Configuring IPv6 for instances and instance templates

You can configure IPv6 addresses on a Compute Engine instance if the subnet that the instance is connected to has an IPv6 range configured.

For more information about IPv6, see IPv6 subnet ranges.

Specifications

Compute instances that have both IPv4 and IPv6 configurations are dual-stack. The IPv6 address is in addition to any IPv4 addresses that are configured on the network interface.
Interfaces on dual-stack or IPv6-only instances are allocated a single /96 range of IPv6 addresses; the first IPv6 address in the range (/128) is configured on the interface.
Any interface on the instance can have IPv6 addresses configured. For more information about configuring multiple network interfaces, see Multiple network interfaces overview.
The stack type of an VM's network interface determines the type of subnets to which it can connect:
- IPv4-only interfaces can connect to dual-stack and IPv4-only subnets.
- Dual-stack interfaces can connect to dual-stack subnets.
- IPv6-only interfaces can connect to dual-stack and IPv6-only subnets (Preview).
To configure IPv6 addresses on a network interface, the interface must be connected to a dual stack or IPv6-only subnet (Preview).
A subnet's IPv6 access type configuration determines whether the subnet has an internal or external IPv6 range. Connected instances inherit the IPv6 access type from the subnet.
IPv6-only instances (Preview) are supported with only Ubuntu and Debian OS.

Accessing instances using IPv6 addresses

The implied IPv6 deny ingress firewall rule protects instances by blocking incoming connections to their IPv6 addresses. To access instances using their IPv6 addresses, you must have a higher priority rule that allows incoming access.

For more information about firewall rules, see the VPC firewall overview and the hierarchical firewall policies overview.

For examples of VPC firewall rules, see Configure firewall rules for common use cases.

IPv6 address assignment

The following list describes how IPv6 addresses are assigned to compute instances.

Compute instances are assigned an IPv6 address using DHCPv6. The metadata server responds to the instances's DHCPv6 requests and sends the first IPv6 address (/128) from the allocated /96 range in response.
The metadata server uses route advertisement to publish the default route to the instance. The instance can then use this default route for all IPv6 traffic.

You can find the default route for an instance's network interface by connecting to the instance and querying the metadata server for the gateway-ipv6 entry.
```
curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/gateway-ipv6 -H "Metadata-Flavor: Google"
```
For more information about the metadata server, see Querying instance metadata.
Compute instances are configured with link local IP addresses, which are assigned from the fe80::/10 range, but they are used only for neighbor discovery.
The MTU configuration on the instance's network interface applies to both IPv4 and IPv6 packets, but not all MTU values are supported in all circumstances. See the maximum transmission unit overview for details.

Create an instance that uses IPv6 addresses

You can create an instance that uses either a combination of IPv4 and IPv6 addresses (dual-stack), or you can create an instance that uses only IPv6 addresses.

Create a dual-stack instance

To create a dual-stack instance, connect the compute instance to a dual-stack subnet.

If you're using Shared VPC, and want to create a dual-stack instance that is connected to a shared subnet, see Create an instance in the Shared VPC documentation.

Console

Go to the Create an instance page.

Go to Create an instance
Enter a Name for the instance.
Select a Region that contains a subnet that has an IPv6 range configured.
Select a Zone.
Expand the Advanced options section.
Expand Networking, and do the following:
1. In the Network interfaces section, click the network interface to expand and edit it.
2. For Network and Subnetwork, select the network and subnetwork that you want to use.
  
  Select a subnet that has an IPv6 range configured. The IPv6 access type of the subnet determines whether the instance receives an internal IPv6 address or an external IPv6 address.
3. For IP stack type, select IPv4 and IPv6 (dual-stack).
4. For Primary internal IPv4 address, select one of the following:
  - Ephemeral to assign a new ephemeral IPv4 internal address
  - * A reserved IPv4 address from the list
  - * Static to assign a new static IPv4 address
5. For IPv6 addresses, depending on the access type of the subnet used by the network interface:
6. For Primary internal IPv6 address, select one of the following:
  - Auto-allocated to assign a new ephemeral internal IPv6 address
  - A reserved static internal IPv6 address from the list
  - Reserve static internal IPv6 address to reserve and assign a new static internal IPv6 address
7. For External IPv6 address, select one of the following:
  - Auto-allocate to assign a new ephemeral external IPv6 address
  - A reserved static external IPv6 address from the list
  - Reserve static external IPv6 address to reserve and assign a new static external IPv6 address
8. For External IPv4 address, select one of the following:
  - Ephemeral to assign a new ephemeral IPv4 address
  - None to not assign an external IPv4 address
  - A reserved IPv4 address from the list
  - Create new IP address to assign a new static IPv4 address.
9. To finish modifying the network interface, click Done.
Continue with the instance creation process.
Click Create.

