Reserve a static external IP address

You can reserve static external IP addresses for your virtual machine (VM) instance. You can also change, list, and release static IP addresses for your VM.

External IP addresses can be static or ephemeral. If a VM requires a fixed external IP address that does not change, you can obtain a static external IP address. You can reserve new external IP addresses or promote existing ephemeral external IP addresses.

If you require a static IP address on your internal Compute Engine network, see Reserving a static internal address instead.

Before you begin

If you want to use the command-line examples in this guide, do the following:
1. Install or update to the latest version of the Google Cloud CLI.
2. Set a default region and zone.
If you want to use the API examples in this guide, set up API access.
Read about IP addresses.
Read about quotas and limits for static external IP addresses.
Read about external IP address pricing.

Permissions

Reserving static regional external IPv6 addresses by using the Google Cloud console requires you to select a network and subnetwork. However, to view a list of available networks and subnetworks, you need to be granted the following IAM permissions:

compute.networks.list
compute.subnetworks.list

About static external IP addresses

A static external IP address is the IP address that is reserved for your resource until you decide to release it. If you have an IP address that your customers or users rely on to access your service, you can reserve that IP address so that only your resource can use it. You can also promote an ephemeral external IP address to a static external IP address.

For more information, see IP addresses.

The following table lists the static external IP addresses supported by Google Cloud.

IP address type	Resource	IP range	Source	Associated with
Regional external IPv4 addresses	VMs and regional load balancers	`/32`	Google's pool of external IP addresses	Project
Regional external IPv6 addresses	VMs and supported regional load balancers	`/96`	Subnet's external IPv6 address range	Subnet
Global external IPv4 addresses	Global load balancers	`/32`	Google's pool of external IP addresses	Project
Global external IPv6 addresses	Global load balancers	`/64`	Google's pool of external IP addresses	Project

For a list of regional and global load balancers, see the Summary of load balancer types.

Specifications for using static external IP addresses

Only one resource at a time can use a static external IP address.
There is no way to check whether an IP address is static or ephemeral after it has been assigned to a resource. You can compare the IP address against the list of static external IP addresses reserved to that project. Use the compute addresses list sub-command to see a list of static external IP addresses available to the project.
Each VM can have multiple network interfaces, but each network interface can have only one external IP address that is either ephemeral or static.
You cannot change the name of a static IP address.
Assigned external IP addresses exist on the same physical host as the VM instance and exist in the same region as the VM for all purposes, including routing, latency, and pricing. This is true regardless of Internet geolocation lookup information.

Note: Network interfaces can receive traffic from multiple forwarding rules, which might serve other external IP addresses. Any number of external IP addresses can reference a network interface through these forwarding rules, but each network interface can have only one external IP address.

For more information about load balancing and forwarding rules, read the load balancing documentation.

Reserve a new static external IP address

After reserving the address, assign it to a new instance while creating it or to an existing instance.

Console

In the Google Cloud console, go to the Reserve a static address page.

Go to Reserve a static address
Choose a name for the new address.
Specify whether the network service tier is Premium or Standard. IPv6 static address reservation is supported only in the Premium tier.
Specify whether it is an IPv4 or IPv6 address.
Specify whether this IP address is Regional or Global.
- If you are reserving a static IP address for a global load balancer, choose Global and then click Reserve.
- If you are reserving a static IP address for an instance or for a regional load balancer, choose Regional, and then select the region to create the address in.
If you are reserving a regional external IPv6 address, then also choose the following:
- Network: the VPC network
- Subnetwork: the subnet from which to assign the static regional IPv6 address
- Endpoint type: choose VM instance or Network Load Balancer
Optional: If you are reserving the static external IP address for a VM instance, then in the Attached to list, select a VM instance to attach the IP address to.
Click Reserve to reserve the IP address.

gcloud

To reserve a static external IP address, use the gcloud compute addresses create command.

