This document describes the primary internal IP addresses and external IP addresses available to Google Cloud Platform (GCP) resources, and discusses how to communicate with resources using these IP addresses. For instructions on how to create and manage IP addresses, read Configuring IP Addresses.
This page does not discuss secondary internal IP addresses. For information about secondary internal IP addresses, read the Alias IP Ranges documentation.
In GCP, you can assign an IP address to certain resources. For example, you can assign an internal and external IP address to Compute Engine virtual machine (VM) instances. Similarly, you can assign an internal or external IP address to a forwarding rule for internal or external load balancing, respectively.
Each VM instance can have one primary internal IP address, one or more secondary IP addresses, and one external IP address. To communicate between instances on the same Virtual Private Cloud (VPC) network, you can use an instance's internal IP addresses. To communicate with the Internet, you must use the instance's external IP address unless you have configured a proxy of some kind. Similarly, you must use the instance's external IP address to connect to instances outside of the same VPC network unless the networks are connected in some way, like via VPN. Both external and internal primary IP addresses can be either ephemeral or static.
A forwarding rule is required for Network, global, and internal load balancing. The forwarding rule must have an external or internal IP address, depending on the load balancer you are using. For Network and global load balancing, you can create a regional or global forwarding rule and allocate a regional or global static external IP address, respectively. For internal load balancing, assign an internal IP address.
For information about identifying the internal and external IP address for your instances, see Locating the external and internal IP address for an instance.
External IP addresses
You can assign an external IP address to an instance or a forwarding rule if you need to communicate with the Internet, with resources in another network, or need to communicate with a resource outside of Compute Engine. Sources from outside a GCP VPC network can address a specific resource by the external IP address, as long as firewall rules allow the connection. Only resources with an external IP address can send and receive traffic directly to and from outside the network. Communicating with a resource using an external IP address can cause additional billing charges, even if the sender is in the same VPC network. See a list of Compute Engine IP ranges in the Frequently Asked Questions.
Compute Engine supports two types of external IP addresses:
Static external IP addresses are assigned to a project long term until they are explicitly released, and remain attached to a resource until they are explicitly detached.
For VM instances, static external IP addresses remain attached to stopped instances until they are removed.
Ephemeral external IP addresses are available to VM instances and forwarding rules. Ephemeral external IP addresses remain attached to a VM instance only until the VM is stopped and restarted or the instance is terminated. If an instance is stopped, any ephemeral external IP addresses assigned to the instance are released back into the general Compute Engine pool and become available for use by other projects. When a stopped instance is started again, a new ephemeral external IP address is assigned to the instance.
To assign multiple external IP addresses to a single instance, you can set up multiple forwarding rules to point to a single target instance using protocol forwarding.
Static external IP addresses
You can reserve a static external IP address, which assigns the address to your project indefinitely until you explicitly release it. This is useful if you are dependent on a specific IP address for your service and need to prevent others from being able to use the address. You can reserve a new static external IP address or promote an existing ephemeral external IP address to a static external IP address.
Static external IP addresses can be either a regional or global resources. A regional static IP address allows resources of that region or resources of zones within that region to use the IP address. In this case, VM instances and regional forwarding rules can use a regional static IP address.
Global static external IP addresses are available only to global forwarding rules, used for global load balancing. You cannot assign a global IP address to a regional or zonal resource.
Ephemeral external IP addresses
An ephemeral external IP address is an IP address that does not persist beyond the life of the resource. When you create an instance or forwarding rule without specifying an IP address, the resource is automatically assigned an ephemeral external IP address.
Ephemeral external IP address are released from a resource if you delete the resource. For VM instances, if you stop the instance, the IP address is also released. Once you restart the instance, it is assigned a new ephemeral external IP address. If you have an existing VM that doesn't have an external IP address, you can assign one. Forwarding rules always have an IP address, whether external or internal, so you should not need to assign an IP address to a forwarding rule after it is created.
Primary internal IP addresses
Every VM instance can have one primary internal IP address that is unique to the VPC network. You can assign a specific internal IP address when you create a VM instance or you can reserve a static internal IP address for your project and assign that address to your resources. If you do not specify an address, Compute Engine assigns one automatically. In either case, the address must belong to the IP range of the subnet.
- If your network is an auto mode VPC network, the address comes from the region's subnet.
- If your network is a custom mode VPC network, you must specify which subnet the IP address will come from.
- If your network is a legacy network, the IP address is assigned from the network's global internal IP range.
You can address packets to a VM instance using an internal IP address of the instance. The internal IP address is only accessible from other instances within the same network or from a network that is linked, such as via VPN.
Compute Engine supports two types of internal IP addresses:
Static internal IP addresses are assigned to a project long term until they are explicitly released, and remain attached to a resource until they are explicitly detached.
For VM instances, static internal IP addresses remain attached to stopped instances until they are removed.
Ephemeral internal IP addresses
Ephemeral internal IP addresses are available to VM instances and forwarding rules.
Ephemeral internal IP addresses remain attached to a VM instance only until the VM is stopped and restarted or the instance is terminated. If an instance is stopped, any ephemeral internal IP addresses assigned to the instance are released back into the network pool. When a stopped instance is started again, a new ephemeral internal IP address is assigned to the instance.
You can assign an ephemeral internal IP address when you create a resource by omitting an IP address specification in your request and letting Compute Engine randomly assign an address.
For internal load balancers, you can assign a static internal IP address, specify an explicit ephemeral internal IP address, or let GCP assign an ephemeral internal IP address randomly. For more information on specifying an IP address for an internal load balancer, read Load balancing IP address in the internal load balancing documentation.
Instances can also have Alias IP Addresses and Ranges. If you have more than one service running on a VM, you can assign each service its own unique IP address. Alias IP addresses are currently in Beta.
Internal DNS names
If you are communicating between instances in the same VPC network, you can send packets to an instance by specifying the fully-qualified DNS name (FQDN) of the target instance. The VPC network automatically resolves the name to the internal IP address of the instance. An internal fully qualified domain name (FQDN) for an instance has the following formats:
- Instances using zonal DNS:
- Instances using global DNS:
[INSTANCE_NAME]is the name of the instance.
[ZONE]is the zone where your instance is located.
[PROJECT_ID]is the project to which the instance belongs.
Using the FQDN rather than the internal IP address is useful because
the internal IP addresses can change each time an instance is deleted and
recreated. In contrast, your instance name will most likely remain the same.
However, instance names are addressable only within the same VPC network.
For example, from a virtual machine running inside Compute Engine,
you can address other instances using
curl, or any other program
that can process a DNS name.
For more information on fully qualified domain names (FQDN), read Internal DNS.
- Locating the external and internal IP address for an instance.
- Reserve a new static external IP address.
- Assigning a static external IP to a new VM instance.
- Choosing an internal IP address at instance creation.
- Promote an ephemeral external IP address.
- Learn how to use internal DNS names to address instances over the internal VPC network.