Reserving a static internal IP address

Stay organized with collections Save and categorize content based on your preferences.

If a virtual machine (VM) instance requires a fixed internal IP address that does not change, you can obtain a static internal IP address for that VM using one of the following options:

To learn how to manage secondary internal IP addresses, read Alias IP ranges.

In Compute Engine, each VM instance can have multiple network interfaces. Each interface can have one external IP address, one primary internal IP address, and one or more secondary internal IP addresses. Forwarding rules can have external IP addresses for external load balancing or internal addresses for internal load balancing. To learn about IP addresses, read the IP Addresses documentation.

Static internal IPs provide the ability to reserve internal IP addresses from the IP range configured in the subnet, then assign those reserved internal addresses to resources as needed. Reserving an internal IP address takes that address out of the dynamic allocation pool and prevents it from being used for automatic allocations. Reserving static internal IP addresses requires specific IAM permissions so that only authorized users can reserve a static internal IP address.

With the ability to reserve static internal IP addresses, you can always use the same IP address for the same resource even if you have to delete and recreate the resource.

To reserve a static external IP address instead of an internal IP address, read Reserving a static external address.

Before you begin

Permissions

To reserve and manage static internal IP addresses, you need to be granted the compute.networkAdmin role, or one or more of the following permissions:

  • compute.addresses.create on the IP address
  • compute.addresses.createInternal on the IP address
  • compute.instances.update on the VM instance
  • compute.subnetworks.use on the subnetwork

Restrictions

  • You cannot unassign or change the internal IPv4 address of an existing resource. For example, you cannot assign a new static internal IP address to a running or a stopped VM instance. You can, however, promote the ephemeral internal IP address of a resource to a static internal IP address so that the address remains reserved even after the resource is deleted.

  • The number of static internal IP addresses that you can reserve cannot exceed your project's quota. For more information, see the per-project quotas in the VPC documentation.

  • Only one resource at a time can use a static internal IP address.

  • Reserving a static internal IP address is only supported for VPC networks. It is not supported for legacy mode networks.

  • Deleting a resource does not automatically release a static internal IP address. You must manually release static internal IP addresses when you no longer require them.

  • You cannot change the name of a static IP address.

How to reserve a static internal IP address

You can reserve a static internal IP address before creating the associated resource, or you can create the resource with an ephemeral internal IP address and then promote that ephemeral IP address to a static internal IP address.

In order to use a static internal IP address, you must have a VPC network in place for your project. Read Using VPC Networks to learn how to create your VPC network.

Reserve a static internal IP address and then associate it with a specific resource

In this scenario, you separately reserve a static internal IP address and then assign it to a resource. In summary:

  1. Create a subnet from your VPC network.

  2. Reserve an internal IP address from the subnet's primary IP range. This step creates an internal IP address resource containing that specific internal IP address. This step also prevents Google Cloud from automatically allocating that address as an ephemeral address.

  3. Use the reserved internal IP address by associating it with a VM instance or an internal load balancer when you create the VM or load balancer resource.

Specify an ephemeral internal IPv4 or IPv6 address for a resource and then promote the address

In this scenario, you promote an ephemeral internal IPv4 or IPv6 address that is still attached to a resource to a static internal IP address.

  1. Create a subnet. For IPv6 addresses, create a dual-stack subnet.

  2. Create a VM instance or an internal load balancer with either an automatically allocated ephemeral IPv4 or IPv6 address or a specifically chosen IPv4 address.

  3. Promote the internal IP address to a static internal IP address.

The two methods are outlined in the following diagram.

Internal IP reservation.

Configure and manage static internal addresses

VM interfaces are assigned IP addresses from the subnet that they are connected to. Each VM interface has one primary internal IPv4 address that is assigned from the subnet's primary IPv4 range. If the VM is connected to a dual-stack subnet with an internal IPv6 range, each network interface can also have internal IPv6 addresses assigned.

Internal IPv4 addresses can be assigned in the following ways:

  • Compute Engine assigns a single IPv4 address from the primary IPv4 subnet range automatically.
  • You can assign a specific internal IPv4 address when you create a VM instance, or you can reserve a static internal IPv4 address for your project and assign that address to a VM.