Use the following instructions to reserve a static external IPv4 or IPv6 address:

To reserve a global IP address, use the --global and --ip-version fields. For the --ip-version field, specify either IPv4 or IPv6. Global IP addresses can only be used with global load balancers.
```
gcloud compute addresses create ADDRESS_NAME \
  --global \
  --ip-version [IPV4 | IPV6]
```
Replace ADDRESS_NAME with the name that you want to call this address.
To reserve a regional external IPv4 address, use the --region field.
```
gcloud compute addresses create ADDRESS_NAME \
   --region=REGION
```
Replace the following:
- ADDRESS_NAME: the name that you want to call this address.
- REGION: the region where you want to reserve this address. This region should be the same region as the resource that you want to attach the IP address to.
To reserve a regional external IPv6 address, use the --region, --subnet, --ip-version, and --endpoint-type fields. A /96 IPv6 range is assigned from the specified subnet.
```
gcloud compute addresses create IPV6_ADDRESS_NAME \
   --region=REGION \
   --subnet=SUBNET_NAME \
   --ip-version=IPV6 \
   --endpoint-type=[VM | NETLB]
```
Replace the following:
- IPV6_ADDRESS_NAME: a name for the address.
- REGION: the region for the address.
- SUBNET_NAME: the subnet to assign the static regional IPv6 address from. The subnet must have an assigned external IPv6 address range.
- VM | NETLB: the endpoint type; whether it's a VM instance or a network load balancer.

To view the result, use the gcloud compute addresses describe command:

gcloud compute addresses describe ADDRESS_NAME

API

To create a regional IPv4 address, call the regional addresses.insert method:
```
POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/addresses
```
Your request body should contain the following:
```
{
  "name": "ADDRESS_NAME"
}
```
Replace the following:
- PROJECT_ID: the project ID for this request
- REGION: the name of the region for this request
- ADDRESS_NAME: the name that you want to call the address
For global static IPv4 addresses, call the globalAddresses.insert method:
```
POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/addresses
```
Your request body should contain the following:
```
{
  "name": "ADDRESS_NAME"
}
```
For global static IPv6 addresses, call the globalAddresses.insert method:
```
POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/addresses
```
Your request body should contain the following:
```
{
  "name": "ADDRESS_NAME",
  "ipVersion": "IPV6"
}
```
To see the result, use the addresses.get method.

For regional static IPv6 addresses, call the addresses.insert method:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/addresses

Your request body should contain the following:

{
  "name": "ADDRESS_NAME",
  "ipVersion": "IPV6",
  "ipv6EndpointType": "VM|LB",
  "networkTier": "PREMIUM",
  "subnetwork": "SUBNET"
}

Replace SUBNET with the subnet for this project.

To see the result, use the addresses.get method.

Terraform

You can use the google_compute_address resource to create a regional external IP address.

compute/external_address/main.tf

View on GitHub Feedback

resource "google_compute_address" "default" {
  name   = "my-test-static-ip-address"
  region = "us-central1"
}

The following sample shows how to use the google_compute_global_address resource to create a global external IPv6 address:

examples/global_external_address/main.tf

View on GitHub Feedback

resource "google_compute_global_address" "default" {
  project      = var.project_id # Replace this with your service project ID in quotes
  name         = "ipv6-address"
  address_type = "EXTERNAL"
  ip_version   = "IPV6"
}

Assign a static external IP address to a new VM instance

After you have reserved a static external IP address, you can assign it to a VM.

Console

In the Google Cloud console, go to the Create an instance page.

Go to Create an instance
Specify the VM details.
Expand the Advanced options section.
Expand the Networking section.
In the Network interfaces section, expand a network interface to edit it.
To assign an IPv4 address, do the following:
1. Select a network.
2. Select the IP address from the External IPv4 address list.
To assign an IPv6 address, do the following:
1. Select a network that contains an IPv6 subnet.
2. Select a dual-stack subnet from the Subnetwork list.
3. For IP stack type, select IPv4 and IPv6 (dual-stack).
4. Select the newly reserved external IPv6 address from the External IPv6 address list. Alternatively, select CREATE IP ADDRESS and reserve a new static external IPv6 address.
5. For Network Service Tier, select Premium.
To finish modifying the default network interface, click Done.
Continue with the VM creation process.

gcloud

You can create a VM and assign a static regional external IP address that you have already reserved.

To assign a static external IPv4 address, do the following:
```
gcloud compute instances create VM_NAME --address=IP_ADDRESS
```
Replace the following:
- VM_NAME: the name of the VM.
- IP_ADDRESS: the IP address to assign to the instance. Use the reserved static external IP address, not the address name.

