Reserve a static internal IP address

This page shows you how to configure and manage static internal IPv4 or IPv6 addresses in Virtual Private Cloud (VPC) networks.

If a virtual machine (VM) instance requires a fixed internal IP address that does not change, you can obtain a static internal IP address for that VM by using one of the following options:

Reserve a new static internal IP address and then assign the address when creating the VM.
Promote an existing ephemeral internal IP address to become a static internal IP address.

To learn how to manage secondary internal IP addresses, read Alias IP ranges.

In Compute Engine, each VM instance can have multiple network interfaces. Each interface can have one external IP address, one primary internal IP address, and one or more secondary internal IP addresses. Forwarding rules can have external IP addresses for external load balancing or internal addresses for internal load balancing. To learn about IP addresses, read the IP addresses documentation.

Static internal IP addresses provide the ability to reserve internal IP addresses from the IP address range configured in the subnet, and then assign those reserved internal IP addresses to resources as needed. Reserving an internal IP address takes that address out of the dynamic allocation pool and prevents it from being used for automatic allocations. Reserving static internal IP addresses requires specific Identity and Access Management (IAM) permissions so that only authorized users can reserve a static internal IP address.

With the ability to reserve static internal IP addresses, you can always use the same IP address for the same resource even if you have to delete and re-create the resource.

To reserve a static external IP address instead of an internal IP address, see Reserve a static external IP address.

Before you begin

Read about IP addresses.
Set up authentication.

Select the tab for how you plan to use the samples on this page:
Console

When you use the Google Cloud console to access Google Cloud services and APIs, you don't need to set up authentication.
gcloud
1. Install the Google Cloud CLI, then initialize it by running the following command:
```
gcloud init
```
  Note: If you installed the gcloud CLI previously, make sure you have the latest version by running gcloud components update.
2. Set a default region and zone.
Terraform

To use the Terraform samples on this page from a local development environment, install and initialize the gcloud CLI, and then set up Application Default Credentials with your user credentials.
1. Install the Google Cloud CLI.
2. To initialize the gcloud CLI, run the following command:
```
gcloud init
```
3. Create local authentication credentials for your Google Account:
```
gcloud auth application-default login
```
For more information, see Set up authentication for a local development environment.
REST

To use the REST API samples on this page in a local development environment, you use the credentials you provide to the gcloud CLI.

Permissions

To reserve and manage static internal IP addresses, you need to be granted the compute.networkAdmin role, or one or more of the following permissions:

compute.addresses.create on the IP address
compute.addresses.createInternal on the IP address
compute.instances.update on the VM instance
compute.subnetworks.use on the subnetwork

Restrictions

You cannot unassign or change the internal IPv4 address of an existing resource. For example, you cannot assign a new static internal IP address to a running or a stopped VM instance. You can, however, promote the ephemeral internal IP address of a resource to a static internal IP address so that the address remains reserved even after the resource is deleted.
The number of static internal IP addresses that you can reserve cannot exceed your project's quota. For more information, see the per-project quotas in the VPC documentation.
Only one resource at a time can use a static internal IP address.
Reserving a static internal IP address is only supported for VPC networks. It is not supported for legacy mode networks.
Deleting a resource does not automatically release a static internal IP address. You must manually release static internal IP addresses when you no longer require them.
You cannot change the name of a static IP address.
Static internal IP addresses are regional, meaning they are restricted to the region in which you reserved the static internal IP address. For example, if you reserved a static internal IP address in the us-east4 region, you can only use the IP address in us-east4.

How to reserve a static internal IP address

You can reserve a static internal IP address before creating the associated resource. You can also create the resource with an ephemeral internal IP address and then promote that ephemeral IP address to a static internal IP address.

To use a static internal IP address, you must have a VPC network in place for your project. To learn how to create your VPC network, see Create and manage VPC networks.

Reserve a static internal IPv4 or IPv6 address and then associate it with a specific resource

In this scenario, you separately reserve a static internal IP address and then assign it to a resource:

Create a subnet in your VPC network. For IPv6 addresses, create a dual-stack subnet.
Reserve an internal IP address from the subnet's primary IP range. This step creates an internal IP address resource that contains that specific internal IP address. This step also prevents Google Cloud from automatically allocating that address as an ephemeral address.
Use the reserved internal IP address by associating it with a VM instance or an internal load balancer when you create the VM or load balancer resource.

