Configure per VM Tier_1 networking performance

Compute Engine lets you select a high-bandwidth per VM Tier_1 networking performance configuration for certain general-purpose and compute-optimized virtual machine (VM) instances. VMs with Tier_1 networking configurations are especially useful for large, distributed compute workloads with lots of heavy internode communications, such as high performance computing (HPC), machine learning (ML), and deep learning (DL).

Combining these high throughput VMs with high-performance local SSD storage is beneficial for I/O-intensive, flash-optimized databases.

Before you begin

• Review the pricing for per VM Tier_1 networking performance at Tier_1 higher bandwidth network pricing.
• If you haven't already, then set up authentication. Authentication is the process by which your identity is verified for access to Google Cloud services and APIs. To run code or samples from a local development environment, you can authenticate to Compute Engine by selecting one of the following options:
  

  Select the tab for how you plan to use the samples on this page:

  Console

  When you use the Google Cloud console to access Google Cloud services and APIs, you don't need to set up authentication.

  gcloud

  1. After installing the Google Cloud CLI, initialize it by running the following command:

     gcloud init

     If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

  2. Set a default region and zone.

  REST

  To use the REST API samples on this page in a local development environment, you use the credentials you provide to the gcloud CLI.

  After installing the Google Cloud CLI, initialize it by running the following command:

  gcloud init

  If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

  For more information, see Authenticate for using REST in the Google Cloud authentication documentation.

Required roles

To get the permissions that you need to configure a VM to use per VM Tier_1 networking performance, ask your administrator to grant you the following IAM roles on your project:

• Compute Instance Admin (v1) (roles/compute.instanceAdmin.v1)
• Create Service Accounts (roles/iam.serviceAccountCreator)

For more information about granting roles, see Manage access to projects, folders, and organizations.

These predefined roles contain the permissions required to configure a VM to use per VM Tier_1 networking performance. To see the exact permissions that are required, expand the Required permissions section:

You might also be able to get these permissions with custom roles or other predefined roles.

Limitations

• Compute Engine is the only product area supporting Tier_1 networking.
• Tier_1 networking is supported with N2, N2D, C2, C2D, C3, C3D, C4, C4A, C4D, M3, M4, and Z3 machine types that have the minimum required vCPUs.
• For VMs, Tier_1 networking requires the gVNIC virtual network driver and a gVNIC-compatible OS or custom image.
• Third generation and later VMs require gVNIC driver version 1.3 or later to deliver the highest network bandwidth. Make sure the operating system (OS) image that you use fully supports Tier_1 networking. Fully supported OS images include the updated gVNIC driver. You can update the gVNIC driver on images that don't have the latest version.
• Purchasable stock keeping units (SKUs) for Tier_1 networking are excluded from committed use discounts.
• Large C4, C4D, C3, C3D, and Z3 VMs might encounter NUMA-related bottlenecks when bandwidth is pushed beyond 100 Gbps. Depending on your application architecture, you might need to control for thread and interrupt placement. On Linux, guest OS features such as Receive Flow Steering (RFS) can help address this issue. Verify that your applications are NUMA-tuned to maximize your performance.
• On Windows VMs, the gVNIC driver provides up to 50 Gbps of network bandwidth, for both the default network and Tier_1 networking. However, on third generation and later instances that support up to 200 Gbps network bandwidth, you can use an updated version of the gVNIC driver to achieve close to line-rate performance. For more information, see Update to the latest gVNIC driver for Windows.

Bandwidth tiers

The egress bandwidth limit represents the maximum possible amount of data per unit of time (for example, gigabits per second, or Gbps) that Google Cloud allows a VM to emit from its network interfaces (NICs). The egress bandwidth includes data transferred to all Persistent Disk and Google Cloud Hyperdisk volumes attached to the VM.

Note the following about bandwidth limits:

• The default bandwidth limit ranges from 10 Gbps to 200 Gbps, depending on the machine type and VM size.
• Tier_1 networking increases the maximum egress bandwidth limit for VMs. The maximum egress bandwidth limit ranges from 50 Gbps to 200 Gbps, depending on the size and machine type of your VM.
• The actual egress bandwidth is always less than or equal to the egress bandwidth limit.

To achieve the highest possible egress bandwidth, all of the following must be true:

• The sending and receiving VMs must be in the same zone.
• The VMs must have NICs in the same VPC network or in VPC networks connected by VPC Network Peering.
• Packets sent between the VMs must use internal IP address destinations.
• The VPC network used by the VMs uses the highest maximum transmission unit (MTU) setting. A higher MTU reduces the packet-header overhead and thus increases payload data throughput.

For a complete discussion about egress and ingress bandwidth limits, see Network bandwidth.

General-purpose C4 VMs and bare metal instances

The following table describes the egress bandwidth limits for C4 VMs and bare metal instances. For C4 VMs with Local SSD, only machine types with 288 vCPUs support Tier_1 networking.

General-purpose C4A VMs

The following table describes the egress bandwidth limits for C4A VMs.

General-purpose C4D instances

The following table describes the egress bandwidth limits for C4D instances.

General-purpose C3 VMs and bare metal instances

The following table describes the egress bandwidth limits for C3 VMs and bare metal instances.

General-purpose C3D VMs

Compute-optimized C2 VMs

The following table describes the egress bandwidth limits for C2 VMs.

