This document describes the internal and external IP addresses available to Compute Engine resources, and discusses how to communicate with resources using these IP addresses. For instructions on how to create and manage IP addresses, read Configuring IP Addresses.
In Compute Engine, you can assign an IP address to certain resources. For example, you can assign an internal and external IP address to VM instances. Similarly, you can assign an internal or external IP address to a forwarding rule for internal or external load balancing, respectively.
Each virtual machine instance has an ephemeral internal IP address and, optionally, an external IP address. To communicate between instances on the same network, you can use an instance's internal IP address. To communicate with the Internet and instances outside of the same network, you must specify the instance's external IP address.
Internal IP addresses are ephemeral and only belong to an instance or forwarding rule for the lifetime of the resource; if the resource is deleted and recreated, the resource is assigned a new internal IP address, either by Compute Engine or by you. External IP addresses can be either ephemeral or static.
For load balancing, a forwarding rule is required for network, global, and internal load balancing. The forwarding rule must have an external or internal IP address, depending on the load balancer you are using. For network and global external load balancing, you can create a regional or global forwarding rule and allocate a global or regional static external IP address, respectively. For internal load balancing, you can assign an internal IP address.
External IP addresses
You can assign an external IP address to an instance or a forwarding rule if you need to communicate with the Internet, with resources in another network, or need to communicate with a resource outside of Compute Engine. Sources from outside a Google Cloud Platform network or outside Compute Engine can address a specific resources by the external IP address, as long as there is an existing firewall rule to allow the connection. Only resources with an external IP address can send and receive traffic directly from outside the network. Communicating with resource using an external IP address can cause additional billing charges, even if the sender is in the same network.
Compute Engine supports two types of external IP addresses:
Static external IP addresses are assigned to a project long term until they are explicitly released, and remain attached to a resource until they are explicitly detached.
For VM instances, static external IP addresses remain attached to stopped instances until they are removed.
Ephemeral external IP addresses are only available to VM instances. Ephemeral external IP address remain attached to a VM instance only until the VM is stopped and restarted or the instance is terminated. If an instance is terminated or stopped, any ephemeral external IP addresses assigned to the instance are released back into the general Compute Engine pool and become available for use by other projects. When a stopped instance is started again, a new ephemeral external IP address is assigned to the instance.
To assign multiple external IP addresses to a single instance, you can set up multiple forwarding rules to point to a single target instance using protocol forwarding.
Static external IP addresses
You can reserve a static external IP address which assigns the address to your project indefinitely until you explicitly release it. This is useful if you are dependent on a specific IP address for your service and need to prevent others from being able to use the address. You can reserve a new static external IP address or promote an existing ephemeral external IP address to a static external IP address.
Static external IP addresses can be either a regional or global resources. A regional static IP address allows resources of that region or resources of zones within that region to use the IP address. In this case, VM instances and regional forwarding rules can use a regional static IP address.
Global static external IP addresses are available only to global forwarding rules, used for external load balancing. You cannot assign a global forwarding rule to a regional or zonal resource.
Ephemeral external IP addresses
An ephemeral external IP address is an IP address that does not persist beyond the life of the resource. When you create an instance or forwarding rule without specifying an IP address, the resource is automatically assigned an ephemeral external IP address.
Ephemeral external IP address are released from a resource if you delete the resource. For VM instances, if you stop the instance, the IP address is also released. Once you restart the instance, it is assigned a new ephemeral external IP address. If you have an existing VM that doesn't have an external IP address, you can assign one. Forwarding rules always have an IP address, whether external or internal, so you should not need to assign an IP address to a forwarding rule after it is created.
Internal IP addresses
Every VM instance has an internal IP address that is unique to the network. This address is assigned when you create the instance. You can specify the address yourself, or, if you do not specify an address, Compute Engine assigns one automatically. In either case, the address must belong to the IP range of the network or subnetwork.
- If your network is an auto subnet network, the address comes from the region's subnet.
- If your network is a custom subnet network, you must specify which subnet the IP address will come from.
- If your network is a legacy network, the IP address is assigned from the network's global private IP range.
You can address packets to a VM instance using the internal IP address of the instance. The internal IP address is only addressable from other instances within the same network. An instance's internal IP addresses can change when an instance is deleted and recreated. If you stop and restart an instance, the instance retains the same internal IP address.
For internal load balancers, Compute Engine will assign an ephemeral internal IP address if you do not specify an IP address. Similar to VM instances, you can also choose an internal IP. For more information on specifying an IP address for an internal load balancer, read Load balancing IP address in the internal load balancing documentation.
If you are communicating between instances in the same network, you can send packets to an instance using the instance name, and the network automatically resolves the name to the internal IP address of the instance.
Using the instance name rather than the internal IP address is useful because
the internal IP addresses can change each time an instance is deleted and
recreated. In contrast, your instance name will most likely remain the same.
However, instance names are addressable only within the same network, or when
gcloud compute ssh tool
from your local computer. For instance, from a virtual machine
running inside Compute Engine, you can address other instances using
curl, or any other program that can process a DNS name.