Internal IPv6 addresses can be assigned in the following ways:

The following procedures let you configure and manage static internal IP addresses:

Reserve a new static internal IPv4 or IPv6 address

Before you can reserve a new static internal IP address, you must create a VPC network with a subnet.

If you want to reserve a new static internal IPv6 address, the VPC network must have a dual-stack subnet with the INTERNAL IPv6 access type.

Console

You can reserve a standalone internal IP address using the Google Cloud console.

  1. Go to the VPC networks page.

    Go to VPC networks

  2. Click the VPC network that you want to reserve the new static IP in.
  3. Click Static internal IP addresses and then click Reserve static address.
  4. Enter a Name for this IP address.
  5. Select a Subnet.
  6. If you want to specify which IP address to reserve, under Static IP address, select Let me choose, then fill in a Custom IP address. Otherwise the system automatically assigns an IP address in the subnet for you.
  7. If you want to share this IP in different frontends, under Purpose, choose Shared.
  8. Click Reserve to finish the process.

gcloud

  • To reserve an internal IPv4 address, use the gcloud CLI and run the compute addresses create command:

    gcloud compute addresses create ADDRESS_NAME [ADDRESS_NAME..] \
    --region REGION --subnet SUBNETWORK \
    --addresses IP_ADDRESS

    Replace the following:

    • ADDRESS_NAME: the desired names of one or more addresses to create.
    • REGION: the region for this request.
    • SUBNETWORK: the subnet for this internal IP address.
    • IP_ADDRESS: the IP address to reserve, which must be within the subnet's primary IP range. If unspecified, an IP address is automatically allocated from the subnet.

  • To reserve an internal IPv6 address, use the gcloud CLI and run the compute addresses create command. Specify IPV6 as the value for --ip-version.

    gcloud compute addresses create ADDRESS_NAME [ADDRESS_NAME..] \
    --region REGION --subnet SUBNETWORK \
    --ip-version IPV6

    Replace the following:

    • ADDRESS_NAME: the desired names of one or more addresses to reserve.
    • REGION: the region for this request.
    • SUBNETWORK: the subnet for this internal IPv6 address.

    Unlike internal IPv4 reservation, internal IPv6 reservation doesn't support reserving a specific IP address from the subnetwork. Instead, a /96 internal IPv6 address is automatically allocated from the subnet's /64 internal IPv6 address range.

Examples

Reserve an automatically allocated internal IPv4 address from a subnet:

gcloud compute addresses create example-address-1 \
    --region us-central1 --subnet subnet-1

Reserve a specific internal IPv4 address from a subnet:

gcloud compute addresses create example-address-1 \
    --region us-central1 --subnet subnet-1 --addresses 10.128.0.12

Reserve a static internal IPv6 address from a subnet:

gcloud compute addresses create example-address-1 \
    --region us-central1 --subnet subnet-1 --ip-version IPV6

Create multiple IPv4 addresses by passing in more than one IPv4 address name; all the addresses are reserved in the same subnet:

gcloud compute addresses create example-address-1 example-address-2 \
    --region us-central1 --subnet subnet-1 \
    --addresses 10.128.0.12,10.128.0.13

API

Call the addresses.insert method:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/addresses

The body of the request must include the addressType which should be INTERNAL, the name of the address, and the subnetwork the IP address belongs to. You can let the system automatically allocate an IP address for you, or specify the address for a specific IP address. The IP address must belong to the subnet's primary IP address range.

{
  "addressType": "INTERNAL",
  "name": "ADDRESS_NAME",
  "subnetwork": "regions/REGION/subnetworks/SUBNETWORK",
  "address": "IP_ADDRESS"
}

For example:

POST https://compute.googleapis.com/compute/v1/projects/example-project/regions/us-central1/addresses

{
  "name": "example-address-1",
  "addressType": "INTERNAL",
  "subnetwork": "regions/us-central1/subnetworks/my-custom-subnet",
  "address": "10.128.0.12"
}

Terraform

You can use a Terraform module to create an internal IP address.

