.v1.GetInstanceRequest;
import com.google.cloud.compute.v1.Instance;
import com.google.cloud.compute.v1.InstancesClient;
import com.google.cloud.compute.v1.NetworkInterface;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

public class GetVmAddress {

  public static void main(String[] args) throws IOException {
    // TODO(developer): Replace these variables before running the sample.
    // Project ID or project number of the Google Cloud project you want to use.
    String projectId = "your-project-id";
    // Instance ID of the Google Cloud project you want to use.
    String instanceId = "your-instance-id";
    // IPType you want to search.
    IpType ipType = IpType.INTERNAL;

    getVmAddress(projectId, instanceId, ipType);
  }

  // Retrieves the specified type of IP address
  // (ipv6, internal or external) of a specified Compute Engine instance.
  public static List<String> getVmAddress(String projectId, String instanceId, IpType ipType)
          throws IOException {
    List<String> result = new ArrayList<>();
    Instance instance = getInstance(projectId, instanceId);

    for (NetworkInterface networkInterface : instance.getNetworkInterfacesList()) {
      if (ipType == IpType.EXTERNAL) {
        for (AccessConfig accessConfig : networkInterface.getAccessConfigsList()) {
          if (accessConfig.getType().equals(Type.ONE_TO_ONE_NAT.name())) {
            result.add(accessConfig.getNatIP());
          }
        }
      } else if (ipType == IpType.IP_V6) {
        for (AccessConfig accessConfig : networkInterface.getAccessConfigsList()) {
          if (accessConfig.hasExternalIpv6()
                  && accessConfig.getType().equals(Type.DIRECT_IPV6.name())) {
            result.add(accessConfig.getExternalIpv6());
          }
        }
      } else if (ipType == IpType.INTERNAL) {
        result.add(networkInterface.getNetworkIP());
      }
    }

    return result;
  }

  private static Instance getInstance(String projectId, String instanceId) throws IOException {
    // Initialize client that will be used to send requests. This client only needs to be created
    // once, and can be reused for multiple requests.
    try (InstancesClient instancesClient = InstancesClient.create()) {
      GetInstanceRequest request = GetInstanceRequest.newBuilder()
              .setInstance(instanceId)
              .setProject(projectId)
              .setZone("us-central1-b")
              .build();
      return instancesClient.get(request);
    }
  }

  public enum IpType {
    INTERNAL("internal"),
    EXTERNAL("external"),
    IP_V6("ipv6");

    private final String type;

    IpType(String type) {
      this.type = type;
    }

    public String getType() {
      return type;
    }
  }
}

View network interfaces for an instance

Each compute instance has at least one network interface. You can view the configured properties of the network interfaces for an instance in the following ways.

Console

  1. In the Google Cloud console, go to the VM instances page.

    Go to VM instances

  2. Optional: Use the Filter box to restrict the number of instances shown.

  3. Click the name of the instance that you want to inspect.

  4. In the Networking section, under Network interfaces, you can see the network interfaces (NICs) created for the instance, the network and subnet associated with each NIC, and their assigned IP addresses.

  5. You can click the name of a NIC to open the Network interface details page. On this page, you can see the firewalls and routes used by the NIC and also perform a connectivity test for the NIC.

gcloud

To view the network interfaces (NICs) for a compute instance, use the gcloud compute instances describe command. You can append a --format option to the command to restrict the information returned to specific fields and change how it is displayed, for example:

gcloud compute instances describe INSTANCE_NAME --zone=ZONE \
    --format="flattened(name,networkInterfaces[].name, networkInterfaces[].network.basename(), networkInterfaces[].stackType, networkInterfaces[].nicType)"

The preceding command returns output similar to the following:

name:                           my-multinic-vm
networkInterfaces[0].name:      nic0
networkInterfaces[0].network:   default
networkInterfaces[0].nicType:   GVNIC
networkInterfaces[0].stackType: IPV4_ONLY
networkInterfaces[1].name:      nic1
networkInterfaces[1].network:   appnet-vpc-0
networkInterfaces[1].nicType:   GVNIC
networkInterfaces[1].stackType: IPV4_IPV6

REST

Construct a GET request to the instances.get method. By appending a $fields query parameter to the request, you can restrict the output to just the networkInterfaces property.

GET https://compute.googleapis.com/compute/v1/projects/PROJECT_NAME/zones/ZONE/instances/INSTANCE_NAME?$fields=networkInterfaces

Replace the following:

  • PROJECT_NAME: The name of the project that contains the instance.
  • ZONE: The zone for the instance that you want to query.
  • INSTANCE_NAME: The name of the instance resource to return.