Note: You can create only internal passthrough Network Load Balancers by using internal IPv6 addresses. For more information about the supported IP address type for different load balancers, see Summary of Google Cloud load balancers.

Specify an ephemeral internal IPv4 or IPv6 address for a resource and then promote the address

In this scenario, you promote an ephemeral internal IPv4 or IPv6 address that is still attached to a resource:

Create a subnet in your VPC network. For IPv6 addresses, create a dual-stack subnet.
Create a VM instance or an internal load balancer with either an automatically allocated ephemeral IPv4 or IPv6 address or a specific IPv4 address.

Note: You can create only internal passthrough Network Load Balancers by using internal IPv6 addresses. For more information about the supported IP address type for different load balancers, see Summary of Google Cloud load balancers.

The two methods are outlined in Figure 1.

Internal IP address reservation states. — **Figure 1.** Internal IP address reservation states (click to enlarge).

Configure and manage static internal addresses

VM interfaces are assigned IP addresses from the subnet that they are connected to. Each VM interface has one primary internal IPv4 address that is assigned from the subnet's primary IPv4 range. If the VM is connected to a dual-stack subnet with an internal IPv6 range, you can assign an internal IPv6 address to each network interface.

Internal IPv4 addresses can be assigned in the following ways:

Compute Engine assigns a single IPv4 address from the primary IPv4 subnet range automatically.
You can assign a specific internal IPv4 address when you create a VM instance, or you can reserve a static internal IPv4 address for your project and assign that address to a VM network interface.

Internal IPv6 addresses can be assigned in the following ways:

Compute Engine assigns a single /96 range from the IPv6 subnet range automatically.
You can reserve a static internal IPv6 address range from the subnet's internal IPv6 range and assign it to a VM network interface.

The following procedures let you configure and manage static internal IP addresses:

Reserve a new static internal IPv4 or IPv6 address
Reserve a static internal IP address range for HA VPN over Cloud Interconnect
Determine if an internal IPv4 or IPv6 address is ephemeral or static
Promote an in-use ephemeral internal IPv4 or IPV6 address to a static address
Create a VM instance with a reserved internal IPv4 or IPv6 address
Create an internal load balancer with a static internal IPv4 address
Use a static internal IPv4 or IPv6 address for a secondary network interface
Change or assign an internal IPv6 address to an existing instance
Unassign a static internal IPv6 address
Use a static internal IPv4 or IPv6 address with Shared VPC
List static internal IPv4 or IPv6 addresses
Delete a static internal IPv4 or IPv6 address

Reserve a new static internal IPv4 or IPv6 address

Before you can reserve a new static internal IP address, you must create a VPC network with a subnet.

If you want to reserve a new static internal IPv6 address, the VPC network must have the ULA internal IPv6 range enabled. In addition, it must have a dual-stack subnet with the INTERNAL IPv6 access type.

To reserve a standalone internal IP address, complete the following steps.

Console

In the Google Cloud console, go to the IP addresses page.
Go to IP addresses
Click Reserve internal static IP address.
In the Name field, enter an IP address name.
In the IP version list, select the required IP version:
- To reserve a static internal IPv4 address, select IPv4.
- To reserve a static internal IPv6 address, select IPv6.
In the Network and Subnetwork lists, select a VPC network and a subnet respectively.
Specify how you want to reserve the IP address:
- For IPv4 addresses, to specify a static internal IPv4 address to reserve, for Static IP address, select Let me choose, and then enter a custom IP address. Otherwise, the system automatically assigns a static internal IPv4 address in the subnet for you.
- For IPv6 addresses, the system automatically assigns a static internal IPv6 address from the subnet's internal IPv6 address range.
Optional: If you want to share the static internal IPv4 address in different frontends, in the Purpose list, choose Shared. The default selection is Non-shared.