In the following example, the Terraform arguments have example values that you can change. The example creates two specific internal IP addresses:

examples/internal_with_specific_ip/main.tf 
module "address" {
  source     = "terraform-google-modules/address/google"
  version    = "~> 3.1"
  project_id = var.project_id # Replace this with your project ID in quotes
  region     = "asia-east1"
  subnetwork = "my-subnet"
  names      = ["internal-address1", "internal-address2"]
  addresses  = ["10.0.0.3", "10.0.0.4"]
}

The following example creates two dynamically allocated internal IP addresses:

examples/internal_with_dynamic_ip/main.tf 
module "address" {
  source     = "terraform-google-modules/address/google"
  version    = "~> 3.1"
  project_id = var.project_id # Replace this with your project ID in quotes
  region     = "asia-east1"
  subnetwork = "my-subnet"
  names      = ["internal-address1", "internal-address2"]
}

Determine if an internal IPv4 or IPv6 address is ephemeral or static

Static and ephemeral internal IP addresses behave and appear the same in most contexts. To determine if an address is static or ephemeral, do the following:

  1. Go to the IP addresses page.

    Go to IP addresses

  2. Find the address in the list and check the Type column for the type of IP address.

Promote an in-use ephemeral internal IPv4 or IPv6 address to a static address

If you have ephemeral IP addresses that are currently in use, you can promote these addresses to static internal IP addresses so the addresses remain with your project until you actively remove them.

Console

To promote an ephemeral internal IP address to a static IP address in the console:

  1. Go to the VM instances page.

    Go to VM instances

  2. Click the name of the VM that you want to change.

  3. On the details page, click Edit, and then do the following:

    1. In the Network interfaces section, click the network interface to edit it.
    2. For Primary Internal IP, select Static.
    3. Complete the information for a static IP address.
    4. To save your changes, click Reserve.

  4. To update your instance, click Save.

gcloud

Before promoting an existing internal ephemeral IPv6 address, you need to know the value of that IP address.

Use the gcloud CLI to make a describe request to the resource to get the IP address value.

gcloud compute instances describe INSTANCE_NAME --zone ZONE | grep "networkIP"

The gcloud CLI returns the networkIP value, which is the internal IP address being used by the resource.

Next, promote the address:

  • To promote one or more existing IPv4 addresses, use the compute addresses create command and provide the --addresses flag with the explicit internal IP addresses to promote:

    gcloud compute addresses create ADDRESS_NAME_1 [ADDRESS_NAME_2..] \
    --addresses IP_ADDRESS_1,[IP_ADDRESS_2,..] \
    --region REGION \
    --subnet SUBNETWORK

    Replace the following:

    • ADDRESS_NAME: the desired names of the address.

      Declare the names in the same order that you declare the IP addresses. In this case, ADDRESS_NAME_1 corresponds with IP_ADDRESS_1 and ADDRESS_NAME_2 corresponds with IP_ADDRESS_2.

    • IP_ADDRESS_1,[IP_ADDRESS_2,...]: the IP addresses to promote—for example, 10.128.1.9.

    • REGION: the region to reserve this address.

    • SUBNETWORK: the subnetwork for this request.

  • To promote one or more existing IPv6 addresses, use the compute addresses create command and provide the --addresses flag with the explicit internal IPv6 addresses along with the --prefix-length=96 flag:

    gcloud compute addresses create ADDRESS_NAME_1 [ADDRESS_NAME_2..] \
    --addresses IP_ADDRESS_1,[IP_ADDRESS_2,..] \
    --prefix-length=96 \
    --region REGION \
    --subnet SUBNETWORK

    Replace the following:

    • ADDRESS_NAME: the desired names of the address.

      Declare the names in the same order that you declare the IPv6 addresses. In this case, ADDRESS_NAME_1 corresponds with IP_ADDRESS_1 and ADDRESS_NAME_2 corresponds with IP_ADDRESS_2.

    • IP_ADDRESS_1,[IP_ADDRESS_2,...]: the IP addresses to promote.

    • REGION: the region to reserve this address.

    • SUBNETWORK: the subnetwork for this request.

    The internal IPv6 address remains attached to the existing instance even after it has been promoted to a static internal IPv6 address. If you need to assign the newly promoted static internal IPv6 address to another resource, first unassign the static internal IPv6 address from the existing instance.

