This document describes the internal and external IP addresses available to Compute Engine resources, and discusses how to communicate with resources using these IP addresses. For instructions on how to create and manage IP addresses, read Configuring IP Addresses.
In Compute Engine, you can assign IP address to certain resources. For example, you can assign an internal and external IP address to VM instances. Similarly, you can assign external IP addresses to forwarding rules to expose load balancers to the public Internet.
Each virtual machine instance has an ephemeral internal IP address and, optionally, an external IP address. To communicate between instances on the same network, you can use an instance's internal IP address. To communicate with the Internet and instances outside of the same network, you must specify the instance's external IP address.
Internal IP addresses are ephemeral and only belong to an instance for the lifetime of the instance; if the instance is deleted and recreated, the instance is assigned a new internal IP address, either by Compute Engine or by you. External IP addresses can be either ephemeral or static.
For load balancing resources, a forwarding rule is required for both network and HTTP(S) load balancing. A forwarding rule requires an external IP address to expose the load balancer to the Internet. You can create a regional or global forwarding rule and depending on the forwarding rule, you can allocate a global or regional static external IP address. For forwarding rules, you must reserve a static external IP address and explicitly assign the static IP address to your forwarding rule. This is slightly different than VM instances, where the VM instance is assigned an ephemeral external IP address by default.
External IP addresses
You can assign an external IP address to an instance or a forwarding rule if you need to communicate with the Internet, with resources in another network, or need to communicate with a resource outside of Compute Engine. Sources from outside a Google Cloud Platform network or outside Compute Engine can address a specific resources by the external IP address, as long as there is an existing firewall rule to allow the connection. Only resources with an external IP address can send and receive traffic directly from outside the network. Communicating with resource using an external IP address can cause additional billing charges, even if the sender is in the same network.
Compute Engine supports two types of external IP addresses:
Static external IP addresses are assigned to a project long term until they are explicitly released, and remain attached to a resource until they are explicitly detached.
For VM instances, static external IP addresses remain attached to stopped instances until they are removed.
Ephemeral external IP addresses are only available to VM instances. Ephemeral external IP address remain attached to a VM instance only until the VM is stopped and restarted or the instance is terminated. If an instance is terminated or stopped, any ephemeral external IP addresses assigned to the instance are released back into the general Compute Engine pool and become available for use by other projects. When a stopped instance is started again, a new ephemeral external IP address is assigned to the instance.
To assign multiple external IP addresses to a single instance, you can set up multiple forwarding rules to point to a single target instance using protocol forwarding.
Static external IP addresses
A static external IP address is assigned to your project indefinitely until you explicitly release it. You can reserve a new static external IP address or promote an existing ephemeral external IP address to a static external IP address.
Static external IP addresses can be either a regional or global resources. A regional static IP address allows resources of that region or resources of zones within that region to use the IP address. In this case, VM instances and regional forwarding rules that are required for network load balancing. can use a regional static IP address.
Global static external IP addresses are available only to global forwarding rules, used for HTTP(S) load balancing. You cannot assign a global forwarding rule to a regional or zonal resource, like a regional forwarding rule or a VM instance.
Ephemeral external IP addresses
An ephemeral external IP address is an IP address that does not persist beyond
the life of the VM instance. When you create an instance using
your instance is automatically assigned an ephemeral external IP address.
When you create an instance using the API, you need to explicitly provide an
accessConfig, omitting the
natIP property, to request an ephemeral external
IP address. For information on defining an
accessConfig for your instance, see
the API reference.
Ephemeral external IP address are released from an instance if you terminate the instance or if you stop the instance. Once you restart the instance, it is assigned a new ephemeral external IP address.
If you have an existing instance that doesn't have an external IP address, but you would like to assign one, see Assigning external IP addresses to existing instances.
Internal IP addresses
Every instance has an internal IP address that is unique to the network. This address is assigned when you create the instance. You can specify the address yourself, or, if you do not specify an address, Compute Engine assigns one automatically. In either case, the address must belong to the IP range of the network or subnetwork.
- If your network is an auto subnet network, the address comes from the region's subnet.
- If your network is a custom subnet network, you must specify which subnet the IP address will come from.
- If your network is a legacy network, the IP address is assigned from the network's global private IP range.
You can address packets to a VM instance using the internal IP address of the instance. The internal IP address is only addressable from other instances within the same network. An instance's internal IP addresses can change when an instance is deleted and recreated. If you stop and restart an instance, the instance retains the same internal IP address.
Compute Engine resolves instance names to internal IP addresses when
called within the instance's network. For instance, from a virtual machine
running inside Compute Engine, you can address other instances using
curl, or any other program that can process a DNS name.
If you are communicating between instances in the same network, you can send packets to an instance using the instance name, and the network automatically resolves the name to the internal IP address of the instance.
Using the instance name rather than the internal IP address is useful because
the internal IP addresses can change each time an instance is deleted and
recreated. In contrast, your instance name will most likely remain the same.
However, instance names are addressable only within the same network, or when
gcloud compute ssh from your