Using VPC Networks

This page describes creating, modifying, and deleting Virtual Private Cloud (VPC) networks. There are two types of VPC networks: auto mode VPC networks and custom mode VPC networks. See Types of VPC networks for details.

Specifications

  • You can create up to five networks per project, but you can request more.
  • The default VPC network counts against the quota, but you can delete it and create a different VPC network if you desire.
  • You cannot create a subnet with the same name as an existing VPC network in the same project, except that each VPC network can have one subnet per region that has the same name as its parent VPC network.

Creating a new auto mode VPC network

Auto mode VPC networks have a single, automatically created subnet in each region of the VPC network. See Auto mode VPC network IP ranges for the IP ranges of each subnet.

This example creates an auto mode VPC network called auto-network1.

Console

  1. Go to the VPC networks page in the Google Cloud Platform Console.
    Go to the VPC networks page
  2. Click Create VPC network.
  3. Enter a Name of auto-network1.
  4. Under Subnets, click Automatic.
  5. Check the checkbox next to any predefined firewall rules you want to apply to this VPC network. Alternatively, you can create your own firewall rules after you have you have created the network.
  6. [Optional] If you're using Cloud Router to extend your on-premises network to this VPC network, in the Cloud Router options section, select the routing mode. The routing mode determines whether Cloud Routers advertise and propagate learned routes to subnets in the region where the router is configured or all subnets in the VPC network.
  7. Click Create.

gcloud

gcloud compute networks create auto-network1 \
    --subnet-mode auto \
    [--bgp-routing-mode [ROUTING-MODE]]

  • --bgp-routing-mode The routing mode determines whether Cloud Routers advertise routes in the region where the router is configured or all routes in the VPC network. Specify regional or global. The default is regional.

At this point, the VPC network has routes to the Internet and to any instances. However, the VPC network has no firewall rules that allow access to instances, even from other instances. You must create firewall rules to allow access.

Creating a new VPC network with custom subnets

For custom mode VPC networks, you first create a network, then create the subnets that you want within a region. You do not have to specify subnets for all regions right away, or even at all, but you cannot create instances in a region that has no subnet defined.

When you create a new subnet, its name must be unique in that project for that region, even across VPC networks. The same name can appear twice in a project as long as each one is in a different region.

This example creates one subnet in each of three regions.

Console

  1. Go to the VPC networks page in the Google Cloud Platform Console.
    Go to the VPC networks page
  2. Click Create VPC network.
  3. Enter a Name of custom-network1.
  4. Under Subnets, enter a name of subnet-us-central-192.
  5. Select a Region of us-central.
  6. Enter an IP address range of 192.168.1.0/24.
  7. Click Add subnet.
  8. Enter a name of subnet-europe-west-192.
  9. Select a Region of europe-west1.
  10. Enter an IP address range of 192.168.5.0/24.
  11. Click Add subnet.
  12. Enter a name of subnet-asia-east-192.
  13. Select a Region of asia-east1.
  14. Enter an IP address range of 192.168.7.0/24.
  15. [Optional] If you're using Cloud Router to extend your on-premises network to this VPC network, in the Cloud Router options section, select the routing mode. The routing mode determines whether Cloud Routers advertise routes in the region where the router is configured or all routes in the VPC network.
  16. Click Create.

gcloud

  1. Create a new custom subnet network in your project.

    gcloud compute networks create custom-network1 \
        --subnet-mode custom \
        [--bgp-routing-mode [ROUTING-MODE]]

    • --bgp-routing-mode The routing mode determines whether Cloud Routers advertise routes in the region where the router is configured or all routes in the VPC network. Specify regional or global. The default is regional.

    NAME            MODE   IPV4_RANGE GATEWAY_IPV4
    custom-network1 custom

  2. Specify the subnet prefix for your first region. In this example, we're assigning 192.168.1.0/24 to region us-central1.

    gcloud compute networks subnets create subnet-us-central-192 \
       --network custom-network1 \
       --region us-central1 \
       --range 192.168.1.0/24

    NAME                  REGION      NETWORK         RANGE
    subnet-us-central-192 us-central1 custom-network1 192.168.1.0/24

  3. Specify the subnet prefix for your second region. In this example, we're assigning 192.168.5.0/24 to region europe-west1.

    gcloud compute networks subnets create subnet-europe-west-192 \
         --network custom-network1 \
         --region europe-west1 \
         --range 192.168.5.0/24

    NAME                   REGION       NETWORK         RANGE
    subnet-europe-west-192 europe-west1 custom-network1 192.168.5.0/24

  4. Specify the subnet prefix for your third region. In this example, we're assigning 192.168.7.0/24 to region asia-east1.

    gcloud compute networks subnets create subnet-asia-east-192 \
       --network custom-network1 \
       --region asia-east1 \
       --range 192.168.7.0/24

    NAME                 REGION     NETWORK         RANGE
    subnet-asia-east-192 asia-east1 custom-network1 192.168.7.0/24

  5. List your subnets. If you also created an auto mode VPC network in the prior section, those subnets will be listed as well.

    gcloud compute networks subnets list
    

    NAME                           REGION          NETWORK         RANGE
    subnet-europe-west-192         europe-west     custom-network1 192.168.5.0/24
    subnet-us-central-192          us-central1     custom-network1 192.168.1.0/24
    subnet-asia-east-192           asia-east1      custom-network1 192.168.7.0/24

At this point, the VPC network has routes to the Internet and to any instances. However, the VPC network has no firewall rules that allow access to instances, even from other instances. You must create firewall rules to allow access.