API

Call the addresses.insert method:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/addresses

The body of the request must include the addressType which should be INTERNAL, the name of the address, the address to promote, and the subnetwork the IP address belongs to:

{
  "addressType": "INTERNAL",
  "address": "IP_ADDRESS",
  "name": "ADDRESS_NAME",
  "subnetwork": "regions/REGION/subnetworks/SUBNETWORK"
}

For example:

POST https://compute.googleapis.com/compute/v1/projects/example-project/regions/us-central1/addresses

{
  "name": "example-address-1",
  "addressType": "INTERNAL",
  "address": "10.128.0.2",
  "subnetwork": "regions/us-central1/subnetworks/my-custom-subnet"
}

Create a VM instance with a reserved internal IPv4 or IPv6 address

After reserving a static internal IP address, you can assign the reserved address to an instance when you create the instance.

When you create a VM that is connected to a dual-stack subnet with an internal IPv6 range without specifying any reserved static internal IPv6 address, Compute Engine automatically assigns the VM an ephemeral internal IPv6 address from the subnet's IPv6 range.

Console

  1. Go to the Create an instance page.

    Go to Create an instance

  2. Expand the Networking, disks, security, management, sole tenancy section.

  3. Expand Networking, and do the following:

    1. In the Network interfaces section, expand a network interface to edit it.
    2. Optionally, under Network and Subnetwork, select the network and subnetwork that you want to use.
    3. In the Primary internal IP list, select an internal IP address.
    4. To finish modifying the network interface, click Done.

  4. Continue with the VM creation process.

gcloud

  • To create an instance with a reserved internal IPv4 address, use the --private-network-ip flag to specify a reserved internal IPv4 address when creating the instance:

    gcloud compute instances create VM_NAME
    --private-network-ip IP_ADDRESS

    Replace the following:

    • VM_NAME: the name of the VM that you want to create.
    • IP_ADDRESS: the IP address that you want to assign.

    If you are using a custom subnet mode network, you must also specify the subnet by using the --subnet SUBNET parameter.

  • To create an instance with a reserved internal IPv6 address, use the --internal-ipv6-address flag to specify the reserved internal IPv6 address when creating the instance:

    gcloud alpha compute instances create VM_NAME
    --subnet SUBNETWORK
    --stack-type IPV4_IPV6
    --internal-ipv6-address INTERNAL_IPV6_ADDRESS
    --zone ZONE

    Replace the following:

    • VM_NAME: the name of the VM that you want to create.
    • SUBNETWORK: the subnet for the internal IPv6 address.
    • ZONE: the zone for the VM.
    • INTERNAL_IPV6_ADDRESS: either the /96 IPv6 address, the IP address name, or the URI of the address resource.

API

To create a VM instance with a static internal IP address, call the instances.insert method and explicitly provide the networkInterfaces[].networkIP property with the internal IP address you want to assign for the VM.

For example:

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances

{
  "name": "VM_NAME",
  "machineType": "zones/us-central1-f/machineTypes/e2-micro",
  "networkInterfaces": [{
    "accessConfigs": [{
      "type": "ONE_TO_ONE_NAT",
      "name": "External NAT",
     }],
    "network": "global/networks/default",
    "networkIP": "IP_ADDRESS"
  }],
  "disks": [{
     "autoDelete": "true",
     "boot": "true",
     "type": "PERSISTENT",
     "initializeParams": {
        "sourceImage": "projects/debian-cloud/global/images/v20150818"
     }
   }]
 }

Replace the following:

  • PROJECT_ID: ID of the project to create the VM in
  • ZONE: zone to create the VM in
  • VM_NAME: the name of the virtual machine
  • IP_ADDRESS: the IP address to assign to the VM

If you delete an instance with a specified IP address, the address goes back into the unallocated address pool. If you need an internal IP address to persist beyond the life of the instance, you can reserve a static internal IP address.

Create an internal load balancer with a static internal IPv4 address

To create an internal load balancer that uses a static internal IPv4 address, follow the instructions at:

Use a static internal IPv4 or IPv6 address for a secondary network interface

When you create a VM instance with multiple network interfaces, you can use a reserved static internal IPv4 or IPv6 address for both primary and secondary network interfaces.

To use a static internal IPv4 or IPv6 address for a secondary network interface, see Create virtual machine instances with multiple network interfaces.

