Configuring IPv6 for instances and instance templates


You can configure IPv6 addresses on a virtual machine instance (VM) if the subnet that the VM is connected to has an IPv6 range configured.

For more information about IPv6, see IPv6 subnet ranges.

Specifications

  • VMs that have both IPv4 and IPv6 configurations are dual-stack. Interfaces on dual-stack VMs are allocated a single /96 range of IPv6 addresses; the first IPv6 address in the range (/128) is configured on the interface. The IPv6 address is in addition to any IPv4 addresses that are configured on the interface; you cannot configure a VM to have only IPv6 addresses.

  • Any interface on the VM can have IPv6 addresses configured. For more information about configuring multiple network interfaces, see Multiple network interfaces overview.

  • To configure IPv6 addresses on a VM interface, the interface must be connected to a dual stack subnet.

  • A subnet's IPv6 access type configuration determines whether the subnet has an internal or external IPv6 range. Connected VMs inherit the IPv6 access type from the subnet.

Accessing VMs using IPv6 addresses

The implied IPv6 deny ingress firewall rule protects instances by blocking incoming connections to their IPv6 addresses. To access VMs using their IPv6 addresses, you must have a higher priority rule that allows incoming access.

For more information about firewall rules, see the VPC firewall overview and the hierarchical firewall policies overview.

For example VPC firewall rules, see Configure firewall rules for common use cases.

IPv6 address assignment

  • VMs are assigned an IPv6 address using DHCPv6. The metadata server responds to the VM's DHCPv6 requests and sends the first IPv6 address (/128) from the allocated /96 range in response.

  • The metadata server uses route advertisement to publish the default route to the VM. The VM can then use this default route for all IPv6 traffic.

    You can find the default route for a VM's interface by querying the metadata server for the gateway-ipv6 entry.

    curl http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/gateway-ipv6 -H "Metadata-Flavor: Google"
    

    For more information about the metadata server, see Querying VM metadata.

  • VMs are configured with link local IP addresses, which are assigned from the fe80::/10 range, but they are used only for neighbor discovery.

  • The MTU configuration on the VM's network interface applies to both IPv4 and IPv6 packets, but not all MTU values are supported in all circumstances. See the maximum transmission unit overview for details.

Create a dual-stack VM

To create a dual-stack VM, connect the VM to a dual-stack subnet.

If you're using Shared VPC, and want to create a dual-stack VM that is connected to a shared subnet, see Creating an instance in the Shared VPC documentation.

Console

  1. Go to the Create an instance page.

    Go to Create an instance

  2. Enter a Name for the instance.

  3. Select a Region that contains a subnet that has an IPv6 range configured.

  4. Select a Zone.

  5. Expand the Advanced options section.

  6. Expand Networking, and do the following:

    1. In the Network interfaces section, expand the network interface to edit it.

    2. For Network and Subnetwork, select the network and subnetwork that you want to use.

      Select a subnet that has an IPv6 range configured. The IPv6 access type of the subnet determines whether the VM receives an internal IPv6 address or an external IPv6 address.

    3. For IP stack type, select IPv4 and IPv6 (dual-stack).

    4. For Primary internal IP, select one of the following:

      • Ephemeral to assign a new ephemeral IPv4 address
      • A reserved IPv4 address from the list
      • Static to assign a new static IPv4 address
    5. For External IPv4 address, select one of the following:

      • Ephemeral to assign a new ephemeral IPv4 address
      • None to not assign an external IPv4 address
      • A reserved IPv4 address from the list
      • Create new IP address to assign a new static IPv4 address.
    6. To finish modifying the network interface, click Done.

  7. Continue with the VM creation process.

  8. Click Create.

gcloud

Create an instance by using the gcloud compute instances create command.

gcloud compute instances create INSTANCE_NAME \
  --subnet=SUBNET_NAME \
  --zone=ZONE \
  --stack-type=IPV4_IPV6

Replace the following:

  • INSTANCE_NAME: the name for the instance.
  • SUBNET_NAME: the subnet to connect the instance to. The subnet must have an IPv6 subnet range.
  • ZONE: the zone to deploy the instance in.