Your response body should be similar to the following:

{
  "networkInterfaces": [
  {
    "kind": "compute#networkInterface",
    "network": "https://www.googleapis.com/compute/v1/projects/my-project/global/networks/network-name-1",
    "subnetwork": "https://www.googleapis.com/compute/v1/projects/my-project/regions/us-central1/subnetworks/subnet-name-1",
    "networkIP": "10.128.0.15",
    "name": "nic0",
    "accessConfigs": [
      {
        "kind": "compute#accessConfig",
        "type": "ONE_TO_ONE_NAT",
        "name": "External NAT",
        "networkTier": "PREMIUM"
      }
    ],
    "fingerprint": "mBy9xvkWA9M=",
    "stackType": "IPV4_ONLY",
    "nicType": "GVNIC"
  },
  {
    "kind": "compute#networkInterface",
    "network": "https://www.googleapis.com/compute/v1/projects/my-project/global/networks/network-name-2",
    "subnetwork": "https://www.googleapis.com/compute/v1/projects/my-project/regions/us-central1/subnetworks/subnet-name-2",
    "networkIP": "10.0.20.2",
    "name": "nic1",
    "accessConfigs": [
      {
        "kind": "compute#accessConfig",
        "type": "ONE_TO_ONE_NAT",
        "name": "External NAT",
        "networkTier": "PREMIUM"
      }
    ],
    "ipv6AccessConfigs": [
      {
        "kind": "compute#accessConfig",
        "type": "DIRECT_IPV6",
        "name": "external-ipv6",
        "externalIpv6": "2600:1900:4000:8447:0:0:0:0",
        "externalIpv6PrefixLength": 96,
        "publicPtrDomainName": "",
        "networkTier": "PREMIUM"
      }
    ],
    "fingerprint": "rx6hfNA94f4=",
    "stackType": "IPV4_IPV6",
    "ipv6AccessType": "EXTERNAL",
    "nicType": "GVNIC"
  }
  ]
}

View all compute instances within a network

Use one of the following methods to view all compute instances within a certain network.

Console

  1. In the Google Cloud console, go to the VPC networks page.

    Go to VPC networks

  2. Optional: Use the Filter box to restrict the number of networks shown.

  3. Click the name of the network for which you want to list the compute instances.

  4. Select the Instances tab to view the instances within that network.

gcloud

To view the compute instances that use a specific network, use the gcloud compute instances list command.

Use a --filter flag to list only the instances that use a specific network. You can also use a --format flag to restrict and format the results, for example:

gcloud compute instances list \
    --filter 'networkInterfaces[].network:NETWORK_NAME' \
    --format="table(name:sort=1,machineType.basename(),zone.basename(),networkInterfaces[].subnetwork)"

The output is similar to the following:

NAME: c2-tier1-multinic
MACHINE_TYPE: c2-standard-30
ZONE: us-central1-c
SUBNETWORK: ['https://www.googleapis.com/compute/v1/projects/my-project/regions/us-central1/subnetworks/default', 'https://www.googleapis.com/compute/v1/projects/my-project/regions/us-central1/subnetworks/webapps-external-subnet']

NAME: c3-with-lssd
MACHINE_TYPE: c3-standard-4-lssd
ZONE: us-central1-a
SUBNETWORK: ['https://www.googleapis.com/compute/v1/projects/my-project/regions/us-central1/subnetworks/default']

NAME: example-instance3
MACHINE_TYPE: n2-custom-2-163840-ext
ZONE: us-central1-b
SUBNETWORK: ['https://www.googleapis.com/compute/v1/projects/my-project/regions/us-central1/subnetworks/default']

NAME: n4-test-windows
MACHINE_TYPE: n4-standard-2
ZONE: us-central1-c
SUBNETWORK: ['https://www.googleapis.com/compute/v1/projects/my-project/regions/us-central1/subnetworks/default']

Determine if Tier_1 networking is enabled

Use one of the following methods to determine if per VM Tier_1 networking performance is enabled for an instance.

Console

  1. In the Google Cloud console, go to the VM instances page.

    Go to VM instances

  2. Optional: Use the Filter box to restrict the number of instances shown.

  3. Click the name of the instance that you want to inspect.

  4. In the Networking section, check the value for Total egress bandwidth tier:

    • TIER_1: Tier_1 networking is enabled.
    • -: Tier_1 networking is not enabled.

gcloud

To view the networkPerformanceConfig setting for an instance, use the gcloud compute instances describe command. You can append a --format option to the command to restrict the information returned to specific fields and change how it is displayed, for example:

gcloud compute instances describe INSTANCE_NAME \
    --zone=ZONE \
    --format="text(name, networkPerformanceConfig)"

If Tier_1 networking is not configured for the instance, then the networkPerformanceConfig field is not included in the output. If Tier_1 networking is enabled for an instance, then the output is similar to the following:

name:                                              c2-tier1-multinic
networkPerformanceConfig.totalEgressBandwidthTier: TIER_1

REST

Construct a GET request to the instances.get method. By appending a $fields query parameter to the request, you can restrict the output to just the name, networkPerformanceConfig, and nicType fields.

GET https://compute.googleapis.com/compute/v1/projects/PROJECT_NAME/zones/ZONE/instances/INSTANCE_NAME?$fields=name,networkPerformanceConfig,networkInterfaces.nicType

Replace the following:

  • PROJECT_NAME: The name of the project that contains the instance.
  • ZONE: The zone for the instance that you want to query.
  • INSTANCE_NAME: The name of the instance resource to return.

If Tier_1 networking is not configured for the instance, then the networkPerformanceConfig field is not included in the output. If Tier_1 networking is enabled for an instance, then the output is similar to the following:

{
  "name": "c2-tier1-multinic",
  "networkInterfaces": [
    {
      "nicType": "GVNIC"
    },
    {
      "nicType": "GVNIC"
    }
  ],
  "networkPerformanceConfig": {
    "totalEgressBandwidthTier": "TIER_1"
  }
}