To assign a static external IPv6 address, do the following:

gcloud compute instances create VM_NAME \
    --subnet=SUBNET \
    --stack-type=IPV4_IPV6 \
    --external-ipv6-address=IPV6_ADDRESS \
    --external-ipv6-prefix-length=96 \
    --ipv6-network-tier=PREMIUM \
    --zone=ZONE

compute/external_address/main.tf

View on GitHub

resource "google_compute_instance" "default" {
  name         = "dns-proxy-nfs"
  machine_type = "n1-standard-1"
  zone         = "us-central1-a"

  boot_disk {
    initialize_params {
      image = "ubuntu-1404-trusty-v20160627"
    }
  }

  network_interface {
    network = "default"
    access_config {
      nat_ip = google_compute_address.default.address
    }
  }
}

API

To assign a static external IPv4 address to a new VM, do the following:

In your request to create a new instance, explicitly provide the networkInterfaces[].accessConfigs[].natIP property and the external IPv4 address that you want to use. For example:

{
  "name": "VM_NAME",
  "machineType": "zones/ZONE/machineTypes/MACHINE_TYPE",
  "networkInterfaces": [{
    "accessConfigs": [{
      "type": "ONE_TO_ONE_NAT",
      "name": "External NAT",
      "natIP": "IPV4_ADDRESS"
     }],
    "network": "global/networks/default"
  }],
  "disks": [{
      "autoDelete": "true",
      "boot": "true",
      "type": "PERSISTENT",
      "initializeParams": {
          "sourceImage": "SOURCE_IMAGE"
      }
}]
}

To assign a static external IPv6 address to a new VM, do the following:

In your request to create a new instance, explicitly provide the networkInterfaces[].ipv6AccessConfigs[].externalIpv6 property and the external IPv6 address that you want to use. For example:

{
  "name": "VM_NAME",
  "machineType": "zones/ZONE/machineTypes/MACHINE_TYPE",
  "networkInterfaces": [{
          "accessConfigs": [{
              "name": "external-nat", 
              "type": "ONE_TO_ONE_NAT"
          }], 
          "ipv6AccessConfigs": [{
        "externalIpv6": "IOV6_ADDRESS", 
        "externalIpv6PrefixLength": 96, 
        "name": "external-ipv6-access-config", 
        "networkTier": "PREMIUM", 
        "type": "DIRECT_IPV6"
          }],
      "stackType": "IPV4_IPV6", 
      "subnetwork":"SUBNETWORK     
  }],
  "disks": [{
    "autoDelete": "true",
    "boot": "true",
    "mode": "READ_WRITE",
    "type": "PERSISTENT",
    "initializeParams": {
        "sourceImage": "SOURCE_IMAGE"
    },  
  }], 
 }

Terraform

You can use the google_compute_instance resource to assign an external IP address.

compute/external_address/main.tf

View on GitHub

resource "google_compute_instance" "default" {
  name         = "dns-proxy-nfs"
  machine_type = "n1-standard-1"
  zone         = "us-central1-a"

  boot_disk {
    initialize_params {
      image = "ubuntu-1404-trusty-v20160627"
    }
  }

  network_interface {
    network = "default"
    access_config {
      nat_ip = google_compute_address.default.address
    }
  }
}

Change or assign an external IP address to an existing instance

You can change or assign an external IP address, either ephemeral or static, to an existing instance.

An instance can have multiple interfaces and each interface can have an external IP address. If the instance already has an external IP address, you must remove that address first. Then, you can assign a new external IP address to the existing instance.

Console

In the Google Cloud console, go to the VM instances page.
Go to VM instances
Click the name of the instance that you want to assign an external IP to. The Instance details page displays.
From the Instance details page, complete the following steps:
1. Click Edit.
2. Expand Network interfaces.
3. Select the required external IP address to assign to the instance:
  1. For External IPv4 address, select either Ephemeral or a static external IPv4 address.
  2. For External IPv6 address, select either Ephemeral or a static external IPv6 address.
4. Click Done.
Click Save.

gcloud

Optional: Reserve a static external IP address.

If you want to assign a static external IP address, you must reserve an address and make sure that the address is not currently in use by another resource. If necessary, follow the instructions to reserve a new static external IP address or to unassign a static external IP address.

If you intend to use an ephemeral external IP address, you can skip this step, and Compute Engine randomly assigns an ephemeral external IP address.
Remove the existing IP address assignment.
- To remove an IPv4 address from a VM, delete the existing access configs.
  