Note: You cannot share a static internal IPv6 address across multiple load balancer frontends.
Click Reserve.

gcloud

To reserve an internal IPv4 address, use the compute addresses create command:
```
gcloud compute addresses create ADDRESS_NAMES \
    --region REGION --subnet SUBNETWORK \
    --addresses IP_ADDRESS
```
Replace the following:
- ADDRESS_NAMES: the names of one or more [--purpose=SHARED_LOADBALANCER_VIP] addresses that you want to create. In case of multiple addresses, specify all the addresses as a list, separated by spaces—for example, example-address-1 example-address-2 example-address-3
- REGION: the region for this request.
- SUBNETWORK: the subnet for this internal IP address.
- IP_ADDRESS: the IP address to reserve, which must be within the subnet's primary IP range. If unspecified, an IP address is automatically allocated from the subnet.
To reserve an internal IPv6 address, use the compute addresses create command. Specify IPV6 as the value for --ip-version:
```
gcloud compute addresses create ADDRESS_NAMES \
    --region REGION --subnet SUBNETWORK \
    --ip-version IPV6
```
Replace the following:
- ADDRESS_NAMES: the names of one or more addresses that you want to reserve. In case of multiple addresses, specify all the addresses as a list, separated by spaces—for example, example-address-1 example-address-2 example-address-3
- REGION: the region for this request.
- SUBNETWORK: the subnet for this internal IPv6 address.
Unlike internal IPv4 reservation, internal IPv6 reservation doesn't support reserving a specific IP address from the subnetwork. Instead, a /96 internal IPv6 address is automatically allocated from the subnet's /64 internal IPv6 address range.

Examples

Reserve an automatically allocated internal IPv4 address from a subnet:

gcloud compute addresses create example-address-1 \
    --region us-central1 \
    --subnet subnet-1

Reserve a specific internal IPv4 address from a subnet:

gcloud compute addresses create example-address-1 \
    --region us-central1 \
    --subnet subnet-1 \
    --addresses 10.128.0.12

Reserve a static internal IPv6 address from a subnet:

gcloud compute addresses create example-address-1 \
    --region us-central1 \
    --subnet subnet-1 \
    --ip-version IPV6

Create multiple IPv4 addresses by passing in more than one IPv4 address name; all the addresses are reserved in the same subnet:

gcloud compute addresses create example-address-1 example-address-2 \
    --region us-central1 \
    --subnet subnet-1 \
    --addresses 10.128.0.12,10.128.0.13

Terraform

You can use a Terraform module to create an internal IP address.

In the following example, the Terraform arguments have example values that you can change. The example creates two specific internal IP addresses:

examples/internal_with_specific_ip/main.tf

View on GitHub Feedback

module "address" {
  source     = "terraform-google-modules/address/google"
  version    = "~> 3.1"
  project_id = var.project_id # Replace this with your project ID in quotes
  region     = "asia-east1"
  subnetwork = "my-subnet"
  names      = ["internal-address1", "internal-address2"]
  addresses  = ["10.0.0.3", "10.0.0.4"]
}

The following example creates two dynamically allocated internal IP addresses:

examples/internal_with_dynamic_ip/main.tf

View on GitHub Feedback

module "address" {
  source     = "terraform-google-modules/address/google"
  version    = "~> 3.1"
  project_id = var.project_id # Replace this with your project ID in quotes
  region     = "asia-east1"
  subnetwork = "my-subnet"
  names      = ["internal-address1", "internal-address2"]
}

REST

Use the addresses.insert method:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/addresses

For both IPv4 and IPv6 addresses, the body of the request must include the addressType field, which should be INTERNAL, the name of the address, and the subnetwork that the IP address belongs to. The body of the request can optionally include the purpose of the internal IP address.

In addition, for internal IPv4 addresses, you can let the system automatically allocate an IP address for you, or use address to specify an internal IPv4 address. The IPv4 address must belong to the subnet's primary IP address range.