Change or assign an internal IPv6 address to an existing instance

You can change or assign an internal IPv6 address to an existing instance.

If the instance already has an internal IPv6 address assigned to it, you must first unassign that address. Then, assign a new address to the instance by using the instance's network interface.

  1. Reserve a static internal IPv6 address.

  2. Use the compute instances network-interfaces update command to add a new internal IPv6 address.

    gcloud alpha compute instances network-interfaces update VM_NAME \
  --network-interface NIC \
  --ipv6-network-tier PREMIUM \
  --stack-type IPV4_IPV6 \
  --internal-ipv6-address IPV6_ADDRESS \
  --zone ZONE

    Replace the following:

    • VM_NAME: the name of the VM that you want to create.
    • NIC: the name of the network interface to update.
    • IPV6_ADDRESS: the IPv6 address to be assigned to the interface.
    • ZONE: the zone for the VM.

Unassign a static internal IPv6 address

You can unassign a static internal IPv6 address by updating the instance's network interface or by deleting the instance to which the address is assigned.

When you unassign an internal IPv6 address, the system removes it from the resource but keeps the address reserved for your project. You can later reassign the address to another resource.

To unassign a static internal IPv6 address from an instance, do the following:

  1. Use the compute instances network-interfaces update command with the --stack-type flag set to IPV4_ONLY:

    gcloud alpha compute instances network-interfaces update VM_NAME \
  --network-interface NIC \
  --stack-type IPV4_ONLY \
  --zone ZONE

    Replace the following:

    • VM_NAME: the name of the VM whose network interface you want to update.
    • NIC: the name of the network interface to update.
    • ZONE: the zone for the VM.

  2. Check that your static internal IPv6 address is now available and marked as RESERVED instead of IN_USE:

    gcloud compute addresses list \
  --filter="region=REGION AND name=NAME"

Use a static internal IPv4 or IPv6 address with Shared VPC

You can create a reserved static internal IP address in a shared subnet of a Shared VPC network. The IP address object itself is created in the same service project as the resource that will use it, even though its value comes from the range of available IP addresses in the selected shared subnet of the Shared VPC network. Refer to these pages for more information about this use case:

List static internal IPv4 or IPv6 addresses

In Google Cloud console, you can view your static internal IP addresses of a selected VPC. To view all your existing static IP address, including external IP address and internal IP address, run addresses list or make a GET request to the API.

Console

  1. Go to the VPC networks page.

    Go to VPC networks

  2. Click the VPC network that you want to check.
  3. Click STATIC INTERNAL IP ADDRESSES to view all reserved static internal IP addresses in this VPC.

gcloud

Use the compute addresses list command to list all static IP addresses, including external IP addresses and internal IP addresses.

gcloud compute addresses list

API

Call the addresses.list method:

GET https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/addresses

Replace the following:

  • REGION: the name of the region for this request
  • PROJECT_ID: the project ID for this request

To list all addresses in all regions, call the aggregatedList method.

GET https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/aggregated/addresses

Delete a static internal IPv4 or IPv6 address

You can delete a static internal IP address if you no longer need it. You can delete an address whether or not it is currently being used by another resource. If the address is being used by a resource, it remains attached to the resource until the resource is deleted, in which case, the address is returned to the pool of available addresses for other projects.

Console

  1. Go to the VPC networks page.

    Go to VPC networks

  2. Identify the VPC network that contains the IP you want to release, click on its name.
  3. Click STATIC INTERNAL IP ADDRESSES.
  4. Select the IP address(es) you want to release.
  5. Click RELEASE and confirm this operation by clicking RELEASE on the pop up message.

gcloud

Using the gcloud CLI, run the compute addresses delete command:

gcloud compute addresses delete ADDRESS_NAME \
    --region REGION

Replace the following:

  • ADDRESS_NAME: the name of the address to delete.
  • REGION: the region the address belongs to.

For example:

gcloud compute addresses delete example-address-to-delete \
    --region us-west1

API

Call the addresses.delete method:

DELETE https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/addresses/ADDRESS_NAME

For example, to delete an address in the us-west1 region:

DELETE https://compute.googleapis.com/compute/v1/projects/myproject/regions/us-west1/addresses/example-address-to-delete

What's next