gcloud

Create an instance by using the gcloud compute instances create command.

gcloud compute instances create INSTANCE_NAME \
    --subnet=SUBNET_NAME \
    --zone=ZONE \
    --stack-type=IPV4_IPV6

Replace the following:

INSTANCE_NAME: the name for the instance.
SUBNET_NAME: the subnet to connect the instance to. The subnet must have an IPv6 subnet range.
ZONE: the zone to deploy the instance in.

REST

Select an image. Make a note of the name of the image or image family and the name of the project containing the image.
Use the instances.insert method to create an instance from an image family or from a specific version of an OS image:
```
POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances
```
Replace the following:
- PROJECT_ID: ID of the project to create the instance in
- ZONE: zone to create the instance in
Example request body:
```
{
 "machineType": "zones/MACHINE_TYPE_ZONE/machineTypes/MACHINE_TYPE",
 "name": "INSTANCE_NAME",
 "networkInterfaces": [
   {
     "subnetwork": "regions/REGION/subnetworks/SUBNET",
     "stackType": "IPV4_IPV6"
   }
 ],
 "disks": [
   {
     "initializeParams": {
       "sourceImage": "IMAGE_URI"
     },
     "boot": true
   }
 ],
}
```
Replace the following:
- MACHINE_TYPE_ZONE: zone containing the machine type to use for the new instance
- MACHINE_TYPE: machine type, predefined or custom, for the new instance. For example, n1-standard-1.
- INSTANCE_NAME: the name of the new instance.
- SUBNET: a subnet that has IPv6 configured.
- REGION: the region of the subnet.
- IMAGE_URI: the URI to the image that you want to use.
  
  For example, if you specify "sourceImage": "projects/debian-cloud/global/images/family/debian-10", Compute Engine creates a compute instance from the latest version of the OS image in the Debian 10 image family.

Create an IPv6-only instance

To create an IPv6-only instance, follow the steps in this section.

For a Compute Engine instance with a single network interface, the instance can have either an internal or external IPv6 address, depending on the IPv6 access type of the subnet to which its interface is connected. You must create a custom mode VPC network with a subnet that has an IPv6 address range.

Before you can create a multi-NIC VM instance that uses both internal and external IPv6 addresses, you must create the following:

A custom mode VPC network with IPv6 ULA enabled, a subnet with an IPv6 address range, and the access type set to internal.
A second custom mode VPC network, a second subnet with an IPv6 address range, and the access type set to external.

When you create the instance, you configure two network interfaces, one that connects to the subnet with the internal IPv6 address range and one that connects to the subnet with the external address range.

If you're using Shared VPC, and want to create an IPv6-only instance that is connected to a shared subnet, see Creating an instance in the Shared VPC documentation.

Console

Go to the Create an instance page.

Go to Create an instance
Enter a Name for the instance.
Select a Region that contains the subnets with the IPv6 ranges configured.
Optional: Change the Zone for this instance. If you select Any, Google automatically chooses a zone for you based on machine type and availability.
Expand the Advanced options section.
Expand Networking, and do the following:
1. In the Network interfaces section, click the network interface name to edit the settings for the network interface.
2. For Network and Subnetwork, select the network and subnetwork that you want to use.
Select a subnet that has an IPv6 range configured. The IPv6 access type of the subnet determines whether the instance receives an internal IPv6 address or an external IPv6 address.
1. For IP stack type, select IPv6 (single stack).
2. For Primary internal IPv6 address, select one of the following:
  - Auto-allocated (/96) to assign a new ephemeral IPv6 address
  - A reserved IPv6 address from the list
  - Reserve static internal IPv6 address to assign a new static IPv6 address
3. Optional: To add an external IPv6 address, select Add a network interface.
  1. For Network and Subnetwork, select the network and subnetwork that you configured for external IPv6 addresses.
  2. For External IPv6 address, select one of the following:
    - Auto-allocate to assign a new ephemeral IPv6 address
    - A reserved IPv6 address from the list
    - Reserve static external IPv6 address to assign a new static IPv6 address.
4. To finish modifying the network interface, click Done.
Continue with the instance creation process.
Click Create.