{
  "addressType": "INTERNAL",
  "name": "IPV4_ADDRESS_NAME",
  "subnetwork": "regions/REGION/subnetworks/SUBNETWORK",
  "address": "IPV4_ADDRESS"
  "purpose": "GCE_ENDPOINT"
}

For example:

POST https://compute.googleapis.com/compute/v1/projects/example-project/regions/us-central1/addresses
{
  "addressType": "INTERNAL",
  "name": "example-ipv4-address-1",
  "subnetwork": "regions/us-central1/subnetworks/my-custom-subnet",
  "address": "10.128.0.12"
  "purpose": "GCE_ENDPOINT"
}

For internal IPv6 addresses, you need to also specify ipVersion as IPV6. The system automatically assigns a static internal IPv6 address from the subnet's internal IPv6 address range.

{
  "addressType": "INTERNAL",
  "name": "IPV6_ADDRESS_NAME",
  "ipVersion": "IPV6",
  "subnetwork": "regions/REGION/subnetworks/SUBNETWORK",
  "purpose": "GCE_ENDPOINT"
}

For example:

POST https://compute.googleapis.com/compute/v1/projects/example-project/regions/us-central1/addresses
{
  "addressType": "INTERNAL",
  "name": "example-ipv6-address-1",
  "ipVersion": "IPV6"
  "subnetwork": "regions/us-central1/subnetworks/my-custom-subnet",
  "purpose": "GCE_ENDPOINT"
}

Reserve a static internal IP address range for HA VPN over Cloud Interconnect

You can reserve a static internal IP address range to use with HA VPN over Cloud Interconnect.

When you create the static internal IP address, you must specify the flag --purpose=IPSEC_INTERCONNECT and a prefix length (--prefix-length) between 26 and 29.

The regional internal IPv4 addresses that you reserve are applied to the HA VPN gateways used by Cloud Interconnect.

For more information, see Assign internal IP address ranges to HA VPN gateways.

Determine if an internal IPv4 or IPv6 address is ephemeral or static

Static and ephemeral internal IP addresses behave and appear the same in most contexts. To determine if an address is static or ephemeral, do the following:

In the Google Cloud console, go to the IP addresses page.
Go to IP addresses
Find the address in the list and check the Type column for the type of IP address.

Promote an in-use ephemeral internal IPv4 or IPv6 address to a static address

If you have ephemeral internal IP addresses that are in use, you can promote these addresses to static internal IP addresses so that the addresses remain with your project until you actively remove them.

To promote an ephemeral internal IP address to a static internal IP address, complete the following steps.

Console

In the Google Cloud console, go to the IP addresses page.
Go to IP addresses
Click Internal IP addresses.
Optional: In the Filter field, search for the ephemeral IP address that you want to promote.
In the More actions menu () of the IP address that you want to promote, select Promote to static IP address.
Enter a name for the new static IP address, and then click Reserve.