Adding a new subnet to an existing VPC network

You can add a subnet to a region of an existing VPC network. The primary IP range of this new subnet cannot overlap the IP range of existing subnets in the current network, in peered VPC networks, or in on-premises networks connected via VPN or Interconnect.

You may optionally assign a secondary IP range to the subnet for use with Alias IP. The seconary IP range also cannot overlap the IP ranges of existing connected subnets.

Console

  1. Go to the VPC networks page in the Google Cloud Platform Console.
    Go to the VPC networks page
  2. Select the name of the network to bring up the details page.
  3. Click Add subnet.
  4. Specify the Name and Region of the new subnet.
  5. Specify the IP address range of the subnet. This range cannot overlap any subnets in the current VPC network or any networks connected via VPC Network Peering or VPN.
  6. If you want to create a secondary range for this subnet, click Create secondary IP range.
    • Give the secondary range a name and IP range.
  7. If you want, enable Private Google Access
  8. Click Add.

gcloud

gcloud compute networks subnets create [SUBNET_NAME] \
--network [NETWORK] \
--range [IP_RANGE] \
[--secondary-range [RANGE_NAME]=[2ND_IP_RANGE]

where

  • [SUBNET_NAME] is the name of the new subnet you are creating
  • [NETWORK] is the name of the existing network where you are creating the new subnet.
  • [IP_RANGE] is the primary IP range of the subnet. Example: 192.168.0.0/20.
  • [2ND_RANGE_NAME] is the name of the secondary IP range you can optionally create.
  • [2ND_IP_RANGE] is the range of the secondary IP range you can optionally create. Example: 172.16.0.0/16.

Modifying a VPC network

Switch a VPC network from auto to custom

You can change an auto mode VPC network to be a custom mode VPC network. You may want to do this if you want to delete the original, automatically created subnets in the network.

After the change, the custom mode VPC network has the same subnet names and IP ranges of the original auto mode subnet network.

Console

  1. Go to the VPC networks page in the Google Cloud Platform Console.
    Go to the VPC networks page
  2. In the Mode column, click Auto to open the menu.
  3. Select Custom from the menu.
  4. Click OK to confirm.

gcloud

gcloud compute networks switch-mode [NETWORK_NAME] --subnet-mode custom

Expanding a subnet

You can expand the IP range of a subnet. You cannot shrink it.

The new subnet must not overlap with other subnets in the same network in any region. The new subnet must stay inside the RFC1918 address spaces. The new network range must be larger than the original, which means the prefix length value must be a smaller number. Auto mode subnets start with a /20 IP range. They may be expanded to a /16, but no larger.

Console

  1. Go to the VPC networks page in the Google Cloud Platform Console.
    Go to the VPC networks page
  2. Click on the network that contains the subnet you want to expand.
  3. Click on the subnet you want to expand.
  4. Click Edit.
  5. Enter the new range in the IP address range field. You must specify a valid address range. For example, if the original IP range was 10.128.131.0/24 and you want to expand this to a /20, you must 10.128.128.0/20.
  6. Click Save.

gcloud

gcloud compute networks subnets expand-ip-range [SUBNET_NAME]
  --network [NETWORK_NAME]
  --region [REGION]
  --prefix-length [PREFIX_LENGTH]

  • [SUBNET_NAME] - the name of the subnet whose IP range you want to expand.
  • [NETWORK_NAME] - the VPC network that the subnet is part of.
  • [REGION] - the region the subnet exists in.
  • [PREFIX_LENGTH] - the new numeric prefix length for the subnet. Must be smaller than the existing prefix length. For example, if the current subnet is a /24, the new prefix length must be 23 or smaller. This may change the first IP in the range. For example, if the original IP range was 10.128.131.0/24, specifying --prefix-length 20 sets the new IP range to 10.128.128.0/20.

Listing existing subnets

You can see all the subnets that exist for a project.

Console

Go to the VPC networks page in the Google Cloud Platform Console.
Go to the VPC networks page

gcloud

gcloud compute networks subnets list

You can tailor the list by providing additional parameters:

  • --regions [REGION],[REGION,...]] Restrict the list to subnets in particular regions.
  • --network [NETWORK] Restrict the list to only subnets in a particular network.

Describing an existing subnet

You can view details of an existing subnet.

Console

  1. Go to the VPC networks page in the Google Cloud Platform Console.
    Go to the VPC networks page
  2. Click on the name of the VPC network that contains the subnet.
  3. Click on the name of the subnet.

gcloud

gcloud compute networks subnets describe subnet-asia-east-192 \
    --region asia-east1

Deleting a subnet or VPC network

You can delete any subnet in your project. You can also delete an entire VPC network.

Deleting a subnet

You can only delete manually created subnets. Automatically created subnets cannot be deleted individually; you must delete the entire VPC network.

Console

  1. Go to the VPC networks page in the Google Cloud Platform Console.
    Go to the VPC networks page
  2. Click on the name of the VPC network that contains the subnet.
  3. Click on the name of the subnet.
  4. Click Delete subnet.
  5. Click Delete to confirm.

gcloud

gcloud compute networks subnets delete [SUBNET_NAME] \
    --region [REGION]

Deleting a VPC network

For an auto mode VPC network, you can explicitly delete the network only if both of the following items are true:

  • Any child subnets in the VPC network are not in use by any other resource.
  • The VPC network is not in use by any other resources.

Console

  1. Go to the VPC networks page in the Google Cloud Platform Console.
    Go to the VPC networks page
  2. Click on the name of the VPC network.
  3. Click Delete VPC network.
  4. Click Delete to confirm.

gcloud

gcloud compute networks delete [NETWORK_NAME]

What's next

Monitor your resources on the go

Get the Google Cloud Console app to help you manage your projects.

Send feedback about...

Compute Engine Documentation