gcloud

Create an instance by using the gcloud compute instances create command. To assign both internal and external IPv6 addresses, you must create the instance with at least two network interfaces.

gcloud compute instances create INSTANCE_NAME \
    --zone ZONE \
    --machine-type=MACHINE_TYPE \
    --create-disk=boot=yes,image='projects/IMAGE_PROJECT/global/images/IMAGE',size=SIZE \
    --network-interface=network=NETWORK_INTERNAL_NAME,subnet=SUBNET_INTERNAL_NAME,stack-type=IPV6_ONLY \
    --network-interface=network=NETWORK_EXTERNAL_NAME,subnet=SUBNET_EXTERNAL_NAME,stack-type=IPV6_ONLY,ipv6-network-tier=PREMIUM

Replace the following:

INSTANCE_NAME: a name for the instance
ZONE: the zone where the instance is created, such as europe-west1-b. The instance's region is inferred from the zone.
MACHINE_TYPE: Optional: the machine type to use for the instance.
IMAGE_PROJECT: Optional: the image project that contains the image
IMAGE: Optional: specify one of the following:
- A specific version of the OS image—for example, debian-12-bookworm-v202410095.
- An image family, which must be formatted as family/IMAGE_FAMILY. This creates the instance from the most recent, non-deprecated OS image. For example, if you specify family/debian-12, Compute Engine creates an instance using the latest version of the OS image in the Debian 12 image family. For more information about using image families, see Image families best practices.
SIZE: Optional: the size of the new disk. The value must be a whole number. The default unit of measurement is GiB.
NETWORK_EXTERNAL_NAME or NETWORK_INTERNAL_NAME: name of the network that is configured for internal or external IP addresses
SUBNET_EXTERNAL_NAME or SUBNET_INTERNAL_NAME: name of the subnet that is configured for internal or external IP addresses to use with the instance.

REST

Select an image. Make a note of the name of the image or image family and the name of the project containing the image.
Use the instances.insert method to create an instance from an image family or from a specific version of an OS image:
```
POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances
```
Replace the following:
- PROJECT_ID: ID of the project to create the instance in
- ZONE: zone to create the instance in
Example request body:
```
{
 "machineType": "zones/MACHINE_TYPE_ZONE/machineTypes/MACHINE_TYPE",
 "name": "INSTANCE_NAME",
 "disks": [
   {
     "initializeParams": {
       "sourceImage":"projects/IMAGE_PROJECT/global/images/IMAGE"
     },
     "boot": true
   }
 ],
 "networkInterfaces": [
   {
     "subnetwork": "regions/REGION/subnetworks/SUBNET_INTERNAL",
     "stackType": "IPV6_ONLY"
   },
   {
     "subnetwork": "regions/REGION/subnetworks/SUBNET_EXTERNAL",
     "stackType": "IPV6_ONLY"
   }
 ]
}
```
Replace the following:
- MACHINE_TYPE_ZONE: zone containing the machine type to use for the new instance
- MACHINE_TYPE: machine type, predefined or custom, for the new instance. For example, c3-standard-4.
- INSTANCE_NAME: the name of the new instance.
- IMAGE_PROJECT: Optional: the image project that contains the image
- IMAGE: Optional: specify one of the following
  - A specific version of the OS image—for example, debian-12-bookworm-v20241009.
  - An image family, which must be formatted as family/IMAGE_FAMILY. This creates the instance from the most recent, non-deprecated OS image. For example, if you specify family/debian-12, Compute Engine creates an instance using the latest version of the OS image in the Debian 12 image family. For more information about using image families, see Image families best practices.
- REGION: the region of the subnet.
- SUBNET_INTERNAL: a subnet that has internal IPv6 addresses configured.
- SUBNET_EXTERNAL: a subnet that has external IPv6 addresses configured.