gcloud

Before promoting an existing ephemeral internal IPv6 address, you need to know the value of that IP address. Use the Google Cloud CLI to make a describe request to the resource to get the IP address value.
- For IPv4 addresses, use the following command:
```
gcloud compute instances describe INSTANCE_NAME --zone ZONE | grep "networkIP"
```
- For IPv6 addresses, use the following command:
```
gcloud compute instances describe INSTANCE_NAME --zone ZONE | grep "ipv6Address"
```
The gcloud CLI returns the networkIP value (for IPv4) or the ipv6Address value (for IPv6), which is the internal IP address being used by the resource.
Promote the address:
- To promote one or more existing internal IPv4 addresses, use the compute addresses create command and provide the --addresses flag with the explicit internal IP addresses to promote:
```
gcloud compute addresses create IPV4_ADDRESS_NAMES \
  --addresses IPV4_ADDRESSES \
  --region REGION \
  --prefix-length PREFIX_LENGTH \
  --subnet SUBNETWORK
```
  Replace the following:
  - IPV4_ADDRESS_NAMES: the names of the IPv4 addresses. In case of multiple addresses, specify all the address names as a list, separated by spaces—for example, example-address-name-1 example-address-name-2 example-address-name-3. Declare the names in the same order that you declare the IP addresses. For example, suppose you specify the address names as example-address-name-1 example-address-name-2 example-address-name-3 and the IPv4 addresses as 192.0.2.0 192.0.2.1 192.0.2.2. In this scenario, Compute Engine maps the names and addresses in the following way:
    - example-address-name-1: 192.0.2.0
    - example-address-name-2: 192.0.2.1
    - example-address-name-3: 192.0.2.2
  - IPV4_ADDRESSES: the IPv4 addresses to promote. In case of multiple addresses, specify all the addresses as a list, separated by spaces—for example, 192.0.2.0 192.0.2.1 192.0.2.2.
  - REGION: the region to reserve this address.
  - PREFIX_LENGTH: Optional. The prefix length of the IPv4 address range. The value must be an integer between 7 and 31. Include this field only if you specify an address range. Exclude the field if the specified IPv4 address is a single IP address.
  - SUBNETWORK: the subnetwork for this request.
- To promote one or more existing internal IPv6 addresses, use the compute addresses create command and provide the --addresses flag with the explicit internal IPv6 addresses:
```
gcloud compute addresses create IPV6_ADDRESS_NAMES \
 --addresses IPV6_ADDRESSES \
 --region REGION \
 --prefix-length PREFIX_LENGTH \
 --subnet SUBNETWORK
```
  Replace the following:
  - IPV6_ADDRESS_NAMES: the names of the address. Declare the names in the same order that you declare the IPv6 addresses. In this case, IPV6_ADDRESS_NAME_1 corresponds with IPV6_ADDRESS_1, and IPV6_ADDRESS_NAME_2 corresponds with IPV6_ADDRESS_2.
  - IPV6_ADDRESS_1,[IPV6_ADDRESS_2,...]: the IPv6 addresses to promote in CIDR format.
  - PREFIX_LENGTH_1,[PREFIX_LENGTH_2,...]: the prefix length of IPv6 addresses.
  - REGION: the region to reserve this address.
  - SUBNETWORK: the subnetwork for this request.
  The internal IPv6 address remains attached to the existing instance even after it has been promoted to a static internal IPv6 address. If you need to assign the newly promoted static internal IPv6 address to another resource, first unassign the static internal IPv6 address from the existing instance.

REST

Use the addresses.insert method:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/addresses

For both IPv4 and IPv6 addresses, the body of the request must include the addressType, which should be INTERNAL, the name of the address, the address to promote, and the subnetwork that the IP address belongs to. For IPv6 addresses, additionally, the body of the request must include prefixLength with 96 as the value.

Request body for promoting internal IPv4 addresses:

{
"name": "ADDRESS_NAME",
"addressType": "INTERNAL",
"address": "IP_ADDRESS",
"subnetwork": "regions/REGION/subnetworks/SUBNETWORK"
}

For example:

POST https://compute.googleapis.com/compute/v1/projects/example-project/regions/us-central1/addresses
{
"name": "example-IPv4-address-1",
"addressType": "INTERNAL",
"address": "10.128.0.2",
"subnetwork": "regions/us-central1/subnetworks/my-custom-subnet"
}

Request body for promoting internal IPv6 addresses:

{
"name": "ADDRESS_NAME",
"addressType": "INTERNAL",
"address": "IP_ADDRESS",
"subnetwork": "regions/REGION/subnetworks/SUBNETWORK"
"prefixLength": 96
}

For example:

POST https://compute.googleapis.com/compute/v1/projects/example-project/regions/us-central1/addresses
{
"name": "example-IPv6-address-1",
"addressType": "INTERNAL",
"address": "fd20:0:0::",
"subnetwork": "regions/us-central1/subnetworks/my-custom-subnet"
"prefixLength": 96
}

Create a VM instance with a reserved internal IPv4 or IPv6 address

After you reserve a static internal IP address, you can assign the reserved address to a VM instance when you create the instance.

When you create a VM that is connected to a dual-stack subnet with an internal IPv6 range without specifying any reserved static internal IPv6 address, Compute Engine automatically assigns the VM an ephemeral internal IPv6 address from the subnet's IPv6 range.

Console

In the Google Cloud console, go to the Create an instance page.

