This document describes the internal and external IP addresses available to Google Cloud Platform (GCP) resources, and discusses how to communicate with resources using these IP addresses. For instructions on how to create and manage IP addresses, read Configuring IP Addresses.
In GCP, you can assign an IP address to certain resources. For example, you can assign an internal and external IP address to Compute Engine virtual machine (VM) instances. Similarly, you can assign an internal or external IP address to a forwarding rule for internal or external load balancing, respectively.
Each VM instance has an internal IP address and, optionally, an external IP address. To communicate between instances on the same Virtual Private Cloud (VPC) network, you can use an instance's internal IP address. To communicate with the Internet, you must use the instance's external IP address unless you have configured a proxy of some kind. Similarly, you must use the instance's external IP address to connect to instances outside of the same VPC network unless the networks are connected in some way, like via VPN.
Internal IP addresses are ephemeral and only belong to an instance or forwarding rule for the lifetime of the resource; if the resource is deleted and recreated, the resource is assigned a new internal IP address, either by Compute Engine or by you. External IP addresses can be either ephemeral or static.
For load balancing, a forwarding rule is required for Network, global, and Internal load balancing. The forwarding rule must have an external or internal IP address, depending on the load balancer you are using. For Network and global load balancing, you can create a regional or global forwarding rule and allocate a regional or global static external IP address, respectively. For internal load balancing, assign an internal IP address.
External IP addresses
You can assign an external IP address to an instance or a forwarding rule if you need to communicate with the Internet, with resources in another network, or need to communicate with a resource outside of Compute Engine. Sources from outside a GCP VPC network can address a specific resources by the external IP address, as long as firewall rules allow the connection. Only resources with an external IP address can send and receive traffic directly to and from outside the network. Communicating with resource using an external IP address can cause additional billing charges, even if the sender is in the same VPC network.
Compute Engine supports two types of external IP addresses:
Static external IP addresses are assigned to a project long term until they are explicitly released, and remain attached to a resource until they are explicitly detached.
For VM instances, static external IP addresses remain attached to stopped instances until they are removed.
Ephemeral external IP addresses are available to VM instances and forwarding rules. Ephemeral external IP address remain attached to a VM instance only until the VM is stopped and restarted or the instance is terminated. If an instance is stopped, any ephemeral external IP addresses assigned to the instance are released back into the general Compute Engine pool and become available for use by other projects. When a stopped instance is started again, a new ephemeral external IP address is assigned to the instance.
To assign multiple external IP addresses to a single instance, you can set up multiple forwarding rules to point to a single target instance using protocol forwarding.
Static external IP addresses
You can reserve a static external IP address, which assigns the address to your project indefinitely until you explicitly release it. This is useful if you are dependent on a specific IP address for your service and need to prevent others from being able to use the address. You can reserve a new static external IP address or promote an existing ephemeral external IP address to a static external IP address.
Static external IP addresses can be either a regional or global resources. A regional static IP address allows resources of that region or resources of zones within that region to use the IP address. In this case, VM instances and regional forwarding rules can use a regional static IP address.
Global static external IP addresses are available only to global forwarding rules, used for global load balancing. You cannot assign a global IP address to a regional or zonal resource.
Ephemeral external IP addresses
An ephemeral external IP address is an IP address that does not persist beyond the life of the resource. When you create an instance or forwarding rule without specifying an IP address, the resource is automatically assigned an ephemeral external IP address.
Ephemeral external IP address are released from a resource if you delete the resource. For VM instances, if you stop the instance, the IP address is also released. Once you restart the instance, it is assigned a new ephemeral external IP address. If you have an existing VM that doesn't have an external IP address, you can assign one. Forwarding rules always have an IP address, whether external or internal, so you should not need to assign an IP address to a forwarding rule after it is created.
Internal IP addresses
Every VM instance has an internal IP address that is unique to the VPC network. This address is assigned when you create the instance. You can specify the address yourself, or, if you do not specify an address, Compute Engine assigns one automatically. In either case, the address must belong to the IP range of the subnet.
- If your network is an auto mode VPC network, the address comes from the region's subnet.
- If your network is a custom mode VPC network, you must specify which subnet the IP address will come from.
- If your network is a legacy network, the IP address is assigned from the network's global internal IP range.
You can address packets to a VM instance using the internal IP address of the instance. The internal IP address is only addressable from other instances within the same network or from a network that is linked, such as via VPN. An instance's internal IP addresses can change when an instance is deleted and recreated. If you stop and restart an instance, the instance retains the same internal IP address.
For internal load balancers, GCP will assign an ephemeral internal IP address if you do not specify an IP address. Similar to VM instances, you can also choose an internal IP. For more information on specifying an IP address for an internal load balancer, read Load balancing IP address in the internal load balancing documentation.
If you are communicating between instances in the same VPC network, you can send packets to an instance using the instance name, and the VPC network automatically resolves the name to the internal IP address of the instance.
Using the instance name rather than the internal IP address is useful because
the internal IP addresses can change each time an instance is deleted and
recreated. In contrast, your instance name will most likely remain the same.
However, instance names are addressable only within the same VPC network, or
when calling the
gcloud compute ssh tool
from your local computer. For instance, from a virtual machine
running inside Compute Engine, you can address other instances using
curl, or any other program that can process a DNS name.