Change the stack type of an instance

You can change the stack type of an existing Compute Engine instance. The stack type can be set to either of the following:

IPv4 only (single stack)
IPv4 and IPv6 (dual-stack)

If you are changing the stack type to dual-stack, the instance must be connected to a dual-stack subnet. If you need to change which subnet the instance is connected to, stop the instance and change the subnet. After the subnet is updated, you can change the instance's IP stack type.

You can't change the stack type of an IPv6-only instance (Preview).

Console

Go to the VM instances page.

Go to VM instances
Click the name of the instance that you want to assign an IPv6 address to.
From the instance details page, complete the following steps:
1. Click Edit.
2. In Network interfaces, expand the interface that you want to edit.
3. Select the IP stack type: IPv4 only (single-stack) or IPv4 and IPv6 (dual-stack).
4. Click Done.
Click Save.

gcloud

Update the stack type of an instance by using the gcloud compute instances network-interfaces update command

gcloud compute instances network-interfaces update INSTANCE_NAME \
    --stack-type=STACK_TYPE \
    --zone=ZONE

Replace the following:

INSTANCE_NAME: the name of the instance.
STACK_TYPE: the stack type for the instance: IPV4_ONLY or IPV4_IPV6.
ZONE: the zone that the instance is deployed in.

REST

Update the stack type of an instance by making a PATCH request to the instances.updateNetworkInterface method.

PATCH https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME/updateNetworkInterface

Replace the following:

PROJECT_ID: the ID of the project that contains the instance.
ZONE: the zone that the instance is deployed in.
INSTANCE_NAME: the name of the instance.

Example request body:

{
    "stackType": "STACK_TYPE",
}

Replace STACK_TYPE with the stack type for the instance: IPV4_ONLY or IPV4_IPV6.

Create an instance template with IPv6 addresses

You can create a regional or global instance template that can be used to create dual-stack or IPv6-only (Preview) instances. For more information, see Create instance templates.

You must use the Google Cloud CLI or REST to create an instance template that creates instances that use IPv6 addresses.

gcloud

To create a regional or global instance template, use the gcloud compute instance-templates create command. If you want to create a regional instance template, you must use the --instance-template-region flag to specify the region for the instance template.

The following example creates a global instance template:

gcloud compute instance-templates create TEMPLATE_NAME \
    --subnet=SUBNET \
    --stack-type=STACK_TYPE

Replace the following:

TEMPLATE_NAME: the name for the template.
SUBNET: a subnet that has an IPv6 subnet range.
STACK_TYPE: the stack type, either IPV4_IPV6 for a dual-stack instance, or IPV6_ONLY for an instance with external IPv6 address.

REST

To create a regional instance template, use the regionInstanceTemplates.insert method, or, to create a global instance template, use the instanceTemplates.insert method.

The following example creates a global instance template:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/instanceTemplates

Replace PROJECT_ID with the project ID.

Example request body:

{
  "name": "INSTANCE_TEMPLATE_NAME"
  "properties": {
    "machineType": "MACHINE_TYPE",
    "networkInterfaces": [
      {
        "subnetwork": "regions/REGION/subnetworks/SUBNET",
        "stackType": "STACK_TYPE",
      },
    ],
    "disks":
    [
      {
        "type": "PERSISTENT",
        "boot": true,
        "mode": "READ_WRITE",
        "initializeParams":
        {
          "sourceImage": "IMAGE_URI"
        }
      }
    ]
  }
}

Replace the following:

INSTANCE_TEMPLATE_NAME: the name of the instance template.
MACHINE_TYPE: the machine type of the instances. For example, c3-standard-4.
SUBNET: a subnet that has an IPv6 subnet range.
REGION: the region of the subnet.
IMAGE_URI: the URI to the image that you want to use.

For example, if you specify "sourceImage": "projects/debian-cloud/global/images/family/debian-12", Compute Engine creates an instance from the latest version of the operating system image in the Debian 12 image family.

To learn more about request parameters, see the instanceTemplates.insert method.