Go to Create an instance
Expand the Advanced options section.
Expand the Networking section.
To assign an internal IPv4 address, do the following:
1. Select a network and a subnetwork.
2. Select a reserved internal IPv4 address from the Primary internal IPv4 address list.
Alternatively, select Reserve static internal IP address and reserve a new static internal IPv4 address.
To assign an internal IPv6 address, do the following:
1. Select a network that contains an IPv6 subnet.
2. Select a dual-stack subnet from the Subnetwork list. The subnet must have the INTERNAL IPv6 access type.
3. For IP stack type, select IPv4 and IPv6 (dual-stack).
4. Select a reserved internal IPv6 address from the Primary internal IPv6 address list.
Alternatively, select Reserve static internal IPv6 address and reserve a new static internal IPv6 address.
To finish modifying the default network interface, click Done.
Continue with the VM creation process.
Click Create.

gcloud

To create an instance with a reserved internal IPv4 address, use the --private-network-ip flag to specify a reserved internal IPv4 address when you create the instance:
```
gcloud compute instances create VM_NAME
    --private-network-ip IP_ADDRESS
```
Replace the following:
- VM_NAME: the name of the VM that you want to create.
- IP_ADDRESS: the IP address that you want to assign.
If you're using a custom subnet mode network, you must also specify the subnet by using the --subnet SUBNET parameter.
To create an instance with a reserved internal IPv6 address, use the --internal-ipv6-address flag to specify the reserved internal IPv6 address when you create the instance:
```
gcloud compute instances create VM_NAME
    --subnet SUBNETWORK
    --stack-type IPV4_IPV6
    --internal-ipv6-address INTERNAL_IPV6_ADDRESS
    --zone ZONE
```
Replace the following:
- VM_NAME: the name of the VM that you want to create.
- SUBNETWORK: the subnet for the internal IPv6 address.
- INTERNAL_IPV6_ADDRESS: the /96 IPv6 address, the IP address name, or the URI of the address resource. The IP address must be reserved before you can use it.
- ZONE: the zone for the VM.

REST

To create a VM instance with a static internal IP address, use the instances.insert method.

For internal IPv4 addresses, explicitly provide the networkInterfaces[].networkIP property with the internal IPv4 address that you want to assign for the VM.

For example:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances

{
"name": "VM_NAME",
"machineType": "zones/us-central1-f/machineTypes/e2-micro",
"networkInterfaces": [{
  "accessConfigs": [{
    "type": "ONE_TO_ONE_NAT",
    "name": "External NAT",
  }],
  "network": "global/networks/default",
  "networkIP": "IPV4_ADDRESS"
}],
"disks": [{
  "autoDelete": "true",
  "boot": "true",
  "type": "PERSISTENT",
  "initializeParams": {
      "sourceImage": "projects/debian-cloud/global/images/v20150818"
  }
}]
}

Replace the following:

PROJECT_ID: the ID of the project to create the VM in.
ZONE: the zone to create the VM in.
VM_NAME: the name of the virtual machine.
IPV4_ADDRESS: the internal IPv4 address to assign to the VM.

For internal IPv6 addresses, explicitly specify the values for the following properties:

networkInterfaces[].stackType
networkInterfaces[].ipv6Address
networkInterfaces[].internalIpv6PrefixLength
networkInterfaces[].ipv6AccessType

For example:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances
{
"name": "VM_NAME",
"machineType": "zones/us-central1-f/machineTypes/e2-micro",
"networkInterfaces": [{
  "accessConfigs": [{
    "type": "ONE_TO_ONE_NAT",
    "name": "External NAT",
  }],
  "network": "global/networks/default",
  "stackType": "IPV4_IPV6"
  "ipv6Address": ""IPV6_ADDRESS"",
  "internalIpv6PrefixLength": 96
  "ipv6AccessType": INTERNAL,
}],
"disks": [{
  "autoDelete": "true",
  "boot": "true",
  "type": "PERSISTENT",
  "initializeParams": {
      "sourceImage": "projects/debian-cloud/global/images/v20150818"
  }
}]
}

Replace the following:

PROJECT_ID: the ID of the project to create the VM in.
ZONE: the zone to create the VM in.
VM_NAME: the name of the VM.
IPV6_ADDRESS: the internal IPv6 address to assign to the VM.