REST

  1. Select an image. Make a note of the name of the image or image family and the name of the project containing the image.
  2. Use the instances.insert method to create a VM from an image family or from a specific version of an OS image:

    POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances
    

    Replace the following:

    • PROJECT_ID: ID of the project to create the VM in
    • ZONE: zone to create the VM in

    Example request body:

    {
     "machineType": "zones/MACHINE_TYPE_ZONE/machineTypes/MACHINE_TYPE",
     "name": "INSTANCE_NAME",
     "networkInterfaces": [
       {
         "subnetwork": "regions/REGION/subnetworks/SUBNET",
         "stackType": "IPV4_IPV6"
       }
     ],
     "disks": [
       {
         "initializeParams": {
           "sourceImage": "IMAGE_URI"
         },
         "boot": true
       }
     ],
    }
    

    Replace the following:

    • MACHINE_TYPE_ZONE: zone containing the machine type to use for the new VM
    • MACHINE_TYPE: machine type, predefined or custom, for the new VM. For example, n1-standard-1.
    • INSTANCE_NAME: the name of the new VM.
    • SUBNET: a subnet that has IPv6 configured.
    • REGION: the region of the subnet.
    • IMAGE_URI: the URI to the image that you want to use.

      For example, if you specify "sourceImage": "projects/debian-cloud/global/images/family/debian-10", Compute Engine creates a VM from the latest version of the OS image in the Debian 10 image family.

Change the stack type of a VM

You can change the stack type of an existing VM. The stack type can be set to either of the following:

  • IPv4 only (single stack)
  • IPv4 and IPv6 (dual-stack)

If you are changing the stack type to dual-stack, the VM must be connected to a dual-stack subnet. If you need to change which subnet the VM is connected to, stop the VM and change the subnet. After the subnet is updated, you can change the VM's IP stack type.

Console

  1. Go to the VM instances page.

    Go to VM instances

  2. Click the name of the instance that you want to assign an IPv6 address to.
  3. From the instance details page, complete the following steps:
    1. Click Edit.
    2. In Network interfaces, expand the interface that you want to edit.
    3. Select the IP stack type: IPv4 only (single-stack) or IPv4 and IPv6 (dual-stack).
    4. Click Done.
  4. Click Save.

gcloud

Update the stack type of a VM by using the gcloud compute instances network-interfaces update command

gcloud compute instances network-interfaces update INSTANCE_NAME \
  --stack-type=STACK_TYPE \
  --zone=ZONE

Replace the following:

  • INSTANCE_NAME: the name of the instance.
  • ZONE: the zone that the instance is deployed in.
  • STACK_TYPE: the stack type for the VM: IPV4_ONLY or IPV4_IPV6.

REST

Update the stack type of a VM by making a PATCH request to the instances.updateNetworkInterface method.

PATCH https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONEinstances/INSTANCE_NAME/updateNetworkInterface

Replace the following:

  • PROJECT_ID: the ID of the project that contains the instance.
  • ZONE: the zone that the instance is deployed in.
  • INSTANCE_NAME: the name of the instance.

Example request body:

{
  "stackType": "STACK_TYPE",
}

Replace STACK_TYPE with the stack type for the VM: IPV4_ONLY or IPV4_IPV6.

Create an instance template with IPv6 addresses

You can create a regional or global instance template that can be used to create dual-stack VMs. For more information, see Creating instance templates.

You must use the Google Cloud CLI or REST to create an instance template that creates dual-stack VMs.

gcloud

To create a regional or global instance template, use the gcloud compute instance-templates create command. If you want to create a regional instance template, you must use the --instance-template-region flag to specify the region for the instance template.

The following example creates a global instance template:

gcloud compute instance-templates create TEMPLATE_NAME \
    --subnet=SUBNET \
    --stack-type=IPV4_IPV6

Replace the following:

  • TEMPLATE_NAME: the name for the template.
  • SUBNET: a subnet that has an IPv6 subnet range.

REST

To create a regional instance template, use the regionInstanceTemplates.insert method, or, to create a global instance template, use the instanceTemplates.insert method.

The following example creates a global instance template:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/instanceTemplates

Replace PROJECT_ID with the project ID.

Example request body:

{
  "name": "INSTANCE_TEMPLATE_NAME"
  "properties": {
    "machineType": "MACHINE_TYPE",
    "networkInterfaces": [
      {
        "subnetwork": "regions/REGION/subnetworks/SUBNET",
        "stackType": "IPV4_IPV6",
      },
    ],
    "disks":
    [
      {
        "type": "PERSISTENT",
        "boot": true,
        "mode": "READ_WRITE",
        "initializeParams":
        {
          "sourceImage": "IMAGE_URI"
        }
      }
    ]
  }
}

Replace the following:

  • INSTANCE_TEMPLATE_NAME: the name of the instance template.
  • MACHINE_TYPE: the machine type of the VMs. For example, n1-standard-1.
  • SUBNET: a subnet that has an IPv6 subnet range.
  • REGION: the region of the subnet.
  • IMAGE_URI: the URI to the image that you want to use.

    For example, if you specify "sourceImage": "projects/debian-cloud/global/images/family/debian-10", Compute Engine creates a VM from the latest version of the OS image in the Debian 10 image family.

To learn more about request parameters, see the instanceTemplates.insert method.