  You can set one access configuration for each instance. Before you attempt to assign a new access configuration to an instance, check to see if your instance has an access configuration by making a request using the gcloud compute instances describe command:
```
gcloud compute instances describe VM_NAME
```
  If there is an existing access configuration, the access configuration appears in the following format:
```
networkInterfaces:
- accessConfigs:
  - kind: compute#accessConfig
    name: external-nat
    natIP: 203.0.113.1
    type: ONE_TO_ONE_NAT
```
  Note: The name of your access configuration might be different than external-nat; make sure to check for your own access config name. In some cases, an earlier version of the access config name, External NAT, might be used.
  
  Before you add a new access config, you must delete the existing access config by using the instances delete-access-config sub-command:
```
gcloud compute instances delete-access-config VM_NAME \
    --access-config-name="ACCESS_CONFIG_NAME"
```
  Replace the following:
  - VM_NAME: the name of the VM.
  - ACCESS_CONFIG_NAME: the access config to delete. Make sure to include the full name between quotes.
- To remove an IPv6 address from a VM, change the stack type.
  
  Check if your instance has an IPv6 configuration by making a request using the gcloud compute instances describe command:
```
gcloud compute instances describe VM_NAME \
    --zone=ZONE
```
  Replace the following:
  - VM_NAME: the name of the VM instance.
  - ZONE: the zone of the VM instance.
  If an external IPv6 address has already been assigned to nic0, the configuration is displayed in the following format:
```
networkInterfaces:
  ...
  ipv6AccessConfigs:
  - externalIpv6: 2001:db8:4000:15:0:0:0:0
    externalIpv6PrefixLength: 96
    kind: compute#accessConfig
    name: external-ipv6
    networkTier: PREMIUM
    type: DIRECT_IPV6
  ipv6AccessType: EXTERNAL
  kind: compute#networkInterface
  name: nic0
```
  Remove the existing IPv6 address configuration by using the instance network-interfaces update sub-command:
```
gcloud compute instances network-interfaces update VM_NAME \
  --network-interface=NIC \
  --stack-type=IPV4_ONLY \
  --zone=ZONE
```
  Replace the following:
  - NIC: the name of the network interface.
  - VM_NAME: the name of the VM instance.
  - ZONE: the zone of the VM instance.
Assign the new external IP address.
- To assign an IPv4 address, use the instances add-access-config sub-command:
  
  Note: Don't replace IP_ADDRESS with the name of the static IP address. You must use the actual IP address.
```
gcloud compute instances add-access-config VM_NAME \
--access-config-name="ACCESS_CONFIG_NAME" --address=IP_ADDRESS
```
  Replace the following:
  - VM_NAME: the name of the VM.
  - ACCESS_CONFIG_NAME: the name to call this access config. Make sure to include the full name between quotes.
  - IP_ADDRESS: the IP address to add.
  If you want Compute Engine to assign an ephemeral external IP address rather than using a static external IP address, omit the --address IP_ADDRESS property:
```
gcloud compute instances add-access-config VM_NAME \
  --access-config-name="ACCESS_CONFIG_NAME"
```
- To assign an IPv6 address range, use the instance network-interfaces update sub-command:
```
gcloud compute instances network-interfaces update VM_NAME \
  --network-interface==NIC \
  --ipv6-network-tier=PREMIUM \
  --stack-type=IPV4_IPV6 \
  --external-ipv6-address=IPV6_ADDRESS \
  --external-ipv6-prefix-length=96 \
  --zone=ZONE
```
  Replace the following:
  - VM_NAME: the name of the VM instance.
  - NIC: the name of the network interface.
  - IPV6_ADDRESS: the IPv6 address to assign to the VM. Specify the first IPv6 address in the /96 range.
  - ZONE: the zone of the VM instance.

API

You can change the external IPv4 or IPv6 address of a VM by adding a new access configuration for that VM.

Check if your VM has an existing access configuration. To check the VM details, make a GET request to the instances.get method.

 GET https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/VM_NAME

Replace the following:

PROJECT_ID: the project ID for this request
ZONE: the zone where the VM is located
VM_NAME: the name of the VM

If there is an existing IPv4 access configuration, the response is similar to the following:

"networkInterfaces": [
  {
    "network":
    ...
    "name": "nic0",
    "accessConfigs": [
      {
        "type": "ONE_TO_ONE_NAT",
        "name": "External NAT",
        "natIP": "IPV4_ADDRESS",
        "networkTier": "PREMIUM",
        "kind": "compute#accessConfig"
      }
    ],
    ...
  }
]

The networkInterfaces[].accessConfigs[].natIP field returns the static external IPv4 address of the VM.