If you delete an instance with a specified IP address, the address goes back into the unallocated address pool. If you need an internal IP address to persist beyond the life of the instance, you can reserve a static internal IP address.

Create an internal load balancer with a static internal IPv4 address

To create an internal load balancer that uses a static internal IPv4 address, see the following:

Use a static internal IPv4 or IPv6 address for a secondary network interface

When you create a VM instance with multiple network interfaces, you can use a reserved static internal IPv4 or IPv6 address for both primary and secondary network interfaces.

To use a static internal IPv4 or IPv6 address for a secondary network interface, see Create VM instances with multiple network interfaces.

Change or assign an internal IPv6 address to an existing VM

You can change or assign an internal IPv6 address to an existing VM instance.

If the instance already has an internal IPv6 address assigned to it, you must first unassign that address. Then, assign a new address to the instance by using the instance's network interface.

To change or assign a static internal IPv6 address to an existing VM instance, complete the following steps.

Console

Reserve a static internal IPv6 address.
In the Google Cloud console, go to the VM instances page.
Go to VM instances
Click the name of the instance whose internal IPv6 address you want to change.
On the Instance details page, complete the following steps:
1. Click Edit.
2. Expand Network interfaces.
3. In the Primary internal IPv6 address list, select either Auto-allocated (/96) or a reserved static internal IPv6 address.
4. Click Done.
Click Save.

gcloud

Use the compute instances network-interfaces update command.

gcloud compute instances network-interfaces update VM_NAME \
    --network-interface NIC \
    --ipv6-network-tier PREMIUM \
    --stack-type IPV4_IPV6 \
    --internal-ipv6-address INTERNAL_IPV6_ADDRESS \
    --zone ZONE

Replace the following:

VM_NAME: the name of the VM that you want to create.
NIC: the name of the network interface to update.
INTERNAL_IPV6_ADDRESS: the /96 internal IPv6 address to be assigned to the interface, the IP address name, or the URI of the address resource.
ZONE: the zone for the VM.

REST

Use the instances.update method. Update the networkInterfaces[].ipv6Address property with the internal IPv6 address that you want to assign.

For example:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/VM_NAME
  {
    ...
    "networkInterfaces": [{
      "accessConfigs": [{
        "type": "ONE_TO_ONE_NAT",
        "name": "External NAT",
      }],
      "stackType": "IPV4_IPV6"
      "ipv6Address": "IPV6_ADDRESS",
      "internalIpv6PrefixLength": 96
      "subnetwork": "regions/REGION/subnetworks/SUBNETWORK",
    }],
    "disks": [{
      "autoDelete": "true",
      "boot": "true",
      "type": "PERSISTENT",
      "initializeParams": {
          "sourceImage": "projects/debian-cloud/global/images/v20150818"
      }
    }]
  }

Replace the following:

PROJECT_ID: the ID of the project the VM is in.
ZONE: the zone to create the VM in.
VM_NAME: the name of the VM.
IPV6_ADDRESS: the internal IPv6 address to assign to the VM.

If you specify the URI of the internal IPv6 address resource or an IPv6 address range as the value for IPV6_ADDRESS, then you must leave the value of internalIpv6PrefixLength blank.

Change the IP address of a forwarding rule

If you changed the internal IP address for a VM and need to update a forwarding rule, do the following:

Unassign the IP address.
Delete the forwarding rule using the gcloud compute forwarding-rules delete command or the forwardingRules.delete method.
Recreate the forwarding rule using the gcloud compute forwarding-rules create command or the forwardingRules.insert method.

Unassign a static internal IPv6 address

You can unassign a static internal IPv6 address from a VM instance by updating the instance's network interface or by deleting the instance to which the address is assigned.

When you unassign an internal IPv6 address, the system removes it from the resource but keeps the address reserved for your project. You can later reassign the address to another resource.

To unassign a static internal IPv6 address from a VM instance, complete the following steps.

