Architecture

This page describes the architectural choices that affect your Filestore instances.

Permissions

A Filestore instance consists of a single NFS file share with configurable export settings and default Unix permissions. For more information about these settings and how they affect access, see Access Control.

Encryption

Filestore automatically encrypts your data before it travels outside of the instance to the underlying durable storage layer. The durable storage behind each Filestore instance is encrypted with system-defined keys. Additionally, Google distributes Filestore data across multiple physical disks in a manner that users do not control.

When you delete a Filestore instance, Google discards the cipher keys, rendering the data irretrievable as per the description in Data deletion on Google Cloud Platform. Once the data is deleted, this process is irreversible.

Networking

You must create a Filestore instance in the same Google Cloud project and VPC network as any clients that connect to it, unless you're using shared VPC. All internal IP addresses in the selected VPC network can connect to the Filestore instance.

In shared VPC, the Network Admin of the host project can create Filestore instances on the shared VPC network. Once created, these instances can be mounted on service project clients from any attached service projects. However, service projects cannot directly create Filestore instances on the shared VPC network. For details, see Known issues.

If you are using a VPC network other than the default network, you might need to create firewall rules to enable communication with Filestore instances. For more information, see Configuring Firewall Rules.

You can't use a legacy network with Filestore instances. If necessary, create a new VPC network to use by following the instructions at Creating a new VPC network with custom subnets.

IP address range

Each Filestore instance must have an IP address range associated with it. The IP address range must be from within the internal IP address ranges (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) and have a block size of 29 for Basic tier instances and a block size of 23 for High Scale tier instances. Examples of valid Filestore instance IP address ranges are 10.0.3.0/29 and 172.31.0.0/29.

You can assign the IP address range if there's a specific one you want to use. However, we recommend letting Filestore automatically pick an available range to use from within the internal IP address ranges. If the range is already in use, the service tries again until it finds one that is free. If you assign an IP address range, make sure it doesn't overlap with any existing subnets in the VPC network that the Filestore instance uses, or with the IP address ranges assigned to any other existing Filestore instances in that network.

Filestore network peering

The first time you create a Filestore instance, Filestore also creates a peered network to enable network connectivity between clients in your project and the Filestore instance. The peered network has a machine-generated name similar to filestore-peer-123456789012 and appears in the VPC Network Peering page. Note that if you created a Filestore instance either during the Alpha period or early in the Beta period, the peered network name has a different format, similar to r-1abc2d3e-45fg-6789-hf12-3456i78j9k1-0000000a-peer.

Don't delete or modify the network peering, because this will cause you to lose connectivity with your Filestore instances. If you accidentally delete the network peering, the easiest way to recreate it is to create another Filestore instance. Filestore will recognize that there is no connectivity between your project and the new instance, and will re-create the peered network. You can delete the new Filestore instance after that if you don't need it for anything else.

Reliability

Filestore instances are zonal resources that feature in-zone storage redundancy to protect your data against equipment failure. However, if a zone goes down due to an outage or data center maintenance, the instances that reside in that zone become unavailable for the duration that the zone is down.

Storage size units

Filestore defines 1 gigabyte (GB) as 10243 bytes, a unit also known as a gibibyte (GiB).

Filestore defines 1 terabyte (TB) as 10244 bytes, a unit also known as a tebibyte (TiB).

Filestore defines 1 petabyte (PB) as 10245 bytes, a unit also known as a pebibyte (PiB).