Compute-optimized C2D VMs

The following table describes the egress bandwidth limits for C2D VMs.

Compute-optimized H3 VMs

The following table describes the egress bandwidth limits for H3 VMs.

Memory-optimized M4 VMs

The following table describes the egress bandwidth limits for M4 VMs.

Memory-optimized M3 VMs

The following table describes the egress bandwidth limits for M3 VMs.

General-purpose N2 VMs

The following table describes the egress bandwidth limits for N2 VMs.

General-purpose N2 (custom size shapes) VMs

The following table describes the egress bandwidth limits for custom-sized N2 VMs.

General-purpose N2D VMs

The following table describes the egress bandwidth limits for N2D VMs.

General-purpose N2D (custom size shapes) VMs

The following table describes the egress bandwidth limits for custom-sized N2D VMs.

Memory-optimized X4 instance

The following table describes the egress bandwidth limits for X4 bare metal instances.

Storage-optimized Z3 VMs

The following table describes the egress bandwidth limits for Z3 VMs.

Configure an instance with Tier_1 networking

You can enable Tier_1 networking when creating a compute instance if the instance doesn't use the VirtioNet interface. You can also edit an instance to add or remove Tier_1 networking, provided the instance was created with the gVNIC or IDPF network interface .

Optionally, you can also enable faster network packet processing with DPDK to run performance-intensive applications on a VM that uses Tier_1 networking.

Create instances and containers that use Tier_1 networking

Use the Google Cloud console, the Google Cloud CLI or REST to add Tier_1 networking to a new compute instance or container.

gcloud compute instances create VM_NAME  \
    --image=OS_IMAGE  \
    --machine-type=MACHINE_TYPE  \
    --network-performance-configs=total-egress-bandwidth-tier=TIER_1  \
    --network-interface=nic-type=GVNIC

gcloud compute instances create instance-1 \
    --network-performance-configs=total-egress-bandwidth-tier=TIER_1 \
    --network-interface=nic-type=GVNIC \
    --image-family=rocky-linux-8-optimized-gcp \
    --image-project=rocky-linux-cloud \
    --machine-type=n2-standard-32

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances

{
  "name": VM_NAME,
    "description": string,
    ...
    "networkPerformanceConfig": {
        "totalEgressBandwidthTier": TIER_1
  },
    "networkInterfaces": [
      {
        "nicType": "GVNIC"
    },
    ...
    ]
  }

Update a VM to include Tier_1 networking

Refer to the Updating instance properties documentation to verify that you are meeting all the requirements to successfully update your VM. Use the Google Cloud console, the Google Cloud CLI or REST to update a VM.

You can modify an existing VM to change the network configuration to include or exclude per VM Tier_1 networking performance. Your VM must already have a gVNIC interface associated with it; you can't edit your VM to add a network interface. To update the network configuration, you must stop and restart the VM.

PUT https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/RESOURCE_ID?most_disruptive_allowed_action=RESTART

{
  "networkPerformanceConfig":{
      "totalEgressBandwidthTier": "TIER_1"
  },
...
}

Verify high-bandwidth configuration in a VM

Use the Google Cloud console, the Google Cloud CLI or REST to generate a description of an existing VM or an existing VM running container images to verify the VM's bandwidth tier.

gcloud compute instances describe VM_NAME  \
    --format="text(name, networkPerformanceConfig)"

name: instance-1
networkPerformanceConfig.totalEgressBandwidthTier:TIER_1

GET https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/zones/ZONE/instances/RESOURCE_ID/

{
  "name": RESOURCE_ID,
    "description": string,
    ...
    "networkPerformanceConfig": {
        "totalEgressBandwidthTier": "TIER_1"
    },
    ...
  }

Create an instance template with Tier_1 networking

Use the Google Cloud console, the Google Cloud CLI or REST to create an instance template with per VM Tier_1 networking performance. Refer to the Creating an instance template documentation to verify that you are meeting all the requirements to create your VM instance template.

gcloud compute instance-templates create INSTANCE_TEMPLATE_NAME \
    --image=OS_IMAGE \
    --machine-type=MACHINE_TYPE \
    --network-performance-configs=total-egress-bandwidth-tier=TIER_1 \
    --network-interface=nic-type=GVNIC

gcloud compute instance-templates create instance-template-1 \
    --image-family=rocky-linux-8-optimized-gcp \
    --image-project=rocky-linux-cloud \
    --network-performance-configs=total-egress-bandwidth-tier=TIER_1 \
    --machine-type=n2-standard-32 \
    --network-interface=nic-type=GVNIC

POST https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/global/instancesTemplates

{
  "name": "INSTANCE_TEMPLATE_NAME",
  "properties": {
    "machineType": "zones/ZONE/machineTypes/MACHINE_TYPE",
    ...
    "networkPerformanceConfig": {
        "totalEgressBandwidthTier": "TIER_1"
  },
    "networkInterfaces": [
      {
        "nicType": "GVNIC"
    },
    ...
  }

Benchmark a higher bandwidth configuration

You can run a benchmark test to check your VM's performance with per VM Tier_1 networking performance. Be sure to remove the benchmarking resources you created during testing to avoid unexpected resource charges.

What's next

• High-bandwidth pricing