Console

In the Google Cloud console, go to the VM instances page.
Go to VM instances
Click the name of the instance whose internal IPv6 address you want to unassign.
On the Instance details page, complete the following steps:
1. Click Edit.
2. Expand Network interfaces.
3. For IP stack type, select IPv4 (single-stack).
4. Click Done.
Click Save.

gcloud

Use the compute instances network-interfaces update command with the --stack-type flag set to IPV4_ONLY:

gcloud compute instances network-interfaces update VM_NAME \
    --network-interface NIC \
    --stack-type IPV4_ONLY \
    --zone ZONE

Replace the following:

VM_NAME: the name of the VM whose network interface you want to update.
NIC: the name of the network interface to update.
ZONE: the zone for the VM.

Check that your static internal IPv6 address is now available and marked as RESERVED instead of IN_USE:

gcloud compute addresses list \
    --filter="region=REGION AND name=NAME"

REST

Update the instance stack type of the network interface where the internal IPv6 address is attached:

Make a PATCH request to the instances.updateNetworkInterface method.
In the request body, update the value of the stackType field to IPV4_ONLY.

For example:
```
PATCH https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/VM_NAME/updateNetworkInterface
{
  "networkInterfaces": [{
    ...
    "stackType" : "IPV4_ONLY"
    ...
    }]
}
```
Replace the following:
- PROJECT_ID: the ID of the project that the VM is in.
- ZONE: the zone to create the VM in.
- VM_NAME: the name of the VM.

Use a static internal IPv4 or IPv6 address with Shared VPC

You can create a reserved static internal IP address in a shared subnet of a Shared VPC network. The IP address object itself is created in the same service project as the resource that will use it, even though its value comes from the range of available IP addresses in the selected shared subnet of the Shared VPC network. For more information about this use case, see the following resources:

The IP addresses section in the Shared VPC overview
The Reserve a static internal IPv4 or IPv6 address section in Provision Shared VPC

List static internal IPv4 or IPv6 addresses

To view all your existing static IP addresses, including external IP addresses and internal IP addresses, complete the following steps.

Console

In the Google Cloud console, go to the VPC networks page.
Go to VPC networks
Click the VPC network that you want to check.
Click Static internal IP addresses to view all the reserved static internal IP addresses in this VPC network.

gcloud

Use the compute addresses list command:

gcloud compute addresses list

REST

Use the addresses.list method:

GET https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/addresses

Replace the following:

PROJECT_ID: the project ID for this request.
REGION: the name of the region for this request.

To list all the addresses in all regions, use the aggregatedList method:

GET https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/aggregated/addresses

Release a static internal IPv4 or IPv6 address

If you no longer need a static internal IP address, you can release the IP address by deleting the IP address resource.

If you are using the Google Cloud console, you can release a static IP address only if it is not being used by another resource.

If you're using the gcloud CLI or REST, you can release an IP address whether or not it's being used by another resource.

If the IP address is not being used by a resource, the IP address is returned to the pool of available internal IP addresses.
If the IP address is being used by a resource, it remains attached to the resource until the resource is deleted.

To release a static internal IPv4 or IPv6 address, complete the following steps.

Console

In the Google Cloud console, go to the IP addresses page.
Go to IP addresses
Click Internal IP addresses.
Select the static internal IP address that you want to release.
Click Release static address, and then confirm this operation by clicking Release in the dialog.

gcloud

Use the compute addresses delete command:

gcloud compute addresses delete ADDRESS_NAME \
    --region REGION

Replace the following:

ADDRESS_NAME: the name of the address to delete.
REGION: the region the address belongs to.

For example:

gcloud compute addresses delete example-address-to-delete \
    --region us-west1

REST

Use the addresses.delete method:

DELETE https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/addresses/ADDRESS_NAME

This example deletes an address in the us-west1 region:

DELETE https://compute.googleapis.com/compute/v1/projects/myproject/regions/us-west1/addresses/example-address-to-delete

What's next

Learn more about IP addresses.
Learn how to reserve a static external IP address.
Learn how to assign multiple internal IP addresses using alias IP addresses.
Learn more about internal passthrough Network Load Balancers.
Learn more about internal Application Load Balancers.