If there is an existing IPv6 access configuration, the response is similar to the following:

  
"networkInterfaces": [
  {
    "network":
    ...
    "name": "nic0",
    "ipv6AccessConfigs": [
      {
        type: "DIRECT_IPV6",
        "name": "external-ipv6",
        "externalIpv6": "IPV6_ADDRESS",
        "externalIpv6PrefixLength": 96,
        "networkTier": "PREMIUM",
        "kind": "compute#accessConfig"
      }
    ],
    ...
  }
]

The networkInterfaces[].ipv6AccessConfigs[].externalIpv6 field returns the static external IPv6 address of the VM.

Delete the existing access configuration by making a POST request to the instances.deleteAccessConfig method.

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/VM_NAME/deleteAccessConfig

Add a new access configuration to the network interface of the VM by making a POST request to the instances.addAccessConfig method.
- For IPv4 addresses, make the following request:
```
POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/VM_NAME/addAccessConfig
{
"natIP": "IPV4_ADDRESS",
"name": "ACCESS_CONFIG_NAME"
}
```
- For IPv6 addresses, update the networkInterfaces[].ipv6AccessConfigs[].externalIpv6 property and the external IPv6 address that you want to use.
  
  See Assign a static external IP address to a new VM instance

Promote an ephemeral external IP address

If your instance has an ephemeral external IP address and you want to permanently assign the IP address to your project, promote the ephemeral external IP address to a static external IP address. Promoting an ephemeral external IP address to reserved does not cause Google Cloud to drop packets sent to the instance. This includes packets sent to the instance directly or by means of a load balancer.

Console

Go to the IP addresses page.
Go to IP addresses
Click External IP addresses.
Optional: In the Filter field, search for the ephemeral IP address that you want to promote.
In the More actions menu () of the IP address that you want to promote, select Promote to static IP address.
Enter a name for the new static IP address, and then click Reserve.

gcloud

Use the following instructions to promote a static external IPv4 or IPv6 address:

To promote an ephemeral external IPv4 address to a static external IPv4 address, provide the ephemeral external IP address by using the --addresses flag with the compute addresses create command. Use the region flag to promote an ephemeral regional IP address or the global flag to promote an ephemeral global IP address.
```
gcloud compute addresses create ADDRESS_NAME --addresses=IP_ADDRESS \
    [--region=REGION | --global]
```
Replace the following:
- ADDRESS_NAME: the name that you want to call this address.
- IP_ADDRESS: the IP address that you want to promote.
- REGION: the region that the regional IP address belongs to.
To promote an ephemeral regional external IPv6 address to a static regional external IPv6 address, provide the ephemeral external IP address by using the --addresses flag with the compute addresses create command.
```
gcloud compute addresses create ADDRESS_NAME \
    --region=REGION \
    --addresses=IPV6_ADDRESS \
    --prefix-length=96
```
Replace the following:
- ADDRESS_NAME: a name for the IP address resource.
- REGION: the region for the IPv6 address resource.
- IPV6_ADDRESS: the IPv6 address that you are promoting.

API

To promote an ephemeral regional IP address, call the addresses.insert method:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/addresses

To promote an ephemeral global IP address, make a POST request to the following URI:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/addresses

Specify the values for the required fields of the request body:

For IPv4 addresses, your request body should contain the following fields:

{
  "name": "ADDRESS_NAME",
  "address": "IPV4_ADDRESS"
  "addressType": "EXTERNAL"
}

For IPv6 addresses, your request body should contain the following fields:
```
{
  "name": "ADDRESS_NAME",
  "address": "IPV6_ADDRESS"
  "prefixLength": 96
  "addressType": "EXTERNAL"
}
```
Replace the following:
- ADDRESS_NAME: the name that you want to call this address
- IPV4_ADDRESS|IPV6_ADDRESS: the IPv4 or IPv6 address that you want to promote
- REGION: the region that the IPv4 or IPv6 address belongs to
- PROJECT_ID: the project ID for this request

The external IP address remains attached to the instance even after it has been promoted to a static external IP address. If you need to assign the newly promoted static external IP address to another resource, unassign the static external IP address from the existing instance.

List static external IP addresses

To list static external IP addresses that you have reserved for your project, follow these steps.